| Age | Commit message (Collapse) | Author |
|---|
|
If user uses wrong ioctl command with _IOC_NONE and argument size
greater than 0, it can cause NULL pointer access from memset of line
463. If _IOC_NONE, don't memset to 0 for kdata.
Signed-off-by: Zhaowei Yuan <zhaowei.yuan@samsung.com>
Reviewed-by: David Herrmann <dh.herrmann@gmail.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Dave Airlie <airlied@redhat.com>
|
|
Commit 59a53afe70fd530040bdc69581f03d880157f15a "powerpc: Don't setup
CPUs with bad status" broke ePAPR SMP booting. ePAPR says that CPUs
that aren't presently running shall have status of disabled, with
enable-method being used to determine whether the CPU can be enabled.
Fix by checking for spin-table, which is currently the only supported
enable-method.
Signed-off-by: Scott Wood <scottwood@freescale.com>
Cc: Michael Neuling <mikey@neuling.org>
Cc: Emil Medve <Emilian.Medve@Freescale.com>
Cc: stable@vger.kernel.org
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
|
|
The commit 71ec7c55ed91 introduced the magic symbol ".TOC." for ELFv2 ABI.
This symbol is built manually and has no CRC value computed. A zero value
is put in the CRC section to avoid modpost complaining about a missing CRC.
Unfortunately, this breaks the kernel module loading when the kernel is
relocated (kdump case for instance) because of the relocation applied to
the kcrctab values.
This patch compute a CRC value for the TOC symbol which will match the one
compute by the kernel when it is relocated - aka '0 - relocate_start' done in
maybe_relocated called by check_version (module.c).
Signed-off-by: Laurent Dufour <ldufour@linux.vnet.ibm.com>
Cc: Anton Blanchard <anton@samba.org>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
|
|
In commit 27f4488872d9 "Add OPAL takeover from PowerVM" we added support
for "takeover" on OPAL v1 machines.
This was a mode of operation where we would boot under pHyp, and query
for the presence of OPAL. If detected we would then do a special
sequence to take over the machine, and the kernel would end up running
in hypervisor mode.
OPAL v1 was never a supported product, and was never shipped outside
IBM. As far as we know no one is still using it.
Newer versions of OPAL do not use the takeover mechanism. Although the
query for OPAL should be harmless on machines with newer OPAL, we have
seen a machine where it causes a crash in Open Firmware.
The code in early_init_devtree() to copy boot_command_line into cmd_line
was added in commit 817c21ad9a1f "Get kernel command line accross OPAL
takeover", and AFAIK is only used by takeover, so should also be
removed.
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
|
|
cxgb4_netdev maybe lead to dead lock, since it uses a spin lock, and be called
in both thread and softirq context, but not disable BH, the lockdep report is
below; In fact, cxgb4_netdev only reads adap_rcu_list with RCU protection, so
not need to hold spin lock again.
=================================
[ INFO: inconsistent lock state ]
3.14.7+ #24 Tainted: G C O
---------------------------------
inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage.
radvd/3794 [HC0[0]:SC1[1]:HE1:SE0] takes:
(adap_rcu_lock){+.?...}, at: [<ffffffffa09989ea>] clip_add+0x2c/0x116 [cxgb4]
{SOFTIRQ-ON-W} state was registered at:
[<ffffffff810fca81>] __lock_acquire+0x34a/0xe48
[<ffffffff810fd98b>] lock_acquire+0x82/0x9d
[<ffffffff815d6ff8>] _raw_spin_lock+0x34/0x43
[<ffffffffa09989ea>] clip_add+0x2c/0x116 [cxgb4]
[<ffffffffa0998beb>] cxgb4_inet6addr_handler+0x117/0x12c [cxgb4]
[<ffffffff815da98b>] notifier_call_chain+0x32/0x5c
[<ffffffff815da9f9>] __atomic_notifier_call_chain+0x44/0x6e
[<ffffffff815daa32>] atomic_notifier_call_chain+0xf/0x11
[<ffffffff815b1356>] inet6addr_notifier_call_chain+0x16/0x18
[<ffffffffa01f72e5>] ipv6_add_addr+0x404/0x46e [ipv6]
[<ffffffffa01f8df0>] addrconf_add_linklocal+0x5f/0x95 [ipv6]
[<ffffffffa01fc3e9>] addrconf_notify+0x632/0x841 [ipv6]
[<ffffffff815da98b>] notifier_call_chain+0x32/0x5c
[<ffffffff810e09a1>] __raw_notifier_call_chain+0x9/0xb
[<ffffffff810e09b2>] raw_notifier_call_chain+0xf/0x11
[<ffffffff8151b3b7>] call_netdevice_notifiers_info+0x4e/0x56
[<ffffffff8151b3d0>] call_netdevice_notifiers+0x11/0x13
[<ffffffff8151c0a6>] netdev_state_change+0x1f/0x38
[<ffffffff8152f004>] linkwatch_do_dev+0x3b/0x49
[<ffffffff8152f184>] __linkwatch_run_queue+0x10b/0x144
[<ffffffff8152f1dd>] linkwatch_event+0x20/0x27
[<ffffffff810d7bc0>] process_one_work+0x1cb/0x2ee
[<ffffffff810d7e3b>] worker_thread+0x12e/0x1fc
[<ffffffff810dd391>] kthread+0xc4/0xcc
[<ffffffff815dc48c>] ret_from_fork+0x7c/0xb0
irq event stamp: 3388
hardirqs last enabled at (3388): [<ffffffff810c6c85>]
__local_bh_enable_ip+0xaa/0xd9
hardirqs last disabled at (3387): [<ffffffff810c6c2d>]
__local_bh_enable_ip+0x52/0xd9
softirqs last enabled at (3288): [<ffffffffa01f1d5b>]
rcu_read_unlock_bh+0x0/0x2f [ipv6]
softirqs last disabled at (3289): [<ffffffff815ddafc>]
do_softirq_own_stack+0x1c/0x30
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(adap_rcu_lock);
<Interrupt>
lock(adap_rcu_lock);
*** DEADLOCK ***
5 locks held by radvd/3794:
#0: (sk_lock-AF_INET6){+.+.+.}, at: [<ffffffffa020b85a>]
rawv6_sendmsg+0x74b/0xa4d [ipv6]
#1: (rcu_read_lock){.+.+..}, at: [<ffffffff8151ac6b>]
rcu_lock_acquire+0x0/0x29
#2: (rcu_read_lock){.+.+..}, at: [<ffffffffa01f4cca>]
rcu_lock_acquire.constprop.16+0x0/0x30 [ipv6]
#3: (rcu_read_lock){.+.+..}, at: [<ffffffff810e09b4>]
rcu_lock_acquire+0x0/0x29
#4: (rcu_read_lock){.+.+..}, at: [<ffffffffa0998782>]
rcu_lock_acquire.constprop.40+0x0/0x30 [cxgb4]
stack backtrace:
CPU: 7 PID: 3794 Comm: radvd Tainted: G C O 3.14.7+ #24
Hardware name: Supermicro X7DBU/X7DBU, BIOS 6.00 12/03/2007
ffffffff81f15990 ffff88012fdc36a8 ffffffff815d0016 0000000000000006
ffff8800c80dc2a0 ffff88012fdc3708 ffffffff815cc727 0000000000000001
0000000000000001 ffff880100000000 ffffffff81015b02 ffff8800c80dcb58
Call Trace:
<IRQ> [<ffffffff815d0016>] dump_stack+0x4e/0x71
[<ffffffff815cc727>] print_usage_bug+0x1ec/0x1fd
[<ffffffff81015b02>] ? save_stack_trace+0x27/0x44
[<ffffffff810fbfaa>] ? check_usage_backwards+0xa0/0xa0
[<ffffffff810fc640>] mark_lock+0x11b/0x212
[<ffffffff810fca0b>] __lock_acquire+0x2d4/0xe48
[<ffffffff810fbfaa>] ? check_usage_backwards+0xa0/0xa0
[<ffffffff810fbff6>] ? check_usage_forwards+0x4c/0xa6
[<ffffffff810c6c8a>] ? __local_bh_enable_ip+0xaf/0xd9
[<ffffffff810fd98b>] lock_acquire+0x82/0x9d
[<ffffffffa09989ea>] ? clip_add+0x2c/0x116 [cxgb4]
[<ffffffffa0998782>] ? rcu_read_unlock+0x23/0x23 [cxgb4]
[<ffffffff815d6ff8>] _raw_spin_lock+0x34/0x43
[<ffffffffa09989ea>] ? clip_add+0x2c/0x116 [cxgb4]
[<ffffffffa09987b0>] ? rcu_lock_acquire.constprop.40+0x2e/0x30 [cxgb4]
[<ffffffffa0998782>] ? rcu_read_unlock+0x23/0x23 [cxgb4]
[<ffffffffa09989ea>] clip_add+0x2c/0x116 [cxgb4]
[<ffffffffa0998beb>] cxgb4_inet6addr_handler+0x117/0x12c [cxgb4]
[<ffffffff810fd99d>] ? lock_acquire+0x94/0x9d
[<ffffffff810e09b4>] ? raw_notifier_call_chain+0x11/0x11
[<ffffffff815da98b>] notifier_call_chain+0x32/0x5c
[<ffffffff815da9f9>] __atomic_notifier_call_chain+0x44/0x6e
[<ffffffff815daa32>] atomic_notifier_call_chain+0xf/0x11
[<ffffffff815b1356>] inet6addr_notifier_call_chain+0x16/0x18
[<ffffffffa01f72e5>] ipv6_add_addr+0x404/0x46e [ipv6]
[<ffffffff810fde6a>] ? trace_hardirqs_on+0xd/0xf
[<ffffffffa01fb634>] addrconf_prefix_rcv+0x385/0x6ea [ipv6]
[<ffffffffa0207950>] ndisc_rcv+0x9d3/0xd76 [ipv6]
[<ffffffffa020d536>] icmpv6_rcv+0x592/0x67b [ipv6]
[<ffffffff810c6c85>] ? __local_bh_enable_ip+0xaa/0xd9
[<ffffffff810c6c85>] ? __local_bh_enable_ip+0xaa/0xd9
[<ffffffff810fd8dc>] ? lock_release+0x14e/0x17b
[<ffffffffa020df97>] ? rcu_read_unlock+0x21/0x23 [ipv6]
[<ffffffff8150df52>] ? rcu_read_unlock+0x23/0x23
[<ffffffffa01f4ede>] ip6_input_finish+0x1e4/0x2fc [ipv6]
[<ffffffffa01f540b>] ip6_input+0x33/0x38 [ipv6]
[<ffffffffa01f5557>] ip6_mc_input+0x147/0x160 [ipv6]
[<ffffffffa01f4ba3>] ip6_rcv_finish+0x7c/0x81 [ipv6]
[<ffffffffa01f5397>] ipv6_rcv+0x3a1/0x3e2 [ipv6]
[<ffffffff8151ef96>] __netif_receive_skb_core+0x4ab/0x511
[<ffffffff810fdc94>] ? mark_held_locks+0x71/0x99
[<ffffffff8151f0c0>] ? process_backlog+0x69/0x15e
[<ffffffff8151f045>] __netif_receive_skb+0x49/0x5b
[<ffffffff8151f0cf>] process_backlog+0x78/0x15e
[<ffffffff8151f571>] ? net_rx_action+0x1a2/0x1cc
[<ffffffff8151f47b>] net_rx_action+0xac/0x1cc
[<ffffffff810c69b7>] ? __do_softirq+0xad/0x218
[<ffffffff810c69ff>] __do_softirq+0xf5/0x218
[<ffffffff815ddafc>] do_softirq_own_stack+0x1c/0x30
<EOI> [<ffffffff810c6bb6>] do_softirq+0x38/0x5d
[<ffffffffa01f1d5b>] ? ip6_copy_metadata+0x156/0x156 [ipv6]
[<ffffffff810c6c78>] __local_bh_enable_ip+0x9d/0xd9
[<ffffffffa01f1d88>] rcu_read_unlock_bh+0x2d/0x2f [ipv6]
[<ffffffffa01f28b4>] ip6_finish_output2+0x381/0x3d8 [ipv6]
[<ffffffffa01f49ef>] ip6_finish_output+0x6e/0x73 [ipv6]
[<ffffffffa01f4a70>] ip6_output+0x7c/0xa8 [ipv6]
[<ffffffff815b1bfa>] dst_output+0x18/0x1c
[<ffffffff815b1c9e>] ip6_local_out+0x1c/0x21
[<ffffffffa01f2489>] ip6_push_pending_frames+0x37d/0x427 [ipv6]
[<ffffffff81558af8>] ? skb_orphan+0x39/0x39
[<ffffffffa020b85a>] ? rawv6_sendmsg+0x74b/0xa4d [ipv6]
[<ffffffffa020ba51>] rawv6_sendmsg+0x942/0xa4d [ipv6]
[<ffffffff81584cd2>] inet_sendmsg+0x3d/0x66
[<ffffffff81508930>] __sock_sendmsg_nosec+0x25/0x27
[<ffffffff8150b0d7>] sock_sendmsg+0x5a/0x7b
[<ffffffff810fd8dc>] ? lock_release+0x14e/0x17b
[<ffffffff8116d756>] ? might_fault+0x9e/0xa5
[<ffffffff8116d70d>] ? might_fault+0x55/0xa5
[<ffffffff81508cb1>] ? copy_from_user+0x2a/0x2c
[<ffffffff8150b70c>] ___sys_sendmsg+0x226/0x2d9
[<ffffffff810fcd25>] ? __lock_acquire+0x5ee/0xe48
[<ffffffff810fde01>] ? trace_hardirqs_on_caller+0x145/0x1a1
[<ffffffff8118efcb>] ? slab_free_hook.isra.71+0x50/0x59
[<ffffffff8115c81f>] ? release_pages+0xbc/0x181
[<ffffffff810fd99d>] ? lock_acquire+0x94/0x9d
[<ffffffff81115e97>] ? read_seqcount_begin.constprop.25+0x73/0x90
[<ffffffff8150c408>] __sys_sendmsg+0x3d/0x5b
[<ffffffff8150c433>] SyS_sendmsg+0xd/0x19
[<ffffffff815dc53d>] system_call_fastpath+0x1a/0x1f
Reported-by: Ben Greear <greearb@candelatech.com>
Cc: Casey Leedom <leedom@chelsio.com>
Cc: Hariprasad Shenai <hariprasad@chelsio.com>
Signed-off-by: Li RongQing <roy.qing.li@gmail.com>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Acked-by: Casey Leedom <leedom@chelsio.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
Fix nfs4_negotiate_security to create an rpc_clnt used to test each SECINFO
returned pseudoflavor. Check credential creation (and gss_context creation)
which is important for RPC_AUTH_GSS pseudoflavors which can fail for multiple
reasons including mis-configuration.
Don't call nfs4_negotiate in nfs4_submount as it was just called by
nfs4_proc_lookup_mountpoint (nfs4_proc_lookup_common)
Signed-off-by: Andy Adamson <andros@netapp.com>
[Trond: fix corrupt return value from nfs_find_best_sec()]
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
|
|
Do not return RPC_AUTH_UNIX if SEINFO reply tests fail. This
prevents an infinite loop of NFS4ERR_WRONGSEC for non RPC_AUTH_UNIX mounts.
Without this patch, a mount with no sec= option to a server
that does not include RPC_AUTH_UNIX in the
SECINFO return can be presented with an attemtp to use RPC_AUTH_UNIX
which will result in an NFS4ERR_WRONG_SEC which will prompt the SECINFO
call which will again try RPC_AUTH_UNIX....
Signed-off-by: Andy Adamson <andros@netapp.com>
Tested-By: Steve Dickson <steved@redhat.com>
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
|
|
Signed-off-by: Andy Adamson <andros@netapp.com>
Tested-By: Steve Dickson <steved@redhat.com>
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
|
|
Now that we have functions such as nfs_write_pageuptodate() that use
the cache_validity flags to check if the data cache is valid or not,
it is a little more important to keep the flags in sync with the
state of the data cache.
In particular, we'd like to ensure that if the data cache is empty, we
don't start marking it as needing revalidation.
Reported-by: Scott Mayhew <smayhew@redhat.com>
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
|
|
In nfs_update_inode(), if the change attribute is seen to change on
the server, then we set NFS_INO_REVAL_PAGECACHE in order to make
sure that we check the file size.
However, if we also update the file size in the same function, we
don't need to check it again. So make sure that we clear the
NFS_INO_REVAL_PAGECACHE that was set earlier.
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
|
|
NFS_INO_INVALID_DATA cannot be ignored, even if we have a delegation.
We're still having some problems with data corruption when multiple
clients are appending to a file and those clients are being granted
write delegations on open.
To reproduce:
Client A:
vi /mnt/`hostname -s`
while :; do echo "XXXXXXXXXXXXXXX" >>/mnt/file; sleep $(( $RANDOM % 5 )); done
Client B:
vi /mnt/`hostname -s`
while :; do echo "YYYYYYYYYYYYYYY" >>/mnt/file; sleep $(( $RANDOM % 5 )); done
What's happening is that in nfs_update_inode() we're recognizing that
the file size has changed and we're setting NFS_INO_INVALID_DATA
accordingly, but then we ignore the cache_validity flags in
nfs_write_pageuptodate() because we have a delegation. As a result,
in nfs_updatepage() we're extending the write to cover the full page
even though we've not read in the data to begin with.
Signed-off-by: Scott Mayhew <smayhew@redhat.com>
Cc: <stable@vger.kernel.org> # v3.11+
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
|
|
Another restriction inherited for NVMe - those devices don't support
SG lists that have "gaps" in them. Gaps refers to cases where the
previous SG entry doesn't end on a page boundary. For NVMe, all SG
entries must start at offset 0 (except the first) and end on a page
boundary (except the last).
Signed-off-by: Jens Axboe <axboe@fb.com>
|
|
Macro bip_vec_idx() was used by bio integrity originally, but no longer
used now. So remove it.
Signed-off-by: Gu Zheng <guz.fnst@cn.fujitsu.com>
Signed-off-by: Jens Axboe <axboe@fb.com>
|
|
When the AHCI link is disabled, it can't be re-enabled except by
resetting the entire SoC. Rather than doing this silently print
some kernel messages to inform the user, along with how to avoid
this.
tj: Put a long printf format string on a single line.
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Tejun Heo <tj@kernel.org>
|
|
Pull aio fixes from Ben LaHaise:
"These fix a kernel memory disclosure issue (arbitrary kmap() &
copy_to_user()) revealed in CVE-2014-0206 by changes that were
introduced in v3.10"
* git://git.kvack.org/~bcrl/aio-fixes:
aio: fix kernel memory disclosure in io_getevents() introduced in v3.10
aio: fix aio request leak when events are reaped by userspace
|
|
Pull ARM fixes from Russell King:
"A number of low impact fixes, the most noticable one is the thumb2
frame pointer fix. We also fix a regression caused during this merge
window with ARM925 CPUs running with caches disabled, and fix a number
of warnings"
* 'fixes' of git://ftp.arm.linux.org.uk/~rmk/linux-arm:
ARM: arm925: ensure assembly sets up writethrough mapping
ARM: perf: fix compiler warning with gcc 4.6.4 (and tidy code)
ARM: l2c: fix dependencies on PL310 errata symbols
ARM: 8069/1: Make thread_save_fp macro aware of THUMB2 mode
ARM: 8068/1: scoop: Remove unused variable
|
|
NCQ feature is unsupported on hisilicon sata controller, so disable
it. This version of IP is used by hip04 and hix5hd2 soc.
tj: "|=" was replaced with "=" for no reason. Restored "|=".
Signed-off-by: Kefeng Wang <kefeng.wang@linaro.org>
Sigend-off-by: Tejun Heo <tj@kernel.org>
|
|
vdso2c was checking for various types of relocations to detect when
the vdso had undefined symbols or was otherwise dependent on
relocation at load time. Undefined symbols in the vdso would fail if
accessed at runtime, and certain implementation errors (e.g. branch
profiling or incorrect symbol visibilities) could result in data
access through the GOT that requires relocations. This could be
as simple as:
extern char foo;
return foo;
Without some kind of visibility control, the compiler would assume
that foo could be interposed at load time and would generate a
relocation.
x86-64 and x32 (as opposed to i386) use explicit-addent (RELA) instead
of implicit-addent (REL) relocations for data access, and vdso2c
forgot to detect those.
Whether these bad relocations would actually fail at runtime depends
on what the linker sticks in the unrelocated references. Nonetheless,
these relocations have no business existing in the vDSO and should be
fixed rather than silently ignored.
This error could trigger on some configurations due to branch
profiling. The previous patch fixed that.
Signed-off-by: Andy Lutomirski <luto@amacapital.net>
Link: http://lkml.kernel.org/r/74ef0c00b4d2a3b573e00a4113874e62f772e348.1403642755.git.luto@amacapital.net
Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
|
|
DISABLE_BRANCH_PROFILING turns off branch profiling (i.e. a
redefinition of 'if'). Branch profiling depends on a bunch of
kernel-internal symbols and generates extra output sections, none of
which are useful or functional in the vDSO.
It's currently turned off for vclock_gettime.c, but vgetcpu.c also
triggers branch profiling, so just turn it off in the makefile.
This fixes the build on some configurations: the vdso could contain
undefined symbols, and the fake section table overflowed due to
ftrace's added sections.
Signed-off-by: Andy Lutomirski <luto@amacapital.net>
Link: http://lkml.kernel.org/r/bf1ec29e03b2bbc081f6dcaefa64db1c3a83fb21.1403642755.git.luto@amacapital.net
Signed-off-by: H. Peter Anvin <hpa@linux.intel.com>
|
|
Current code did not allow sending the broadcast filtering command
for P2P Client interfaces. However, this was not enough, since once
broadcast filtering command was issued over the station interface
after the P2P Client connected, the command also attached the filters
to the P2P Client MAC which is not allowed (FW ASSERT 1063).
Fix this skipping P2P Client interfaces when constructing the broadcast
filtering command
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
Reviewed-by: ArikX Nemtsov <arik@wizery.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
|
|
This reverts commit dc9a19296a872644f19a06d8eeb5db222d327b41.
3610 cards don't support UAPSD.
Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
|
|
Add one more 7265 series HW ID.
Edit one existing 7265 series HW ID.
CC: <stable@vger.kernel.org> [3.13+]
Signed-off-by: Oren Givon <oren.givon@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
|
|
A kernel memory disclosure was introduced in aio_read_events_ring() in v3.10
by commit a31ad380bed817aa25f8830ad23e1a0480fef797. The changes made to
aio_read_events_ring() failed to correctly limit the index into
ctx->ring_pages[], allowing an attacked to cause the subsequent kmap() of
an arbitrary page with a copy_to_user() to copy the contents into userspace.
This vulnerability has been assigned CVE-2014-0206. Thanks to Mateusz and
Petr for disclosing this issue.
This patch applies to v3.12+. A separate backport is needed for 3.10/3.11.
Signed-off-by: Benjamin LaHaise <bcrl@kvack.org>
Cc: Mateusz Guzik <mguzik@redhat.com>
Cc: Petr Matousek <pmatouse@redhat.com>
Cc: Kent Overstreet <kmo@daterainc.com>
Cc: Jeff Moyer <jmoyer@redhat.com>
Cc: stable@vger.kernel.org
|
|
The aio cleanups and optimizations by kmo that were merged into the 3.10
tree added a regression for userspace event reaping. Specifically, the
reference counts are not decremented if the event is reaped in userspace,
leading to the application being unable to submit further aio requests.
This patch applies to 3.12+. A separate backport is required for 3.10/3.11.
This issue was uncovered as part of CVE-2014-0206.
Signed-off-by: Benjamin LaHaise <bcrl@kvack.org>
Cc: stable@vger.kernel.org
Cc: Kent Overstreet <kmo@daterainc.com>
Cc: Mateusz Guzik <mguzik@redhat.com>
Cc: Petr Matousek <pmatouse@redhat.com>
|
|
The system suspend flow as following:
1, Freeze all user processes and kenrel threads.
2, Try to suspend all devices.
2.1, If pci device is in RPM suspended state, then pci driver will try
to resume it to RPM active state in the prepare stage.
2.2, xhci_resume function calls usb_hcd_resume_root_hub to queue two
workqueue items to resume usb2&usb3 roothub devices.
2.3, Call suspend callbacks of devices.
2.3.1, All suspend callbacks of all hcd's children, including
roothub devices are called.
2.3.2, Finally, hcd_pci_suspend callback is called.
Due to workqueue threads were already frozen in step 1, the workqueue
items can't be scheduled, and the roothub devices can't be resumed in
this flow. The HCD_FLAG_WAKEUP_PENDING flag which is set in
usb_hcd_resume_root_hub won't be cleared. Finally,
hcd_pci_suspend will return -EBUSY, and system suspend fails.
The reason why this issue doesn't show up very often is due to that
choose_wakeup will be called in step 2.3.1. In step 2.3.1, if
udev->do_remote_wakeup is not equal to device_may_wakeup(&udev->dev), then
udev will resume to RPM active for changing the wakeup settings. This
has been a lucky hit which hides this issue.
For some special xHCI controllers which have no USB2 port, then roothub
will not match hub driver due to probe failed. Then its
do_remote_wakeup will be set to zero, and we won't be as lucky.
xhci driver doesn't need to resume roothub devices everytime like in
the above case. It's only needed when there are pending event TRBs.
This patch should be back-ported to kernels as old as 3.2, that
contains the commit f69e3120df82391a0ee8118e0a156239a06b2afb
"USB: XHCI: resume root hubs when the controller resumes"
Cc: stable@vger.kernel.org # 3.2
Signed-off-by: Wang, Yu <yu.y.wang@intel.com>
Acked-by: Alan Stern <stern@rowland.harvard.edu>
[use readl() instead of removed xhci_readl(), reword commit message -Mathias]
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
When xHCI PCI host is suspended, if do_wakeup is false in xhci_pci_suspend,
xhci_bus_suspend needs to clear all root port wake on bits. Otherwise some Intel
platforms may get a spurious wakeup, even if PCI PME# is disabled.
This patch should be back-ported to kernels as old as 2.6.37, that
contains the commit 9777e3ce907d4cb5a513902a87ecd03b52499569
"USB: xHCI: bus power management implementation".
Cc: stable@vger.kernel.org # 2.6.37
Signed-off-by: Lu Baolu <baolu.lu@linux.intel.com>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
The transfer burst count (TBC) field in xhci 1.0 hosts should be set
to the number of bursts needed to transfer all packets in a isoc TD.
Supported values are 0-2 (1 to 3 bursts per service interval).
Formula for TBC calculation is given in xhci spec section 4.11.2.3:
TBC = roundup( Transfer Descriptor Packet Count / Max Burst Size +1 ) - 1
This patch should be applied to stable kernels since 3.0 that contain
the commit 5cd43e33b9519143f06f507dd7cbee6b7a621885
"xhci 1.0: Set transfer burst count field."
Cc: stable@vger.kernel.org # 3.0
Suggested-by: ShiChun Ma <masc2008@qq.com>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
Command completion events normally include command completion status,
SLOT_ID, and a pointer to the original command. Reset device command
completion SLOT_ID may be zero according to xhci specs 4.6.11.
VIA controllers set the SLOT_ID to zero, triggering a WARN_ON in the
command completion handler.
Use the SLOT ID found from the original command instead.
This patch should be applied to stable kernels since 3.13 that contain
the commit 20e7acb13ff48fbc884d5918c3697c27de63922a
"xhci: use completion event's slot id rather than dig it out of command"
Cc: stable@vger.kernel.org # 3.13
Reported-by: Saran Neti <sarannmr@gmail.com>
Tested-by: Saran Neti <sarannmr@gmail.com>
Signed-off-by: Mathias Nyman <mathias.nyman@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
|
|
Correct the the config register for LDO1.
Fixes: 90e7d5262796 (regulator: tps65218: Add Regulator driver for
TPS65218 PMIC)
Signed-off-by: Keerthy <j-keerthy@ti.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
Signed-off-by: Mark Brown <broonie@linaro.org>
Cc: <stable@vger.kernel.org> # v3.15
|
|
Add the missing of_node assignment in probe.
Fixes: 90e7d5262796 (regulator: tps65218: Add Regulator driver for TPS65218 PMIC)
Signed-off-by: Keerthy <j-keerthy@ti.com>
Signed-off-by: Felipe Balbi <balbi@ti.com>
Signed-off-by: Mark Brown <broonie@linaro.org>
Cc: <stable@vger.kernel.org> # v3.15
|
|
Any callbacks in scsi_timeout_out() might return BLK_EH_RESET_TIMER,
in which case we should leave the result alone and not set
DID_TIME_OUT, as the command didn't actually timeout.
Signed-off-by: Hannes Reinecke <hare@suse.de>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Ewan D. Milne <emilne@redhat.com>
|
|
After scsi_try_to_abort_cmd returns, the eh_abort_handler may have
already found that the command has completed in the device, causing
the host_byte to be nonzero (e.g. it could be DID_ABORT). When
this happens, ORing DID_TIME_OUT into the host byte will corrupt
the result field and initiate an unwanted command retry.
Fix this by using set_host_byte instead, following the model of
commit 2082ebc45af9c9c648383b8cde0dc1948eadbf31.
Cc: stable@vger.kernel.org
Signed-off-by: Ulrich Obergfell <uobergfe@redhat.com>
[Fix all instances according to review comments. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Ewan D. Milne <emilne@redhat.com>
Reviewed-by: Hannes Reinecke <hare@suse.de>
|
|
mixer_wait_for_vblank function expects that the upcoming
vsync interrupt handler routine will clear the
wait_vsync_event atomic variable.
For this to happen, interrupts should be enabled and
disabled properly.
Signed-off-by: Rahul Sharma <rahul.sharma@samsung.com>
Signed-off-by: Inki Dae <inki.dae@samsung.com>
|
|
Mixer soft reset is a recommended step before reconfiguring
the mixer after power on. Mixer looses the previous state of
DMAs if soft reset. This is the recommendation from the
hardware team.
Signed-off-by: Rahul Sharma <rahul.sharma@samsung.com>
Signed-off-by: Inki Dae <inki.dae@samsung.com>
|
|
Allowing only one layer update per vsync can cause issues
while there are update available for both layers. There is
a good amount of possibility to loose updates if we allow
single update per vsync.
Signed-off-by: Rahul Sharma <rahul.sharma@samsung.com>
Signed-off-by: Inki Dae <inki.dae@samsung.com>
|
|
The non-split wiphy state shouldn't be increased in size
so move the new set_qos_map command into the split if
statement.
Cc: stable@vger.kernel.org (3.14+)
Fixes: fa9ffc745610 ("cfg80211: Add support for QoS mapping")
Reviewed-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/balbi/usb into usb-linus
usb: fixes for v3.16-rc2
dwc3-omap won't crash anymore on module removal and suspend/resume won't kill
xHCI interrupts.
MUSB got a fix to handle Babble condition only in host mode, how it should be.
The f_fs function driver got a fix for a NULL pointer dereference.
Renesas gadget got a fix for Status stage handling.
Signed-of-by: Felipe Balbi <balbi@ti.com>
|
|
The patch 08c9a188d0d0fc0f0c5e17d89a06bb59c493110f
kvm: powerpc: use caching attributes as per linux pte
do not handle properly the error case, letting mmu_lock locked. The lock
will further generate a RCU stall from kvmppc_e500_emul_tlbwe() caller.
In case of an error go to out label.
Signed-off-by: Mihai Caraman <mihai.caraman@freescale.com>
Signed-off-by: Alexander Graf <agraf@suse.de>
|
|
option
When we SMB3 mounted with mapchars (to allow reserved characters : \ / > < * ?
via the Unicode Windows to POSIX remap range) empty paths
(eg when we open "" to query the root of the SMB3 directory on mount) were not
null terminated so we sent garbarge as a path name on empty paths which caused
SMB2/SMB2.1/SMB3 mounts to fail when mapchars was specified. mapchars is
particularly important since Unix Extensions for SMB3 are not supported (yet)
Signed-off-by: Steve French <smfrench@gmail.com>
Cc: <stable@vger.kernel.org>
Reviewed-by: David Disseldorp <ddiss@suse.de>
|
|
This is cosmetical - it makes the pin quirk table look better.
Signed-off-by: David Henningsson <david.henningsson@canonical.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
|
This is cosmetical - it makes the new pin quirk table look better.
Signed-off-by: David Henningsson <david.henningsson@canonical.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
|
Commit 07e461cd7e73a84f0e3757932b93cc80976fd749
"of: Ensure unique names without sacrificing determinism"
caused a boot failure regression on the Integrator machines.
The problem is probably caused by fiddling too much with
the device tree population in the OF init function, such
as passing the SoC bus device as parent when populating
the device tree.
This patch fixes the problem by:
- Avoiding to explicitly look up the tree root
- Look up devices needed before device population from
the match only, passing NULL as root
- Passing NULL as root and parent when calling
of_platform_populate()
After this the Integrators boot again. Tested on
Integrator/AP and Integrator/CP.
Cc: Grant Likely <grant.likely@linaro.org>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
|
|
Two bug reporters with Dell XPS 15 report that they need to use the
dell-headset-multi model to get the headset mic working.
The two bug reporters have different PCI SSID (1028:05fd and 1028:05fe)
but this pin quirk matches both.
BugLink: https://bugs.launchpad.net/bugs/1331915
Signed-off-by: David Henningsson <david.henningsson@canonical.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
|
objects in debugfs
Fixes an issue whereby we may race with the table updates (before the
core takes the struct_mutex) and so risk dereferencing a stale pointer in
the iterator for /debugfs/.../i915_gem_objects. For example,
[ 1524.757545] BUG: unable to handle kernel paging request at f53af748
[ 1524.757572] IP: [<c1406982>] per_file_stats+0x12/0x100
[ 1524.757599] *pdpt = 0000000001b13001 *pde = 00000000379fb067 *pte = 80000000353af060
[ 1524.757621] Oops: 0000 [#1] SMP DEBUG_PAGEALLOC
[ 1524.757637] Modules linked in: ctr ccm arc4 ath9k ath9k_common ath9k_hw ath snd_hda_codec_conexant mac80211 snd_hda_codec_generic snd_hda_intel snd_hda_controller snd_hda_codec bnep snd_hwdep rfcomm snd_pcm gpio_ich dell_wmi sparse_keymap snd_seq_midi hid_multitouch uvcvideo snd_seq_midi_event dell_laptop snd_rawmidi dcdbas snd_seq videobuf2_vmalloc videobuf2_memops videobuf2_core usbhid videodev snd_seq_device coretemp snd_timer hid joydev kvm_intel cfg80211 ath3k kvm btusb bluetooth serio_raw snd microcode soundcore lpc_ich wmi mac_hid parport_pc ppdev lp parport psmouse ahci libahci
[ 1524.757825] CPU: 3 PID: 1911 Comm: intel-gpu-overl Tainted: G W OE 3.15.0-rc3+ #96
[ 1524.757840] Hardware name: Dell Inc. Inspiron 1090/Inspiron 1090, BIOS A06 08/23/2011
[ 1524.757855] task: f52f36c0 ti: f4cbc000 task.ti: f4cbc000
[ 1524.757869] EIP: 0060:[<c1406982>] EFLAGS: 00210202 CPU: 3
[ 1524.757884] EIP is at per_file_stats+0x12/0x100
[ 1524.757896] EAX: 0000002d EBX: 00000000 ECX: f4cbdefc EDX: f53af700
[ 1524.757909] ESI: c1406970 EDI: f53af700 EBP: f4cbde6c ESP: f4cbde5c
[ 1524.757922] DS: 007b ES: 007b FS: 00d8 GS: 0033 SS: 0068
[ 1524.757934] CR0: 80050033 CR2: f53af748 CR3: 356af000 CR4: 000007f0
[ 1524.757945] Stack:
[ 1524.757957] f4cbdefc 00000000 c1406970 f53af700 f4cbdea8 c12e5f15 f4cbdefc c1406970
[ 1524.757993] 0000ffff f4cbde90 0000002d f5dc5cd0 e4e80438 c1181d59 f4cbded8 f4d89900
[ 1524.758027] f5631b40 e5131074 c1903f37 f4cbdf28 c14068e6 f52648a0 c1927748 c1903f37
[ 1524.758062] Call Trace:
[ 1524.758084] [<c1406970>] ? i915_gem_object_info+0x510/0x510
[ 1524.758106] [<c12e5f15>] idr_for_each+0xa5/0x100
[ 1524.758126] [<c1406970>] ? i915_gem_object_info+0x510/0x510
[ 1524.758148] [<c1181d59>] ? seq_vprintf+0x29/0x50
[ 1524.758168] [<c14068e6>] i915_gem_object_info+0x486/0x510
[ 1524.758189] [<c11823a6>] seq_read+0xd6/0x380
[ 1524.758208] [<c116d11d>] ? final_putname+0x1d/0x40
[ 1524.758227] [<c11822d0>] ? seq_hlist_next_percpu+0x90/0x90
[ 1524.758246] [<c1163e52>] vfs_read+0x82/0x150
[ 1524.758265] [<c11645d6>] SyS_read+0x46/0x90
[ 1524.758285] [<c16b8d8c>] sysenter_do_call+0x12/0x22
[ 1524.758298] Code: f5 8f 2a 00 83 c4 6c 31 c0 5b 5e 5f 5d c3 8d 74 26 00 8d bc 27 00 00 00 00 55 89 e5 57 56 53 83 ec 04 3e 8d 74 26 00 83 41 04 01 <8b> 42 48 01 41 08 8b 42 4c 89 d7 85 c0 75 07 8b 42 60 85 c0 74
[ 1524.758461] EIP: [<c1406982>] per_file_stats+0x12/0x100 SS:ESP 0068:f4cbde5c
[ 1524.758485] CR2: 00000000f53af748
Reported-by: Sam Jansen <sam.jansen@starleaf.com>
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Cc: Sam Jansen <sam.jansen@starleaf.com>
Cc: stable@vger.kernel.org
Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
|
|
These PCI IDs are reserved on BSpec and can be used at any time in the future.
So let's add this now in order to avoid issues that we already faced on previous
platforms, like finding out about new ids when user reported accelaration weren't
enabled.
Cc: stable@vger.kernel.org
Reviewed-by: Ben Widawsky <ben@bwidawsk.net>
Signed-off-by: Rodrigo Vivi <rodrigo.vivi@intel.com>
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
|
|
Fallout from
commit 46470fc932ac8a0e8317a220b3f4ea4ed903338e
Author: Mika Kuoppala <mika.kuoppala@linux.intel.com>
Date: Wed May 21 19:01:06 2014 +0300
drm/i915: Add null state batch to active list
undid the earlier fix of only marking the ctx as initialised after it is
saved by the hardware during a SET_CONTEXT operation:
commit ad1d219974a3d13412268525309c5892f6779ae9
Author: Ben Widawsky <benjamin.widawsky@intel.com>
Date: Sat Dec 28 13:31:49 2013 -0800
drm/i915: set ctx->initialized only after RCS
Signed-off-by: Chris Wilson <chris@chris-wilson.co.uk>
Cc: Ville Syrjälä <ville.syrjala@linux.intel.com>
Cc: Damien Lespiau <damien.lespiau@intel.com>
Cc: Mika Kuoppala <mika.kuoppala@intel.com>
Cc: Ben Widawsky <ben@bwidawsk.net>
Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Reviewed-by: Ben Widawsky <ben@bwidawsk.net>
[Jani: add reference to the earlier fix in the commit messsage.]
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
|
|
wildcard
Wildcards in compatible strings should be avoid. "marvell,armada38x"
was recently introduced but was not yet used.
The armada 385 SoC is a superset of the armada 380 SoC (with more CPUs
and more PCIe slots). So this patch replaces the use of
"marvell,armada38x" by the "marvell,armada380" string.
Signed-off-by: Gregory CLEMENT <gregory.clement@free-electrons.com>
Link: https://lkml.kernel.org/r/1403533011-21339-1-git-send-email-gregory.clement@free-electrons.com
Acked-by: Andrew Lunn <andrew@lunn.ch>
Cc: <stable@vger.kernel.org> # v3.15+
Signed-off-by: Jason Cooper <jason@lakedaemon.net>
|
|
The current sched scan channel configuration code
configures all the supported channels for scanning.
However, this can result in SYSASSERT in some cases,
when the configured channel is disabled.
Instead, configure only the channels given in the
req struct, and set the channel_count field appropriately.
While on it, change the code to use channel->hw_value
instead of recalculating the channel number.
Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
Signed-off-by: Emmanuel Grumbach <emmanuel.grumbach@intel.com>
|
|
When setting up .enable_reg for an SMPS regulator, presumably we should
call PALMAS_BASE_TO_REG(PALMAS_SMPS_BASE, ...) rather than using
LDO_BASE. This change makes the LCD panel and HDMI work again on the
NVIDIA Dalmore board anyway.
Fixes: 318dbb02b50c ("regulator: palmas: Fix SMPS enable/disable/is_enabled")
Signed-off-by: Stephen Warren <swarren@nvidia.com>
Acked-by: Nishanth Menon <nm@ti.com>
Tested-by: Alexandre Courbot <acourbot@nvidia.com>
Signed-off-by: Mark Brown <broonie@linaro.org>
|
|
The DART table allocation is registered to kmemleak via the
memblock_alloc_base() call. However, the DART table is later unmapped
and dart_tablebase VA no longer accessible. This patch tells kmemleak
not to scan this block and avoid an unhandled paging request.
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Paul Mackerras <paulus@samba.org>
Signed-off-by: Benjamin Herrenschmidt <benh@kernel.crashing.org>
|
