When a user timer instance is continued without the explicit start
beforehand, the system gets eventually zero-division error like:
divide error: 0000 [#1] SMP DEBUG_PAGEALLOC KASAN
CPU: 1 PID: 27320 Comm: syz-executor Not tainted 4.8.0-rc3-next-20160825+ #8
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
task: ffff88003c9b2280 task.stack: ffff880027280000
RIP: 0010:[<ffffffff858e1a6c>] [< inline >] ktime_divns include/linux/ktime.h:195
RIP: 0010:[<ffffffff858e1a6c>] [<ffffffff858e1a6c>] snd_hrtimer_callback+0x1bc/0x3c0 sound/core/hrtimer.c:62
Call Trace:
<IRQ>
[< inline >] __run_hrtimer kernel/time/hrtimer.c:1238
[<ffffffff81504335>] __hrtimer_run_queues+0x325/0xe70 kernel/time/hrtimer.c:1302
[<ffffffff81506ceb>] hrtimer_interrupt+0x18b/0x420 kernel/time/hrtimer.c:1336
[<ffffffff8126d8df>] local_apic_timer_interrupt+0x6f/0xe0 arch/x86/kernel/apic/apic.c:933
[<ffffffff86e13056>] smp_apic_timer_interrupt+0x76/0xa0 arch/x86/kernel/apic/apic.c:957
[<ffffffff86e1210c>] apic_timer_interrupt+0x8c/0xa0 arch/x86/entry/entry_64.S:487
<EOI>
.....
Although a similar issue was spotted and a fix patch was merged in
commit [6b760bb2c6: ALSA: timer: fix division by zero after
SNDRV_TIMER_IOCTL_CONTINUE], it seems covering only a part of
iceberg.
In this patch, we fix the issue a bit more drastically. Basically the
continue of an uninitialized timer is supposed to be a fresh start, so
we do it for user timers. For the direct snd_timer_continue() call,
there is no way to pass the initial tick value, so we kick out for the
uninitialized case.
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
dmi_dev is freed in error exit code but, according to the document
of device_register, it should never directly free device structure
after calling this function, even if it returned an error! Use
put_device() instead.
Signed-off-by: Allen Hung <allen_hung@dell.com>
Signed-off-by: Jean Delvare <jdelvare@suse.de>
The stop endpoint command has its own 5 second timeout timer.
If the timeout function is triggered between USB3 and USB2 host
removal it will try to call usb_hc_died(xhci_to_hcd(xhci)->primary_hcd)
the ->primary_hcd will be set to NULL at USB3 hcd removal.
Fix this by first checking if the PCI host is being removed, and
also by using only xhci_to_hcd() as it will always return the primary
hcd.
CC: <stable@vger.kernel.org>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Pull thermal fix from Zhang Rui:
"Only one patch this time, which fixes a crash in rcar_thermal driver.
From Dirk Behme"
* 'for-rc' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux:
thermal: rcar_thermal: Fix priv->zone error handling
A single patch fixing a typo in the temperature trip points in the A13
DTSI.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIbBAABAgAGBQJX0GviAAoJEBx+YmzsjxAgpV0P9Rsn4KpUj7UpTdaJEJ9BILaS
ox1+cxia9kYI3xWA2aYK2vUW+eqvzbngDzrX7dr2RvEKA8H4SJttasPmYxFmpUun
GeW5/YKDZDWrvPr7ZA+1ooqF6zamqX5iXvpW0JaTm/LWkVRFTbt4Strm6u0VMcAK
Ys2Qa1zzzthuNe4x3aFinAfg05S4igIv+oQQSQna/hH8MPo39cLeai5KDN0F+KFU
jZi0JFUhdZcwlFOTfnIg0Ma2PPaVmLszDlhlUHlveGb/UhgATegDmB1Uq1Sj8yrl
c42207sO+r3Xwqyq4Tbe5oYGmDJQu8HREaZfa3kXijhOr6r0reE6ftiJs8WzSzN3
7HqoUpCCNfJfz697WlClPvYd0gHi4GxAxIQMQs43sQlo9UiLIF/m1gyaY/FvBqIx
zurUKStlR1MLiKsG0ATbbgORBvZFToDjf6AIGiplC4Ph6VZmiPgTCmFnelZYIqoL
1gPow2uNRGeT0m7XZHbi9g02Q5IPY77Ubpe5SGuXAjM9UukWHe9eS5vVzsvLtS2G
uCi0iCTisuZiFnNgt0NzsSYpRIIHgb4r1TiZKiwwXoMG2bw1pDof0LBe1Qrk2cuE
k+i6/oNj2XwRdfR8CGSZZzC/Hqh90AL1wHd+fkuXqqYekkqmwTjCe442Bt7mkZFT
4vkNrHixc+ALBEAMmRc=
=4ztu
-----END PGP SIGNATURE-----
Merge tag 'sunxi-fixes-for-4.8' of https://git.kernel.org/pub/scm/linux/kernel/git/mripard/linux into fixes
Allwinner fixes for 4.8
A single patch fixing a typo in the temperature trip points in the A13
DTSI.
* tag 'sunxi-fixes-for-4.8' of https://git.kernel.org/pub/scm/linux/kernel/git/mripard/linux:
ARM: sun5i: Fix typo in trip point temperature
Signed-off-by: Olof Johansson <olof@lixom.net>
For one of the CCI events exposed under sysfs, "snoop" was typo'd as
"snopp". Correct this such that users see the expected event name when
enumerating events via sysfs.
Cc: arm@kernel.org
Acked-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Suzuki K Poulose <suzuki.poulose@arm.com>
Signed-off-by: Olof Johansson <olof@lixom.net>
- Fix misspelled "ti,x-plate-ohms" property name of touchscreen
controller for imx7d-sdb DTS.
- Add missing BM_CLPCR_BYPASS_PMIC_READY setting for i.MX6SX to get
suspend/resume work properly.
- Fix SPDIF regression on imx6qdl which caused by a clock update on
spdif device node.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJXzN18AAoJEFBXWFqHsHzODGYH/Akf3taKILH/8awa78R8CdNA
hPmV1ga/t0QVTe6E/EYRyQv3D9qGEqMfluItcG+gLlhKPfqrE7iOmqdxwg6PtZSk
oqM+gPDP//DGBh3yjZRJ1jK+68i0Nf7weh59iLqEW6WkWWxBWTaPNUBYm7MXJa9f
AUYCWDNf0MUdoxIXy/sUJKZTHOozSPmJf9tp92qKsW4+EX28t65YqlGZeWyztJ5i
nmsnFHzfM3mY3qpA+RH1QerC8sAqqUCXMwfB6AO83hLUvcaFwLt3O6UgiOxhDJbZ
L9q4E5IBOvYK+zVn/GT+FBWMFE1q0WeF0GWp3oez2B6i7n21g6st9wmCDwDU3JE=
=zotz
-----END PGP SIGNATURE-----
Merge tag 'imx-fixes-4.8-2' of git://git.kernel.org/pub/scm/linux/kernel/git/shawnguo/linux into fixes
i.MX fixes for 4.8, 2nd round:
- Fix misspelled "ti,x-plate-ohms" property name of touchscreen
controller for imx7d-sdb DTS.
- Add missing BM_CLPCR_BYPASS_PMIC_READY setting for i.MX6SX to get
suspend/resume work properly.
- Fix SPDIF regression on imx6qdl which caused by a clock update on
spdif device node.
* tag 'imx-fixes-4.8-2' of git://git.kernel.org/pub/scm/linux/kernel/git/shawnguo/linux:
ARM: dts: imx6qdl: Fix SPDIF regression
ARM: imx6: add missing BM_CLPCR_BYPASS_PMIC_READY setting for imx6sx
ARM: dts: imx7d-sdb: fix ti,x-plate-ohms property name
Signed-off-by: Olof Johansson <olof@lixom.net>
This reverts commit b5c86b7496.
This is no longer needed due to other changes going into 4.8 to rename
the unit addresses on a large number of device nodes. So it was picked up
for v4.8-rc1 in error.
Reported-by: Ralf Ramsauer <ralf@ramses-pyramidenbau.de>
Signed-off-by: Olof Johansson <olof@lixom.net>
In commit c60ac5693c ("powerpc: Update kernel VSID range", 2013-03-13)
we lost a check on the region number (the top four bits of the effective
address) for addresses below PAGE_OFFSET. That commit replaced a check
that the top 18 bits were all zero with a check that bits 46 - 59 were
zero (performed for all addresses, not just user addresses).
This means that userspace can access an address like 0x1000_0xxx_xxxx_xxxx
and we will insert a valid SLB entry for it. The VSID used will be the
same as if the top 4 bits were 0, but the page size will be some random
value obtained by indexing beyond the end of the mm_ctx_high_slices_psize
array in the paca. If that page size is the same as would be used for
region 0, then userspace just has an alias of the region 0 space. If the
page size is different, then no HPTE will be found for the access, and
the process will get a SIGSEGV (since hash_page_mm() will refuse to create
a HPTE for the bogus address).
The access beyond the end of the mm_ctx_high_slices_psize can be at most
5.5MB past the array, and so will be in RAM somewhere. Since the access
is a load performed in real mode, it won't fault or crash the kernel.
At most this bug could perhaps leak a little bit of information about
blocks of 32 bytes of memory located at offsets of i * 512kB past the
paca->mm_ctx_high_slices_psize array, for 1 <= i <= 11.
Fixes: c60ac5693c ("powerpc: Update kernel VSID range")
Cc: stable@vger.kernel.org # v3.9+
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
Reviewed-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Commit 7aef413656 ("powerpc32: rewrite csum_partial_copy_generic()
based on copy_tofrom_user()") introduced a bug when destination address
is odd and len is lower than cacheline size.
In that case the resulting csum value doesn't have to be rotated one
byte because the cache-aligned copy part is skipped so no alignment
is performed.
Fixes: 7aef413656 ("powerpc32: rewrite csum_partial_copy_generic() based on copy_tofrom_user()")
Cc: stable@vger.kernel.org # v4.6+
Reported-by: Alessio Igor Bogani <alessio.bogani@elettra.eu>
Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
Tested-by: Alessio Igor Bogani <alessio.bogani@elettra.eu>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
In pnv_ioda_free_pe(), the PE object (including the associated PE
number) is cleared before resetting the corresponding bit in the
PE allocation bitmap. It means PE#0 is always released to the bitmap
wrongly.
This fixes above issue by caching the PE number before the PE object
is cleared.
Fixes: 1e9167726c ("powerpc/powernv: Use PE instead of number during setup and release"
Cc: stable@vger.kernel.org # v4.7+
Signed-off-by: Gavin Shan <gwshan@linux.vnet.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
ucb1x00 has used IRQ probing since it's dawn to find the GPIO interrupt
that it's connected to. However, commit 23393d49fb ("gpio: kill off
set_irq_flags usage") broke this by disabling IRQ probing on GPIO
interrupts. Fix this.
Fixes: 23393d49fb ("gpio: kill off set_irq_flags usage")
Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
The MCP23S08 driver certainly accesses fields inside the
struct gpio_chip that are only available under CONFIG_OF_GPIO
not just CONFIG_OF, so update the Kconfig and driver to reflect
this.
Cc: Alexander Stein <alexander.stein@systec-electronic.com>
Cc: Phil Reid <preid@electromag.com.au>
Reported-by: kbuild test robot <fengguang.wu@intel.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
This reverts commit 7d4defe21c.
The commit was pointless, manically trembling in the dark for
a solution. The real fixes are:
commit 048c28c91e
("gpio: make any OF dependent driver depend on OF_GPIO")
commit 2527ecc919
("gpio: Fix OF build problem on UM")
Reported-by: Chris Wilson <chris@chris-wilson.co.uk>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
- move page-spanning check behind a CONFIG since it's triggering false positives
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Kees Cook <kees@outflux.net>
iQIcBAABCgAGBQJX0F3qAAoJEIly9N/cbcAmaxEP/R737i+XhP4VOv+rYW050NHB
K+FDeLv5/Gx56JrHRRWwj80K5/9F09wS929AWcaTDjEb2NKp/o/6W/gN1eVdGlJF
K3UQk+Kmncb44poVoHkjMRAl6+sfKm6mTWZBTjBECKwQuCFyDoDoqDXhn5IXTlw9
Ig+TTOSgNw9gRke3ECtFynbVnDWx/Ry/axfT9vGXhFOkWclMUFy2UOdDSTtFAB6x
yw5hdrfGakk2BPscHLO1xNqRuVLRUSXZVUiJGIQ6AiUupm34Yqmm69mrMuxaOtPC
Ai3zhNGDuYClcGJAiPJYX+7nRjgPCWAdlyzQqLp5hwx63TJ+gxvhmxoFOJxEmHE/
99i2Ak073Es6WII532Eknk3vV+UJzQNT/HO+0LcrJFkOEp9EHfVUb19CngQTaX7Q
UbfYdyFgp3y24cRp7v0tP8gE2LCrsRe0UEhUq2NGmrerw3caNqZGHS9Od5OYEM8D
uIhaotWoOv9Z0r+DZMGkUjfqeLb6RWNcUoWc5wZ3VYG27BM/pfhRxKf/2aw6O9u0
2Jk1QJxBr+/8DQ500xu/IBOP9V7aGAc4nxKyqUlwA05/JEFGiAzCwqfZW5CKTxgD
5Ht994WbTEH3/VaAskKnwggeHvttiEpehBCdVA4bXuhBhJhmPjFiKHX7uRrcM2GV
/yH3UTkPnr/VD/I2ndiX
=r8BE
-----END PGP SIGNATURE-----
Merge tag 'usercopy-v4.8-rc6-part2' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
Pull more hardened usercopyfixes from Kees Cook:
- force check_object_size() to be inline too
- move page-spanning check behind a CONFIG since it's triggering false
positives
[ Changed the page-spanning config option to depend on EXPERT in the
merge. That way it still gets build testing, and you can enable it if
you want to, but is never enabled for "normal" configurations ]
* tag 'usercopy-v4.8-rc6-part2' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
usercopy: remove page-spanning test for now
usercopy: force check_object_size() inline
A custom allocator without __GFP_COMP that copies to userspace has been
found in vmw_execbuf_process[1], so this disables the page-span checker
by placing it behind a CONFIG for future work where such things can be
tracked down later.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1373326
Reported-by: Vinson Lee <vlee@freedesktop.org>
Fixes: f5509cc18d ("mm: Hardened usercopy")
Signed-off-by: Kees Cook <keescook@chromium.org>
Just for good measure, make sure that check_object_size() is always
inlined too, as already done for copy_*_user() and __copy_*_user().
Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Kees Cook <kees@outflux.net>
iQIcBAABCgAGBQJX0D/IAAoJEIly9N/cbcAmORYQAIzhZ+tFuXkOrEJx0efQx8ik
8ix0wBrh0KTDQkMWQxUnDyIr+7vNcH0oOkH3kwgYaShAZif4oq6TGkdvgJJQr+ca
ZsBcEdasYvglcr/7hEF4cH28h3YqN7HwW+Mx8IqrBQqqjly7V2jamBBd/YXOcDK9
gqXooH1He9QVtVb0uC/AVFVY+st37iuqrreLFKWrX52FaUQ+7f0svN4LWC9b1UEq
UQyi+HMMRbovum9+2WDKPpl8oEZvXE7CiWexwl2G9qBCpm/AhragArl9BhrA31eE
0PPuVBTtypPNvKVieboXUhTg5eet+nFXtlea+/CLWfbqxpecsNiqMgSIg+aWOnz4
Y6Te5P7oSwhto0WzXvilxjvShvjHgTo98PY9Qj0bBb7ECCbI09GfoDf3SPYayTwC
9zPC04mJihr+6h8QdmYgfuHzTVjMxb6YOmAorz805cJ0vHtdPIP4Gkei4R1tNUkG
TNQNXKef/UJbImL17pFu70Ru6/J58OgDuMuAAuswsFt7KELw4DZhmJL+KnYdPG1G
gHirQd1HtQlsBoVvQAwmQjBp+TqFoY3oiv4Y2oq7IEk/ZCs3XJaEYKm90CoZlm4a
sMtA0j+9rWqNirzuyWUeJfkd48yjcbOzSimzSCTsNVVsbyeA1yyapAdHSTWWm554
zEubN4LCJoGiH/FWnX6U
=UgsA
-----END PGP SIGNATURE-----
Merge tag 'seccomp-v4.8-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
Pull seccomp fixes from Kees Cook:
"Fix UM seccomp vs ptrace, after reordering landed"
* tag 'seccomp-v4.8-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
seccomp: Remove 2-phase API documentation
um/ptrace: Fix the syscall number update after a ptrace
um/ptrace: Fix the syscall_trace_leave call
usercopy and the recent compile-time checks.
- Switches hardened usercopy to only check non-const size arguments to avoid
meaningless checks on likely-sane const values.
- Updates lkdtm usercopy tests to compenstate for the const checking.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Kees Cook <kees@outflux.net>
iQIcBAABCgAGBQJXzxqiAAoJEIly9N/cbcAmsHkP/jD/htMTw+Yf5ZxafEHLO3yA
IPxwxvEYGHcgmKeFlrjhssOqw1hs0q8D4DVRnlu1NV4XF4b9b+Jz3Tf7PoOhgLLR
f4m0TYzX1tVmiK3qAuVbRQGnA1i08CPhiKPNzo43x+ldBPf7nRQufxkLVBrVmFJa
qSQMZ2Am483xzEwFwRrlYyqsLwlJOA69rMRPJ+n3NLR/f8xRCkGigIvBVdUXBXkk
0v9EhZ+si6dWHFbfu0fhqlintnrOfcLPf6WmsSl/b5HkHqf/J1OW8FRgnDSDEqaQ
/NIap9Ba33ASySilX/qZ7ioSnSVvkL2VmVy5yR2hRBYou1122SXVh2+NwRmmTkCV
avNZZuGaR3Bhmu8xUpDicddCC1Vo13jcyB3/iKZkdfHj89RpCWhJRi/+SOoXpCrq
ABnMNSoFVIlmDA5aggnevS4or3hOoTp9LosPY/86M4+cYnpIFyZJd4SzwXNg58U6
aEmal9ypfss5kF4gSnZBLnLhE4XYkjSrvxGaRhYeyDI/3mMAKUb1/VeaiMqVAvfs
J9k9kOtLspYv5gTDfKK+yucqVTmRIbr/z1jikH+KX+OSR3HRUrcWm1wEWZCdxa5I
2CeZY0q3kAZK5pGvaAxgJlvYfEHShHio19Poc0qsMW2UcwB62YNJ/ybuKFHnZM+Y
ACqYh+dcH2v/2DNxigcH
=bFFM
-----END PGP SIGNATURE-----
Merge tag 'usercopy-v4.8-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
Pull hardened usercopy fixes from Kees Cook:
- inline copy_*_user() for correct use of __builtin_const_p() for
hardened usercopy and the recent compile-time checks.
- switch hardened usercopy to only check non-const size arguments to
avoid meaningless checks on likely-sane const values.
- update lkdtm usercopy tests to compenstate for the const checking.
* tag 'usercopy-v4.8-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
lkdtm: adjust usercopy tests to bypass const checks
usercopy: fold builtin_const check into inline function
x86/uaccess: force copy_*_user() to be inlined
Update the syscall number after each PTRACE_SETREGS on ORIG_*AX.
This is needed to get the potentially altered syscall number in the
seccomp filters after RET_TRACE.
This fix four seccomp_bpf tests:
> [ RUN ] TRACE_syscall.skip_after_RET_TRACE
> seccomp_bpf.c:1560:TRACE_syscall.skip_after_RET_TRACE:Expected -1 (18446744073709551615) == syscall(39) (26)
> seccomp_bpf.c:1561:TRACE_syscall.skip_after_RET_TRACE:Expected 1 (1) == (*__errno_location ()) (22)
> [ FAIL ] TRACE_syscall.skip_after_RET_TRACE
> [ RUN ] TRACE_syscall.kill_after_RET_TRACE
> TRACE_syscall.kill_after_RET_TRACE: Test exited normally instead of by signal (code: 1)
> [ FAIL ] TRACE_syscall.kill_after_RET_TRACE
> [ RUN ] TRACE_syscall.skip_after_ptrace
> seccomp_bpf.c:1622:TRACE_syscall.skip_after_ptrace:Expected -1 (18446744073709551615) == syscall(39) (26)
> seccomp_bpf.c:1623:TRACE_syscall.skip_after_ptrace:Expected 1 (1) == (*__errno_location ()) (22)
> [ FAIL ] TRACE_syscall.skip_after_ptrace
> [ RUN ] TRACE_syscall.kill_after_ptrace
> TRACE_syscall.kill_after_ptrace: Test exited normally instead of by signal (code: 1)
> [ FAIL ] TRACE_syscall.kill_after_ptrace
Fixes: 26703c636c ("um/ptrace: run seccomp after ptrace")
Signed-off-by: Mickaël Salaün <mic@digikod.net>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Jeff Dike <jdike@addtoit.com>
Cc: Richard Weinberger <richard@nod.at>
Cc: James Morris <jmorris@namei.org>
Cc: user-mode-linux-devel@lists.sourceforge.net
Signed-off-by: James Morris <james.l.morris@oracle.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Keep the same semantic as before the commit 26703c636c: deallocate
audit context and fake a proper syscall exit.
This fix a kernel panic triggered by the seccomp_bpf test:
> [ RUN ] global.ERRNO_valid
> BUG: failure at kernel/auditsc.c:1504/__audit_syscall_entry()!
> Kernel panic - not syncing: BUG!
Fixes: 26703c636c ("um/ptrace: run seccomp after ptrace")
Signed-off-by: Mickaël Salaün <mic@digikod.net>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Jeff Dike <jdike@addtoit.com>
Cc: Richard Weinberger <richard@nod.at>
Cc: James Morris <jmorris@namei.org>
Cc: user-mode-linux-devel@lists.sourceforge.net
Signed-off-by: James Morris <james.l.morris@oracle.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
When building a kernel with CONFIG_PM_SLEEP=n, we
get the following warning:
drivers/usb/dwc3/dwc3-pci.c:253:12: warning: 'dwc3_pci_pm_dummy' defined but not used
In order to fix this, we should only define
dwc3_pci_pm_dummy() when CONFIG_PM_SLEEP is defined.
Fixes: f6c274e11e ("usb: dwc3: pci: runtime_resume child device")
Reported-by: Arnd Bergmann <arnd@arndb.de>
Acked-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
- A smattering of small fixes across the core, ipoib, i40iw, isert, cxgb4,
and mlx4
- A slightly larger group of fixes to each of mlx5 and hfi1
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJXycWuAAoJELgmozMOVy/dAS0P/2rmT4Qz5heNyvWuvixdQL6F
JkTHCCykU8WJsYweieQyhLaLuQrkZloV63rr5ignWR4J0BCwo2i95MZkBrhG+04c
0EZrBvXoSdPKp/hXoX/yJD3aZgFHeh1A2xJnqn4doP6Ld23qNysRyEykzc3SJlMe
0sGdLoT4jhxKG+23Qus0m1eNprmpZKV7hVkI7xfVMUjQti2/GBJ9qUKiTO9TFwZE
3JGwpBDUoIF6LZ33H8KPeUM+PELjIbGdW+Vatvn+5Rj7By5yUYd2smfmVJ5mpoVd
j5alX5p8j+eT81z+gskv/9i5E0WolCeYm+raMrovcGtOYwAOdcULjQwrxxR95R/D
xhUglGckuPKMze5CjuGHpmJPgCfD3jhGA40iueUCauogK0jl2y9fkvTMem9GJSPC
O03JRz12Yp/5z1YkU2rHq6dun5zDM6fHS2w1dNkGo19u4NdbiW+WJlJ3WANXNqrB
RC7G73QUu5qBtZjR8DaiMVzhUoQdTCd1+/yDToNKeCpZBpdkzXTrBMtvUze+wKrc
sBg4KjdGSM0hFI1JQqBWEJ0VRks7RKu8h0XA4M0IIxFQKXU/h+7LrdMmoth47YrN
A4QcnUbe1JCoGREFDf+n7uAsAt24gAkS4+J3WW+pVV4zYb/hyonFVQaAPrmfjSLe
FxUeTxcH0O8mALpSuxbh
=Gf66
-----END PGP SIGNATURE-----
Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma
Pull rdma fixes from Doug Ledford:
"This is the second pull request for the rdma subsystem. Most of the
patches are small and obvious. I took two patches in that are larger
than I wanted this late in the cycle.
The first is the hfi1 patch that implements a work queue to test the
QSFP read state. I originally rejected the first patch for this
(which would have place up to 20 seconds worth of udelays in their
probe routine). They then rewrote it the way I wanted (use delayed
work tasks to wait asynchronously up to 20 seconds for the QSFP to
come alive), so I can't really complain about the size of getting what
I asked for :-/.
The second is large because it switches the rcu locking in the debugfs
code. Since a locking change like this is done all at once, the size
it what it is. It resolves a litany of debug messages from the
kernel, so I pulled it in for -rc.
The rest are all typical -rc worthy patches I think.
There will still be a third -rc pull request from the rdma subsystem
this release. I hope to have that one ready to go by the end of this
week or early next.
Summary:
- a smattering of small fixes across the core, ipoib, i40iw, isert,
cxgb4, and mlx4
- a slightly larger group of fixes to each of mlx5 and hfi1"
* tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma:
IB/hfi1: Rework debugfs to use SRCU
IB/hfi1: Make n_krcvqs be an unsigned long integer
IB/hfi1: Add QSFP sanity pre-check
IB/hfi1: Fix AHG KDETH Intr shift
IB/hfi1: Fix SGE length for misaligned PIO copy
IB/mlx5: Don't return errors from poll_cq
IB/mlx5: Use TIR number based on selector
IB/mlx5: Simplify code by removing return variable
IB/mlx5: Return EINVAL when caller specifies too many SGEs
IB/mlx4: Don't return errors from poll_cq
Revert "IB/mlx4: Return EAGAIN for any error in mlx4_ib_poll_one"
IB/ipoib: Fix memory corruption in ipoib cm mode connect flow
IB/core: Fix use after free in send_leave function
IB/cxgb4: Make _free_qp static to silence build warning
IB/isert: Properly release resources on DEVICE_REMOVAL
IB/hfi1: Fix the size parameter to find_first_bit
IB/mlx5: Fix the size parameter to find_first_bit
IB/hfi1: Clean up type used and casting
i40iw: Receive notification events correctly
i40iw: Update hw_iwarp_state
The hardened usercopy is now consistently avoiding checks against const
sizes, since we really only want to perform runtime bounds checking
on lengths that weren't known at build time. To test the hardened usercopy
code, we must force the length arguments to be seen as non-const.
Signed-off-by: Kees Cook <keescook@chromium.org>
Instead of having each caller of check_object_size() need to remember to
check for a const size parameter, move the check into check_object_size()
itself. This actually matches the original implementation in PaX, though
this commit cleans up the now-redundant builtin_const() calls in the
various architectures.
Signed-off-by: Kees Cook <keescook@chromium.org>
As already done with __copy_*_user(), mark copy_*_user() as __always_inline.
Without this, the checks for things like __builtin_const_p() won't work
consistently in either hardened usercopy nor the recent adjustments for
detecting usercopy overflows at compile time.
The change in kernel text size is detectable, but very small:
text data bss dec hex filename
12118735 5768608 14229504 32116847 1ea106f vmlinux.before
12120207 5768608 14229504 32118319 1ea162f vmlinux.after
Signed-off-by: Kees Cook <keescook@chromium.org>
Pull mailbox fixes from Jassi Brar:
"Misc fixes for BCM mailbox driver
- Fix build warnings by making static functions used within the file.
- Check for potential NULL before dereferencing
- Fix link error by defining HAS_DMA dependency"
* 'mailbox-devel' of git://git.linaro.org/landing-teams/working/fujitsu/integration:
fix📫bcm-pdc-mailbox:mark symbols static where possible
mailbox: bcm-pdc: potential NULL dereference in pdc_shutdown()
mailbox: Add HAS_DMA Kconfig dependency to BCM_PDC_MBOX
This is really three fixes, but the SES one comes in a bundle of three
(making the replacement API available properly, using it and removing
the non-working one). The SES problem causes an oops on hpsa devices
because they attach virtual disks to the host which aren't SAS
attached (the replacement API ignores them). The other two fixes are
fairly minor: the sense key one means we actually resolve a newly
added sense key and the RDAC device blacklisting is needed to prevent
us annoying the universal XPORT lun of various RDAC arrays.
Signed-off-by: James Bottomley <jejb@linux.vnet.ibm.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAABAgAGBQJXztXJAAoJEAVr7HOZEZN4Ix4QAKEfme48bS9+5qsDodwzK1tR
FZqC7/itkmQ295yzppw0Gp4Tbod+LflBd3o321JCQiAZ5YF3PeDINYDj3X0JkgLW
2dMd9dcDogigGCkosmr4V8WtCdWj6UXXvbzqLu8PSX9Ji0Fhi4S4mSuQkBWwq2nb
232i/fV+RP/5l/XjJtEjV/bCbbsfLA76SmcKx6Q8j+OmF+Nap/KhtP4JYtbErS0C
gE4WRidoCRjCurLTHn5srqYHmqG5kewxgtAyJEYUi5YxP0LHD0h5NhDd/n8ZB1oY
6f+MfIkIbMmMs/ILnjpVFtLD8iRma1X8APcF4x2m+w+BH839fqefzXjpcMoE3laf
h6BHys7mDgVTcHStML61OzC4vPbwRsJX+YTLcC0fO1pftl3q/qCqTBy0hlohfX9Q
iHCjY4qaQz/ufYtQjAG+z6JWKswlKiHUzRt69TWc5tYQM3vvhUZ9+bd0oU+q0UUv
OJlht505QA41lMssMo49QgjZIXO9HIFKsg99J9zBtYUwbanwkIhLNc+6xZIb09BG
0JYNXbSoUHlW8nniXHIPQzK/5qs11IV7vued+SoqNU9z9koSBuf5Im1L2tZDzbgz
he0w+paGfskAIXIQD2LzP8YmIWOb28Nq/DgeQ4/iJRXrhvw20XxbbGZQgzQdPyN7
oFjaMEDIbve0XbNEQXwr
=HBmE
-----END PGP SIGNATURE-----
Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
Pull SCSI fixes from James Bottomley:
"This is really three fixes, but the SES one comes in a bundle of three
(making the replacement API available properly, using it and removing
the non-working one). The SES problem causes an oops on hpsa devices
because they attach virtual disks to the host which aren't SAS
attached (the replacement API ignores them).
The other two fixes are fairly minor: the sense key one means we
actually resolve a newly added sense key and the RDAC device
blacklisting is needed to prevent us annoying the universal XPORT lun
of various RDAC arrays"
* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
scsi: sas: remove is_sas_attached()
scsi: ses: use scsi_is_sas_rphy instead of is_sas_attached
scsi: sas: provide stub implementation for scsi_is_sas_rphy
scsi: blacklist all RDAC devices for BLIST_NO_ULD_ATTACH
scsi: fix upper bounds check of sense key in scsi_sense_key_string()
Several fixes here, the main one being the change from Lars-Peter which
I'd been letting soak in -next since the merge window in case it
uncovered further issues as it's a minimal fix rather than a change
addressing the root cause of the problems (which would've been too
invasive for -rc):
- The biggest change is a fix from Lars-Peter to ensure that we don't
create overlapping rbtree nodes which in turn avoids returning
corrupt cache values to users, fixing some issues that were exposed
by some recent optimisations with certain access patterns but had
been present for a long time.
- A fix from Elaine Zhang to stop us updating the cache if we get an
I/O error when writing to the hardware.
- A fix fromm Maarten ter Huurne to avoid uninitialized defaults in
cases where we have non-readable registers but are initializing the
cache by reading from the device.
-----BEGIN PGP SIGNATURE-----
iQEwBAABCAAaBQJXzrAXExxicm9vbmllQGtlcm5lbC5vcmcACgkQJNaLcl1Uh9DK
6Af/eRh/gD5Bp6DheOkrCNNj/jx0QlkAlgtkFzZBVp4AetirO3UZ3hwUyFCGyLWw
n2Ohmt54s3BHsvqy+YTrVD57AueI+chAOvKWJ6sYHxiPByy8KuVH+KmffhDHXjyd
gpIHPAMYnlYknTwitagbyWPA1vuAd4JWCqmJ7Nd/Fxl+Q9fY3PhsXSBXdcejWTtm
Su8XIhCtykTCTGijg4I/ZNeOLk1xPEWMiX+P/0knOpgE+9ATWq33UIWInoXe02bs
xITHse40BQUKCfoJKZjJGX3uSnluKpOvojIbcJhcHFYjJpeoU+4kj1Gd4UHMQ8vB
n8OpZYDKU3KdEHjIZBqbk0wFDw==
=cYjC
-----END PGP SIGNATURE-----
Merge tag 'regmap-fix-v4.8-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regmap
Pull regmap fixes from Mark Brown:
"Several fixes here, the main one being the change from Lars-Peter
which I'd been letting soak in -next since the merge window in case it
uncovered further issues as it's a minimal fix rather than a change
addressing the root cause of the problems (which would've been too
invasive for -rc):
- The biggest change is a fix from Lars-Peter to ensure that we don't
create overlapping rbtree nodes which in turn avoids returning
corrupt cache values to users, fixing some issues that were exposed
by some recent optimisations with certain access patterns but had
been present for a long time.
- A fix from Elaine Zhang to stop us updating the cache if we get an
I/O error when writing to the hardware.
- A fix fromm Maarten ter Huurne to avoid uninitialized defaults in
cases where we have non-readable registers but are initializing the
cache by reading from the device"
* tag 'regmap-fix-v4.8-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regmap:
regmap: drop cache if the bus transfer error
regmap: rbtree: Avoid overlapping nodes
regmap: cache: Fix num_reg_defaults computation from reg_defaults_raw
As well as the usual driver fixes there's a couple of non-trivial core
fixes in here:
- Fixes for issues reported by Julia Lawall in the changes that were
sent last time to fix interaction between the bus lock and the
locking done for the SPI thread. I'd let this one cook for a while
to make sure nothing else came up in testing.
- A fix from Sien Wu arithmetic overflows when calculating the timeout
for larger transfers (espcially common with slow buses with flashes
on them).
-----BEGIN PGP SIGNATURE-----
iQEwBAABCAAaBQJXzq2lExxicm9vbmllQGtlcm5lbC5vcmcACgkQJNaLcl1Uh9A1
wQf/Vpu3Yjc54vHrjhCKj0Obps0uNontCjmWlBPLb4WskJ9OMtsmDtKaO5xVJPKE
d3786Bb3xnKxJXfb8FJlWI4zH19JYxycZUqc7C77TwDtY/tFFtjRdwe30nv1JqOE
87ieyTSvJX4qYSjidf4aB+zQCz0V3lakP2CB9vte/hHbThFGBZ9PY7M7EdINubi6
DhT+g8ra3X6IOl8HnojfHDQIfTJB77vrblDyUcL6gI5O7Ol6k5R5m7pTlOp8zkPN
qMkHkqafX0x0ntcDanRhfhxJTXh8CkNfpWl/nj1fZ2wYIQQVHsOuAeKmZ9+pDrYB
oJX+BVmK3hzNGuRyH6/1UqGs6Q==
=idNX
-----END PGP SIGNATURE-----
Merge tag 'spi-fix-v4.8-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi
Pull spi fixes from Mark Brown:
"As well as the usual driver fixes there's a couple of non-trivial core
fixes in here:
- Fixes for issues reported by Julia Lawall in the changes that were
sent last time to fix interaction between the bus lock and the
locking done for the SPI thread. I'd let this one cook for a while
to make sure nothing else came up in testing.
- A fix from Sien Wu for arithmetic overflows when calculating the
timeout for larger transfers (espcially common with slow buses with
flashes on them)"
* tag 'spi-fix-v4.8-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi:
spi: Prevent unexpected SPI time out due to arithmetic overflow
spi: pxa2xx-pci: fix ACPI-based enumeration of SPI devices
MAINTAINERS: add myself as Samsung SPI maintainer
spi: Drop io_mutex in error paths
spi: sh-msiof: Avoid invalid clock generator parameters
spi: img-spfi: Remove spi_master_put in img_spfi_remove()
spi: mediatek: remove spi_master_put in mtk_spi_remove()
spi: qup: Remove spi_master_put in spi_qup_remove()
Two things here, one an e-mail update for Krzysztof Kozlowski and the
other a couple of fixes for issues with incorrectly described voltages
in a couple of the Qualcomm regulator drivers that were breaking MMC on
some platforms.
-----BEGIN PGP SIGNATURE-----
iQEwBAABCAAaBQJXzqufExxicm9vbmllQGtlcm5lbC5vcmcACgkQJNaLcl1Uh9CP
DQf/RNBJQVXb3Zr0ehM+/sNJBBhYQhoK8sbsKjL1y47mXttcP5LfiOEazM8VfoET
33tkGvGVbtIvdI/iHu9QAQmqSYTLzFEmlvKOqWtVG+AjDFzT1MfQzUHTpTJfAXO0
IDRxXULK9SLl5lUGF3CnhE2yzqACBcDDrVrso+y86jTAguP+MMYobk2GMUflMW5l
UQbT5UJ3LcBCrw+vVNSKPZWup0CMnvpXVgFJcM4LOWv5fkzXkPQt0ky6AwPjoGB0
IVRExi9UtcQxAzeQRDBfj2os+fhYxcf+2zBmLdlRXGIvcZ9Hg9ZdroCq4/hBqLs/
yopZOW9OO8oun2i67eWsHo0YJw==
=S9iL
-----END PGP SIGNATURE-----
Merge tag 'regulator-fix-v4.8-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator
Pull regulator fixes from Mark Brown:
"Two things here, one an e-mail update for Krzysztof Kozlowski and the
other a couple of fixes for issues with incorrectly described voltages
in a couple of the Qualcomm regulator drivers that were breaking MMC
on some platforms"
* tag 'regulator-fix-v4.8-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator:
regulator: Change Krzysztof Kozlowski's email to kernel.org
regulator: qcom_smd: Fix voltage ranges for pma8084 ftsmps and pldo
regulator: qcom_smd: Fix voltage ranges for pm8x41
SoC-specific driver fixes:
- Fix routing problems in pistachio (Imagination) and
sunxi (AllWinner)
- Fix an interrupt problem in the Cherryview (Intel)
-----BEGIN PGP SIGNATURE-----
iQIcBAABAgAGBQJXzngKAAoJEEEQszewGV1zDX0P+wUhZ0tYyr6yG3e3eAC50tU2
QuBCcFfoI4j11pxFEwyfcYgzKPR31igL/W1r8t4AmoXVqvkd/9Rbmndfm4+uTMnx
Y95TkD5krSOUceQMTO9FAimeTRQtLdDYS7oN3SWDLwCSRl2bchdTDHpMgP5ngt1m
Grju6x20s6DoKtkmaWIJPUoz0hQQ1t4mhPH7gH6Ik6McG9tdia7BdOkRNcb6+6nW
R7o02vvVXVdYcjyvohu97eUDovUGGrWn3Z7YmfJV6gEjotLI/IoLFhDqI/BxV6Dg
E3KTaDLFvSefPMzCnQq1mK13pffk9YSwM5K2IReyLTqtD4e5nR5QxBjasKMy4VYV
0safWOgVH4BAejqSUYkRDMmWgOEIBG/nugL0kmKhbJ8aFtWZCqxLkBVFIMZC6sFB
evQqen969xt/ByFsfeJFCgcl9lKUstZz4jK/c5ZH45+HjRPD3IhZAYiqbD/ZQD/0
Qy92xwAIPyqwNOCA7OOTmuO8/P2wShU2hYTahMgKiLJxAmxijo8N11lwrrWnH2Zm
7P2cKeW9z0UcIO8Mm97720QueRYoOK0QAbxZIGryaeEdhPn4ZolejxThNdJuBabB
aOtnQPkQOYhx6cfzWL4awqm4PzcXjCaueBvKQdUhCx+YCOPJDCKJLURUQbwD+qZK
Izqb2OchSakRkowIe9Rn
=uncw
-----END PGP SIGNATURE-----
Merge tag 'pinctrl-v4.8-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl
Pull pin control fixes from Linus Walleij:
"Nothing special at all, just three SoC-specific driver fixes:
- Fix routing problems in pistachio (Imagination) and sunxi
(AllWinner)
- Fix an interrupt problem in the Cherryview (Intel)"
* tag 'pinctrl-v4.8-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl:
pinctrl: sunxi: fix uart1 CTS/RTS pins at PG on A23/A33
pinctrl: cherryview: Do not mask all interrupts in probe
pinctrl: pistachio: fix mfio pll_lock pinmux
In btrfs_async_reclaim_metadata_space(), we use ticket's address to
determine whether asynchronous metadata reclaim work is making progress.
ticket = list_first_entry(&space_info->tickets,
struct reserve_ticket, list);
if (last_ticket == ticket) {
flush_state++;
} else {
last_ticket = ticket;
flush_state = FLUSH_DELAYED_ITEMS_NR;
if (commit_cycles)
commit_cycles--;
}
But indeed it's wrong, we should not rely on local variable's address to
do this check, because addresses may be same. In my test environment, I
dd one 168MB file in a 256MB fs, found that for this file, every time
wait_reserve_ticket() called, local variable ticket's address is same,
For above codes, assume a previous ticket's address is addrA, last_ticket
is addrA. Btrfs_async_reclaim_metadata_space() finished this ticket and
wake up it, then another ticket is added, but with the same address addrA,
now last_ticket will be same to current ticket, then current ticket's flush
work will start from current flush_state, not initial FLUSH_DELAYED_ITEMS_NR,
which may result in some enospc issues(I have seen this in my test machine).
Signed-off-by: Wang Xiaoguang <wangxg.fnst@cn.fujitsu.com>
Reviewed-by: Josef Bacik <jbacik@fb.com>
Signed-off-by: David Sterba <dsterba@suse.com>
We use a btrfs_log_ctx structure to pass information into the
tree log commit, and get error values out. It gets added to a per
log-transaction list which we walk when things go bad.
Commit d1433debe added an optimization to skip waiting for the log
commit, but didn't take root_log_ctx out of the list. This
patch makes sure we remove things before exiting.
Signed-off-by: Chris Mason <clm@fb.com>
Fixes: d1433debe7
cc: stable@vger.kernel.org # 3.15+
In case thermal_zone_xxx_register() returns an error, priv->zone
isn't NULL any more, but contains the error code.
This is passed to thermal_zone_device_unregister(), then. This checks
for priv->zone being NULL, but the error code is != NULL. So it works
with the error code as a pointer. Crashing immediately.
To fix this, reset priv->zone to NULL before entering
rcar_gen3_thermal_remove().
Signed-off-by: Dirk Behme <dirk.behme@de.bosch.com>
Reviewed-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Zhang Rui <rui.zhang@intel.com>
An earlier fix partially fixed the null pointer dereference on skb->len
by moving the assignment of len after the check on skb being non-null,
however it failed to remove the erroneous dereference when assigning len.
Correctly fix this by removing the initialisation of len as was
originally intended.
Fixes: 70237dc8ef ("usb: gadget: function: f_eem: socket buffer may be NULL")
Acked-by: Peter Chen <peter.chen@nxp.com>
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
The compound PE is created to accommodate the devices attached to
one specific PCI bus that consume multiple M64 segments. The compound
PE is made up of one master PE and possibly multiple slave PEs. The
slave PEs should be destroyed when releasing the master PE. A kernel
crash happens when derferencing @pe->pdev on releasing the slave PE
in pnv_ioda_deconfigure_pe().
# echo 0 > /sys/bus/pci/slots/C7/power
iommu: Removing device 0000:01:00.1 from group 0
iommu: Removing device 0000:01:00.0 from group 0
Unable to handle kernel paging request for data at address 0x00000010
Faulting instruction address: 0xc00000000005d898
cpu 0x1: Vector: 300 (Data Access) at [c000000fe8217620]
pc: c00000000005d898: pnv_ioda_release_pe+0x288/0x610
lr: c00000000005dbdc: pnv_ioda_release_pe+0x5cc/0x610
sp: c000000fe82178a0
msr: 9000000000009033
dar: 10
dsisr: 40000000
current = 0xc000000fe815ab80
paca = 0xc00000000ff00400 softe: 0 irq_happened: 0x01
pid = 2709, comm = sh
Linux version 4.8.0-rc5-gavin-00006-g745efdb (gwshan@gwshan) \
(gcc version 4.9.3 (Buildroot 2016.02-rc2-00093-g5ea3bce) ) #586 SMP \
Tue Sep 6 13:37:29 AEST 2016
enter ? for help
[c000000fe8217940] c00000000005d684 pnv_ioda_release_pe+0x74/0x610
[c000000fe82179e0] c000000000034460 pcibios_release_device+0x50/0x70
[c000000fe8217a10] c0000000004aba80 pci_release_dev+0x50/0xa0
[c000000fe8217a40] c000000000704898 device_release+0x58/0xf0
[c000000fe8217ac0] c000000000470510 kobject_release+0x80/0xf0
[c000000fe8217b00] c000000000704dd4 put_device+0x24/0x40
[c000000fe8217b20] c0000000004af94c pci_remove_bus_device+0x12c/0x150
[c000000fe8217b60] c000000000034244 pci_hp_remove_devices+0x94/0xd0
[c000000fe8217ba0] c0000000004ca444 pnv_php_disable_slot+0x64/0xb0
[c000000fe8217bd0] c0000000004c88c0 power_write_file+0xa0/0x190
[c000000fe8217c50] c0000000004c248c pci_slot_attr_store+0x3c/0x60
[c000000fe8217c70] c0000000002d6494 sysfs_kf_write+0x94/0xc0
[c000000fe8217cb0] c0000000002d50f0 kernfs_fop_write+0x180/0x260
[c000000fe8217d00] c0000000002334a0 __vfs_write+0x40/0x190
[c000000fe8217d90] c000000000234738 vfs_write+0xc8/0x240
[c000000fe8217de0] c000000000236250 SyS_write+0x60/0x110
[c000000fe8217e30] c000000000009524 system_call+0x38/0x108
It fixes the kernel crash by bypassing releasing resources (DMA,
IO and memory segments, PELTM) because there are no resources assigned
to the slave PE.
Fixes: c5f7700bbd ("powerpc/powernv: Dynamically release PE")
Reported-by: Frederic Barrat <fbarrat@linux.vnet.ibm.com>
Signed-off-by: Gavin Shan <gwshan@linux.vnet.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
When using the OPAL ICP backend we incorrectly pass Linux CPU numbers
rather than HW CPU numbers to OPAL.
Fixes: d74361881f ("powerpc/xics: Add ICP OPAL backend")
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
On ppc64le, builds with CONFIG_KEXEC=n fail with:
arch/powerpc/platforms/pseries/setup.c: In function ‘pseries_big_endian_exceptions’:
arch/powerpc/platforms/pseries/setup.c:403:13: error: implicit declaration of function ‘kdump_in_progress’
if (rc && !kdump_in_progress())
This is because pseries/setup.c includes <linux/kexec.h>, but
kdump_in_progress() is defined in <asm/kexec.h>. This is a problem
because the former only includes the latter if CONFIG_KEXEC_CORE=y.
Fix it by including <asm/kexec.h> directly, as is done in powernv/setup.c.
Fixes: d3cbff1b5a ("powerpc: Put exception configuration in a common place")
Signed-off-by: Thiago Jung Bauermann <bauerman@linux.vnet.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
7985e7c100 ("iio: Introduce a new fractional value type") introduced a
new IIO_VAL_FRACTIONAL value type meant to represent rational type numbers
expressed by a numerator and denominator combination.
Formating of IIO_VAL_FRACTIONAL values relies upon do_div() usage. This
fails handling negative values properly since parameters are reevaluated
as unsigned values.
Fix this by using div_s64_rem() instead. Computed integer part will carry
properly signed value. Formatted fractional part will always be positive.
Fixes: 7985e7c100 ("iio: Introduce a new fractional value type")
Signed-off-by: Gregor Boirie <gregor.boirie@parrot.com>
Reviewed-by: Lars-Peter Clausen <lars@metafoo.de>
Cc: <Stable@vger.kernel.org>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
A recent fix to iio_buffer_read_first_n_outer removed ret from being set by
a return from wait_event_interruptible and also added a continue in a loop
which causes the variable ret to not be set when it reaches the end of the
loop. Fix this by initializing ret to zero.
Also remove extraneous white space at the end of the loop.
Fixes: fcf68f3c0b ("fix sched WARNING "do not call blocking ops when !TASK_RUNNING")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Cc: <Stable@vger.kernel.org>
Signed-off-by: Jonathan Cameron <jic23@kernel.org>
Pull crypto fixes from Herbert Xu:
"This fixes a regression in the cryptd code that breaks certain
accelerated AED algorithms as well as an older regression in the
caam driver that breaks IPsec"
* 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
crypto: caam - fix IV loading for authenc (giv)decryption
crypto: cryptd - Use correct tfm object for AEAD tracking
Pull kbuild fix from Michal Marek:
"Fix for 'make deb-pkg'. The bug got introduced in v4.8-rc1"
* 'rc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild:
builddeb: Skip gcc-plugins when not configured
When replaying extents, there is no need to update bytes_may_use
in btrfs_alloc_logged_file_extent(), otherwise it'll trigger a
WARN_ON about bytes_may_use.
Fixes: ("btrfs: update btrfs_space_info's bytes_may_use timely")
Signed-off-by: Wang Xiaoguang <wangxg.fnst@cn.fujitsu.com>
Reviewed-by: Josef Bacik <jbacik@fb.com>
Signed-off-by: David Sterba <dsterba@suse.com>
of_clk_init() ends up calling into pm_qos_update_request() very early
during boot where irq is expected to stay disabled.
pm_qos_update_request() uses cancel_delayed_work_sync() which
correctly assumes that irq is enabled on invocation and
unconditionally disables and re-enables it.
Gate cancel_delayed_work_sync() invocation with kevented_up() to avoid
enabling irq unexpectedly during early boot.
Signed-off-by: Tejun Heo <tj@kernel.org>
Reported-and-tested-by: Qiao Zhou <qiaozhou@asrmicro.com>
Link: http://lkml.kernel.org/r/d2501c4c-8e7b-bea3-1b01-000b36b5dfe9@asrmicro.com
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Commit f3c4ebe65e ("ceph: using hash value to compose dentry offset")
modified "if (fpos_frag(new_pos) != fi->frag)" to "if (fi->frag |=
fpos_frag(new_pos))" in need_reset_readdir(), thus replacing a
comparison operator with an assignment one.
This looks like a typo which is reported by clang when building the
kernel with some warning flags:
fs/ceph/dir.c:600:22: error: using the result of an assignment as a
condition without parentheses [-Werror,-Wparentheses]
} else if (fi->frag |= fpos_frag(new_pos)) {
~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~
fs/ceph/dir.c:600:22: note: place parentheses around the assignment
to silence this warning
} else if (fi->frag |= fpos_frag(new_pos)) {
^
( )
fs/ceph/dir.c:600:22: note: use '!=' to turn this compound
assignment into an inequality comparison
} else if (fi->frag |= fpos_frag(new_pos)) {
^~
!=
Fixes: f3c4ebe65e ("ceph: using hash value to compose dentry offset")
Signed-off-by: Nicolas Iooss <nicolas.iooss_linux@m4x.org>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>