Commit Graph

506187 Commits

Author SHA1 Message Date
Quentin Casasnovas
dd9ef135e3 Btrfs:__add_inode_ref: out of bounds memory read when looking for extended ref.
Improper arithmetics when calculting the address of the extended ref could
lead to an out of bounds memory read and kernel panic.

Signed-off-by: Quentin Casasnovas <quentin.casasnovas@oracle.com>
Reviewed-by: David Sterba <dsterba@suse.cz>
cc: stable@vger.kernel.org # v3.7+
Signed-off-by: Chris Mason <clm@fb.com>
2015-03-05 17:28:33 -08:00
Filipe Manana
3a8b36f378 Btrfs: fix data loss in the fast fsync path
When using the fast file fsync code path we can miss the fact that new
writes happened since the last file fsync and therefore return without
waiting for the IO to finish and write the new extents to the fsync log.

Here's an example scenario where the fsync will miss the fact that new
file data exists that wasn't yet durably persisted:

1. fs_info->last_trans_committed == N - 1 and current transaction is
   transaction N (fs_info->generation == N);

2. do a buffered write;

3. fsync our inode, this clears our inode's full sync flag, starts
   an ordered extent and waits for it to complete - when it completes
   at btrfs_finish_ordered_io(), the inode's last_trans is set to the
   value N (via btrfs_update_inode_fallback -> btrfs_update_inode ->
   btrfs_set_inode_last_trans);

4. transaction N is committed, so fs_info->last_trans_committed is now
   set to the value N and fs_info->generation remains with the value N;

5. do another buffered write, when this happens btrfs_file_write_iter
   sets our inode's last_trans to the value N + 1 (that is
   fs_info->generation + 1 == N + 1);

6. transaction N + 1 is started and fs_info->generation now has the
   value N + 1;

7. transaction N + 1 is committed, so fs_info->last_trans_committed
   is set to the value N + 1;

8. fsync our inode - because it doesn't have the full sync flag set,
   we only start the ordered extent, we don't wait for it to complete
   (only in a later phase) therefore its last_trans field has the
   value N + 1 set previously by btrfs_file_write_iter(), and so we
   have:

       inode->last_trans <= fs_info->last_trans_committed
           (N + 1)              (N + 1)

   Which made us not log the last buffered write and exit the fsync
   handler immediately, returning success (0) to user space and resulting
   in data loss after a crash.

This can actually be triggered deterministically and the following excerpt
from a testcase I made for xfstests triggers the issue. It moves a dummy
file across directories and then fsyncs the old parent directory - this
is just to trigger a transaction commit, so moving files around isn't
directly related to the issue but it was chosen because running 'sync' for
example does more than just committing the current transaction, as it
flushes/waits for all file data to be persisted. The issue can also happen
at random periods, since the transaction kthread periodicaly commits the
current transaction (about every 30 seconds by default).
The body of the test is:

  _scratch_mkfs >> $seqres.full 2>&1
  _init_flakey
  _mount_flakey

  # Create our main test file 'foo', the one we check for data loss.
  # By doing an fsync against our file, it makes btrfs clear the 'needs_full_sync'
  # bit from its flags (btrfs inode specific flags).
  $XFS_IO_PROG -f -c "pwrite -S 0xaa 0 8K" \
                  -c "fsync" $SCRATCH_MNT/foo | _filter_xfs_io

  # Now create one other file and 2 directories. We will move this second file
  # from one directory to the other later because it forces btrfs to commit its
  # currently open transaction if we fsync the old parent directory. This is
  # necessary to trigger the data loss bug that affected btrfs.
  mkdir $SCRATCH_MNT/testdir_1
  touch $SCRATCH_MNT/testdir_1/bar
  mkdir $SCRATCH_MNT/testdir_2

  # Make sure everything is durably persisted.
  sync

  # Write more 8Kb of data to our file.
  $XFS_IO_PROG -c "pwrite -S 0xbb 8K 8K" $SCRATCH_MNT/foo | _filter_xfs_io

  # Move our 'bar' file into a new directory.
  mv $SCRATCH_MNT/testdir_1/bar $SCRATCH_MNT/testdir_2/bar

  # Fsync our first directory. Because it had a file moved into some other
  # directory, this made btrfs commit the currently open transaction. This is
  # a condition necessary to trigger the data loss bug.
  $XFS_IO_PROG -c "fsync" $SCRATCH_MNT/testdir_1

  # Now fsync our main test file. If the fsync succeeds, we expect the 8Kb of
  # data we wrote previously to be persisted and available if a crash happens.
  # This did not happen with btrfs, because of the transaction commit that
  # happened when we fsynced the parent directory.
  $XFS_IO_PROG -c "fsync" $SCRATCH_MNT/foo

  # Simulate a crash/power loss.
  _load_flakey_table $FLAKEY_DROP_WRITES
  _unmount_flakey

  _load_flakey_table $FLAKEY_ALLOW_WRITES
  _mount_flakey

  # Now check that all data we wrote before are available.
  echo "File content after log replay:"
  od -t x1 $SCRATCH_MNT/foo

  status=0
  exit

The expected golden output for the test, which is what we get with this
fix applied (or when running against ext3/4 and xfs), is:

  wrote 8192/8192 bytes at offset 0
  XXX Bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
  wrote 8192/8192 bytes at offset 8192
  XXX Bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
  File content after log replay:
  0000000 aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa
  *
  0020000 bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb bb
  *
  0040000

Without this fix applied, the output shows the test file does not have
the second 8Kb extent that we successfully fsynced:

  wrote 8192/8192 bytes at offset 0
  XXX Bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
  wrote 8192/8192 bytes at offset 8192
  XXX Bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
  File content after log replay:
  0000000 aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa aa
  *
  0020000

So fix this by skipping the fsync only if we're doing a full sync and
if the inode's last_trans is <= fs_info->last_trans_committed, or if
the inode is already in the log. Also remove setting the inode's
last_trans in btrfs_file_write_iter since it's useless/unreliable.

Also because btrfs_file_write_iter no longer sets inode->last_trans to
fs_info->generation + 1, don't set last_trans to 0 if we bail out and don't
bail out if last_trans is 0, otherwise something as simple as the following
example wouldn't log the second write on the last fsync:

  1. write to file

  2. fsync file

  3. fsync file
       |--> btrfs_inode_in_log() returns true and it set last_trans to 0

  4. write to file
       |--> btrfs_file_write_iter() no longers sets last_trans, so it
            remained with a value of 0
  5. fsync
       |--> inode->last_trans == 0, so it bails out without logging the
            second write

A test case for xfstests will be sent soon.

CC: <stable@vger.kernel.org>
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Chris Mason <clm@fb.com>
2015-03-05 17:28:32 -08:00
Josef Bacik
f5c0a12280 Btrfs: remove extra run_delayed_refs in update_cowonly_root
This got added with my dirty_bgs patch, it's not needed.  Thanks,

Signed-off-by: Josef Bacik <jbacik@fb.com>
Signed-off-by: Chris Mason <clm@fb.com>
2015-03-05 17:28:30 -08:00
Rafael J. Wysocki
e178e7d6df Merge branches 'pm-domains' and 'pm-cpufreq'
* pm-domains:
  PM / Domains: cleanup: rename gpd -> genpd in debugfs interface

* pm-cpufreq:
  cpufreq: ppc: Add missing #include <asm/smp.h>
2015-03-06 01:29:31 +01:00
Rafael J. Wysocki
1e3e770cfb Merge branch 'acpi-video'
* acpi-video:
  ACPI / video: Propagate the error code for acpi_video_register
  ACPI / video: Load the module even if ACPI is disabled
2015-03-06 01:29:16 +01:00
Rafael J. Wysocki
79d223646b Merge branch 'irq-pm'
* irq-pm:
  genirq / PM: describe IRQF_COND_SUSPEND
  tty: serial: atmel: rework interrupt and wakeup handling
  watchdog: at91sam9: request the irq with IRQF_NO_SUSPEND
  clk: at91: implement suspend/resume for the PMC irqchip
  rtc: at91rm9200: rework wakeup and interrupt handling
  rtc: at91sam9: rework wakeup and interrupt handling
  PM / wakeup: export pm_system_wakeup symbol
  genirq / PM: Add flag for shared NO_SUSPEND interrupt lines
  genirq / PM: better describe IRQF_NO_SUSPEND semantics
2015-03-06 01:29:05 +01:00
Mark Rutland
7438b633a6 genirq / PM: describe IRQF_COND_SUSPEND
With certain restrictions it is possible for a wakeup device to share
an IRQ with an IRQF_NO_SUSPEND user, and the warnings introduced by
commit cab303be91 are spurious. The new
IRQF_COND_SUSPEND flag allows drivers to tell the core when these
restrictions are met, allowing spurious warnings to be silenced.

This patch documents how IRQF_COND_SUSPEND is expected to be used,
updating some of the text now made invalid by its addition.

Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
2015-03-06 01:28:14 +01:00
Boris BREZILLON
2c7af5ba65 tty: serial: atmel: rework interrupt and wakeup handling
The IRQ line connected to the DBGU UART is often shared with a timer device
which request the IRQ with IRQF_NO_SUSPEND.

Since the UART driver is correctly disabling IRQs when entering suspend
we can safely request the IRQ with IRQF_COND_SUSPEND so that irq core
will not complain about mixing IRQF_NO_SUSPEND and !IRQF_NO_SUSPEND.

Rework the interrupt handler to wake the system up when an interrupt
happens on the DEBUG_UART while the system is suspended.

Signed-off-by: Boris Brezillon <boris.brezillon@free-electrons.com>
Reviewed-by: Alexandre Belloni <alexandre.belloni@free-electrons.com>
Acked-by: Nicolas Ferre <nicolas.ferre@atmel.com>
Acked-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
2015-03-06 00:46:44 +01:00
Boris BREZILLON
d677772e13 watchdog: at91sam9: request the irq with IRQF_NO_SUSPEND
The watchdog interrupt (only used when activating software watchdog)
shouldn't be suspended when entering suspend mode, because it is shared
with a timer device (which request the line with IRQF_NO_SUSPEND) and once
the watchdog "Mode Register" has been written, it cannot be changed (which
means we cannot disable the watchdog interrupt when entering suspend).

Signed-off-by: Boris Brezillon <boris.brezillon@free-electrons.com>
Reviewed-by: Alexandre Belloni <alexandre.belloni@free-electrons.com>
Acked-by: Guenter Roeck <linux@roeck-us.net>
Acked-by: Nicolas Ferre <nicolas.ferre@atmel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
2015-03-06 00:46:31 +01:00
Rafael J. Wysocki
eef16e4362 Merge branch 'suspend-to-idle'
* suspend-to-idle:
  cpuidle / sleep: Use broadcast timer for states that stop local timer
  cpuidle: Clean up fallback handling in cpuidle_idle_call()
  cpuidle / sleep: Do sanity checks in cpuidle_enter_freeze() too
  idle / sleep: Avoid excessive disabling and enabling interrupts
2015-03-05 23:14:51 +01:00
Rafael J. Wysocki
8204680c7b Merge branch 'acpi-resources'
* acpi-resources:
  x86/PCI/ACPI: Relax ACPI resource descriptor checks to work around BIOS bugs
  x86/PCI/ACPI: Ignore resources consumed by host bridge itself
  PCI: versatile: Update for list_for_each_entry() API change
2015-03-05 23:14:40 +01:00
Rafael J. Wysocki
ef2b22ac54 cpuidle / sleep: Use broadcast timer for states that stop local timer
Commit 3810631332 (PM / sleep: Re-implement suspend-to-idle handling)
overlooked the fact that entering some sufficiently deep idle states
by CPUs may cause their local timers to stop and in those cases it
is necessary to switch over to a broadcast timer prior to entering
the idle state.  If the cpuidle driver in use does not provide
the new ->enter_freeze callback for any of the idle states, that
problem affects suspend-to-idle too, but it is not taken into account
after the changes made by commit 3810631332.

Fix that by changing the definition of cpuidle_enter_freeze() and
re-arranging of the code in cpuidle_idle_call(), so the former does
not call cpuidle_enter() any more and the fallback case is handled
by cpuidle_idle_call() directly.

Fixes: 3810631332 (PM / sleep: Re-implement suspend-to-idle handling)
Reported-and-tested-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
2015-03-05 23:13:19 +01:00
Linus Torvalds
99aedde086 Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull x86 fixes from Ingo Molnar:
 "Misc fixes: EFI fixes, an Intel Quark fix, an asm fix and an FPU
  handling fix"

* 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  x86/fpu/xsaves: Fix improper uses of __ex_table
  x86/intel/quark: Select COMMON_CLK
  x86/asm/entry/64: Remove a bogus 'ret_from_fork' optimization
  firmware: dmi_scan: Fix dmi_len type
  efi/libstub: Fix boundary checking in efi_high_alloc()
  firmware: dmi_scan: Fix dmi scan to handle "End of Table" structure
2015-03-05 11:25:23 -08:00
Quentin Casasnovas
06c8173eb9 x86/fpu/xsaves: Fix improper uses of __ex_table
Commit:

  f31a9f7c71 ("x86/xsaves: Use xsaves/xrstors to save and restore xsave area")

introduced alternative instructions for XSAVES/XRSTORS and commit:

  adb9d526e9 ("x86/xsaves: Add xsaves and xrstors support for booting time")

added support for the XSAVES/XRSTORS instructions at boot time.

Unfortunately both failed to properly protect them against faulting:

The 'xstate_fault' macro will use the closest label named '1'
backward and that ends up in the .altinstr_replacement section
rather than in .text. This means that the kernel will never find
in the __ex_table the .text address where this instruction might
fault, leading to serious problems if userspace manages to
trigger the fault.

Signed-off-by: Quentin Casasnovas <quentin.casasnovas@oracle.com>
Signed-off-by: Jamie Iles <jamie.iles@oracle.com>
[ Improved the changelog, fixed some whitespace noise. ]
Acked-by: Borislav Petkov <bp@alien8.de>
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: <stable@vger.kernel.org>
Cc: Allan Xavier <mr.a.xavier@gmail.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Fixes: adb9d526e9 ("x86/xsaves: Add xsaves and xrstors support for booting time")
Fixes: f31a9f7c71 ("x86/xsaves: Use xsaves/xrstors to save and restore xsave area")
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2015-03-05 18:20:36 +01:00
Robert Jarzmik
ecb9b4241f dmaengine: mmp_pdma: fix warning about slave caps
Fix the dmaengine complaint about missing slave caps :
 - declare the available bus widths
 - declare the available transfer types
 - declare the residue calculation type

Signed-off-by: Robert Jarzmik <robert.jarzmik@free.fr>
Signed-off-by: Vinod Koul <vinod.koul@intel.com>
2015-03-05 22:15:35 +05:30
Andy Shevchenko
9ab6eb51ef x86/intel/quark: Select COMMON_CLK
The commit 8bbc2a135b ("x86/intel/quark: Add Intel Quark
platform support") introduced a minimal support of Intel Quark
SoC. That allows to use core parts of the SoC. However, the SPI,
I2C, and GPIO drivers can't be selected by kernel configuration
because they depend on COMMON_CLK. The patch adds a COMMON_CLK
selection to the platfrom definition to allow user choose the drivers.

Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Acked-by: Ong, Boon Leong <boon.leong.ong@intel.com>
Cc: Bryan O'Donoghue <pure.logic@nexus-software.ie>
Cc: Darren Hart <dvhart@linux.intel.com>
Fixes: 8bbc2a135b ("x86/intel/quark: Add Intel Quark platform support")
Link: http://lkml.kernel.org/r/1425569044-2867-1-git-send-email-andriy.shevchenko@linux.intel.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2015-03-05 17:44:53 +01:00
Stanimir Varbanov
90b1047f13 dmaengine: qcom_bam_dma: fix wrong register offsets
The commit fb93f520e (dmaengine: qcom_bam_dma: Generalize BAM
register offset calculations) wrongly populated base offsets
for event registers for bam v1.4.

Signed-off-by: Stanimir Varbanov <svarbanov@mm-sol.com>
Reviewed-by: Archit Taneja <architt@codeaurora.org>
Reviewed-by: Andy Gross <agross@codeaurora.org>
Signed-off-by: Vinod Koul <vinod.koul@intel.com>
2015-03-05 22:07:12 +05:30
Stanimir Varbanov
fe4be5e9f9 dmaengine: bam-dma: fix a warning about missing capabilities
Avoid the warning below triggered during dmaengine async device
registration.

WARNING: CPU: 1 PID: 1 at linux/drivers/dma/dmaengine.c:863
dma_async_device_register+0x2a8/0x4b8()
this driver doesn't support generic slave capabilities reporting

To do that fill mandatory .directions bit mask,
.src/dst_addr_widths and .residue_granularity dma_device fields
with appropriate values.

Signed-off-by: Stanimir Varbanov <stanimir.varbanov@linaro.org>
Signed-off-by: Vinod Koul <vinod.koul@intel.com>
2015-03-05 21:44:38 +05:30
Greg Kroah-Hartman
d3d5389475 USB-serial fixes for v4.0-rc3
Here are a few fixes for reported problems including a usb-debug device
 buffer overflow, potential use-after-free on failed probe, and a couple
 of issues with the USB console.
 
 Some new device IDs are also added.
 
 Signed-off-by: Johan Hovold <johan@kernel.org>
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQIcBAABAgAGBQJU+Fy4AAoJEEEN5E/e4bSVxSIQAM/ekC0n6/v2BqF+RJ+1YmGs
 pELjhVxgiUJ+TqgncxhFkbSVVKhBJ7JN8qOj2wV9r55WX8OgoGVoqFopz+PHeHWC
 2JvPYkGi0UhCxCLto/XFnS8KYT+ODCqDF3E9CJKZEl6X3TGmQJ0Lyka953vYRWO3
 0g3DwHGVdAHCH1ZZFJB4R/45i6ACLWd5A7zlyfvjrDYWfTgfONIFbaOjNATJFjre
 3FyUXM2TP/AZNAcPYt8IUrbrUIriKptmQJk0F2gZEyLvYwlmJvtutpMLUL+Xs0Hx
 rbQVsQfKt7Plo2nkUkJ+1B/Q15+0aTyA5dqdXeYG77R6O5Y9v1c6fpc5Jr+fIPI/
 jMP9LBeAUqQpKsLvtN4LG93a19r+0lJfdZtNTComLmSvQXYIiqRPNBlLmrBUN+Tq
 KG7TYHCoDsxw6jgMRPNLGn3lMEHxWej1lhI3UYSAXks1qixHLm+5+hVcqbKqMeaQ
 2gX/xEHIFgaHNvfl9Hr1ke2vMxHB/tSt7DcrQVgBsBQgEP6PgvG+fQajoIZ7YQJC
 K+ElAwUiGeYq2Kqp8ljqVd+q1LyQo0w9B3eJSG5URnmLkxzQ4PPVf2tnVxy+xq3q
 N10cp/6vKLFATF4+Gu2dMGuSbK5LsNvOAGpjr6VDAqb2wAFmaT+MaQKQlgo/6TQH
 L/Cj0mx7uyGwhtPBZES6
 =0CrX
 -----END PGP SIGNATURE-----

Merge tag 'usb-serial-4.0-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/johan/usb-serial into usb-linus

Johan writes:

USB-serial fixes for v4.0-rc3

Here are a few fixes for reported problems including a usb-debug device
buffer overflow, potential use-after-free on failed probe, and a couple
of issues with the USB console.

Some new device IDs are also added.

Signed-off-by: Johan Hovold <johan@kernel.org>
2015-03-05 07:15:17 -08:00
Takashi Iwai
f44f07cf39 ALSA: line6: Clamp values correctly
The usages of clamp() macro in sound/usb/line6/playback.c are just
wrong, the low and high values are swapped.

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2015-03-05 13:03:28 +01:00
Dan Carpenter
096a020a9e ALSA: msnd: add some missing curly braces
There were some curly braces intended here.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2015-03-05 13:02:10 +01:00
Dave Jiang
9ca1c5f2ab dmaengine: ioatdma: workaround for incorrect DMACAP register
BDX-DE IOATDMA reports incorrect DMACAP register for PQ related
ops. Ignoring those bits.

Signed-off-by: Dave Jiang <dave.jiang@intel.com>
Acked-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: Vinod Koul <vinod.koul@intel.com>
2015-03-05 14:32:02 +05:30
Ludovic Desroches
6eb9d3c1e9 dmaengine: at_xdmac: fix for chan conf simplification
When simplificating the channel configuration, the cyclic case has been
forgotten. It leads to use bad configuration causing many bugs.

Signed-off-by: Ludovic Desroches <ludovic.desroches@atmel.com>
Acked-by: Nicolas Ferre <nicolas.ferre@atmel.com>
Signed-off-by: Vinod Koul <vinod.koul@intel.com>
2015-03-05 14:29:57 +05:30
Jie Yang
94b3eed7b8 dmaengine: dw: don't handle interrupt when dmaengine is not used
When dma controller is not used by any user and set off,
we should disble interrupt handler, at least the interrupt
reset part, for some subsystem, e.g. ADSP, may use the
dma in its own logic, here reset the interrupt may make
this subsystem work abnormally.

Signed-off-by: Jie Yang <yang.jie@intel.com>
Signed-off-by: Vinod Koul <vinod.koul@intel.com>
2015-03-05 14:07:48 +05:30
Matthias Kaehlcke
2dc10f8963 thermal: Make sysfs attributes of cooling devices default attributes
Default attributes are created when the device is registered. Attributes
created after device registration can lead to race conditions, where user space
(e.g. udev) sees the device but not the attributes.

Signed-off-by: Matthias Kaehlcke <mka@chromium.org>
Signed-off-by: Eduardo Valentin <edubezval@gmail.com>
2015-03-05 01:47:57 -04:00
Srinivas Pandruvada
d5bce86777 Thermal/int340x: Fix memleak for aux trip
When thermal zone device register fails or on module exit, the memory
for aux_trip is not freed. This change fixes this issue.

Signed-off-by: Srinivas Pandruvada <srinivas.pandruvada@linux.intel.com>
Signed-off-by: Eduardo Valentin <edubezval@gmail.com>
2015-03-05 01:41:51 -04:00
Andy Lutomirski
956421fbb7 x86/asm/entry/64: Remove a bogus 'ret_from_fork' optimization
'ret_from_fork' checks TIF_IA32 to determine whether 'pt_regs' and
the related state make sense for 'ret_from_sys_call'.  This is
entirely the wrong check.  TS_COMPAT would make a little more
sense, but there's really no point in keeping this optimization
at all.

This fixes a return to the wrong user CS if we came from int
0x80 in a 64-bit task.

Signed-off-by: Andy Lutomirski <luto@amacapital.net>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Oleg Nesterov <oleg@redhat.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: <stable@vger.kernel.org>
Link: http://lkml.kernel.org/r/4710be56d76ef994ddf59087aad98c000fbab9a4.1424989793.git.luto@amacapital.net
[ Backported from tip:x86/asm. ]
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2015-03-05 01:12:23 +01:00
Dave Airlie
4afb153477 Merge branch 'msm-fixes-4.0' of git://people.freedesktop.org/~robclark/linux into drm-fixes
Fixup some fallout of the fallout of atomic dpms, few mdp5 cursor
fixes, fix a leak in error path, and some fixes for kexec

* 'msm-fixes-4.0' of git://people.freedesktop.org/~robclark/linux:
  drm/msm: kexec fixes
  drm/msm/mdp5: fix cursor blending
  drm/msm/mdp5: fix cursor ROI
  drm/msm/atomic: Don't leak atomic commit object when commit fails
  drm/msm/mdp5: Avoid flushing registers when CRTC is disabled
  drm/msm: update generated headers (add 6th lm.base entry)
  drm/msm/mdp5: fixup "drm/msm: fix fallout of atomic dpms changes"
2015-03-05 09:36:27 +10:00
Rob Clark
aa80a4a519 drm/msm: kexec fixes
In kexec environment, we are more likely to encounter irq's already
enabled from previous environment.  At which point we find that writes
to disable/clear pending irq's are slightly less than useless without
first enabling clocks.

TODO: full blown state read-in so kexec'd kernel can inherit the mode
already setup.

Signed-off-by: Rob Clark <robdclark@gmail.com>
2015-03-04 18:23:41 -05:00
Rob Clark
757fdfaf41 drm/msm/mdp5: fix cursor blending
Seems like we just want BLEND_EN and not BLEND_TRANSP_EN (setting the
latter results in black pixels in the cursor image treated as
transparent).

Signed-off-by: Rob Clark <robdclark@gmail.com>
2015-03-04 18:23:40 -05:00
Rob Clark
58560890b3 drm/msm/mdp5: fix cursor ROI
If cursor is set near the edge of the screen, it is not valid to use the
new cursor width/height as the ROI dimensions.  Split out the ROI calc
and use it both cursor_set and cursor_move.

Signed-off-by: Rob Clark <robdclark@gmail.com>
2015-03-04 18:23:40 -05:00
Laurent Pinchart
5b2e2b6c5e drm/msm/atomic: Don't leak atomic commit object when commit fails
If the atomic commit fails due to completion wait interruption the
atomic commit object is not freed and is thus leaked. Free it.

Signed-off-by: Laurent Pinchart <laurent.pinchart+renesas@ideasonboard.com>
Signed-off-by: Rob Clark <robdclark@gmail.com>
2015-03-04 18:23:40 -05:00
Stephane Viau
ba0312a610 drm/msm/mdp5: Avoid flushing registers when CRTC is disabled
When a CRTC is disabled, no CTL is allocated to it (CRTC->ctl == NULL);
in that case we should not try to FLUSH registers and do nothing instead.

This can happen when we try to move a cursor but the CRTC's CTL
(CONTROL) has not been allocated yet (inactive CRTC).
It can also happens when we .atomic_check()/.atomic_flush() on a
disabled CRTC.

A CTL needs to be kept as long as the CRTC is alive. Releasing it
after the last VBlank is safer than in .atomic_flush().

Signed-off-by: Stephane Viau <sviau@codeaurora.org>
Signed-off-by: Rob Clark <robdclark@gmail.com>
2015-03-04 18:23:39 -05:00
Stephane Viau
8a4247d645 drm/msm: update generated headers (add 6th lm.base entry)
Some target have up to 6 layer mixers (LM).
Let the header file access the last LM's base address.

Signed-off-by: Stephane Viau <sviau@codeaurora.org>
Signed-off-by: Rob Clark <robdclark@gmail.com>
2015-03-04 18:23:39 -05:00
Stephane Viau
5db0f6e880 drm/msm/mdp5: fixup "drm/msm: fix fallout of atomic dpms changes"
Commit 0b776d457b ("drm/msm: fix fallout of atomic dpms
changes") has a typo in both mdp5_encoder_helper_funcs and
mdp5_crtc_helper_funcs definitions:

	.dpms entry should be replaced by .disable and .enable

Also fixed a typo in mdp5_encoder_enable().

Note that these typos are only present for MDP5. MDP4 is fine.

Signed-off-by: Stephane Viau <sviau@codeaurora.org>
Signed-off-by: Rob Clark <robdclark@gmail.com>
2015-03-04 18:23:38 -05:00
Dave Airlie
92eed291e9 Merge branch 'drm-fixes-4.0' of git://people.freedesktop.org/~agd5f/linux into drm-fixes
Radeon fixes for 4.0:
- Fix some fallout from the audio rework
- Fix a possible oops in the CS ioctl
- Fix interlaced modes on DCE8
- Do a posting read in irq_set callbacks to make sure
  interrupts are properly flushed through the pci bridge

* 'drm-fixes-4.0' of git://people.freedesktop.org/~agd5f/linux:
  drm/radeon: fix interlaced modes on DCE8
  drm/radeon: fix DRM_IOCTL_RADEON_CS oops
  drm/radeon: do a posting read in cik_set_irq
  drm/radeon: do a posting read in si_set_irq
  drm/radeon: do a posting read in evergreen_set_irq
  drm/radeon: do a posting read in r600_set_irq
  drm/radeon: do a posting read in rs600_set_irq
  drm/radeon: do a posting read in r100_set_irq
  radeon/audio: fix DP audio on DCE6
  radeon/audio: fix whitespace
  drm/radeon: adjust audio callback order
  drm/radeon: properly set dto for dp on DCE4/5
  drm/radeon/audio: update EDID derived fields in modeset
  drm/radeon: don't toggle audio state in modeset
  drm/radeon/audio: set mute around state setup
  drm/radeon: assign pin in detect
  drm/radeon: fix the audio dpms callbacks
2015-03-05 09:21:51 +10:00
Alex Deucher
54c4cd68ed drm/ttm: device address space != CPU address space
We need to store device offsets in 64 bit as the device
address space may be larger than the CPU's.

Fixes GPU init failures on radeons with 4GB or more of
vram on 32 bit kernels.  We put vram at the start of the
GPU's address space so the gart aperture starts at 4 GB
causing all GPU addresses in the gart aperture to get
truncated.

bug:
https://bugs.freedesktop.org/show_bug.cgi?id=89072

[airlied: fix warning on nouveau build]

Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: thellstrom@vmware.com
Acked-by: Thomas Hellstrom <thellstrom@vmware.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
2015-03-05 09:04:39 +10:00
Thierry Reding
440fd5283a drm/mm: Support 4 GiB and larger ranges
The current implementation is limited by the number of addresses that
fit into an unsigned long. This causes problems on 32-bit Tegra where
unsigned long is 32-bit but drm_mm is used to manage an IOVA space of
4 GiB. Given the 32-bit limitation, the range is limited to 4 GiB - 1
(or 4 GiB - 4 KiB for page granularity).

This commit changes the start and size of the range to be an unsigned
64-bit integer, thus allowing much larger ranges to be supported.

[airlied: fix i915 warnings and coloring callback]

Signed-off-by: Thierry Reding <treding@nvidia.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Reviewed-by: Chris Wilson <chris@chris-wilson.co.uk>
Signed-off-by: Dave Airlie <airlied@redhat.com>

fixupo
2015-03-05 09:01:37 +10:00
Jeff Layton
0164bf0239 locks: fix fasync_struct memory leak in lease upgrade/downgrade handling
Commit 8634b51f6c (locks: convert lease handling to file_lock_context)
introduced a regression in the handling of lease upgrade/downgrades.

In the event that we already have a lease on a file and are going to
either upgrade or downgrade it, we skip doing any list insertion or
deletion and simply re-call lm_setup on the existing lease.

As of commit 8634b51f6c however, we end up calling lm_setup on the
lease that was passed in, instead of on the existing lease. This causes
us to leak the fasync_struct that was allocated in the event that there
was not already an existing one (as it always appeared that there
wasn't one).

Fixes: 8634b51f6c (locks: convert lease handling to file_lock_context)
Reported-and-Tested-by: Daniel Wagner <daniel.wagner@bmw-carit.de>
Signed-off-by: Jeff Layton <jeff.layton@primarydata.com>
2015-03-04 17:34:32 -05:00
Linus Torvalds
8a001af4bb Fixes for proper ioctl handling and an untriggerable buffer overflow
- The eCryptfs ioctl handling functions should only pass known-good ioctl
   commands to the lower filesystem
 - A static checker found a potential buffer overflow. Upon inspection, it is
   not triggerable due to input validation performed on the mount parameters.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABCgAGBQJU94JWAAoJENaSAD2qAscK5z0P/3rrZv7w4rWnPeLfzddRCSpt
 QMCPGGXE2fo3nP9w6e7HirAQKg474CFdmNXbNzAKR08irQNRM9lMMEkUp8B9kwXN
 8Ms+lHPVuTZuBPXkqtpG/p47kAJdc1d9QePa0iU5PPp5GcdI/knPR/Md42NxUd4y
 kqMdgK7brO/y16i5aCC40CG2x+OPc5I8Xz/9MT9fm9+NTRzOxFhbLxis5LKUrQgj
 SnzkXn4Z1jsLt3y8OCFhrP9n9sHrKmcHpxBExa7GziADbIcw+nv/ugQy8Dvi8sHK
 zzO1G21uUlZXfMoWdv+DbwgU6subaT/D6NjcyVEhZ0ziYQDdMMOVvqDUFzwIV9W7
 WiIV2fYLxYlZHSv318BlYTT6XiDVveINUcLI2107cw4pBwMYUt9QY3QoKLQ7027o
 HhdX4Ys6chzwggWU0CRRI7W45/LTF0KeJ3g06tAsYVV6GFGoJAnZe7olHA6X7nGE
 s8rXzpT5zZqdcz7Y5ln5NtrzWBER91iBUDivafw6y7b0rqj6o+fEUk4vXNdsyuzZ
 y5Qn5dus1ImPLwtCAsfqZMjUUnNtOaBPd52k0sHIkRoY6W7GlXZNOjXA7ki+X5tX
 Jq4tm0n3fkInEhjJDQ/sxtPa+TcZGgcoyc3qNsX80Lob7QpaTvBczKFgBadNnMnK
 TKJEvJQuLIlAq3Lw5DGL
 =4fdp
 -----END PGP SIGNATURE-----

Merge tag 'ecryptfs-4.0-rc3-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tyhicks/ecryptfs

Pull eCryptfs fixes from Tyler Hicks:
 "Fixes for proper ioctl handling and an untriggerable buffer overflow

   - The eCryptfs ioctl handling functions should only pass known-good
     ioctl commands to the lower filesystem

   - A static checker found a potential buffer overflow.  Upon
     inspection, it is not triggerable due to input validation performed
     on the mount parameters"

* tag 'ecryptfs-4.0-rc3-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tyhicks/ecryptfs:
  eCryptfs: don't pass fs-specific ioctl commands through
  eCryptfs: ensure copy to crypt_stat->cipher does not overrun
2015-03-04 14:19:48 -08:00
Boris BREZILLON
947f5b1085 clk: at91: implement suspend/resume for the PMC irqchip
The irq line used by the PMC block is shared with several peripherals
including the init timer which is registering its handler with
IRQF_NO_SUSPEND.

Implement the appropriate suspend/resume callback for the PMC irqchip,
and inform irq core that PMC irq handler can be safely called while
the system is suspended by setting IRQF_COND_SUSPEND.

Signed-off-by: Boris Brezillon <boris.brezillon@free-electrons.com>
Reviewed-by: Alexandre Belloni <alexandre.belloni@free-electrons.com>
Acked-by: Nicolas Ferre <nicolas.ferre@atmel.com>
Acked-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
2015-03-04 22:11:17 +01:00
Boris BREZILLON
dd1f1f391d rtc: at91rm9200: rework wakeup and interrupt handling
The IRQ line used by the RTC device is usually shared with the system
timer (PIT) on at91 platforms.

Since timers are registering their handlers with IRQF_NO_SUSPEND, we
should expect being called in suspended state, and properly wake the
system up when this is the case.

Set IRQF_COND_SUSPEND flag when registering the IRQ handler to inform
irq core that it can safely be called while the system is suspended.

Signed-off-by: Boris Brezillon <boris.brezillon@free-electrons.com>
Reviewed-by: Alexandre Belloni <alexandre.belloni@free-electrons.com>
Acked-by: Nicolas Ferre <nicolas.ferre@atmel.com>
Acked-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
2015-03-04 22:11:07 +01:00
Boris BREZILLON
603b1a2326 rtc: at91sam9: rework wakeup and interrupt handling
The IRQ line used by the RTC device is usually shared with the system timer
(PIT) on at91 platforms.

Since timers are registering their handlers with IRQF_NO_SUSPEND, we should
expect being called in suspended state, and properly wake the system up
when this is the case.

Set IRQF_COND_SUSPEND flag when registering the IRQ handler to inform
irq core that it can safely be called while the system is suspended.

Signed-off-by: Boris Brezillon <boris.brezillon@free-electrons.com>
Reviewed-by: Alexandre Belloni <alexandre.belloni@free-electrons.com>
Acked-by: Nicolas Ferre <nicolas.ferre@atmel.com>
Acked-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
2015-03-04 22:10:59 +01:00
Boris BREZILLON
432ec92b29 PM / wakeup: export pm_system_wakeup symbol
Export pm_system_wakeup function to allow irq handlers to deal with system
wakeup.

This is needed for shared IRQ lines where one of the handler is registered
with IRQF_NO_SUSPEND, while the other ones want to configure it as a wakeup
source.

In this specific case, irq core does not handle the wakeup process and
leave the decision to each irq handler.

Signed-off-by: Boris Brezillon <boris.brezillon@free-electrons.com>
Reviewed-by: Alexandre Belloni <alexandre.belloni@free-electrons.com>
Acked-by: Nicolas Ferre <nicolas.ferre@atmel.com>
Acked-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
2015-03-04 22:10:19 +01:00
Mark Brown
3b8f4a70b8 Merge remote-tracking branch 'asoc/fix/sta32x' into asoc-linus 2015-03-04 20:42:43 +00:00
Mark Brown
2824ef9b81 Merge remote-tracking branch 'asoc/fix/simple' into asoc-linus 2015-03-04 20:42:43 +00:00
Mark Brown
95d67c7fc2 Merge remote-tracking branch 'asoc/fix/samsung' into asoc-linus 2015-03-04 20:42:43 +00:00
Mark Brown
c6eb1fa4a7 Merge remote-tracking branch 'asoc/fix/rt5677' into asoc-linus 2015-03-04 20:42:42 +00:00
Mark Brown
159c6fc0bb Merge remote-tracking branch 'asoc/fix/rt5670' into asoc-linus 2015-03-04 20:42:42 +00:00
Mark Brown
e0427428db Merge remote-tracking branch 'asoc/fix/rsnd' into asoc-linus 2015-03-04 20:42:41 +00:00