Commit Graph

661604 Commits

Author SHA1 Message Date
Yotam Gigi
df2c43343b bridge: Fix error path in nbp_vlan_init
Fix error path order in nbp_vlan_init, so if switchdev_port_attr_set
call failes, the vlan_hash wouldn't be destroyed before inited.

Fixes: efa5356b0d ("bridge: per vlan dst_metadata netlink support")
CC: Roopa Prabhu <roopa@cumulusnetworks.com>
Signed-off-by: Yotam Gigi <yotamg@mellanox.com>
Acked-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Reviewed-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-03-01 14:55:28 -08:00
Pavel Shilovsky
61cfac6f26 CIFS: Fix possible use after free in demultiplex thread
The recent changes that added SMB3 encryption support introduced
a possible use after free in the demultiplex thread. When we
process an encrypted packed we obtain a pointer to SMB session
but do not obtain a reference. This can possibly lead to a situation
when this session was freed before we copy a decryption key from
there. Fix this by obtaining a copy of the key rather than a pointer
to the session under a spinlock.

Signed-off-by: Pavel Shilovsky <pshilov@microsoft.com>
Signed-off-by: Steve French <smfrench@gmail.com>
2017-03-01 16:42:40 -06:00
Rafael J. Wysocki
6bff9c609f Merge branch 'turbostat' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux
Pull changes related to turbostat for v4.11 from Len Brown.

* 'turbostat' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux: (44 commits)
  tools/power turbostat: version 17.02.24
  tools/power turbostat: bugfix: --add u32 was printed as u64
  tools/power turbostat: show error on exec
  tools/power turbostat: dump p-state software config
  tools/power turbostat: show package number, even without --debug
  tools/power turbostat: support "--hide C1" etc.
  tools/power turbostat: move --Package and --processor into the --cpu option
  tools/power turbostat: turbostat.8 update
  tools/power turbostat: update --list feature
  tools/power turbostat: use wide columns to display large numbers
  tools/power turbostat: Add --list option to show available header names
  tools/power turbostat: fix zero IRQ count shown in one-shot command mode
  tools/power turbostat: add --cpu parameter
  tools/power turbostat: print sysfs C-state stats
  tools/power turbostat: extend --add option to accept /sys path
  tools/power turbostat: skip unused counters on BDX
  tools/power turbostat: fix decoding for GLM, DNV, SKX turbo-ratio limits
  tools/power turbostat: skip unused counters on SKX
  tools/power turbostat: Denverton: use HW CC1 counter, skip C3, C7
  tools/power turbostat: initial Gemini Lake SOC support
  ...
2017-03-01 23:34:38 +01:00
Viresh Kumar
28db0c7b1c PM / OPP: Documentation: Fix opp-microvolt in examples
The triplet present in "opp-microvolt" property should be in the order
<target min max>, while all the examples have it in the order
<min target max>.

Fix it.

Luckily all of the users of "opp-microvolt" property have applied brain
instead of copying the examples from documentation and none of the
actual dts files have it wrong.

Reported-by: Rob Herring <robh@kernel.org>
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
2017-03-01 22:47:30 +01:00
Max Filippov
b46dcfa378 xtensa: allow merging vectors into .text section
Currently code for exception/IRQ vectors is stored in kernel image as
initialization data and is copied to its working addresses during
startup. It doesn't always make sense. In many cases vectors location
can be automatically decided at kernel link time and code can be placed
right there. This is especially useful for XIP kernel.

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2017-03-01 12:32:50 -08:00
Max Filippov
9a736fcb09 xtensa: clean up bootable image build targets
Currently xtensa uses 'zImage' as a synonym of 'all', but in fact xtensa
supports three targets: 'Image' (ELF image with reset vector), 'zImage'
(compressed redboot image) and 'uImage' (U-Boot image).
Provide separate 'Image', 'zImage' and 'uImage' make targets that only
build corresponding image type. Make 'all' build all images appropriate
for a platform.

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2017-03-01 12:32:50 -08:00
Max Filippov
4ab18701c6 xtensa: move parse_tag_fdt out of #ifdef CONFIG_BLK_DEV_INITRD
FDT tag parsing is not related to whether BLK_DEV_INITRD is configured
or not, move it out of the corresponding #ifdef/#endif block.
This fixes passing external FDT to the kernel configured w/o
BLK_DEV_INITRD support.

Cc: stable@vger.kernel.org
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
2017-03-01 12:31:52 -08:00
Josh Poimboeuf
e390f9a968 objtool, modules: Discard objtool annotation sections for modules
The '__unreachable' and '__func_stack_frame_non_standard' sections are
only used at compile time.  They're discarded for vmlinux but they
should also be discarded for modules.

Since this is a recurring pattern, prefix the section names with
".discard.".  It's a nice convention and vmlinux.lds.h already discards
such sections.

Also remove the 'a' (allocatable) flag from the __unreachable section
since it doesn't make sense for a discarded section.

Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Jessica Yu <jeyu@redhat.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Fixes: d1091c7fa3 ("objtool: Improve detection of BUG() and other dead ends")
Link: http://lkml.kernel.org/r/20170301180444.lhd53c5tibc4ns77@treble
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2017-03-01 20:32:25 +01:00
Linus Torvalds
6053dc9814 - Fix kernel panic on specific Qualcomm platform due to broken erratum
workaround
 - Revert contiguous bit support due to TLB conflict aborts in simulation
 - Don't treat all CPU ID register fields as 4-bit quantities
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABCgAGBQJYsHbpAAoJELescNyEwWM03xgH/jPZwxdS0UL1WftjqE7VXBI2
 5STwLBXB8cBr527QHBY7VCbtEQZAFnij7vJ8Eqe6nA8SMDbC1RTJ2ZkiPq0rKjVg
 pVJEdd3jEcRb3HNam90tOBTjlsyuR5Eagj0RI07j+YgsKhCxVTf6wu7z2StKhbuk
 o8P3fbV9JA9c68JR2MR7Z2GFe2pZW0vbRrKoSx6CdoCU8Wod46BUq+P+BoeVR+vZ
 593ERXnDi9tzoWFLyJYobO0PVuoipjX4e6+NxX+hPRKck6gJByainhnl63gGil9L
 vavJ2r3GK4pO5qAsusx6eXQksyR9lX5tGPk7XgJi+M+WMd4Moe+/zNXd4NADGww=
 =aG7Y
 -----END PGP SIGNATURE-----

Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux

Pull arm64 fixes from Will Deacon:
 "The main fix here addresses a kernel panic triggered on Qualcomm
  QDF2400 due to incorrect register usage in an erratum workaround
  introduced during the merge window.

  Summary:

   - Fix kernel panic on specific Qualcomm platform due to broken
     erratum workaround

   - Revert contiguous bit support due to TLB conflict aborts in
     simulation

   - Don't treat all CPU ID register fields as 4-bit quantities"

* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
  arm64/cpufeature: check correct field width when updating sys_val
  Revert "arm64: mm: set the contiguous bit for kernel mappings where appropriate"
  arm64: Avoid clobbering mm in erratum workaround on QDF2400
2017-03-01 10:32:30 -08:00
Liping Zhang
3b45a4106f net: route: add missing nla_policy entry for RTA_MARK attribute
This will add stricter validating for RTA_MARK attribute.

Signed-off-by: Liping Zhang <zlpnobody@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-03-01 10:25:56 -08:00
Felix Jia
8c171d6ca5 net/ipv6: avoid possible dead locking on addr_gen_mode sysctl
The addr_gen_mode variable can be accessed by both sysctl and netlink.
Repleacd rtnl_lock() with rtnl_trylock() protect the sysctl operation to
avoid the possbile dead lock.`

Signed-off-by: Felix Jia <felix.jia@alliedtelesis.co.nz>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-03-01 10:22:48 -08:00
Linus Torvalds
b286cedd47 powerpc updates for 4.11 part 2
Highlights include:
 
  - An update of the disassembly code used by xmon to the latest versions in
    binutils. We've received permission from all the authors of the relevant
    binutils changes to relicense their changes to the relevant files from GPLv3
    to GPLv2, for inclusion in Linux. Thanks to Peter Bergner for doing the leg
    work to get permission from everyone.
 
  - Addition of the "architected" Power9 CPU table entry, allowing us to boot
    in Power9 architected mode under a hypervisor.
 
  - Updates to the Power9 PMU code.
 
  - Implementation of clear_bit_unlock_is_negative_byte() to optimise
    unlock_page().
 
  - Freescale updates from Scott: "Highlights include 8xx breakpoints and perf,
    t1042rdb display support, and board updates."
 
 Thanks to:
   Al Viro, Andrew Donnellan, Aneesh Kumar K.V, Balbir Singh, Douglas Miller,
   Frédéric Weisbecker, Gavin Shan, Madhavan Srinivasan, Michael Roth, Nathan
   Fontenot, Naveen N. Rao, Nicholas Piggin, Peter Bergner, Paul E. McKenney,
   Rashmica Gupta, Russell Currey, Sahil Mehta, Stewart Smith.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJYthsKAAoJEFHr6jzI4aWAaWMQAJ7mAwX98ncoYschPgRmmIun
 f6DtE4IonrxiZ22gp1ct4+c9OFtA+B5FXMcEhOKpfh93lg38PTDjHs9e5kfauD7+
 oTQ2Bg1eXaL48FKdmC5Vs4Kt+/J8e9guGafUC1OVIpTyyRPoZeUDH0lx+kSPV5bd
 PkL+wY/k3W0Njo8WgD1P9u3W15+BxISo/k8c7ajzKTHGBZlAvj5h2gO6XUBNMLyy
 YClB/qIymjZriSB+AeWYD79k8gPbBZPsmZG0ZF1hY060894LgqLB9mPOJdffx/DY
 H7/uP6jcsRDOXTOmyueW1SEmPoQbtysiMd1lNrCXKtC/Okr5uhn2cUhi88AsgWvd
 1QFly2lobcDAKPah/yB7YQGMAcmYvGGNuqrWaosaV2T7r0KprzUYYgCOqzvC3WSJ
 QtVatBzMIqRTMYq+3U4G1aHeCXlRazVQHDuvPby8RdR5b2gIexiqMab2eS7tSMIH
 mCOIunRIvT14g/7wxUV7tahN+ifncNxzAk4DvPO+Wc4FQ4sy7wArv2YipSaWRWtE
 u7tNdBkEwlDkKhJgRU5T0Op2PyMbHwCP8pWuz7PQIhKIcgwmP9wb07BIWG/GGIqn
 07TxJYX2ItabyEMZMsYhzILZqjLyiAaCARANB7ScbQbdP8wdcGZcwismhwnfROIU
 NuxsZg63BUDMoxk7Sauu
 =rspd
 -----END PGP SIGNATURE-----

Merge tag 'powerpc-4.11-2' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux

Pull more powerpc updates from Michael Ellerman:
 "Highlights include:

   - an update of the disassembly code used by xmon to the latest
     versions in binutils. We've received permission from all the
     authors of the relevant binutils changes to relicense their changes
     to the relevant files from GPLv3 to GPLv2, for inclusion in Linux.
     Thanks to Peter Bergner for doing the leg work to get permission
     from everyone.

   - addition of the "architected" Power9 CPU table entry, allowing us
     to boot in Power9 architected mode under a hypervisor.

   - updates to the Power9 PMU code.

   - implementation of clear_bit_unlock_is_negative_byte() to optimise
     unlock_page().

   - Freescale updates from Scott: "Highlights include 8xx breakpoints
     and perf, t1042rdb display support, and board updates."

  Thanks to:
    Al Viro, Andrew Donnellan, Aneesh Kumar K.V, Balbir Singh, Douglas
    Miller, Frédéric Weisbecker, Gavin Shan, Madhavan Srinivasan,
    Michael Roth, Nathan Fontenot, Naveen N. Rao, Nicholas Piggin, Peter
    Bergner, Paul E. McKenney, Rashmica Gupta, Russell Currey, Sahil
    Mehta, Stewart Smith"

* tag 'powerpc-4.11-2' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux: (48 commits)
  powerpc: Remove leftover cputime_to_nsecs call causing build error
  powerpc/mm/hash: Always clear UPRT and Host Radix bits when setting up CPU
  powerpc/optprobes: Fix TOC handling in optprobes trampoline
  powerpc/pseries: Advertise Hot Plug Event support to firmware
  cxl: fix nested locking hang during EEH hotplug
  powerpc/xmon: Dump memory in CPU endian format
  powerpc/pseries: Revert 'Auto-online hotplugged memory'
  powerpc/powernv: Make PCI non-optional
  powerpc/64: Implement clear_bit_unlock_is_negative_byte()
  powerpc/powernv: Remove unused variable in pnv_pci_sriov_disable()
  powerpc/kernel: Remove error message in pcibios_setup_phb_resources()
  powerpc/mm: Fix typo in set_pte_at()
  pci/hotplug/pnv-php: Disable MSI and PCI device properly
  pci/hotplug/pnv-php: Disable surprise hotplug capability on conflicts
  pci/hotplug/pnv-php: Remove WARN_ON() in pnv_php_put_slot()
  powerpc: Add POWER9 architected mode to cputable
  powerpc/perf: use is_kernel_addr macro in perf_get_misc_flags()
  powerpc/perf: Avoid FAB_*_MATCH checks for power9
  powerpc/perf: Add restrictions to PMC5 in power9 DD1
  powerpc/perf: Use Instruction Counter value
  ...
2017-03-01 10:10:16 -08:00
Benjamin Tissoires
522214d9be Input: rmi4 - f30: detect INPUT_PROP_BUTTONPAD from the button count
INPUT_PROP_BUTTONPAD is currently only set through the platform data.
The RMI4 header doc says that this property is there to force the
buttonpad property, so we also need to detect it by looking at
the exported buttons count.

Signed-off-by: Benjamin Tissoires <benjamin.tissoires@redhat.com>
Reported-and-tested-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2017-03-01 10:01:56 -08:00
Linus Torvalds
044d5dfd62 sound fixes for 4.11-rc1
A few last-minute fixes for rc1:
 
 - ALSA core timer and sequencer fixes for bugs spotted by syzkaller
 - A couple of trivial HD-audio fixups
 - Additional PCI / codec IDs for Intel Geminilake
 - Fixes for CT-XFi DMA mask bugs
 -----BEGIN PGP SIGNATURE-----
 
 iQJCBAABCAAsFiEECxfAB4MH3rD5mfB6bDGAVD0pKaQFAli2mQcOHHRpd2FpQHN1
 c2UuZGUACgkQbDGAVD0pKaTboA//fvaaaGlU+IUBvEHV8LlqyfHOUBIIyowYIeJE
 mQHV4lrdMa9vEfXpIB5bztrqRcB6O9Trw0l4gEZfkC+YgLdZKZXi/haSdVnYsHRi
 koD8ZM1EtNu8o9FzGhOg8Cefu+bvQCg/dAglt6oitf3av/j6NmpFwC3EZzcAosH/
 VE3VRBk8AyQj1DYmlfoc+i27ksO9OceQI9xvJvGwdbbwzBTH/dL+PGXCwfF88T2p
 CyUvxtCk2HohHMloV6PtbpdD+ldouZxRvQsiV6MRy0Wg+ARAILvjeS9gdn3UT2LE
 E5J2JLM1X0x5J82Hki3z9vctwvmZbifCj/ewlql+3gFgAAvt0/PiRYZ0W1jcUpK6
 5THLRwU8zCOuAhQxsEzhDZh6mQq/gV69mWdVCgp3Er5faZQm6LqPUsHp2+yB/0aK
 0mXFRCAIjJa62ddtl40LPkPtJoEX9M00+ILNeASjMhpZSM8KyuBUnqygCoB1Kxhv
 vOiNhfIzXl8wQl406o/nIiDzbOdK7Ze7GyT6DHNQtNaS/aA9lS5RxYfcxDGce6c4
 nm9bnfkvRypNeY+dQwX5KefOd+ilYLHcOevUv1rC395pby7rEuVuMl/j83Qr8Pof
 cIjdSFefCCCQafH37UZhQ31noBIrxNFwlDBJh2YLWVDj6tU5ikY4GnjZQnMX/uv9
 /6XhpiM=
 =hOYM
 -----END PGP SIGNATURE-----

Merge tag 'sound-fix-4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound

Pull sound fixes from Takashi Iwai:
 "A few last-minute fixes for rc1:

   - ALSA core timer and sequencer fixes for bugs spotted by syzkaller

   - a couple of trivial HD-audio fixups

   - additional PCI / codec IDs for Intel Geminilake

   - fixes for CT-XFi DMA mask bugs"

* tag 'sound-fix-4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
  ALSA: seq: Fix link corruption by event error handling
  ALSA: hda - Add subwoofer support for Dell Inspiron 17 7000 Gaming
  ALSA: ctxfi: Fallback DMA mask to 32bit
  ALSA: timer: Reject user params with too small ticks
  ALSA: hda: Add Geminilake HDMI codec ID
  ALSA: hda - Fix micmute hotkey problem for a lenovo AIO machine
  ALSA: hda - Add Geminilake PCI ID
2017-03-01 09:59:21 -08:00
David S. Miller
a3695e9751 Merge branch 'vxlan-geneve-rcu-fixes'
Jakub Kicinski says:

====================
VXLAN/geneve RCU fixes

VXLAN and GENEVE need to take RCU lock explicitly because TX path
only has the _bh() flavour of RCU locked.  Making the reconfiguration
path wait for both normal and _bh() RCU would be bigger hassle so
just acquire the lock, as suggested by Pravin:

https://www.mail-archive.com/netdev@vger.kernel.org/msg155583.html
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2017-03-01 09:58:46 -08:00
Jakub Kicinski
a717e3f740 geneve: lock RCU on TX path
There is no guarantees that callers of the TX path will hold
the RCU lock.  Grab it explicitly.

Fixes: fceb9c3e38 ("geneve: avoid using stale geneve socket.")
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-03-01 09:58:31 -08:00
Jakub Kicinski
56de859e99 vxlan: lock RCU on TX path
There is no guarantees that callers of the TX path will hold
the RCU lock.  Grab it explicitly.

Fixes: c6fcc4fc5f ("vxlan: avoid using stale vxlan socket.")
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-03-01 09:58:31 -08:00
Linus Torvalds
544a068f1f Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux
Pull thermal management updates from Zhang Rui:

 - add thermal driver for R-Car Gen3 thermal sensors.

 - add thermal driver for ZTE' zx2967 family thermal sensors.

 - convert thermal ID allocation from IDR to IDA.

 - fix a possible NULL dereference in imx thermal driver.

 - fix a ti-soc-thermal driver dependency issue so that critical thermal
   control is still available when CPU_THERMAL is not defined.

 - update binding information for QorIQ thermal driver.

 - a couple of cleanups in thermal core, intel_powerclamp, exynos,
   dra752-thermal, mtk-thermal driver.

* 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux:
  powerpc/mpc85xx: Update TMU device tree node for T1023/T1024
  powerpc/mpc85xx: Update TMU device tree node for T1040/T1042
  dt-bindings: Update QorIQ TMU thermal bindings
  thermal: mtk_thermal: Staticise a number of data variables
  thermal: arm: dra752: Remove all TSHUT related definitions
  thermal: arm: dra752: Remove TSHUT configuration
  thermal: ti-soc-thermal: Remove CPU_THERMAL Dependency from TI_THERMAL
  thermal: imx: Fix possible NULL dereference.
  thermal: exynos: Remove parsing unused samsung,tmu_cal_mode property
  thermal: zx2967: add thermal driver for ZTE's zx2967 family
  thermal: use cpumask_var_t for on-stack cpu masks
  dt: bindings: add documentation for zx2967 family thermal sensor
  thermal/intel_powerclamp: Remove set-but-not-used variables
  thermal: rcar_gen3_thermal: Add R-Car Gen3 thermal driver
  thermal: rcar_gen3_thermal: Document the R-Car Gen3
  thermal: convert devfreq_cooling to use an IDA
  thermal: convert cpu_cooling to use an IDA
  thermal: convert clock cooling to use an IDA
  thermal core: convert ID allocation to IDA
2017-03-01 09:54:32 -08:00
Eric Dumazet
39e6c8208d net: solve a NAPI race
While playing with mlx4 hardware timestamping of RX packets, I found
that some packets were received by TCP stack with a ~200 ms delay...

Since the timestamp was provided by the NIC, and my probe was added
in tcp_v4_rcv() while in BH handler, I was confident it was not
a sender issue, or a drop in the network.

This would happen with a very low probability, but hurting RPC
workloads.

A NAPI driver normally arms the IRQ after the napi_complete_done(),
after NAPI_STATE_SCHED is cleared, so that the hard irq handler can grab
it.

Problem is that if another point in the stack grabs NAPI_STATE_SCHED bit
while IRQ are not disabled, we might have later an IRQ firing and
finding this bit set, right before napi_complete_done() clears it.

This can happen with busy polling users, or if gro_flush_timeout is
used. But some other uses of napi_schedule() in drivers can cause this
as well.

thread 1                                 thread 2 (could be on same cpu, or not)

// busy polling or napi_watchdog()
napi_schedule();
...
napi->poll()

device polling:
read 2 packets from ring buffer
                                          Additional 3rd packet is
available.
                                          device hard irq

                                          // does nothing because
NAPI_STATE_SCHED bit is owned by thread 1
                                          napi_schedule();

napi_complete_done(napi, 2);
rearm_irq();

Note that rearm_irq() will not force the device to send an additional
IRQ for the packet it already signaled (3rd packet in my example)

This patch adds a new NAPI_STATE_MISSED bit, that napi_schedule_prep()
can set if it could not grab NAPI_STATE_SCHED

Then napi_complete_done() properly reschedules the napi to make sure
we do not miss something.

Since we manipulate multiple bits at once, use cmpxchg() like in
sk_busy_loop() to provide proper transactions.

In v2, I changed napi_watchdog() to use a relaxed variant of
napi_schedule_prep() : No need to set NAPI_STATE_MISSED from this point.

In v3, I added more details in the changelog and clears
NAPI_STATE_MISSED in busy_poll_stop()

In v4, I added the ideas given by Alexander Duyck in v3 review

Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Alexander Duyck <alexander.duyck@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-03-01 09:50:58 -08:00
Dan Carpenter
b2d0fe3547 net/mlx4: && vs & typo
Bitwise & was obviously intended here.

Fixes: 745d8ae462 ("net/mlx4: Spoofcheck and zero MAC can't coexist")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Tariq Toukan <tariqt@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-03-01 09:50:58 -08:00
Colin Ian King
4f3de46f7a net: usb: asix_devices: fix missing return code check on call to asix_write_medium_mode
The call to asix_write_medium_mode is not updating the return code ret
and yet ret is being checked for an error. Fix this by assigning ret to
the return code from the call asix_write_medium_mode.

Detected by CoverityScan, CID#1357148 ("Logically Dead Code")

Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-03-01 09:50:58 -08:00
Baruch Siach
0bf09c397e MAINTAINERS: Orphan usb/net/hso driver
The email address of Jan Dumon bounces, and there is not relevant information
in the linked website.

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-03-01 09:50:58 -08:00
Ido Schimmel
f7df4923fa mlxsw: spectrum_router: Avoid potential packets loss
When the structure of the LPM tree changes (f.e., due to the addition of
a new prefix), we unbind the old tree and then bind the new one. This
may result in temporary packet loss.

Instead, overwrite the old binding with the new one.

Fixes: 6b75c4807d ("mlxsw: spectrum_router: Add virtual router management")
Signed-off-by: Ido Schimmel <idosch@mellanox.com>
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-03-01 09:50:58 -08:00
Zhu Yanjun
4f7bfb3982 rds: ib: add the static type to the variables
The variables rds_ib_mr_1m_pool_size and rds_ib_mr_8k_pool_size
are used only in the ib.c file. As such, the static type is
added to limit them in this file.

Cc: Joe Jin <joe.jin@oracle.com>
Cc: Junxiao Bi <junxiao.bi@oracle.com>
Signed-off-by: Zhu Yanjun <yanjun.zhu@oracle.com>
Acked-by: Santosh Shilimkar <santosh.shilimkar@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-03-01 09:50:58 -08:00
Xin Long
5179b26694 sctp: call rcu_read_lock before checking for duplicate transport nodes
Commit cd2b708750 ("sctp: check duplicate node before inserting a
new transport") called rhltable_lookup() to check for the duplicate
transport node in transport rhashtable.

But rhltable_lookup() doesn't call rcu_read_lock inside, it could cause
a use-after-free issue if it tries to dereference the node that another
cpu has freed it. Note that sock lock can not avoid this as it is per
sock.

This patch is to fix it by calling rcu_read_lock before checking for
duplicate transport nodes.

Fixes: cd2b708750 ("sctp: check duplicate node before inserting a new transport")
Reported-by: Andrey Konovalov <andreyknvl@google.com>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-03-01 09:50:58 -08:00
David Howells
540b1c48c3 rxrpc: Fix deadlock between call creation and sendmsg/recvmsg
All the routines by which rxrpc is accessed from the outside are serialised
by means of the socket lock (sendmsg, recvmsg, bind,
rxrpc_kernel_begin_call(), ...) and this presents a problem:

 (1) If a number of calls on the same socket are in the process of
     connection to the same peer, a maximum of four concurrent live calls
     are permitted before further calls need to wait for a slot.

 (2) If a call is waiting for a slot, it is deep inside sendmsg() or
     rxrpc_kernel_begin_call() and the entry function is holding the socket
     lock.

 (3) sendmsg() and recvmsg() or the in-kernel equivalents are prevented
     from servicing the other calls as they need to take the socket lock to
     do so.

 (4) The socket is stuck until a call is aborted and makes its slot
     available to the waiter.

Fix this by:

 (1) Provide each call with a mutex ('user_mutex') that arbitrates access
     by the users of rxrpc separately for each specific call.

 (2) Make rxrpc_sendmsg() and rxrpc_recvmsg() unlock the socket as soon as
     they've got a call and taken its mutex.

     Note that I'm returning EWOULDBLOCK from recvmsg() if MSG_DONTWAIT is
     set but someone else has the lock.  Should I instead only return
     EWOULDBLOCK if there's nothing currently to be done on a socket, and
     sleep in this particular instance because there is something to be
     done, but we appear to be blocked by the interrupt handler doing its
     ping?

 (3) Make rxrpc_new_client_call() unlock the socket after allocating a new
     call, locking its user mutex and adding it to the socket's call tree.
     The call is returned locked so that sendmsg() can add data to it
     immediately.

     From the moment the call is in the socket tree, it is subject to
     access by sendmsg() and recvmsg() - even if it isn't connected yet.

 (4) Lock new service calls in the UDP data_ready handler (in
     rxrpc_new_incoming_call()) because they may already be in the socket's
     tree and the data_ready handler makes them live immediately if a user
     ID has already been preassigned.

     Note that the new call is locked before any notifications are sent
     that it is live, so doing mutex_trylock() *ought* to always succeed.
     Userspace is prevented from doing sendmsg() on calls that are in a
     too-early state in rxrpc_do_sendmsg().

 (5) Make rxrpc_new_incoming_call() return the call with the user mutex
     held so that a ping can be scheduled immediately under it.

     Note that it might be worth moving the ping call into
     rxrpc_new_incoming_call() and then we can drop the mutex there.

 (6) Make rxrpc_accept_call() take the lock on the call it is accepting and
     release the socket after adding the call to the socket's tree.  This
     is slightly tricky as we've dequeued the call by that point and have
     to requeue it.

     Note that requeuing emits a trace event.

 (7) Make rxrpc_kernel_send_data() and rxrpc_kernel_recv_data() take the
     new mutex immediately and don't bother with the socket mutex at all.

This patch has the nice bonus that calls on the same socket are now to some
extent parallelisable.

Note that we might want to move rxrpc_service_prealloc() calls out from the
socket lock and give it its own lock, so that we don't hang progress in
other calls because we're waiting for the allocator.

We probably also want to avoid calling rxrpc_notify_socket() from within
the socket lock (rxrpc_accept_call()).

Signed-off-by: David Howells <dhowells@redhat.com>
Tested-by: Marc Dionne <marc.c.dionne@auristor.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-03-01 09:50:58 -08:00
Linus Torvalds
545b2820c4 pwm: Changes for v4.11-rc1
This set contains mostly fixes to existing drivers as well as cleanup of
 code that's not been in active use for a while.
 -----BEGIN PGP SIGNATURE-----
 
 iQJNBAABCAA3FiEEiOrDCAFJzPfAjcif3SOs138+s6EFAli1+XgZHHRoaWVycnku
 cmVkaW5nQGdtYWlsLmNvbQAKCRDdI6zXfz6zoX8LD/4l8MeOgKo+uWsfX7tY1kQ/
 gWitT/g+jCl3kXYtmcDTaLbEnNr0b5tGahmYC7rnCLhoq6Sp1VXjm6LChuoIUrMF
 r53IlUEEgHhClfCK/vqrp/kZoFndmtLZN2V6K8gpM730nNLYAwH6FhGmUFYp47Sm
 Xfdl5PwuSVDNnrBehjXPuAqUpFTp8lzrZsRkFrbX5a6TJ7hjn0TwNdovdGa6pV7k
 0LXKBfSGTRS2BxDmAFqXItC2USG7v3WRCDc4jCtykNLyQKU1yCA+AYwgR9+1jj8o
 1I07gjbZ+Fp8hzcQw/88MdodtS1xGV75WquhYLYWTgbneEWAcRVM47wklvL5gm7O
 70lIAvOveSFGjFoWnB9YACkOoZIxDINLhWwBD0Ytfpu/gaj3VsP/WrdMu6dk5kWq
 va4XHCS+dObT3o4fRkxQsQJVhAJmg4000Mupg4DOgaigd1PmFLFjBsmHua4+Ssf5
 c+y+SVAg8+c3jqA9mHxPJAJesJ41fXBQCB1Xy8pDOe8iK9fBiZjkq2ssiDerN0kI
 Sc4+hZHaGRhJqZUItvKJvNhdvrPkzQsRjrZgVLW/bDEXek3SXEmBAFsuZnr6w4BZ
 TVVxTNzg+h4obJZEay/P6oWO6KDfF/RyTK0CUHj/ORHxbqUViiwlSJkTVgp7Etd6
 mJj0xObBIwUGnSYvqGcShA==
 =J9q4
 -----END PGP SIGNATURE-----

Merge tag 'pwm/for-4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/thierry.reding/linux-pwm

Pull pwm updates from Thierry Reding:
 "This set contains mostly fixes to existing drivers as well as cleanup
  of code that's not been in active use for a while"

* tag 'pwm/for-4.11-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/thierry.reding/linux-pwm: (27 commits)
  acpi: lpss: call pwm_add_table() for BSW PWM device
  pwm: Try to load modules during pwm_get()
  pwm: Don't hold pwm_lookup_lock longer than necessary
  pwm: Make the PWM_POLARITY flag in DTB optional
  pwm: Print error messages with pr_err() instead of pr_debug()
  pwm: imx: Add polarity inversion support to i.MX's PWMv2
  pwm: imx: doc: Update imx-pwm.txt documentation entry
  pwm: imx: Remove redundant i.MX PWMv2 code
  pwm: imx: Provide atomic PWM support for i.MX PWMv2
  pwm: imx: Move PWMv2 wait for fifo slot code to a separate function
  pwm: imx: Move PWMv2 software reset code to a separate function
  pwm: imx: Rewrite v1 code to facilitate switch to atomic PWM
  pwm: imx: Add separate set of PWM ops for v1 and v2
  pwm: imx: Remove ipg clock and enable per clock when required
  pwm: lpss: Add Intel Gemini Lake PCI ID
  pwm: lpss: Do not export board infos for different PWM types
  pwm: lpss: Avoid reconfiguring while UPDATE bit is still enabled
  pwm: lpss: Switch to new atomic API
  pwm: lpss: Allow duty cycle to be 0
  pwm: lpss: Avoid potential overflow of base_unit
  ...
2017-03-01 09:46:02 -08:00
Linus Torvalds
3437f9f0a6 AST 2500 support for v4.11 - new hardware
-----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJYtO7nAAoJEAx081l5xIa+48wP/3hd6e10Eih5chxsCAD+hNkv
 ljJ4Fn8mD7KbAxZabeSAMkDqwUUJ3h6fHtVb57GH+dklioLQ8PRno0m2dcVpM3US
 3gw5diGfwvADISgYGYsvKLyIBUJx6Ze0fEmdFb6vKZb/S3W85Yiz/rMIlo6Dlxj1
 OD0PdqDnfTwWFDzMfntJd1t3kViShONDmyABLtXyEXDm8efaqWCCAl+kD1wOho6n
 UmWmG15Dt+Wb1fFgi1u96X8eQn0376i0dfl8ose+/IQMbbdC4QaqDu8gs49UoSks
 l3+V7yBteN7C99jvhnuapk+z7H1KvSk49fqo6lPCUmGBy1S5BQSyGeXnQNs9BS36
 MRfeU9L6PCEbI1/jqcvCxJXcEbqBIMMl8525O44a45wynrG5lSZCliSF/CXNcc8r
 nJRJPNtvmqCw+3OCZiS4Au0rTTJbMM6Tni4ex9XI3cUZ/cazdeTy497eFZI/sX/F
 ENdaKNI22Pdb7dBActseOXPzsDDv+ctFZj02T9ll58wSKy7GZCXZrsul57rKKCaA
 nyBkXsWtwDbo6rIoHcaOLYsdhavMU139DXJXca64qhM99ymmMFQsyU45ctplBlp8
 d0a9BLyqzLreRpXdwOzvi1WiEe5vUGhadlAsmscHyRF3ZfHGa7Tet6HQfYN5eCZQ
 8jH7UB45KJcYGjKDPldr
 =Jt8n
 -----END PGP SIGNATURE-----

Merge tag 'drm-ast-2500-for-v4.11' of git://people.freedesktop.org/~airlied/linux

Pull drm AST2500 support from Dave Airlie:
 "This is a set of changes to enable the AST2500 BMC hardware, and also
  fix some bugs interacting with the older AST hardware.

  Some of the bug fixes are cc'ed to stable"

* tag 'drm-ast-2500-for-v4.11' of git://people.freedesktop.org/~airlied/linux:
  drm/ast: Call open_key before enable_mmio in POST code
  drm/ast: Fix test for VGA enabled
  drm/ast: POST code for the new AST2500
  drm/ast: Rename ast_init_dram_2300 to ast_post_chip_2300
  drm/ast: Factor mmc_test code in POST code
  drm/ast: Fixed vram size incorrect issue on POWER
  drm/ast: Base support for AST2500
  drm/ast: Fix calculation of MCLK
  drm/ast: Remove spurious include
  drm/ast: const'ify mode setting tables
  drm/ast: Handle configuration without P2A bridge
  drm/ast: Fix AST2400 POST failure without BMC FW or VBIOS
2017-03-01 09:42:42 -08:00
Linus Torvalds
f3ecc84b09 misc fixes for v4.11-rc1
-----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJYtO93AAoJEAx081l5xIa+1soP/0qfpRzPrDU2OGPLK6bZHHaw
 zVaJxPBAMzrnnp4mhp7WW/+e9etYAD5DU3Q3TgY0PgS4np6o2h+zV0t6/su5PAfi
 0Zzdc41gw5Q3503OV+zmqyfX1zlp5oD6PtiQ3iVrfzKZeMBJPyJ741n21GXDZwmV
 2Z+Wk9uXm8cK0Sc/VFWFtpHVlD3Hrai5Jc9DhaMooFxIKw3FEvlmNBeS/aIyhm0z
 sc+f+GM86LOx5jr9IxCTdVa9Fm1O50CzQW949yt3RrV1eFQ1SzvBJomBIA6oZgdw
 n7V2eyJDhXshTL2GhAQ4F5/DDtpHWTb4yjWp3MV3hIMhZBl7BtrWclWMgbqJqOWM
 WI6rSIJUyx/zpqVtK7ItaIaoFadYoTPtujq7x7weZu9CwrejxgIztlvIosYYng7Q
 spt5T3c+ikeBEalDOADFclsD8TQz2m1yHw9dM0dZ2Z72Ey+yGTisybgk9su3UUBx
 jqb4eLUOqJK9jZtlHzru4lKwBd4FCkg31BUx6+iOO/UddyR6aojO7XzydcVEIiUq
 8SZiINc/v6eLij26x1N5lR2DTa2lvIhjhV2C8dHRnWXTyIdhIBvLHZUVZLb9hX7P
 dRm8mRJ6hRiIhQPluNKnJNlLdcqlbytawPSkFknUGi/bVKh+mIP93FPCU1KjaPJP
 n8z2KBIDZpgOAru36V/5
 =Wm0D
 -----END PGP SIGNATURE-----

Merge tag 'drm-fixes-for-v4.11-rc1' of git://people.freedesktop.org/~airlied/linux

Pull drm fixes from Dave Airlie:
 "Misc fixes for v4.11-rc1.

  This is a selection of fixes for recent bugs, the vmwgfx one is
  important to avoid a regression, and compat ioctl one is pretty urgent
  for stable. Otherwise nothing too much.

  I've got a separate pull req for some AST hw IBM need to enable"

* tag 'drm-fixes-for-v4.11-rc1' of git://people.freedesktop.org/~airlied/linux:
  dma-buf: add support for compat ioctl
  drm/vmwgfx: Work around drm removal of control nodes
  drm/rockchip: cdn-dp: Fix error handling
  drm/rockchip: add extcon dependency for DP
  drm: zte: fix static checker warning on variable 'fmt'
2017-03-01 08:50:33 -08:00
Wanpeng Li
acc9ab6013 KVM: nVMX: Fix pending events injection
L2 fails to boot on a non-APICv box dues to 'commit 0ad3bed6c5
("kvm: nVMX: move nested events check to kvm_vcpu_running")'

KVM internal error. Suberror: 3
extra data[0]: 800000ef
extra data[1]: 1
RAX=0000000000000000 RBX=ffffffff81f36140 RCX=0000000000000000 RDX=0000000000000000
RSI=0000000000000000 RDI=0000000000000000 RBP=ffff88007c92fe90 RSP=ffff88007c92fe90
R8 =ffff88007fccdca0 R9 =0000000000000000 R10=00000000fffedb3d R11=0000000000000000
R12=0000000000000003 R13=0000000000000000 R14=0000000000000000 R15=ffff88007c92c000
RIP=ffffffff810645e6 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0000 0000000000000000 ffffffff 00c00000
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff88007fcc0000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 ffff88007fcd4200 00002087 00008b00 DPL=0 TSS64-busy
GDT=     ffff88007fcc9000 0000007f
IDT=     ffffffffff578000 00000fff
CR0=80050033 CR2=00000000ffffffff CR3=0000000001e0a000 CR4=003406e0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000
DR6=00000000fffe0ff0 DR7=0000000000000400
EFER=0000000000000d01

We should try to reinject previous events if any before trying to inject
new event if pending. If vmexit is triggered by L2 guest and L0 interested
in, we should reinject IDT-vectoring info to L2 through vmcs02 if any,
otherwise, we can consider new IRQs/NMIs which can be injected and call
nested events callback to switch from L2 to L1 if needed and inject the
proper vmexit events. However, 'commit 0ad3bed6c5 ("kvm: nVMX: move
nested events check to kvm_vcpu_running")' results in the handle events
order reversely on non-APICv box. This patch fixes it by bailing out for
pending events and not consider new events in this scenario.

Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Radim Krčmář <rkrcmar@redhat.com>
Cc: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Wanpeng Li <wanpeng.li@hotmail.com>
Fixes: 0ad3bed6c5 ("kvm: nVMX: move nested events check to kvm_vcpu_running")
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
2017-03-01 17:03:24 +01:00
Jérémy Lefaure
0fce546f9f x86/kvm/vmx: remove unused variable in segment_base()
The pointer 'struct desc_struct *d' is unused since commit 8c2e41f7ae
("x86/kvm/vmx: Simplify segment_base()") so let's remove it.

Signed-off-by: Jérémy Lefaure <jeremy.lefaure@lse.epita.fr>
Reviewed-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
2017-03-01 17:03:24 +01:00
Andy Lutomirski
0eb1d0fa6a selftests/x86: Add a basic selftest for ioperm
This doesn't fully exercise the interaction between KVM and ioperm(),
but it does test basic functionality.

Signed-off-by: Andy Lutomirski <luto@kernel.org>
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
2017-03-01 17:03:23 +01:00
Andy Lutomirski
b7ceaec112 x86/asm: Tidy up TSS limit code
In an earlier version of the patch ("x86/kvm/vmx: Defer TR reload
after VM exit") that introduced TSS limit validity tracking, I
confused which helper was which.  On reflection, the names I chose
sucked.  Rename the helpers to make it more obvious what's going on
and add some comments.

While I'm at it, clear __tss_limit_invalid when force-reloading as
well as when contitionally reloading, since any TR reload fixes the
limit.

Signed-off-by: Andy Lutomirski <luto@kernel.org>
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
2017-03-01 17:03:22 +01:00
Elena Reshetova
e3736c3eb3 kvm: convert kvm.users_count from atomic_t to refcount_t
refcount_t type and corresponding API should be
used instead of atomic_t when the variable is used as
a reference counter. This allows to avoid accidental
refcounter overflows that might lead to use-after-free
situations.

Signed-off-by: Elena Reshetova <elena.reshetova@intel.com>
Signed-off-by: Hans Liljestrand <ishkamiel@gmail.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: David Windsor <dwindsor@gmail.com>
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
2017-03-01 17:03:21 +01:00
Arnd Bergmann
9ad82f117f watchdog: retu: restore MFD dependency
The retu watchdog calls into the respective mfd driver, but fails to
link if that is diabled:

drivers/watchdog/built-in.o: In function `retu_wdt_set_timeout':
ziirave_wdt.c:(.text+0x8c88): undefined reference to `retu_write'
ziirave_wdt.c:(.text+0x8c88): relocation truncated to fit: R_AARCH64_CALL26 against undefined symbol `retu_write'
drivers/watchdog/built-in.o: In function `retu_wdt_start':
ziirave_wdt.c:(.text+0x8cc8): undefined reference to `retu_write'
ziirave_wdt.c:(.text+0x8cc8): relocation truncated to fit: R_AARCH64_CALL26 against undefined symbol `retu_write'

This restores the dependency as it was before

Fixes: da2a68b3eb ("watchdog: Enable COMPILE_TEST where possible")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
2017-03-01 06:15:10 -08:00
Arnd Bergmann
9297b652bd watchdog: db8500: add back prmcu dependency
When the db8500 watchdog is enabled without the PRCMU, we get a lot of
warnings about duplicate or missing helper functions:

In file included from drivers/watchdog/ux500_wdt.c:21:0:
include/linux/mfd/dbx500-prcmu.h:422:19: error: redefinition of 'prcmu_abb_read'
 static inline int prcmu_abb_read(u8 slave, u8 reg, u8 *value, u8 size)

This restores the dependency as it was.

Fixes: da2a68b3eb ("watchdog: Enable COMPILE_TEST where possible")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
2017-03-01 06:15:10 -08:00
Arnd Bergmann
3736d4eb6a watchdog: kempld: fix gcc-4.3 build
gcc-4.3 can't decide whether the constant value in
kempld_prescaler[PRESCALER_21] is built-time constant or
not, and gets confused by the logic in do_div():

drivers/watchdog/kempld_wdt.o: In function `kempld_wdt_set_stage_timeout':
kempld_wdt.c:(.text.kempld_wdt_set_stage_timeout+0x130): undefined reference to `__aeabi_uldivmod'

This adds a call to ACCESS_ONCE() to force it to not consider
it to be constant, and leaves the more efficient normal case
in place for modern compilers, using an #ifdef to annotate
why we do this hack.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
2017-03-01 06:15:10 -08:00
Niklas Cassel
8d5755b3f7 watchdog: softdog: fire watchdog even if softirqs do not get to run
Checking for timer expiration is done from the softirq TIMER_SOFTIRQ.

Since commit 4cd13c21b2 ("softirq: Let ksoftirqd do its job"),
pending softirqs are no longer always handled immediately, instead,
if there are pending softirqs, and ksoftirqd is in state TASK_RUNNING,
the handling of the softirqs are deferred, and are instead supposed
to be handled by ksoftirqd, when ksoftirqd gets scheduled.

If a user space process with a real-time policy starts to misbehave
by never relinquishing the CPU while ksoftirqd is in state TASK_RUNNING,
what will happen is that all softirqs will get deferred, while ksoftirqd,
which is supposed to handle the deferred softirqs, will never get to run.

To make sure that the watchdog is able to fire even when we do not get
to run softirqs, replace the timers with hrtimers.

Signed-off-by: Niklas Cassel <niklas.cassel@axis.com>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
2017-03-01 06:15:10 -08:00
Arnd Bergmann
ed4a9eca66 watchdog: kempld: revert to full dependency
The kempld watchdog driver requires the respective MFD driver:

drivers/watchdog/built-in.o: In function `kempld_wdt_probe':
kempld_wdt.c:(.text+0x5c78): undefined reference to `kempld_get_mutex'
kempld_wdt.c:(.text+0x5c84): undefined reference to `kempld_read8'
kempld_wdt.c:(.text+0x5c8e): undefined reference to `kempld_release_mutex'
kempld_wdt.c:(.text+0x5d1c): undefined reference to `kempld_read8'
kempld_wdt.c:(.text+0x5d2c): undefined reference to `kempld_write8'

This adds the Kconfig dependency back.

Fixes: da2a68b3eb ("watchdog: Enable COMPILE_TEST where possible")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
2017-03-01 06:15:10 -08:00
Arnd Bergmann
2672b7e01a watchdog: bcm2835: add CONFIG_OF dependency
Without CONFIG_OF, the driver fails to link:

drivers/watchdog/built-in.o: In function `bcm2835_power_off':
bcm2835_wdt.c:(.text+0x1946): undefined reference to `of_find_device_by_node'

This adds a new dependency, to allow the COMPILE_TEST check to succeed.

Fixes: da2a68b3eb ("watchdog: Enable COMPILE_TEST where possible")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
2017-03-01 06:15:10 -08:00
Arnd Bergmann
3eafee9564 watchdog: sp805: add back AMBA dependency
The driver fails to link if ARM_AMBA is disabled:

drivers/watchdog/sp805_wdt.o: In function `sp805_wdt_driver_init':
sp805_wdt.c:(.init.text+0x4): undefined reference to `amba_driver_register'

It seems that the COMPILE_TEST was added in the wrong place, as there
is no architecture dependency, but a bus dependency. This moves
the dependency accordingly.

Fixes: da2a68b3eb ("watchdog: Enable COMPILE_TEST where possible")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
2017-03-01 06:15:10 -08:00
Arnd Bergmann
6fb303a81a watchdog: menf21bmc: add I2C dependency
This driver fails to link when CONFIG_I2C is disabled or a loadable module while
the watchdog is built-in:

drivers/watchdog/built-in.o: In function `menf21bmc_wdt_shutdown':
menf21bmc_wdt.c:(.text+0x9b44): undefined reference to `i2c_smbus_write_word_data'
menf21bmc_wdt.c:(.text+0x9b44): relocation truncated to fit: R_AARCH64_CALL26 against undefined symbol `i2c_smbus_write_word_data'

This adds a Kconfig dependency for it, to enforce a valid configuration.

Fixes: da2a68b3eb ("watchdog: Enable COMPILE_TEST where possible")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
2017-03-01 06:15:10 -08:00
Arnd Bergmann
0369fdf2e1 watchdog: geode: restore hard CS5535_MFGPT dependency
Wtihout CONFIG_CS5535_MFGPT, the driver does not link right:

drivers/watchdog/built-in.o: In function `geodewdt_probe':
geodewdt.c:(.init.text+0xca3): undefined reference to `cs5535_mfgpt_alloc_timer'
geodewdt.c:(.init.text+0xcd4): undefined reference to `cs5535_mfgpt_write'
geodewdt.c:(.init.text+0xcef): undefined reference to `cs5535_mfgpt_toggle_event'

This adds back the dependency on this base driver.

Fixes: da2a68b3eb ("watchdog: Enable COMPILE_TEST where possible")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
2017-03-01 06:15:10 -08:00
Arnd Bergmann
d0e32fba85 watchdog: wm831x watchdog really needs mfd
The wm831x watchdog driver can now be built without the wm831x mfd
driver, which results in a link error:

(.text+0x1a95c): undefined reference to `wm831x_set_bits'
(.text+0x1a95c): relocation truncated to fit: R_AARCH64_CALL26 against undefined symbol `wm831x_set_bits'
(.text+0x1a968): undefined reference to `wm831x_reg_lock'
(.text+0x1a968): relocation truncated to fit: R_AARCH64_CALL26 against undefined symbol `wm831x_reg_lock'
(.text+0x1a9dc): undefined reference to `wm831x_reg_unlock'
(.text+0x1a9dc): relocation truncated to fit: R_AARCH64_CALL26 against undefined symbol `wm831x_reg_unlock'

This adds back the dependency that was removed. We can still build test
this driver on all architectures by enabling the MFD driver for it first.

Fixes: da2a68b3eb ("watchdog: Enable COMPILE_TEST where possible")
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
2017-03-01 06:15:10 -08:00
Josh Poimboeuf
55149d0653 objtool, compiler.h: Fix __unreachable section relocation size
Linus reported the following commit broke module loading on his laptop:

  d1091c7fa3 ("objtool: Improve detection of BUG() and other dead ends")

It showed errors like the following:

  module: overflow in relocation type 10 val ffffffffc02afc81
  module: 'nvme' likely not compiled with -mcmodel=kernel

The problem is that the __unreachable section addresses are stored using
the '.long' asm directive, which isn't big enough for .text section
kernel addresses.  Use relative addresses instead:

  ".long %c0b - .\t\n"

Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Fixes: d1091c7fa3 ("objtool: Improve detection of BUG() and other dead ends")
Link: http://lkml.kernel.org/r/20170301060504.oltm3iws6fmubnom@treble
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2017-03-01 14:20:18 +01:00
Robert O'Callahan
bba82fd756 KVM: x86: never specify a sample period for virtualized in_tx_cp counters
pmc_reprogram_counter() always sets a sample period based on the value of
pmc->counter. However, hsw_hw_config() rejects sample periods less than
2^31 - 1. So for example, if a KVM guest does

    struct perf_event_attr attr;
    memset(&attr, 0, sizeof(attr));
    attr.type = PERF_TYPE_RAW;
    attr.size = sizeof(attr);
    attr.config = 0x2005101c4; // conditional branches retired IN_TXCP
    attr.sample_period = 0;
    int fd = syscall(__NR_perf_event_open, &attr, 0, -1, -1, 0);
    ioctl(fd, PERF_EVENT_IOC_DISABLE, 0);
    ioctl(fd, PERF_EVENT_IOC_ENABLE, 0);

the guest kernel counts some conditional branch events, then updates the
virtual PMU register with a nonzero count. The host reaches
pmc_reprogram_counter() with nonzero pmc->counter, triggers EOPNOTSUPP
in hsw_hw_config(), prints "kvm_pmu: event creation failed" in
pmc_reprogram_counter(), and silently (from the guest's point of view) stops
counting events.

We fix event counting by forcing attr.sample_period to always be zero for
in_tx_cp counters. Sampling doesn't work, but it already didn't work and
can't be fixed without major changes to the approach in hsw_hw_config().

Signed-off-by: Robert O'Callahan <robert@ocallahan.org>
Signed-off-by: Radim Krčmář <rkrcmar@redhat.com>
2017-03-01 14:19:46 +01:00
Laura Abbott
1c68bb0f62 crypto: testmgr - Pad aes_ccm_enc_tv_template vector
Running with KASAN and crypto tests currently gives

 BUG: KASAN: global-out-of-bounds in __test_aead+0x9d9/0x2200 at addr ffffffff8212fca0
 Read of size 16 by task cryptomgr_test/1107
 Address belongs to variable 0xffffffff8212fca0
 CPU: 0 PID: 1107 Comm: cryptomgr_test Not tainted 4.10.0+ #45
 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.9.1-1.fc24 04/01/2014
 Call Trace:
  dump_stack+0x63/0x8a
  kasan_report.part.1+0x4a7/0x4e0
  ? __test_aead+0x9d9/0x2200
  ? crypto_ccm_init_crypt+0x218/0x3c0 [ccm]
  kasan_report+0x20/0x30
  check_memory_region+0x13c/0x1a0
  memcpy+0x23/0x50
  __test_aead+0x9d9/0x2200
  ? kasan_unpoison_shadow+0x35/0x50
  ? alg_test_akcipher+0xf0/0xf0
  ? crypto_skcipher_init_tfm+0x2e3/0x310
  ? crypto_spawn_tfm2+0x37/0x60
  ? crypto_ccm_init_tfm+0xa9/0xd0 [ccm]
  ? crypto_aead_init_tfm+0x7b/0x90
  ? crypto_alloc_tfm+0xc4/0x190
  test_aead+0x28/0xc0
  alg_test_aead+0x54/0xd0
  alg_test+0x1eb/0x3d0
  ? alg_find_test+0x90/0x90
  ? __sched_text_start+0x8/0x8
  ? __wake_up_common+0x70/0xb0
  cryptomgr_test+0x4d/0x60
  kthread+0x173/0x1c0
  ? crypto_acomp_scomp_free_ctx+0x60/0x60
  ? kthread_create_on_node+0xa0/0xa0
  ret_from_fork+0x2c/0x40
 Memory state around the buggy address:
  ffffffff8212fb80: 00 00 00 00 01 fa fa fa fa fa fa fa 00 00 00 00
  ffffffff8212fc00: 00 01 fa fa fa fa fa fa 00 00 00 00 01 fa fa fa
 >ffffffff8212fc80: fa fa fa fa 00 05 fa fa fa fa fa fa 00 00 00 00
                                   ^
  ffffffff8212fd00: 01 fa fa fa fa fa fa fa 00 00 00 00 01 fa fa fa
  ffffffff8212fd80: fa fa fa fa 00 00 00 00 00 05 fa fa fa fa fa fa

This always happens on the same IV which is less than 16 bytes.

Per Ard,

"CCM IVs are 16 bytes, but due to the way they are constructed
internally, the final couple of bytes of input IV are dont-cares.

Apparently, we do read all 16 bytes, which triggers the KASAN errors."

Fix this by padding the IV with null bytes to be at least 16 bytes.

Cc: stable@vger.kernel.org
Fixes: 0bc5a6c5c7 ("crypto: testmgr - Disable rfc4309 test and convert
test vectors")
Acked-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Laura Abbott <labbott@redhat.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2017-03-01 19:48:00 +08:00
Ard Biesheuvel
efa7cebdbf crypto: arm/crc32 - add build time test for CRC instruction support
The accelerated CRC32 module for ARM may use either the scalar CRC32
instructions, the NEON 64x64 to 128 bit polynomial multiplication
(vmull.p64) instruction, or both, depending on what the current CPU
supports.

However, this also requires support in binutils, and as it turns out,
versions of binutils exist that support the vmull.p64 instruction but
not the crc32 instructions.

So refactor the Makefile logic so that this module only gets built if
binutils has support for both.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Acked-by: Jon Hunter <jonathanh@nvidia.com>
Tested-by: Jon Hunter <jonathanh@nvidia.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2017-03-01 19:47:53 +08:00
Ard Biesheuvel
1fb1683cb3 crypto: arm/crc32 - fix build error with outdated binutils
Annotate a vmov instruction with an explicit element size of 32 bits.
This is inferred by recent toolchains, but apparently, older versions
need some help figuring this out.

Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2017-03-01 19:47:51 +08:00
Dan Williams
86ef58a4e3 nfit, libnvdimm: fix interleave set cookie calculation
The interleave-set cookie is a sum that sanity checks the composition of
an interleave set has not changed from when the namespace was initially
created.  The checksum is calculated by sorting the DIMMs by their
location in the interleave-set. The comparison for the sort must be
64-bit wide, not byte-by-byte as performed by memcmp() in the broken
case.

Fix the implementation to accept correct cookie values in addition to
the Linux "memcmp" order cookies, but only allow correct cookies to be
generated going forward. It does mean that namespaces created by
third-party-tooling, or created by newer kernels with this fix, will not
validate on older kernels. However, there are a couple mitigating
conditions:

    1/ platforms with namespace-label capable NVDIMMs are not widely
       available.

    2/ interleave-sets with a single-dimm are by definition not affected
       (nothing to sort). This covers the QEMU-KVM NVDIMM emulation case.

The cookie stored in the namespace label will be fixed by any write the
namespace label, the most straightforward way to achieve this is to
write to the "alt_name" attribute of a namespace in sysfs.

Cc: <stable@vger.kernel.org>
Fixes: eaf961536e ("libnvdimm, nfit: add interleave-set state-tracking infrastructure")
Reported-by: Nicholas Moulin <nicholas.w.moulin@linux.intel.com>
Tested-by: Nicholas Moulin <nicholas.w.moulin@linux.intel.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
2017-03-01 00:49:42 -08:00