OSDN Git Service
Linux Build Service Account [Fri, 12 Apr 2019 05:13:29 +0000 (22:13 -0700)]
Merge "usb: XHCI: Implement xhci_handshake_check_state() API"
Linux Build Service Account [Wed, 10 Apr 2019 22:10:07 +0000 (15:10 -0700)]
Merge "Merge android-4.4.178 (
7af10f2) into msm-4.4"
Linux Build Service Account [Wed, 10 Apr 2019 12:07:47 +0000 (05:07 -0700)]
Merge "diag: Update new msg, log and event logging codes"
Manoj Prabhu B [Fri, 1 Feb 2019 07:16:51 +0000 (12:46 +0530)]
diag: Update new msg, log and event logging codes
New requirement of logging enablement for new msg SSIDs,
logs and events mask codes are added.
Change-Id: I00522d93dad690fd31ce1058dcdb71364edbe738
Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org>
Rajasekaran Kalidoss [Thu, 28 Mar 2019 08:35:28 +0000 (14:05 +0530)]
cnss2: Support USB SSR and disconnect scenarios
For USB devices, irrecoverable scenarios in firmware
can lead to USB bus disconnect. In USB disconnect, the
interface and dev structures passed by USB sub system
are freed and are no longer valid. The current
implementation is PCIe specific and assumes dev struct
being present and valid always. The clean way to handle
this for HL(USB/SDIO) is to call pld_usb_remove in
disconnect and pld_usb_probe in re-connect after a recovery
Change-Id: I3fc9a5a2fc7bb53439b0410e61f381aa94e18634
Signed-off-by: Rajasekaran Kalidoss <rkalidos@codeaurora.org>
Guisen Yang [Mon, 3 Dec 2018 23:29:44 +0000 (15:29 -0800)]
cnss2: Export a platform API to force collect ramdump
Add an API to force collect ramdump in platform driver. This API will be
called from WLAN driver to collect ramdump before calling kernel panic.
CRs-Fixed:
2351811
Change-Id: Ic88769beec4f7f8303fc2c0803012789e02c9f4f
Signed-off-by: Guisen Yang <guiseny@codeaurora.org>
Linux Build Service Account [Fri, 5 Apr 2019 08:16:53 +0000 (01:16 -0700)]
Merge "dsp: q6usm: Release spinlock before return if invalid payload size"
Srinivasarao P [Fri, 5 Apr 2019 04:25:05 +0000 (09:55 +0530)]
Merge android-4.4.178 (
7af10f2) into msm-4.4
* refs/heads/tmp-
7af10f2
Linux 4.4.178
stm class: Hide STM-specific options if STM is disabled
coresight: removing bind/unbind options from sysfs
arm64: support keyctl() system call in 32-bit mode
Revert "USB: core: only clean up what we allocated"
xhci: Fix port resume done detection for SS ports with LPM enabled
KVM: Reject device ioctls from processes other than the VM's creator
x86/smp: Enforce CONFIG_HOTPLUG_CPU when SMP=y
perf intel-pt: Fix TSC slip
gpio: adnp: Fix testing wrong value in adnp_gpio_direction_input
fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links
Disable kgdboc failed by echo space to /sys/module/kgdboc/parameters/kgdboc
USB: serial: option: add Olicard 600
USB: serial: option: set driver_info for SIM5218 and compatibles
USB: serial: mos7720: fix mos_parport refcount imbalance on error path
USB: serial: ftdi_sio: add additional NovaTech products
USB: serial: cp210x: add new device id
serial: sh-sci: Fix setting SCSCR_TIE while transferring data
serial: max310x: Fix to avoid potential NULL pointer dereference
staging: vt6655: Fix interrupt race condition on device start up.
staging: vt6655: Remove vif check from vnt_interrupt
tty: atmel_serial: fix a potential NULL pointer dereference
scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP devices
scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host
scsi: sd: Fix a race between closing an sd device and sd I/O
ALSA: pcm: Don't suspend stream in unrecoverable PCM state
ALSA: pcm: Fix possible OOB access in PCM oss plugins
ALSA: seq: oss: Fix Spectre v1 vulnerability
ALSA: rawmidi: Fix potential Spectre v1 vulnerability
ALSA: compress: add support for 32bit calls in a 64bit kernel
ARM: imx6q: cpuidle: fix bug that CPU might not wake up at expected time
btrfs: raid56: properly unmap parity page in finish_parity_scrub()
btrfs: remove WARN_ON in log_dir_items
mac8390: Fix mmio access size probe
sctp: get sctphdr by offset in sctp_compute_cksum
vxlan: Don't call gro_cells_destroy() before device is unregistered
tcp: do not use ipv6 header for ipv4 flow
packets: Always register packet sk in the same order
Add hlist_add_tail_rcu() (Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net)
net: rose: fix a possible stack overflow
net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec
mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S
dccp: do not use ipv6 header for ipv4 flow
stmmac: copy unicast mac address to MAC registers
cfg80211: size various nl80211 messages correctly
mmc: mmc: fix switch timeout issue caused by jiffies precision
arm64: kconfig: drop CONFIG_RTC_LIB dependency
video: fbdev: Set pixclock = 0 in goldfishfb
cpu/hotplug: Handle unbalanced hotplug enable/disable
usb: gadget: rndis: free response queue during REMOTE_NDIS_RESET_MSG
usb: gadget: configfs: add mutex lock before unregister gadget
ipv6: fix endianness error in icmpv6_err
stm class: Fix stm device initialization order
stm class: Do not leak the chrdev in error path
PM / Hibernate: Call flush_icache_range() on pages restored in-place
arm64: kernel: Include _AC definition in page.h
perf/ring_buffer: Refuse to begin AUX transaction after rb->aux_mmap_count drops
mac80211: fix "warning: ‘target_metric’ may be used uninitialized"
arm64/kernel: fix incorrect EL0 check in inv_entry macro
ARM: 8510/1: rework ARM_CPU_SUSPEND dependencies
staging: goldfish: audio: fix compiliation on arm
staging: ion: Set minimum carveout heap allocation order to PAGE_SHIFT
staging: ashmem: Add missing include
staging: ashmem: Avoid deadlock with mmap/shrink
asm-generic: Fix local variable shadow in __set_fixmap_offset
coresight: etm4x: Check every parameter used by dma_xx_coherent.
coresight: "DEVICE_ATTR_RO" should defined as static.
stm class: Fix a race in unlinking
stm class: Fix unbalanced module/device refcounting
stm class: Guard output assignment against concurrency
stm class: Fix unlocking braino in the error path
stm class: Support devices with multiple instances
stm class: Prevent user-controllable allocations
stm class: Fix link list locking
stm class: Fix locking in unbinding policy path
coresight: remove csdev's link from topology
coresight: release reference taken by 'bus_find_device()'
coresight: coresight_unregister() function cleanup
coresight: fixing lockdep error
writeback: initialize inode members that track writeback history
Revert "mmc: block: don't use parameter prefix if built as module"
net: diag: support v4mapped sockets in inet_diag_find_one_icsk()
perf: Synchronously free aux pages in case of allocation failure
arm64: hide __efistub_ aliases from kallsyms
hid-sensor-hub.c: fix wrong do_div() usage
vmstat: make vmstat_updater deferrable again and shut down on idle
android: unconditionally remove callbacks in sync_fence_free()
ARM: 8494/1: mm: Enable PXN when running non-LPAE kernel on LPAE processor
ARM: 8458/1: bL_switcher: add GIC dependency
efi: stub: define DISABLE_BRANCH_PROFILING for all architectures
arm64: fix COMPAT_SHMLBA definition for large pages
mmc: block: Allow more than 8 partitions per card
sched/fair: Fix new task's load avg removed from source CPU in wake_up_new_task()
Bluetooth: Verify that l2cap_get_conf_opt provides large enough buffer
Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt
ath10k: avoid possible string overflow
rtc: Fix overflow when converting time64_t to rtc_time
USB: core: only clean up what we allocated
lib/int_sqrt: optimize small argument
serial: sprd: clear timeout interrupt only rather than all interrupts
usb: renesas_usbhs: gadget: fix unused-but-set-variable warning
arm64: traps: disable irq in die()
Hang/soft lockup in d_invalidate with simultaneous calls
serial: sprd: adjust TIMEOUT to a big value
tcp/dccp: drop SYN packets if accept queue is full
usb: gadget: Add the gserial port checking in gs_start_tx()
usb: gadget: composite: fix dereference after null check coverify warning
kbuild: setlocalversion: print error to STDERR
extcon: usb-gpio: Don't miss event during suspend/resume
mm/rmap: replace BUG_ON(anon_vma->degree) with VM_WARN_ON
mmc: core: fix using wrong io voltage if mmc_select_hs200 fails
arm64: mm: Add trace_irqflags annotations to do_debug_exception()
usb: dwc3: gadget: Fix suspend/resume during device mode
mmc: core: shut up "voltage-ranges unspecified" pr_info()
mmc: sanitize 'bus width' in debug output
mmc: make MAN_BKOPS_EN message a debug
mmc: debugfs: Add a restriction to mmc debugfs clock setting
mmc: pwrseq_simple: Make reset-gpios optional to match doc
ALSA: hda - Enforces runtime_resume after S3 and S4 for each codec
ALSA: hda - Record the current power state before suspend/resume calls
locking/lockdep: Add debug_locks check in __lock_downgrade()
media: v4l2-ctrls.c/uvc: zero v4l2_event
mmc: tmio_mmc_core: don't claim spurious interrupts
ext4: brelse all indirect buffer in ext4_ind_remove_space()
ext4: fix data corruption caused by unaligned direct AIO
ext4: fix NULL pointer dereference while journal is aborted
futex: Ensure that futex address is aligned in handle_futex_death()
MIPS: Fix kernel crash for R6 in jump label branch function
mips: loongson64: lemote-2f: Add IRQF_NO_SUSPEND to "cascade" irqaction.
udf: Fix crash on IO error during truncate
drm/vmwgfx: Don't double-free the mode stored in par->set_mode
mmc: pxamci: fix enum type confusion
ANDROID: drop CONFIG_INPUT_KEYCHORD from cuttlefish and ranchu
UPSTREAM: virt_wifi: Remove REGULATORY_WIPHY_SELF_MANAGED
UPSTREAM: net: socket: set sock->sk to NULL after calling proto_ops::release()
f2fs: set pin_file under CAP_SYS_ADMIN
f2fs: fix to avoid deadlock in f2fs_read_inline_dir()
f2fs: fix to adapt small inline xattr space in __find_inline_xattr()
f2fs: fix to do sanity check with inode.i_inline_xattr_size
f2fs: give some messages for inline_xattr_size
f2fs: don't trigger read IO for beyond EOF page
f2fs: fix to add refcount once page is tagged PG_private
f2fs: remove wrong comment in f2fs_invalidate_page()
f2fs: fix to use kvfree instead of kzfree
f2fs: print more parameters in trace_f2fs_map_blocks
f2fs: trace f2fs_ioc_shutdown
f2fs: fix to avoid deadlock of atomic file operations
f2fs: fix to dirty inode for i_mode recovery
f2fs: give random value to i_generation
f2fs: no need to take page lock in readdir
f2fs: fix to update iostat correctly in IPU path
f2fs: fix encrypted page memory leak
f2fs: make fault injection covering __submit_flush_wait()
f2fs: fix to retry fill_super only if recovery failed
f2fs: silence VM_WARN_ON_ONCE in mempool_alloc
f2fs: correct spelling mistake
f2fs: fix wrong #endif
f2fs: don't clear CP_QUOTA_NEED_FSCK_FLAG
f2fs: don't allow negative ->write_io_size_bits
f2fs: fix to check inline_xattr_size boundary correctly
Revert "f2fs: fix to avoid deadlock of atomic file operations"
Revert "f2fs: fix to check inline_xattr_size boundary correctly"
f2fs: do not use mutex lock in atomic context
f2fs: fix potential data inconsistence of checkpoint
f2fs: fix to avoid deadlock of atomic file operations
f2fs: fix to check inline_xattr_size boundary correctly
f2fs: jump to label 'free_node_inode' when failing from d_make_root()
f2fs: fix to document inline_xattr_size option
f2fs: fix to data block override node segment by mistake
f2fs: fix typos in code comments
f2fs: sync filesystem after roll-forward recovery
fs: export evict_inodes
f2fs: flush quota blocks after turnning it off
f2fs: avoid null pointer exception in dcc_info
f2fs: don't wake up too frequently, if there is lots of IOs
f2fs: try to keep CP_TRIMMED_FLAG after successful umount
f2fs: add quick mode of checkpoint=disable for QA
f2fs: run discard jobs when put_super
f2fs: fix to set sbi dirty correctly
f2fs: UBSAN: set boolean value iostat_enable correctly
f2fs: add brackets for macros
f2fs: check if file namelen exceeds max value
f2fs: fix to trigger fsck if dirent.name_len is zero
f2fs: no need to check return value of debugfs_create functions
f2fs: export FS_NOCOW_FL flag to user
f2fs: check inject_rate validity during configuring
f2fs: remove set but not used variable 'err'
f2fs: fix compile warnings: 'struct *' declared inside parameter list
f2fs: change error code to -ENOMEM from -EINVAL
Conflicts:
arch/arm/Kconfig
arch/arm64/kernel/traps.c
drivers/hwtracing/coresight/coresight-etm4x.c
drivers/hwtracing/coresight/coresight-tmc.c
drivers/hwtracing/stm/Kconfig
drivers/hwtracing/stm/core.c
drivers/mmc/core/mmc.c
drivers/usb/gadget/function/u_serial.c
kernel/events/ring_buffer.c
net/wireless/nl80211.c
sound/core/compress_offload.c
Change-Id: I33783dbd0a25d678d6c61204f9e67690e57bed8f
Signed-off-by: Srinivasarao P <spathi@codeaurora.org>
E V Ravi [Mon, 1 Apr 2019 10:42:56 +0000 (16:12 +0530)]
msm: v4l2loopback: to resolve issues for kernel defconfigs
Enabling kernel defconfigs for v4l2loopback gives compilation
issues, resolving them by these changes.
Change-Id: Ie84b38fd0c5ad8c9ebb2c466d74418cae9985d9d
Signed-off-by: E V Ravi <evenka@codeaurora.org>
E V Ravi [Thu, 28 Mar 2019 07:10:04 +0000 (12:40 +0530)]
msm: v4l2loopback: to enable 4l2loopback in kernel defconfigs
Enabling v4l2loopback modules in kernel defconfigs
to create virtual video devices.
Change-Id: I96432310f24874effa5080620340325f97719d3a
Signed-off-by: E V Ravi <evenka@codeaurora.org>
Linux Build Service Account [Wed, 3 Apr 2019 12:15:04 +0000 (05:15 -0700)]
Merge "fbdev: msm: remove check for rgb source format"
Linux Build Service Account [Wed, 3 Apr 2019 12:15:02 +0000 (05:15 -0700)]
Merge "drm/msm: adjust HDMI DDC speed configuration"
Linux Build Service Account [Wed, 3 Apr 2019 12:15:00 +0000 (05:15 -0700)]
Merge "drm/msm/sde: add post_disable stage for phys encoder"
Greg Kroah-Hartman [Wed, 3 Apr 2019 08:24:12 +0000 (10:24 +0200)]
Merge 4.4.178 into android-4.4
Changes in 4.4.178
mmc: pxamci: fix enum type confusion
drm/vmwgfx: Don't double-free the mode stored in par->set_mode
udf: Fix crash on IO error during truncate
mips: loongson64: lemote-2f: Add IRQF_NO_SUSPEND to "cascade" irqaction.
MIPS: Fix kernel crash for R6 in jump label branch function
futex: Ensure that futex address is aligned in handle_futex_death()
ext4: fix NULL pointer dereference while journal is aborted
ext4: fix data corruption caused by unaligned direct AIO
ext4: brelse all indirect buffer in ext4_ind_remove_space()
mmc: tmio_mmc_core: don't claim spurious interrupts
media: v4l2-ctrls.c/uvc: zero v4l2_event
locking/lockdep: Add debug_locks check in __lock_downgrade()
ALSA: hda - Record the current power state before suspend/resume calls
ALSA: hda - Enforces runtime_resume after S3 and S4 for each codec
mmc: pwrseq_simple: Make reset-gpios optional to match doc
mmc: debugfs: Add a restriction to mmc debugfs clock setting
mmc: make MAN_BKOPS_EN message a debug
mmc: sanitize 'bus width' in debug output
mmc: core: shut up "voltage-ranges unspecified" pr_info()
usb: dwc3: gadget: Fix suspend/resume during device mode
arm64: mm: Add trace_irqflags annotations to do_debug_exception()
mmc: core: fix using wrong io voltage if mmc_select_hs200 fails
mm/rmap: replace BUG_ON(anon_vma->degree) with VM_WARN_ON
extcon: usb-gpio: Don't miss event during suspend/resume
kbuild: setlocalversion: print error to STDERR
usb: gadget: composite: fix dereference after null check coverify warning
usb: gadget: Add the gserial port checking in gs_start_tx()
tcp/dccp: drop SYN packets if accept queue is full
serial: sprd: adjust TIMEOUT to a big value
Hang/soft lockup in d_invalidate with simultaneous calls
arm64: traps: disable irq in die()
usb: renesas_usbhs: gadget: fix unused-but-set-variable warning
serial: sprd: clear timeout interrupt only rather than all interrupts
lib/int_sqrt: optimize small argument
USB: core: only clean up what we allocated
rtc: Fix overflow when converting time64_t to rtc_time
ath10k: avoid possible string overflow
Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt
Bluetooth: Verify that l2cap_get_conf_opt provides large enough buffer
sched/fair: Fix new task's load avg removed from source CPU in wake_up_new_task()
mmc: block: Allow more than 8 partitions per card
arm64: fix COMPAT_SHMLBA definition for large pages
efi: stub: define DISABLE_BRANCH_PROFILING for all architectures
ARM: 8458/1: bL_switcher: add GIC dependency
ARM: 8494/1: mm: Enable PXN when running non-LPAE kernel on LPAE processor
android: unconditionally remove callbacks in sync_fence_free()
vmstat: make vmstat_updater deferrable again and shut down on idle
hid-sensor-hub.c: fix wrong do_div() usage
arm64: hide __efistub_ aliases from kallsyms
perf: Synchronously free aux pages in case of allocation failure
net: diag: support v4mapped sockets in inet_diag_find_one_icsk()
Revert "mmc: block: don't use parameter prefix if built as module"
writeback: initialize inode members that track writeback history
coresight: fixing lockdep error
coresight: coresight_unregister() function cleanup
coresight: release reference taken by 'bus_find_device()'
coresight: remove csdev's link from topology
stm class: Fix locking in unbinding policy path
stm class: Fix link list locking
stm class: Prevent user-controllable allocations
stm class: Support devices with multiple instances
stm class: Fix unlocking braino in the error path
stm class: Guard output assignment against concurrency
stm class: Fix unbalanced module/device refcounting
stm class: Fix a race in unlinking
coresight: "DEVICE_ATTR_RO" should defined as static.
coresight: etm4x: Check every parameter used by dma_xx_coherent.
asm-generic: Fix local variable shadow in __set_fixmap_offset
staging: ashmem: Avoid deadlock with mmap/shrink
staging: ashmem: Add missing include
staging: ion: Set minimum carveout heap allocation order to PAGE_SHIFT
staging: goldfish: audio: fix compiliation on arm
ARM: 8510/1: rework ARM_CPU_SUSPEND dependencies
arm64/kernel: fix incorrect EL0 check in inv_entry macro
mac80211: fix "warning: ‘target_metric’ may be used uninitialized"
perf/ring_buffer: Refuse to begin AUX transaction after rb->aux_mmap_count drops
arm64: kernel: Include _AC definition in page.h
PM / Hibernate: Call flush_icache_range() on pages restored in-place
stm class: Do not leak the chrdev in error path
stm class: Fix stm device initialization order
ipv6: fix endianness error in icmpv6_err
usb: gadget: configfs: add mutex lock before unregister gadget
usb: gadget: rndis: free response queue during REMOTE_NDIS_RESET_MSG
cpu/hotplug: Handle unbalanced hotplug enable/disable
video: fbdev: Set pixclock = 0 in goldfishfb
arm64: kconfig: drop CONFIG_RTC_LIB dependency
mmc: mmc: fix switch timeout issue caused by jiffies precision
cfg80211: size various nl80211 messages correctly
stmmac: copy unicast mac address to MAC registers
dccp: do not use ipv6 header for ipv4 flow
mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S
net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec
net: rose: fix a possible stack overflow
Add hlist_add_tail_rcu() (Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net)
packets: Always register packet sk in the same order
tcp: do not use ipv6 header for ipv4 flow
vxlan: Don't call gro_cells_destroy() before device is unregistered
sctp: get sctphdr by offset in sctp_compute_cksum
mac8390: Fix mmio access size probe
btrfs: remove WARN_ON in log_dir_items
btrfs: raid56: properly unmap parity page in finish_parity_scrub()
ARM: imx6q: cpuidle: fix bug that CPU might not wake up at expected time
ALSA: compress: add support for 32bit calls in a 64bit kernel
ALSA: rawmidi: Fix potential Spectre v1 vulnerability
ALSA: seq: oss: Fix Spectre v1 vulnerability
ALSA: pcm: Fix possible OOB access in PCM oss plugins
ALSA: pcm: Don't suspend stream in unrecoverable PCM state
scsi: sd: Fix a race between closing an sd device and sd I/O
scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host
scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP devices
tty: atmel_serial: fix a potential NULL pointer dereference
staging: vt6655: Remove vif check from vnt_interrupt
staging: vt6655: Fix interrupt race condition on device start up.
serial: max310x: Fix to avoid potential NULL pointer dereference
serial: sh-sci: Fix setting SCSCR_TIE while transferring data
USB: serial: cp210x: add new device id
USB: serial: ftdi_sio: add additional NovaTech products
USB: serial: mos7720: fix mos_parport refcount imbalance on error path
USB: serial: option: set driver_info for SIM5218 and compatibles
USB: serial: option: add Olicard 600
Disable kgdboc failed by echo space to /sys/module/kgdboc/parameters/kgdboc
fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links
gpio: adnp: Fix testing wrong value in adnp_gpio_direction_input
perf intel-pt: Fix TSC slip
x86/smp: Enforce CONFIG_HOTPLUG_CPU when SMP=y
KVM: Reject device ioctls from processes other than the VM's creator
xhci: Fix port resume done detection for SS ports with LPM enabled
Revert "USB: core: only clean up what we allocated"
arm64: support keyctl() system call in 32-bit mode
coresight: removing bind/unbind options from sysfs
stm class: Hide STM-specific options if STM is disabled
Linux 4.4.178
Change-Id: Ia7fc9419e85c78352eef494a0c914dec7650062f
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Greg Kroah-Hartman [Wed, 3 Apr 2019 04:23:29 +0000 (06:23 +0200)]
Linux 4.4.178
Geert Uytterhoeven [Tue, 22 Dec 2015 15:25:15 +0000 (17:25 +0200)]
stm class: Hide STM-specific options if STM is disabled
[ Upstream commit
4a2e2b19f96acfc037a9773c7729d133ce1e7e3b ]
If STM=n, it doesn't make sense to ask about STM_DUMMY and
STM_SOURCE_CONSOLE support, which are not even built when enabled
anyway. Hence hide these options if STM=n.
Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Mathieu Poirier [Tue, 2 Feb 2016 21:14:00 +0000 (14:14 -0700)]
coresight: removing bind/unbind options from sysfs
[ Upstream commit
b15f0fb657e040401d875d11ae13b269af8a16e0 ]
The coresight drivers have absolutely no control over bind and unbind
operations triggered from sysfs. The operations simply can't be
cancelled or denied event when one or several tracing sessions are
under way. Since the memory associated to individual device is
invariably freed, the end result is a kernel crash when the path from
source to sink is travelled again as demonstrated here[1].
One solution could be to keep track of all the path (i.e tracing
session) that get created and iterate through the elements of those path
looking for the coresight device that is being removed. This proposition
doesn't scale well since there is no upper bound on the amount of
concurrent trace session that can be created.
With the above in mind, this patch prevent devices from being unbounded
from their driver by using the driver->suppress_bind_attr option. That way
trace sessions can be managed without fearing to loose devices.
Since device can't be removed anymore the xyz_remove() functions found in
each driver is also removed.
[1]. http://www.spinics.net/lists/arm-kernel/msg474952.html
Reported-by: Rabin Vincent <rabin@rab.in>
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Eric Biggers [Thu, 9 Mar 2017 00:27:04 +0000 (16:27 -0800)]
arm64: support keyctl() system call in 32-bit mode
[ Upstream commit
5c2a625937ba49bc691089370638223d310cda9a ]
As is the case for a number of other architectures that have a 32-bit
compat mode, enable KEYS_COMPAT if both COMPAT and KEYS are enabled.
This allows AArch32 programs to use the keyctl() system call when
running on an AArch64 kernel.
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Greg Kroah-Hartman [Wed, 13 Dec 2017 10:59:39 +0000 (11:59 +0100)]
Revert "USB: core: only clean up what we allocated"
commit
cf4df407e0d7cde60a45369c2a3414d18e2d4fdd upstream.
This reverts commit
32fd87b3bbf5f7a045546401dfe2894dbbf4d8c3.
Alan wrote a better fix for this...
Cc: Andrey Konovalov <andreyknvl@google.com>
Cc: stable <stable@vger.kernel.org>
Cc: Nathan Chancellor <natechancellor@gmail.com>
Cc: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Mathias Nyman [Fri, 22 Mar 2019 15:50:15 +0000 (17:50 +0200)]
xhci: Fix port resume done detection for SS ports with LPM enabled
commit
6cbcf596934c8e16d6288c7cc62dfb7ad8eadf15 upstream.
A suspended SS port in U3 link state will go to U0 when resumed, but
can almost immediately after that enter U1 or U2 link power save
states before host controller driver reads the port status.
Host controller driver only checks for U0 state, and might miss
the finished resume, leaving flags unclear and skip notifying usb
code of the wake.
Add U1 and U2 to the possible link states when checking for finished
port resume.
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Sean Christopherson [Fri, 15 Feb 2019 20:48:39 +0000 (12:48 -0800)]
KVM: Reject device ioctls from processes other than the VM's creator
commit
ddba91801aeb5c160b660caed1800eb3aef403f8 upstream.
KVM's API requires thats ioctls must be issued from the same process
that created the VM. In other words, userspace can play games with a
VM's file descriptors, e.g. fork(), SCM_RIGHTS, etc..., but only the
creator can do anything useful. Explicitly reject device ioctls that
are issued by a process other than the VM's creator, and update KVM's
API documentation to extend its requirements to device ioctls.
Fixes:
852b6d57dc7f ("kvm: add device control API")
Cc: <stable@vger.kernel.org>
Signed-off-by: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Thomas Gleixner [Tue, 26 Mar 2019 16:36:06 +0000 (17:36 +0100)]
x86/smp: Enforce CONFIG_HOTPLUG_CPU when SMP=y
commit
bebd024e4815b1a170fcd21ead9c2222b23ce9e6 upstream.
The SMT disable 'nosmt' command line argument is not working properly when
CONFIG_HOTPLUG_CPU is disabled. The teardown of the sibling CPUs which are
required to be brought up due to the MCE issues, cannot work. The CPUs are
then kept in a half dead state.
As the 'nosmt' functionality has become popular due to the speculative
hardware vulnerabilities, the half torn down state is not a proper solution
to the problem.
Enforce CONFIG_HOTPLUG_CPU=y when SMP is enabled so the full operation is
possible.
Reported-by: Tianyu Lan <Tianyu.Lan@microsoft.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Konrad Wilk <konrad.wilk@oracle.com>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Cc: Mukesh Ojha <mojha@codeaurora.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Jiri Kosina <jkosina@suse.cz>
Cc: Rik van Riel <riel@surriel.com>
Cc: Andy Lutomirski <luto@kernel.org>
Cc: Micheal Kelley <michael.h.kelley@microsoft.com>
Cc: "K. Y. Srinivasan" <kys@microsoft.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Borislav Petkov <bp@alien8.de>
Cc: K. Y. Srinivasan <kys@microsoft.com>
Cc: stable@vger.kernel.org
Link: https://lkml.kernel.org/r/20190326163811.598166056@linutronix.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Adrian Hunter [Mon, 25 Mar 2019 13:51:35 +0000 (15:51 +0200)]
perf intel-pt: Fix TSC slip
commit
f3b4e06b3bda759afd042d3d5fa86bea8f1fe278 upstream.
A TSC packet can slip past MTC packets so that the timestamp appears to
go backwards. One estimate is that can be up to about 40 CPU cycles,
which is certainly less than 0x1000 TSC ticks, but accept slippage an
order of magnitude more to be on the safe side.
Signed-off-by: Adrian Hunter <adrian.hunter@intel.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: stable@vger.kernel.org
Fixes:
79b58424b821c ("perf tools: Add Intel PT support for decoding MTC packets")
Link: http://lkml.kernel.org/r/20190325135135.18348-1-adrian.hunter@intel.com
Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Axel Lin [Mon, 11 Mar 2019 13:29:37 +0000 (21:29 +0800)]
gpio: adnp: Fix testing wrong value in adnp_gpio_direction_input
commit
c5bc6e526d3f217ed2cc3681d256dc4a2af4cc2b upstream.
Current code test wrong value so it does not verify if the written
data is correctly read back. Fix it.
Also make it return -EPERM if read value does not match written bit,
just like it done for adnp_gpio_direction_output().
Fixes:
5e969a401a01 ("gpio: Add Avionic Design N-bit GPIO expander support")
Cc: <stable@vger.kernel.org>
Signed-off-by: Axel Lin <axel.lin@ingics.com>
Reviewed-by: Thierry Reding <thierry.reding@gmail.com>
Signed-off-by: Bartosz Golaszewski <bgolaszewski@baylibre.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
YueHaibing [Fri, 29 Mar 2019 03:44:40 +0000 (20:44 -0700)]
fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links
commit
23da9588037ecdd4901db76a5b79a42b529c4ec3 upstream.
Syzkaller reports:
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] SMP KASAN PTI
CPU: 1 PID: 5373 Comm: syz-executor.0 Not tainted 5.0.0-rc8+ #3
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014
RIP: 0010:put_links+0x101/0x440 fs/proc/proc_sysctl.c:1599
Code: 00 0f 85 3a 03 00 00 48 8b 43 38 48 89 44 24 20 48 83 c0 38 48 89 c2 48 89 44 24 28 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 fe 02 00 00 48 8b 74 24 20 48 c7 c7 60 2a 9d 91
RSP: 0018:
ffff8881d828f238 EFLAGS:
00010202
RAX:
dffffc0000000000 RBX:
ffff8881e01b1140 RCX:
ffffffff8ee98267
RDX:
0000000000000007 RSI:
ffffc90001479000 RDI:
ffff8881e01b1178
RBP:
dffffc0000000000 R08:
ffffed103ee27259 R09:
ffffed103ee27259
R10:
0000000000000001 R11:
ffffed103ee27258 R12:
fffffffffffffff4
R13:
0000000000000006 R14:
ffff8881f59838c0 R15:
dffffc0000000000
FS:
00007f072254f700(0000) GS:
ffff8881f7100000(0000) knlGS:
0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0:
0000000080050033
CR2:
00007fff8b286668 CR3:
00000001f0542002 CR4:
00000000007606e0
DR0:
0000000000000000 DR1:
0000000000000000 DR2:
0000000000000000
DR3:
0000000000000000 DR6:
00000000fffe0ff0 DR7:
0000000000000400
PKRU:
55555554
Call Trace:
drop_sysctl_table+0x152/0x9f0 fs/proc/proc_sysctl.c:1629
get_subdir fs/proc/proc_sysctl.c:1022 [inline]
__register_sysctl_table+0xd65/0x1090 fs/proc/proc_sysctl.c:1335
br_netfilter_init+0xbc/0x1000 [br_netfilter]
do_one_initcall+0xfa/0x5ca init/main.c:887
do_init_module+0x204/0x5f6 kernel/module.c:3460
load_module+0x66b2/0x8570 kernel/module.c:3808
__do_sys_finit_module+0x238/0x2a0 kernel/module.c:3902
do_syscall_64+0x147/0x600 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x462e99
Code: f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:
00007f072254ec58 EFLAGS:
00000246 ORIG_RAX:
0000000000000139
RAX:
ffffffffffffffda RBX:
000000000073bf00 RCX:
0000000000462e99
RDX:
0000000000000000 RSI:
0000000020000280 RDI:
0000000000000003
RBP:
00007f072254ec70 R08:
0000000000000000 R09:
0000000000000000
R10:
0000000000000000 R11:
0000000000000246 R12:
00007f072254f6bc
R13:
00000000004bcefa R14:
00000000006f6fb0 R15:
0000000000000004
Modules linked in: br_netfilter(+) dvb_usb_dibusb_mc_common dib3000mc dibx000_common dvb_usb_dibusb_common dvb_usb_dw2102 dvb_usb classmate_laptop palmas_regulator cn videobuf2_v4l2 v4l2_common snd_soc_bd28623 mptbase snd_usb_usx2y snd_usbmidi_lib snd_rawmidi wmi libnvdimm lockd sunrpc grace rc_kworld_pc150u rc_core rtc_da9063 sha1_ssse3 i2c_cros_ec_tunnel adxl34x_spi adxl34x nfnetlink lib80211 i5500_temp dvb_as102 dvb_core videobuf2_common videodev media videobuf2_vmalloc videobuf2_memops udc_core lnbp22 leds_lp3952 hid_roccat_ryos s1d13xxxfb mtd vport_geneve openvswitch nf_conncount nf_nat_ipv6 nsh geneve udp_tunnel ip6_udp_tunnel snd_soc_mt6351 sis_agp phylink snd_soc_adau1761_spi snd_soc_adau1761 snd_soc_adau17x1 snd_soc_core snd_pcm_dmaengine ac97_bus snd_compress snd_soc_adau_utils snd_soc_sigmadsp_regmap snd_soc_sigmadsp raid_class hid_roccat_konepure hid_roccat_common hid_roccat c2port_duramar2150 core mdio_bcm_unimac iptable_security iptable_raw iptable_mangle
iptable_nat nf_nat_ipv4 nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 iptable_filter bpfilter ip6_vti ip_vti ip_gre ipip sit tunnel4 ip_tunnel hsr veth netdevsim devlink vxcan batman_adv cfg80211 rfkill chnl_net caif nlmon dummy team bonding vcan bridge stp llc ip6_gre gre ip6_tunnel tunnel6 tun crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel joydev mousedev ide_pci_generic piix aesni_intel aes_x86_64 ide_core crypto_simd atkbd cryptd glue_helper serio_raw ata_generic pata_acpi i2c_piix4 floppy sch_fq_codel ip_tables x_tables ipv6 [last unloaded: lm73]
Dumping ftrace buffer:
(ftrace buffer empty)
---[ end trace
770020de38961fd0 ]---
A new dir entry can be created in get_subdir and its 'header->parent' is
set to NULL. Only after insert_header success, it will be set to 'dir',
otherwise 'header->parent' is set to NULL and drop_sysctl_table is called.
However in err handling path of get_subdir, drop_sysctl_table also be
called on 'new->header' regardless its value of parent pointer. Then
put_links is called, which triggers NULL-ptr deref when access member of
header->parent.
In fact we have multiple error paths which call drop_sysctl_table() there,
upon failure on insert_links() we also call drop_sysctl_table().And even
in the successful case on __register_sysctl_table() we still always call
drop_sysctl_table().This patch fix it.
Link: http://lkml.kernel.org/r/20190314085527.13244-1-yuehaibing@huawei.com
Fixes:
0e47c99d7fe25 ("sysctl: Replace root_list with links between sysctl_table_sets")
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Reported-by: Hulk Robot <hulkci@huawei.com>
Acked-by: Luis Chamberlain <mcgrof@kernel.org>
Cc: Kees Cook <keescook@chromium.org>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Alexei Starovoitov <ast@kernel.org>
Cc: Daniel Borkmann <daniel@iogearbox.net>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Eric W. Biederman <ebiederm@xmission.com>
Cc: <stable@vger.kernel.org> [3.4+]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Wentao Wang [Wed, 20 Mar 2019 15:30:39 +0000 (15:30 +0000)]
Disable kgdboc failed by echo space to /sys/module/kgdboc/parameters/kgdboc
commit
3ec8002951ea173e24b466df1ea98c56b7920e63 upstream.
Echo "" to /sys/module/kgdboc/parameters/kgdboc will fail with "No such
device” error.
This is caused by function "configure_kgdboc" who init err to ENODEV
when the config is empty (legal input) the code go out with ENODEV
returned.
Fixes:
2dd453168643 ("kgdboc: Fix restrict error")
Signed-off-by: Wentao Wang <witallwang@gmail.com>
Cc: stable <stable@vger.kernel.org>
Acked-by: Daniel Thompson <daniel.thompson@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Bjørn Mork [Wed, 27 Mar 2019 14:25:32 +0000 (15:25 +0100)]
USB: serial: option: add Olicard 600
commit
84f3b43f7378b98b7e3096d5499de75183d4347c upstream.
This is a Qualcomm based device with a QMI function on interface 4.
It is mode switched from 2020:2030 using a standard eject message.
T: Bus=01 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 6 Spd=480 MxCh= 0
D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS=64 #Cfgs= 1
P: Vendor=2020 ProdID=2031 Rev= 2.32
S: Manufacturer=Mobile Connect
S: Product=Mobile Connect
S: SerialNumber=
0123456789ABCDEF
C:* #Ifs= 6 Cfg#= 1 Atr=80 MxPwr=500mA
I:* If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none)
E: Ad=81(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=01(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 1 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=(none)
E: Ad=83(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
E: Ad=82(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=02(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 2 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=(none)
E: Ad=85(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
E: Ad=84(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=03(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 3 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=00 Prot=00 Driver=(none)
E: Ad=87(I) Atr=03(Int.) MxPS= 10 Ivl=32ms
E: Ad=86(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=04(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 4 Alt= 0 #EPs= 3 Cls=ff(vend.) Sub=ff Prot=ff Driver=(none)
E: Ad=89(I) Atr=03(Int.) MxPS= 8 Ivl=32ms
E: Ad=88(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=05(O) Atr=02(Bulk) MxPS= 512 Ivl=0ms
I:* If#= 5 Alt= 0 #EPs= 2 Cls=08(stor.) Sub=06 Prot=50 Driver=(none)
E: Ad=8a(I) Atr=02(Bulk) MxPS= 512 Ivl=0ms
E: Ad=06(O) Atr=02(Bulk) MxPS= 512 Ivl=125us
Cc: stable@vger.kernel.org
Signed-off-by: Bjørn Mork <bjorn@mork.no>
[ johan: use tabs to align comments in adjacent lines ]
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Mans Rullgard [Tue, 26 Feb 2019 17:07:10 +0000 (17:07 +0000)]
USB: serial: option: set driver_info for SIM5218 and compatibles
commit
f8df5c2c3e2df5ffaf9fb5503da93d477a8c7db4 upstream.
The SIMCom SIM5218 and compatible devices have 5 USB interfaces, only 4
of which are serial ports. The fifth is a network interface supported
by the qmi-wwan driver. Furthermore, the serial ports do not support
modem control signals. Add driver_info flags to reflect this.
Signed-off-by: Mans Rullgard <mans@mansr.com>
Fixes:
ec0cd94d881c ("usb: option: add SIMCom SIM5218")
Cc: stable <stable@vger.kernel.org> # 3.2
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Lin Yi [Wed, 20 Mar 2019 11:04:56 +0000 (19:04 +0800)]
USB: serial: mos7720: fix mos_parport refcount imbalance on error path
commit
2908b076f5198d231de62713cb2b633a3a4b95ac upstream.
The write_parport_reg_nonblock() helper takes a reference to the struct
mos_parport, but failed to release it in a couple of error paths after
allocation failures, leading to a memory leak.
Johan said that move the kref_get() and mos_parport assignment to the
end of urbtrack initialisation is a better way, so move it. and
mos_parport do not used until urbtrack initialisation.
Signed-off-by: Lin Yi <teroincn@163.com>
Fixes:
b69578df7e98 ("USB: usbserial: mos7720: add support for parallel port on moschip 7715")
Cc: stable <stable@vger.kernel.org> # 2.6.35
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
George McCollister [Tue, 5 Mar 2019 22:05:03 +0000 (16:05 -0600)]
USB: serial: ftdi_sio: add additional NovaTech products
commit
422c2537ba9d42320f8ab6573940269f87095320 upstream.
Add PIDs for the NovaTech OrionLX+ and Orion I/O so they can be
automatically detected.
Signed-off-by: George McCollister <george.mccollister@gmail.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Greg Kroah-Hartman [Wed, 27 Mar 2019 01:11:14 +0000 (10:11 +0900)]
USB: serial: cp210x: add new device id
commit
a595ecdd5f60b2d93863cebb07eec7f935839b54 upstream.
Lorenz Messtechnik has a device that is controlled by the cp210x driver,
so add the device id to the driver. The device id was provided by
Silicon-Labs for the devices from this vendor.
Reported-by: Uli <t9cpu@web.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Hoan Nguyen An [Mon, 18 Mar 2019 09:26:32 +0000 (18:26 +0900)]
serial: sh-sci: Fix setting SCSCR_TIE while transferring data
commit
93bcefd4c6bad4c69dbc4edcd3fbf774b24d930d upstream.
We disable transmission interrupt (clear SCSCR_TIE) after all data has been transmitted
(if uart_circ_empty(xmit)). While transmitting, if the data is still in the tty buffer,
re-enable the SCSCR_TIE bit, which was done at sci_start_tx().
This is unnecessary processing, wasting CPU operation if the data transmission length is large.
And further, transmit end, FIFO empty bits disabling have also been performed in the step above.
Signed-off-by: Hoan Nguyen An <na-hoan@jinso.co.jp>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Aditya Pakki [Mon, 18 Mar 2019 23:44:14 +0000 (18:44 -0500)]
serial: max310x: Fix to avoid potential NULL pointer dereference
commit
3a10e3dd52e80b9a97a3346020024d17b2c272d6 upstream.
of_match_device can return a NULL pointer when matching device is not
found. This patch avoids a scenario causing NULL pointer derefernce.
Signed-off-by: Aditya Pakki <pakki001@umn.edu>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Malcolm Priestley [Sun, 24 Mar 2019 18:53:49 +0000 (18:53 +0000)]
staging: vt6655: Fix interrupt race condition on device start up.
commit
3b9c2f2e0e99bb67c96abcb659b3465efe3bee1f upstream.
It appears on some slower systems that the driver can find its way
out of the workqueue while the interrupt is disabled by continuous polling
by it.
Move MACvIntEnable to vnt_interrupt_work so that it is always enabled
on all routes out of vnt_interrupt_process.
Move MACvIntDisable so that the device doesn't keep polling the system
while the workqueue is being processed.
Signed-off-by: Malcolm Priestley <tvboxspy@gmail.com>
CC: stable@vger.kernel.org # v4.2+
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Malcolm Priestley [Wed, 27 Mar 2019 18:45:26 +0000 (18:45 +0000)]
staging: vt6655: Remove vif check from vnt_interrupt
commit
cc26358f89c3e493b54766b1ca56cfc6b14db78a upstream.
A check for vif is made in vnt_interrupt_work.
There is a small chance of leaving interrupt disabled while vif
is NULL and the work hasn't been scheduled.
Signed-off-by: Malcolm Priestley <tvboxspy@gmail.com>
CC: stable@vger.kernel.org # v4.2+
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Kangjie Lu [Fri, 15 Mar 2019 17:16:06 +0000 (12:16 -0500)]
tty: atmel_serial: fix a potential NULL pointer dereference
commit
c85be041065c0be8bc48eda4c45e0319caf1d0e5 upstream.
In case dmaengine_prep_dma_cyclic fails, the fix returns a proper
error code to avoid NULL pointer dereference.
Signed-off-by: Kangjie Lu <kjlu@umn.edu>
Fixes:
34df42f59a60 ("serial: at91: add rx dma support")
Acked-by: Richard Genoud <richard.genoud@gmail.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Steffen Maier [Tue, 26 Mar 2019 13:36:59 +0000 (14:36 +0100)]
scsi: zfcp: fix scsi_eh host reset with port_forced ERP for non-NPIV FCP devices
commit
242ec1455151267fe35a0834aa9038e4c4670884 upstream.
Suppose more than one non-NPIV FCP device is active on the same channel.
Send I/O to storage and have some of the pending I/O run into a SCSI
command timeout, e.g. due to bit errors on the fibre. Now the error
situation stops. However, we saw FCP requests continue to timeout in the
channel. The abort will be successful, but the subsequent TUR fails.
Scsi_eh starts. The LUN reset fails. The target reset fails. The host
reset only did an FCP device recovery. However, for non-NPIV FCP devices,
this does not close and reopen ports on the SAN-side if other non-NPIV FCP
device(s) share the same open ports.
In order to resolve the continuing FCP request timeouts, we need to
explicitly close and reopen ports on the SAN-side.
This was missing since the beginning of zfcp in v2.6.0 history commit
ea127f975424 ("[PATCH] s390 (7/7): zfcp host adapter.").
Note: The FSF requests for forced port reopen could run into FSF request
timeouts due to other reasons. This would trigger an internal FCP device
recovery. Pending forced port reopen recoveries would get dismissed. So
some ports might not get fully reopened during this host reset handler.
However, subsequent I/O would trigger the above described escalation and
eventually all ports would be forced reopen to resolve any continuing FCP
request timeouts due to earlier bit errors.
Signed-off-by: Steffen Maier <maier@linux.ibm.com>
Fixes:
1da177e4c3f4 ("Linux-2.6.12-rc2")
Cc: <stable@vger.kernel.org> #3.0+
Reviewed-by: Jens Remus <jremus@linux.ibm.com>
Reviewed-by: Benjamin Block <bblock@linux.ibm.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Steffen Maier [Tue, 26 Mar 2019 13:36:58 +0000 (14:36 +0100)]
scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host
commit
fe67888fc007a76b81e37da23ce5bd8fb95890b0 upstream.
An already deleted SCSI device can exist on the Scsi_Host and remain there
because something still holds a reference. A new SCSI device with the same
H:C:T:L and FCP device, target port WWPN, and FCP LUN can be created. When
we try to unblock an rport, we still find the deleted SCSI device and
return early because the zfcp_scsi_dev of that SCSI device is not
ZFCP_STATUS_COMMON_UNBLOCKED. Hence we miss to unblock the rport, even if
the new proper SCSI device would be in good state.
Therefore, skip deleted SCSI devices when iterating the sdevs of the shost.
[cf. __scsi_device_lookup{_by_target}() or scsi_device_get()]
The following abbreviated trace sequence can indicate such problem:
Area : REC
Tag : ersfs_3
LUN : 0x4045400300000000
WWPN : 0x50050763031bd327
LUN status : 0x40000000 not ZFCP_STATUS_COMMON_UNBLOCKED
Ready count : n not incremented yet
Running count : 0x00000000
ERP want : 0x01
ERP need : 0xc1 ZFCP_ERP_ACTION_NONE
Area : REC
Tag : ersfs_3
LUN : 0x4045400300000000
WWPN : 0x50050763031bd327
LUN status : 0x41000000
Ready count : n+1
Running count : 0x00000000
ERP want : 0x01
ERP need : 0x01
...
Area : REC
Level : 4 only with increased trace level
Tag : ertru_l
LUN : 0x4045400300000000
WWPN : 0x50050763031bd327
LUN status : 0x40000000
Request ID : 0x0000000000000000
ERP status : 0x01800000
ERP step : 0x1000
ERP action : 0x01
ERP count : 0x00
NOT followed by a trace record with tag "scpaddy"
for WWPN 0x50050763031bd327.
Signed-off-by: Steffen Maier <maier@linux.ibm.com>
Fixes:
6f2ce1c6af37 ("scsi: zfcp: fix rport unblock race with LUN recovery")
Cc: <stable@vger.kernel.org> #2.6.32+
Reviewed-by: Jens Remus <jremus@linux.ibm.com>
Reviewed-by: Benjamin Block <bblock@linux.ibm.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Bart Van Assche [Mon, 25 Mar 2019 17:01:46 +0000 (10:01 -0700)]
scsi: sd: Fix a race between closing an sd device and sd I/O
commit
c14a57264399efd39514a2329c591a4b954246d8 upstream.
The scsi_end_request() function calls scsi_cmd_to_driver() indirectly and
hence needs the disk->private_data pointer. Avoid that that pointer is
cleared before all affected I/O requests have finished. This patch avoids
that the following crash occurs:
Unable to handle kernel NULL pointer dereference at virtual address
0000000000000000
Call trace:
scsi_mq_uninit_cmd+0x1c/0x30
scsi_end_request+0x7c/0x1b8
scsi_io_completion+0x464/0x668
scsi_finish_command+0xbc/0x160
scsi_eh_flush_done_q+0x10c/0x170
sas_scsi_recover_host+0x84c/0xa98 [libsas]
scsi_error_handler+0x140/0x5b0
kthread+0x100/0x12c
ret_from_fork+0x10/0x18
Cc: Christoph Hellwig <hch@lst.de>
Cc: Ming Lei <ming.lei@redhat.com>
Cc: Hannes Reinecke <hare@suse.com>
Cc: Johannes Thumshirn <jthumshirn@suse.de>
Cc: Jason Yan <yanaijie@huawei.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Bart Van Assche <bvanassche@acm.org>
Reported-by: Jason Yan <yanaijie@huawei.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Takashi Iwai [Mon, 25 Mar 2019 09:38:58 +0000 (10:38 +0100)]
ALSA: pcm: Don't suspend stream in unrecoverable PCM state
commit
113ce08109f8e3b091399e7cc32486df1cff48e7 upstream.
Currently PCM core sets each opened stream forcibly to SUSPENDED state
via snd_pcm_suspend_all() call, and the user-space is responsible for
re-triggering the resume manually either via snd_pcm_resume() or
prepare call. The scheme works fine usually, but there are corner
cases where the stream can't be resumed by that call: the streams
still in OPEN state before finishing hw_params. When they are
suspended, user-space cannot perform resume or prepare because they
haven't been set up yet. The only possible recovery is to re-open the
device, which isn't nice at all. Similarly, when a stream is in
DISCONNECTED state, it makes no sense to change it to SUSPENDED
state. Ditto for in SETUP state; which you can re-prepare directly.
So, this patch addresses these issues by filtering the PCM streams to
be suspended by checking the PCM state. When a stream is in either
OPEN, SETUP or DISCONNECTED as well as already SUSPENDED, the suspend
action is skipped.
To be noted, this problem was originally reported for the PCM runtime
PM on HD-audio. And, the runtime PM problem itself was already
addressed (although not intended) by the code refactoring commits
3d21ef0b49f8 ("ALSA: pcm: Suspend streams globally via device type PM
ops") and
17bc4815de58 ("ALSA: pci: Remove superfluous
snd_pcm_suspend*() calls"). These commits eliminated the
snd_pcm_suspend*() calls from the runtime PM suspend callback code
path, hence the racy OPEN state won't appear while runtime PM.
(FWIW, the race window is between snd_pcm_open_substream() and the
first power up in azx_pcm_open().)
Although the runtime PM issue was already "fixed", the same problem is
still present for the system PM, hence this patch is still needed.
And for stable trees, this patch alone should suffice for fixing the
runtime PM problem, too.
Reported-and-tested-by: Jon Hunter <jonathanh@nvidia.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Takashi Iwai [Fri, 22 Mar 2019 15:00:54 +0000 (16:00 +0100)]
ALSA: pcm: Fix possible OOB access in PCM oss plugins
commit
ca0214ee2802dd47239a4e39fb21c5b00ef61b22 upstream.
The PCM OSS emulation converts and transfers the data on the fly via
"plugins". The data is converted over the dynamically allocated
buffer for each plugin, and recently syzkaller caught OOB in this
flow.
Although the bisection by syzbot pointed out to the commit
65766ee0bf7f ("ALSA: oss: Use kvzalloc() for local buffer
allocations"), this is merely a commit to replace vmalloc() with
kvmalloc(), hence it can't be the cause. The further debug action
revealed that this happens in the case where a slave PCM doesn't
support only the stereo channels while the OSS stream is set up for a
mono channel. Below is a brief explanation:
At each OSS parameter change, the driver sets up the PCM hw_params
again in snd_pcm_oss_change_params_lock(). This is also the place
where plugins are created and local buffers are allocated. The
problem is that the plugins are created before the final hw_params is
determined. Namely, two snd_pcm_hw_param_near() calls for setting the
period size and periods may influence on the final result of channels,
rates, etc, too, while the current code has already created plugins
beforehand with the premature values. So, the plugin believes that
channels=1, while the actual I/O is with channels=2, which makes the
driver reading/writing over the allocated buffer size.
The fix is simply to move the plugin allocation code after the final
hw_params call.
Reported-by: syzbot+d4503ae45b65c5bc1194@syzkaller.appspotmail.com
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Gustavo A. R. Silva [Wed, 20 Mar 2019 23:42:01 +0000 (18:42 -0500)]
ALSA: seq: oss: Fix Spectre v1 vulnerability
commit
c709f14f0616482b67f9fbcb965e1493a03ff30b upstream.
dev is indirectly controlled by user-space, hence leading to
a potential exploitation of the Spectre variant 1 vulnerability.
This issue was detected with the help of Smatch:
sound/core/seq/oss/seq_oss_synth.c:626 snd_seq_oss_synth_make_info() warn: potential spectre issue 'dp->synths' [w] (local cap)
Fix this by sanitizing dev before using it to index dp->synths.
Notice that given that speculation windows are large, the policy is
to kill the speculation on the first load and not worry if it can be
completed with a dependent load/store [1].
[1] https://lore.kernel.org/lkml/
20180423164740.GY17484@dhcp22.suse.cz/
Cc: stable@vger.kernel.org
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Gustavo A. R. Silva [Wed, 20 Mar 2019 21:15:24 +0000 (16:15 -0500)]
ALSA: rawmidi: Fix potential Spectre v1 vulnerability
commit
2b1d9c8f87235f593826b9cf46ec10247741fff9 upstream.
info->stream is indirectly controlled by user-space, hence leading to
a potential exploitation of the Spectre variant 1 vulnerability.
This issue was detected with the help of Smatch:
sound/core/rawmidi.c:604 __snd_rawmidi_info_select() warn: potential spectre issue 'rmidi->streams' [r] (local cap)
Fix this by sanitizing info->stream before using it to index
rmidi->streams.
Notice that given that speculation windows are large, the policy is
to kill the speculation on the first load and not worry if it can be
completed with a dependent load/store [1].
[1] https://lore.kernel.org/lkml/
20180423164740.GY17484@dhcp22.suse.cz/
Cc: stable@vger.kernel.org
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Ravindra Lokhande [Mon, 7 Dec 2015 06:38:31 +0000 (12:08 +0530)]
ALSA: compress: add support for 32bit calls in a 64bit kernel
commit
c10368897e104c008c610915a218f0fe5fa4ec96 upstream.
Compress offload does not support ioctl calls from a 32bit userspace
in a 64 bit kernel. This patch adds support for ioctls from a 32bit
userspace in a 64bit kernel
Signed-off-by: Ravindra Lokhande <rlokhande@nvidia.com>
Acked-by: Vinod Koul <vinod.koul@intel.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Kohji Okuno [Tue, 26 Feb 2019 02:34:13 +0000 (11:34 +0900)]
ARM: imx6q: cpuidle: fix bug that CPU might not wake up at expected time
commit
91740fc8242b4f260cfa4d4536d8551804777fae upstream.
In the current cpuidle implementation for i.MX6q, the CPU that sets
'WAIT_UNCLOCKED' and the CPU that returns to 'WAIT_CLOCKED' are always
the same. While the CPU that sets 'WAIT_UNCLOCKED' is in IDLE state of
"WAIT", if the other CPU wakes up and enters IDLE state of "WFI"
istead of "WAIT", this CPU can not wake up at expired time.
Because, in the case of "WFI", the CPU must be waked up by the local
timer interrupt. But, while 'WAIT_UNCLOCKED' is set, the local timer
is stopped, when all CPUs execute "wfi" instruction. As a result, the
local timer interrupt is not fired.
In this situation, this CPU will wake up by IRQ different from local
timer. (e.g. broacast timer)
So, this fix changes CPU to return to 'WAIT_CLOCKED'.
Signed-off-by: Kohji Okuno <okuno.kohji@jp.panasonic.com>
Fixes:
e5f9dec8ff5f ("ARM: imx6q: support WAIT mode using cpuidle")
Cc: <stable@vger.kernel.org>
Signed-off-by: Shawn Guo <shawnguo@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Andrea Righi [Thu, 14 Mar 2019 07:56:28 +0000 (08:56 +0100)]
btrfs: raid56: properly unmap parity page in finish_parity_scrub()
commit
3897b6f0a859288c22fb793fad11ec2327e60fcd upstream.
Parity page is incorrectly unmapped in finish_parity_scrub(), triggering
a reference counter bug on i386, i.e.:
[ 157.662401] kernel BUG at mm/highmem.c:349!
[ 157.666725] invalid opcode: 0000 [#1] SMP PTI
The reason is that kunmap(p_page) was completely left out, so we never
did an unmap for the p_page and the loop unmapping the rbio page was
iterating over the wrong number of stripes: unmapping should be done
with nr_data instead of rbio->real_stripes.
Test case to reproduce the bug:
- create a raid5 btrfs filesystem:
# mkfs.btrfs -m raid5 -d raid5 /dev/sdb /dev/sdc /dev/sdd /dev/sde
- mount it:
# mount /dev/sdb /mnt
- run btrfs scrub in a loop:
# while :; do btrfs scrub start -BR /mnt; done
BugLink: https://bugs.launchpad.net/bugs/1812845
Fixes:
5a6ac9eacb49 ("Btrfs, raid56: support parity scrub on raid56")
CC: stable@vger.kernel.org # 4.4+
Reviewed-by: Johannes Thumshirn <jthumshirn@suse.de>
Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Josef Bacik [Wed, 6 Mar 2019 22:13:04 +0000 (17:13 -0500)]
btrfs: remove WARN_ON in log_dir_items
commit
2cc8334270e281815c3850c3adea363c51f21e0d upstream.
When Filipe added the recursive directory logging stuff in
2f2ff0ee5e430 ("Btrfs: fix metadata inconsistencies after directory
fsync") he specifically didn't take the directory i_mutex for the
children directories that we need to log because of lockdep. This is
generally fine, but can lead to this WARN_ON() tripping if we happen to
run delayed deletion's in between our first search and our second search
of dir_item/dir_indexes for this directory. We expect this to happen,
so the WARN_ON() isn't necessary. Drop the WARN_ON() and add a comment
so we know why this case can happen.
CC: stable@vger.kernel.org # 4.4+
Reviewed-by: Filipe Manana <fdmanana@suse.com>
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Finn Thain [Sat, 16 Mar 2019 03:21:19 +0000 (14:21 +1100)]
mac8390: Fix mmio access size probe
[ Upstream commit
bb9e5c5bcd76f4474eac3baf643d7a39f7bac7bb ]
The bug that Stan reported is as follows. After a restart, a 16-bit NIC
may be incorrectly identified as a 32-bit NIC and stop working.
mac8390 slot.E: Memory length resource not found, probing
mac8390 slot.E: Farallon EtherMac II-C (type farallon)
mac8390 slot.E: MAC 00:00:c5:30:c2:99, IRQ 61, 32 KB shared memory at 0xfeed0000, 32-bit access.
The bug never arises after a cold start and only intermittently after a
warm start. (I didn't investigate why the bug is intermittent.)
It turns out that memcpy_toio() is deprecated and memcmp_withio() also
has issues. Replacing these calls with mmio accessors fixes the problem.
Reported-and-tested-by: Stan Johnson <userm57@yahoo.com>
Fixes:
2964db0f5904 ("m68k: Mac DP8390 update")
Signed-off-by: Finn Thain <fthain@telegraphics.com.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Xin Long [Mon, 18 Mar 2019 11:47:00 +0000 (19:47 +0800)]
sctp: get sctphdr by offset in sctp_compute_cksum
[ Upstream commit
273160ffc6b993c7c91627f5a84799c66dfe4dee ]
sctp_hdr(skb) only works when skb->transport_header is set properly.
But in Netfilter, skb->transport_header for ipv6 is not guaranteed
to be right value for sctphdr. It would cause to fail to check the
checksum for sctp packets.
So fix it by using offset, which is always right in all places.
v1->v2:
- Fix the changelog.
Fixes:
e6d8b64b34aa ("net: sctp: fix and consolidate SCTP checksumming code")
Reported-by: Li Shuang <shuali@redhat.com>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Zhiqiang Liu [Sat, 16 Mar 2019 09:02:54 +0000 (17:02 +0800)]
vxlan: Don't call gro_cells_destroy() before device is unregistered
[ Upstream commit
cc4807bb609230d8959fd732b0bf3bd4c2de8eac ]
Commit
ad6c9986bcb62 ("vxlan: Fix GRO cells race condition between
receive and link delete") fixed a race condition for the typical case a vxlan
device is dismantled from the current netns. But if a netns is dismantled,
vxlan_destroy_tunnels() is called to schedule a unregister_netdevice_queue()
of all the vxlan tunnels that are related to this netns.
In vxlan_destroy_tunnels(), gro_cells_destroy() is called and finished before
unregister_netdevice_queue(). This means that the gro_cells_destroy() call is
done too soon, for the same reasons explained in above commit.
So we need to fully respect the RCU rules, and thus must remove the
gro_cells_destroy() call or risk use after-free.
Fixes:
58ce31cca1ff ("vxlan: GRO support at tunnel layer")
Signed-off-by: Suanming.Mou <mousuanming@huawei.com>
Suggested-by: Eric Dumazet <eric.dumazet@gmail.com>
Reviewed-by: Stefano Brivio <sbrivio@redhat.com>
Reviewed-by: Zhiqiang Liu <liuzhiqiang26@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Eric Dumazet [Tue, 19 Mar 2019 12:45:35 +0000 (05:45 -0700)]
tcp: do not use ipv6 header for ipv4 flow
[ Upstream commit
89e4130939a20304f4059ab72179da81f5347528 ]
When a dual stack tcp listener accepts an ipv4 flow,
it should not attempt to use an ipv6 header or tcp_v6_iif() helper.
Fixes:
1397ed35f22d ("ipv6: add flowinfo for tcp6 pkt_options for all cases")
Fixes:
df3687ffc665 ("ipv6: add the IPV6_FL_F_REFLECT flag to IPV6_FL_A_GET")
Fixes:
1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Maxime Chevallier [Sat, 16 Mar 2019 13:41:30 +0000 (14:41 +0100)]
packets: Always register packet sk in the same order
[ Upstream commit
a4dc6a49156b1f8d6e17251ffda17c9e6a5db78a ]
When using fanouts with AF_PACKET, the demux functions such as
fanout_demux_cpu will return an index in the fanout socket array, which
corresponds to the selected socket.
The ordering of this array depends on the order the sockets were added
to a given fanout group, so for FANOUT_CPU this means sockets are bound
to cpus in the order they are configured, which is OK.
However, when stopping then restarting the interface these sockets are
bound to, the sockets are reassigned to the fanout group in the reverse
order, due to the fact that they were inserted at the head of the
interface's AF_PACKET socket list.
This means that traffic that was directed to the first socket in the
fanout group is now directed to the last one after an interface restart.
In the case of FANOUT_CPU, traffic from CPU0 will be directed to the
socket that used to receive traffic from the last CPU after an interface
restart.
This commit introduces a helper to add a socket at the tail of a list,
then uses it to register AF_PACKET sockets.
Note that this changes the order in which sockets are listed in /proc and
with sock_diag.
Fixes:
dc99f600698d ("packet: Add fanout support")
Signed-off-by: Maxime Chevallier <maxime.chevallier@bootlin.com>
Acked-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
David S. Miller [Sat, 23 Apr 2016 22:26:24 +0000 (18:26 -0400)]
Add hlist_add_tail_rcu() (Merge git://git./linux/kernel/git/davem/net)
commit
1602f49b58abcb0d34a5f0a29d68e7c1769547aa upstream.
[This commit was a merge, but it added hlist_add_tail_rcu(), which is what we
need in this stable tree, so I've changed the subject to be more descriptive
- gregkh]
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Eric Dumazet [Fri, 15 Mar 2019 17:41:14 +0000 (10:41 -0700)]
net: rose: fix a possible stack overflow
[ Upstream commit
e5dcc0c3223c45c94100f05f28d8ef814db3d82c ]
rose_write_internal() uses a temp buffer of 100 bytes, but a manual
inspection showed that given arbitrary input, rose_create_facilities()
can fill up to 110 bytes.
Lets use a tailroom of 256 bytes for peace of mind, and remove
the bounce buffer : we can simply allocate a big enough skb
and adjust its length as needed.
syzbot report :
BUG: KASAN: stack-out-of-bounds in memcpy include/linux/string.h:352 [inline]
BUG: KASAN: stack-out-of-bounds in rose_create_facilities net/rose/rose_subr.c:521 [inline]
BUG: KASAN: stack-out-of-bounds in rose_write_internal+0x597/0x15d0 net/rose/rose_subr.c:116
Write of size 7 at addr
ffff88808b1ffbef by task syz-executor.0/24854
CPU: 0 PID: 24854 Comm: syz-executor.0 Not tainted 5.0.0+ #97
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x172/0x1f0 lib/dump_stack.c:113
print_address_description.cold+0x7c/0x20d mm/kasan/report.c:187
kasan_report.cold+0x1b/0x40 mm/kasan/report.c:317
check_memory_region_inline mm/kasan/generic.c:185 [inline]
check_memory_region+0x123/0x190 mm/kasan/generic.c:191
memcpy+0x38/0x50 mm/kasan/common.c:131
memcpy include/linux/string.h:352 [inline]
rose_create_facilities net/rose/rose_subr.c:521 [inline]
rose_write_internal+0x597/0x15d0 net/rose/rose_subr.c:116
rose_connect+0x7cb/0x1510 net/rose/af_rose.c:826
__sys_connect+0x266/0x330 net/socket.c:1685
__do_sys_connect net/socket.c:1696 [inline]
__se_sys_connect net/socket.c:1693 [inline]
__x64_sys_connect+0x73/0xb0 net/socket.c:1693
do_syscall_64+0x103/0x610 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x458079
Code: ad b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:
00007f47b8d9dc78 EFLAGS:
00000246 ORIG_RAX:
000000000000002a
RAX:
ffffffffffffffda RBX:
0000000000000003 RCX:
0000000000458079
RDX:
000000000000001c RSI:
0000000020000040 RDI:
0000000000000004
RBP:
000000000073bf00 R08:
0000000000000000 R09:
0000000000000000
R10:
0000000000000000 R11:
0000000000000246 R12:
00007f47b8d9e6d4
R13:
00000000004be4a4 R14:
00000000004ceca8 R15:
00000000ffffffff
The buggy address belongs to the page:
page:
ffffea00022c7fc0 count:0 mapcount:0 mapping:
0000000000000000 index:0x0
flags: 0x1fffc0000000000()
raw:
01fffc0000000000 0000000000000000 ffffffff022c0101 0000000000000000
raw:
0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff88808b1ffa80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ffff88808b1ffb00: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 00 03
>
ffff88808b1ffb80: f2 f2 00 00 00 00 00 00 00 00 00 00 00 00 04 f3
^
ffff88808b1ffc00: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
ffff88808b1ffc80: 00 00 00 00 00 00 00 f1 f1 f1 f1 f1 f1 01 f2 01
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Christoph Paasch [Tue, 19 Mar 2019 06:14:52 +0000 (23:14 -0700)]
net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec
[ Upstream commit
398f0132c14754fcd03c1c4f8e7176d001ce8ea1 ]
Since commit
fc62814d690c ("net/packet: fix 4gb buffer limit due to overflow check")
one can now allocate packet ring buffers >= UINT_MAX. However, syzkaller
found that that triggers a warning:
[ 21.100000] WARNING: CPU: 2 PID: 2075 at mm/page_alloc.c:4584 __alloc_pages_nod0
[ 21.101490] Modules linked in:
[ 21.101921] CPU: 2 PID: 2075 Comm: syz-executor.0 Not tainted 5.0.0 #146
[ 21.102784] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 0.5.1 01/01/2011
[ 21.103887] RIP: 0010:__alloc_pages_nodemask+0x2a0/0x630
[ 21.104640] Code: fe ff ff 65 48 8b 04 25 c0 de 01 00 48 05 90 0f 00 00 41 bd 01 00 00 00 48 89 44 24 48 e9 9c fe 3
[ 21.107121] RSP: 0018:
ffff88805e1cf920 EFLAGS:
00010246
[ 21.107819] RAX:
0000000000000000 RBX:
ffffffff85a488a0 RCX:
0000000000000000
[ 21.108753] RDX:
0000000000000000 RSI:
dffffc0000000000 RDI:
0000000000000000
[ 21.109699] RBP:
1ffff1100bc39f28 R08:
ffffed100bcefb67 R09:
ffffed100bcefb67
[ 21.110646] R10:
0000000000000001 R11:
ffffed100bcefb66 R12:
000000000000000d
[ 21.111623] R13:
0000000000000000 R14:
ffff88805e77d888 R15:
000000000000000d
[ 21.112552] FS:
00007f7c7de05700(0000) GS:
ffff88806d100000(0000) knlGS:
0000000000000000
[ 21.113612] CS: 0010 DS: 0000 ES: 0000 CR0:
0000000080050033
[ 21.114405] CR2:
000000000065c000 CR3:
000000005e58e006 CR4:
00000000001606e0
[ 21.115367] Call Trace:
[ 21.115705] ? __alloc_pages_slowpath+0x21c0/0x21c0
[ 21.116362] alloc_pages_current+0xac/0x1e0
[ 21.116923] kmalloc_order+0x18/0x70
[ 21.117393] kmalloc_order_trace+0x18/0x110
[ 21.117949] packet_set_ring+0x9d5/0x1770
[ 21.118524] ? packet_rcv_spkt+0x440/0x440
[ 21.119094] ? lock_downgrade+0x620/0x620
[ 21.119646] ? __might_fault+0x177/0x1b0
[ 21.120177] packet_setsockopt+0x981/0x2940
[ 21.120753] ? __fget+0x2fb/0x4b0
[ 21.121209] ? packet_release+0xab0/0xab0
[ 21.121740] ? sock_has_perm+0x1cd/0x260
[ 21.122297] ? selinux_secmark_relabel_packet+0xd0/0xd0
[ 21.123013] ? __fget+0x324/0x4b0
[ 21.123451] ? selinux_netlbl_socket_setsockopt+0x101/0x320
[ 21.124186] ? selinux_netlbl_sock_rcv_skb+0x3a0/0x3a0
[ 21.124908] ? __lock_acquire+0x529/0x3200
[ 21.125453] ? selinux_socket_setsockopt+0x5d/0x70
[ 21.126075] ? __sys_setsockopt+0x131/0x210
[ 21.126533] ? packet_release+0xab0/0xab0
[ 21.127004] __sys_setsockopt+0x131/0x210
[ 21.127449] ? kernel_accept+0x2f0/0x2f0
[ 21.127911] ? ret_from_fork+0x8/0x50
[ 21.128313] ? do_raw_spin_lock+0x11b/0x280
[ 21.128800] __x64_sys_setsockopt+0xba/0x150
[ 21.129271] ? lockdep_hardirqs_on+0x37f/0x560
[ 21.129769] do_syscall_64+0x9f/0x450
[ 21.130182] entry_SYSCALL_64_after_hwframe+0x49/0xbe
We should allocate with __GFP_NOWARN to handle this.
Cc: Kal Conley <kal.conley@dectris.com>
Cc: Andrey Konovalov <andreyknvl@google.com>
Fixes:
fc62814d690c ("net/packet: fix 4gb buffer limit due to overflow check")
Signed-off-by: Christoph Paasch <cpaasch@apple.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Bjorn Helgaas [Mon, 18 Mar 2019 13:51:06 +0000 (08:51 -0500)]
mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S
[ Upstream commit
fae846e2b7124d4b076ef17791c73addf3b26350 ]
The device ID alone does not uniquely identify a device. Test both the
vendor and device ID to make sure we don't mistakenly think some other
vendor's 0xB410 device is a Digium HFC4S. Also, instead of the bare hex
ID, use the same constant (PCI_DEVICE_ID_DIGIUM_HFC4S) used in the device
ID table.
No functional change intended.
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Eric Dumazet [Tue, 19 Mar 2019 12:46:18 +0000 (05:46 -0700)]
dccp: do not use ipv6 header for ipv4 flow
[ Upstream commit
e0aa67709f89d08c8d8e5bdd9e0b649df61d0090 ]
When a dual stack dccp listener accepts an ipv4 flow,
it should not attempt to use an ipv6 header or
inet6_iif() helper.
Fixes:
3df80d9320bc ("[DCCP]: Introduce DCCPv6")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Bhadram Varka [Fri, 27 Oct 2017 02:52:02 +0000 (08:22 +0530)]
stmmac: copy unicast mac address to MAC registers
[ Upstream commit
a830405ee452ddc4101c3c9334e6fedd42c6b357 ]
Currently stmmac driver not copying the valid ethernet
MAC address to MAC registers. This patch takes care
of updating the MAC register with MAC address.
Signed-off-by: Bhadram Varka <vbhadram@nvidia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Johannes Berg [Mon, 9 Jan 2017 10:10:42 +0000 (11:10 +0100)]
cfg80211: size various nl80211 messages correctly
[ Upstream commit
4ef8c1c93f848e360754f10eb2e7134c872b6597 ]
Ilan reported that sometimes nl80211 messages weren't working if
the frames being transported got very large, which was really a
problem for userspace-to-kernel messages, but prompted me to look
at the code.
Upon review, I found various places where variable-length data is
transported in an nl80211 message but the message isn't allocated
taking that into account. This shouldn't cause any problems since
the frames aren't really that long, apart in one place where two
(possibly very long frames) might not fit.
Fix all the places (that I found) that get variable length data
from the driver and put it into a message to take the length of
the variable data into account. The 100 there is just a safe
constant for the remaining message overhead (it's usually around
50 for most messages.)
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Chaotian Jing [Thu, 19 May 2016 08:47:42 +0000 (16:47 +0800)]
mmc: mmc: fix switch timeout issue caused by jiffies precision
[ Upstream commit
987aa5f8059613bf85cbb6f64ffbd34f5cb7a9d1 ]
with CONFIG_HZ=100, the precision of jiffies is 10ms, and the
generic_cmd6_time of some card is also 10ms. then, may be current
time is only 5ms, but already timed out caused by jiffies precision.
Signed-off-by: Chaotian Jing <chaotian.jing@mediatek.com>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Ezequiel Garcia [Wed, 27 Apr 2016 16:55:28 +0000 (13:55 -0300)]
arm64: kconfig: drop CONFIG_RTC_LIB dependency
[ Upstream commit
99a507771fa57238dc7ffe674ae06090333d02c9 ]
The rtc-lib dependency is not required, and seems it was just
copy-pasted from ARM's Kconfig. If platform requires rtc-lib,
they should select it individually.
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Ezequiel Garcia <ezequiel@vanguardiasur.com.ar>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Christoffer Dall [Tue, 3 Jul 2018 15:43:09 +0000 (17:43 +0200)]
video: fbdev: Set pixclock = 0 in goldfishfb
[ Upstream commit
ace6033ec5c356615eaa3582fb1946e9eaff6662 ]
User space Android code identifies pixclock == 0 as a sign for emulation
and will set the frame rate to 60 fps when reading this value, which is
the desired outcome.
Signed-off-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Roman Kiryanov <rkir@google.com>
Signed-off-by: Bartlomiej Zolnierkiewicz <b.zolnierkie@samsung.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Lianwei Wang [Fri, 10 Jun 2016 06:43:28 +0000 (23:43 -0700)]
cpu/hotplug: Handle unbalanced hotplug enable/disable
[ Upstream commit
01b41159066531cc8d664362ff0cd89dd137bbfa ]
When cpu_hotplug_enable() is called unbalanced w/o a preceeding
cpu_hotplug_disable() the code emits a warning, but happily decrements the
disabled counter. This causes the next operations to malfunction.
Prevent the decrement and just emit a warning.
Signed-off-by: Lianwei Wang <lianwei.wang@gmail.com>
Cc: peterz@infradead.org
Cc: linux-pm@vger.kernel.org
Cc: oleg@redhat.com
Link: http://lkml.kernel.org/r/1465541008-12476-1-git-send-email-lianwei.wang@gmail.com
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Xerox Lin [Wed, 29 Jun 2016 09:04:21 +0000 (14:34 +0530)]
usb: gadget: rndis: free response queue during REMOTE_NDIS_RESET_MSG
[ Upstream commit
207707d8fd48ebc977fb2b2794004a020e1ee08e ]
When rndis data transfer is in progress, some Windows7 Host PC is not
sending the GET_ENCAPSULATED_RESPONSE command for receiving the response
for the previous SEND_ENCAPSULATED_COMMAND processed.
The rndis function driver appends each response for the
SEND_ENCAPSULATED_COMMAND in a queue. As the above process got corrupted,
the Host sends a REMOTE_NDIS_RESET_MSG command to do a soft-reset.
As the rndis response queue is not freed, the previous response is sent
as a part of this REMOTE_NDIS_RESET_MSG's reset response and the Host
block any more Rndis transfers.
Hence free the rndis response queue as a part of this soft-reset so that
the correct response for REMOTE_NDIS_RESET_MSG is sent properly during the
response command.
Signed-off-by: Rajkumar Raghupathy <raghup@codeaurora.org>
Signed-off-by: Xerox Lin <xerox_lin@htc.com>
[AmitP: Cherry-picked this patch and folded other relevant
fixes from Android common kernel android-4.4]
Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Winter Wang [Wed, 27 Jul 2016 02:03:19 +0000 (10:03 +0800)]
usb: gadget: configfs: add mutex lock before unregister gadget
[ Upstream commit
cee51c33f52ebf673a088a428ac0fecc33ab77fa ]
There may be a race condition if f_fs calls unregister_gadget_item in
ffs_closed() when unregister_gadget is called by UDC store at the same time.
this leads to a kernel NULL pointer dereference:
[ 310.644928] Unable to handle kernel NULL pointer dereference at virtual address
00000004
[ 310.645053] init: Service 'adbd' is being killed...
[ 310.658938] pgd =
c9528000
[ 310.662515] [
00000004] *pgd=
19451831, *pte=
00000000, *ppte=
00000000
[ 310.669702] Internal error: Oops: 817 [#1] PREEMPT SMP ARM
[ 310.675211] Modules linked in:
[ 310.678294] CPU: 0 PID: 1537 Comm: ->transport Not tainted
4.1.15-03725-g793404c #2
[ 310.685958] Hardware name: Freescale i.MX6 Quad/DualLite (Device Tree)
[ 310.692493] task:
c8e24200 ti:
c945e000 task.ti:
c945e000
[ 310.697911] PC is at usb_gadget_unregister_driver+0xb4/0xd0
[ 310.703502] LR is at __mutex_lock_slowpath+0x10c/0x16c
[ 310.708648] pc : [<
c075efc0>] lr : [<
c0bfb0bc>] psr:
600f0113
<snip..>
[ 311.565585] [<
c075efc0>] (usb_gadget_unregister_driver) from [<
c075e2b8>] (unregister_gadget_item+0x1c/0x34)
[ 311.575426] [<
c075e2b8>] (unregister_gadget_item) from [<
c076fcc8>] (ffs_closed+0x8c/0x9c)
[ 311.583702] [<
c076fcc8>] (ffs_closed) from [<
c07736b8>] (ffs_data_reset+0xc/0xa0)
[ 311.591194] [<
c07736b8>] (ffs_data_reset) from [<
c07738ac>] (ffs_data_closed+0x90/0xd0)
[ 311.599208] [<
c07738ac>] (ffs_data_closed) from [<
c07738f8>] (ffs_ep0_release+0xc/0x14)
[ 311.607224] [<
c07738f8>] (ffs_ep0_release) from [<
c023e030>] (__fput+0x80/0x1d0)
[ 311.614635] [<
c023e030>] (__fput) from [<
c014e688>] (task_work_run+0xb0/0xe8)
[ 311.621788] [<
c014e688>] (task_work_run) from [<
c010afdc>] (do_work_pending+0x7c/0xa4)
[ 311.629718] [<
c010afdc>] (do_work_pending) from [<
c010770c>] (work_pending+0xc/0x20)
for functions using functionFS, i.e. android adbd will close /dev/usb-ffs/adb/ep0
when usb IO thread fails, but switch adb from on to off also triggers write
"none" > UDC. These 2 operations both call unregister_gadget, which will lead
to the panic above.
add a mutex before calling unregister_gadget for api used in f_fs.
Signed-off-by: Winter Wang <wente.wang@nxp.com>
Signed-off-by: Felipe Balbi <felipe.balbi@linux.intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Hannes Frederic Sowa [Sat, 11 Jun 2016 18:32:06 +0000 (20:32 +0200)]
ipv6: fix endianness error in icmpv6_err
[ Upstream commit
dcb94b88c09ce82a80e188d49bcffdc83ba215a6 ]
IPv6 ping socket error handler doesn't correctly convert the new 32 bit
mtu to host endianness before using.
Cc: Lorenzo Colitti <lorenzo@google.com>
Fixes:
6d0bfe22611602f ("net: ipv6: Add IPv6 support to the ping socket.")
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Acked-by: Lorenzo Colitti <lorenzo@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Alexander Shishkin [Fri, 4 Mar 2016 14:48:14 +0000 (16:48 +0200)]
stm class: Fix stm device initialization order
[ Upstream commit
389b6699a2aa0b457aa69986e9ddf39f3b4030fd ]
Currently, stm_register_device() makes the device visible and then
proceeds to initializing spinlocks and other properties, which leaves
a window when the device can already be opened but is not yet fully
operational.
Fix this by reversing the initialization order.
Reported-by: Alan Cox <alan.cox@intel.com>
Signed-off-by: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Reviewed-by: Laurent Fert <laurent.fert@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Alexander Shishkin [Fri, 4 Mar 2016 14:36:10 +0000 (16:36 +0200)]
stm class: Do not leak the chrdev in error path
[ Upstream commit
cbe4a61d1ddc4790d950ca8c33ef79ee68ef5e2b ]
Currently, the error path of stm_register_device() forgets to unregister
the chrdev. Fix this.
Reported-by: Alan Cox <alan.cox@intel.com>
Signed-off-by: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Reviewed-by: Laurent Fert <laurent.fert@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
James Morse [Wed, 27 Apr 2016 16:47:11 +0000 (17:47 +0100)]
PM / Hibernate: Call flush_icache_range() on pages restored in-place
[ Upstream commit
f6cf0545ec697ddc278b7457b7d0c0d86a2ea88e ]
Some architectures require code written to memory as if it were data to be
'cleaned' from any data caches before the processor can fetch them as new
instructions.
During resume from hibernate, the snapshot code copies some pages directly,
meaning these architectures do not get a chance to perform their cache
maintenance. Modify the read and decompress code to call
flush_icache_range() on all pages that are restored, so that the restored
in-place pages are guaranteed to be executable on these architectures.
Signed-off-by: James Morse <james.morse@arm.com>
Acked-by: Pavel Machek <pavel@ucw.cz>
Acked-by: Rafael J. Wysocki <rjw@rjwysocki.net>
Acked-by: Catalin Marinas <catalin.marinas@arm.com>
[will: make clean_pages_on_* static and remove initialisers]
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
James Morse [Wed, 27 Apr 2016 16:47:08 +0000 (17:47 +0100)]
arm64: kernel: Include _AC definition in page.h
[ Upstream commit
812264550dcba6cdbe84bfac2f27e7d23b5b8733 ]
page.h uses '_AC' in the definition of PAGE_SIZE, but doesn't include
linux/const.h where this is defined. This produces build warnings when only
asm/page.h is included by asm code.
Signed-off-by: James Morse <james.morse@arm.com>
Acked-by: Mark Rutland <mark.rutland@arm.com>
Acked-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Alexander Shishkin [Fri, 4 Mar 2016 13:42:45 +0000 (15:42 +0200)]
perf/ring_buffer: Refuse to begin AUX transaction after rb->aux_mmap_count drops
[ Upstream commit
dcb10a967ce82d5ad20570693091139ae716ff76 ]
When ring buffer's AUX area is unmapped and rb->aux_mmap_count drops to
zero, new AUX transactions into this buffer can still be started,
even though the buffer in en route to deallocation.
This patch adds a check to perf_aux_output_begin() for rb->aux_mmap_count
being zero, in which case there is no point starting new transactions,
in other words, the ring buffers that pass a certain point in
perf_mmap_close will not have their events sending new data, which
clears path for freeing those buffers' pages right there and then,
provided that no active transactions are holding the AUX reference.
Signed-off-by: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Arnaldo Carvalho de Melo <acme@infradead.org>
Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Stephane Eranian <eranian@google.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Vince Weaver <vincent.weaver@maine.edu>
Cc: vince@deater.net
Link: http://lkml.kernel.org/r/1457098969-21595-2-git-send-email-alexander.shishkin@linux.intel.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Jeff Mahoney [Mon, 4 Apr 2016 18:15:23 +0000 (14:15 -0400)]
mac80211: fix "warning: ‘target_metric’ may be used uninitialized"
[ Upstream commit
b4201cc4fc6e1c57d6d306b1f787865043d60129 ]
This fixes:
net/mac80211/mesh_hwmp.c:603:26: warning: ‘target_metric’ may be used uninitialized in this function
target_metric is only consumed when reply = true so no bug exists here,
but not all versions of gcc realize it. Initialize to 0 to remove the
warning.
Signed-off-by: Jeff Mahoney <jeffm@suse.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Ard Biesheuvel [Fri, 18 Mar 2016 09:58:09 +0000 (10:58 +0100)]
arm64/kernel: fix incorrect EL0 check in inv_entry macro
[ Upstream commit
b660950c60a7278f9d8deb7c32a162031207c758 ]
The implementation of macro inv_entry refers to its 'el' argument without
the required leading backslash, which results in an undefined symbol
'el' to be passed into the kernel_entry macro rather than the index of
the exception level as intended.
This undefined symbol strangely enough does not result in build failures,
although it is visible in vmlinux:
$ nm -n vmlinux |head
U el
0000000000000000 A _kernel_flags_le_hi32
0000000000000000 A _kernel_offset_le_hi32
0000000000000000 A _kernel_size_le_hi32
000000000000000a A _kernel_flags_le_lo32
.....
However, it does result in incorrect code being generated for invalid
exceptions taken from EL0, since the argument check in kernel_entry
assumes EL1 if its argument does not equal '0'.
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Lorenzo Pieralisi [Mon, 1 Feb 2016 17:01:29 +0000 (18:01 +0100)]
ARM: 8510/1: rework ARM_CPU_SUSPEND dependencies
[ Upstream commit
1b9bdf5c1661873a10e193b8cbb803a87fe5c4a1 ]
The code enabled by the ARM_CPU_SUSPEND config option is used by
kernel subsystems for purposes that go beyond system suspend so its
config entry should be augmented to take more default options into
account and avoid forcing its selection to prevent dependencies
override.
To achieve this goal, this patch reworks the ARM_CPU_SUSPEND config
entry and updates its default config value (by adding the BL_SWITCHER
option to it) and its dependencies (ARCH_SUSPEND_POSSIBLE), so that the
symbol is still selected by default by the subsystems requiring it and
at the same time enforcing the dependencies correctly.
Signed-off-by: Lorenzo Pieralisi <lorenzo.pieralisi@arm.com>
Cc: Nicolas Pitre <nico@fluxnic.net>
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Greg Hackmann [Fri, 26 Feb 2016 19:00:18 +0000 (19:00 +0000)]
staging: goldfish: audio: fix compiliation on arm
[ Upstream commit
4532150762ceb0d6fd765ebcb3ba6966fbb8faab ]
We do actually need slab.h, by luck we get it on other platforms but not
always on ARM. Include it properly.
Signed-off-by: Greg Hackmann <ghackmann@google.com>
Signed-off-by: Jin Qian <jinqian@android.com>
Signed-off-by: Alan <alan@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Rajmal Menariya [Sat, 30 Jan 2016 06:07:35 +0000 (22:07 -0800)]
staging: ion: Set minimum carveout heap allocation order to PAGE_SHIFT
[ Upstream commit
1328d8efef17d5e16bd6e9cfe59130a833674534 ]
In carveout heap, change minimum allocation order from 12 to
PAGE_SHIFT. After this change each bit in bitmap (genalloc -
General purpose special memory pool) represents one page size
memory.
Cc: sprd-ind-kernel-group@googlegroups.com
Cc: sanjeev.yadav@spreadtrum.com
Cc: Colin Cross <ccross@android.com>
Cc: Android Kernel Team <kernel-team@android.com>
Cc: Greg KH <gregkh@linuxfoundation.org>
Cc: Sumit Semwal <sumit.semwal@linaro.org>
Signed-off-by: Rajmal Menariya <rajmal.menariya@spreadtrum.com>
[jstultz: Reworked commit message]
Signed-off-by: John Stultz <john.stultz@linaro.org>
Acked-by: Laura Abbott <labbott@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Rom Lemarchand [Sat, 30 Jan 2016 06:07:31 +0000 (22:07 -0800)]
staging: ashmem: Add missing include
[ Upstream commit
90a2f171383b5ae43b33ab4d9d566b9765622ac7 ]
Include <linux/types.h> into ashmem.h to ensure referenced types
are defined
Cc: Android Kernel Team <kernel-team@android.com>
Cc: Greg KH <gregkh@linuxfoundation.org>
Signed-off-by: Rom Lemarchand <romlem@android.com>
[jstultz: Minor commit message tweaks]
Signed-off-by: John Stultz <john.stultz@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Laura Abbott [Sat, 30 Jan 2016 06:07:30 +0000 (22:07 -0800)]
staging: ashmem: Avoid deadlock with mmap/shrink
[ Upstream commit
18e77054de741ef3ed2a2489bc9bf82a318b2d5e ]
Both ashmem_mmap and ashmem_shrink take the ashmem_lock. It may
be possible for ashmem_mmap to invoke ashmem_shrink:
-000|mutex_lock(lock = 0x0)
-001|ashmem_shrink(?, sc = 0x0) <--- try to take ashmem_mutex again
-002|shrink_slab(shrink = 0xDA5F1CC0, nr_pages_scanned = 0, lru_pages
-002|=
-002|124)
-003|try_to_free_pages(zonelist = 0x0, ?, ?, ?)
-004|__alloc_pages_nodemask(gfp_mask = 21200, order = 1, zonelist =
-004|0xC11D0940,
-005|new_slab(s = 0xE4841E80, ?, node = -1)
-006|__slab_alloc.isra.43.constprop.50(s = 0xE4841E80, gfpflags =
-006|
2148925462, ad
-007|kmem_cache_alloc(s = 0xE4841E80, gfpflags = 208)
-008|shmem_alloc_inode(?)
-009|alloc_inode(sb = 0xE480E800)
-010|new_inode_pseudo(?)
-011|new_inode(?)
-012|shmem_get_inode(sb = 0xE480E800, dir = 0x0, ?, dev = 0, flags =
-012|187)
-013|shmem_file_setup(?, ?, flags = 187)
-014|ashmem_mmap(?, vma = 0xC5D64210) <---- Acquire ashmem_mutex
-015|mmap_region(file = 0xDF8E2C00, addr =
1772974080, len = 233472,
-015|flags = 57,
-016|sys_mmap_pgoff(addr = 0, len = 230400, prot = 3, flags = 1, fd =
-016|157, pgoff
-017|ret_fast_syscall(asm)
-->|exception
-018|NUR:0x40097508(asm)
---|end of frame
Avoid this deadlock by using mutex_trylock in ashmem_shrink; if the mutex
is already held, do not attempt to shrink.
Cc: Greg KH <gregkh@linuxfoundation.org>
Cc: Android Kernel Team <kernel-team@android.com>
Reported-by: Matt Wagantall <mattw@codeaurora.org>
Reported-by: Syed Rameez Mustafa <rameezmustafa@codeaurora.org>
Reported-by: Osvaldo Banuelos <osvaldob@codeaurora.org>
Reported-by: Subbaraman Narayanamurthy <subbaram@codeaurora.org>
Signed-off-by: Laura Abbott <lauraa@codeaurora.org>
[jstultz: Minor commit message tweaks]
Signed-off-by: John Stultz <john.stultz@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Mark Rutland [Mon, 25 Jan 2016 11:44:55 +0000 (11:44 +0000)]
asm-generic: Fix local variable shadow in __set_fixmap_offset
[ Upstream commit
3694bd76781b76c4f8d2ecd85018feeb1609f0e5 ]
Currently __set_fixmap_offset is a macro function which has a local
variable called 'addr'. If a caller passes a 'phys' parameter which is
derived from a variable also called 'addr', the local variable will
shadow this, and the compiler will complain about the use of an
uninitialized variable. To avoid the issue with namespace clashes,
'addr' is prefixed with a liberal sprinkling of underscores.
Turning __set_fixmap_offset into a static inline breaks the build for
several architectures. Fixing this properly requires updates to a number
of architectures to make them agree on the prototype of __set_fixmap (it
could be done as a subsequent patch series).
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Cc: Arnd Bergmann <arnd@arndb.de>
[catalin.marinas@arm.com: squashed the original function patch and macro fixup]
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Eric Long [Thu, 18 Feb 2016 00:51:44 +0000 (17:51 -0700)]
coresight: etm4x: Check every parameter used by dma_xx_coherent.
[ Upstream commit
61390593f72377c3a8f41ef998462e2d3985adac ]
The dma_alloc_coherent return an "void *" not an "void __iomen *".
It uses the wrong parameters when calls dma_free_coherent function.
The sparse tool output logs as the following:
coresight-tmc.c:199:23: expected void *<noident>
coresight-tmc.c:199:23: got void [noderef] <asn:2>*vaddr
coresight-tmc.c:336:30: warning: incorrect type in assignment
(different address spaces)
coresight-tmc.c:336:30: expected char *buf
coresight-tmc.c:336:30: got void [noderef] <asn:2>*
coresight-tmc.c:769:50: warning: incorrect type in argument 4
(different base types)
coresight-tmc.c:769:50: expected unsigned long long
[unsigned] [usertype] dma_handle
coresight-tmc.c:769:50: got restricted gfp_t
Signed-off-by: Eric Long <eric.long@linaro.org>
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Eric Long [Thu, 18 Feb 2016 00:51:43 +0000 (17:51 -0700)]
coresight: "DEVICE_ATTR_RO" should defined as static.
[ Upstream commit
bf16e5b8cdeabc1fe6565af0be475bb2084dc388 ]
"DEVICE_ATTR_RO(name)" should be defined as static. And
there is an unnecessary space at the front of the code.
The sparse tool output logs as the following:
coresight-etm4x.c:2224:1: warning: symbol 'dev_attr_trcoslsr' was
not declared. Should it be static?
coresight-etm4x.c:2225:1: warning: symbol 'dev_attr_trcpdcr' was
not declared. Should it be static?
coresight-etm4x.c:2226:1: warning: symbol 'dev_attr_trcpdsr' was
not declared. Should it be static?
And the smatch tool output logs as the following:
of_coresight.c:89 of_coresight_alloc_memory() warn:
inconsistent indenting
Signed-off-by: Eric Long <eric.long@linaro.org>
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Alexander Shishkin [Mon, 15 Feb 2016 17:12:08 +0000 (19:12 +0200)]
stm class: Fix a race in unlinking
[ Upstream commit
b4ca34aaf78ed0cdfc15956d377064104257a437 ]
There is a window in stm_source_link_drop(), during which the source's
link may change before locks are acquired. When this happens, it throws
a warning, since this is not an expected scenario.
This patch handles the race in such a way that if the link appears to
have changed by the time we took the locks, it will release them and
repeat the whole unlinking procedure from the beginning, unless the
other contender beat us to it.
Signed-off-by: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Alexander Shishkin [Mon, 15 Feb 2016 17:12:07 +0000 (19:12 +0200)]
stm class: Fix unbalanced module/device refcounting
[ Upstream commit
f7c81c7176c72c7899390754b4b038a64b296e4d ]
STM code takes references to the stm device and its module for the
duration of the character device's existence or the stm_source link.
Dropping these references is not well balanced everywhere, which may
lead to leaks.
This patch balances the acquisition and releasing of these two
references and annotates each site so that it's easier to verify
correctness by reading the code.
Signed-off-by: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Alexander Shishkin [Mon, 15 Feb 2016 17:12:06 +0000 (19:12 +0200)]
stm class: Guard output assignment against concurrency
[ Upstream commit
cde4ad8368840e414ecf67db258fe1dabaa5fd2e ]
It is possible to concurrently assign the same output (a character
device writer or an stm_source device) to different stm devices,
which sets off a strategically placed warning in stm_output_assign().
To avoid this, use a spinlock to serialize (un)assignments between
outputs and stm devices.
Signed-off-by: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Alexander Shishkin [Mon, 15 Feb 2016 17:12:05 +0000 (19:12 +0200)]
stm class: Fix unlocking braino in the error path
[ Upstream commit
1810f2c44817c74ca3d05d1e3981e3a2e2ceb6f5 ]
If an illegal attempt is made to unlink stm source device from an
stm device, the stm device's link spinlock mistakenly remains locked.
While this really shouldn't happen (there's a warning in place), the
locking should remain in order so that we can still recover from this
situation if it indeed does happen.
This patch unifies the unlocking in the exit path of
__stm_source_link_drop() to fix this.
Reported-by: Laurent Fert <laurent.fert@intel.com>
Signed-off-by: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Alexander Shishkin [Mon, 15 Feb 2016 17:12:02 +0000 (19:12 +0200)]
stm class: Support devices with multiple instances
[ Upstream commit
59be422e4ce10e3d49d4c9407a80fab8a9b7bc84 ]
By convention, the name of the stm policy directory in configfs consists of
the device name to which it applies and the actual policy name, separated
by a dot. Now, some devices already have dots in their names that separate
name of the actual device from its instance identifier. Such devices will
result in two (or more, who can tell) dots in the policy directory name.
Existing policy code, however, will treat the first dot as the one that
separates device name from policy name, therefore failing the above case.
This patch makes the last dot in the directory name be the separator, thus
prohibiting dots from being used in policy names.
Suggested-by: Chunyan Zhang <zhang.chunyan@linaro.org>
Signed-off-by: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Alexander Shishkin [Tue, 22 Dec 2015 15:25:21 +0000 (17:25 +0200)]
stm class: Prevent user-controllable allocations
[ Upstream commit
f08b18266c7116e2ec6885dd53a928f580060a71 ]
Currently, the character device write method allocates a temporary buffer
for user's data, but the user's data size is not sanitized and can cause
arbitrarily large allocations via kzalloc() or an integer overflow that
will then result in overwriting kernel memory.
This patch trims the input buffer size to avoid these issues.
Reported-by: Sasha Levin <sasha.levin@oracle.com>
Signed-off-by: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Alexander Shishkin [Tue, 22 Dec 2015 15:25:19 +0000 (17:25 +0200)]
stm class: Fix link list locking
[ Upstream commit
c74f7e8281add80bdfa0ad2998b8df287b13df73 ]
Currently, the list of stm_sources linked to an stm device is protected by
a spinlock, which also means that sources' .unlink() method is called under
this spinlock. However, this method may (and does) sleep, which means
trouble.
This patch slightly reworks locking around stm::link_list so that bits that
might_sleep() are called with a mutex held instead. Modification of this
list requires both mutex and spinlock to be held, while looking at the list
can be done under either mutex or spinlock.
Signed-off-by: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Alexander Shishkin [Tue, 22 Dec 2015 15:25:18 +0000 (17:25 +0200)]
stm class: Fix locking in unbinding policy path
[ Upstream commit
4c127fd16e6b33ecb7badc091480c84ea9aebeb6 ]
Right now, if stm device removal has to unbind from a policy (that is,
an stm device that has STP policy, gets removed), it will trigger a
nested lock on the stm device's policy mutex.
This patch fixes the problem by moving the locking from the policy
unbinding to policy removal (configfs path), where it's actually needed;
the other caller of the policy unbinding function already takes the
mutex around the call.
Signed-off-by: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Mathieu Poirier [Tue, 2 Feb 2016 21:13:59 +0000 (14:13 -0700)]
coresight: remove csdev's link from topology
[ Upstream commit
ad725aee070caf8fa93d84d6fb78321f9642db18 ]
In function 'coresight_unregister()', all references to the csdev that
is being taken away need to be removed from the topology. Otherwise
building the next coresight path from source to sink may use memory
that has been released.
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Mathieu Poirier [Tue, 2 Feb 2016 21:13:58 +0000 (14:13 -0700)]
coresight: release reference taken by 'bus_find_device()'
[ Upstream commit
f2dfab3568fc32afeac8b698481e80e7ab2dc658 ]
The reference count taken by function bus_find_device() needs
to be released if a child device is found, something this patch
is adding.
Reported-by: Rabin Vincent <rabin@rab.in>
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Mathieu Poirier [Tue, 2 Feb 2016 21:13:57 +0000 (14:13 -0700)]
coresight: coresight_unregister() function cleanup
[ Upstream commit
fae54158792aec705620bdc3938d342879204f0c ]
In its current form the code never frees csdev->refcnt allocated
in coresight_register(). There is also a problem with csdev->conns
that is freed before device_unregister() rather than in the device
release function.
This patch addresses both issues by moving kfree(csdev->conns) to
coresight_device_release() and freeing csdev->refcnt, also in
the same function.
Reported-by: Rabin Vincent <rabin@rab.in>
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Mathieu Poirier [Tue, 2 Feb 2016 21:13:56 +0000 (14:13 -0700)]
coresight: fixing lockdep error
[ Upstream commit
a9ddc71f5840c2711e530f2e055b278f79948b29 ]
On some platform the following lockdep error occurs when doing simple
manipulations:
[ 23.197021]
[ 23.198608] ======================================================
[ 23.205078] [ INFO: possible circular locking dependency detected ]
[ 23.211639]
4.4.0-rc8-00025-gbbf360b #172 Not tainted
[ 23.216918] -------------------------------------------------------
[ 23.223480] sh/858 is trying to acquire lock:
[ 23.228057] (coresight_mutex){+.+.+.}, at: [<
c0415d40>] coresight_enable+0x1c/0x1b4
[ 23.236206]
[ 23.236206] but task is already holding lock:
[ 23.242309] (s_active#52){++++.+}, at: [<
c01d4b40>] kernfs_fop_write+0x5c/0x1c0
[ 23.250122]
[ 23.250122] which lock already depends on the new lock.
[ 23.250122]
[ 23.258697]
[ 23.258697] the existing dependency chain (in reverse order) is:
[ 23.266510]
-> #1 (s_active#52){++++.+}:
[ 23.270843] [<
c01d30ec>] __kernfs_remove+0x294/0x35c
[ 23.276672] [<
c01d3e44>] kernfs_remove_by_name_ns+0x44/0x8c
[ 23.283172] [<
c01d6318>] remove_files+0x3c/0x84
[ 23.288543] [<
c01d66b4>] sysfs_remove_group+0x48/0x9c
[ 23.294494] [<
c01d6734>] sysfs_remove_groups+0x2c/0x3c
[ 23.300506] [<
c030b658>] device_remove_attrs+0x5c/0x74
[ 23.306549] [<
c030c290>] device_del+0x110/0x218
[ 23.311950] [<
c030c3c4>] device_unregister+0x2c/0x6c
[ 23.317779] [<
c04156d8>] coresight_unregister+0x30/0x40
[ 23.323883] [<
c041a290>] etm_probe+0x228/0x2e8
[ 23.329193] [<
c02bc760>] amba_probe+0xe4/0x160
[ 23.334503] [<
c0310540>] driver_probe_device+0x23c/0x480
[ 23.340728] [<
c0310820>] __driver_attach+0x9c/0xa0
[ 23.346374] [<
c030e400>] bus_for_each_dev+0x70/0xa4
[ 23.352142] [<
c030fcf4>] driver_attach+0x24/0x28
[ 23.357604] [<
c030f86c>] bus_add_driver+0x1e0/0x278
[ 23.363372] [<
c0310d48>] driver_register+0x80/0x100
[ 23.369110] [<
c02bc508>] amba_driver_register+0x58/0x5c
[ 23.375244] [<
c0749514>] etm_driver_init+0x18/0x1c
[ 23.380889] [<
c0009918>] do_one_initcall+0xc4/0x20c
[ 23.386657] [<
c0715e7c>] kernel_init_freeable+0x160/0x208
[ 23.392974] [<
c052d7fc>] kernel_init+0x18/0xf0
[ 23.398254] [<
c0010850>] ret_from_fork+0x14/0x24
[ 23.403747]
-> #0 (coresight_mutex){+.+.+.}:
[ 23.408447] [<
c008ed60>] lock_acquire+0xe4/0x210
[ 23.413909] [<
c0530a30>] mutex_lock_nested+0x74/0x450
[ 23.419860] [<
c0415d40>] coresight_enable+0x1c/0x1b4
[ 23.425689] [<
c0416030>] enable_source_store+0x58/0x68
[ 23.431732] [<
c030b358>] dev_attr_store+0x20/0x2c
[ 23.437286] [<
c01d55e8>] sysfs_kf_write+0x50/0x54
[ 23.442871] [<
c01d4ba8>] kernfs_fop_write+0xc4/0x1c0
[ 23.448699] [<
c015b60c>] __vfs_write+0x34/0xe4
[ 23.454040] [<
c015bf38>] vfs_write+0x98/0x174
[ 23.459228] [<
c015c7a8>] SyS_write+0x4c/0xa8
[ 23.464355] [<
c00107c0>] ret_fast_syscall+0x0/0x1c
[ 23.470031]
[ 23.470031] other info that might help us debug this:
[ 23.470031]
[ 23.478393] Possible unsafe locking scenario:
[ 23.478393]
[ 23.484619] CPU0 CPU1
[ 23.489349] ---- ----
[ 23.494079] lock(s_active#52);
[ 23.497497] lock(coresight_mutex);
[ 23.503906] lock(s_active#52);
[ 23.509918] lock(coresight_mutex);
[ 23.513702]
[ 23.513702] *** DEADLOCK ***
[ 23.513702]
[ 23.519897] 3 locks held by sh/858:
[ 23.523529] #0: (sb_writers#7){.+.+.+}, at: [<
c015ec38>] __sb_start_write+0xa8/0xd4
[ 23.531799] #1: (&of->mutex){+.+...}, at: [<
c01d4b38>] kernfs_fop_write+0x54/0x1c0
[ 23.539916] #2: (s_active#52){++++.+}, at: [<
c01d4b40>] kernfs_fop_write+0x5c/0x1c0
[ 23.548156]
[ 23.548156] stack backtrace:
[ 23.552734] CPU: 0 PID: 858 Comm: sh Not tainted
4.4.0-rc8-00025-gbbf360b #172
[ 23.560302] Hardware name: Generic OMAP4 (Flattened Device Tree)
[ 23.566589] Backtrace:
[ 23.569152] [<
c00154d4>] (dump_backtrace) from [<
c00156d0>] (show_stack+0x18/0x1c)
[ 23.577087] r7:
ed4b8570 r6:
c0936400 r5:
c07ae71c r4:
00000000
[ 23.583038] [<
c00156b8>] (show_stack) from [<
c027e69c>] (dump_stack+0x98/0xc0)
[ 23.590606] [<
c027e604>] (dump_stack) from [<
c008a750>] (print_circular_bug+0x21c/0x33c)
[ 23.599090] r5:
c0939d60 r4:
c0936400
[ 23.602874] [<
c008a534>] (print_circular_bug) from [<
c008e370>] (__lock_acquire+0x1c98/0x1d88)
[ 23.611877] r10:
00000003 r9:
c0fd7a5c r8:
ed4b8550 r7:
ed4b8570 r6:
ed4b8000 r5:
c0ff69e4
[ 23.620117] r4:
c0936400 r3:
ed4b8550
[ 23.623901] [<
c008c6d8>] (__lock_acquire) from [<
c008ed60>] (lock_acquire+0xe4/0x210)
[ 23.632080] r10:
00000000 r9:
00000000 r8:
60000013 r7:
c07cb7b4 r6:
00000001 r5:
00000000
[ 23.640350] r4:
00000000
[ 23.643005] [<
c008ec7c>] (lock_acquire) from [<
c0530a30>] (mutex_lock_nested+0x74/0x450)
[ 23.651458] r10:
ecc0bf80 r9:
edbe7dcc r8:
ed4b8000 r7:
c0fd7a5c r6:
c0415d40 r5:
00000000
[ 23.659729] r4:
c07cb780
[ 23.662384] [<
c05309bc>] (mutex_lock_nested) from [<
c0415d40>] (coresight_enable+0x1c/0x1b4)
[ 23.671234] r10:
ecc0bf80 r9:
edbe7dcc r8:
ed733c00 r7:
00000000 r6:
ed733c00 r5:
00000002
[ 23.679473] r4:
ed762140
[ 23.682128] [<
c0415d24>] (coresight_enable) from [<
c0416030>] (enable_source_store+0x58/0x68)
[ 23.691070] r7:
00000000 r6:
ed733c00 r5:
00000002 r4:
ed762160
[ 23.697052] [<
c0415fd8>] (enable_source_store) from [<
c030b358>] (dev_attr_store+0x20/0x2c)
[ 23.705780] r5:
edbe7dc0 r4:
c0415fd8
[ 23.709533] [<
c030b338>] (dev_attr_store) from [<
c01d55e8>] (sysfs_kf_write+0x50/0x54)
[ 23.717834] r5:
edbe7dc0 r4:
c030b338
[ 23.721618] [<
c01d5598>] (sysfs_kf_write) from [<
c01d4ba8>] (kernfs_fop_write+0xc4/0x1c0)
[ 23.730163] r7:
00000000 r6:
00000000 r5:
00000002 r4:
edbe7dc0
[ 23.736145] [<
c01d4ae4>] (kernfs_fop_write) from [<
c015b60c>] (__vfs_write+0x34/0xe4)
[ 23.744323] r10:
00000000 r9:
ecc0a000 r8:
c0010964 r7:
ecc0bf80 r6:
00000002 r5:
c01d4ae4
[ 23.752593] r4:
ee385a40
[ 23.755249] [<
c015b5d8>] (__vfs_write) from [<
c015bf38>] (vfs_write+0x98/0x174)
[ 23.762908] r9:
ecc0a000 r8:
c0010964 r7:
ecc0bf80 r6:
000ab0d8 r5:
00000002 r4:
ee385a40
[ 23.771057] [<
c015bea0>] (vfs_write) from [<
c015c7a8>] (SyS_write+0x4c/0xa8)
[ 23.778442] r8:
c0010964 r7:
00000002 r6:
000ab0d8 r5:
ee385a40 r4:
ee385a40
[ 23.785522] [<
c015c75c>] (SyS_write) from [<
c00107c0>] (ret_fast_syscall+0x0/0x1c)
[ 23.793457] r7:
00000004 r6:
00000001 r5:
000ab0d8 r4:
00000002
[ 23.799652] coresight-etb10
54162000.etb: ETB enabled
[ 23.805084] coresight-funnel
54164000.funnel: FUNNEL inport 0 enabled
[ 23.811859] coresight-replicator
44000000.ocp:replicator: REPLICATOR enabled
[ 23.819335] coresight-funnel
54158000.funnel: FUNNEL inport 0 enabled
[ 23.826110] coresight-etm3x
5414c000.ptm: ETM tracing enabled
The locking in coresight_unregister() is not required as the only customers of
the function are drivers themselves when an initialisation failure has been
encoutered.
Reported-by: Rabin Vincent <rabin@rab.in>
Signed-off-by: Mathieu Poirier <mathieu.poirier@linaro.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Tahsin Erdogan [Tue, 16 Feb 2016 21:34:39 +0000 (13:34 -0800)]
writeback: initialize inode members that track writeback history
[ Upstream commit
3d65ae4634ed8350aee98a4e6f4e41fe40c7d282 ]
inode struct members that track cgroup writeback information
should be reinitialized when inode gets allocated from
kmem_cache. Otherwise, their values remain and get used by the
new inode.
Signed-off-by: Tahsin Erdogan <tahsin@google.com>
Acked-by: Tejun Heo <tj@kernel.org>
Fixes:
d10c80955265 ("writeback: implement foreign cgroup inode bdi_writeback switching")
Signed-off-by: Jens Axboe <axboe@fb.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Ulf Hansson [Thu, 11 Feb 2016 15:42:58 +0000 (16:42 +0100)]
Revert "mmc: block: don't use parameter prefix if built as module"
[ Upstream commit
a5ebb87db84392edfd3142c3a6a78431d820a789 ]
This reverts commit
829b6962f7e3cfc06f7c5c26269fd47ad48cf503.
Revert this change as it causes a sysfs path to change and therefore
introduces and ABI regression. More precisely Android's vold is not being
able to access /sys/module/mmcblk/parameters/perdev_minors any more, since
the path becomes changed to: "/sys/module/mmc_block/..."
Fixes:
829b6962f7e3 ("mmc: block: don't use parameter prefix if built as
module")
Reported-by: John Stultz <john.stultz@linaro.org>
Cc: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Eric Dumazet [Thu, 21 Jan 2016 00:25:01 +0000 (16:25 -0800)]
net: diag: support v4mapped sockets in inet_diag_find_one_icsk()
[ Upstream commit
7c1306723ee916ea9f1fa7d9e4c7a6d029ca7aaf ]
Lorenzo reported that we could not properly find v4mapped sockets
in inet_diag_find_one_icsk(). This patch fixes the issue.
Reported-by: Lorenzo Colitti <lorenzo@google.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Acked-by: Lorenzo Colitti <lorenzo@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Alexander Shishkin [Tue, 19 Jan 2016 15:14:29 +0000 (17:14 +0200)]
perf: Synchronously free aux pages in case of allocation failure
[ Upstream commit
45c815f06b80031659c63d7b93e580015d6024dd ]
We are currently using asynchronous deallocation in the error path in
AUX mmap code, which is unnecessary and also presents a problem for users
that wish to probe for the biggest possible buffer size they can get:
they'll get -EINVAL on all subsequent attemts to allocate a smaller
buffer before the asynchronous deallocation callback frees up the pages
from the previous unsuccessful attempt.
Currently, gdb does that for allocating AUX buffers for Intel PT traces.
More specifically, overwrite mode of AUX pmus that don't support hardware
sg (some implementations of Intel PT, for instance) is limited to only
one contiguous high order allocation for its buffer and there is no way
of knowing its size without trying.
This patch changes error path freeing to be synchronous as there won't
be any contenders for the AUX pages at that point.
Reported-by: Markus Metzger <markus.t.metzger@intel.com>
Signed-off-by: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Arnaldo Carvalho de Melo <acme@infradead.org>
Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: David Ahern <dsahern@gmail.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Namhyung Kim <namhyung@kernel.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Stephane Eranian <eranian@google.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Vince Weaver <vincent.weaver@maine.edu>
Cc: vince@deater.net
Link: http://lkml.kernel.org/r/1453216469-9509-1-git-send-email-alexander.shishkin@linux.intel.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Ard Biesheuvel [Fri, 15 Jan 2016 12:28:57 +0000 (13:28 +0100)]
arm64: hide __efistub_ aliases from kallsyms
[ Upstream commit
75feee3d9d51775072d3a04f47d4a439a4c4590e ]
Commit
e8f3010f7326 ("arm64/efi: isolate EFI stub from the kernel
proper") isolated the EFI stub code from the kernel proper by prefixing
all of its symbols with __efistub_, and selectively allowing access to
core kernel symbols from the stub by emitting __efistub_ aliases for
functions and variables that the stub can access legally.
As an unintended side effect, these aliases are emitted into the
kallsyms symbol table, which means they may turn up in backtraces,
e.g.,
...
PC is at __efistub_memset+0x108/0x200
LR is at fixup_init+0x3c/0x48
...
[<
ffffff8008328608>] __efistub_memset+0x108/0x200
[<
ffffff8008094dcc>] free_initmem+0x2c/0x40
[<
ffffff8008645198>] kernel_init+0x20/0xe0
[<
ffffff8008085cd0>] ret_from_fork+0x10/0x40
The backtrace in question has nothing to do with the EFI stub, but
simply returns one of the several aliases of memset() that have been
recorded in the kallsyms table. This is undesirable, since it may
suggest to people who are not aware of this that the issue they are
seeing is somehow EFI related.
So hide the __efistub_ aliases from kallsyms, by emitting them as
absolute linker symbols explicitly. The distinction between those
and section relative symbols is completely irrelevant to these
definitions, and to the final link we are performing when these
definitions are being taken into account (the distinction is only
relevant to symbols defined inside a section definition when performing
a partial link), and so the resulting values are identical to the
original ones. Since absolute symbols are ignored by kallsyms, this
will result in these values to be omitted from its symbol table.
After this patch, the backtrace generated from the same address looks
like this:
...
PC is at __memset+0x108/0x200
LR is at fixup_init+0x3c/0x48
...
[<
ffffff8008328608>] __memset+0x108/0x200
[<
ffffff8008094dcc>] free_initmem+0x2c/0x40
[<
ffffff8008645198>] kernel_init+0x20/0xe0
[<
ffffff8008085cd0>] ret_from_fork+0x10/0x40
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Signed-off-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Nicolas Pitre [Tue, 3 Nov 2015 22:01:46 +0000 (17:01 -0500)]
hid-sensor-hub.c: fix wrong do_div() usage
[ Upstream commit
8d43b49e7e0070f96ac46d30659a336c0224fa0b ]
do_div() must only be used with a u64 dividend.
Signed-off-by: Nicolas Pitre <nico@linaro.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Christoph Lameter [Thu, 14 Jan 2016 23:21:40 +0000 (15:21 -0800)]
vmstat: make vmstat_updater deferrable again and shut down on idle
[ Upstream commit
0eb77e9880321915322d42913c3b53241739c8aa ]
Currently the vmstat updater is not deferrable as a result of commit
ba4877b9ca51 ("vmstat: do not use deferrable delayed work for
vmstat_update"). This in turn can cause multiple interruptions of the
applications because the vmstat updater may run at
Make vmstate_update deferrable again and provide a function that folds
the differentials when the processor is going to idle mode thus
addressing the issue of the above commit in a clean way.
Note that the shepherd thread will continue scanning the differentials
from another processor and will reenable the vmstat workers if it
detects any changes.
Fixes:
ba4877b9ca51 ("vmstat: do not use deferrable delayed work for vmstat_update")
Signed-off-by: Christoph Lameter <cl@linux.com>
Cc: Michal Hocko <mhocko@suse.cz>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>