Merge fixes from Andrew Morton:
"9 fixes"
* emailed patches from Andrew Morton <akpm@linux-foundation.org>:
ocfs2/dlm: unlock lockres spinlock before dlm_lockres_put
fault-inject: fix inverted interval/probability values in printk
lib/Kconfig.debug: disable -Wframe-larger-than warnings with KASAN=y
mm: make sendfile(2) killable
thp: use is_zero_pfn() only after pte_present() check
mailmap: update Javier Martinez Canillas' email
MAINTAINERS: add Sergey as zsmalloc reviewer
mm: cma: fix incorrect type conversion for size during dma allocation
kmod: don't run async usermode helper as a child of kworker thread
We can't rely on PPPOX_ZOMBIE to decide whether to clear po->pppoe_dev.
PPPOX_ZOMBIE can be set by pppoe_disc_rcv() even when po->pppoe_dev is
NULL. So we have no guarantee that (sk->sk_state & PPPOX_ZOMBIE) implies
(po->pppoe_dev != NULL).
Since we're releasing a PPPoE socket, we want to release the pppoe_dev
if it exists and reset sk_state to PPPOX_DEAD, no matter the previous
value of sk_state. So we can just check for po->pppoe_dev and avoid any
assumption on sk->sk_state.
Fixes: 2b018d57ff ("pppoe: drop PPPOX_ZOMBIEs in pppoe_release")
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
Signed-off-by: David S. Miller <davem@davemloft.net>
The code currently uses the lightweight dma_wmb barrier before updating
the current descriptor count. Under heavy load, the Tx cleanup routine
was seeing the updated current descriptor count before the updated
descriptor information. As a result, the Tx descriptor was being cleaned
up before it was used because it was not "owned" by the hardware yet,
resulting in a Tx queue hang.
Using the wmb barrier insures that the descriptor is updated before the
descriptor counter preventing the Tx queue hang. For extra insurance,
the Tx cleanup routine is changed to grab the current decriptor count on
entry and uses that initial value in the processing loop rather than
trying to chase the current value.
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Tested-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Very rarely, the KSZ9031 will appear to complete autonegotiation, but
will drop all traffic afterwards. When this happens, the idle error
count will read 0xFF after autonegotiation completes. Reset the PHY
when in that state.
Signed-off-by: Nathan Sullivan <nathan.sullivan@ni.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
- Revert "Use the POWER8 Micro Partition Prefetch Engine in KVM HV on POWER8" from Paul
- Handle irq_happened flag correctly in off-line loop from Paul
- Validate rtas.entry before calling enter_rtas() from Vasant
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJWKakXAAoJEFHr6jzI4aWAqwsP/22a8aq7SPuPaCK/c7u84aHg
UkzYNdrC+osDvnrydqyJsmIojVLX+AsJ7TCbBZFaJ6oOuew9bVzmZ5mfNvOVn86H
dCH2GMr4NbWbkO3SaFi6ZTUVGl7JyjEhf3uCtKGssa2+Do8FubK6Y88L1rhzFFdz
l1Dx3Jp8CpGKcByQfwYyaNZhC/GEZ06pY36d362mLnyctxcQRYr5l+8boDH81nyE
f89RE7baNPYOL0YOhZAh3ZilBrZ8DIAaesMXU8LUKFbLTBgWfVPkDy3l5a2m47oP
V/Yi+oEQBkL/3Itth57iGWpl8vVkzF2MTu8Aep3BzHJXqXCliTzVVdXETW6NCdut
Nss0xtnNdM18+0mhG3LzzdoZGi/Zb0SYz8j+nY5vE2nf7FDVFkAZzKHeW822zNaV
A1PLJa+ei4jVhKtTp4wETjpUi+kw+ikM+rR1L1/+IKHbriLsRrj7Zw3xo6Em1KVq
cI2g7DZLSzptIprxbEv9rNhb1VlBot4jc4mmGhmyMlwKDkpCxRkYVv+Ilfi6jCSc
6llKTZfKqEV+0sXO6QISv8wfiye84jVTKOlkpQLvpugz9rBTpq8apmInVh4AHF2b
wDRgs/iyOSZuz+UiPEHHXbW7ZfF2F7lqxxtQgJefiWLDsvBbsfnVTyDJsKibvWzb
lxorlKx/tH/q4pNBjmoB
=K7eA
-----END PGP SIGNATURE-----
Merge tag 'powerpc-4.3-5' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux
Pull powerpc fixes from Michael Ellerman:
- Revert "Use the POWER8 Micro Partition Prefetch Engine in KVM HV on
POWER8" from Paul
- Handle irq_happened flag correctly in off-line loop from Paul
- Validate rtas.entry before calling enter_rtas() from Vasant
* tag 'powerpc-4.3-5' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
powerpc/rtas: Validate rtas.entry before calling enter_rtas()
powerpc/powernv: Handle irq_happened flag correctly in off-line loop
powerpc: Revert "Use the POWER8 Micro Partition Prefetch Engine in KVM HV on POWER8"
Hannes Frederic Sowa says:
====================
overflow-arith: begin to add support for overflow builtins functions
I add a new header, linux/overflow-arith.h, as the central place to add
overflow and wrap-around checking functions. The reason I am doing so
is that it can make use of compiler supported builtin functions which
can leverage hardware.
As I need this for a fix in the ipv6 stack, which is also included in
this series, I propose to add it sooner than later over Davem's net
tree. This is also the reason why I start slowly with only the one
function I need at this time.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Raw sockets with hdrincl enabled can insert ipv6 extension headers
right into the data stream. In case we need to fragment those packets,
we reparse the options header to find the place where we can insert
the fragment header. If the extension headers exceed the link's MTU we
actually cannot make progress in such a case.
Instead of ending up in broken arithmetic or rounding towards 0 and
entering an endless loop in ip6_fragment, just prevent those cases by
aborting early and signal -EMSGSIZE to user space.
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
The idea of the overflow-arith.h header is to collect overflow checking
functions in one central place.
If gcc compiler supports the __builtin_overflow_* builtins we use them
because they might give better performance, otherwise the code falls
back to normal overflow checking functions.
The builtin_overflow functions are supported by gcc-5 and clang. The
matter of supporting clang is to just provide a corresponding
CC_HAVE_BUILTIN_OVERFLOW, because the specific overflow checking builtins
don't differ between gcc and clang.
I just provide overflow_usub function here as I intend this to get merged
into net, more functions will definitely follow as they are needed.
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
If alpha is strictly reduced by alpha >> dctcp_shift_g and if alpha is less
than 1 << dctcp_shift_g, then alpha may never reach zero. For example,
given shift_g=4 and alpha=15, alpha >> dctcp_shift_g yields 0 and alpha
remains 15. The effect isn't noticeable in this case below cwnd=137, but
could gradually drive uncongested flows with leftover alpha down to
cwnd=137. A larger dctcp_shift_g would have a greater effect.
This change causes alpha=15 to drop to 0 instead of being decrementing by 1
as it would when alpha=16. However, it requires one less conditional to
implement since it doesn't have to guard against subtracting 1 from 0U. A
decay of 15 is not unreasonable since an equal or greater amount occurs at
alpha >= 240.
Signed-off-by: Andrew G. Shewmaker <agshew@gmail.com>
Acked-by: Florian Westphal <fw@strlen.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
The error condition -EAGAIN, which is signaled by throw routes, tells
the rules framework to walk on searching for next matches. If the walk
ends and we stop walking the rules with the result of a throw route we
have to translate the error conditions to -ENETUNREACH.
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Most of the changes this time are for incorrect device nodes in various
ways, on on imx, berlin, exynos, ux500, uniphier, omap and meson.
Chen-Yu Tsai now co-maintains mach-sunxi (Allwinner).
Other bug fixes include
* a partial revert of a broken tegra gpio patch
* irq affinity for arm ccn
* suspend on one Armada 385 machine
* enable ZONE_DMA to avoid an OMAP crash for over 2GB RAM
* turning on a regulator on beagleboard-x15 for HDMI
* making the omap gpmc debug code visible
* setup of orion network switch
* a rare build regression for pxa
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUAVikCQmCrR//JCVInAQJFyw//e7DkURra1xRIHx2gh2oE3w13FSM492w9
iCshJLDjRjRJ37S8m9ipjr7MCR6l4jzaB/TUJIjhS7eyRr9oIvuWRb5+sPMiUop6
y5vd4vlmhcD2sE5vmG+GLlFLozPcMNSxsq95DjirxiCuCkbKzkeaHpTwjKf08DdI
FFIYTsDhsKiVqh2L92y9y8ZqS6l76Z2llWt97FV8WG8/y3FX9T/kM5uC9TrS5tb8
GggGk2Pm/LZas5CPH+yc9ihQ1lbdkCkPbZNwlYjutmm0axiIC1BojmYZSrsR6obd
8Phwc7DkSbnPM8qAfvxmeyxvF2Th/ArNnVcrrEoavltGg6t3WPFgjiGXmXBU/IOw
B+UwxzS1LmNdJMTOttVkr/XJR28mNqg9yMbwR5DKkzqbs2dxUVJbZV1DX9sbYPfx
7JYdfkh/Tw2G+xeZEz157w16xPBxVK7toGIrVCPRpPXSANvF6P/QzPpJ09Wo4Fjp
LVD2HTDmye2lNyLK5qq1Q1kIzueb7Jktf70XJZNk1p/8r9xUOhjaVHqAyfDtNZNe
lLQtscQtx6BG2cv1bDaNaznFIzfJ9y1c+4odCILzi28V2Ji2qQ4SQ74jjVeAhsUc
5Lm58P9a8YY++gmwwgh1a6l45zB/3d+/UTdD08F3lz6Jt0gKSZhSxni3QkvfAibd
NB4FSTL0gLo=
=3g0Z
-----END PGP SIGNATURE-----
Merge tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc
Pull ARM SoC fixes from Arnd Bergmann:
"Most of the changes this time are for incorrect device nodes in
various ways, on on imx, berlin, exynos, ux500, uniphier, omap and
meson.
Chen-Yu Tsai now co-maintains mach-sunxi (Allwinner).
Other bug fixes include
- a partial revert of a broken tegra gpio patch
- irq affinity for arm ccn
- suspend on one Armada 385 machine
- enable ZONE_DMA to avoid an OMAP crash for over 2GB RAM
- turning on a regulator on beagleboard-x15 for HDMI
- making the omap gpmc debug code visible
- setup of orion network switch
- a rare build regression for pxa"
* tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (22 commits)
ARM: OMAP2+: Fix imprecise external abort caused by bogus SRAM init
thermal: exynos: Fix register read in TMU
ARM: OMAP2+: Fix oops with LPAE and more than 2GB of memory
ARM: tegra: Comment out gpio-ranges properties
ARM: dts: uniphier: fix IRQ number for devices on PH1-LD6b ref board
drivers/perf: arm_pmu: avoid CPU device_node reference leak
bus: arm-ccn: Fix irq affinity setting on CPU migration
bus: arm-ccn: Handle correctly no-more-cpus case
ARM: mvebu: correct a385-db-ap compatible string
ARM: meson6: DTS: Fix wrong reg mapping and IRQ numbers
MAINTAINERS: Update Allwinner entry and add new maintainer
ARM: ux500: modify initial levelshifter status
ARM: pxa: fix pxa3xx DFI lockup hack
Documentation: ARM: List new omap MMC requirements
memory: omap-gpmc: dump "before" state before first modification
memory: omap-gpmc: Fix unselectable debug option for GPMC
ARM: dts: am57xx-beagle-x15: set VDD_SD to always-on
ARM: dts: Fix audio card detection on Peach boards
ARM: EXYNOS: Fix double of_node_put() when parsing child power domains
ARM: orion: Fix DSA platform device after mvmdio conversion
...
We don't have fraglist support in TAP_FEATURES. This will lead
software segmentation of gro skb with frag list. Fixes by having
frag list support in TAP_FEATURES.
With this patch single session of netperf receiving were restored from
about 5Gb/s to about 12Gb/s on mlx4.
Fixes a567dd6252 ("macvtap: simplify usage of tap_features")
Cc: Vlad Yasevich <vyasevic@redhat.com>
Cc: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
of warnings. It was caused by the stack tracer triggering a warning
about using rcu_dereference() when RCU was not watching. This can happen
due to the fact that the stack tracer uses the function tracer to check
each function, and there's functions that may be called and traced
when RCU stopped watching. Namely when a function is called just before
going idle or to userspace and after RCU stopped watching that current
CPU.
The first patch makes sure that RCU is watching when the stack tracer
uses RCU. The second patch is to make sure that the stack tracer does
not get called by functions in NMI, as it's not NMI safe.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJWKOJaAAoJEEjnJuOKh9ldQsIH/RljIDrkq/RRr22TQZIFafrY
q9ZwWrEOiVetdANhN1SUJEnEHHDw/17c77r2bLcBvb1L97sRU+1PF5mATkYy7dUL
4B9/3kOydMwU9boDe7ObsjUO2YH51eMCUR15dPYvxqb5w3EZQXMucZnT93nHVPZZ
0OTEzIZmNczfJTnmzdMWggmE9Wgdj0LXLMi+H+OqDfAw2YnyqvvehdipePiyCxVj
9XPVuv0fbjFbCgzTi50NPD9xXCPgLDxowsh0Hoym0DGdvDPj21EuI4l6DWwOIe+D
KKm2X1y7b10hnBVnHeMjugaf8W4sztW7WitgujnUucscEVUy0lp72y0m+kNLRhc=
=L+k7
-----END PGP SIGNATURE-----
Merge tag 'trace-fixes-v4.3-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace
Pull tracing fixes from Steven Rostedt:
"Running tests on other changes, the system locked up due to lots of
warnings. It was caused by the stack tracer triggering a warning
about using rcu_dereference() when RCU was not watching. This can
happen due to the fact that the stack tracer uses the function tracer
to check each function, and there are functions that may be called and
traced when RCU stopped watching. Namely when a function is called
just before going idle or to userspace and after RCU stopped watching
that current CPU.
The first patch makes sure that RCU is watching when the stack tracer
uses RCU. The second patch is to make sure that the stack tracer does
not get called by functions in NMI, as it's not NMI safe"
* tag 'trace-fixes-v4.3-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
tracing: Do not allow stack_tracer to record stack in NMI
tracing: Have stack tracer force RCU to be watching
There is nothing to worry you much, only a few small & stable patches
are found for usual stuff, HD-audio (a Lenovo laptop quirk, a fix for
minor error handling) and ASoC (trivial fixes for RT298 and WM
codecs). The only remaining major change is the fix for ASoC SX_TLV
control that was overseen during refactoring, but the fix itself is
trivial and safe.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAABAgAGBQJWKd1hAAoJEGwxgFQ9KSmkeAQP/iiF8JXyaCnwh860DK697PYK
FSrVgxfRHjzhTUR18IugfUJV35TEq7h+MqiWCaeHESxrDAZzR1bH/fRdg0MxKLDg
28MTn3XGgIzxqHN3OeI9DQ3GQfLv+xeJnGhYjGtyVYNCINQSd02taTxo4ec/cA1N
Nr8QQQPeBw8RkxLJ8Vmk0Oeo7Ew2vdzecyA07d0//EJqMnyxF/k+4zfoi8K8+DXc
6h/IBrwDfOPvlXVReIYCGedWHBDRjvipLD/1c3DYJq4X05JKgyLoo6ksJWu229Vw
tuzo7a6q41z8pWV/BhTyrg5tmcF0BcOhNnnJwW2QpfIlcwsgR6zcRq4j14fSStEk
zPaN1RH3rTRfDd2kVN2PtEXBPqYCIoSkyRB3jhWuf3OhAUtBEoSAY55qvGPJ/fhq
HZjO13wurnvaJ1d43DxWai4dWY7lIr8J9TCo1LU/MsvRbNfw99g6dUkfI/UMOPM7
t1Fa8DkKMiZyW5qLxW64bIh+5Exb8yFiSHbJNt7Qzk+YceivG2MDGNf/MZ7gptec
59E7FSywhS20bDG4bRw/2ypU3H8PktpE/QNirb3aVIV6Bq+PwlSeZqZskIokop0k
ievsCi0ENyeEtB59kUK73PfbpLdTQNBY1t1wTTLVruDjEVpjVcfTayGlaudu/Ukp
Kk8pHHL5JitDFPsD9A4m
=s57z
-----END PGP SIGNATURE-----
Merge tag 'sound-4.3-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound
Pull sound fixes from Takashi Iwai:
"There is nothing to worry you much, only a few small & stable patches
are found for usual stuff, HD-audio (a Lenovo laptop quirk, a fix for
minor error handling) and ASoC (trivial fixes for RT298 and WM
codecs).
The only remaining major change is the fix for ASoC SX_TLV control
that was overseen during refactoring, but the fix itself is trivial
and safe"
* tag 'sound-4.3-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
ASoC: wm8962: mark cache_dirty flag after software reset in pm_resume
ASoC: rt298: fix wrong setting of gpio2_en
ASoC: wm8904: Correct number of EQ registers
ALSA: hda - Fix deadlock at error in building PCM
ASoC: Add info callback for SX_TLV controls
ASoC: rt298: correct index default value
ALSA: hda - Fix inverted internal mic on Lenovo G50-80
ALSA: hdac: Explicitly add io.h
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJWKSJIAAoJEAhfPr2O5OEVMUsP/1wLcS2n16HJP9wg/9uIBv+p
sQFzPc1ftgOnsYCVyUu/Npaajp7MnLdJ8uy5bfAkRTo7PY4jzYceygvJ7yn70nDt
zfMB94RdmgOOHi4zEekP9XxbtbRh0sJ4yUWtojHHs0LgP6Pfl/OHtDHR3Nybv93e
PcruerQj89sScyaGc1P5Oj7BFD2s/D9S79SKb3JSWWgJlWDKmbahwHUs6GLul6i7
XdJ0eldrEN+i5DPJW7uUmuwxLL6Utq6npKprFl6eSwjuVevGUymN1PsZIT4M0XVM
xeqKfX2WAEyuXhv03xxy5djJ0uEMB8lrriB7SicCLHsJduGt+pjpRpWmrNzx7Rhb
VS1r5e2qZrewnVZhSCJ2TZm9X+bstC2xs7R4DBProxmJSTrGivAwiDg4Z+2NY3V6
OOIv0wNZkaUJwqGykjeOgxBhkyQc/7XB7YULDWl9FEr2FDa9P3mKUkR2iUwzkfCV
vUhvzYgoUeqVsc/apx98snKegfN9IxWYvdCdqYoKGBzSliY0cVX1V3LmejZtHmB4
jgntWmzFCvcu6/OSz0rLT6On2QCY3N9uqWE3OXN+LrxGAMNQq+O+O6RyOLA4Ojsn
cFaYGT0JR/3eOQBq1mfQzkjW2OCxZKRMSkepJ6iKm/Pwia1omCwnR/fjVKbGMoVh
buoa565ZtPoXxtxZg5ks
=RlDF
-----END PGP SIGNATURE-----
Merge tag 'media/v4.3-4' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media
Pull media fixes from Mauro Carvalho Chehab:
"Some regression fixes and potential security issues:
- netup_unidvb: fix potential crash when spi is NULL
- rtl28xxu: fix control message flaws
- m88ds3103: fix a regression on Kernel 4.2
- c8sectpfe: fix some issues on this new driver
- v4l2-flash-led-class: fix a Kbuild dependency
- si2157 and si2158: check for array boundary when uploading firmware
files
- horus3a and lnbh25: fix some building troubles when some options
aren't selected
- ir-hix5hd2: drop the use of IRQF_NO_SUSPEND"
* tag 'media/v4.3-4' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media:
[media] m88ds3103: use own reg update_bits() implementation
[media] rtl28xxu: fix control message flaws
[media] v4l2-flash-led-class: Add missing VIDEO_V4L2 Kconfig dependency
[media] netup_unidvb: fix potential crash when spi is NULL
[media] si2168: Bounds check firmware
[media] si2157: Bounds check firmware
[media] ir-hix5hd2: drop the use of IRQF_NO_SUSPEND
[media] c8sectpfe: fix return of garbage
[media] c8sectpfe: fix ininitialized error return on firmware load failure
[media] lnbh25: Fix lnbh25_attach() function return type
[media] horus3a: Fix horus3a_attach() function parameters
Pull drm fixes from Dave Airlie:
"I've been a bit slow gathering these:
- drm/mst: one mutex leak in a fail path
- radeon: two oops fixes, one dpm fix
- i915: one messy set of fixes, where we revert the original fix, and
pull back the proper set of fixes from -next on top.
- nouveau: one fix for an illegal buffer placement.
Doesn't look too bad, hopefully shouldn't be too much more"
* 'drm-fixes' of git://people.freedesktop.org/~airlied/linux:
drm/nouveau/gem: return only valid domain when there's only one
drm: fix mutex leak in drm_dp_get_mst_branch_device
drm/amdgpu: add missing dpm check for KV dpm late init
drm/amdgpu/dpm: don't add pwm attributes if DPM is disabled
drm/radeon/dpm: don't add pwm attributes if DPM is disabled
drm/i915: Add primary plane to mask if it's visible
drm/i915: Move sprite/cursor plane disable to intel_sanitize_crtc()
drm/i915: Assign hwmode after encoder state readout
Revert "drm/i915: Add primary plane to mask if it's visible"
drm/i915: Deny wrapping an userptr into a framebuffer
drm/i915: Enable DPLL VGA mode before P1/P2 divider write
drm/i915: Restore lost DPLL register write on gen2-4
drm/i915: Flush pipecontrol post-sync writes
drm/i915: Fix kerneldoc for i915_gem_shrink_all
dlm_lockres_put will call dlm_lockres_release if it is the last
reference, and then it may call dlm_print_one_lock_resource and
take lockres spinlock.
So unlock lockres spinlock before dlm_lockres_put to avoid deadlock.
Signed-off-by: Joseph Qi <joseph.qi@huawei.com>
Cc: Mark Fasheh <mfasheh@suse.de>
Cc: Joel Becker <jlbec@evilplan.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
When the kernel compiled with KASAN=y, GCC adds redzones for each
variable on stack. This enlarges function's stack frame and causes:
'warning: the frame size of X bytes is larger than Y bytes'
The worst case I've seen for now is following:
../net/wireless/nl80211.c: In function `nl80211_send_wiphy':
../net/wireless/nl80211.c:1731:1: warning: the frame size of 5448 bytes is larger than 2048 bytes [-Wframe-larger-than=]
That kind of warning becomes useless with KASAN=y. It doesn't
necessarily indicate that there is some problem in the code, thus we
should turn it off.
(The KASAN=y stack size in increased from 16k to 32k for this reason)
Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Reported-by: Fengguang Wu <fengguang.wu@intel.com>
Acked-by: Abylay Ospan <aospan@netup.ru>
Cc: Andi Kleen <andi@firstfloor.org>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Mauro Carvalho Chehab <m.chehab@samsung.com>
Cc: Kozlov Sergey <serjk@netup.ru>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Currently a simple program below issues a sendfile(2) system call which
takes about 62 days to complete in my test KVM instance.
int fd;
off_t off = 0;
fd = open("file", O_RDWR | O_TRUNC | O_SYNC | O_CREAT, 0644);
ftruncate(fd, 2);
lseek(fd, 0, SEEK_END);
sendfile(fd, fd, &off, 0xfffffff);
Now you should not ask kernel to do a stupid stuff like copying 256MB in
2-byte chunks and call fsync(2) after each chunk but if you do, sysadmin
should have a way to stop you.
We actually do have a check for fatal_signal_pending() in
generic_perform_write() which triggers in this path however because we
always succeed in writing something before the check is done, we return
value > 0 from generic_perform_write() and thus the information about
signal gets lost.
Fix the problem by doing the signal check before writing anything. That
way generic_perform_write() returns -EINTR, the error gets propagated up
and the sendfile loop terminates early.
Signed-off-by: Jan Kara <jack@suse.com>
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Cc: Al Viro <viro@ZenIV.linux.org.uk>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Use is_zero_pfn() on pteval only after pte_present() check on pteval
(It might be better idea to introduce is_zero_pte() which checks
pte_present() first).
Otherwise when working on a swap or migration entry and if pte_pfn's
result is equal to zero_pfn by chance, we lose user's data in
__collapse_huge_page_copy(). So if you're unlucky, the application
segfaults and finally you could see below message on exit:
BUG: Bad rss-counter state mm:ffff88007f099300 idx:2 val:3
Fixes: ca0984caa8 ("mm: incorporate zero pages into transparent huge pages")
Signed-off-by: Minchan Kim <minchan@kernel.org>
Reviewed-by: Andrea Arcangeli <aarcange@redhat.com>
Acked-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Cc: Mel Gorman <mgorman@suse.de>
Acked-by: Vlastimil Babka <vbabka@suse.cz>
Cc: Hugh Dickins <hughd@google.com>
Cc: Rik van Riel <riel@redhat.com>
Cc: <stable@vger.kernel.org> [4.1+]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
The get_maintainer script still reports my old Collabora email based on
old commits but that address no longer exist so update mailmap to report
my current email and avoid people sending to the old address.
Signed-off-by: Javier Martinez Canillas <javier@osg.samsung.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This was found during userspace fuzzing test when a large size dma cma
allocation is made by driver(like ion) through userspace.
show_stack+0x10/0x1c
dump_stack+0x74/0xc8
kasan_report_error+0x2b0/0x408
kasan_report+0x34/0x40
__asan_storeN+0x15c/0x168
memset+0x20/0x44
__dma_alloc_coherent+0x114/0x18c
Signed-off-by: Rohit Vaswani <rvaswani@codeaurora.org>
Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Marek Szyprowski <m.szyprowski@samsung.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
call_usermodehelper_exec_sync() does fork() + wait() with "unignored"
SIGCHLD. What we have missed is that this worker thread can have other
children previously forked by call_usermodehelper_exec_work() without
UMH_WAIT_PROC. If such a child exits in between it becomes a zombie
because auto-reaping only works if SIGCHLD is ignored, and nobody can
reap it (unless/until this worker thread exits too).
Change the !UMH_WAIT_PROC case to use CLONE_PARENT.
Note: this is only first step. All PF_KTHREAD tasks, even created by
kernel_thread() should have ->parent == kthreadd by default.
Fixes: bb304a5c6f ("kmod: handle UMH_WAIT_PROC from system unbound workqueue")
Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Acked-by: Frederic Weisbecker <fweisbec@gmail.com>
Cc: Rik van Riel <riel@redhat.com>
Cc: Christoph Lameter <cl@linux.com>
Cc: Tejun Heo <tj@kernel.org>
Cc: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
A bunch of driver fixes plus one core fix which fixes problems with
misreporting values from _SX controls following a recent refactoring.
This had gone unnoticed as such controls are quite rare.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJWKXWMAAoJECTWi3JdVIfQxesH/jqmFbLuG3QVVw3yqYXuje2B
nhl/eL8Fnre7MQR2iIJitJBa4CTKZReYmBR/Etzqh/PWkJLPOtFXXYDu/qTCKUxn
eF4P2J8jXL0vyJaRVbglYT+G0iidYFyRheKnAz8NtHFyDap8TwroBNe15pxVsqc2
A14M9bJJ34L1zrLFKJnT8k2Imq26WXqAZllU9evJVqJkvBZuDoBBb0pDx3DZfwCC
IF5YddD/2ojoK3ZvQLfVBqk8MjmjQUD76lyHXHCII4tK5hQyYrw731YdVIk5zDNn
syK1T79fNJ0q3QjQJer7pxU8r3WKVUea/ev4QxU+Vr+Uz2gmRcKLea+3Gu5eqb4=
=KU55
-----END PGP SIGNATURE-----
Merge tag 'asoc-fix-v4.3-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus
ASoC: Fixes for v4.3
A bunch of driver fixes plus one core fix which fixes problems with
misreporting values from _SX controls following a recent refactoring.
This had gone unnoticed as such controls are quite rare.
While transitioning to netdev based vport we broke OVS
feature which allows user to retrieve tunnel packet egress
information for lwtunnel devices. Following patch fixes it
by introducing ndo operation to get the tunnel egress info.
Same ndo operation can be used for lwtunnel devices and compat
ovs-tnl-vport devices. So after adding such device operation
we can remove similar operation from ovs-vport.
Fixes: 614732eaa1 ("openvswitch: Use regular VXLAN net_device device").
Signed-off-by: Pravin B Shelar <pshelar@nicira.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jeff Kirsher says:
====================
Intel Wired LAN Driver Updates 2015-10-22
This series contains fixes to i40e only.
Jesse provides two small fixes for i40e, first fixes counters that were
being displayed incorrectly due to indexing beyond the array of strings
when printing stats. Then fixed the fact that the driver was printing
a message about not being able to assign VMDq because a lack of MSI-X
vectors, when it was not true. It was due to a line missing that
initialized a variable.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
The recent fix for the vsock sock_put issue used the wrong
initializer for the transport spin_lock causing an issue when
running with lockdep checking.
Testing: Verified fix on kernel with lockdep enabled.
Reviewed-by: Thomas Hellstrom <thellstrom@vmware.com>
Signed-off-by: Jorgen Hansen <jhansen@vmware.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
The driver was printing a message about not being able
to assign VMDq because of a lack of MSI-X vectors.
This was because a line was missing that initialized a variable,
simply a merge error.
Signed-off-by: Jesse Brandeburg <jesse.brandeburg@intel.com>
Tested-by: Andrew Bowers <andrewx.bowers@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
The code was setting up stats that were not being initialized.
This caused several counters to be displayed incorrectly, due
to indexing beyond the array of strings when printing stats.
Signed-off-by: Jesse Brandeburg <jesse.brandeburg@intel.com>
Tested-by: Andrew Bowers <andrewx.bowers@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Device stopped to tuning some channels after regmap conversion.
Reason is that regmap_update_bits() works a bit differently for
partially volatile registers than old homemade routine. Return
back to old routine in order to fix issue.
Fixes: 478932b160
Cc: <stable@kernel.org> # 4.2+
Reported-by: Mark Clarkstone <hello@markclarkstone.co.uk>
Tested-by: Mark Clarkstone <hello@markclarkstone.co.uk>
Signed-off-by: Antti Palosaari <crope@iki.fi>
Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
Add lock to prevent concurrent access for control message as control
message function uses shared buffer. Without the lock there may be
remote control polling which messes the buffer causing IO errors.
Increase buffer size and add check for maximum supported message
length.
Link: https://bugzilla.kernel.org/show_bug.cgi?id=103391
Fixes: c56222a6b2 ("[media] rtl28xxu: move usb buffers to state")
Cc: <stable@vger.kernel.org> # 4.0+
Signed-off-by: Antti Palosaari <crope@iki.fi>
Fixes the following randconfig problem:
drivers/built-in.o: In function `v4l2_flash_release':
(.text+0x12204f): undefined reference to `v4l2_async_unregister_subdev'
drivers/built-in.o: In function `v4l2_flash_release':
(.text+0x122057): undefined reference to `v4l2_ctrl_handler_free'
drivers/built-in.o: In function `v4l2_flash_close':
v4l2-flash-led-class.c:(.text+0x12208f): undefined reference to `v4l2_fh_is_singular'
v4l2-flash-led-class.c:(.text+0x1220c8): undefined reference to `__v4l2_ctrl_s_ctrl'
drivers/built-in.o: In function `v4l2_flash_open':
v4l2-flash-led-class.c:(.text+0x12227f): undefined reference to `v4l2_fh_is_singular'
drivers/built-in.o: In function `v4l2_flash_init_controls':
v4l2-flash-led-class.c:(.text+0x12274e): undefined reference to `v4l2_ctrl_handler_init_class'
v4l2-flash-led-class.c:(.text+0x122797): undefined reference to `v4l2_ctrl_new_std_menu'
v4l2-flash-led-class.c:(.text+0x1227e0): undefined reference to `v4l2_ctrl_new_std'
v4l2-flash-led-class.c:(.text+0x122826): undefined reference to `v4l2_ctrl_handler_setup'
v4l2-flash-led-class.c:(.text+0x122839): undefined reference to `v4l2_ctrl_handler_free'
drivers/built-in.o: In function `v4l2_flash_init':
(.text+0x1228e2): undefined reference to `v4l2_subdev_init'
drivers/built-in.o: In function `v4l2_flash_init':
(.text+0x12293b): undefined reference to `v4l2_async_register_subdev'
drivers/built-in.o: In function `v4l2_flash_init':
(.text+0x122949): undefined reference to `v4l2_ctrl_handler_free'
drivers/built-in.o:(.rodata+0x20ef8): undefined reference to `v4l2_subdev_queryctrl'
drivers/built-in.o:(.rodata+0x20f10): undefined reference to `v4l2_subdev_querymenu'
Signed-off-by: Jacek Anaszewski <j.anaszewski@samsung.com>
Reported-by: kbuild test robot <fengguang.wu@intel.com>
Cc: Sakari Ailus <sakari.ailus@iki.fi>
Cc: Hans Verkuil <hans.verkuil@cisco.com>
When reading the firmware and sending commands, the length must
be bounds checked to avoid overrunning the size of the command
buffer and smashing the stack if the firmware is not in the expected
format:
si2168 11-0064: found a 'Silicon Labs Si2168-B40'
si2168 11-0064: downloading firmware from file 'dvb-demod-si2168-b40-01.fw'
si2168 11-0064: firmware download failed -95
Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: ffffffffa085708f
Add the proper check.
Cc: stable@kernel.org
Reported-by: Stuart Auchterlonie <sauchter@redhat.com>
Reviewed-by: Antti Palosaari <crope@iki.fi>
Signed-off-by: Laura Abbott <labbott@fedoraproject.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
When reading the firmware and sending commands, the length
must be bounds checked to avoid overrunning the size of the command
buffer and smashing the stack if the firmware is not in the
expected format. Add the proper check.
Cc: stable@kernel.org
Signed-off-by: Laura Abbott <labbott@fedoraproject.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
This driver doesn't claim the IR transmitter to be wakeup source. It
even disables the clock and the IR during suspend-resume cycle.
This patch removes yet another misuse of IRQF_NO_SUSPEND.
Cc: Patrice Chotard <patrice.chotard@st.com>
Cc: Fabio Estevam <fabio.estevam@freescale.com>
Cc: Guoxiong Yan <yanguoxiong@huawei.com>
Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
Acked-by: Zhangfei Gao <zhangfei.gao@linaro.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
The variable err was never initialized, that means we had been checking
a garbage value in the for loop. Moreover if the segment is not outside
the firmware file then also we have been returning the garbage.
Initialize it to 0 so that on success we return the value and no need to
check in the for loop also as it is initially 0 and whenever that value
changes we have done a break from the loop.
Signed-off-by: Sudip Mukherjee <sudip@vectorindia.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
static analysis with cppcheck detected the following error:
[drivers/media/platform/sti/c8sectpfe/c8sectpfe-core.c:1210]:
(error) Uninitialized variable: ret
ret is never initialised, so garbage is being returned. Instead
return the error return from the call of request_firmware_nowait
Signed-off-by: Colin Ian King <colin.king@canonical.com>
If CONFIG_DVB_LNBH25 is disabled, a stub static inline function is
defined that just prints a warning about the driver being disabled
but the function return type was wrong which caused a build error.
Fixes: e025273b86 ("[media] lnbh25: LNBH25 SEC controller driver")
Reported-by: Fengguang Wu <fengguang.wu@intel.com>
Signed-off-by: Javier Martinez Canillas <javier@osg.samsung.com>
If CONFIG_DVB_HORUS3A is disabled a stub static inline function is
defined that just prints a warning about the driver being disabled
but the function parameters were wrong which caused a build error.
Fixes: a5d32b3582 ("[media] horus3a: Sony Horus3A DVB-S/S2 tuner driver")
Reported-by: Fengguang Wu <fengguang.wu@intel.com>
Signed-off-by: Javier Martinez Canillas <javier@osg.samsung.com>
New device IDs shamelessly lifted from the vendor driver.
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: David S. Miller <davem@davemloft.net>
Steffen Klassert says:
====================
pull request (net): ipsec 2015-10-22
1) Fix IPsec pre-encap fragmentation for GSO packets.
From Herbert Xu.
2) Fix some header checks in _decode_session6.
We skip the header informations if the data pointer points
already behind the header in question for some protocols.
This is because we call pskb_may_pull with a negative value
converted to unsigened int from pskb_may_pull in this case.
Skipping the header informations can lead to incorrect policy
lookups. From Mathias Krause.
3) Allow to change the replay threshold and expiry timer of a
state without having to set other attributes like replay
counter and byte lifetime. Changing these other attributes
may break the SA. From Michael Rossberg.
4) Fix pmtu discovery for local generated packets.
We may fail dispatch to the inner address family.
As a reault, the local error handler is not called
and the mtu value is not reported back to userspace.
Please pull or let me know if there are problems.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
