Dmitry has reported that a BUG_ON() condition in unix_notinflight()
may be triggered by a simple code that forwards unix socket in an
SCM_RIGHTS message.
That is caused by incorrect unix socket GC implementation in unix_gc().
The GC first collects list of candidates, then (a) decrements their
"children's" inflight counter, (b) checks which inflight counters are
now 0, and then (c) increments all inflight counters back.
(a) and (c) are done by calling scan_children() with inc_inflight or
dec_inflight as the second argument.
Commit 6209344f5a ("net: unix: fix inflight counting bug in garbage
collector") changed scan_children() such that it no longer considers
sockets that do not have UNIX_GC_CANDIDATE flag. It also added a block
of code that that unsets this flag _before_ invoking
scan_children(, dec_iflight, ). This may lead to incorrect inflight
counters for some sockets.
This change fixes this bug by changing order of operations:
UNIX_GC_CANDIDATE is now unset only after all inflight counters are
restored to the original state.
kernel BUG at net/unix/garbage.c:149!
RIP: 0010:[<ffffffff8717ebf4>] [<ffffffff8717ebf4>]
unix_notinflight+0x3b4/0x490 net/unix/garbage.c:149
Call Trace:
[<ffffffff8716cfbf>] unix_detach_fds.isra.19+0xff/0x170 net/unix/af_unix.c:1487
[<ffffffff8716f6a9>] unix_destruct_scm+0xf9/0x210 net/unix/af_unix.c:1496
[<ffffffff86a90a01>] skb_release_head_state+0x101/0x200 net/core/skbuff.c:655
[<ffffffff86a9808a>] skb_release_all+0x1a/0x60 net/core/skbuff.c:668
[<ffffffff86a980ea>] __kfree_skb+0x1a/0x30 net/core/skbuff.c:684
[<ffffffff86a98284>] kfree_skb+0x184/0x570 net/core/skbuff.c:705
[<ffffffff871789d5>] unix_release_sock+0x5b5/0xbd0 net/unix/af_unix.c:559
[<ffffffff87179039>] unix_release+0x49/0x90 net/unix/af_unix.c:836
[<ffffffff86a694b2>] sock_release+0x92/0x1f0 net/socket.c:570
[<ffffffff86a6962b>] sock_close+0x1b/0x20 net/socket.c:1017
[<ffffffff81a76b8e>] __fput+0x34e/0x910 fs/file_table.c:208
[<ffffffff81a771da>] ____fput+0x1a/0x20 fs/file_table.c:244
[<ffffffff81483ab0>] task_work_run+0x1a0/0x280 kernel/task_work.c:116
[< inline >] exit_task_work include/linux/task_work.h:21
[<ffffffff8141287a>] do_exit+0x183a/0x2640 kernel/exit.c:828
[<ffffffff8141383e>] do_group_exit+0x14e/0x420 kernel/exit.c:931
[<ffffffff814429d3>] get_signal+0x663/0x1880 kernel/signal.c:2307
[<ffffffff81239b45>] do_signal+0xc5/0x2190 arch/x86/kernel/signal.c:807
[<ffffffff8100666a>] exit_to_usermode_loop+0x1ea/0x2d0
arch/x86/entry/common.c:156
[< inline >] prepare_exit_to_usermode arch/x86/entry/common.c:190
[<ffffffff81009693>] syscall_return_slowpath+0x4d3/0x570
arch/x86/entry/common.c:259
[<ffffffff881478e6>] entry_SYSCALL_64_fastpath+0xc4/0xc6
Link: https://lkml.org/lkml/2017/3/6/252
Signed-off-by: Andrey Ulanov <andreyu@google.com>
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Fixes: 6209344 ("net: unix: fix inflight counting bug in garbage collector")
Signed-off-by: David S. Miller <davem@davemloft.net>
Peng Tao says:
====================
vsock: cancel connect packets when failing to connect
Currently, if a connect call fails on a signal or timeout (e.g., guest is still
in the process of starting up), we'll just return to caller and leave the connect
packet queued and they are sent even though the connection is considered a failure,
which can confuse applications with unwanted false connect attempt.
The patchset enables vsock (both host and guest) to cancel queued packets when
a connect attempt is considered to fail.
v5 changelog:
- change virtio_vsock_pkt->cancel_token back to virtio_vsock_pkt->vsk
v4 changelog:
- drop two unnecessary void * cast
- update new callback comment
v3 changelog:
- define cancel_pkt callback in struct vsock_transport rather than struct virtio_transport
- rename virtio_vsock_pkt->vsk to virtio_vsock_pkt->cancel_token
v2 changelog:
- fix queued_replies counting and resume tx/rx when necessary
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Otherwise we'll leave the packets queued until releasing vsock device.
E.g., if guest is slow to start up, resulting ETIMEDOUT on connect, guest
will get the connect requests from failed host sockets.
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Jorgen Hansen <jhansen@vmware.com>
Signed-off-by: Peng Tao <bergwolf@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
To allow canceling all packets of a connection.
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Jorgen Hansen <jhansen@vmware.com>
Signed-off-by: Peng Tao <bergwolf@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
So that we can cancel a queued pkt later if necessary.
Signed-off-by: Peng Tao <bergwolf@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
On Tue, Mar 14, 2017 at 10:44:10AM +0100, Dmitry Vyukov wrote:
>
> Yes, please.
> Disregarding some reports is not a good way long term.
Please try this patch.
---8<---
Subject: netlink: Annotate nlk cb_mutex by protocol
Currently all occurences of nlk->cb_mutex are annotated by lockdep
as a single class. This causes a false lcokdep cycle involving
genl and crypto_user.
This patch fixes it by dividing cb_mutex into individual classes
based on the netlink protocol. As genl and crypto_user do not
use the same netlink protocol this breaks the false dependency
loop.
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
The list rx_done would be initialized when the linking on occurs.
Therefore, if a napi is scheduled without any linking on before,
the following kernel panic would happen.
BUG: unable to handle kernel NULL pointer dereference at 000000000000008
IP: [<ffffffffc085efde>] r8152_poll+0xe1e/0x1210 [r8152]
PGD 0
Oops: 0002 [#1] SMP
Signed-off-by: Hayes Wang <hayeswang@realtek.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
If a given cpu is not in cpu_present and cpu hotplug
is disabled, arch can skip setting up the cpu_dev.
Arch cpuidle driver should pass correct cpu mask
for registration, but failing to do so by the driver
causes error to propagate and crash like this:
[ 30.076045] Unable to handle kernel paging request for data at address 0x00000048
[ 30.076100] Faulting instruction address: 0xc0000000007b2f30
cpu 0x4d: Vector: 300 (Data Access) at [c000003feb18b670]
pc: c0000000007b2f30: kobject_get+0x20/0x70
lr: c0000000007b3c94: kobject_add_internal+0x54/0x3f0
sp: c000003feb18b8f0
msr: 9000000000009033
dar: 48
dsisr: 40000000
current = 0xc000003fd2ed8300
paca = 0xc00000000fbab500 softe: 0 irq_happened: 0x01
pid = 1, comm = swapper/0
Linux version 4.11.0-rc2-svaidy+ (sv@sagarika) (gcc version 6.2.0
20161005 (Ubuntu 6.2.0-5ubuntu12) ) #10 SMP Sun Mar 19 00:08:09 IST 2017
enter ? for help
[c000003feb18b960] c0000000007b3c94 kobject_add_internal+0x54/0x3f0
[c000003feb18b9f0] c0000000007b43a4 kobject_init_and_add+0x64/0xa0
[c000003feb18ba70] c000000000e284f4 cpuidle_add_sysfs+0xb4/0x130
[c000003feb18baf0] c000000000e26038 cpuidle_register_device+0x118/0x1c0
[c000003feb18bb30] c000000000e26c48 cpuidle_register+0x78/0x120
[c000003feb18bbc0] c00000000168fd9c powernv_processor_idle_init+0x110/0x1c4
[c000003feb18bc40] c00000000000cff8 do_one_initcall+0x68/0x1d0
[c000003feb18bd00] c0000000016242f4 kernel_init_freeable+0x280/0x360
[c000003feb18bdc0] c00000000000d864 kernel_init+0x24/0x160
[c000003feb18be30] c00000000000b4e8 ret_from_kernel_thread+0x5c/0x74
Validating cpu_dev fixes the crash and reports correct error message like:
[ 30.163506] Failed to register cpuidle device for cpu136
[ 30.173329] Registration of powernv driver failed.
Signed-off-by: Vaidyanathan Srinivasan <svaidy@linux.vnet.ibm.com>
[ rjw: Comment massage ]
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
The policy->cpuinfo.max_freq and policy->max updates in
intel_cpufreq_turbo_update() are excessive as they are done for no
good reason and may lead to problems in principle, so they should be
dropped. However, after dropping them intel_cpufreq_turbo_update()
becomes almost entirely pointless, because the check made by it is
made again down the road in intel_pstate_prepare_request(). The
only thing in it that still needs to be done is the call to
update_turbo_state(), so drop intel_cpufreq_turbo_update() altogether
and make its callers invoke update_turbo_state() directly instead of
it.
In addition to that, fix intel_cpufreq_verify_policy() so that it
checks global.no_turbo in addition to global.turbo_disabled when
updating policy->cpuinfo.max_freq to make it consistent with
intel_pstate_verify_policy().
Fixes: 001c76f05b (cpufreq: intel_pstate: Generic governors support)
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Before commit 452b94b8c8 ("mm/swap: don't BUG_ON() due to
uninitialized swap slot cache"), the following bug is reported,
------------[ cut here ]------------
kernel BUG at mm/swap_slots.c:270!
invalid opcode: 0000 [#1] SMP
CPU: 5 PID: 1745 Comm: (sd-pam) Not tainted 4.11.0-rc1-00243-g24c534bb161b #1
Hardware name: System manufacturer System Product Name/Z170-K, BIOS 1803 05/06/2016
RIP: 0010:free_swap_slot+0xba/0xd0
Call Trace:
swap_free+0x36/0x40
do_swap_page+0x360/0x6d0
__handle_mm_fault+0x880/0x1080
handle_mm_fault+0xd0/0x240
__do_page_fault+0x232/0x4d0
do_page_fault+0x20/0x70
page_fault+0x22/0x30
---[ end trace aefc9ede53e0ab21 ]---
This is raised by the BUG_ON(!swap_slot_cache_initialized) in
free_swap_slot(). This is incorrect, because even if the swap slots
cache fails to be initialized, the swap should operate properly without
the swap slots cache. And the use_swap_slot_cache check later in the
function will protect the uninitialized swap slots cache case.
In commit 452b94b8c8, the BUG_ON() is replaced by WARN_ON_ONCE(). In
the patch, the WARN_ON_ONCE() is removed too.
Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Acked-by: Tim Chen <tim.c.chen@linux.intel.com>
Cc: Michal Hocko <mhocko@suse.com>
Signed-off-by: "Huang, Ying" <ying.huang@intel.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Nine small fixes: the biggest is probably finally sorting out Kconfig
issues with lpfc nvme. There are some performance fixes for megaraid
and hpsa and a static checker fix.
Signed-off-by: James E.J. Bottomley <jejb@linux.vnet.ibm.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAABAgAGBQJY0UHhAAoJEAVr7HOZEZN4Pm4QAII49optwEoUAy616fR4Vj6C
SA2EmjfAi6tKvvYO88rwfN8KTFkQgsoLa9OmoLFjexTlAAoIG+ixL+SHLwz0nXgG
4tar9vvRnT97MuaXgIxPrNpAOao2OSiFZd3B4rUItYClWhpjZcBhlQogif6S3/qb
sLomKklX7bFfzmtwRtkgDjSdV7Iyx+IAOZAAIi9TmRu+uFoySs6c2Z6zKzfTMx9c
Wc94sS3UvIptpXFncqHgXjOm+/hELjzqC67DrJUu2CbayyRAGF0Aur5QO6FMJOiQ
dNr4k91kVBuvH+Um9WfHTZdqWD/4DzKblP/DwF0EoOerstQMNZrDwlex47pJ80Oa
8VcoMrtJmsCD/bUaZZoxZpIo+OFbE20/mMy/JdoyEl59L1B9NGH+njDDigD4m57t
NhWgyNQN1pbiSbY4dpyT+YYTI0JO2bR9Ye7VVbbeDVhJZlTUrF6D2MbsDMC2zz+f
oGsoF1wBRDw6Q7rY1I8TmCM0qsdE2dbXpCmnaQK4VJpQgiZs5fyA+HhQ82r1SFq1
yN6uCcbbjwNIRyVygtRmRmvyz3V67rIryIV625vMj37xi1ttTEdc1NaKgpaclUaK
yvHlK/izzrU+k8P8V/uOt4oac2T8gyCH1q5GD8IKjzFGbODgQfuUXjFM40083xIQ
W3miZdQlV0PgUIrO8/B4
=Z4Xj
-----END PGP SIGNATURE-----
Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
Pull SCSI fixes from James Bottomley:
"Nine small fixes: the biggest is probably finally sorting out Kconfig
issues with lpfc nvme. There are some performance fixes for megaraid
and hpsa and a static checker fix"
[ Johannes Thumshirn points out that there still seems to be more lpfc
vs nvme config issues. Oh well. - Linus ]
* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
scsi: lpfc: Finalize Kconfig options for nvme
scsi: ufs: don't check unsigned type for a negative value
scsi: hpsa: do not timeout reset operations
scsi: hpsa: limit outstanding rescans
scsi: hpsa: update check for logical volume status
scsi: megaraid_sas: Driver version upgrade
scsi: megaraid_sas: raid6 also require cpuSel check same as raid5
scsi: megaraid_sas: add correct return type check for ldio hint logic for raid1
scsi: megaraid_sas: enable intx only if msix request fails
Pull HID fixes from Jiri Kosina:
- regression fixes for Wacom devices, from Aaron Armstrong Skomra and
Ping Cheng
- memory leak in hid-sony driver from Roderick Colenbrander
- new device IDs support from Oscar Campos and Daniel Drake
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid:
HID: wacom: generic: Wacom mouse is only provided for opaque tablets
HID: corsair: Add driver Scimitar Pro RGB gaming mouse 1b1c:1b3e support to hid-corsair
HID: corsair: support for K65-K70 Rapidfire and Scimitar Pro RGB
HID: wacom: don't manually release resources for the EKR
HID: wacom: Correct Intuos Pro 2 resolution
HID: sony: Fix input device leak when connecting a DS4 twice using USB/BT
HID: chicony: Add support for another ASUS Zen AiO keyboard
- Set the parent on the Altera A10SR driver, also fix
high level IRQs.
- Fix error path on the mockup driver.
- Compilation noise about unused functions fixed.
- Fix missed interrupts on the MCP23S08 expander, this is also
tagged for stable.
- Retire the interrim helpers devm_get_gpiod_from_child() used
to smoothen merging in the merge window.
-----BEGIN PGP SIGNATURE-----
iQIcBAABAgAGBQJY0OCEAAoJEEEQszewGV1zHE8P/jKp3dGg+nfMrDTucBkutyW2
BVs0cnTI3v27LglzDT8S5enoPs1yMvDQtIIk/Ma5Lspt4ewrfjr9C9ycDT9/NNRW
bcHG1YyGhNeAPBug5ZoMIqVrEQvz0Ux4P//gkMXnLqHIS5r2Lk9LsQiKSfwh/zTa
+rMzB3p6zTGtm1by/csBi8kej/i2HD5UJsNSCoW6zoK/nfwewma+rqjjMsmG8NNJ
zwlEk4ee88r97F/DZ65ZlxBXATzJqP0WqOM+idRnrQG6BvyQk2pzoJNuJrtUIJLu
Jbj1KqMMx+Z4xcvM0ofd/EJCgZWYZE8phGKLOqJAEnOOVuPHdWDtjc6RSQkKx+B1
Kejo8TQQCvX4r1JIfGcAwXwicur3KYIN2eNQ/9uThCjibJghq6JfSZghVrKRaY2j
ew4khCqRtDfTfdnssYV+Jd3rU/wfLsk+uwcNQS2idPj2X8wB4Dj0MuCV6GGLFdMx
3ZlbbjOjnLU5K5lGoxIaHXjedpRkBx+34EaFxUJqeTuv54/Xpj7nZwXv471HWki4
VM9N8ZlKnnP+OiG3jjPPF5j5c9nEcdlzkER5Af3DIXu3s1K+3EoePXBJexvShhEn
VEu5ePW0xV2M3xp/4ur7eE8gk3rfLs9gTF9NvIV49g6gpKmngMMfBcejKytbw36B
9mkWcmKDpxNfWak9jAgz
=dTnd
-----END PGP SIGNATURE-----
Merge tag 'gpio-v4.11-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio
Pull GPIO fixes from Linus Walleij:
"Here is the first set of GPIO fixes for 4.11. It was delayed a bit
beacuse I was chicken when linux-next was not rotating last week.
This hits the ST serial driver in drivers/tty/serial and that has an
ACK from Greg, he suggested to keep the old GPIO fwnode API around to
smoothen things in the merge Windod and those have now served their
purpose so we take them out and convert the last driver to the new
API.
Apart from that it's fixes as usual.
Summary:
- set the parent on the Altera A10SR driver, also fix high level
IRQs.
- fix error path on the mockup driver.
- compilation noise about unused functions fixed.
- fix missed interrupts on the MCP23S08 expander, this is also tagged
for stable.
- retire the interrim helpers devm_get_gpiod_from_child() used to
smoothen merging in the merge window"
* tag 'gpio-v4.11-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio:
gpio:mcp23s08 Fixed missing interrupts
serial: st-asc: Use new GPIOD API to obtain RTS pin
gpio: altera: Use handle_level_irq when configured as a level_high
gpio: xgene: mark PM functions as __maybe_unused
gpio: mockup: return -EFAULT if copy_from_user() fails
gpio: altera-a10sr: Set gpio_chip parent property
This fixes a Kbuild dependency issue related to the Qualcomm remoteproc
drivers.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJY0E85AAoJEAsfOT8Nma3F5XQQAOLj3RzP5GfmQQ4oxSHEJz3l
M3ycrTGnUX+zDpzNZ2n3mmsOqbsxCQtas9dch15/9hlwggEm/tu/1CEplhdTenKL
Lle6TtUZCkZTxU2F7saYu5wZ/YzDh/Ri+/0EWt9NLWJmhd0gu2Z0nEjHkuyNNkJS
Ey6ZFllzYBD8GAVAP2adUpRDkEk8Ix62HwjzGj8vIMAUQb2vTnRHMbfVLRZ+oRvK
vi2obfSu+icgmUW1VumpjKaOON9BYYPBddQCCOW7nSGrtr8NcJHjYr4qbSbHKqjL
c6xqA9Lr2whGgX5zYLtyPoxoUg3ITCt78uDPKZ1KXka4PX0PbrukGWXwyC0uh88m
lfP+sZjrfSMWW62+uNUdSAOJQwjnGK6C8GdTRYr1mRJRu4uYSifeX5J1Qh5fXQsp
8AqeY3XQ3O1+HcUZleUnpyUsa7YFN+OoA/c1c0BJ8eNHbE5OR0xVrR8M7fF271Jx
AJ0Yir9LkPmJ+DWAo+jt5PxWfrVPyMMgVav513Slf80r6icuH/EARIi33oiJF8O7
/EwkYGqvhSO29anemETCVkRvzYBLq31GxsSbj265ZxXzdmwmjudboNMKNpzNR5hm
op6tmahYIOWbfZufxODjSrNu7fevxDSwglH0p3gZuSh/Tmo0IGSn3wWIP1TR0gGf
4umPWnThEX1lbj4F1Yw0
=f1Jo
-----END PGP SIGNATURE-----
Merge tag 'rproc-v4.11-fixes' of git://github.com/andersson/remoteproc
Pull remoteproc fix from Bjorn Andersson:
"This fixes a Kbuild dependency issue related to the Qualcomm
remoteproc drivers"
* tag 'rproc-v4.11-fixes' of git://github.com/andersson/remoteproc:
remoteproc: qcom: fix QCOM_SMD dependencies
- Fix performance regression reported by lkp-rebot
- Fix potential data lost after power-cut due to SSR reallocation
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAABCAAGBQJYz+RvAAoJEEAUqH6CSFDSbr4QAIH3MddDbufG+2+KJKUwk066
ARL7DScp/h0hwgURF7ohqu7DOCYpHwfggXw6zttyOVBa3rQhYHik/g5ZXSTVsVex
LC1wiQijJG9ePHShroX6QyFX8g9MYdKj4shbnwdJp1tR2e/iBQEGCg/Ce1umrVJU
IOSOW3v329/t8n0LzP0LKXl6ZnxDM1DPAklBZBiUbVEThZr8mqnKfMoioPweo7XT
ESDQI8kNbX6JQfpQhEXqIwgD68/HGJ6+/A523HG92qqlvSNarhb6bT3xPuDIjisQ
vmlwGdsIitqX/62u+r1wepHN25mcbhWXxIiSC2PqYQqCC2wElUkx/aalvoGZFdCO
0diSmPCBRK/HKLiVhbhNBRRQTfIG7/ODtmmzoEkYhwleJHBozqhUrQIh/NlSC1Qr
eiAgshabREaMeU0wzCbulpTVepheXuNpnTbzfvVXtZWGO54OfYm/v4oJ2JDaCcMA
S2FuGpTETwQGMgI/pQ+8egpVoozGWYxTJciER4RnlolczVEh7i2WA+8jdA/53SOU
yMhjNUJWjxSFnU++g2Q35QD4VKGGfT0UVP2P6+oQiXo88wOHZZq0WZpaXRBCvQip
2ZQYSNGF2W/p2U7DN3yjt73xg0xglDPQf8I0Zo5Lfb59mI+yy8lKYYrRo2lso9EW
9FpzksElm9ZbwMiAHE6r
=PiUP
-----END PGP SIGNATURE-----
Merge tag 'for-f2fs-4.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs
Pull f2fs fixes from Jaegeuk Kim:
- fix performance regression reported by lkp-rebot
- fix potential data lost after power-cut due to SSR reallocation
* tag 'for-f2fs-4.11-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs:
f2fs: combine nat_bits and free_nid_bitmap cache
f2fs: skip scanning free nid bitmap of full NAT blocks
f2fs: use __set{__clear}_bit_le
f2fs: declare static functions
f2fs: don't overwrite node block by SSR
The intent of the original warning is make sure that the mdev vendor
driver has removed any group notifiers at the point where the group
is closed by the user. Theoretically this would be through an
orderly shutdown where any devices are release prior to the group
release. We can't always count on an orderly shutdown, the user can
close the group before the notifier can be removed or the user task
might be killed. We'd like to add this sanity test when the group is
idle and the only references are from the devices within the group
themselves, but we don't have a good way to do that. Instead check
both when the group itself is removed and when the group is opened.
A bit later than we'd prefer, but better than the current over
aggressive approach.
Fixes: ccd46dbae7 ("vfio: support notifier chain in vfio_group")
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Cc: <stable@vger.kernel.org> # v4.10
Cc: Jike Song <jike.song@intel.com>
Hook up three pkey syscalls (which we don't implement) and the new statx
syscall, as has been done for arch/arm/.
Signed-off-by: Will Deacon <will.deacon@arm.com>
When RESET_CONTROLLER is not enabled, the optional reset_control_get
stubs should now also return NULL.
Since it is now valid for reset_control_assert/deassert/reset/status/put
to be called unconditionally, with NULL as an argument for optional
resets, the stubs are not allowed to warn anymore.
Fixes: bb475230b8 ("reset: make optional functions really optional")
Reported-by: Andrzej Hajda <a.hajda@samsung.com>
Tested-by: Andrzej Hajda <a.hajda@samsung.com>
Reviewed-by: Andrzej Hajda <a.hajda@samsung.com>
Cc: Ramiro Oliveira <Ramiro.Oliveira@synopsys.com>
Signed-off-by: Philipp Zabel <p.zabel@pengutronix.de>
Sagi writes:
This consists of some fixes for issues reported lately:
- loop and rdma host driver cpu hotplug fixes
- fix loop use-after-free
- nvmet percpu_ref confirmation fix to fail ongoing requests
- nvmet-rdma fix a non-initialized commands deref
If a cpu unplug event has occured, we need to take the minimum
of the provided nr_io_queues and the number of online cpus,
otherwise we won't be able to connect them as blk-mq mapping
won't dispatch to those queues.
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Sagi Grimberg <sagi@grimberg.me>
If a cpu unplug event has occured, we need to take the minimum
of the provided nr_io_queues and the number of online cpus,
otherwise we won't be able to connect them as blk-mq mapping
won't dispatch to those queues.
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Sagi Grimberg <sagi@grimberg.me>
What started as a rather straightforward race condition reported by
Dmitry using the syzkaller fuzzer ended up revealing some major
problems with how the audit subsystem managed its netlink sockets and
its connection with the userspace audit daemon. Fixing this properly
had quite the cascading effect and what we are left with is this rather
large and complicated patch. My initial goal was to try and decompose
this patch into multiple smaller patches, but the way these changes
are intertwined makes it difficult to split these changes into
meaningful pieces that don't break or somehow make things worse for
the intermediate states.
The patch makes a number of changes, but the most significant are
highlighted below:
* The auditd tracking variables, e.g. audit_sock, are now gone and
replaced by a RCU/spin_lock protected variable auditd_conn which is
a structure containing all of the auditd tracking information.
* We no longer track the auditd sock directly, instead we track it
via the network namespace in which it resides and we use the audit
socket associated with that namespace. In spirit, this is what the
code was trying to do prior to this patch (at least I think that is
what the original authors intended), but it was done rather poorly
and added a layer of obfuscation that only masked the underlying
problems.
* Big backlog queue cleanup, again. In v4.10 we made some pretty big
changes to how the audit backlog queues work, here we haven't changed
the queue design so much as cleaned up the implementation. Brought
about by the locking changes, we've simplified kauditd_thread() quite
a bit by consolidating the queue handling into a new helper function,
kauditd_send_queue(), which allows us to eliminate a lot of very
similar code and makes the looping logic in kauditd_thread() clearer.
* All netlink messages sent to auditd are now sent via
auditd_send_unicast_skb(). Other than just making sense, this makes
the lock handling easier.
* Change the audit_log_start() sleep behavior so that we never sleep
on auditd events (unchanged) or if the caller is holding the
audit_cmd_mutex (changed). Previously we didn't sleep if the caller
was auditd or if the message type fell between a certain range; the
type check was a poor effort of doing what the cmd_mutex check now
does. Richard Guy Briggs originally proposed not sleeping the
cmd_mutex owner several years ago but his patch wasn't acceptable
at the time. At least the idea lives on here.
* A problem with the lost record counter has been resolved. Steve
Grubb and I both happened to notice this problem and according to
some quick testing by Steve, this problem goes back quite some time.
It's largely a harmless problem, although it may have left some
careful sysadmins quite puzzled.
Cc: <stable@vger.kernel.org> # 4.10.x-
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
GVTg has introduced the context status notifier to schedule the GVTg
workload. At that time, the notifier is bound to GVTg context only,
so GVTg is not aware of host workloads.
Now we are going to improve GVTg's guest workload scheduler policy,
and add Guc emulation support for new Gen graphics. Both these two
features require acknowledgment for all contexts running on hardware.
(But will not alter host workload.) So here try to make some change.
The change is simple:
1. Move the context status notifier head from i915_gem_context to
intel_engine_cs. Which means there is a notifier head per engine
instead of per context. Execlist driver still call notifier for
each context sched-in/out events of current engine.
2. At GVTg side, it binds a notifier_block for each physical engine
at GVTg initialization period. Then GVTg can hear all context
status events.
In this patch, GVTg do nothing for host context event, but later
will add a function there. But in any case, the notifier callback is
a noop if this is no active vGPU.
Since intel_gvt_init() is called at early initialization stage and
require the status notifier head has been initiated, I initiate it in
intel_engine_setup().
v2: remove a redundant newline. (chris)
Fixes: 3c7ba6359d ("drm/i915: Introduce execlist context status change notification")
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=100232
Signed-off-by: Changbin Du <changbin.du@intel.com>
Cc: Joonas Lahtinen <joonas.lahtinen@linux.intel.com>
Cc: Tvrtko Ursulin <tvrtko.ursulin@linux.intel.com>
Cc: Zhi Wang <zhi.a.wang@intel.com>
Reviewed-by: Chris Wilson <chris@chris-wilson.co.uk>
Link: http://patchwork.freedesktop.org/patch/msgid/20170313024711.28591-1-changbin.du@intel.com
Acked-by: Zhenyu Wang <zhenyuw@linux.intel.com>
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
(cherry picked from commit 3fc03069bc)
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
Link: http://patchwork.freedesktop.org/patch/msgid/20170321144720.17020-1-chris@chris-wilson.co.uk
Commit f85c9dc ("Support tool ID and additional tool types") introduced mouse
and lens cursor tools to generic codepath, which covers both display (direct)
and opaque tablets (indirect devices). However, mouse and lens cursor tools are
only provided for opaque tablets. This patch ignores mouse and lens cursor tools
if the device is a display tablet.
Signed-off-by: Ping Cheng <ping.cheng@wacom.com>
Reviewed-by: Jason Gerecke <jason.gerecke@wacom.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
This mouse sold by Corsair as Scimitar PRO RGB defines two consecutive
Logical Minimum items in its Application (Consumer.0001) report making
it non parseable. This patch fixes the report descriptor overriding
byte 77 in rdesc from 0x16 (Logical Minimum with 16 bits value) to 0x26
(Logical Maximum with 16 bits value).
Signed-off-by: Oscar Campos <oscar.campos@member.fsf.org>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Commit 5b779fc introduces the manual release of resources in wacom_remove() as
an addition to the driver's use of devm. The EKR resources can only be
released through wacom_remote_destroy_one() so we skip the manual release for
it.
Fixes: 5b779fc ("HID: wacom: release the resources before leaving despite devm")
Signed-off-by: Aaron Armstrong Skomra <skomra@gmail.com>
Reviewed-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
The features struct for the second gen Intuos Pro uses the wrong constant for
the resolution. This fix is for commit 4922cd2.
Fixes: 4922cd2 ("HID: wacom: Support 2nd-gen Intuos Pro's Bluetooth classic interface")
Signed-off-by: Aaron Armstrong Skomra <skomra@gmail.com>
Reviewed-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
When snd_seq_pool_done() is called, it marks the closing flag to
refuse the further cell insertions. But snd_seq_pool_done() itself
doesn't clear the cells but just waits until all cells are cleared by
the caller side. That is, it's racy, and this leads to the endless
stall as syzkaller spotted.
This patch addresses the racy by splitting the setup of pool->closing
flag out of snd_seq_pool_done(), and calling it properly before
snd_seq_pool_done().
BugLink: http://lkml.kernel.org/r/CACT4Y+aqqy8bZA1fFieifNxR2fAfFQQABcBHj801+u5ePV0URw@mail.gmail.com
Reported-and-tested-by: Dmitry Vyukov <dvyukov@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
CONFIG_SND_X86 is a menu config to filter only for x86-specific
drivers in its sub-menu, and this doesn't have to be tristate but
rather it should be a bool. Also, like other sub-menu configs, it's
more user-friendly to be default=y; it's merely a menu config and the
actual drivers are configured in the sub-menu, after all.
Fixes: 287599cf2d ("ALSA: add Intel HDMI LPE audio driver for BYT/CHT-T")
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Commit 65c059bcaa ("powerpc: Enable support for GCC plugins") enabled GCC
plugins on powerpc, but neglected to update the architecture list in the
docs. Rectify this.
Fixes: 65c059bcaa ("powerpc: Enable support for GCC plugins")
Signed-off-by: Andrew Donnellan <andrew.donnellan@au1.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
This reverts commit 3f91a89d42.
Now that we do have the machinery for using the radix MMU under a
hypervisor, the extra check and comment introduced in 3f91a89d42 are
no longer correct. The result is that when booted under a hypervisor
that only allows use of radix, we clear the MMU_FTR_TYPE_RADIX and
then set it again, and print a warning about ignoring the
disable_radix command line option, even though the command line does
not include "disable_radix".
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
DSI forwards te-gpios interrupts to display controller, but if display
controller works in HW-TRIGGER mode this interrupt is not necessary.
Making te-gpios property optional allows to avoid generating spare
interrupts.
And also if panel device node of command mode panel device doesn't provide
te-gpios property then the panel driver failed to probe. This was a critial
issue.
With this patch we can not only get rid of 60 interrupt callbacks per second
but also fix the critial issues.
Signed-off-by: Andrzej Hajda <a.hajda@samsung.com>
Signed-off-by: Inki Dae <inki.dae@samsung.com>
Printing raw kernel pointers might reveal information which sometimes we
try to hide (e.g. with Kernel Address Space Layout Randomization). Use
the "%pK" format so these pointers will be hidden for unprivileged
users.
Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
Signed-off-by: Inki Dae <inki.dae@samsung.com>
The patch fixes copy/paste bug introduced during code refactoring.
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Fixes: b93c2e8b5d ("drm/exynos/decon5433: configure sysreg in case of hardware trigger")Fixes:
Signed-off-by: Andrzej Hajda <a.hajda@samsung.com>
Signed-off-by: Inki Dae <inki.dae@samsung.com>
VBLANK interrupt should be signalled as soon as scanout ends, front porch
is the best moment.
Signed-off-by: Andrzej Hajda <a.hajda@samsung.com>
Signed-off-by: Inki Dae <inki.dae@samsung.com>
DECON in case of video mode generates interrupt by default at start
of vertical back porch. As this interrupt is used to generate VBLANK
events more optimal point is start of vertical front porch.
Signed-off-by: Inki Dae <inki.dae@samsung.com>
Current implementation of event handling assumes that vblank interrupt is
always called at the right time. It is not true, it can be delayed due to
various reasons. As a result different races can happen. The patch fixes
the issue by using hardware frame counter present in DECON to serialize
vblank and commit completion events.
Signed-off-by: Andrzej Hajda <a.hajda@samsung.com>
Signed-off-by: Inki Dae <inki.dae@samsung.com>
CRTC event is currently send with next vblank, or instantly in case crtc
is being disabled. This approach usually works, but in corner cases it can
result in premature event generation. Only device driver is able to verify
if the event can be sent. This patch is a first step in that direction - it
moves event handling to the drivers.
Signed-off-by: Andrzej Hajda <a.hajda@samsung.com>
Signed-off-by: Inki Dae <inki.dae@samsung.com>
Support for Exynos4415 is going away because there are no internal nor
external users.
Since commit 46dcf0ff0d ("ARM: dts: exynos: Remove exynos4415.dtsi"),
the platform cannot be instantiated so remove also the drivers.
Signed-off-by: Krzysztof Kozlowski <krzk@kernel.org>
Acked-by: Kukjin Kim <kgene@kernel.org>
Acked-by: Rob Herring <robh@kernel.org>
Signed-off-by: Inki Dae <inki.dae@samsung.com>
"&" was obviously intended instead of "|". The original condition is
always true.
Fixes: b93c2e8b5d ("drm/exynos/decon5433: configure sysreg in case of hardware trigger")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Inki Dae <inki.dae@samsung.com>
sugov_start() only initializes struct sugov_cpu per-CPU structures
for shared policies, but it should do that for single-CPU policies too.
That in particular makes the IO-wait boost mechanism work in the
cases when cpufreq policies correspond to individual CPUs.
Fixes: 21ca6d2c52 (cpufreq: schedutil: Add iowait boosting)
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Acked-by: Viresh Kumar <viresh.kumar@linaro.org>
Cc: 4.9+ <stable@vger.kernel.org> # 4.9+
qcom_smd_register_edge() is provided by either QCOM_SMD or RPMSG_QCOM_SMD,
and if both of them are disabled, it does nothing.
The check for the PIL drivers however only checks for QCOM_SMD, so it breaks
with QCOM_SMD=n && RPMSG_QCOM_SMD=m:
drivers/remoteproc/built-in.o: In function `smd_subdev_remove':
qcom_wcnss_iris.c:(.text+0x231c): undefined reference to `qcom_smd_unregister_edge'
drivers/remoteproc/built-in.o: In function `smd_subdev_probe':
qcom_wcnss_iris.c:(.text+0x2344): undefined reference to `qcom_smd_register_edge'
drivers/remoteproc/built-in.o: In function `smd_subdev_probe':
qcom_q6v5_pil.c:(.text+0x3538): undefined reference to `qcom_smd_register_edge'
qcom_q6v5_pil.c:(.text+0x3538): relocation truncated to fit: R_AARCH64_CALL26 against undefined symbol `qcom_smd_register_edge'
This clarifies the Kconfig dependency.
Fixes: 4b48921a8f ("remoteproc: qcom: Use common SMD edge handler")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org>
In the 'commit ebee76f7fa ("ath10k: allow setting coverage class")',
it inherits the design and the address offset from ath9k, but the address
is not applicable to QCA6174, which leads to a random crash while doing the
resume() operation, since the set_coverage_class.ops will be called from
ieee80211_reconfig() when resume() (if the wow is not configured).
Fix the incorrect address offset here to avoid the random crash.
Verified on QCA6174/hw3.0 with firmware WLAN.RM.4.4-00022-QCARMSWPZ-2.
kvalo: this also seems to fix a regression with firmware restart.
Fixes: ebee76f7fa ("ath10k: allow setting coverage class")
Cc: <stable@vger.kernel.org> # v4.10
Signed-off-by: Ryan Hsu <ryanhsu@qca.qualcomm.com>
Signed-off-by: Kalle Valo <kvalo@qca.qualcomm.com>
This patch adds to account free nids for each NAT blocks, and while
scanning all free nid bitmap, do check count and skip lookuping in
full NAT block.
Signed-off-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
This is to avoid build warning reported by kbuild test robot.
Signed-off-by: Fengguang Wu <fengguang.wu@intel.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>