platform/kernel/linux-rpi.git
7 years agolibceph: always signal completion when done
Ilya Dryomov [Fri, 2 Dec 2016 13:01:55 +0000 (14:01 +0100)]
libceph: always signal completion when done

r_safe_completion is currently, and has always been, signaled only if
on-disk ack was requested.  It's there for fsync and syncfs, which wait
for in-flight writes to flush - all data write requests set ONDISK.

However, the pool perm check code introduced in 4.2 sends a write
request with only ACK set.  An unfortunately timed syncfs can then hang
forever: r_safe_completion won't be signaled because only an unsafe
reply was requested.

We could patch ceph_osdc_sync() to skip !ONDISK write requests, but
that is somewhat incomplete and yet another special case.  Instead,
rename this completion to r_done_completion and always signal it when
the OSD client is done with the request, whether unsafe, safe, or
error.  This is a bit cleaner and helps with the cancellation code.

Reported-by: Yan, Zheng <zyan@redhat.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
7 years agoceph: avoid creating orphan object when checking pool permission
Yan, Zheng [Tue, 13 Dec 2016 08:03:26 +0000 (16:03 +0800)]
ceph: avoid creating orphan object when checking pool permission

Pool permission check needs to write to the first object. But for
snapshot, head of the first object may have already been deleted.
Skip the check for snapshot inode to avoid creating orphan object.

Link: http://tracker.ceph.com/issues/18211
Signed-off-by: Yan, Zheng <zyan@redhat.com>
7 years agoceph: properly set issue_seq for cap release
Yan, Zheng [Thu, 17 Nov 2016 11:55:30 +0000 (19:55 +0800)]
ceph: properly set issue_seq for cap release

Signed-off-by: Yan, Zheng <zyan@redhat.com>
7 years agoceph: add flags parameter to send_cap_msg
Jeff Layton [Thu, 10 Nov 2016 12:42:06 +0000 (07:42 -0500)]
ceph: add flags parameter to send_cap_msg

Add a flags parameter to send_cap_msg, so we can request expedited
service from the MDS when we know we'll be waiting on the result.

Set that flag in the case of try_flush_caps. The callers of that
function generally wait synchronously on the result, so it's beneficial
to ask the server to expedite it.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Reviewed-by: Yan, Zheng <zyan@redhat.com>
7 years agoceph: update cap message struct version to 10
Jeff Layton [Thu, 10 Nov 2016 12:42:05 +0000 (07:42 -0500)]
ceph: update cap message struct version to 10

The userland ceph has MClientCaps at struct version 10. This brings the
kernel up the same version.

For now, all of the the new stuff is set to default values including
the flags field, which will be conditionally set in a later patch.

Note that we don't need to set the change_attr and btime to anything
since we aren't currently setting the feature flag. The MDS should
ignore those values.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Reviewed-by: Yan, Zheng <zyan@redhat.com>
7 years agoceph: define new argument structure for send_cap_msg
Jeff Layton [Thu, 10 Nov 2016 12:42:03 +0000 (07:42 -0500)]
ceph: define new argument structure for send_cap_msg

When we get to this many arguments, it's hard to work with positional
parameters. send_cap_msg is already at 25 arguments, with more needed.

Define a new args structure and pass a pointer to it to send_cap_msg.
Eventually it might make sense to embed one of these inside
ceph_cap_snap instead of tracking individual fields.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Reviewed-by: Yan, Zheng <zyan@redhat.com>
7 years agoceph: move xattr initialzation before the encoding past the ceph_mds_caps
Jeff Layton [Thu, 10 Nov 2016 12:42:02 +0000 (07:42 -0500)]
ceph: move xattr initialzation before the encoding past the ceph_mds_caps

Just for clarity. This part is inside the header, so it makes sense to
group it with the rest of the stuff in the header.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Reviewed-by: Yan, Zheng <zyan@redhat.com>
7 years agoceph: fix minor typo in unsafe_request_wait
Jeff Layton [Wed, 16 Nov 2016 14:45:22 +0000 (09:45 -0500)]
ceph: fix minor typo in unsafe_request_wait

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Reviewed-by: Yan, Zheng <zyan@redhat.com>
7 years agoceph: record truncate size/seq for snap data writeback
Yan, Zheng [Tue, 15 Nov 2016 08:04:37 +0000 (16:04 +0800)]
ceph: record truncate size/seq for snap data writeback

Dirty snapshot data needs to be flushed unconditionally. If they
were created before truncation, writeback should use old truncate
size/seq.

Signed-off-by: Yan, Zheng <zyan@redhat.com>
7 years agoceph: check availability of mds cluster on mount
Yan, Zheng [Thu, 10 Nov 2016 08:02:06 +0000 (16:02 +0800)]
ceph: check availability of mds cluster on mount

Signed-off-by: Yan, Zheng <zyan@redhat.com>
7 years agoceph: fix splice read for no Fc capability case
Yan, Zheng [Tue, 8 Nov 2016 13:54:34 +0000 (21:54 +0800)]
ceph: fix splice read for no Fc capability case

When iov_iter type is ITER_PIPE, copy_page_to_iter() increases
the page's reference and add the page to a pipe_buffer. It also
set the pipe_buffer's ops to page_cache_pipe_buf_ops. The comfirm
callback in page_cache_pipe_buf_ops expects the page is from page
cache and uptodate, otherwise it return error.

For ceph_sync_read() case, pages are not from page cache. So we
can't call copy_page_to_iter() when iov_iter type is ITER_PIPE.
The fix is using iov_iter_get_pages_alloc() to allocate pages
for the pipe. (the code is similar to default_file_splice_read)

Signed-off-by: Yan, Zheng <zyan@redhat.com>
7 years agoceph: try getting buffer capability for readahead/fadvise
Yan, Zheng [Tue, 25 Oct 2016 02:51:55 +0000 (10:51 +0800)]
ceph: try getting buffer capability for readahead/fadvise

For readahead/fadvise cases, caller of ceph_readpages does not
hold buffer capability. Pages can be added to page cache while
there is no buffer capability. This can cause data integrity
issue.

Signed-off-by: Yan, Zheng <zyan@redhat.com>
7 years agoceph: fix scheduler warning due to nested blocking
Nikolay Borisov [Tue, 11 Oct 2016 09:04:09 +0000 (12:04 +0300)]
ceph: fix scheduler warning due to nested blocking

try_get_cap_refs can be used as a condition in a wait_event* calls.
This is all fine until it has to call __ceph_do_pending_vmtruncate,
which in turn acquires the i_truncate_mutex. This leads to a situation
in which a task's state is !TASK_RUNNING and at the same time it's
trying to acquire a sleeping primitive. In essence a nested sleeping
primitives are being used. This causes the following warning:

WARNING: CPU: 22 PID: 11064 at kernel/sched/core.c:7631 __might_sleep+0x9f/0xb0()
do not call blocking ops when !TASK_RUNNING; state=1 set at [<ffffffff8109447d>] prepare_to_wait_event+0x5d/0x110
 ipmi_msghandler tcp_scalable ib_qib dca ib_mad ib_core ib_addr ipv6
CPU: 22 PID: 11064 Comm: fs_checker.pl Tainted: G           O    4.4.20-clouder2 #6
Hardware name: Supermicro X10DRi/X10DRi, BIOS 1.1a 10/16/2015
 0000000000000000 ffff8838b416fa88 ffffffff812f4409 ffff8838b416fad0
 ffffffff81a034f2 ffff8838b416fac0 ffffffff81052b46 ffffffff81a0432c
 0000000000000061 0000000000000000 0000000000000000 ffff88167bda54a0
Call Trace:
 [<ffffffff812f4409>] dump_stack+0x67/0x9e
 [<ffffffff81052b46>] warn_slowpath_common+0x86/0xc0
 [<ffffffff81052bcc>] warn_slowpath_fmt+0x4c/0x50
 [<ffffffff8109447d>] ? prepare_to_wait_event+0x5d/0x110
 [<ffffffff8109447d>] ? prepare_to_wait_event+0x5d/0x110
 [<ffffffff8107767f>] __might_sleep+0x9f/0xb0
 [<ffffffff81612d30>] mutex_lock+0x20/0x40
 [<ffffffffa04eea14>] __ceph_do_pending_vmtruncate+0x44/0x1a0 [ceph]
 [<ffffffffa04fa692>] try_get_cap_refs+0xa2/0x320 [ceph]
 [<ffffffffa04fd6f5>] ceph_get_caps+0x255/0x2b0 [ceph]
 [<ffffffff81094370>] ? wait_woken+0xb0/0xb0
 [<ffffffffa04f2c11>] ceph_write_iter+0x2b1/0xde0 [ceph]
 [<ffffffff81613f22>] ? schedule_timeout+0x202/0x260
 [<ffffffff8117f01a>] ? kmem_cache_free+0x1ea/0x200
 [<ffffffff811b46ce>] ? iput+0x9e/0x230
 [<ffffffff81077632>] ? __might_sleep+0x52/0xb0
 [<ffffffff81156147>] ? __might_fault+0x37/0x40
 [<ffffffff8119e123>] ? cp_new_stat+0x153/0x170
 [<ffffffff81198cfa>] __vfs_write+0xaa/0xe0
 [<ffffffff81199369>] vfs_write+0xa9/0x190
 [<ffffffff811b6d01>] ? set_close_on_exec+0x31/0x70
 [<ffffffff8119a056>] SyS_write+0x46/0xa0

This happens since wait_event_interruptible can interfere with the
mutex locking code, since they both fiddle with the task state.

Fix the issue by using the newly-added nested blocking infrastructure
in 61ada528dea0 ("sched/wait: Provide infrastructure to deal with
nested blocking")

Link: https://lwn.net/Articles/628628/
Signed-off-by: Nikolay Borisov <kernel@kyup.com>
Signed-off-by: Yan, Zheng <zyan@redhat.com>
7 years agoceph: fix printing wrong return variable in ceph_direct_read_write()
Zhi Zhang [Tue, 8 Nov 2016 13:35:59 +0000 (14:35 +0100)]
ceph: fix printing wrong return variable in ceph_direct_read_write()

Fix printing wrong return variable for invalidate_inode_pages2_range in
ceph_direct_read_write().

Signed-off-by: Zhi Zhang <zhang.david2011@gmail.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
7 years agocrush: include mapper.h in mapper.c
Tobias Klauser [Fri, 28 Oct 2016 11:23:24 +0000 (13:23 +0200)]
crush: include mapper.h in mapper.c

Include linux/crush/mapper.h in crush/mapper.c to get the prototypes of
crush_find_rule and crush_do_rule which are defined there. This fixes
the following GCC warnings when building with 'W=1':

  net/ceph/crush/mapper.c:40:5: warning: no previous prototype for ‘crush_find_rule’ [-Wmissing-prototypes]
  net/ceph/crush/mapper.c:793:5: warning: no previous prototype for ‘crush_do_rule’ [-Wmissing-prototypes]

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
[idryomov@gmail.com: corresponding !__KERNEL__ include]
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
7 years agorbd: silence bogus -Wmaybe-uninitialized warning
Ilya Dryomov [Tue, 6 Sep 2016 09:15:48 +0000 (11:15 +0200)]
rbd: silence bogus -Wmaybe-uninitialized warning

drivers/block/rbd.c: In function ‘rbd_watch_cb’:
drivers/block/rbd.c:3690:5: error: ‘struct_v’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
drivers/block/rbd.c:3759:5: note: ‘struct_v’ was declared here

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
7 years agolibceph: no need to drop con->mutex for ->get_authorizer()
Ilya Dryomov [Fri, 2 Dec 2016 15:35:09 +0000 (16:35 +0100)]
libceph: no need to drop con->mutex for ->get_authorizer()

->get_authorizer(), ->verify_authorizer_reply(), ->sign_message() and
->check_message_signature() shouldn't be doing anything with or on the
connection (like closing it or sending messages).

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Reviewed-by: Sage Weil <sage@redhat.com>
7 years agolibceph: drop len argument of *verify_authorizer_reply()
Ilya Dryomov [Fri, 2 Dec 2016 15:35:09 +0000 (16:35 +0100)]
libceph: drop len argument of *verify_authorizer_reply()

The length of the reply is protocol-dependent - for cephx it's
ceph_x_authorize_reply.  Nothing sensible can be passed from the
messenger layer anyway.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Reviewed-by: Sage Weil <sage@redhat.com>
7 years agolibceph: verify authorize reply on connect
Ilya Dryomov [Fri, 2 Dec 2016 15:35:09 +0000 (16:35 +0100)]
libceph: verify authorize reply on connect

After sending an authorizer (ceph_x_authorize_a + ceph_x_authorize_b),
the client gets back a ceph_x_authorize_reply, which it is supposed to
verify to ensure the authenticity and protect against replay attacks.
The code for doing this is there (ceph_x_verify_authorizer_reply(),
ceph_auth_verify_authorizer_reply() + plumbing), but it is never
invoked by the the messenger.

AFAICT this goes back to 2009, when ceph authentication protocols
support was added to the kernel client in 4e7a5dcd1bba ("ceph:
negotiate authentication protocol; implement AUTH_NONE protocol").

The second param of ceph_connection_operations::verify_authorizer_reply
is unused all the way down.  Pass 0 to facilitate backporting, and kill
it in the next commit.

Cc: stable@vger.kernel.org
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Reviewed-by: Sage Weil <sage@redhat.com>
7 years agolibceph: no need for GFP_NOFS in ceph_monc_init()
Ilya Dryomov [Fri, 2 Dec 2016 15:35:08 +0000 (16:35 +0100)]
libceph: no need for GFP_NOFS in ceph_monc_init()

It's called during inital setup, when everything should be allocated
with GFP_KERNEL.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Reviewed-by: Sage Weil <sage@redhat.com>
7 years agolibceph: stop allocating a new cipher on every crypto request
Ilya Dryomov [Fri, 2 Dec 2016 15:35:08 +0000 (16:35 +0100)]
libceph: stop allocating a new cipher on every crypto request

This is useless and more importantly not allowed on the writeback path,
because crypto_alloc_skcipher() allocates memory with GFP_KERNEL, which
can recurse back into the filesystem:

    kworker/9:3     D ffff92303f318180     0 20732      2 0x00000080
    Workqueue: ceph-msgr ceph_con_workfn [libceph]
     ffff923035dd4480 ffff923038f8a0c0 0000000000000001 000000009eb27318
     ffff92269eb28000 ffff92269eb27338 ffff923036b145ac ffff923035dd4480
     00000000ffffffff ffff923036b145b0 ffffffff951eb4e1 ffff923036b145a8
    Call Trace:
     [<ffffffff951eb4e1>] ? schedule+0x31/0x80
     [<ffffffff951eb77a>] ? schedule_preempt_disabled+0xa/0x10
     [<ffffffff951ed1f4>] ? __mutex_lock_slowpath+0xb4/0x130
     [<ffffffff951ed28b>] ? mutex_lock+0x1b/0x30
     [<ffffffffc0a974b3>] ? xfs_reclaim_inodes_ag+0x233/0x2d0 [xfs]
     [<ffffffff94d92ba5>] ? move_active_pages_to_lru+0x125/0x270
     [<ffffffff94f2b985>] ? radix_tree_gang_lookup_tag+0xc5/0x1c0
     [<ffffffff94dad0f3>] ? __list_lru_walk_one.isra.3+0x33/0x120
     [<ffffffffc0a98331>] ? xfs_reclaim_inodes_nr+0x31/0x40 [xfs]
     [<ffffffff94e05bfe>] ? super_cache_scan+0x17e/0x190
     [<ffffffff94d919f3>] ? shrink_slab.part.38+0x1e3/0x3d0
     [<ffffffff94d9616a>] ? shrink_node+0x10a/0x320
     [<ffffffff94d96474>] ? do_try_to_free_pages+0xf4/0x350
     [<ffffffff94d967ba>] ? try_to_free_pages+0xea/0x1b0
     [<ffffffff94d863bd>] ? __alloc_pages_nodemask+0x61d/0xe60
     [<ffffffff94ddf42d>] ? cache_grow_begin+0x9d/0x560
     [<ffffffff94ddfb88>] ? fallback_alloc+0x148/0x1c0
     [<ffffffff94ed84e7>] ? __crypto_alloc_tfm+0x37/0x130
     [<ffffffff94de09db>] ? __kmalloc+0x1eb/0x580
     [<ffffffffc09fe2db>] ? crush_choose_firstn+0x3eb/0x470 [libceph]
     [<ffffffff94ed84e7>] ? __crypto_alloc_tfm+0x37/0x130
     [<ffffffff94ed9c19>] ? crypto_spawn_tfm+0x39/0x60
     [<ffffffffc08b30a3>] ? crypto_cbc_init_tfm+0x23/0x40 [cbc]
     [<ffffffff94ed857c>] ? __crypto_alloc_tfm+0xcc/0x130
     [<ffffffff94edcc23>] ? crypto_skcipher_init_tfm+0x113/0x180
     [<ffffffff94ed7cc3>] ? crypto_create_tfm+0x43/0xb0
     [<ffffffff94ed83b0>] ? crypto_larval_lookup+0x150/0x150
     [<ffffffff94ed7da2>] ? crypto_alloc_tfm+0x72/0x120
     [<ffffffffc0a01dd7>] ? ceph_aes_encrypt2+0x67/0x400 [libceph]
     [<ffffffffc09fd264>] ? ceph_pg_to_up_acting_osds+0x84/0x5b0 [libceph]
     [<ffffffff950d40a0>] ? release_sock+0x40/0x90
     [<ffffffff95139f94>] ? tcp_recvmsg+0x4b4/0xae0
     [<ffffffffc0a02714>] ? ceph_encrypt2+0x54/0xc0 [libceph]
     [<ffffffffc0a02b4d>] ? ceph_x_encrypt+0x5d/0x90 [libceph]
     [<ffffffffc0a02bdf>] ? calcu_signature+0x5f/0x90 [libceph]
     [<ffffffffc0a02ef5>] ? ceph_x_sign_message+0x35/0x50 [libceph]
     [<ffffffffc09e948c>] ? prepare_write_message_footer+0x5c/0xa0 [libceph]
     [<ffffffffc09ecd18>] ? ceph_con_workfn+0x2258/0x2dd0 [libceph]
     [<ffffffffc09e9903>] ? queue_con_delay+0x33/0xd0 [libceph]
     [<ffffffffc09f68ed>] ? __submit_request+0x20d/0x2f0 [libceph]
     [<ffffffffc09f6ef8>] ? ceph_osdc_start_request+0x28/0x30 [libceph]
     [<ffffffffc0b52603>] ? rbd_queue_workfn+0x2f3/0x350 [rbd]
     [<ffffffff94c94ec0>] ? process_one_work+0x160/0x410
     [<ffffffff94c951bd>] ? worker_thread+0x4d/0x480
     [<ffffffff94c95170>] ? process_one_work+0x410/0x410
     [<ffffffff94c9af8d>] ? kthread+0xcd/0xf0
     [<ffffffff951efb2f>] ? ret_from_fork+0x1f/0x40
     [<ffffffff94c9aec0>] ? kthread_create_on_node+0x190/0x190

Allocating the cipher along with the key fixes the issue - as long the
key doesn't change, a single cipher context can be used concurrently in
multiple requests.

We still can't take that GFP_KERNEL allocation though.  Both
ceph_crypto_key_clone() and ceph_crypto_key_decode() are called from
GFP_NOFS context, so resort to memalloc_noio_{save,restore}() here.

Reported-by: Lucas Stach <l.stach@pengutronix.de>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Reviewed-by: Sage Weil <sage@redhat.com>
7 years agolibceph: uninline ceph_crypto_key_destroy()
Ilya Dryomov [Fri, 2 Dec 2016 15:35:08 +0000 (16:35 +0100)]
libceph: uninline ceph_crypto_key_destroy()

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Reviewed-by: Sage Weil <sage@redhat.com>
7 years agolibceph: remove now unused ceph_*{en,de}crypt*() functions
Ilya Dryomov [Fri, 2 Dec 2016 15:35:08 +0000 (16:35 +0100)]
libceph: remove now unused ceph_*{en,de}crypt*() functions

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Reviewed-by: Sage Weil <sage@redhat.com>
7 years agolibceph: switch ceph_x_decrypt() to ceph_crypt()
Ilya Dryomov [Fri, 2 Dec 2016 15:35:08 +0000 (16:35 +0100)]
libceph: switch ceph_x_decrypt() to ceph_crypt()

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Reviewed-by: Sage Weil <sage@redhat.com>
7 years agolibceph: switch ceph_x_encrypt() to ceph_crypt()
Ilya Dryomov [Fri, 2 Dec 2016 15:35:07 +0000 (16:35 +0100)]
libceph: switch ceph_x_encrypt() to ceph_crypt()

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Reviewed-by: Sage Weil <sage@redhat.com>
7 years agolibceph: tweak calcu_signature() a little
Ilya Dryomov [Fri, 2 Dec 2016 15:35:07 +0000 (16:35 +0100)]
libceph: tweak calcu_signature() a little

- replace an ad-hoc array with a struct
- rename to calc_signature() for consistency

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Reviewed-by: Sage Weil <sage@redhat.com>
7 years agolibceph: rename and align ceph_x_authorizer::reply_buf
Ilya Dryomov [Fri, 2 Dec 2016 15:35:07 +0000 (16:35 +0100)]
libceph: rename and align ceph_x_authorizer::reply_buf

It's going to be used as a temporary buffer for in-place en/decryption
with ceph_crypt() instead of on-stack buffers, so rename to enc_buf.
Ensure alignment to avoid GFP_ATOMIC allocations in the crypto stack.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Reviewed-by: Sage Weil <sage@redhat.com>
7 years agolibceph: introduce ceph_crypt() for in-place en/decryption
Ilya Dryomov [Fri, 2 Dec 2016 15:35:07 +0000 (16:35 +0100)]
libceph: introduce ceph_crypt() for in-place en/decryption

Starting with 4.9, kernel stacks may be vmalloced and therefore not
guaranteed to be physically contiguous; the new CONFIG_VMAP_STACK
option is enabled by default on x86.  This makes it invalid to use
on-stack buffers with the crypto scatterlist API, as sg_set_buf()
expects a logical address and won't work with vmalloced addresses.

There isn't a different (e.g. kvec-based) crypto API we could switch
net/ceph/crypto.c to and the current scatterlist.h API isn't getting
updated to accommodate this use case.  Allocating a new header and
padding for each operation is a non-starter, so do the en/decryption
in-place on a single pre-assembled (header + data + padding) heap
buffer.  This is explicitly supported by the crypto API:

    "... the caller may provide the same scatter/gather list for the
     plaintext and cipher text. After the completion of the cipher
     operation, the plaintext data is replaced with the ciphertext data
     in case of an encryption and vice versa for a decryption."

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Reviewed-by: Sage Weil <sage@redhat.com>
7 years agolibceph: introduce ceph_x_encrypt_offset()
Ilya Dryomov [Fri, 2 Dec 2016 15:35:07 +0000 (16:35 +0100)]
libceph: introduce ceph_x_encrypt_offset()

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Reviewed-by: Sage Weil <sage@redhat.com>
7 years agolibceph: old_key in process_one_ticket() is redundant
Ilya Dryomov [Fri, 2 Dec 2016 15:35:06 +0000 (16:35 +0100)]
libceph: old_key in process_one_ticket() is redundant

Since commit 0a990e709356 ("ceph: clean up service ticket decoding"),
th->session_key isn't assigned until everything is decoded.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Reviewed-by: Sage Weil <sage@redhat.com>
7 years agolibceph: ceph_x_encrypt_buflen() takes in_len
Ilya Dryomov [Fri, 2 Dec 2016 15:35:06 +0000 (16:35 +0100)]
libceph: ceph_x_encrypt_buflen() takes in_len

Pass what's going to be encrypted - that's msg_b, not ticket_blob.
ceph_x_encrypt_buflen() returns the upper bound, so this doesn't change
the maxlen calculation, but makes it a bit clearer.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Reviewed-by: Sage Weil <sage@redhat.com>
7 years agoLinux 4.9
Linus Torvalds [Sun, 11 Dec 2016 19:17:54 +0000 (11:17 -0800)]
Linux 4.9

7 years agoMerge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus
Linus Torvalds [Sun, 11 Dec 2016 18:17:39 +0000 (10:17 -0800)]
Merge branch 'upstream' of git://git.linux-mips.org/ralf/upstream-linus

Pull MIPS fixes from Ralf Baechle:
 "Two more MIPS fixes for 4.9:

   - RTC: Return -ENODEV so an external RTC will be tried

   - Fix mask of GPE frequency

  These two have been tested on Imagination's automated test system and
  also both received positive reviews on the linux-mips mailing list"

* 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus:
  MIPS: Lantiq: Fix mask of GPE frequency
  MIPS: Return -ENODEV from weak implementation of rtc_mips_set_time

7 years agoMIPS: Lantiq: Fix mask of GPE frequency
Hauke Mehrtens [Wed, 7 Dec 2016 21:32:00 +0000 (22:32 +0100)]
MIPS: Lantiq: Fix mask of GPE frequency

The hardware documentation says bit 11:10 are used for the GPE
frequency selection. Fix the mask in the define to match these bits.

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Thomas Langer <thomas.langer@intel.com>
Cc: linux-mips@linux-mips.org
Cc: john@phrozen.org
Patchwork: https://patchwork.linux-mips.org/patch/14648/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
7 years agoMIPS: Return -ENODEV from weak implementation of rtc_mips_set_time
Luuk Paulussen [Wed, 7 Dec 2016 22:43:34 +0000 (11:43 +1300)]
MIPS: Return -ENODEV from weak implementation of rtc_mips_set_time

The sync_cmos_clock function in kernel/time/ntp.c first tries to update
the internal clock of the cpu by calling the "update_persistent_clock64"
architecture specific function.  If this returns -ENODEV, it then tries
to update an external RTC using "rtc_set_ntp_time".

On the mips architecture, the weak implementation of the underlying
function would return 0 if it wasn't overridden.  This meant that the
sync_cmos_clock function would never try to update an external RTC
(if both CONFIG_GENERIC_CMOS_UPDATE and CONFIG_RTC_SYSTOHC are
configured)

Returning -ENODEV instead, means that an external RTC will be tried.

Signed-off-by: Luuk Paulussen <luuk.paulussen@alliedtelesis.co.nz>
Reviewed-by: Richard Laing <richard.laing@alliedtelesis.co.nz>
Reviewed-by: Scott Parlane <scott.parlane@alliedtelesis.co.nz>
Reviewed-by: Chris Packham <chris.packham@alliedtelesis.co.nz>
Cc: linux-mips@linux-mips.org
Patchwork: https://patchwork.linux-mips.org/patch/14649/
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
7 years agoMerge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
Linus Torvalds [Sat, 10 Dec 2016 17:47:13 +0000 (09:47 -0800)]
Merge branch 'linus' of git://git./linux/kernel/git/herbert/crypto-2.6

Pull crypto fixes from Herbert Xu:
 "This fixes the following issues:

   - Fix pointer size when caam is used with AArch64 boot loader on
     AArch32 kernel.

   - Fix ahash state corruption in marvell driver.

   - Fix buggy algif_aed tag handling.

   - Prevent mcryptd from being used with incompatible algorithms which
     can cause crashes"

* 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
  crypto: algif_aead - fix uninitialized variable warning
  crypto: mcryptd - Check mcryptd algorithm compatibility
  crypto: algif_aead - fix AEAD tag memory handling
  crypto: caam - fix pointer size for AArch64 boot loader, AArch32 kernel
  crypto: marvell - Don't corrupt state of an STD req for re-stepped ahash
  crypto: marvell - Don't copy hash operation twice into the SRAM

7 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Linus Torvalds [Sat, 10 Dec 2016 17:23:19 +0000 (09:23 -0800)]
Merge git://git./linux/kernel/git/davem/net

Pull networking fixes from David Miller:

 1) Limit the number of can filters to avoid > MAX_ORDER allocations.
    Fix from Marc Kleine-Budde.

 2) Limit GSO max size in netvsc driver to avoid problems with NVGRE
    configurations. From Stephen Hemminger.

 3) Return proper error when memory allocation fails in
    ser_gigaset_init(), from Dan Carpenter.

 4) Missing linkage undo in error paths of ipvlan_link_new(), from Gao
    Feng.

 5) Missing necessayr SET_NETDEV_DEV in lantiq and cpmac drivers, from
    Florian Fainelli.

 6) Handle probe deferral properly in smsc911x driver.

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net:
  net: mlx5: Fix Kconfig help text
  net: smsc911x: back out silently on probe deferrals
  ibmveth: set correct gso_size and gso_type
  net: ethernet: cpmac: Call SET_NETDEV_DEV()
  net: ethernet: lantiq_etop: Call SET_NETDEV_DEV()
  vhost-vsock: fix orphan connection reset
  cxgb4/cxgb4vf: Assign netdev->dev_port with port ID
  driver: ipvlan: Unlink the upper dev when ipvlan_link_new failed
  ser_gigaset: return -ENOMEM on error instead of success
  NET: usb: cdc_mbim: add quirk for supporting Telit LE922A
  can: peak: fix bad memory access and free sequence
  phy: Don't increment MDIO bus refcount unless it's a different owner
  netvsc: reduce maximum GSO size
  drivers: net: cpsw-phy-sel: Clear RGMII_IDMODE on "rgmii" links
  can: raw: raw_setsockopt: limit number of can_filter that can be set

7 years agonet: mlx5: Fix Kconfig help text
Christopher Covington [Fri, 9 Dec 2016 21:53:05 +0000 (16:53 -0500)]
net: mlx5: Fix Kconfig help text

Since the following commit, Infiniband and Ethernet have not been
mutually exclusive.

Fixes: 4aa17b28 mlx5: Enable mutual support for IB and Ethernet
Signed-off-by: Christopher Covington <cov@codeaurora.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agonet: smsc911x: back out silently on probe deferrals
Linus Walleij [Fri, 9 Dec 2016 13:18:00 +0000 (14:18 +0100)]
net: smsc911x: back out silently on probe deferrals

When trying to get a regulator we may get deferred and we see
this noise:

smsc911x 1b800000.ethernet-ebi2 (unnamed net_device) (uninitialized):
   couldn't get regulators -517

Then the driver continues anyway. Which means that the regulator
may not be properly retrieved and reference counted, and may be
switched off in case noone else is using it.

Fix this by returning silently on deferred probe and let the
system work it out.

Cc: Jeremy Linton <jeremy.linton@arm.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agoibmveth: set correct gso_size and gso_type
Thomas Falcon [Thu, 8 Dec 2016 22:40:03 +0000 (16:40 -0600)]
ibmveth: set correct gso_size and gso_type

This patch is based on an earlier one submitted
by Jon Maxwell with the following commit message:

"We recently encountered a bug where a few customers using ibmveth on the
same LPAR hit an issue where a TCP session hung when large receive was
enabled. Closer analysis revealed that the session was stuck because the
one side was advertising a zero window repeatedly.

We narrowed this down to the fact the ibmveth driver did not set gso_size
which is translated by TCP into the MSS later up the stack. The MSS is
used to calculate the TCP window size and as that was abnormally large,
it was calculating a zero window, even although the sockets receive buffer
was completely empty."

We rely on the Virtual I/O Server partition in a pseries
environment to provide the MSS through the TCP header checksum
field. The stipulation is that users should not disable checksum
offloading if rx packet aggregation is enabled through VIOS.

Some firmware offerings provide the MSS in the RX buffer.
This is signalled by a bit in the RX queue descriptor.

Reviewed-by: Brian King <brking@linux.vnet.ibm.com>
Reviewed-by: Pradeep Satyanarayana <pradeeps@linux.vnet.ibm.com>
Reviewed-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Reviewed-by: Jonathan Maxwell <jmaxwell37@gmail.com>
Reviewed-by: David Dai <zdai@us.ibm.com>
Signed-off-by: Thomas Falcon <tlfalcon@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agoMerge branch 'libnvdimm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdim...
Linus Torvalds [Fri, 9 Dec 2016 19:27:22 +0000 (11:27 -0800)]
Merge branch 'libnvdimm-fixes' of git://git./linux/kernel/git/nvdimm/nvdimm

Pull libnvdimm fixes from Dan Williams:
 "Several fixes to the DSM (ACPI device specific method) marshaling
  implementation.

  I consider these urgent enough to send for 4.9 consideration since
  they fix the kernel's handling of ARS (Address Range Scrub) commands.
  Especially for platforms without machine-check-recovery capabilities,
  successful execution of ARS commands enables the platform to
  potentially break out of an infinite reboot problem if a media error
  is present in the boot path. There is also a one line fix for a
  device-dax read-only mapping regression.

  Commits 9a901f5495e2 ("acpi, nfit: fix extended status translations
  for ACPI DSMs") and 325896ffdf90 ("device-dax: fix private mapping
  restriction, permit read-only") are true regression fixes for changes
  introduced this cycle.

  Commit efda1b5d87cb ("acpi, nfit, libnvdimm: fix / harden ars_status
  output length handling") fixes the kernel's handling of zero-length
  results, this never would have worked in the past, but we only just
  recently discovered a BIOS implementation that emits this arguably
  spec non-compliant result.

  The remaining two commits are additional fall out from thinking
  through the implications of a zero / truncated length result of the
  ARS Status command.

  In order to mitigate the risk that these changes introduce yet more
  regressions they are backstopped by a new unit test in commit
  a7de92dac9f0 ("tools/testing/nvdimm: unit test acpi_nfit_ctl()") that
  mocks up inputs to acpi_nfit_ctl()"

* 'libnvdimm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm:
  device-dax: fix private mapping restriction, permit read-only
  tools/testing/nvdimm: unit test acpi_nfit_ctl()
  acpi, nfit: fix bus vs dimm confusion in xlat_status
  acpi, nfit: validate ars_status output buffer size
  acpi, nfit, libnvdimm: fix / harden ars_status output length handling
  acpi, nfit: fix extended status translations for ACPI DSMs

7 years agoMerge branch 'for-4.9-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj...
Linus Torvalds [Fri, 9 Dec 2016 19:07:45 +0000 (11:07 -0800)]
Merge branch 'for-4.9-fixes' of git://git./linux/kernel/git/tj/libata

Pull libata fixes from Tejun Heo:
 "This is quite late but SCT Write Same support added during this cycle
  is broken subtly but seriously and it'd be best to disable it before
  v4.9 gets released.

  This contains two commits - one low impact sata_mv fix and the
  mentioned disabling of SCT Write Same"

* 'for-4.9-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata:
  libata-scsi: disable SCT Write Same for the moment
  ata: sata_mv: check for errors when parsing nr-ports from dt

7 years agoMerge tag 'ceph-for-4.9-rc9' of git://github.com/ceph/ceph-client
Linus Torvalds [Fri, 9 Dec 2016 19:02:40 +0000 (11:02 -0800)]
Merge tag 'ceph-for-4.9-rc9' of git://github.com/ceph/ceph-client

Pull ceph fix from Ilya Dryomov:
 "A fix for an issue with ->d_revalidate() in ceph, causing frequent
  kernel crashes.

  Marked for stable - it goes back to 4.6, but started popping up only
  in 4.8"

* tag 'ceph-for-4.9-rc9' of git://github.com/ceph/ceph-client:
  ceph: don't set req->r_locked_dir in ceph_d_revalidate

7 years agoMerge tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc
Linus Torvalds [Fri, 9 Dec 2016 19:00:39 +0000 (11:00 -0800)]
Merge tag 'armsoc-fixes' of git://git./linux/kernel/git/arm/arm-soc

Pull ARM SoC fixes from Olof Johansson:
 "Final batch of SoC fixes

  A few fixes that have trickled in over the last week, all fixing minor
  errors in devicetrees -- UART pin assignment on Allwinner H3,
  correcting number of SATA ports on a Marvell-based Linkstation
  platform and a display clock fix for Freescale/NXP i.MX7D that fixes a
  freeze when starting up X"

* tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc:
  ARM: dts: orion5x: fix number of sata port for linkstation ls-gl
  ARM: dts: imx7d: fix LCDIF clock assignment
  dts: sun8i-h3: correct UART3 pin definitions

7 years agoMerge tag 'm68k-for-v4.9-tag2' of git://git.kernel.org/pub/scm/linux/kernel/git/geert...
Linus Torvalds [Fri, 9 Dec 2016 18:54:54 +0000 (10:54 -0800)]
Merge tag 'm68k-for-v4.9-tag2' of git://git./linux/kernel/git/geert/linux-m68k

Pull m68k fixes from Geert Uytterhoeven:

 - build fix for drivers calling ndelay() in a conditional block without
   curly braces

 - defconfig updates

* tag 'm68k-for-v4.9-tag2' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/linux-m68k:
  m68k: Fix ndelay() macro
  m68k/defconfig: Update defconfigs for v4.9-rc1

7 years agoMerge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linux
Linus Torvalds [Fri, 9 Dec 2016 18:50:49 +0000 (10:50 -0800)]
Merge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linux

Pull drm fix from Dave Airlie:
 "Just a single fix for amdgpu to just suspend the gpu on 'shutdown'
  instead of shutting it down fully, as for some reason the hw was
  getting upset in some situations"

* 'drm-fixes' of git://people.freedesktop.org/~airlied/linux:
  drm/amdgpu: just suspend the hw on pci shutdown

7 years agoRevert "radix tree test suite: fix compilation"
Linus Torvalds [Fri, 9 Dec 2016 18:41:42 +0000 (10:41 -0800)]
Revert "radix tree test suite: fix compilation"

This reverts commit 53855d10f4567a0577360b6448d52a863929775b.

It shouldn't have come in yet - it depends on the changes in linux-next
that will come in during the next merge window.  As Matthew Wilcox says,
the test suite is broken with the current state without the revert.

Requested-by: Matthew Wilcox <mawilcox@microsoft.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
7 years agoMerge branch 'ethernet-missing-netdev-parent'
David S. Miller [Fri, 9 Dec 2016 02:26:59 +0000 (21:26 -0500)]
Merge branch 'ethernet-missing-netdev-parent'

Florian Fainelli says:

====================
net: ethernet: Make sure we set dev->dev.parent

This patch series builds atop:

ec988ad78ed6d184a7f4ca6b8e962b0e8f1de461 ("phy: Don't increment MDIO
bus refcount unless it's a different owner")

FMAN is the one that potentially needs patching as well (call
SET_NETDEV_DEV), but there appears to be no way that init_phy is
called right now, or there is not such an in-tree user. Madalin, can
you comment on that?
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agonet: ethernet: cpmac: Call SET_NETDEV_DEV()
Florian Fainelli [Thu, 8 Dec 2016 19:41:25 +0000 (11:41 -0800)]
net: ethernet: cpmac: Call SET_NETDEV_DEV()

The TI CPMAC driver calls into PHYLIB which now checks for
net_device->dev.parent, so make sure we do set it before calling into
any MDIO/PHYLIB related function.

Fixes: ec988ad78ed6 ("phy: Don't increment MDIO bus refcount unless it's a different owner")
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agonet: ethernet: lantiq_etop: Call SET_NETDEV_DEV()
Florian Fainelli [Thu, 8 Dec 2016 19:41:24 +0000 (11:41 -0800)]
net: ethernet: lantiq_etop: Call SET_NETDEV_DEV()

The Lantiq Etop driver calls into PHYLIB which now checks for
net_device->dev.parent, so make sure we do set it before calling into
any MDIO/PHYLIB related function.

Fixes: ec988ad78ed6 ("phy: Don't increment MDIO bus refcount unless it's a different owner")
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agovhost-vsock: fix orphan connection reset
Peng Tao [Thu, 8 Dec 2016 17:10:46 +0000 (01:10 +0800)]
vhost-vsock: fix orphan connection reset

local_addr.svm_cid is host cid. We should check guest cid instead,
which is remote_addr.svm_cid. Otherwise we end up resetting all
connections to all guests.

Cc: stable@vger.kernel.org [4.8+]
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Peng Tao <bergwolf@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agoMerge branch 'parisc-4.9-5' of git://git.kernel.org/pub/scm/linux/kernel/git/deller...
Linus Torvalds [Thu, 8 Dec 2016 23:40:15 +0000 (15:40 -0800)]
Merge branch 'parisc-4.9-5' of git://git./linux/kernel/git/deller/parisc-linux

Pull parisc fixes from Helge Deller:
 "Three important fixes for the parisc architecture.

  Dave provided two patches: One which purges the TLB before setting a
  PTE entry and a second one which drops unnecessary TLB flushes. Both
  patches have been tested for one week on the debian buildd servers and
  prevent random segmentation faults.

  The patch from me fixes a crash at boot inside the TLB measuring code
  on SMP machines with PA8000-PA8700 CPUs (specifically A500-44 and
  J5000 servers)"

* 'parisc-4.9-5' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux:
  parisc: Fix TLB related boot crash on SMP machines
  parisc: Remove unnecessary TLB purges from flush_dcache_page_asm and flush_icache_page_asm
  parisc: Purge TLB before setting PTE

7 years agoMerge tag 'linux-can-fixes-for-4.9-20161208' of git://git.kernel.org/pub/scm/linux...
David S. Miller [Thu, 8 Dec 2016 23:22:40 +0000 (18:22 -0500)]
Merge tag 'linux-can-fixes-for-4.9-20161208' of git://git./linux/kernel/git/mkl/linux-can

Marc Kleine-Budde says:

====================
pull-request: can 2016-12-08

this is a pull request for one patch.

Jiho Chu found and fixed a use-after-free error in the cleanup path in
the peak pcan USB CAN driver.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agocxgb4/cxgb4vf: Assign netdev->dev_port with port ID
Arjun V [Thu, 8 Dec 2016 12:39:23 +0000 (18:09 +0530)]
cxgb4/cxgb4vf: Assign netdev->dev_port with port ID

Added missing dev_port assignment in cxgb4vf driver.
Also made dev_port assignment of cxgb4 in sync with cxgb4vf driver.

Signed-off-by: Casey Leedom <leedom@chelsio.com>
Signed-off-by: Arjun V <arjun@chelsio.com>
Signed-off-by: Hariprasad Shenai <hariprasad@chelsio.com>
Signed-off-by: Ganesh Goudar <ganeshgr@chelsio.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agoparisc: Fix TLB related boot crash on SMP machines
Helge Deller [Thu, 8 Dec 2016 20:00:46 +0000 (21:00 +0100)]
parisc: Fix TLB related boot crash on SMP machines

At bootup we run measurements to calculate the best threshold for when we
should be using full TLB flushes instead of just flushing a specific amount of
TLB entries.  This performance test is run over the kernel text segment.

But running this TLB performance test on the kernel text segment turned out to
crash some SMP machines when the kernel text pages were mapped as huge pages.

To avoid those crashes this patch simply skips this test on some SMP machines
and calculates an optimal threshold based on the maximum number of available
TLB entries and number of online CPUs.

On a technical side, this seems to happen:
The TLB measurement code uses flush_tlb_kernel_range() to flush specific TLB
entries with a page size of 4k (pdtlb 0(sr1,addr)). On UP systems this purge
instruction seems to work without problems even if the pages were mapped as
huge pages.  But on SMP systems the TLB purge instruction is broadcasted to
other CPUs. Those CPUs then crash the machine because the page size is not as
expected.  C8000 machines with PA8800/PA8900 CPUs were not affected by this
problem, because the required cache coherency prohibits to use huge pages at
all.  Sadly I didn't found any documentation about this behaviour, so this
finding is purely based on testing with phyiscal SMP machines (A500-44 and
J5000, both were 2-way boxes).

Cc: <stable@vger.kernel.org> # v3.18+
Signed-off-by: Helge Deller <deller@gmx.de>
7 years agoMerge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
Linus Torvalds [Thu, 8 Dec 2016 20:04:41 +0000 (12:04 -0800)]
Merge tag 'scsi-fixes' of git://git./linux/kernel/git/jejb/scsi

Pull SCSI fix from James Bottomley:
 "One small fix for a regression in a prior fix (again).

  This time the condition in the prior fix BUG_ON proved to be wrong
  under certain circumstances causing a BUG to trigger where it
  shouldn't in the lpfc driver"

* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
  scsi: lpfc: fix oops/BUG in lpfc_sli_ringtxcmpl_put()

7 years agodriver: ipvlan: Unlink the upper dev when ipvlan_link_new failed
Gao Feng [Thu, 8 Dec 2016 03:16:58 +0000 (11:16 +0800)]
driver: ipvlan: Unlink the upper dev when ipvlan_link_new failed

When netdev_upper_dev_unlink failed in ipvlan_link_new, need to
unlink the ipvlan dev with upper dev.

Signed-off-by: Gao Feng <fgao@ikuai8.com>
Acked-by: Mahesh Bandewar <maheshb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agoser_gigaset: return -ENOMEM on error instead of success
Dan Carpenter [Wed, 7 Dec 2016 11:22:03 +0000 (14:22 +0300)]
ser_gigaset: return -ENOMEM on error instead of success

If we can't allocate the resources in gigaset_initdriver() then we
should return -ENOMEM instead of zero.

Fixes: 2869b23e4b95 ("[PATCH] drivers/isdn/gigaset: new M101 driver (v2)")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agoARM: dts: orion5x: fix number of sata port for linkstation ls-gl
Roger Shimizu [Thu, 1 Dec 2016 15:11:12 +0000 (00:11 +0900)]
ARM: dts: orion5x: fix number of sata port for linkstation ls-gl

Bug report from Debian [0] shows there's minor changed model of
Linkstation LS-GL that uses the 2nd SATA port of the SoC.
So it's necessary to enable two SATA ports, though for that specific
model only the 2nd one is used.

[0] https://bugs.debian.org/845611

Fixes: b1742ffa9ddb ("ARM: dts: orion5x: add device tree for buffalo linkstation ls-gl")
Reported-by: Ryan Tandy <ryan@nardis.ca>
Tested-by: Ryan Tandy <ryan@nardis.ca>
Signed-off-by: Roger Shimizu <rogershimizu@gmail.com>
Signed-off-by: Gregory CLEMENT <gregory.clement@free-electrons.com>
7 years agoNET: usb: cdc_mbim: add quirk for supporting Telit LE922A
Daniele Palmas [Wed, 7 Dec 2016 13:07:48 +0000 (14:07 +0100)]
NET: usb: cdc_mbim: add quirk for supporting Telit LE922A

Telit LE922A MBIM based composition does not work properly
with altsetting toggle done in cdc_ncm_bind_common.

This patch adds CDC_MBIM_FLAG_AVOID_ALTSETTING_TOGGLE quirk
to avoid this procedure that, instead, is mandatory for
other modems.

Signed-off-by: Daniele Palmas <dnlplm@gmail.com>
Reviewed-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agocan: peak: fix bad memory access and free sequence
추지호 [Thu, 8 Dec 2016 12:01:13 +0000 (12:01 +0000)]
can: peak: fix bad memory access and free sequence

Fix for bad memory access while disconnecting. netdev is freed before
private data free, and dev is accessed after freeing netdev.

This makes a slub problem, and it raise kernel oops with slub debugger
config.

Signed-off-by: Jiho Chu <jiho.chu@samsung.com>
Cc: linux-stable <stable@vger.kernel.org>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
7 years agoceph: don't set req->r_locked_dir in ceph_d_revalidate
Jeff Layton [Wed, 30 Nov 2016 20:56:46 +0000 (15:56 -0500)]
ceph: don't set req->r_locked_dir in ceph_d_revalidate

This function sets req->r_locked_dir which is supposed to indicate to
ceph_fill_trace that the parent's i_rwsem is locked for write.
Unfortunately, there is no guarantee that the dir will be locked when
d_revalidate is called, so we really don't want ceph_fill_trace to do
any dcache manipulation from this context. Clear req->r_locked_dir since
it's clearly not safe to do that.

What we really want to know with d_revalidate is whether the dentry
still points to the same inode. ceph_fill_trace installs a pointer to
the inode in req->r_target_inode, so we can just compare that to
d_inode(dentry) to see if it's the same one after the lookup.

Also, since we aren't generally interested in the parent here, we can
switch to using a GETATTR to hint that to the MDS, which also means that
we only need to reserve one cap.

Finally, just remove the d_unhashed check. That's really outside the
purview of a filesystem's d_revalidate. If the thing became unhashed
while we're checking it, then that's up to the VFS to handle anyway.

Fixes: 200fd27c8fa2 ("ceph: use lookup request to revalidate dentry")
Link: http://tracker.ceph.com/issues/18041
Reported-by: Donatas Abraitis <donatas.abraitis@gmail.com>
Signed-off-by: Jeff Layton <jlayton@redhat.com>
Reviewed-by: "Yan, Zheng" <zyan@redhat.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
7 years agocrypto: algif_aead - fix uninitialized variable warning
Stephan Mueller [Thu, 8 Dec 2016 06:09:44 +0000 (07:09 +0100)]
crypto: algif_aead - fix uninitialized variable warning

In case the user provided insufficient data, the code may return
prematurely without any operation. In this case, the processed
data indicated with outlen is zero.

Reported-by: Stephen Rothwell <sfr@canb.auug.org.au>
Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
7 years agoMerge branch 'akpm' (patches from Andrew)
Linus Torvalds [Thu, 8 Dec 2016 01:28:38 +0000 (17:28 -0800)]
Merge branch 'akpm' (patches from Andrew)

Merge more fixes from Andrew Morton:
 "3 fixes"

* emailed patches from Andrew Morton <akpm@linux-foundation.org>:
  kcov: add missing #include <linux/sched.h>
  radix tree test suite: fix compilation
  zram: restrict add/remove attributes to root only

7 years agokcov: add missing #include <linux/sched.h>
Kefeng Wang [Wed, 7 Dec 2016 22:44:36 +0000 (14:44 -0800)]
kcov: add missing #include <linux/sched.h>

In __sanitizer_cov_trace_pc we use task_struct and fields within it, but
as we haven't included <linux/sched.h>, it is not guaranteed to be
defined.  While we usually happen to acquire the definition through a
transitive include, this is fragile (and hasn't been true in the past,
causing issues with backports).

Include <linux/sched.h> to avoid any fragility.

[mark.rutland@arm.com: rewrote changelog]
Link: http://lkml.kernel.org/r/1481007384-27529-1-git-send-email-wangkefeng.wang@huawei.com
Signed-off-by: Kefeng Wang <wangkefeng.wang@huawei.com>
Acked-by: Mark Rutland <mark.rutland@arm.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Cc: Andrey Ryabinin <aryabinin@virtuozzo.com>
Cc: James Morse <james.morse@arm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
7 years agoradix tree test suite: fix compilation
Matthew Wilcox [Wed, 7 Dec 2016 22:44:33 +0000 (14:44 -0800)]
radix tree test suite: fix compilation

Patch "lib/radix-tree: Convert to hotplug state machine" breaks the test
suite as it adds a call to cpuhp_setup_state_nocalls() which is not
currently emulated in the test suite.  Add it, and delete the emulation
of the old CPU hotplug mechanism.

Link: http://lkml.kernel.org/r/1480369871-5271-36-git-send-email-mawilcox@linuxonhyperv.com
Signed-off-by: Matthew Wilcox <mawilcox@microsoft.com>
Tested-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Cc: Konstantin Khlebnikov <koct9i@gmail.com>
Cc: Ross Zwisler <ross.zwisler@linux.intel.com>
Cc: Matthew Wilcox <mawilcox@microsoft.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
7 years agozram: restrict add/remove attributes to root only
Sergey Senozhatsky [Wed, 7 Dec 2016 22:44:31 +0000 (14:44 -0800)]
zram: restrict add/remove attributes to root only

zram hot_add sysfs attribute is a very 'special' attribute - reading
from it creates a new uninitialized zram device.  This file, by a
mistake, can be read by a 'normal' user at the moment, while only root
must be able to create a new zram device, therefore hot_add attribute
must have S_IRUSR mode, not S_IRUGO.

[akpm@linux-foundation.org: s/sence/sense/, reflow comment to use 80 cols]
Fixes: 6566d1a32bf72 ("zram: add dynamic device add/remove functionality")
Link: http://lkml.kernel.org/r/20161205155845.20129-1-sergey.senozhatsky@gmail.com
Signed-off-by: Sergey Senozhatsky <sergey.senozhatsky@gmail.com>
Reported-by: Steven Allen <steven@stebalien.com>
Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Minchan Kim <minchan@kernel.org>
Cc: <stable@vger.kernel.org> [4.2+]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
7 years agoMerge branch 'drm-fixes-4.9' of git://people.freedesktop.org/~agd5f/linux into drm...
Dave Airlie [Thu, 8 Dec 2016 00:32:27 +0000 (10:32 +1000)]
Merge branch 'drm-fixes-4.9' of git://people.freedesktop.org/~agd5f/linux into drm-fixes

another regression fix for the shutdown stuff.

* 'drm-fixes-4.9' of git://people.freedesktop.org/~agd5f/linux:
  drm/amdgpu: just suspend the hw on pci shutdown

7 years agolibata-scsi: disable SCT Write Same for the moment
Nicolai Stange [Wed, 7 Dec 2016 21:21:33 +0000 (22:21 +0100)]
libata-scsi: disable SCT Write Same for the moment

SCT Write Same support had been introduced with
commit 7b2030942859 ("libata: Add support for SCT Write Same")

Some problems, namely excessive userspace segfaults, had been reported at

  http://lkml.kernel.org/r/20160908192736.GA4356@gmail.com

This lead to commit 0ce1b18c42a5 ("libata: Some drives failing on
SCT Write Same") which strived to disable SCT Write Same on !ZAC devices.
Due to the way this was done and to the logic in sd_config_write_same(),
this didn't work for those devices that have
->max_ws_blocks > SD_MAX_WS10_BLOCKS: for these, ->no_write_same and
->max_write_same_sectors would still be non-zero,
but ->ws10 == ->ws16 == 0. This would cause sd_setup_write_same_cmnd() to
demultiplex REQ_OP_WRITE_SAME requests to WRITE_SAME, and these in turn
aren't supported by libata-scsi:

  EXT4-fs (dm-1): Delayed block allocation failed for inode 2625094 at
                  logical offset 2032 with max blocks 2 with error 121
  EXT4-fs (dm-1): This should not happen!! Data will be lost

121 == EREMOTEIO is what scsi_io_completion() asserts in case of
invalid opcodes.

Back to the original problem of userspace segfaults: this can be tracked
down to ata_format_sct_write_same() overwriting the input page. Sometimes,
this page is ZERO_PAGE(0) which ceases to be filled with zeros from that
point on. Since ZERO_PAGE(0) is used for userspace .bss mappings, code of
the following is doomed:

  static char *a = NULL; /* .bss */
  ...
  if (a)
    *a = 'a';

This problem is not solved by disabling SCT Write Same for !ZAC devices
only.

It can certainly be fixed, but the final release is quite close -- so
disable SCT Write Same for all ATA devices rather than introducing some
SCT key buffer allocation schemes at this point.

Fixes: 7b2030942859 ("libata: Add support for SCT Write Same")
Signed-off-by: Nicolai Stange <nicstange@gmail.com>
Signed-off-by: Tejun Heo <tj@kernel.org>
7 years agoARM: dts: imx7d: fix LCDIF clock assignment
Stefan Agner [Wed, 23 Nov 2016 00:42:04 +0000 (16:42 -0800)]
ARM: dts: imx7d: fix LCDIF clock assignment

The eLCDIF IP of the i.MX 7 SoC knows multiple clocks and lists them
separately:

Clock      Clock Root              Description
apb_clk    MAIN_AXI_CLK_ROOT       AXI clock
pix_clk    LCDIF_PIXEL_CLK_ROOT    Pixel clock
ipg_clk_s  MAIN_AXI_CLK_ROOT       Peripheral access clock

All of them are switched by a single gate, which is part of the
IMX7D_LCDIF_PIXEL_ROOT_CLK clock. Hence using that clock also for
the AXI bus clock (clock-name "axi") makes sure the gate gets
enabled when accessing registers.

There seem to be no separate AXI display clock, and the clock is
optional. Hence remove the dummy clock.

This fixes kernel freezes when starting the X-Server (which
disables/re-enables the display controller).

Fixes: e8ed73f691bd ("ARM: dts: imx7d: add lcdif support")
Signed-off-by: Stefan Agner <stefan@agner.ch>
Reviewed-by: Fabio Estevam <fabio.estevam@nxp.com>
Acked-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Olof Johansson <olof@lixom.net>
7 years agodts: sun8i-h3: correct UART3 pin definitions
Jorik Jonker [Tue, 6 Dec 2016 14:27:10 +0000 (15:27 +0100)]
dts: sun8i-h3: correct UART3 pin definitions

In a previous commit, I made a copy/paste error in the pinmux
definitions of UART3: PG{13,14} instead of PA{13,14}. This commit takes
care of that. I have tested this commit on Orange Pi PC and Orange Pi
Plus, and it works for these boards.

Fixes: e3d11d3c45c5 ("dts: sun8i-h3: add pinmux definitions for
UART2-3")

Signed-off-by: Jorik Jonker <jorik@kippendief.biz>
Acked-by: Maxime Ripard <maxime.ripard@free-electrons.com>
Signed-off-by: Olof Johansson <olof@lixom.net>
7 years agoMerge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel...
Linus Torvalds [Wed, 7 Dec 2016 19:39:27 +0000 (11:39 -0800)]
Merge branch 'x86-urgent-for-linus' of git://git./linux/kernel/git/tip/tip

Pull x86 fixes from Ingo Molnar:
 "Misc fixes: a core dumping crash fix, a guess-unwinder regression fix,
  plus three build warning fixes"

* 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  x86/unwind: Fix guess-unwinder regression
  x86/build: Annotate die() with noreturn to fix build warning on clang
  x86/platform/olpc: Fix resume handler build warning
  x86/apic/uv: Silence a shift wrapping warning
  x86/coredump: Always use user_regs_struct for compat_elf_gregset_t

7 years agoMerge branch 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel...
Linus Torvalds [Wed, 7 Dec 2016 19:35:55 +0000 (11:35 -0800)]
Merge branch 'sched-urgent-for-linus' of git://git./linux/kernel/git/tip/tip

Pull scheduler fix from Ingo Molnar:
 "An autogroup nice level adjustment bug fix"

* 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  sched/autogroup: Fix 64-bit kernel nice level adjustment

7 years agoMerge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel...
Linus Torvalds [Wed, 7 Dec 2016 19:32:19 +0000 (11:32 -0800)]
Merge branch 'perf-urgent-for-linus' of git://git./linux/kernel/git/tip/tip

Pull perf fixes from Ingo Molnar:
 "A bogus warning fix, a counter width handling fix affecting certain
  machines, plus a oneliner hw-enablement patch for Knights Mill CPUs"

* 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  perf/core: Remove invalid warning from list_update_cgroup_even()t
  perf/x86: Fix full width counter, counter overflow
  perf/x86/intel: Enable C-state residency events for Knights Mill

7 years agoMerge branch 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel...
Linus Torvalds [Wed, 7 Dec 2016 19:27:33 +0000 (11:27 -0800)]
Merge branch 'locking-urgent-for-linus' of git://git./linux/kernel/git/tip/tip

Pull locking fixes from Ingo Molnar:
 "Two rtmutex race fixes (which miraculously never triggered, that we
  know of), plus two lockdep printk formatting regression fixes"

* 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  lockdep: Fix report formatting
  locking/rtmutex: Use READ_ONCE() in rt_mutex_owner()
  locking/rtmutex: Prevent dequeue vs. unlock race
  locking/selftest: Fix output since KERN_CONT changes

7 years agoMerge branch 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel...
Linus Torvalds [Wed, 7 Dec 2016 18:56:00 +0000 (10:56 -0800)]
Merge branch 'core-urgent-for-linus' of git://git./linux/kernel/git/tip/tip

Pull objtool fix from Ingo Molnar:
 "A single late breaking fix for objtool"

* 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  objtool: Fix bytes check of lea's rex_prefix

7 years agophy: Don't increment MDIO bus refcount unless it's a different owner
Florian Fainelli [Wed, 7 Dec 2016 04:54:43 +0000 (20:54 -0800)]
phy: Don't increment MDIO bus refcount unless it's a different owner

Commit 3e3aaf649416 ("phy: fix mdiobus module safety") fixed the way we
dealt with MDIO bus module reference count, but sort of introduced a
regression in that, if an Ethernet driver registers its own MDIO bus
driver, as is common, we will end up with the Ethernet driver's
module->refnct set to 1, thus preventing this driver from any removal.

Fix this by comparing the network device's device driver owner against
the MDIO bus driver owner, and only if they are different, increment the
MDIO bus module refcount.

Fixes: 3e3aaf649416 ("phy: fix mdiobus module safety")
Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agonetvsc: reduce maximum GSO size
stephen hemminger [Tue, 6 Dec 2016 21:43:54 +0000 (13:43 -0800)]
netvsc: reduce maximum GSO size

Hyper-V (and Azure) support using NVGRE which requires some extra space
for encapsulation headers. Because of this the largest allowed TSO
packet is reduced.

For older releases, hard code a fixed reduced value.  For next release,
there is a better solution which uses result of host offload
negotiation.

Signed-off-by: Stephen Hemminger <sthemmin@microsoft.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agodrivers: net: cpsw-phy-sel: Clear RGMII_IDMODE on "rgmii" links
Alex [Tue, 6 Dec 2016 18:56:51 +0000 (10:56 -0800)]
drivers: net: cpsw-phy-sel: Clear RGMII_IDMODE on "rgmii" links

Support for setting the RGMII_IDMODE bit was added in the commit
referenced below. However, that commit did not add the symmetrical
clearing of the bit by way of setting it in "mask". Add it here.

Note that the documentation marks clearing this bit as "reserved",
however, according to TI, support for delaying the clock does exist in
the MAC, although it is not officially supported.
We tested this on a board with an RGMII to RGMII link that will not
work unless this bit is cleared.

Fixes: 0fb26c3063ea ("drivers: net: cpsw-phy-sel: add support to configure rgmii internal delay")
Signed-off-by: Alexandru Gagniuc <alex.g@adaptrum.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agoMerge tag 'linux-can-fixes-for-4.9-20161207' of git://git.kernel.org/pub/scm/linux...
David S. Miller [Wed, 7 Dec 2016 17:07:09 +0000 (12:07 -0500)]
Merge tag 'linux-can-fixes-for-4.9-20161207' of git://git./linux/kernel/git/mkl/linux-can

Marc Kleine-Budde says:

====================
pull-request: can 2016-12-07

Andrey Konovalov triggered a warning in the CAN RAW layer, which is
fixed by a patch by me.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
7 years agoMerge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi...
Linus Torvalds [Wed, 7 Dec 2016 16:45:23 +0000 (08:45 -0800)]
Merge branch 'for-linus' of git://git./linux/kernel/git/mszeredi/fuse

Pull fuse fix from Miklos Szeredi:
 "Fix a regression spotted by Jeff Layton"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse:
  fuse: fix clearing suid, sgid for chown()

7 years agoRevert "default exported asm symbols to zero"
Linus Torvalds [Wed, 7 Dec 2016 16:39:00 +0000 (08:39 -0800)]
Revert "default exported asm symbols to zero"

This reverts commit 8ab2ae655bfe384335c5b6b0d6041e0ddce26b00.

I loved that commit because of how it explained what the problem with
newer versions of binutils were, but the actual patch itself turns out
to not work very well.

It has two problems:

 - a zero CRC value isn't actually right.  It happens to work for the
   case where both sides of the equation fail at giving the symbol a
   crc, but there are cases where the users of the exported symbol get
   the right crc (due to seeing the C declarations), but the actual
   exporting itself does not (due to the whole weak asm symbol issue).

   So then the module load fails after all - we did have a crc for the
   symbol, but we couldn't match it with the loaded module.

 - it seems that the alpha assembler has special semantics for the
   '.set' directive, and on alpha it doesn't actually set the value of
   the specified symbol at all, it is instead used to set various
   assembly modes (eg ".set noat" and ".set noreorder").

   So using ".set" to set the symbol value would just cause build
   failures on alpha.

I'm sure we'll find some other workaround for these issues (hopefully
that involves getting rid of modversions entirely some day, but people
are also talking about just using smarter tools).  But for now we'll
just fall back on commit faaae2a58143 ("Re-enable CONFIG_MODVERSIONS in
a slightly weaker form") that just let's a missing crc through.

Reported-by: Jan Stancek <jstancek@redhat.com>
Reported-by: Philip Müller <philm@manjaro.org>
Reported-by: Guenter Roeck <linux@roeck-us.net>
Cc: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
7 years agoDon't feed anything but regular iovec's to blk_rq_map_user_iov
Linus Torvalds [Wed, 7 Dec 2016 00:18:14 +0000 (16:18 -0800)]
Don't feed anything but regular iovec's to blk_rq_map_user_iov

In theory we could map other things, but there's a reason that function
is called "user_iov".  Using anything else (like splice can do) just
confuses it.

Reported-and-tested-by: Johannes Thumshirn <jthumshirn@suse.de>
Cc: Al Viro <viro@ZenIV.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
7 years agodrm/amdgpu: just suspend the hw on pci shutdown
Alex Deucher [Tue, 6 Dec 2016 15:38:29 +0000 (10:38 -0500)]
drm/amdgpu: just suspend the hw on pci shutdown

We can't just reuse pci_remove as there may be userspace still
doing things.

Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=98638
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=97980
Reviewed-by: Christian König <christian.koenig@amd.com>
Reported-and-tested-by: Mike Lothian <mike@fireburn.co.uk>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
7 years agocrypto: mcryptd - Check mcryptd algorithm compatibility
tim [Mon, 5 Dec 2016 19:46:31 +0000 (11:46 -0800)]
crypto: mcryptd - Check mcryptd algorithm compatibility

Algorithms not compatible with mcryptd could be spawned by mcryptd
with a direct crypto_alloc_tfm invocation using a "mcryptd(alg)" name
construct.  This causes mcryptd to crash the kernel if an arbitrary
"alg" is incompatible and not intended to be used with mcryptd.  It is
an issue if AF_ALG tries to spawn mcryptd(alg) to expose it externally.
But such algorithms must be used internally and not be exposed.

We added a check to enforce that only internal algorithms are allowed
with mcryptd at the time mcryptd is spawning an algorithm.

Link: http://marc.info/?l=linux-crypto-vger&m=148063683310477&w=2
Cc: stable@vger.kernel.org
Reported-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Tim Chen <tim.c.chen@linux.intel.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
7 years agocrypto: algif_aead - fix AEAD tag memory handling
Stephan Mueller [Mon, 5 Dec 2016 14:26:19 +0000 (15:26 +0100)]
crypto: algif_aead - fix AEAD tag memory handling

For encryption, the AEAD ciphers require AAD || PT as input and generate
AAD || CT || Tag as output and vice versa for decryption. Prior to this
patch, the AF_ALG interface for AEAD ciphers requires the buffer to be
present as input for encryption. Similarly, the output buffer for
decryption required the presence of the tag buffer too. This implies
that the kernel reads / writes data buffers from/to kernel space
even though this operation is not required.

This patch changes the AF_ALG AEAD interface to be consistent with the
in-kernel AEAD cipher requirements.

Due to this handling, he changes are transparent to user space with one
exception: the return code of recv indicates the mount of output buffer.
That output buffer has a different size compared to before the patch
which implies that the return code of recv will also be different.
For example, a decryption operation uses 16 bytes AAD, 16 bytes CT and
16 bytes tag, the AF_ALG AEAD interface before showed a recv return
code of 48 (bytes) whereas after this patch, the return code is 32
since the tag is not returned any more.

Reported-by: Mat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: Stephan Mueller <smueller@chronox.de>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
7 years agocrypto: caam - fix pointer size for AArch64 boot loader, AArch32 kernel
Horia Geantă [Mon, 5 Dec 2016 09:06:58 +0000 (11:06 +0200)]
crypto: caam - fix pointer size for AArch64 boot loader, AArch32 kernel

Start with a clean slate before dealing with bit 16 (pointer size)
of Master Configuration Register.
This fixes the case of AArch64 boot loader + AArch32 kernel, when
the boot loader might set MCFGR[PS] and kernel would fail to clear it.

Cc: <stable@vger.kernel.org>
Reported-by: Alison Wang <alison.wang@nxp.com>
Signed-off-by: Horia Geantă <horia.geanta@nxp.com>
Reviewed-By: Alison Wang <Alison.wang@nxp.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
7 years agocrypto: marvell - Don't corrupt state of an STD req for re-stepped ahash
Romain Perier [Mon, 5 Dec 2016 08:56:39 +0000 (09:56 +0100)]
crypto: marvell - Don't corrupt state of an STD req for re-stepped ahash

mv_cesa_hash_std_step() copies the creq->state into the SRAM at each
step, but this is only required on the first one. By doing that, we
overwrite the engine state, and get erroneous results when the crypto
request is split in several chunks to fit in the internal SRAM.

This commit changes the function to copy the state only on the first
step.

Fixes: commit 2786cee8e50b ("crypto: marvell - Move SRAM I/O op...")
Signed-off-by: Romain Perier <romain.perier@free-electrons.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
7 years agocrypto: marvell - Don't copy hash operation twice into the SRAM
Romain Perier [Mon, 5 Dec 2016 08:56:38 +0000 (09:56 +0100)]
crypto: marvell - Don't copy hash operation twice into the SRAM

No need to copy the template of an hash operation twice into the SRAM
from the step function.

Fixes: commit 85030c5168f1 ("crypto: marvell - Add support for chai...")
Signed-off-by: Romain Perier <romain.perier@free-electrons.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
7 years agocan: raw: raw_setsockopt: limit number of can_filter that can be set
Marc Kleine-Budde [Mon, 5 Dec 2016 10:44:23 +0000 (11:44 +0100)]
can: raw: raw_setsockopt: limit number of can_filter that can be set

This patch adds a check to limit the number of can_filters that can be
set via setsockopt on CAN_RAW sockets. Otherwise allocations > MAX_ORDER
are not prevented resulting in a warning.

Reference: https://lkml.org/lkml/2016/12/2/230

Reported-by: Andrey Konovalov <andreyknvl@google.com>
Tested-by: Andrey Konovalov <andreyknvl@google.com>
Cc: linux-stable <stable@vger.kernel.org>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
7 years agoparisc: Remove unnecessary TLB purges from flush_dcache_page_asm and flush_icache_pag...
John David Anglin [Wed, 7 Dec 2016 03:02:01 +0000 (22:02 -0500)]
parisc: Remove unnecessary TLB purges from flush_dcache_page_asm and flush_icache_page_asm

We have four routines in pacache.S that use temporary alias pages:
copy_user_page_asm(), clear_user_page_asm(), flush_dcache_page_asm() and
flush_icache_page_asm().  copy_user_page_asm() and clear_user_page_asm()
don't purge the TLB entry used for the operation.
flush_dcache_page_asm() and flush_icache_page_asm do purge the entry.

Presumably, this was thought to optimize TLB use.  However, the
operation is quite heavy weight on PA 1.X processors as we need to take
the TLB lock and a TLB broadcast is sent to all processors.

This patch removes the purges from flush_dcache_page_asm() and
flush_icache_page_asm.

Signed-off-by: John David Anglin <dave.anglin@bell.net>
Cc: <stable@vger.kernel.org> # v3.16+
Signed-off-by: Helge Deller <deller@gmx.de>
7 years agoparisc: Purge TLB before setting PTE
John David Anglin [Wed, 7 Dec 2016 02:47:04 +0000 (21:47 -0500)]
parisc: Purge TLB before setting PTE

The attached change interchanges the order of purging the TLB and
setting the corresponding page table entry.  TLB purges are strongly
ordered.  It occurred to me one night that setting the PTE first might
have subtle ordering issues on SMP machines and cause random memory
corruption.

A TLB lock guards the insertion of user TLB entries.  So after the TLB
is purged, a new entry can't be inserted until the lock is released.
This ensures that the new PTE value is used when the lock is released.

Since making this change, no random segmentation faults have been
observed on the Debian hppa buildd servers.

Signed-off-by: John David Anglin <dave.anglin@bell.net>
Cc: <stable@vger.kernel.org> # v3.16+
Signed-off-by: Helge Deller <deller@gmx.de>
7 years agodevice-dax: fix private mapping restriction, permit read-only
Dan Williams [Wed, 7 Dec 2016 01:03:35 +0000 (17:03 -0800)]
device-dax: fix private mapping restriction, permit read-only

Hugh notes in response to commit 4cb19355ea19 "device-dax: fail all
private mapping attempts":

  "I think that is more restrictive than you intended: haven't tried, but I
  believe it rejects a PROT_READ, MAP_SHARED, O_RDONLY fd mmap, leaving no
  way to mmap /dev/dax without write permission to it."

Indeed it does restrict read-only mappings, switch to checking
VM_MAYSHARE, not VM_SHARED.

Cc: <stable@vger.kernel.org>
Cc: Dave Hansen <dave.hansen@linux.intel.com>
Cc: Pawel Lebioda <pawel.lebioda@intel.com>
Fixes: 4cb19355ea19 ("device-dax: fail all private mapping attempts")
Reported-by: Hugh Dickins <hughd@google.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
7 years agotools/testing/nvdimm: unit test acpi_nfit_ctl()
Dan Williams [Mon, 5 Dec 2016 21:43:25 +0000 (13:43 -0800)]
tools/testing/nvdimm: unit test acpi_nfit_ctl()

A recent flurry of bug discoveries in the nfit driver's DSM marshalling
routine has highlighted the fact that we do not have unit test coverage
for this routine. Add a self-test of acpi_nfit_ctl() routine before
probing the "nfit_test.0" device. This mocks stimulus to acpi_nfit_ctl()
and if any of the tests fail "nfit_test.0" will be unavailable causing
the rest of the tests to not run / fail.

This unit test will also be a place to land reproductions of quirky BIOS
behavior discovered in the field and ensure the kernel does not regress
against implementations it has seen in practice.

Signed-off-by: Dan Williams <dan.j.williams@intel.com>
7 years agoacpi, nfit: fix bus vs dimm confusion in xlat_status
Dan Williams [Tue, 6 Dec 2016 23:06:55 +0000 (15:06 -0800)]
acpi, nfit: fix bus vs dimm confusion in xlat_status

Given dimms and bus commands share the same command number space we need
to be careful that we are translating status in the correct context.
Otherwise we can, for example, fail an ND_CMD_GET_CONFIG_SIZE command
because max_xfer is zero. It fails because that condition erroneously
correlates with the 'cleared == 0' failure of ND_CMD_CLEAR_ERROR.

Cc: <stable@vger.kernel.org>
Fixes: aef253382266 ("libnvdimm, nfit: centralize command status translation")
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
7 years agoacpi, nfit: validate ars_status output buffer size
Dan Williams [Tue, 6 Dec 2016 20:45:24 +0000 (12:45 -0800)]
acpi, nfit: validate ars_status output buffer size

If an ARS Status command returns truncated output, do not process
partial records or otherwise consume non-status fields.

Cc: <stable@vger.kernel.org>
Fixes: 0caeef63e6d2 ("libnvdimm: Add a poison list and export badblocks")
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
7 years agoacpi, nfit, libnvdimm: fix / harden ars_status output length handling
Dan Williams [Tue, 6 Dec 2016 17:10:12 +0000 (09:10 -0800)]
acpi, nfit, libnvdimm: fix / harden ars_status output length handling

Given ambiguities in the ACPI 6.1 definition of the "Output (Size)"
field of the ARS (Address Range Scrub) Status command, a firmware
implementation may in practice return 0, 4, or 8 to indicate that there
is no output payload to process.

The specification states "Size of Output Buffer in bytes, including this
field.". However, 'Output Buffer' is also the name of the entire
payload, and earlier in the specification it states "Max Query ARS
Status Output Buffer Size: Maximum size of buffer (including the Status
and Extended Status fields)".

Without this fix if the BIOS happens to return 0 it causes memory
corruption as evidenced by this result from the acpi_nfit_ctl() unit
test.

 ars_status00000000: 00020000 00000000                    ........
 BUG: stack guard page was hit at ffffc90001750000 (stack is ffffc9000174c000..ffffc9000174ffff)
 kernel stack overflow (page fault): 0000 [#1] SMP DEBUG_PAGEALLOC
 task: ffff8803332d2ec0 task.stack: ffffc9000174c000
 RIP: 0010:[<ffffffff814cfe72>]  [<ffffffff814cfe72>] __memcpy+0x12/0x20
 RSP: 0018:ffffc9000174f9a8  EFLAGS: 00010246
 RAX: ffffc9000174fab8 RBX: 0000000000000000 RCX: 000000001fffff56
 RDX: 0000000000000000 RSI: ffff8803231f5a08 RDI: ffffc90001750000
 RBP: ffffc9000174fa88 R08: ffffc9000174fab0 R09: ffff8803231f54b8
 R10: 0000000000000008 R11: 0000000000000001 R12: 0000000000000000
 R13: 0000000000000000 R14: 0000000000000003 R15: ffff8803231f54a0
 FS:  00007f3a611af640(0000) GS:ffff88033ed00000(0000) knlGS:0000000000000000
 CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
 CR2: ffffc90001750000 CR3: 0000000325b20000 CR4: 00000000000406e0
 Stack:
  ffffffffa00bc60d 0000000000000008 ffffc90000000001 ffffc9000174faac
  0000000000000292 ffffffffa00c24e4 ffffffffa00c2914 0000000000000000
  0000000000000000 ffffffff00000003 ffff880331ae8ad0 0000000800000246
 Call Trace:
  [<ffffffffa00bc60d>] ? acpi_nfit_ctl+0x49d/0x750 [nfit]
  [<ffffffffa01f4fe0>] nfit_test_probe+0x670/0xb1b [nfit_test]

Cc: <stable@vger.kernel.org>
Fixes: 747ffe11b440 ("libnvdimm, tools/testing/nvdimm: fix 'ars_status' output buffer sizing")
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
7 years agoacpi, nfit: fix extended status translations for ACPI DSMs
Vishal Verma [Tue, 6 Dec 2016 00:00:37 +0000 (17:00 -0700)]
acpi, nfit: fix extended status translations for ACPI DSMs

ACPI DSMs can have an 'extended' status which can be non-zero to convey
additional information about the command. In the xlat_status routine,
where we translate the command statuses, we were returning an error for
a non-zero extended status, even if the primary status indicated success.

Return from each command's 'case' once we have verified both its status
and extend status are good.

Cc: <stable@vger.kernel.org>
Fixes: 11294d63ac91 ("nfit: fail DSMs that return non-zero status by default")
Signed-off-by: Vishal Verma <vishal.l.verma@intel.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
7 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc
Linus Torvalds [Tue, 6 Dec 2016 17:24:11 +0000 (09:24 -0800)]
Merge git://git./linux/kernel/git/davem/sparc

Pull sparc fix from David Miller:
 "A use-before-NULL-check from Dan Carpenter"

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc:
  dbri: move dereference after check for NULL

7 years agodbri: move dereference after check for NULL
Dan Carpenter [Thu, 1 Dec 2016 05:48:30 +0000 (08:48 +0300)]
dbri: move dereference after check for NULL

We accidentally introduced a dereference before the NULL check in
xmit_descs() as part of silencing a GCC warning.

Fixes: 16f46050e709 ("dbri: Fix compiler warning")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>