As pointed out by Linus and David, the earlier waitid() fix resulted in
a (currently harmless) unbalanced user_access_end() call. This fixes it
to just directly return EFAULT on access_ok() failure.
Fixes: 96ca579a1e ("waitid(): Add missing access_ok() checks")
Acked-by: David Daney <david.daney@cavium.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAABAgAGBQJZ6bO8AAoJELDendYovxMvzJgH/3QHVFMmmZnEpqpet6Om/h3Z
YuhrLTuXRL/dz6IA9u0PXOL83k3qnQKzmy4OZJL/BuT+ZGXZAJge0nLhC+sHc5CR
SrWFSee0Ut1qM1Khenfi2rn4M3F/Hc3m9lLU5KsewEflJ+MMw86RSKAPD3Xc6w0u
Kq6ejczfBvFNz1KErCO+IRc5A25ouNJZDNVwrMrJ5QXXJ2rPGFS+3TIilwu51kfQ
ux/s3frm2bNxFabkOtAZzxkYMYj9RRTDewBZocGhPmih0WWkquVbhwuxl9mf2nd0
AeFWbvMnZcq86Ra9zhtLQg1Gu7SSI/0vq7JnZtIsZw8b5YThG3V9s14fkWhJrgE=
=xWgh
-----END PGP SIGNATURE-----
Merge tag 'for-linus-4.14c-rc6-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip
Pull xen fix from Juergen Gross:
"A fix for the Xen pv network drivers (frontend and backend) avoiding
the network connection to become unusable due to an illegal MTU"
* tag 'for-linus-4.14c-rc6-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
xen-netfront, xen-netback: Use correct minimum MTU values
-----BEGIN PGP SIGNATURE-----
iQIcBAABAgAGBQJZ6Y+3AAoJEAx081l5xIa+dEIP/j5tjawx4ada7etPbAblFjmD
cs0LUFM6SgamUtgi5slJn+3jV1bXJpgcmCXI0S6Ln7xjLLvjcTnauJFidrBgT1lG
dJOrzz8zgBF2jpc0oC/a3ercum3vncqxAbUbDQ6RwDrxuhwBB3L31ix263z/+Yr8
fy655TSpxTiaokiVxws2mOfpte9yWcSeQUChrzRjNSS480O4qd/AJZl+FhiBNySw
2kAW9zbTFEV/9qfANHToAeUsCOo2VoTBXqgpvPiUKJG2gow8yT0Wf5Al4HcagZCt
9JtIbNlHxnuSYR0CCfx4r+/igWQt52O2GgmlPkaxvGjVz13n9m9RngYyyZksZWjQ
9wBJEQI4pvCUIBHpic+90b9AKTIub52bImigNzckEDvvXXEIO4SUc23s6pkOKXD8
V4ZO+pHtzV6/T9vGpntrbODcwp7/h397Zr6SKP+YjRl12Gh5/922xz3bQDnEgYF/
o/q/stEm5Jqncz4WR+wZ2a7gocPxuexv6T/hZwvT+08l/QR5DR0sUhlJ+j3QaSqk
ELqn5tNEGQiOEDLHmBnjiHZJFYAAlbOkPoVPIMuFt/xRZtDb2ZCN457OgSubmPqw
1i00XLd6ZoEVI+nBcGJbyQhqZmcTftWXXvcCixBqvK9mEYFqQoe222bytaIoiPpo
WT3Zt2E6jgoQxtX3PftU
=wFHG
-----END PGP SIGNATURE-----
Merge tag 'drm-fixes-for-v4.14-rc6' of git://people.freedesktop.org/~airlied/linux
Pull drm fixes from Dave Airlie:
"Standard fixes pull for rc6: one regression fix for amdgpu, a bunch of
nouveau fixes that I'd missed a pull req for from Ben last week, some
exynos regression fixes, and a few fixes for i915"
* tag 'drm-fixes-for-v4.14-rc6' of git://people.freedesktop.org/~airlied/linux:
drm/nouveau/fbcon: fix oops without fbdev emulation
Revert "drm/amdgpu: discard commands of killed processes"
drm/i915: Use a mask when applying WaProgramL3SqcReg1Default
drm/i915: Report -EFAULT before pwrite fast path into shmemfs
drm/i915/cnl: Fix PLL initialization for HDMI.
drm/i915/cnl: Fix PLL mapping.
drm/i915: Use bdw_ddi_translations_fdi for Broadwell
drm/i915: Fix eviction when the GGTT is idle but full
drm/i915/gvt: Fix GPU hang after reusing vGPU instance across different guest OS
drm/exynos: Clear drvdata after component unbind
drm/exynos: Fix potential NULL pointer dereference in suspend/resume paths
drm/nouveau/kms/nv50: fix oops during DP IRQ handling on non-MST boards
drm/nouveau/bsp/g92: disable by default
drm/nouveau/mmu: flush tlbs before deleting page tables
Pull i2c fixes from Wolfram Sang:
"A couple of bugfixes for I2C drivers.
Because the changes for the piix4 driver are larger than usual, the
patches have been in linux-next for more than a week with no reports
coming in. The rest is usual stuff"
* 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux:
i2c: omap: Fix error handling for clk_get()
i2c: piix4: Disable completely the IMC during SMBUS_BLOCK_DATA
i2c: piix4: Fix SMBus port selection for AMD Family 17h chips
i2c: imx: fix misleading bus recovery debug message
i2c: imx: use IRQF_SHARED mode to request IRQ
i2c: ismt: Separate I2C block read from SMBus block read
Pull key handling fixes from James Morris:
"This includes a fix for the capabilities code from Colin King, and a
set of further fixes for the keys subsystem. From David:
- Fix a bunch of places where kernel drivers may access revoked
user-type keys and don't do it correctly.
- Fix some ecryptfs bits.
- Fix big_key to require CONFIG_CRYPTO.
- Fix a couple of bugs in the asymmetric key type.
- Fix a race between updating and finding negative keys.
- Prevent add_key() from updating uninstantiated keys.
- Make loading of key flags and expiry time atomic when not holding
locks"
* 'fixes-v4.14-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
commoncap: move assignment of fs_ns to avoid null pointer dereference
pkcs7: Prevent NULL pointer dereference, since sinfo is not always set.
KEYS: load key flags and expiry time atomically in proc_keys_show()
KEYS: Load key expiry time atomically in keyring_search_iterator()
KEYS: load key flags and expiry time atomically in key_validate()
KEYS: don't let add_key() update an uninstantiated key
KEYS: Fix race between updating and finding a negative key
KEYS: checking the input id parameters before finding asymmetric key
KEYS: Fix the wrong index when checking the existence of second id
security/keys: BIG_KEY requires CONFIG_CRYPTO
ecryptfs: fix dereference of NULL user_key_payload
fscrypt: fix dereference of NULL user_key_payload
lib/digsig: fix dereference of NULL user_key_payload
FS-Cache: fix dereference of NULL user_key_payload
KEYS: encrypted: fix dereference of NULL user_key_payload
This reverts a problematic commit modifying the turbostat
utility that went in during the 4.13 cycle (Len Brown).
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAABCAAGBQJZ6Sp6AAoJEILEb/54YlRxt+4QAIZUZUiOgnm+xnTt/jO+RFqn
QhemEUf5pJFvt0HGdIOaA4VzicyAaSnA1+QoSiHJhIk8itsVCnI9COpfb0BwYvnU
B26gtT0+H+pvu2PVSVrihZZ27S5zJfIZ+3bfSqMUB/uvvIkRVD0g7OMBNPPttGVz
iF1HRWOgK4w88zy2MNyvdmqagOwAdnptMB3RCasAIh4HlOkdAeJ0qGsru0UKxKd1
mZGp2WxHE66cTNAheX/ONyK0N1X+4WiCcxuUTGa0O3YyT6Ll3FbWbxsh7GcmJ7aa
+UpOXDPKBzsZzjHUB+a8rECChbtrzEAJ1AJc2QB0ZPw2Id1Fo6rxgkMCs+YoNDiz
mBqhGAF9VcD9az9DqbMEHwkWHiOTEjgsUwKAVFEYV23nm5sTGIBVc5W/0StG8Kz7
IQeeapN9kqc2ty+lD8cCfC+NU1EVn3Ca5s85vnWnK3bmmolHEVpzdUzLc9vYrFnP
JKkNA2n3/9UvC3DRDr7ykD0wro77yA/mcjRLHmMxleLo7YEKZF1aPmsiOlgJiP5K
LTnkpnhUSIz7W/9v1Gh2pYpiwppJBgp5RXZGXGY/vTA42t0HZeZquGgNub5b0ys7
+JPrb5jlgYmg4DXXWT2htq8cjTisxJI+6uAtD7oULondtMISZCWtm0CMxgksmATA
567h1DJHd0zvO7r7mlRa
=i876
-----END PGP SIGNATURE-----
Merge tag 'pm-4.14-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
Pull power management fix from Rafael Wysocki:
"This reverts a problematic commit modifying the turbostat utility that
went in during the 4.13 cycle (Len Brown)"
* tag 'pm-4.14-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
Revert "tools/power turbostat: stop migrating, unless '-m'"
Because many of RCU's files have not been included into docbook, a
number of errors have accumulated. This commit fixes them.
Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Commit 764f80798b ("doc: Add RCU files to docbook-generation files")
added :external: options for RCU source files in the file
Documentation/core-api/kernel-api.rst. However, this now means nothing,
so this commit removes them.
Reported-by: Randy Dunlap <rdunlap@infradead.org>
Reported-by: Akira Yokosawa <akiyks@gmail.com>
Signed-off-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This introduces a "register private expedited" membarrier command which
allows eventual removal of important memory barrier constraints on the
scheduler fast-paths. It changes how the "private expedited" membarrier
command (new to 4.14) is used from user-space.
This new command allows processes to register their intent to use the
private expedited command. This affects how the expedited private
command introduced in 4.14-rc is meant to be used, and should be merged
before 4.14 final.
Processes are now required to register before using
MEMBARRIER_CMD_PRIVATE_EXPEDITED, otherwise that command returns EPERM.
This fixes a problem that arose when designing requested extensions to
sys_membarrier() to allow JITs to efficiently flush old code from
instruction caches. Several potential algorithms are much less painful
if the user register intent to use this functionality early on, for
example, before the process spawns the second thread. Registering at
this time removes the need to interrupt each and every thread in that
process at the first expedited sys_membarrier() system call.
Signed-off-by: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Pull parisc fixes from Helge Deller:
"Three small important fixes for the parisc architecture:
- Export __cmpxchg_u64() symbol on 32bit kernel too. This unbreaks
building the kernel with ixgbe kernel module. From Guenter Roeck.
- Fix 64-bit atomic cmpxchg kernel helper function for 32-bit kernel
in LWS code for userspace. This unbreaks e.g. the 64-bit variant of
the glibc function __sync_fetch_and_add() with a 32-bit parisc
kernel. From John David Anglin, tagged for backport to v3.13+.
- Detect nonsynchronous CPU-internal cr16 cycle counters more
reliable. This avoids stalled CPU warnings by the kernel soft
lockup detector. From me, tagged for backport to v4.13+"
* 'parisc-4.14-3' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux:
parisc: Fix detection of nonsynchronous cr16 cycle counters
parisc: Export __cmpxchg_u64 unconditionally
parisc: Fix double-word compare and exchange in LWS code on 32-bit kernels
We've got slightly more fixes than wished, but heading to a good
shape. Most of changes are about HD-audio fixes, one for a buggy code
that went into 4.13, and another for avoiding a crash due to buggy
BIOS.
Apart from HD-audio, a sequencer core change that is only for UP
config (which must be pretty rare nowadays), and a USB-audio quirk as
usual.
-----BEGIN PGP SIGNATURE-----
iQJCBAABCAAsFiEECxfAB4MH3rD5mfB6bDGAVD0pKaQFAlnonUQOHHRpd2FpQHN1
c2UuZGUACgkQbDGAVD0pKaSnrg//fpNJWcF2sCUMSsqxA+6iy5oVcsNEueockO/q
iUj60clC9f+GKx2f/ZxWGQTZA1ffZiD6anc77O0adDG+pXyeaRHzUgEgGm0sjeR3
TOy0izBZfI7iJBC0EwPKSohqZK/ogk0dXRosTooJ4EY2w+3RSBXhYKTFO812LpvA
z/t8Rbyw1Iurjrc/3myx3CNIgHfM07Oc1PZmlJXIHyMBLgEC+PfA/7yI4P0wp1VD
73TpRRszVKkpmqF3KaQjQ0HGTaL6Afx/JMYCSz2LQiKLi5Q9+faI/EGDRxpwh7LY
be8hwe7J6mRSEq5ffWO9o0cz8VNVbGL7C7FXvFTJT8HjnrypdtX3qgn+9sa0kiKk
Zr2gygoItkDKIz5zmgGrxTAHh15O76YJga0qQ1de1mqKEiBsEZO5jFAh4H4MXMRQ
TXWT76J015m87d2ujdMrD0OmML4UXmRcy+cZd883iDpJvGBhIROFd0J7fY96fAqd
+mD+hL847FkRGXql04wj73m7HzbZ8ZZ6juSViDy8ioKoYkFmNaIeUtlgPWPcw50j
qi8SYkg+DCXbGWGaPh+l+n685Ibz2W4VdtiPaAu4WkIrKEkxa/J020GzRgHm6+ke
CD+MGqo/S5a3MJoLZGUtYKl2FYJv51MueKHk00p+ZkyHWtC9xo+wLg4dc3Ip83ir
jWrpVSg=
=YGib
-----END PGP SIGNATURE-----
Merge tag 'sound-4.14-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound
Pull sound fixes from Takashi Iwai:
"We've got slightly more fixes than wished, but heading to a good
shape. Most of changes are about HD-audio fixes, one for a buggy code
that went into 4.13, and another for avoiding a crash due to buggy
BIOS.
Apart from HD-audio, a sequencer core change that is only for UP
config (which must be pretty rare nowadays), and a USB-audio quirk as
usual"
* tag 'sound-4.14-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
ALSA: hda - Fix incorrect TLV callback check introduced during set_fs() removal
ALSA: hda: Remove superfluous '-' added by printk conversion
ALSA: hda: Abort capability probe at invalid register read
ALSA: seq: Enable 'use' locking in all configurations
ALSA: usb-audio: Add native DSD support for Pro-Ject Pre Box S2 Digital
For CPUs which have an unknown or invalid CPU location (physical location)
assume that their cycle counters aren't syncronized across CPUs.
Signed-off-by: Helge Deller <deller@gmx.de>
Fixes: c8c3735997 ("parisc: Enhance detection of synchronous cr16 clocksources")
Cc: stable@vger.kernel.org # 4.13+
Signed-off-by: Helge Deller <deller@gmx.de>
__cmpxchg_u64 is built and used outside CONFIG_64BIT and thus needs to
be exported. This fixes the following build error seen when building
parisc:allmodconfig.
ERROR: "__cmpxchg_u64" [drivers/net/ethernet/intel/i40e/i40e.ko] undefined!
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Helge Deller <deller@gmx.de>
As discussed on the debian-hppa list, double-wordcompare and exchange
operations fail on 32-bit kernels. Looking at the code, I realized that
the ",ma" completer does the wrong thing in the "ldw,ma 4(%r26), %r29"
instruction. This increments %r26 and causes the following store to
write to the wrong location.
Note by Helge Deller:
The patch applies cleanly to stable kernel series if this upstream
commit is merged in advance:
f4125cfdb3 ("parisc: Avoid trashing sr2 and sr3 in LWS code").
Signed-off-by: John David Anglin <dave.anglin@bell.net>
Tested-by: Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
Fixes: 8920649120 ("parisc: Implement new LWS CAS supporting 64 bit operations.")
Cc: stable@vger.kernel.org # 3.13+
Signed-off-by: Helge Deller <deller@gmx.de>
Fix for stable:
- Fix DDI translation tables for BDW (Chris).
Critical fix:
- Fix GPU Hang on GVT (Changbin).
Other fixes:
- Fix eviction when GGTT is idle (Chris).
- CNL PLL fixes (Rodrigo).
- Fix pwrite into shmemfs (Chris).
- Mask bits for BXT and CHV L3 Workaround
WaProgramL3SqcReg1Default (Oscar).
* tag 'drm-intel-fixes-2017-10-18-1' of git://anongit.freedesktop.org/drm/drm-intel:
drm/i915: Use a mask when applying WaProgramL3SqcReg1Default
drm/i915: Report -EFAULT before pwrite fast path into shmemfs
drm/i915/cnl: Fix PLL initialization for HDMI.
drm/i915/cnl: Fix PLL mapping.
drm/i915: Use bdw_ddi_translations_fdi for Broadwell
drm/i915: Fix eviction when the GGTT is idle but full
drm/i915/gvt: Fix GPU hang after reusing vGPU instance across different guest OS
The pointer fs_ns is assigned from inode->i_ib->s_user_ns before
a null pointer check on inode, hence if inode is actually null we
will get a null pointer dereference on this assignment. Fix this
by only dereferencing inode after the null pointer check on
inode.
Detected by CoverityScan CID#1455328 ("Dereference before null check")
Fixes: 8db6c34f1d ("Introduce v3 namespaced file capabilities")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Cc: stable@vger.kernel.org
Acked-by: Serge Hallyn <serge@hallyn.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Single amdgpu regression fix.
* 'drm-fixes-4.14' of git://people.freedesktop.org/~agd5f/linux:
Revert "drm/amdgpu: discard commands of killed processes"
some nouveau fixes.
* 'linux-4.14' of git://github.com/skeggsb/linux:
drm/nouveau/fbcon: fix oops without fbdev emulation
drm/nouveau/kms/nv50: fix oops during DP IRQ handling on non-MST boards
drm/nouveau/bsp/g92: disable by default
drm/nouveau/mmu: flush tlbs before deleting page tables
This is similar to an earlier commit 52dfcc5ccf ("drm/nouveau: fix for
disabled fbdev emulation"), but protects all occurrences of helper.fbdev
in the source.
I see oops in nouveau_fbcon_accel_save_disable() called from
nouveau_fbcon_set_suspend_work() on Linux 3.13 when
CONFIG_DRM_FBDEV_EMULATION option is disabled.
Signed-off-by: Pavel Roskin <plroskin@gmail.com>
Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
- fix some more CONFIG_XFS_RT related build problems
- fix data loss when writeback at eof races eofblocks gc and loses
- invalidate page cache after fs finishes a dio write
- remove dirty page state when invalidating pages so releasepage does
the right thing when handed a dirty page
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABCgAGBQJZ5jqbAAoJEPh/dxk0SrTrtfMP/jcQ6lTDcpnQ7XEP2fg2dXjx
2+z8uI7Mjr5wo2qfIWHc8nZHZ+8KRak4U28rTlrXkeVbJ79x3Z+SzeipP76dGHXB
u9MD7uacTD6BDT7R8/bux7g7KrPATVJYJiT3PRHZ5ysUT6i9KnREdbaKpgOwhMcI
Ivd9ROZHx62CmZhsbfLzD+Ccy9/mGBR5OmT8nQlsuD8cEcFU5u1afaJ2/YlCjNLN
c16Q8dhGXed7tjduiYCzsxDiewJMzSfcGdyk6yCwXdR3zcI3RdhXUN5FRH0R9GB2
xxG1n5Q4qgtgODGgcPUl9WG8mfhVvEcuZGioxChQrxCEcaHt1Waop0fOixLy9J3Q
lUn4qjA5S+VBqa6XsKCSCkiZdDtncSedvMRQYef09q8DGAouwAtN/Z3BVM24oyWU
k5888Gt4EHZK6V3lz3qPMmGFxfuPL6GeyEvIYUezpVIYsmp0sLQTeNFUW+XC7fb/
tOBNom4ARHFmSb5da7uwJvesNZBVFSpFQtxkcx1OL0rhTqlKIfPP61dLznKhqUTL
2NhaFjnznYenSEK2CsP+V3CtQrCxywdqDNnOEgTgKJbWPpsYMX63z/Cmtm0A7Qdz
BAbGc+OSBLqelwsWNnNzTWPHk33SKxtIxGTe8gKbKbrzbR7mxyJxHKEwpZvWIqh+
8eTdgJb1wgJyqtBsTSHN
=UY00
-----END PGP SIGNATURE-----
Merge tag 'xfs-4.14-fixes-6' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux
Pull xfs fixes from Darrick Wong:
- fix some more CONFIG_XFS_RT related build problems
- fix data loss when writeback at eof races eofblocks gc and loses
- invalidate page cache after fs finishes a dio write
- remove dirty page state when invalidating pages so releasepage does
the right thing when handed a dirty page
* tag 'xfs-4.14-fixes-6' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux:
xfs: move two more RT specific functions into CONFIG_XFS_RT
xfs: trim writepage mapping to within eof
fs: invalidate page cache after end_io() in dio completion
xfs: cancel dirty pages on invalidation
Pull block fixes from Jens Axboe:
"Three small fixes:
- A fix for skd, it was using kfree() to free a structure allocate
with kmem_cache_alloc().
- Stable fix for nbd, fixing a regression using the normal ioctl
based tools.
- Fix for a previous fix in this series, that fixed up
inconsistencies between buffered and direct IO"
* 'for-linus' of git://git.kernel.dk/linux-block:
fs: Avoid invalidation in interrupt context in dio_complete()
nbd: don't set the device size until we're connected
skd: Use kmem_cache_free
Otherwise we are blasting other bits in GEN8_L3SQCREG1 that might be important
(although we probably aren't at the moment because 0 seems to be the default
for all the other bits).
v2: Extra parentheses (Michel)
Fixes: 050fc46 ("drm/i915:bxt: implement WaProgramL3SqcReg1DefaultForPerf")
Fixes: 450174f ("drm/i915/chv: Tune L3 SQC credits based on actual latencies")
Signed-off-by: Oscar Mateo <oscar.mateo@intel.com>
Cc: Chris Wilson <chris@chris-wilson.co.uk>
Cc: Mika Kuoppala <mika.kuoppala@linux.intel.com>
Cc: Ville Syrjälä <ville.syrjala@linux.intel.com>
Cc: Imre Deak <imre.deak@intel.com>
Reviewed-by: Michel Thierry <michel.thierry@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/1508271945-14961-1-git-send-email-oscar.mateo@intel.com
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
(cherry picked from commit 930a784d02)
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
When pwriting into shmemfs, the fast path pagecache_write does not
notice when it is writing to beyond the end of the truncated shmemfs
inode. Report -EFAULT directly when we try to use pwrite into the
!I915_MADV_WILLNEED object.
Fixes: 7c55e2c577 ("drm/i915: Use pagecache write to prepopulate shmemfs from pwrite-ioctl")
Testcase: igt/gem_madvise/dontneed-before-pwrite
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Cc: Matthew Auld <matthew.william.auld@gmail.com>
Cc: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>
Cc: Mika Kuoppala <mika.kuoppala@linux.intel.com>
Reviewed-by: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20171016202732.25459-1-chris@chris-wilson.co.uk
(cherry picked from commit a6d65e451c)
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
Here's a pull request to add a new file to the kernel's Documentation directory.
It adds a short document describing the views of how the Linux kernel community
feels about enforcing the license of the kernel.
The patch has been reviewed by a large number of kernel developers already, as
seen by their acks on the patch, and their agreement of the statement with
their names on it. The location of the file was also agreed upon by the
Documentation maintainer, so all should be good there.
For some background information about this statement, see this article
written by some of the kernel developers involved in drafting it:
http://kroah.com/log/blog/2017/10/16/linux-kernel-community-enforcement-statement/
and this article that answers a number of questions that came up in the
discussion of this statement with the kernel developer community:
http://kroah.com/log/blog/2017/10/16/linux-kernel-community-enforcement-statement-faq/
If anyone has any further questions about it, please let me, and the TAB
members, know and we will be glad to help answer them.
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-----BEGIN PGP SIGNATURE-----
iG0EABECAC0WIQT0tgzFv3jCIUoxPcsxR9QN2y37KQUCWeR6Sw8cZ3JlZ0Brcm9h
aC5jb20ACgkQMUfUDdst+ykG3ACeN9zl6v505gikqm84ZkfBaxuxDVYAni1dqsY7
DCsTizcpTneOYeK/Sh+1
=lbTy
-----END PGP SIGNATURE-----
Merge tag 'enforcement-4.14-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core
Pull enforcement policy update from Greg KH:
"Documentation: Add a file explaining the requested Linux kernel
license enforcement policy
Here's a new file to the kernel's Documentation directory. It adds a
short document describing the views of how the Linux kernel community
feels about enforcing the license of the kernel.
The patch has been reviewed by a large number of kernel developers
already, as seen by their acks on the patch, and their agreement of
the statement with their names on it. The location of the file was
also agreed upon by the Documentation maintainer, so all should be
good there.
For some background information about this statement, see this article
written by some of the kernel developers involved in drafting it:
http://kroah.com/log/blog/2017/10/16/linux-kernel-community-enforcement-statement/
and this article that answers a number of questions that came up in
the discussion of this statement with the kernel developer community:
http://kroah.com/log/blog/2017/10/16/linux-kernel-community-enforcement-statement-faq/
If anyone has any further questions about it, please let me, and the
TAB members, know and we will be glad to help answer them"
* tag 'enforcement-4.14-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core:
Documentation: Add a file explaining the Linux kernel license enforcement policy
Pull s390 fixes from Martin Schwidefsky:
"Two bug fixes:
- A fix for cputime accounting vs CPU hotplug
- Add two options to zfcpdump_defconfig to make SCSI dump work again"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
s390: fix zfcpdump-config
s390/cputime: fix guest/irq/softirq times after CPU hotplug
# modprobe trace-events-sample
# echo 1 > /sys/kernel/debug/tracing/events/sample-trace/enable
# rmmod trace-events-sample
This would cause an oops. The issue is that I added another trace
event sample that reused a reg function of another trace event to
create a thread to call the tracepoints. The problem was that the
reg function couldn't handle nested calls (reg; reg; unreg; unreg;)
and created two threads (instead of one) and only removed one
on exit.
This isn't a critical bug as the bug is only in sample code. But sample
code should be free of known bugs to prevent others from copying
it. This is why this is also marked for stable.
-----BEGIN PGP SIGNATURE-----
iQHIBAABCgAyFiEEPm6V/WuN2kyArTUe1a05Y9njSUkFAlnmcA0UHHJvc3RlZHRA
Z29vZG1pcy5vcmcACgkQ1a05Y9njSUkvqAwAhY/W7OF2JG/TV2cHNmHZqTEgQOFz
59EXWI7EsnQzcKTm14rWuR477iK+Q6r2YEzpGajHhBcOy8KjpzYM2+Oj3qzn6ovc
dyMEwr2wsaVb52B0h2X9J7fsfzZtL0KIIb6Y/wSz/H28BTHMi0xJUJLDkH4W9jrB
g/3vbKHLpbr4hg8msMPoLSExe4seZeHeB+6VQ+G3VHuIIPlCZOSCnXH05pd8AqC6
Y9cJzKqlivNPJFWUDnref0yE1aK/KuRsC+DpceJmP/K1+uiYhFMKCwlpWz/kI2eQ
z02pYugUqck007NWCSdr1xTYWJQBEx4Ke19XKFhtXs2o5a/fgnVZoLYXUagV/QiT
VoNDHnuqqnTESySMK38dQvekdj5lPU80ycy+Dsgp9RSCW804MBvaXswoMT1095OV
zxyMAIsbSof2zgUqjUQKEFU75usjxpd1ifl6CoXlfH8hmKEvvdZmqvEypUKakyxh
0D9+DcGTyOAg9MLEpMdyaW7+F0CVLqwVToBM
=xSts
-----END PGP SIGNATURE-----
Merge tag 'trace-v4.14-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace
Pull tracing fix from Steven Rostedt:
"Testing a new trace event format, I triggered a bug by doing:
# modprobe trace-events-sample
# echo 1 > /sys/kernel/debug/tracing/events/sample-trace/enable
# rmmod trace-events-sample
This would cause an oops. The issue is that I added another trace
event sample that reused a reg function of another trace event to
create a thread to call the tracepoints. The problem was that the reg
function couldn't handle nested calls (reg; reg; unreg; unreg;) and
created two threads (instead of one) and only removed one on exit.
This isn't a critical bug as the bug is only in sample code. But
sample code should be free of known bugs to prevent others from
copying it. This is why this is also marked for stable"
* tag 'trace-v4.14-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
tracing/samples: Fix creation and deletion of simple_thread_fn creation
The commit 99b5c5bb9a ("ALSA: hda - Remove the use of set_fs()")
converted the get_kctl_0dB_offset() call for killing set_fs() usage in
HD-audio codec code. The conversion assumed that the TLV callback
used in HD-audio code is only snd_hda_mixer_amp() and applies the TLV
calculation locally.
Although this assumption is correct, and all slave kctls are actually
with that callback, the current code is still utterly buggy; it
doesn't hit this condition and falls back to the next check. It's
because the function gets called after adding slave kctls to vmaster.
By assigning a slave kctl, the slave kctl object is faked inside
vmaster code, and the whole kctl ops are overridden. Thus the
callback op points to a different value from what we've assumed.
More badly, as reported by the KERNEXEC and UDEREF features of PaX,
the code flow turns into the unexpected pitfall. The next fallback
check is SNDRV_CTL_ELEM_ACCESS_TLV_READ access bit, and this always
hits for each kctl with TLV. Then it evaluates the callback function
pointer wrongly as if it were a TLV array. Although currently its
side-effect is fairly limited, this incorrect reference may lead to an
unpleasant result.
For addressing the regression, this patch introduces a new helper to
vmaster code, snd_ctl_apply_vmaster_slaves(). This works similarly
like the existing map_slaves() in hda_codec.c: it loops over the slave
list of the given master, and applies the given function to each
slave. Then the initializer function receives the right kctl object
and we can compare the correct pointer instead of the faked one.
Also, for catching the similar breakage in future, give an error
message when the unexpected TLV callback is found and bail out
immediately.
Fixes: 99b5c5bb9a ("ALSA: hda - Remove the use of set_fs()")
Reported-by: PaX Team <pageexec@freemail.hu>
Cc: <stable@vger.kernel.org> # v4.13
Signed-off-by: Takashi Iwai <tiwai@suse.de>
While converting the error messages to the standard macros in the
commit 4e76a8833f ("ALSA: hda - Replace with standard printk"), a
superfluous '-' slipped in the code mistakenly. Its influence is
almost negligible, merely shows a dB value as negative integer instead
of positive integer (or vice versa) in the rare error message.
So let's kill this embarrassing byte to show more correct value.
Fixes: 4e76a8833f ("ALSA: hda - Replace with standard printk")
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
The loop in snd_hdac_bus_parse_capabilities() may go to nirvana when
it hits an invalid register value read:
BUG: unable to handle kernel paging request at ffffad5dc41f3fff
IP: pci_azx_readl+0x5/0x10 [snd_hda_intel]
Call Trace:
snd_hdac_bus_parse_capabilities+0x3c/0x1f0 [snd_hda_core]
azx_probe_continue+0x7d5/0x940 [snd_hda_intel]
.....
This happened on a new Intel machine, and we need to check the value
and abort the loop accordingly.
[Note: the fixes tag below indicates only the commit where this patch
can be applied; the original problem was introduced even before that
commit]
Fixes: 6720b38420 ("ALSA: hda - move bus_parse_capabilities to core")
Cc: <stable@vger.kernel.org>
Acked-by: Vinod Koul <vinod.koul@intel.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
The ASN.1 parser does not necessarily set the sinfo field,
this patch prevents a NULL pointer dereference on broken
input.
Fixes: 99db443506 ("PKCS#7: Appropriately restrict authenticated attributes and content type")
Signed-off-by: Eric Sesterhenn <eric.sesterhenn@x41-dsec.de>
Signed-off-by: David Howells <dhowells@redhat.com>
cc: stable@vger.kernel.org # 4.3+
In proc_keys_show(), the key semaphore is not held, so the key ->flags
and ->expiry can be changed concurrently. We therefore should read them
atomically just once.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Similar to the case for key_validate(), we should load the key ->expiry
once atomically in keyring_search_iterator(), since it can be changed
concurrently with the flags whenever the key semaphore isn't held.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
In key_validate(), load the flags and expiry time once atomically, since
these can change concurrently if key_validate() is called without the
key semaphore held. And we don't want to get inconsistent results if a
variable is referenced multiple times. For example, key->expiry was
referenced in both 'if (key->expiry)' and in 'if (now.tv_sec >=
key->expiry)', making it theoretically possible to see a spurious
EKEYEXPIRED while the expiration time was being removed, i.e. set to 0.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Currently, when passed a key that already exists, add_key() will call the
key's ->update() method if such exists. But this is heavily broken in the
case where the key is uninstantiated because it doesn't call
__key_instantiate_and_link(). Consequently, it doesn't do most of the
things that are supposed to happen when the key is instantiated, such as
setting the instantiation state, clearing KEY_FLAG_USER_CONSTRUCT and
awakening tasks waiting on it, and incrementing key->user->nikeys.
It also never takes key_construction_mutex, which means that
->instantiate() can run concurrently with ->update() on the same key. In
the case of the "user" and "logon" key types this causes a memory leak, at
best. Maybe even worse, the ->update() methods of the "encrypted" and
"trusted" key types actually just dereference a NULL pointer when passed an
uninstantiated key.
Change key_create_or_update() to wait interruptibly for the key to finish
construction before continuing.
This patch only affects *uninstantiated* keys. For now we still allow a
negatively instantiated key to be updated (thereby positively
instantiating it), although that's broken too (the next patch fixes it)
and I'm not sure that anyone actually uses that functionality either.
Here is a simple reproducer for the bug using the "encrypted" key type
(requires CONFIG_ENCRYPTED_KEYS=y), though as noted above the bug
pertained to more than just the "encrypted" key type:
#include <stdlib.h>
#include <unistd.h>
#include <keyutils.h>
int main(void)
{
int ringid = keyctl_join_session_keyring(NULL);
if (fork()) {
for (;;) {
const char payload[] = "update user:foo 32";
usleep(rand() % 10000);
add_key("encrypted", "desc", payload, sizeof(payload), ringid);
keyctl_clear(ringid);
}
} else {
for (;;)
request_key("encrypted", "desc", "callout_info", ringid);
}
}
It causes:
BUG: unable to handle kernel NULL pointer dereference at 0000000000000018
IP: encrypted_update+0xb0/0x170
PGD 7a178067 P4D 7a178067 PUD 77269067 PMD 0
PREEMPT SMP
CPU: 0 PID: 340 Comm: reproduce Tainted: G D 4.14.0-rc1-00025-g428490e38b2e #796
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
task: ffff8a467a39a340 task.stack: ffffb15c40770000
RIP: 0010:encrypted_update+0xb0/0x170
RSP: 0018:ffffb15c40773de8 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffff8a467a275b00 RCX: 0000000000000000
RDX: 0000000000000005 RSI: ffff8a467a275b14 RDI: ffffffffb742f303
RBP: ffffb15c40773e20 R08: 0000000000000000 R09: ffff8a467a275b17
R10: 0000000000000020 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: ffff8a4677057180 R15: ffff8a467a275b0f
FS: 00007f5d7fb08700(0000) GS:ffff8a467f200000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000018 CR3: 0000000077262005 CR4: 00000000001606f0
Call Trace:
key_create_or_update+0x2bc/0x460
SyS_add_key+0x10c/0x1d0
entry_SYSCALL_64_fastpath+0x1f/0xbe
RIP: 0033:0x7f5d7f211259
RSP: 002b:00007ffed03904c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000f8
RAX: ffffffffffffffda RBX: 000000003b2a7955 RCX: 00007f5d7f211259
RDX: 00000000004009e4 RSI: 00000000004009ff RDI: 0000000000400a04
RBP: 0000000068db8bad R08: 000000003b2a7955 R09: 0000000000000004
R10: 000000000000001a R11: 0000000000000246 R12: 0000000000400868
R13: 00007ffed03905d0 R14: 0000000000000000 R15: 0000000000000000
Code: 77 28 e8 64 34 1f 00 45 31 c0 31 c9 48 8d 55 c8 48 89 df 48 8d 75 d0 e8 ff f9 ff ff 85 c0 41 89 c4 0f 88 84 00 00 00 4c 8b 7d c8 <49> 8b 75 18 4c 89 ff e8 24 f8 ff ff 85 c0 41 89 c4 78 6d 49 8b
RIP: encrypted_update+0xb0/0x170 RSP: ffffb15c40773de8
CR2: 0000000000000018
Cc: <stable@vger.kernel.org> # v2.6.12+
Reported-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Eric Biggers <ebiggers@google.com>
Consolidate KEY_FLAG_INSTANTIATED, KEY_FLAG_NEGATIVE and the rejection
error into one field such that:
(1) The instantiation state can be modified/read atomically.
(2) The error can be accessed atomically with the state.
(3) The error isn't stored unioned with the payload pointers.
This deals with the problem that the state is spread over three different
objects (two bits and a separate variable) and reading or updating them
atomically isn't practical, given that not only can uninstantiated keys
change into instantiated or rejected keys, but rejected keys can also turn
into instantiated keys - and someone accessing the key might not be using
any locking.
The main side effect of this problem is that what was held in the payload
may change, depending on the state. For instance, you might observe the
key to be in the rejected state. You then read the cached error, but if
the key semaphore wasn't locked, the key might've become instantiated
between the two reads - and you might now have something in hand that isn't
actually an error code.
The state is now KEY_IS_UNINSTANTIATED, KEY_IS_POSITIVE or a negative error
code if the key is negatively instantiated. The key_is_instantiated()
function is replaced with key_is_positive() to avoid confusion as negative
keys are also 'instantiated'.
Additionally, barriering is included:
(1) Order payload-set before state-set during instantiation.
(2) Order state-read before payload-read when using the key.
Further separate barriering is necessary if RCU is being used to access the
payload content after reading the payload pointers.
Fixes: 146aa8b145 ("KEYS: Merge the type-specific data with the payload data")
Cc: stable@vger.kernel.org # v4.4+
Reported-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Eric Biggers <ebiggers@google.com>
For finding asymmetric key, the input id_0 and id_1 parameters can
not be NULL at the same time. This patch adds the BUG_ON checking
for id_0 and id_1.
Cc: David Howells <dhowells@redhat.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: "David S. Miller" <davem@davemloft.net>
Signed-off-by: Chun-Yi Lee <jlee@suse.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Fix the wrong index number when checking the existence of second
id in function of finding asymmetric key. The id_1 is the second
id that the index in array must be 1 but not 0.
Fixes: 9eb029893a (KEYS: Generalise x509_request_asymmetric_key())
Cc: David Howells <dhowells@redhat.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: "David S. Miller" <davem@davemloft.net>
Signed-off-by: Chun-Yi Lee <jlee@suse.com>
Signed-off-by: David Howells <dhowells@redhat.com>
The recent rework introduced a possible randconfig build failure
when CONFIG_CRYPTO configured to only allow modules:
security/keys/big_key.o: In function `big_key_crypt':
big_key.c:(.text+0x29f): undefined reference to `crypto_aead_setkey'
security/keys/big_key.o: In function `big_key_init':
big_key.c:(.init.text+0x1a): undefined reference to `crypto_alloc_aead'
big_key.c:(.init.text+0x45): undefined reference to `crypto_aead_setauthsize'
big_key.c:(.init.text+0x77): undefined reference to `crypto_destroy_tfm'
crypto/gcm.o: In function `gcm_hash_crypt_remain_continue':
gcm.c:(.text+0x167): undefined reference to `crypto_ahash_finup'
crypto/gcm.o: In function `crypto_gcm_exit_tfm':
gcm.c:(.text+0x847): undefined reference to `crypto_destroy_tfm'
When we 'select CRYPTO' like the other users, we always get a
configuration that builds.
Fixes: 428490e38b ("security/keys: rewrite all of big_key crypto")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: David Howells <dhowells@redhat.com>
The 'use' locking macros are no-ops if neither SMP or SND_DEBUG is
enabled. This might once have been OK in non-preemptible
configurations, but even in that case snd_seq_read() may sleep while
relying on a 'use' lock. So always use the proper implementations.
Cc: stable@vger.kernel.org
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
This reverts commit c91fc8519d.
That change caused a C6 and PC6 residency regression on large idle systems.
Users also complained about new output indicating jitter:
turbostat: cpu6 jitter 3794 9142
Signed-off-by: Len Brown <len.brown@intel.com>
Cc: 4.13+ <stable@vger.kernel.org> # v4.13+
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Otherwise we can get the following if the fck alias is missing:
Unable to handle kernel paging request at virtual address fffffffe
...
PC is at clk_get_rate+0x8/0x10
LR is at omap_i2c_probe+0x278/0x6ec
...
[<c056eb08>] (clk_get_rate) from [<c06f4f08>] (omap_i2c_probe+0x278/0x6ec)
[<c06f4f08>] (omap_i2c_probe) from [<c0610944>] (platform_drv_probe+0x50/0xb0)
[<c0610944>] (platform_drv_probe) from [<c060e900>] (driver_probe_device+0x264/0x2ec)
[<c060e900>] (driver_probe_device) from [<c060cda0>] (bus_for_each_drv+0x70/0xb8)
[<c060cda0>] (bus_for_each_drv) from [<c060e5b0>] (__device_attach+0xcc/0x13c)
[<c060e5b0>] (__device_attach) from [<c060db10>] (bus_probe_device+0x88/0x90)
[<c060db10>] (bus_probe_device) from [<c060df68>] (deferred_probe_work_func+0x4c/0x14c)
Signed-off-by: Tony Lindgren <tony@atomide.com>
Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
Four mostly error leg fixes and one more important regression in a
prior commit (the qla2xxx one).
Signed-off-by: James E.J. Bottomley <jejb@linux.vnet.ibm.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAABAgAGBQJZ5h/9AAoJEAVr7HOZEZN4moMQAKnW6fLBZ8gb5BiZa5+zFFwf
OEYP70It4EW1+tINcL1mTYzXTP03sS08iKdDg8MsRSltShwpc7Hxch731wV1wIod
VPvRt/0RIODaMPBEHBlYTBZUsXOZ494sVCzhH8oE5uB3yEZEBctd2klIMgBXFvIH
GxQR9PMbY4cm9Ve9jsLsNLP/EFRNMrXOUG5Z9bCU+bOhiR67ic3lLfONqPZZKWHo
WuZSdOW3wHozVTa4VNFTvHRE3xYXwG7QnTP5rbmFtV7Q026lwz5R2TLsuxbEhZZk
jbxVpA/Hqu0apsaUFzxu4FS6E4jkUpRdv0wweotW5OQMxZaARLr8C9xvYim+mSAU
JkA+ce+1GiUUFz7E+Empqzi2R8GjBu1y/OBbD5R5QKPR/2caRSUbMqmnppAgweXK
nQlxtrbOvdgSeEHffB08VeQhKod9xEc/eE++yGTg2N+JhSratKs3Rx8VVj9dOMgP
S4UmWTr/Vy5NJCLrkQ2GWM6fiXFjQnpymzzzGZKvRXSWqVuJHEG8PY4Bbj2Q2UfD
9xwIUAFu/uAQZ0Thy6KrMGs266V66P7fpKL40P2FCQtrAFQcqd1D50Ubv4qs3uyw
jc0/mW4VIgggu78SR20XJp/MCiStzEYko8NhXZ6FadOzz3nprSrUtwx2fEqrDmFF
0iK0LBUJl4NjhVUPv2gn
=3PVx
-----END PGP SIGNATURE-----
Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
Pull SCSI fixes from James Bottomley:
"Four mostly error leg fixes and one more important regression in a
prior commit (the qla2xxx one)"
* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
scsi: fc: check for rport presence in fc_block_scsi_eh
scsi: qla2xxx: Fix uninitialized work element
scsi: libiscsi: fix shifting of DID_REQUEUE host byte
scsi: libfc: fix a deadlock in fc_rport_work
scsi: fixup kernel warning during rmmod()
Commit 7496946a8 ("tracing: Add samples of DECLARE_EVENT_CLASS() and
DEFINE_EVENT()") added template examples for all the events. It created a
DEFINE_EVENT_FN() example which reused the foo_bar_reg and foo_bar_unreg
functions.
Enabling both the TRACE_EVENT_FN() and DEFINE_EVENT_FN() example trace
events caused the foo_bar_reg to be called twice, creating the test thread
twice. The foo_bar_unreg would remove it only once, even if it was called
multiple times, leaving a thread existing when the module is unloaded,
causing an oops.
Add a ref count and allow foo_bar_reg() and foo_bar_unreg() be called by
multiple trace events.
Cc: stable@vger.kernel.org
Fixes: 7496946a8 ("tracing: Add samples of DECLARE_EVENT_CLASS() and DEFINE_EVENT()")
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
Currently we try to defer completion of async DIO to the process context
in case there are any mapped pages associated with the inode so that we
can invalidate the pages when the IO completes. However the check is racy
and the pages can be mapped afterwards. If this happens we might end up
calling invalidate_inode_pages2_range() in dio_complete() in interrupt
context which could sleep. This can be reproduced by generic/451.
Fix this by passing the information whether we can or can't invalidate
to the dio_complete(). Thanks Eryu Guan for reporting this and Jan Kara
for suggesting a fix.
Fixes: 332391a993 ("fs: Fix page cache inconsistency when mixing buffered and AIO DIO")
Reported-by: Eryu Guan <eguan@redhat.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Tested-by: Eryu Guan <eguan@redhat.com>
Signed-off-by: Lukas Czerner <lczerner@redhat.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
-----BEGIN PGP SIGNATURE-----
iQIcBAABAgAGBQJZ5RRxAAoJEAhfPr2O5OEVa2oQAJ7TeRcV/a76xSPb3hN/T6VL
EPpKZYaP2BjvmqDy9p3GbN0/Jp+ltDD7HhzQQHUDMMjkouyhtLRONBmi21YcNOvH
wGW2qTYqMis5KBDFPZ6sHEGLpZBS6c8Gsz+X6pGh6OGIQVsyEGSaaE8m6zCGj4qz
pfNq15Zax/JU1zhTFs/iO9IzG9aW2Q++p3Tgs5OdPIOua3hwontTbKODzhFgUDip
yjvYtD3rF1ftftxq3kPunrywsv1BvHnX2E1TVKAZoFDpd0Eo2Nud922EBRLTxAO3
w1xdI9fLMi1BnJYx1VdQ0onDi8muVGXcIrXVvh6eA4NPsGY2AFXluUSm7zBCpxXY
jDGTyIa+pLxr9y03zP5Nx9IHcMFApz1LzDpKaBWKCKEu3EB/9jGtY7Vrc0cHdeDa
on93vVMHu+80Uxw4txHBJuYhXNPakz0n99zhZbbcdpHLyTM7aINXNa37IAp7tNeu
5nCSJ2FWrNgFRC+3avvbGSfJBA12QJgyEvuEHW0bTttSDVxh14XzGz+C1lx960qc
EbIQzPJxtwLSZ4y7OfDGBPWTrql5C0SQo9Z+K6S8reJsoILTCYZRXQaB1u+D+ff/
zfLCYTbRwabUre9C/jeT+XrT+KJyZ+huGMs2HMslGauRbWuUwgCv86WuVkp7httz
HtzQSKK6s5iWh2H9T2x0
=VOJs
-----END PGP SIGNATURE-----
Merge tag 'media/v4.14-2' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media
Pull media fixes from Mauro Carvalho Chehab:
"Core fixes:
- cec: Respond to unregistered initiators, when applicable
- dvb_frontend: only use kref after initialized
Driver-specific fixes:
- qcom, camss: Make function vfe_set_selection static
- qcom: VIDEO_QCOM_CAMSS should depend on HAS_DMA
- s5p-cec: add NACK detection support
- media: staging/imx: Fix uninitialized variable warning
- dib3000mc: i2c transfers over usb cannot be done from stack
- venus: init registered list on streamoff"
* tag 'media/v4.14-2' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media:
media: dvb_frontend: only use kref after initialized
media: platform: VIDEO_QCOM_CAMSS should depend on HAS_DMA
media: cec: Respond to unregistered initiators, when applicable
media: s5p-cec: add NACK detection support
media: staging/imx: Fix uninitialized variable warning
media: qcom: camss: Make function vfe_set_selection static
media: venus: init registered list on streamoff
media: dvb: i2c transfers over usb cannot be done from stack
by cleanning up drvdata at unbind.
- Fix potential NULL pointer dereference issue in suspend/resume
by setting drm_dev after checking if drm_dev is null or not.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJZ4+dwAAoJEFc4NIkMQxK4GigP/1Cy6ih8F7sKBQrPYGqkJ8zY
BX2ldNCw7mAH2YEpJGeworgM41Xl9dHnb2+WArW95aMq+9/Dn+UeO05LrOFtjsTT
B/ayrSb2u5ct3S18s7JpzZtcdpj7N4cRRp4Bi5+MJObLJvESKZmyqilv94lnBlsA
RnCcVhjidiNHGLKBIAPGj7dVGy7rqVzUI01gxXAFspp1p87GOoglEilHxIJxuu39
675u9UF/FgPD26hY3url1itd1nkffSAiPkQdbL090fMPfMzc1TzwDd6+ZqkYi/7B
wmuELIAA+Mt3/b460cXM1Q2EpmECiUfqmAEIBW43Kqz7RxKxL87wXcRxtsRy5C6J
1qZjK3v+HiWDmlyN65UeUhT/0M2L3WWMqQR9Vip9VDmM1GLi7HU7yzfGV8ceHzCf
3O+OhurLbIRMtWTM6ixZrGnmV2djvMgOJC96ttmrFEbVSPmOo1yCmGIkWSShk4as
eGDnzRFWRKNlTAMY/xucuP6ru+Z8GeDC4n9zYykVObRvf7OuMbnEJgq8XXYkHUB7
LyzmQAxall80ebf/nipTP2lAvpiNbXUruXgS+2BdidjC6sv2gBXDJXLQwEITtNxi
cbHTZWJT7k3ateKlwSBACPhn4rxudpFPHluxqH5MbXkdf5yhiZYs8jBXnm12BLPi
aRz7e72/448taJTYoqDI
=POct
-----END PGP SIGNATURE-----
Merge tag 'exynos-drm-fixes-for-v4.14-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/daeinki/drm-exynos into drm-fixes
- Fix potential use-after-free issue in suspend/resume
by cleanning up drvdata at unbind.
- Fix potential NULL pointer dereference issue in suspend/resume
by setting drm_dev after checking if drm_dev is null or not.
* tag 'exynos-drm-fixes-for-v4.14-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/daeinki/drm-exynos:
drm/exynos: Clear drvdata after component unbind
drm/exynos: Fix potential NULL pointer dereference in suspend/resume paths
HDMI Mode selection on CNL is on CFGCR0 for that PLL, not
on in a global CTRL1 as it was on SKL.
The original patch addressed this difference, but leaving behind
this single entry here. So we were checking the wrong bits during
the PLL initialization and consequently avoiding the CFGCR1 setup
during HDMI initialization. Luckly when only HDMI was in use BIOS
had already setup this for us. But the dual display with hot plug
were messed up.
Fixes: a927c927de ("drm/i915/cnl: Initialize PLLs")
Cc: Paulo Zanoni <paulo.r.zanoni@intel.com>
Cc: Manasi Navare <manasi.d.navare@intel.com>
Cc: Kahola, Mika <mika.kahola@intel.com>
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
Reviewed-by: James Ausmus <james.ausmus@intel.com>
Reviewed-by: Manasi Navare <manasi.d.navare@intel.com>
Link: https://patchwork.freedesktop.org/patch/msgid/20171003220859.21352-3-rodrigo.vivi@intel.com
(cherry picked from commit 614ee07acf)
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
