Commit Graph

548295 Commits

Author SHA1 Message Date
Linus Torvalds
32b88194f7 Linux 4.3-rc7 2015-10-25 10:39:47 +09:00
Dave Airlie
22ca7ca52e Merge branch 'vmwgfx-fixes-4.3' of git://people.freedesktop.org/~thomash/linux
I'm not sure whether this patch comes in too late, but it would be good to
have it in. It stabilizes command submission in case of command buffer errors.

* 'vmwgfx-fixes-4.3' of git://people.freedesktop.org/~thomash/linux:
  drm/vmwgfx: Stabilize the command buffer submission code
2015-10-25 05:02:33 +10:00
Dave Airlie
aef8cc9035 Merge branch 'drm-fixes-4.3' of git://people.freedesktop.org/~agd5f/linux
Two regression fixes and a memory leak fix for amdgpu and radeon.

* 'drm-fixes-4.3' of git://people.freedesktop.org/~agd5f/linux:
  drm/amdgpu: don't try to recreate sysfs entries on resume
  drm/radeon: don't try to recreate sysfs entries on resume
  drm/amdgpu: stop leaking page flip fence
2015-10-25 05:01:57 +10:00
NeilBrown
8bce6d35b3 md/raid10: fix the 'new' raid10 layout to work correctly.
In Linux 3.9 we introduce a new 'far' layout for RAID10 which was
supposed to rotate the replicas differently and so provide better
resilience.  In particular it could survive more combinations of 2
drive failures.

Unfortunately. due to a coding error, this some did what was wanted,
sometimes improved less than we hoped, and sometimes - in very
unlikely circumstances - put multiple replicas on the same device so
the redundancy was harmed.

No public user-space tool has created arrays using this layout so it
is very unlikely that zero-redundancy arrays actually exist.  Probably
no arrays using any form of the new layout exist.  But we cannot be
certain.

So use another bit in the 'layout' number and introduce a bug-fixed
version of the layout.
Also when assembling an array, if it has a zero-redundancy layout,
give a warning.

Reported-by: Heinz Mauelshagen <heinzm@redhat.com>
Signed-off-by: NeilBrown <neilb@suse.com>
2015-10-24 16:24:25 +11:00
NeilBrown
c340702ca2 md/raid10: don't clear bitmap bit when bad-block-list write fails.
When a write fails and a bad-block-list is present, we can
update the bad-block-list instead of writing the data.  If
this succeeds then it is OK clear the relevant bitmap-bit as
no further 'sync' of the block is needed.

However if writing the bad-block-list fails then we need to
treat the write as failed and particularly must not clear
the bitmap bit.  Otherwise the device can be re-added (after
any hardware connection issues are resolved) and because the
relevant bit in the bitmap is clear, that block will not be
resynced.  This leads to data corruption.

We already delay the final bio_endio() on the write until
the bad-block-list is written so that when the write
returns: either that data is safe, the bad-block record is
safe, or the fact that the device is faulty is safe.
However we *don't* delay the clearing of the bitmap, so the
bitmap bit can be recorded as cleared before we know if the
bad-block-list was written safely.

So: delay that until the write really is safe.
i.e. move the call to close_write() until just before
calling bio_endio(), and recheck the 'is array degraded'
status before making that call.

This bug goes back to v3.1 when bad-block-lists were
introduced, though it only affects arrays created with
mdadm-3.3 or later as only those have bad-block lists.

Backports will require at least
Commit: 95af587e95 ("md/raid10: ensure device failure recorded before write request returns.")
as well.  I'll send that to 'stable' separately.

Note that of the two tests of R10BIO_WriteError that this
patch adds, the first is certain to fail and the second is
certain to succeed.  However doing it this way makes the
patch more obviously correct.  I will tidy the code up in a
future merge window.

Reported-by: Nate Dailey <nate.dailey@stratus.com>
Fixes: bd870a16c5 ("md/raid10:  Handle write errors by updating badblock log.")
Signed-off-by: NeilBrown <neilb@suse.com>
2015-10-24 16:24:23 +11:00
NeilBrown
bd8688a199 md/raid1: don't clear bitmap bit when bad-block-list write fails.
When a write fails and a bad-block-list is present, we can
update the bad-block-list instead of writing the data.  If
this succeeds then it is OK clear the relevant bitmap-bit as
no further 'sync' of the block is needed.

However if writing the bad-block-list fails then we need to
treat the write as failed and particularly must not clear
the bitmap bit.  Otherwise the device can be re-added (after
any hardware connection issues are resolved) and because the
relevant bit in the bitmap is clear, that block will not be
resynced.  This leads to data corruption.

We already delay the final bio_endio() on the write until
the bad-block-list is written so that when the write
returns: either that data is safe, the bad-block record is
safe, or the fact that the device is faulty is safe.
However we *don't* delay the clearing of the bitmap, so the
bitmap bit can be recorded as cleared before we know if the
bad-block-list was written safely.

So: delay that until the write really is safe.
i.e. move the call to close_write() until just before
calling bio_endio(), and recheck the 'is array degraded'
status before making that call.

This bug goes back to v3.1 when bad-block-lists were
introduced, though it only affects arrays created with
mdadm-3.3 or later as only those have bad-block lists.

Backports will require at least
Commit: 55ce74d4bf ("md/raid1: ensure device failure recorded before write request returns.")
as well.  I'll send that to 'stable' separately.

Note that of the two tests of R1BIO_WriteError that this
patch adds, the first is certain to fail and the second is
certain to succeed.  However doing it this way makes the
patch more obviously correct.  I will tidy the code up in a
future merge window.

Reported-and-tested-by: Nate Dailey <nate.dailey@stratus.com>
Cc: Jes Sorensen <Jes.Sorensen@redhat.com>
Fixes: cd5ff9a16f ("md/raid1:  Handle write errors by updating badblock log.")
Signed-off-by: NeilBrown <neilb@suse.com>
2015-10-24 16:24:22 +11:00
Linus Torvalds
018155365d USB fixes for 4.3-rc7
Here are 3 xhci driver fixes for reported issues for 4.3-rc7
 
 All have been in linux-next for a while with no problems.
 
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iEYEABECAAYFAlYqpLcACgkQMUfUDdst+ylc+QCeKeLrR9st7HlULaq1Nxn5HMUE
 nFwAn1rb/bF3IjtsJvY4a6owwIIiqzLD
 =Vg7+
 -----END PGP SIGNATURE-----

Merge tag 'usb-4.3-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb

Pull USB fixes from Greg KH:
 "Here are three xhci driver fixes for reported issues for 4.3-rc7

  All have been in linux-next for a while with no problems"

* tag 'usb-4.3-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb:
  xhci: Add spurious wakeup quirk for LynxPoint-LP controllers
  xhci: handle no ping response error properly
  xhci: don't finish a TD if we get a short transfer event mid TD
2015-10-24 07:52:59 +09:00
Linus Torvalds
dd5ae6818c tty/serial fixes for 4.3-rc7
Here are two fixes that resolve reported issues, one with the 8250
 driver, and the other with the generic fbcon driver.
 
 Both have been in linux-next for a while.
 
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iEYEABECAAYFAlYqpWsACgkQMUfUDdst+yn4KgCgh7vFSjdHZa2wgKUz+kIgySRb
 CK0An2+SwlC4Z8lQAYGhF2XEBjEcTc2b
 =I32U
 -----END PGP SIGNATURE-----

Merge tag 'tty-4.3-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty

Pull tty/serial fixes from Greg KH:
 "Here are two fixes that resolve reported issues, one with the 8250
  driver, and the other with the generic fbcon driver.

  Both have been in linux-next for a while"

* tag 'tty-4.3-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty:
  fbcon: initialize blink interval before calling fb_set_par
  Revert "serial: 8250_dma: don't bother DMA with small transfers"
2015-10-24 07:52:09 +09:00
Linus Torvalds
4ee8019d3f staging driver fixes for 4.3-rc7
Here are 4 iio driver fixes for 4.3-rc7, fixing some reported issues.
 All of these have been in linux-next for a while.
 
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iEYEABECAAYFAlYqpboACgkQMUfUDdst+ynA4wCdHD56pe0cNCX4yNrcLMlXqVSK
 7tUAoIMVLgr3Q8NOWhfGEyKIV5WBDd4U
 =bEcI
 -----END PGP SIGNATURE-----

Merge tag 'staging-4.3-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging

Pull staging driver fixes from Greg KH:
 "Here are four iio driver fixes for 4.3-rc7, fixing some reported
  issues.  All of these have been in linux-next for a while"

* tag 'staging-4.3-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging:
  iio: mxs-lradc: Fix temperature offset
  iio: accel: sca3000: memory corruption in sca3000_read_first_n_hw_rb()
  iio: st_accel: fix interrupt handling on LIS3LV02
  iio: adc: twl4030: Fix ADC[3:6] readings
2015-10-24 07:51:13 +09:00
Linus Torvalds
410694e214 Changes for 4.3-rc6
6 serious fixes:
 
 1) Hold the mutex around the find and corresponding update of our gid
 2) The ifa list is rcu protected, copy its contents under rcu to avoid
    using a freed structure
 3) On error, netdev might be null, so check it before trying to release it
 4) On init, if workqueue alloc fails, fail init
 5) The new demux patches exposed a bug in mlx5 and ipath drivers, we need
    to use the payload P_Key to determine the P_Key the packet arrived on
    because the hardware doesn't tell us the truth
 6) Due to a couple convoluted error flows, it is possible for the CM to
    trigger a use_after_free and a double_free of rb nodes.  Add two
    checks to prevent that.  This code has worked for 10+ years.  It is
    likely that some of the recent changes have caused this issue to
    surface.  The current patch will protect us from nasty events for
    now while we track down why this is just now showing up.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJWJ+zYAAoJELgmozMOVy/dpvIP/iDBxRy0tw8jRdJQNF7EUZ5S
 a40aXun/J7Ywl6znvWG/WepDriMDe/9n9qIll8ObZtn7VuNlCZhp/7fx0Bn+fVnR
 c4j1cIdhWeja7Wg1xI6K75kXzae8hIwn8aombaFwf4NhUH6qkqGMt72Wp0Y9KeIv
 d903VyDwEJgETLAgUPaS1STurEuYcQocESvuer66Qp704Q+EhSbYKf9UgiRT6bOm
 36ilI5vxtpPeDpI/YT4ubyD2R7r6XPTGRGs3R6/3W6vRaGLNJ6jq4+Fhthx137G2
 NoddGmBdxemt2u0hWwLKcMGb5JNFbOoHuOrJmH9AZO6OyIH8XzILeEiXosdRjX/d
 U7OC29fE1Ge5wBNwwm+rJx79HgOVyu1vc5AlcE8vbtImIugJT8OzNIbZoAMcm8CB
 RUieyn78PGrkZ1KjCbVpiJ7u6S07LBLq/GqPHTnZ7aen3klP3pm8rAfskM7quEvf
 UD3kFP3kFQKZ8PG0Q27XtkKixoBU0vie9YgF2ZLBbEfJpJDKT9HF3lr1nP2AjN2a
 23FxUMzFCncE2ewA7tXwbHkCY7x5zn/Og0xdbRKdw/q/EvVu9VLZz/eTASLT+we0
 v3YZQdkdSnU0rwULZY+26h1PeHba/aoeoN6x/tmlKLQvaCfhkAsoXDl+MGfY4oLk
 1f5iWBgn4kseBXg+N/c9
 =fpXl
 -----END PGP SIGNATURE-----

Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma

Pull infiniband fixes from Doug Ledford:
 "It's late in the game, I know, but these fixes seemed important enough
  to warrant a late pull request.  They all involve oopses or use after
  frees or corruptions.

  Six serious fixes:

   - Hold the mutex around the find and corresponding update of our gid

   - The ifa list is rcu protected, copy its contents under rcu to avoid
     using a freed structure

   - On error, netdev might be null, so check it before trying to
     release it

   - On init, if workqueue alloc fails, fail init

   - The new demux patches exposed a bug in mlx5 and ipath drivers, we
     need to use the payload P_Key to determine the P_Key the packet
     arrived on because the hardware doesn't tell us the truth

   - Due to a couple convoluted error flows, it is possible for the CM
     to trigger a use_after_free and a double_free of rb nodes.  Add two
     checks to prevent that.  This code has worked for 10+ years.  It is
     likely that some of the recent changes have caused this issue to
     surface.  The current patch will protect us from nasty events for
     now while we track down why this is just now showing up"

* tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma:
  IB/cm: Fix rb-tree duplicate free and use-after-free
  IB/cma: Use inner P_Key to determine netdev
  IB/ucma: check workqueue allocation before usage
  IB/cma: Potential NULL dereference in cma_id_from_event
  IB/core: Fix use after free of ifa
  IB/core: Fix memory corruption in ib_cache_gid_set_default_gid
2015-10-24 07:28:05 +09:00
Linus Torvalds
35df017c4d Three stable fixes (two in btree code used by DM thinp and one to
properly store flags in DM cache metadata's superblock).
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJWKneZAAoJEMUj8QotnQNahVIIAKNJ5kkOLTtlZqKeio0b6DmE
 utvbNIbcesuBkg4rA67kDBgrTpxFiwaIyC5CBc9dEKzjJY9L+gJ59nXbLWKKu9N1
 qBQOlnuYx/fdREDe00HObwZ7Fiw9ofBU71hdrZsHtntHHULEOBqFvnynglZA33Nb
 vtBiupwO84uMY9eQdBhZudIb+F3PFF5uBkLfwlhaDmCugUdA9bivz0/P+7x6/Lt5
 R25+3D0gF2gXU060An2ZBJaenkSMPYBoWGtpK6TJkQzlNMODc8y9opt0hsEwIJT8
 A7TsJRXkjWPPA+DlVlqUd3yWpMKlBaC8o+TB1HvpfGqqCxiZQm7PgxNX8d/yd+E=
 =7+lz
 -----END PGP SIGNATURE-----

Merge tag 'dm-4.3-fixes-4' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm

Pull device mapper fixes from Mike Snitzer:
 "Three stable fixes (two in btree code used by DM thinp and one to
  properly store flags in DM cache metadata's superblock)"

* tag 'dm-4.3-fixes-4' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm:
  dm cache: the CLEAN_SHUTDOWN flag was not being set
  dm btree: fix leak of bufio-backed block in btree_split_beneath error path
  dm btree remove: fix a bug when rebalancing nodes after removal
2015-10-24 07:23:52 +09:00
Linus Torvalds
ea1ee5ff1b Merge branch 'for-linus' of git://git.kernel.dk/linux-block
Pull block layer fixes from Jens Axboe:
 "A final set of fixes for 4.3.

  It is (again) bigger than I would have liked, but it's all been
  through the testing mill and has been carefully reviewed by multiple
  parties.  Each fix is either a regression fix for this cycle, or is
  marked stable.  You can scold me at KS.  The pull request contains:

   - Three simple fixes for NVMe, fixing regressions since 4.3.  From
     Arnd, Christoph, and Keith.

   - A single xen-blkfront fix from Cathy, fixing a NULL dereference if
     an error is returned through the staste change callback.

   - Fixup for some bad/sloppy code in nbd that got introduced earlier
     in this cycle.  From Markus Pargmann.

   - A blk-mq tagset use-after-free fix from Junichi.

   - A backing device lifetime fix from Tejun, fixing a crash.

   - And finally, a set of regression/stable fixes for cgroup writeback
     from Tejun"

* 'for-linus' of git://git.kernel.dk/linux-block:
  writeback: remove broken rbtree_postorder_for_each_entry_safe() usage in cgwb_bdi_destroy()
  NVMe: Fix memory leak on retried commands
  block: don't release bdi while request_queue has live references
  nvme: use an integer value to Linux errno values
  blk-mq: fix use-after-free in blk_mq_free_tag_set()
  nvme: fix 32-bit build warning
  writeback: fix incorrect calculation of available memory for memcg domains
  writeback: memcg dirty_throttle_control should be initialized with wb->memcg_completions
  writeback: bdi_writeback iteration must not skip dying ones
  writeback: fix bdi_writeback iteration in wakeup_dirtytime_writeback()
  writeback: laptop_mode_timer_fn() needs rcu_read_lock() around bdi_writeback iteration
  nbd: Add locking for tasks
  xen-blkfront: check for null drvdata in blkback_changed (XenbusStateClosing)
2015-10-24 07:20:57 +09:00
Linus Torvalds
ef594c421a Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client
Pull Ceph fixes from Sage Weil:
 "Two fixes.

  One is a stopgap to prevent a stack blowout when users have a deep
  chain of image clones.  (We'll rewrite this code to be non-recursive
  for the next window, but in the meantime this is a simple fix that
  avoids a crash.)

  The second fixes a refcount underflow"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client:
  rbd: prevent kernel stack blow up on rbd map
  rbd: don't leak parent_spec in rbd_dev_probe_parent()
2015-10-24 07:19:33 +09:00
Linus Torvalds
37902bc190 Merge branch 'for-linus-4.3' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs
Pull btrfs fixes from Chris Mason:
 "I have two more small fixes this week:

  Qu's fix avoids unneeded COW during fallocate, and Christian found a
  memory leak in the error handling of an earlier fix"

* 'for-linus-4.3' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs:
  btrfs: fix possible leak in btrfs_ioctl_balance()
  btrfs: Avoid truncate tailing page if fallocate range doesn't exceed inode size
2015-10-24 07:17:58 +09:00
Vladimir Zapolskiy
5dd32eae60 i2c: pnx: fix runtime warnings caused by enabling unprepared clock
The driver can not be used on a platform with common clock framework
until clk_prepare/clk_unprepare calls are added, otherwise clk_enable
calls will fail and a WARN is generated.

Signed-off-by: Vladimir Zapolskiy <vz@mleia.com>
Signed-off-by: Wolfram Sang <wsa@the-dreams.de>
2015-10-23 22:26:28 +02:00
Joe Thornber
3201ac452e dm cache: the CLEAN_SHUTDOWN flag was not being set
If the CLEAN_SHUTDOWN flag is not set when a cache is loaded then all cache
blocks are marked as dirty and a full writeback occurs.

__commit_transaction() is responsible for setting/clearing
CLEAN_SHUTDOWN (based the flags_mutator that is passed in).

Fix this issue, of the cache's on-disk flags being wrong, by making sure
__commit_transaction() does not reset the flags after the mutator has
altered the flags in preparation for them being serialized to disk.

before:

sb_flags = mutator(le32_to_cpu(disk_super->flags));
disk_super->flags = cpu_to_le32(sb_flags);
disk_super->flags = cpu_to_le32(cmd->flags);

after:

disk_super->flags = cpu_to_le32(cmd->flags);
sb_flags = mutator(le32_to_cpu(disk_super->flags));
disk_super->flags = cpu_to_le32(sb_flags);

Reported-by: Bogdan Vasiliev <bogdan.vasiliev@gmail.com>
Signed-off-by: Joe Thornber <ejt@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Cc: stable@vger.kernel.org
2015-10-23 14:02:56 -04:00
Mike Snitzer
4dcb8b57df dm btree: fix leak of bufio-backed block in btree_split_beneath error path
btree_split_beneath()'s error path had an outstanding FIXME that speaks
directly to the potential for _not_ cleaning up a previously allocated
bufio-backed block.

Fix this by releasing the previously allocated bufio block using
unlock_block().

Reported-by: Mikulas Patocka <mpatocka@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Acked-by: Joe Thornber <thornber@redhat.com>
Cc: stable@vger.kernel.org
2015-10-23 14:02:55 -04:00
Joe Thornber
2871c69e02 dm btree remove: fix a bug when rebalancing nodes after removal
Commit 4c7e309340 ("dm btree remove: fix bug in redistribute3") wasn't
a complete fix for redistribute3().

The redistribute3 function takes 3 btree nodes and shares out the entries
evenly between them.  If the three nodes in total contained
(MAX_ENTRIES * 3) - 1 entries between them then this was erroneously getting
rebalanced as (MAX_ENTRIES - 1) on the left and right, and (MAX_ENTRIES + 1) in
the center.

Fix this issue by being more careful about calculating the target number
of entries for the left and right nodes.

Unit tested in userspace using this program:
https://github.com/jthornber/redistribute3-test/blob/master/redistribute3_t.c

Signed-off-by: Joe Thornber <ejt@redhat.com>
Signed-off-by: Mike Snitzer <snitzer@redhat.com>
Cc: stable@vger.kernel.org
2015-10-23 14:02:55 -04:00
Ilya Dryomov
6d69bb536b rbd: prevent kernel stack blow up on rbd map
Mapping an image with a long parent chain (e.g. image foo, whose parent
is bar, whose parent is baz, etc) currently leads to a kernel stack
overflow, due to the following recursion in the reply path:

  rbd_osd_req_callback()
    rbd_obj_request_complete()
      rbd_img_obj_callback()
        rbd_img_parent_read_callback()
          rbd_obj_request_complete()
            ...

Limit the parent chain to 16 images, which is ~5K worth of stack.  When
the above recursion is eliminated, this limit can be lifted.

Fixes: http://tracker.ceph.com/issues/12538

Cc: stable@vger.kernel.org # 3.10+, needs backporting for < 4.2
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Reviewed-by: Josh Durgin <jdurgin@redhat.com>
2015-10-23 18:37:24 +02:00
Ilya Dryomov
1f2c6651f6 rbd: don't leak parent_spec in rbd_dev_probe_parent()
Currently we leak parent_spec and trigger a "parent reference
underflow" warning if rbd_dev_create() in rbd_dev_probe_parent() fails.
The problem is we take the !parent out_err branch and that only drops
refcounts; parent_spec that would've been freed had we called
rbd_dev_unparent() remains and triggers rbd_warn() in
rbd_dev_parent_put() - at that point we have parent_spec != NULL and
parent_ref == 0, so counter ends up being -1 after the decrement.

Redo rbd_dev_probe_parent() to fix this.

Cc: stable@vger.kernel.org # 3.10+, needs backporting for < 4.2
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Reviewed-by: Alex Elder <elder@linaro.org>
2015-10-23 18:36:03 +02:00
Alex Deucher
c86f5ebfbd drm/amdgpu: don't try to recreate sysfs entries on resume
Fixes an error on resume caused by:
fa022a9b65

Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
2015-10-23 10:45:35 -04:00
Alex Deucher
49abb26651 drm/radeon: don't try to recreate sysfs entries on resume
Fixes a harmless error message caused by:
51a4726b04

Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
2015-10-23 10:38:52 -04:00
Christian König
5c92d87d30 drm/amdgpu: stop leaking page flip fence
reservation_object_get_fences_rcu already takes the references.

Signed-off-by: Christian König <christian.koenig@amd.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Reviewed-by: Chunming Zhou <david1.zhou@amd.com>
Reviewed-by: Jammy Zhou <Jammy.Zhou@amd.com>
2015-10-23 10:30:44 -04:00
Linus Torvalds
0386729247 Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull x86 fixes from Ingo Molnar:
 "Misc fixes: two KASAN fixes, two EFI boot fixes, two boot-delay
  optimization fixes, and a fix for a IRQ handling hang observed on
  virtual platforms"

* 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  x86/mm, kasan: Silence KASAN warnings in get_wchan()
  compiler, atomics, kasan: Provide READ_ONCE_NOCHECK()
  x86, kasan: Fix build failure on KASAN=y && KMEMCHECK=y kernels
  x86/smpboot: Fix CPU #1 boot timeout
  x86/smpboot: Fix cpu_init_udelay=10000 corner case boot parameter misbehavior
  x86/ioapic: Disable interrupts when re-routing legacy IRQs
  x86/setup: Extend low identity map to cover whole kernel range
  x86/efi: Fix multiple GOP device support
2015-10-23 22:34:32 +09:00
Linus Torvalds
df55793680 Merge branch 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull scheduler fixes from Ingo Molnar:
 "Misc fixes all around the map: an instrumentation fix, a nohz
  usability fix, a lockdep annotation fix and two task group scheduling
  fixes"

* 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  sched/core: Add missing lockdep_unpin() annotations
  sched/deadline: Fix migration of SCHED_DEADLINE tasks
  nohz: Revert "nohz: Set isolcpus when nohz_full is set"
  sched/fair: Update task group's load_avg after task migration
  sched/fair: Fix overly small weight for interactive group entities
  sched, tracing: Stop/start critical timings around the idle=poll idle loop
2015-10-23 22:31:39 +09:00
Li RongQing
ce9d9b8e5c net: sysctl: fix a kmemleak warning
the returned buffer of register_sysctl() is stored into net_header
variable, but net_header is not used after, and compiler maybe
optimise the variable out, and lead kmemleak reported the below warning

	comm "swapper/0", pid 1, jiffies 4294937448 (age 267.270s)
	hex dump (first 32 bytes):
	90 38 8b 01 c0 ff ff ff 00 00 00 00 01 00 00 00 .8..............
	01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
	backtrace:
	[<ffffffc00020f134>] create_object+0x10c/0x2a0
	[<ffffffc00070ff44>] kmemleak_alloc+0x54/0xa0
	[<ffffffc0001fe378>] __kmalloc+0x1f8/0x4f8
	[<ffffffc00028e984>] __register_sysctl_table+0x64/0x5a0
	[<ffffffc00028eef0>] register_sysctl+0x30/0x40
	[<ffffffc00099c304>] net_sysctl_init+0x20/0x58
	[<ffffffc000994dd8>] sock_init+0x10/0xb0
	[<ffffffc0000842e0>] do_one_initcall+0x90/0x1b8
	[<ffffffc000966bac>] kernel_init_freeable+0x218/0x2f0
	[<ffffffc00070ed6c>] kernel_init+0x1c/0xe8
	[<ffffffc000083bfc>] ret_from_fork+0xc/0x50
	[<ffffffffffffffff>] 0xffffffffffffffff <<end check kmemleak>>

Before fix, the objdump result on ARM64:
0000000000000000 <net_sysctl_init>:
   0:   a9be7bfd        stp     x29, x30, [sp,#-32]!
   4:   90000001        adrp    x1, 0 <net_sysctl_init>
   8:   90000000        adrp    x0, 0 <net_sysctl_init>
   c:   910003fd        mov     x29, sp
  10:   91000021        add     x1, x1, #0x0
  14:   91000000        add     x0, x0, #0x0
  18:   a90153f3        stp     x19, x20, [sp,#16]
  1c:   12800174        mov     w20, #0xfffffff4                // #-12
  20:   94000000        bl      0 <register_sysctl>
  24:   b4000120        cbz     x0, 48 <net_sysctl_init+0x48>
  28:   90000013        adrp    x19, 0 <net_sysctl_init>
  2c:   91000273        add     x19, x19, #0x0
  30:   9101a260        add     x0, x19, #0x68
  34:   94000000        bl      0 <register_pernet_subsys>
  38:   2a0003f4        mov     w20, w0
  3c:   35000060        cbnz    w0, 48 <net_sysctl_init+0x48>
  40:   aa1303e0        mov     x0, x19
  44:   94000000        bl      0 <register_sysctl_root>
  48:   2a1403e0        mov     w0, w20
  4c:   a94153f3        ldp     x19, x20, [sp,#16]
  50:   a8c27bfd        ldp     x29, x30, [sp],#32
  54:   d65f03c0        ret
After:
0000000000000000 <net_sysctl_init>:
   0:   a9bd7bfd        stp     x29, x30, [sp,#-48]!
   4:   90000000        adrp    x0, 0 <net_sysctl_init>
   8:   910003fd        mov     x29, sp
   c:   a90153f3        stp     x19, x20, [sp,#16]
  10:   90000013        adrp    x19, 0 <net_sysctl_init>
  14:   91000000        add     x0, x0, #0x0
  18:   91000273        add     x19, x19, #0x0
  1c:   f90013f5        str     x21, [sp,#32]
  20:   aa1303e1        mov     x1, x19
  24:   12800175        mov     w21, #0xfffffff4                // #-12
  28:   94000000        bl      0 <register_sysctl>
  2c:   f9002260        str     x0, [x19,#64]
  30:   b40001a0        cbz     x0, 64 <net_sysctl_init+0x64>
  34:   90000014        adrp    x20, 0 <net_sysctl_init>
  38:   91000294        add     x20, x20, #0x0
  3c:   9101a280        add     x0, x20, #0x68
  40:   94000000        bl      0 <register_pernet_subsys>
  44:   2a0003f5        mov     w21, w0
  48:   35000080        cbnz    w0, 58 <net_sysctl_init+0x58>
  4c:   aa1403e0        mov     x0, x20
  50:   94000000        bl      0 <register_sysctl_root>
  54:   14000004        b       64 <net_sysctl_init+0x64>
  58:   f9402260        ldr     x0, [x19,#64]
  5c:   94000000        bl      0 <unregister_sysctl_table>
  60:   f900227f        str     xzr, [x19,#64]
  64:   2a1503e0        mov     w0, w21
  68:   f94013f5        ldr     x21, [sp,#32]
  6c:   a94153f3        ldp     x19, x20, [sp,#16]
  70:   a8c37bfd        ldp     x29, x30, [sp],#48
  74:   d65f03c0        ret

Add the possible error handle to free the net_header to remove the
kmemleak warning

Signed-off-by: Li RongQing <roy.qing.li@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-10-23 06:22:08 -07:00
Linus Torvalds
9f30931a54 Merge branch 'akpm' (patches from Andrew)
Merge fixes from Andrew Morton:
 "9 fixes"

* emailed patches from Andrew Morton <akpm@linux-foundation.org>:
  ocfs2/dlm: unlock lockres spinlock before dlm_lockres_put
  fault-inject: fix inverted interval/probability values in printk
  lib/Kconfig.debug: disable -Wframe-larger-than warnings with KASAN=y
  mm: make sendfile(2) killable
  thp: use is_zero_pfn() only after pte_present() check
  mailmap: update Javier Martinez Canillas' email
  MAINTAINERS: add Sergey as zsmalloc reviewer
  mm: cma: fix incorrect type conversion for size during dma allocation
  kmod: don't run async usermode helper as a child of kworker thread
2015-10-23 22:10:51 +09:00
Guillaume Nault
1acea4f6ce ppp: fix pppoe_dev deletion condition in pppoe_release()
We can't rely on PPPOX_ZOMBIE to decide whether to clear po->pppoe_dev.
PPPOX_ZOMBIE can be set by pppoe_disc_rcv() even when po->pppoe_dev is
NULL. So we have no guarantee that (sk->sk_state & PPPOX_ZOMBIE) implies
(po->pppoe_dev != NULL).
Since we're releasing a PPPoE socket, we want to release the pppoe_dev
if it exists and reset sk_state to PPPOX_DEAD, no matter the previous
value of sk_state. So we can just check for po->pppoe_dev and avoid any
assumption on sk->sk_state.

Fixes: 2b018d57ff ("pppoe: drop PPPOX_ZOMBIEs in pppoe_release")
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-10-23 03:30:01 -07:00
Li RongQing
f6b8dec998 af_key: fix two typos
Signed-off-by: Li RongQing <roy.qing.li@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-10-23 03:05:19 -07:00
Peter Zijlstra
0aaafaabfc sched/core: Add missing lockdep_unpin() annotations
Luca and Wanpeng reported two missing annotations that led to
false lockdep complaints. Add the missing annotations.

Reported-by: Luca Abeni <luca.abeni@unitn.it>
Reported-by: Wanpeng Li <wanpeng.li@hotmail.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Juri Lelli <juri.lelli@arm.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Mike Galbraith <efault@gmx.de>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Fixes: cbce1a6867 ("sched,lockdep: Employ lock pinning")
Link: http://lkml.kernel.org/r/20151023095008.GY17308@twins.programming.kicks-ass.net
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2015-10-23 12:02:10 +02:00
Lendacky, Thomas
20a41fba67 amd-xgbe: Use wmb before updating current descriptor count
The code currently uses the lightweight dma_wmb barrier before updating
the current descriptor count. Under heavy load, the Tx cleanup routine
was seeing the updated current descriptor count before the updated
descriptor information. As a result, the Tx descriptor was being cleaned
up before it was used because it was not "owned" by the hardware yet,
resulting in a Tx queue hang.

Using the wmb barrier insures that the descriptor is updated before the
descriptor counter preventing the Tx queue hang. For extra insurance,
the Tx cleanup routine is changed to grab the current decriptor count on
entry and uses that initial value in the processing loop rather than
trying to chase the current value.

Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Tested-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-10-23 02:59:04 -07:00
Nathan Sullivan
d2fd719bcb net/phy: micrel: Add workaround for bad autoneg
Very rarely, the KSZ9031 will appear to complete autonegotiation, but
will drop all traffic afterwards.  When this happens, the idle error
count will read 0xFF after autonegotiation completes.  Reset the PHY
when in that state.

Signed-off-by: Nathan Sullivan <nathan.sullivan@ni.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-10-23 02:57:26 -07:00
Linus Torvalds
a2c01ed5d4 powerpc fixes for 4.3 #4
- Revert "Use the POWER8 Micro Partition Prefetch Engine in KVM HV on POWER8" from Paul
  - Handle irq_happened flag correctly in off-line loop from Paul
  - Validate rtas.entry before calling enter_rtas() from Vasant
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJWKakXAAoJEFHr6jzI4aWAqwsP/22a8aq7SPuPaCK/c7u84aHg
 UkzYNdrC+osDvnrydqyJsmIojVLX+AsJ7TCbBZFaJ6oOuew9bVzmZ5mfNvOVn86H
 dCH2GMr4NbWbkO3SaFi6ZTUVGl7JyjEhf3uCtKGssa2+Do8FubK6Y88L1rhzFFdz
 l1Dx3Jp8CpGKcByQfwYyaNZhC/GEZ06pY36d362mLnyctxcQRYr5l+8boDH81nyE
 f89RE7baNPYOL0YOhZAh3ZilBrZ8DIAaesMXU8LUKFbLTBgWfVPkDy3l5a2m47oP
 V/Yi+oEQBkL/3Itth57iGWpl8vVkzF2MTu8Aep3BzHJXqXCliTzVVdXETW6NCdut
 Nss0xtnNdM18+0mhG3LzzdoZGi/Zb0SYz8j+nY5vE2nf7FDVFkAZzKHeW822zNaV
 A1PLJa+ei4jVhKtTp4wETjpUi+kw+ikM+rR1L1/+IKHbriLsRrj7Zw3xo6Em1KVq
 cI2g7DZLSzptIprxbEv9rNhb1VlBot4jc4mmGhmyMlwKDkpCxRkYVv+Ilfi6jCSc
 6llKTZfKqEV+0sXO6QISv8wfiye84jVTKOlkpQLvpugz9rBTpq8apmInVh4AHF2b
 wDRgs/iyOSZuz+UiPEHHXbW7ZfF2F7lqxxtQgJefiWLDsvBbsfnVTyDJsKibvWzb
 lxorlKx/tH/q4pNBjmoB
 =K7eA
 -----END PGP SIGNATURE-----

Merge tag 'powerpc-4.3-5' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux

Pull powerpc fixes from Michael Ellerman:

 - Revert "Use the POWER8 Micro Partition Prefetch Engine in KVM HV on
   POWER8" from Paul
 - Handle irq_happened flag correctly in off-line loop from Paul
 - Validate rtas.entry before calling enter_rtas() from Vasant

* tag 'powerpc-4.3-5' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
  powerpc/rtas: Validate rtas.entry before calling enter_rtas()
  powerpc/powernv: Handle irq_happened flag correctly in off-line loop
  powerpc: Revert "Use the POWER8 Micro Partition Prefetch Engine in KVM HV on POWER8"
2015-10-23 18:49:51 +09:00
David S. Miller
ec3661b422 Merge branch 'ipv6-overflow-arith'
Hannes Frederic Sowa says:

====================
overflow-arith: begin to add support for overflow builtins functions

I add a new header, linux/overflow-arith.h, as the central place to add
overflow and wrap-around checking functions. The reason I am doing so
is that it can make use of compiler supported builtin functions which
can leverage hardware.

As I need this for a fix in the ipv6 stack, which is also included in
this series, I propose to add it sooner than later over Davem's net
tree. This is also the reason why I start slowly with only the one
function I need at this time.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2015-10-23 02:49:41 -07:00
Hannes Frederic Sowa
b72a2b01b6 ipv6: protect mtu calculation of wrap-around and infinite loop by rounding issues
Raw sockets with hdrincl enabled can insert ipv6 extension headers
right into the data stream. In case we need to fragment those packets,
we reparse the options header to find the place where we can insert
the fragment header. If the extension headers exceed the link's MTU we
actually cannot make progress in such a case.

Instead of ending up in broken arithmetic or rounding towards 0 and
entering an endless loop in ip6_fragment, just prevent those cases by
aborting early and signal -EMSGSIZE to user space.

Reported-by: Dmitry Vyukov <dvyukov@google.com>
Cc: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-10-23 02:49:36 -07:00
Hannes Frederic Sowa
79907146fb overflow-arith: begin to add support for overflow builtin functions
The idea of the overflow-arith.h header is to collect overflow checking
functions in one central place.

If gcc compiler supports the __builtin_overflow_* builtins we use them
because they might give better performance, otherwise the code falls
back to normal overflow checking functions.

The builtin_overflow functions are supported by gcc-5 and clang. The
matter of supporting clang is to just provide a corresponding
CC_HAVE_BUILTIN_OVERFLOW, because the specific overflow checking builtins
don't differ between gcc and clang.

I just provide overflow_usub function here as I intend this to get merged
into net, more functions will definitely follow as they are needed.

Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-10-23 02:49:35 -07:00
Andrew Shewmaker
c80dbe0461 tcp: allow dctcp alpha to drop to zero
If alpha is strictly reduced by alpha >> dctcp_shift_g and if alpha is less
than 1 << dctcp_shift_g, then alpha may never reach zero. For example,
given shift_g=4 and alpha=15, alpha >> dctcp_shift_g yields 0 and alpha
remains 15. The effect isn't noticeable in this case below cwnd=137, but
could gradually drive uncongested flows with leftover alpha down to
cwnd=137. A larger dctcp_shift_g would have a greater effect.

This change causes alpha=15 to drop to 0 instead of being decrementing by 1
as it would when alpha=16. However, it requires one less conditional to
implement since it doesn't have to guard against subtracting 1 from 0U. A
decay of 15 is not unreasonable since an equal or greater amount occurs at
alpha >= 240.

Signed-off-by: Andrew G. Shewmaker <agshew@gmail.com>
Acked-by: Florian Westphal <fw@strlen.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-10-23 02:46:52 -07:00
lucien
ab997ad408 ipv6: fix the incorrect return value of throw route
The error condition -EAGAIN, which is signaled by throw routes, tells
the rules framework to walk on searching for next matches. If the walk
ends and we stop walking the rules with the result of a throw route we
have to translate the error conditions to -ENETUNREACH.

Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-10-23 02:38:18 -07:00
Linus Torvalds
d0ddf980d6 ARM: SoC fixes for 4.3-rc
Most of the changes this time are for incorrect device nodes in various
 ways, on on imx, berlin, exynos, ux500, uniphier, omap and meson.
 
 Chen-Yu Tsai now co-maintains mach-sunxi (Allwinner).
 
 Other bug fixes include
  * a partial revert of a broken tegra gpio patch
  * irq affinity for arm ccn
  * suspend on one Armada 385 machine
  * enable ZONE_DMA to avoid an OMAP crash for over 2GB RAM
  * turning on a regulator on beagleboard-x15 for HDMI
  * making the omap gpmc debug code visible
  * setup of orion network switch
  * a rare build regression for pxa
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIVAwUAVikCQmCrR//JCVInAQJFyw//e7DkURra1xRIHx2gh2oE3w13FSM492w9
 iCshJLDjRjRJ37S8m9ipjr7MCR6l4jzaB/TUJIjhS7eyRr9oIvuWRb5+sPMiUop6
 y5vd4vlmhcD2sE5vmG+GLlFLozPcMNSxsq95DjirxiCuCkbKzkeaHpTwjKf08DdI
 FFIYTsDhsKiVqh2L92y9y8ZqS6l76Z2llWt97FV8WG8/y3FX9T/kM5uC9TrS5tb8
 GggGk2Pm/LZas5CPH+yc9ihQ1lbdkCkPbZNwlYjutmm0axiIC1BojmYZSrsR6obd
 8Phwc7DkSbnPM8qAfvxmeyxvF2Th/ArNnVcrrEoavltGg6t3WPFgjiGXmXBU/IOw
 B+UwxzS1LmNdJMTOttVkr/XJR28mNqg9yMbwR5DKkzqbs2dxUVJbZV1DX9sbYPfx
 7JYdfkh/Tw2G+xeZEz157w16xPBxVK7toGIrVCPRpPXSANvF6P/QzPpJ09Wo4Fjp
 LVD2HTDmye2lNyLK5qq1Q1kIzueb7Jktf70XJZNk1p/8r9xUOhjaVHqAyfDtNZNe
 lLQtscQtx6BG2cv1bDaNaznFIzfJ9y1c+4odCILzi28V2Ji2qQ4SQ74jjVeAhsUc
 5Lm58P9a8YY++gmwwgh1a6l45zB/3d+/UTdD08F3lz6Jt0gKSZhSxni3QkvfAibd
 NB4FSTL0gLo=
 =3g0Z
 -----END PGP SIGNATURE-----

Merge tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc

Pull ARM SoC fixes from Arnd Bergmann:
 "Most of the changes this time are for incorrect device nodes in
  various ways, on on imx, berlin, exynos, ux500, uniphier, omap and
  meson.

  Chen-Yu Tsai now co-maintains mach-sunxi (Allwinner).

  Other bug fixes include
   - a partial revert of a broken tegra gpio patch
   - irq affinity for arm ccn
   - suspend on one Armada 385 machine
   - enable ZONE_DMA to avoid an OMAP crash for over 2GB RAM
   - turning on a regulator on beagleboard-x15 for HDMI
   - making the omap gpmc debug code visible
   - setup of orion network switch
   - a rare build regression for pxa"

* tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (22 commits)
  ARM: OMAP2+: Fix imprecise external abort caused by bogus SRAM init
  thermal: exynos: Fix register read in TMU
  ARM: OMAP2+: Fix oops with LPAE and more than 2GB of memory
  ARM: tegra: Comment out gpio-ranges properties
  ARM: dts: uniphier: fix IRQ number for devices on PH1-LD6b ref board
  drivers/perf: arm_pmu: avoid CPU device_node reference leak
  bus: arm-ccn: Fix irq affinity setting on CPU migration
  bus: arm-ccn: Handle correctly no-more-cpus case
  ARM: mvebu: correct a385-db-ap compatible string
  ARM: meson6: DTS: Fix wrong reg mapping and IRQ numbers
  MAINTAINERS: Update Allwinner entry and add new maintainer
  ARM: ux500: modify initial levelshifter status
  ARM: pxa: fix pxa3xx DFI lockup hack
  Documentation: ARM: List new omap MMC requirements
  memory: omap-gpmc: dump "before" state before first modification
  memory: omap-gpmc: Fix unselectable debug option for GPMC
  ARM: dts: am57xx-beagle-x15: set VDD_SD to always-on
  ARM: dts: Fix audio card detection on Peach boards
  ARM: EXYNOS: Fix double of_node_put() when parsing child power domains
  ARM: orion: Fix DSA platform device after mvmdio conversion
  ...
2015-10-23 18:38:00 +09:00
Jason Wang
f23d538bc2 macvtap: unbreak receiving of gro skb with frag list
We don't have fraglist support in TAP_FEATURES. This will lead
software segmentation of gro skb with frag list. Fixes by having
frag list support in TAP_FEATURES.

With this patch single session of netperf receiving were restored from
about 5Gb/s to about 12Gb/s on mlx4.

Fixes a567dd6252 ("macvtap: simplify usage of tap_features")
Cc: Vlad Yasevich <vyasevic@redhat.com>
Cc: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-10-23 02:34:39 -07:00
Linus Torvalds
2c44f4f035 Bug fixes for ARM, mostly 4.3 regressions related to virtual
interrupt controller changes.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQEcBAABAgAGBQJWKRFfAAoJEL/70l94x66D/uYH/0nX/eOe6HNfL+vgbW4Eewdy
 NqRArxqYIzWnjtbkpima5xLGbTpF+2pEh3148kz5ho8ptSnE8QbwmZPo9mKYfMDP
 2zWu/x8kcVPs48teFooQjtVbLPHn8l95XxFiakyffa3GfarcsO1DCMdZgRwEm7Q1
 TvyqylHQU06sBHDq50/SzP65KfvxPhA49V65X3Uq95rAZ2oyJBksLKTTeoJVUFxf
 dl9S2yqpJ1zSYpoBGi35BsDIUAtxOnDX30fH5VyS9sDAUjFMaeA2n3FWU05sLkuQ
 DjO6ugqU9UVQLE5Ez71Ymk0UYxtxX6ft8i8+OfOWaxYS6PfQfXxXBrsxgFRY0kA=
 =cowb
 -----END PGP SIGNATURE-----

Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm

Pull KVM bugfixes from Paolo Bonzini:
 "Bug fixes for ARM, mostly 4.3 regressions related to virtual interrupt
  controller changes"

* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
  arm/arm64: KVM: Fix disabled distributor operation
  arm/arm64: KVM: Clear map->active on pend/active clear
  arm/arm64: KVM: Fix arch timer behavior for disabled interrupts
  KVM: arm: use GIC support unconditionally
  KVM: arm/arm64: Fix memory leak if timer initialization fails
  KVM: arm/arm64: Do not inject spurious interrupts
2015-10-23 18:32:29 +09:00
Linus Torvalds
8a990fb47b Running tests on other changes, the system locked up due to lots
of warnings. It was caused by the stack tracer triggering a warning
 about using rcu_dereference() when RCU was not watching. This can happen
 due to the fact that the stack tracer uses the function tracer to check
 each function, and there's functions that may be called and traced
 when RCU stopped watching. Namely when a function is called just before
 going idle or to userspace and after RCU stopped watching that current
 CPU.
 
 The first patch makes sure that RCU is watching when the stack tracer
 uses RCU. The second patch is to make sure that the stack tracer does
 not get called by functions in NMI, as it's not NMI safe.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJWKOJaAAoJEEjnJuOKh9ldQsIH/RljIDrkq/RRr22TQZIFafrY
 q9ZwWrEOiVetdANhN1SUJEnEHHDw/17c77r2bLcBvb1L97sRU+1PF5mATkYy7dUL
 4B9/3kOydMwU9boDe7ObsjUO2YH51eMCUR15dPYvxqb5w3EZQXMucZnT93nHVPZZ
 0OTEzIZmNczfJTnmzdMWggmE9Wgdj0LXLMi+H+OqDfAw2YnyqvvehdipePiyCxVj
 9XPVuv0fbjFbCgzTi50NPD9xXCPgLDxowsh0Hoym0DGdvDPj21EuI4l6DWwOIe+D
 KKm2X1y7b10hnBVnHeMjugaf8W4sztW7WitgujnUucscEVUy0lp72y0m+kNLRhc=
 =L+k7
 -----END PGP SIGNATURE-----

Merge tag 'trace-fixes-v4.3-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace

Pull tracing fixes from Steven Rostedt:
 "Running tests on other changes, the system locked up due to lots of
  warnings.  It was caused by the stack tracer triggering a warning
  about using rcu_dereference() when RCU was not watching.  This can
  happen due to the fact that the stack tracer uses the function tracer
  to check each function, and there are functions that may be called and
  traced when RCU stopped watching.  Namely when a function is called
  just before going idle or to userspace and after RCU stopped watching
  that current CPU.

  The first patch makes sure that RCU is watching when the stack tracer
  uses RCU.  The second patch is to make sure that the stack tracer does
  not get called by functions in NMI, as it's not NMI safe"

* tag 'trace-fixes-v4.3-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
  tracing: Do not allow stack_tracer to record stack in NMI
  tracing: Have stack tracer force RCU to be watching
2015-10-23 18:24:33 +09:00
Linus Torvalds
0122835a02 sound fixes for 4.3-rc7
There is nothing to worry you much, only a few small & stable patches
 are found for usual stuff, HD-audio (a Lenovo laptop quirk, a fix for
 minor error handling) and ASoC (trivial fixes for RT298 and WM
 codecs).  The only remaining major change is the fix for ASoC SX_TLV
 control that was overseen during refactoring, but the fix itself is
 trivial and safe.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQIcBAABAgAGBQJWKd1hAAoJEGwxgFQ9KSmkeAQP/iiF8JXyaCnwh860DK697PYK
 FSrVgxfRHjzhTUR18IugfUJV35TEq7h+MqiWCaeHESxrDAZzR1bH/fRdg0MxKLDg
 28MTn3XGgIzxqHN3OeI9DQ3GQfLv+xeJnGhYjGtyVYNCINQSd02taTxo4ec/cA1N
 Nr8QQQPeBw8RkxLJ8Vmk0Oeo7Ew2vdzecyA07d0//EJqMnyxF/k+4zfoi8K8+DXc
 6h/IBrwDfOPvlXVReIYCGedWHBDRjvipLD/1c3DYJq4X05JKgyLoo6ksJWu229Vw
 tuzo7a6q41z8pWV/BhTyrg5tmcF0BcOhNnnJwW2QpfIlcwsgR6zcRq4j14fSStEk
 zPaN1RH3rTRfDd2kVN2PtEXBPqYCIoSkyRB3jhWuf3OhAUtBEoSAY55qvGPJ/fhq
 HZjO13wurnvaJ1d43DxWai4dWY7lIr8J9TCo1LU/MsvRbNfw99g6dUkfI/UMOPM7
 t1Fa8DkKMiZyW5qLxW64bIh+5Exb8yFiSHbJNt7Qzk+YceivG2MDGNf/MZ7gptec
 59E7FSywhS20bDG4bRw/2ypU3H8PktpE/QNirb3aVIV6Bq+PwlSeZqZskIokop0k
 ievsCi0ENyeEtB59kUK73PfbpLdTQNBY1t1wTTLVruDjEVpjVcfTayGlaudu/Ukp
 Kk8pHHL5JitDFPsD9A4m
 =s57z
 -----END PGP SIGNATURE-----

Merge tag 'sound-4.3-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound

Pull sound fixes from Takashi Iwai:
 "There is nothing to worry you much, only a few small & stable patches
  are found for usual stuff, HD-audio (a Lenovo laptop quirk, a fix for
  minor error handling) and ASoC (trivial fixes for RT298 and WM
  codecs).

  The only remaining major change is the fix for ASoC SX_TLV control
  that was overseen during refactoring, but the fix itself is trivial
  and safe"

* tag 'sound-4.3-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
  ASoC: wm8962: mark cache_dirty flag after software reset in pm_resume
  ASoC: rt298: fix wrong setting of gpio2_en
  ASoC: wm8904: Correct number of EQ registers
  ALSA: hda - Fix deadlock at error in building PCM
  ASoC: Add info callback for SX_TLV controls
  ASoC: rt298: correct index default value
  ALSA: hda - Fix inverted internal mic on Lenovo G50-80
  ALSA: hdac: Explicitly add io.h
2015-10-23 18:21:55 +09:00
Linus Torvalds
45d80f168d media fixes for v4.3-rc7
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJWKSJIAAoJEAhfPr2O5OEVMUsP/1wLcS2n16HJP9wg/9uIBv+p
 sQFzPc1ftgOnsYCVyUu/Npaajp7MnLdJ8uy5bfAkRTo7PY4jzYceygvJ7yn70nDt
 zfMB94RdmgOOHi4zEekP9XxbtbRh0sJ4yUWtojHHs0LgP6Pfl/OHtDHR3Nybv93e
 PcruerQj89sScyaGc1P5Oj7BFD2s/D9S79SKb3JSWWgJlWDKmbahwHUs6GLul6i7
 XdJ0eldrEN+i5DPJW7uUmuwxLL6Utq6npKprFl6eSwjuVevGUymN1PsZIT4M0XVM
 xeqKfX2WAEyuXhv03xxy5djJ0uEMB8lrriB7SicCLHsJduGt+pjpRpWmrNzx7Rhb
 VS1r5e2qZrewnVZhSCJ2TZm9X+bstC2xs7R4DBProxmJSTrGivAwiDg4Z+2NY3V6
 OOIv0wNZkaUJwqGykjeOgxBhkyQc/7XB7YULDWl9FEr2FDa9P3mKUkR2iUwzkfCV
 vUhvzYgoUeqVsc/apx98snKegfN9IxWYvdCdqYoKGBzSliY0cVX1V3LmejZtHmB4
 jgntWmzFCvcu6/OSz0rLT6On2QCY3N9uqWE3OXN+LrxGAMNQq+O+O6RyOLA4Ojsn
 cFaYGT0JR/3eOQBq1mfQzkjW2OCxZKRMSkepJ6iKm/Pwia1omCwnR/fjVKbGMoVh
 buoa565ZtPoXxtxZg5ks
 =RlDF
 -----END PGP SIGNATURE-----

Merge tag 'media/v4.3-4' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media

Pull media fixes from Mauro Carvalho Chehab:
 "Some regression fixes and potential security issues:

   - netup_unidvb: fix potential crash when spi is NULL
   - rtl28xxu: fix control message flaws
   - m88ds3103: fix a regression on Kernel 4.2
   - c8sectpfe: fix some issues on this new driver
   - v4l2-flash-led-class: fix a Kbuild dependency
   - si2157 and si2158: check for array boundary when uploading firmware
     files
   - horus3a and lnbh25: fix some building troubles when some options
     aren't selected
   - ir-hix5hd2: drop the use of IRQF_NO_SUSPEND"

* tag 'media/v4.3-4' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media:
  [media] m88ds3103: use own reg update_bits() implementation
  [media] rtl28xxu: fix control message flaws
  [media] v4l2-flash-led-class: Add missing VIDEO_V4L2 Kconfig dependency
  [media] netup_unidvb: fix potential crash when spi is NULL
  [media] si2168: Bounds check firmware
  [media] si2157: Bounds check firmware
  [media] ir-hix5hd2: drop the use of IRQF_NO_SUSPEND
  [media] c8sectpfe: fix return of garbage
  [media] c8sectpfe: fix ininitialized error return on firmware load failure
  [media] lnbh25: Fix lnbh25_attach() function return type
  [media] horus3a: Fix horus3a_attach() function parameters
2015-10-23 18:15:20 +09:00
Linus Torvalds
a67b20d24c Merge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linux
Pull drm fixes from Dave Airlie:
 "I've been a bit slow gathering these:

   - drm/mst: one mutex leak in a fail path

   - radeon: two oops fixes, one dpm fix

   - i915: one messy set of fixes, where we revert the original fix, and
           pull back the proper set of fixes from -next on top.

   - nouveau: one fix for an illegal buffer placement.

  Doesn't look too bad, hopefully shouldn't be too much more"

* 'drm-fixes' of git://people.freedesktop.org/~airlied/linux:
  drm/nouveau/gem: return only valid domain when there's only one
  drm: fix mutex leak in drm_dp_get_mst_branch_device
  drm/amdgpu: add missing dpm check for KV dpm late init
  drm/amdgpu/dpm: don't add pwm attributes if DPM is disabled
  drm/radeon/dpm: don't add pwm attributes if DPM is disabled
  drm/i915: Add primary plane to mask if it's visible
  drm/i915: Move sprite/cursor plane disable to intel_sanitize_crtc()
  drm/i915: Assign hwmode after encoder state readout
  Revert "drm/i915: Add primary plane to mask if it's visible"
  drm/i915: Deny wrapping an userptr into a framebuffer
  drm/i915: Enable DPLL VGA mode before P1/P2 divider write
  drm/i915: Restore lost DPLL register write on gen2-4
  drm/i915: Flush pipecontrol post-sync writes
  drm/i915: Fix kerneldoc for i915_gem_shrink_all
2015-10-23 18:08:22 +09:00
Joseph Qi
b67de018b3 ocfs2/dlm: unlock lockres spinlock before dlm_lockres_put
dlm_lockres_put will call dlm_lockres_release if it is the last
reference, and then it may call dlm_print_one_lock_resource and
take lockres spinlock.

So unlock lockres spinlock before dlm_lockres_put to avoid deadlock.

Signed-off-by: Joseph Qi <joseph.qi@huawei.com>
Cc: Mark Fasheh <mfasheh@suse.de>
Cc: Joel Becker <jlbec@evilplan.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2015-10-23 17:55:10 +09:00
Florian Westphal
bb38700269 fault-inject: fix inverted interval/probability values in printk
interval displays the probability and vice versa.

Fixes: 6adc4a22f2 ("fault-inject: add ratelimit option")
Acked-by: Akinobu Mita <akinobu.mita@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2015-10-23 17:55:10 +09:00
Andrey Ryabinin
3f181b4d86 lib/Kconfig.debug: disable -Wframe-larger-than warnings with KASAN=y
When the kernel compiled with KASAN=y, GCC adds redzones for each
variable on stack.  This enlarges function's stack frame and causes:

	'warning: the frame size of X bytes is larger than Y bytes'

The worst case I've seen for now is following:

   ../net/wireless/nl80211.c: In function `nl80211_send_wiphy':
   ../net/wireless/nl80211.c:1731:1: warning: the frame size of 5448 bytes is larger than 2048 bytes [-Wframe-larger-than=]

That kind of warning becomes useless with KASAN=y.  It doesn't
necessarily indicate that there is some problem in the code, thus we
should turn it off.

(The KASAN=y stack size in increased from 16k to 32k for this reason)

Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
Reported-by: Fengguang Wu <fengguang.wu@intel.com>
Acked-by: Abylay Ospan <aospan@netup.ru>
Cc: Andi Kleen <andi@firstfloor.org>
Cc: Ingo Molnar <mingo@kernel.org>
Cc: Mauro Carvalho Chehab <m.chehab@samsung.com>
Cc: Kozlov Sergey <serjk@netup.ru>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2015-10-23 17:55:10 +09:00
Jan Kara
296291cdd1 mm: make sendfile(2) killable
Currently a simple program below issues a sendfile(2) system call which
takes about 62 days to complete in my test KVM instance.

        int fd;
        off_t off = 0;

        fd = open("file", O_RDWR | O_TRUNC | O_SYNC | O_CREAT, 0644);
        ftruncate(fd, 2);
        lseek(fd, 0, SEEK_END);
        sendfile(fd, fd, &off, 0xfffffff);

Now you should not ask kernel to do a stupid stuff like copying 256MB in
2-byte chunks and call fsync(2) after each chunk but if you do, sysadmin
should have a way to stop you.

We actually do have a check for fatal_signal_pending() in
generic_perform_write() which triggers in this path however because we
always succeed in writing something before the check is done, we return
value > 0 from generic_perform_write() and thus the information about
signal gets lost.

Fix the problem by doing the signal check before writing anything.  That
way generic_perform_write() returns -EINTR, the error gets propagated up
and the sendfile loop terminates early.

Signed-off-by: Jan Kara <jack@suse.com>
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Cc: Al Viro <viro@ZenIV.linux.org.uk>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2015-10-23 17:55:10 +09:00
Minchan Kim
47aee4d8e3 thp: use is_zero_pfn() only after pte_present() check
Use is_zero_pfn() on pteval only after pte_present() check on pteval
(It might be better idea to introduce is_zero_pte() which checks
pte_present() first).

Otherwise when working on a swap or migration entry and if pte_pfn's
result is equal to zero_pfn by chance, we lose user's data in
__collapse_huge_page_copy().  So if you're unlucky, the application
segfaults and finally you could see below message on exit:

BUG: Bad rss-counter state mm:ffff88007f099300 idx:2 val:3

Fixes: ca0984caa8 ("mm: incorporate zero pages into transparent huge pages")
Signed-off-by: Minchan Kim <minchan@kernel.org>
Reviewed-by: Andrea Arcangeli <aarcange@redhat.com>
Acked-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Cc: Mel Gorman <mgorman@suse.de>
Acked-by: Vlastimil Babka <vbabka@suse.cz>
Cc: Hugh Dickins <hughd@google.com>
Cc: Rik van Riel <riel@redhat.com>
Cc: <stable@vger.kernel.org>	[4.1+]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2015-10-23 17:55:10 +09:00