If we fault due to authentication, we invalidate the service ticket we
have and request a new one - the idea being that if a service rejected
our authorizer, it must have expired, despite mon_client's attempts at
periodic renewal. (The other possibility is that our ticket is too new
and the service hasn't gotten it yet, in which case invalidating isn't
necessary but doesn't hurt.)
Invalidating just the service ticket is not enough, though. If we
assume a failure on mon_client's part to renew a service ticket, we
have to assume the same for the AUTH ticket. If our AUTH ticket is
bad, we won't get any service tickets no matter how hard we try, so
invalidate AUTH ticket along with the service ticket.
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Reviewed-by: Sage Weil <sage@redhat.com>
Back in 2013, commit 4b8e8b5d78 ("libceph: fix authorizer
invalidation") tried to fix authorizer invalidation issues by clearing
validity field. However, nothing ever consults this field, so it
doesn't force us to request any new secrets in any way and therefore we
never get out of the exponential backoff mode:
[ 129.973812] libceph: osd2 192.168.122.1:6810 connect authorization failure
[ 130.706785] libceph: osd2 192.168.122.1:6810 connect authorization failure
[ 131.710088] libceph: osd2 192.168.122.1:6810 connect authorization failure
[ 133.708321] libceph: osd2 192.168.122.1:6810 connect authorization failure
[ 137.706598] libceph: osd2 192.168.122.1:6810 connect authorization failure
...
AFAICT this was the case at the time 4b8e8b5d78 was merged, too.
Using timespec solely as a bool isn't nice, so introduce a new have_key
flag, specifically for this purpose.
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Reviewed-by: Sage Weil <sage@redhat.com>
Commit 20e55c4cc7 ("libceph: clear messenger auth_retry flag when we
authenticate") got us only half way there. We clear the flag if the
second attempt succeeds, but it also needs to be cleared if that
attempt fails, to allow for the exponential backoff to kick in.
Otherwise, if ->should_authenticate() thinks our keys are valid, we
will busy loop, incrementing auth_retry to no avail:
process_connect ffff880079a63830 got BADAUTHORIZER attempt 1
process_connect ffff880079a63830 got BADAUTHORIZER attempt 2
process_connect ffff880079a63830 got BADAUTHORIZER attempt 3
process_connect ffff880079a63830 got BADAUTHORIZER attempt 4
process_connect ffff880079a63830 got BADAUTHORIZER attempt 5
...
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Reviewed-by: Sage Weil <sage@redhat.com>
There are a number of problems with revoking a "was sending" message:
(1) We never make any attempt to revoke data - only kvecs contibute to
con->out_skip. However, once the header (envelope) is written to the
socket, our peer learns data_len and sets itself to expect at least
data_len bytes to follow front or front+middle. If ceph_msg_revoke()
is called while the messenger is sending message's data portion,
anything we send after that call is counted by the OSD towards the now
revoked message's data portion. The effects vary, the most common one
is the eventual hang - higher layers get stuck waiting for the reply to
the message that was sent out after ceph_msg_revoke() returned and
treated by the OSD as a bunch of data bytes. This is what Matt ran
into.
(2) Flat out zeroing con->out_kvec_bytes worth of bytes to handle kvecs
is wrong. If ceph_msg_revoke() is called before the tag is sent out or
while the messenger is sending the header, we will get a connection
reset, either due to a bad tag (0 is not a valid tag) or a bad header
CRC, which kind of defeats the purpose of revoke. Currently the kernel
client refuses to work with header CRCs disabled, but that will likely
change in the future, making this even worse.
(3) con->out_skip is not reset on connection reset, leading to one or
more spurious connection resets if we happen to get a real one between
con->out_skip is set in ceph_msg_revoke() and before it's cleared in
write_partial_skip().
Fixing (1) and (3) is trivial. The idea behind fixing (2) is to never
zero the tag or the header, i.e. send out tag+header regardless of when
ceph_msg_revoke() is called. That way the header is always correct, no
unnecessary resets are induced and revoke stands ready for disabled
CRCs. Since ceph_msg_revoke() rips out con->out_msg, introduce a new
"message out temp" and copy the header into it before sending.
Cc: stable@vger.kernel.org # 4.0+
Reported-by: Matt Conner <matt.conner@keepertech.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Tested-by: Matt Conner <matt.conner@keepertech.com>
Reviewed-by: Sage Weil <sage@redhat.com>
Use list_for_each_entry_safe() instead of list_for_each_safe() to
simplify the code.
Signed-off-by: Geliang Tang <geliangtang@163.com>
[idryomov@gmail.com: nuke call to list_splice_init() as well]
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Cap message from MDS can update i_size. In that case, we don't
hold i_mutex. So it's unsafe to directly access inode->i_size
while holding i_mutex.
Signed-off-by: Yan, Zheng <zyan@redhat.com>
When receiving -EOLDSNAP from OSD, we need to re-send corresponding
write request. Due to locking issue, we can send new request inside
another OSD request's complete callback. So we use worker to re-send
request for AIO write.
Signed-off-by: Yan, Zheng <zyan@redhat.com>
The basic idea of AIO support is simple, just call kiocb::ki_complete()
in OSD request's complete callback. But there are several special cases.
when IO span multiple objects, we need to wait until all OSD requests
are complete, then call kiocb::ki_complete(). Error handling in this case
is tricky too. For simplify, AIO both span multiple objects and extends
i_size are not allowed.
Another special case is check EOF for reading (other client can write to
the file and extend i_size concurrently). For simplify, the direct-IO/AIO
code path does do the check, fallback to normal syn read instead.
Signed-off-by: Yan, Zheng <zyan@redhat.com>
The variant pagep will still get the invalid page point, although ceph
fails in function ceph_update_writeable_page.
To fix this issue, Assigne the page to pagep until there is no failure
in function ceph_update_writeable_page.
Signed-off-by: Minfei Huang <mnfhuang@gmail.com>
Signed-off-by: Yan, Zheng <zyan@redhat.com>
ceph_update_writeable_page() unlocks the page on errors, so
page_mkwrite() should not unlock the page again.
Signed-off-by: Yan, Zheng <zyan@redhat.com>
The rbd_dev_destroy() function tests whether its argument is NULL
and then returns immediately. Thus the test around the call is not needed.
This issue was detected by using the Coccinelle software.
Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
list_next_entry has been defined in list.h, so I replace list_entry_next
with it.
Signed-off-by: Geliang Tang <geliangtang@163.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
This patch makes ceph_frag_contains_value return bool to improve
readability due to this particular function only using either one or
zero as its return value.
No functional change.
Signed-off-by: Yaowei Bai <baiyaowei@cmss.chinamobile.com>
Signed-off-by: Yan, Zheng <zyan@redhat.com>
These functions were introduced in commit 3d14c5d2b ("ceph: factor
out libceph from Ceph file system"). Howover, there's no user of
these functions since then, so remove them for simplicity.
Signed-off-by: Yaowei Bai <baiyaowei@cmss.chinamobile.com>
Signed-off-by: Yan, Zheng <zyan@redhat.com>
Single fix for machines with pages > 4k (PPC mostly). There's a bug in our
optimal transfer size code where we don't account for pages > 4k and can set
the transfer size to be less than the page size causing nasty failures.
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAABAgAGBQJWkUiHAAoJEDeqqVYsXL0MArAH/2XWKJGI9tr0AQQ79WGD/kjV
KZsUjKP9sshjxXBB8jK+TFvO/Z2BE92XzXtIswgdc6OdeANyhE+LhdbNpuooX2gv
lW28RAbSVLrwJzyr7B2VGAiCOR9opGu2opOJnQMo05pSAFqJxNG4l1Ap+4pOX9/1
ffTwidgk6bWs5zKlDwbETHVv/X50U90O5MyJBvf9KC7YvFhD41OIz7QEqiHgs1qW
T6J80ZH4ZhWN+pRMHlybJ7RwP7TVjUSkDRLWRSX8IWjisbDqY86JVVt/BUA3lbhL
sLDc/mku3ZPsRAUJL544ydAPWA2DtJ9PjPkYuMgPQOCyUfAKq5OTf6hG0Mghm34=
=n00Y
-----END PGP SIGNATURE-----
Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
Pull SCSI fix from James Bottomley:
"A single fix for machines with pages > 4k (PPC mostly).
There's a bug in our optimal transfer size code where we don't account
for pages > 4k and can set the transfer size to be less than the page
size causing nasty failures"
* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
sd: Reject optimal transfer length smaller than page size
TI DRA7xx host bridge driver
Mark driver as broken (Richard Cochran)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJWkSPdAAoJEFmIoMA60/r80kQP/jPgr13qJ0bt+DE8WMZ98zRu
BKpgL2MMQ2PzHjpHvrce1y2WceSdnPvloB5fElpi0PtYRzjmhZ607tgBpUjUEm5U
u/jmFa28PlzzGMu8zQuV6Ge4zFp8PdcNGxZqRNpxZl4HLltxYgd7LnM9wgmSAUo7
VwZlO5QIjHUPQ2oFC1o7F7pRhme1RpfUDwXaoHAER1E44pHBRksjY/xRlP/Nknh5
7QOcb62e6N/ngR6Vb01evNVSdtH1+HQQlPaxPALw3sItaRsqqB9rLfXecw5Xu1NN
h2DiRTcG/2X5bA8yxYZtmkFyvkFQFHjoxgvD2RHf7jb9TX0qyryFJceAKyyAUmFT
A4z3XSmd54tXjetFkSzYsUbb0Egp1atBLT1Uw8d7UH4djebnwh3hTqPNFpRZBDeA
AZRIkhTeupRjJGgtYsVghsiOQeS0yg4OboDVBPJljELOcsYN/nuoNvreXCp8qk4H
pHyq9AQ3XVu3OS94SvDNmTdssUNARPL020/K8FDOkbOnD9EDK/J/PdiEGCZtNea4
nu8qVo1PaROd5HBxQ2zB6PDiAIXAEfuqmFZPRXd5xa/DHxSfkHRJMmdE1TUVeFHn
rB+8Fz/PqdkA4wIM3STWtVZOCjYnn6WkeWYS95jX9PmVc1Pa8ByNYkrYc5mxGtar
uzqdDmZqYJAzRKkIadMR
=srOL
-----END PGP SIGNATURE-----
Merge tag 'pci-v4.4-fixes-4' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci
Pull PCI fixlet from Bjorn Helgaas:
"This marks the TI DRA7xx host bridge driver as broken. Apparently it
has never worked without some additional out-of-tree code, so I'm
going to mark it broken now and remove it completely next cycle unless
it's fixed"
* tag 'pci-v4.4-fixes-4' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci:
PCI: dra7xx: Mark driver as broken
kernel test robot has reported the following crash:
BUG: unable to handle kernel NULL pointer dereference at 00000100
IP: [<c1074df6>] __queue_work+0x26/0x390
*pdpt = 0000000000000000 *pde = f000ff53f000ff53 *pde = f000ff53f000ff53
Oops: 0000 [#1] PREEMPT PREEMPT SMP SMP
CPU: 0 PID: 24 Comm: kworker/0:1 Not tainted 4.4.0-rc4-00139-g373ccbe #1
Workqueue: events vmstat_shepherd
task: cb684600 ti: cb7ba000 task.ti: cb7ba000
EIP: 0060:[<c1074df6>] EFLAGS: 00010046 CPU: 0
EIP is at __queue_work+0x26/0x390
EAX: 00000046 EBX: cbb37800 ECX: cbb37800 EDX: 00000000
ESI: 00000000 EDI: 00000000 EBP: cb7bbe68 ESP: cb7bbe38
DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
CR0: 8005003b CR2: 00000100 CR3: 01fd5000 CR4: 000006b0
Stack:
Call Trace:
__queue_delayed_work+0xa1/0x160
queue_delayed_work_on+0x36/0x60
vmstat_shepherd+0xad/0xf0
process_one_work+0x1aa/0x4c0
worker_thread+0x41/0x440
kthread+0xb0/0xd0
ret_from_kernel_thread+0x21/0x40
The reason is that start_shepherd_timer schedules the shepherd work item
which uses vmstat_wq (vmstat_shepherd) before setup_vmstat allocates
that workqueue so if the further initialization takes more than HZ we
might end up scheduling on a NULL vmstat_wq. This is really unlikely
but not impossible.
Fixes: 373ccbe592 ("mm, vmstat: allow WQ concurrency to discover memory reclaim doesn't make any progress")
Reported-by: kernel test robot <ying.huang@linux.intel.com>
Signed-off-by: Michal Hocko <mhocko@suse.com>
Tested-by: Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>
Cc: stable@vger.kernel.org
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This is the final small set of ARM SoC bug fixes for linux-4.4,
almost all regressions:
OMAP: data corruption on the Nokia N900 flash
Allwinner: Two defconfig change to get USB working again
ARM Versatile: Interrupt numbers gone bad after an older bug fix
Nomadik: Crashes from incorrect L2 cache settings
VIA vt8500: SD/MMC support on WM8650 never worked
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUAVpA/vGCrR//JCVInAQK1NQ//fk4EYJj6JMwaB/I2hGtpUpartVtXj9tj
916+NazORGc/UBP9vG/bLWnZrKzZQdeLd2HwDT9eyHtZ+Qq8bm+No312l10EATkS
EAZKy4oy0HH5BD8yE5xM+CQn9fxh8GcmGJ/hKacpJnY2e0aaGgp9iHiPWH8kRmO4
kBbUWsbfGjxzfM+a/9XGrzcTWZLSOu6VGtxvdp2rGy+Un8AWVc6FQz48xsFXWivB
5JHp0qTnyUebSNbsxq05BDorybDuNSho5d3r94H85WwfbdybCxuFYedTZ1r3vCh9
rWDI8R2vb3uotzYYjigRwyYqggUz6TewWqwnyeyGsMHOCEU/q/2n2ASLhdxKl2x8
UZ+kKDhRiraaxnsNh/apVy4yvs7KmsUM6DgxzvXW3uyrrLrjJyGHKY5doHt5Z5mJ
ErhOW024skA8GNiWObmNiKzUdKEbO4e7ReFgwbLbA8W6ACVVMNdL4udsmkb+nj25
+VFWOg5WVG5WJFaEoSOGze7J0+SSwu7wP0HRPmWFotslExh5HsrvkSw429sDDB0R
4OwT0Ru0vDZvGrHD+Bu6mFJO1nL2kWKVsolyben1sA+OIbm7eoHcennRUFf2sog0
yWD03DT9iz//bmWPHVntcdRTTaXYvaChPWzHxlbBxw2DCfRkzy4Tx/Ic44s2Kjuq
PgQjTmNlnQ8=
=Z1E0
-----END PGP SIGNATURE-----
Merge tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc
Pull ARM SoC fixes from Arnd Bergmann:
"This is the final small set of ARM SoC bug fixes for linux-4.4, almost
all regressions:
OMAP:
- data corruption on the Nokia N900 flash
Allwinner:
- Two defconfig change to get USB working again
ARM Versatile:
- Interrupt numbers gone bad after an older bug fix
Nomadik:
- Crashes from incorrect L2 cache settings
VIA vt8500:
- SD/MMC support on WM8650 never worked"
* tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc:
dts: vt8500: Add SDHC node to DTS file for WM8650
ARM: Fix broken USB support in multi_v7_defconfig for sunxi devices
ARM: versatile: fix MMC/SD interrupt assignment
ARM: nomadik: set latencies to 8 cycles
ARM: OMAP2+: Fix onenand rate detection to avoid filesystem corruption
ARM: Fix broken USB support in sunxi_defconfig
a patch found in your master branch but not yet in the kvm/next branch
that is destined for 4.5.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQEcBAABAgAGBQJWj+yRAAoJEL/70l94x66DulYH/0OGP+yIHDDFlBqtPRm6q0pr
r8pSVRPPd4GY2SOJDBsBvMmWphFSYKIoCTyMbFnikADHM2yh/pycwLU/uzCM5xQl
uABMsCUntwbGaKq+A4bOvsNO49ueRCkML4ToVuKNTeuEKRYfdnlj3XcAMMgsUfEF
QGz8W2cm9xPn69df91cfBuFLLFeQVv2XsjA5WpqzzvWy5HEs1F07aVh57TI4j8OF
eFdn3Lkes9Ync70KjEy2QKe2Su0EWjderE0oqAORKomwZFVCYv/Vg1wERJYsugg5
UyYCY2j1tKlycKYDnO47L1xoS9JgMHY05OsH08Sn/EXBjRjnEVwTyco5pGPmuNA=
=5Lst
-----END PGP SIGNATURE-----
Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm
Pull KVM fix from Paolo Bonzini:
"A simple fix. I'm sending it before the merge window, because it
refines a patch found in your master branch but not yet in the
kvm/next branch that is destined for 4.5"
* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
kvm: x86: only channel 0 of the i8254 is linked to the HPET
Just one obvious fix that adds a missing function argument in
ACPI code introduced recently (Kees Cook).
/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAABCAAGBQJWkD8gAAoJEILEb/54YlRxOC4P/RDQxQkTzQPskyqHayzamCSQ
cEqKYOL199Do42OD0mlJm9gc2Ax0tLvSEK/6VRz4WB+xqrlUz8Lcnqrcjld632jx
a+xxqXcgIYTV03ujhNs4rRiWBedH9alwKvy4SoukQkL6eeXsE7llk1hZNjoqA3rh
VsVsPSxQNLOAkJJzaHpBrGE3weCdXAmUb7aaFe1mjj1eGrPP+MjOYRSKWoyRn4bA
RWL84wUmaM5X/NowCuFJZHEXGyiYm3EBFu4oqfKMRJDE6saJ0DLIPfIuaEX6srox
gSsOB0tCHhrVR4vhfFD2x4P3rMEwt39IcW/5dAj76zYH2yyYiCpC4SmdYIJTkI+a
/8y+a9/4CyKfOGhZ+lfJQOo0HbMHOGkF1VitNHGmiGnefTKDravFXIVqFqWBvgm3
oT1tPtM4fmgy787WBVMP+P7NQ9yh4/YQ5oB+3Mi5AS13mT1PCTKe32q9LiuMUAtE
QmcK0yvDAUM9LwNDYffUFVoUxkCAUft7CYIso46X5qjDOp94fB52K/JxM4aMX90b
kjtKWLWVFGzBCehj7cb4RX6Jqaq/5cR8f3pLf+wyC9tli2DtThX2aiFXjA3PcY8z
TZwZ8L31LL6apbIW5wZTMN9f6cKiM4YT44KYxWFdgf/S8ZqRx9EtjqrAKcJxgziF
WM+yB+XEb7Q21WcTESV/
=XAk2
-----END PGP SIGNATURE-----
Merge tag 'pm+acpi-4.4-final' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
Pull ACPI fix from Rafael Wysocki:
"Just one obvious fix that adds a missing function argument in ACPI
code introduced recently (Kees Cook)"
* tag 'pm+acpi-4.4-final' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
ACPI / property: avoid leaking format string into kobject name
Pull x86 fixes from Ingo Molnar:
"A handful of x86 fixes:
- a syscall ABI fix, fixing an Android breakage
- a Xen PV guest fix relating to the RTC device, causing a
non-working console
- a Xen guest syscall stack frame fix
- an MCE hotplug CPU crash fix"
* 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
x86/numachip: Fix NumaConnect2 MMCFG PCI access
x86/entry: Restore traditional SYSENTER calling convention
x86/entry: Fix some comments
x86/paravirt: Prevent rtc_cmos platform device init on PV guests
x86/xen: Avoid fast syscall path for Xen PV guests
x86/mce: Ensure offline CPUs don't participate in rendezvous process
Pull perf fixes from Ingo Molnar:
"Two core subsystem fixes, plus a handful of tooling fixes"
* 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
perf: Fix race in swevent hash
perf: Fix race in perf_event_exec()
perf list: Robustify event printing routine
perf list: Add support for PERF_COUNT_SW_BPF_OUT
perf hists browser: Fix segfault if use symbol filter in cmdline
perf hists browser: Reset selection when refresh
perf hists browser: Add NULL pointer check to prevent crash
perf buildid-list: Fix return value of perf buildid-list -k
perf buildid-list: Show running kernel build id fix
Pull block revert from Jens Axboe:
"The previous pull request had a split fix for NVMe, however there are
corner cases where that ends up blowing up.
So let's revert it for 4.4. The regression isn't introduced in this
cycle, and it's "just" a performance regression, not a
stability/integrity issue"
* 'for-linus' of git://git.kernel.dk/linux-block:
Revert "block: Split bios on chunk boundaries"
Late fixes for 4.4 are three fixes for drivers which include a
revert of mic-x100 fix which is causing regression, xgene fix for
double IRQ and async_tx fix to use GFP_NOWAIT
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJWj7XNAAoJEHwUBw8lI4NHOEEQAIj9YoQjkHkPo2PviIeiX3Zy
HNAIM0GepYSZrJO+duKAzFxK4mEGC92gpyOiv6NJ91RdC2ijYc9gb6Z7ig/g4znq
odqMGFIdBEqZAq1PhN81BtJqdkw4EmzffS/GaEol0MM85Hvm5r91GfOx86AKs0HW
emOJL5XXG8/byNY7xihCl+55u9l1E5c7+K8QNj3++bgKK07KIor4qtxBNUqejQUj
/eFdi8Z1SFOHHDvdYKGVRRm70uq6BqfYcsLfLcgd7uEDkvz0Zcy7SF11hY67z8QU
ood0eyyuBhuZjxzZN+5No9UkRf2BKfjXUex/wr2AnuqF2xYcGYC76tFKeAUbOc6s
YF+SdfDoQVys3o6EhYj6hj9s1viepu41tpnOB8ldBE2B/Gyn0iq/ipj05rsMKIRp
ivefoSb7KG1O6aesJ/n7vUBY8VWiE3KBcRYoIotW5jNQ83Jb/e40ougpshzxeWYR
08PekcG+CAUlnfaF8f0+c3xuo2Q23MMpf6e3XqlNxCGBpwIn8NEtLw1qcLdKI9zG
x6zguGxEZDIoGYC0kjmP+PNAjrJmNVHutcJODgK73H4zNvY1O6Kg+dOBLrwkqXh5
Um6RRDzOcEWsGMHg0akPHWaaAt7slCvtTXLMtzMysHR1mkihqAbzq6Zr0QoGjekz
j20fC8o8bArX9cCDO71F
=jYJY
-----END PGP SIGNATURE-----
Merge tag 'dmaengine-fix-4.4' of git://git.infradead.org/users/vkoul/slave-dma
Pull dmaengine fixes from Vinod Koul:
"Late fixes for 4.4 are three fixes for drivers which include a revert
of mic-x100 fix which is causing regression, xgene fix for double IRQ
and async_tx fix to use GFP_NOWAIT"
* tag 'dmaengine-fix-4.4' of git://git.infradead.org/users/vkoul/slave-dma:
dmaengine: xgene-dma: Fix double IRQ issue by setting IRQ_DISABLE_UNLAZY flag
async_tx: use GFP_NOWAIT rather than GFP_IO
dmaengine: Revert "dmaengine: mic_x100: add missing spin_unlock"
Pull dmi fix from Jean Delvare.
* 'dmi-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging:
firmware: dmi_scan: Fix UUID endianness for SMBIOS >= 2.6
A slightly higher volume than a new year's wish, but not too
worrisome: a large LOC is only for HD-audio device-specific quirks,
so fairly safe to apply. The rest ASoC fixes are all trivial and
small; a simple replacement of mutex call with nested lock version,
a few Arizona and Realtek codec fixes, and a regression fix for
Skylake firmware handling.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAABCAAGBQJWjmpaAAoJEGwxgFQ9KSmkypcP/AsZgxRp9kU7xBKcymZR6ldi
OtXse9Irie7/Da23v98VfOmC0SF1RYDnEO+yDi3ud31ZGyqcwCMBrcO1ZrvuQw1w
3LDsUdVsOJyD2bK/u9pDy+HfZQ62I+IVN/lwQ3eA4fimxae5M+6Ptt4q6tAiOVul
mk6sf+aVIIpGRJDV0icVj+S+N1o05PhukEPCrzi8NgLjN6QYwOeaIEQa6/ymZjfe
mcYG7SQsyyxGtdDpGEebZtQJVxmYY93qnLDykikLsNquCJKRX4GGWZqZn2dVF73M
afZWt921+CvPdLIabQYgjPpqMniFR/XbGXuXYhLtADbb806SFmy68Dvfs29u9qDH
ZwmsMcvwx/CjeyuZGicbjlApND9pA5RHGkL4qE2hCxkrrBrfWPfVKsa5DKUMthiy
vIUTBQohgMQE+H1N6S1vd+4itnUdMaxhF4+yV1oIzHtAo1m+bHR6Mzein3O9lS9o
7ch028nrhDZZZNOMl3vsbCS8R9KAXKSpojwgCZ94QwY8xSelXXiLQY05ggA1U5Bo
w7Uqnn3AnvGieORv3ZZ0TKEQSGO6rxMUB+L8PsrJEiC8F3tkSr9yYVQzXxo69Qhs
jQXAREwdwarugVj+ER8rIyFfJ9rd1+8yZT3oRr+WhmaXvuQ6CoGrQ/P0+VsMUSxC
RJKBEeGjaFRhc2NedGO7
=XSAp
-----END PGP SIGNATURE-----
Merge tag 'sound-4.4' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound
Pull sound fixes from Takashi Iwai:
"A slightly higher volume than a new year's wish, but not too
worrisome: a large LOC is only for HD-audio device-specific quirks, so
fairly safe to apply. The rest ASoC fixes are all trivial and small;
a simple replacement of mutex call with nested lock version, a few
Arizona and Realtek codec fixes, and a regression fix for Skylake
firmware handling"
* tag 'sound-4.4' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
ASoC: Intel: Skylake: Fix the memory leak
ASoC: Intel: Skylake: Revert previous broken fix memory leak fix
ASoC: Use nested lock for snd_soc_dapm_mutex_lock
ASoC: rt5645: add sys clk detection
ALSA: hda - Add keycode map for alc input device
ALSA: hda - Add mic mute hotkey quirk for Lenovo ThinkCentre AIO
ASoC: arizona: Fix bclk for sample rates that are multiple of 4kHz
on Nokia N900.
Looks like we have a GPMC bus timing bug that has gone unnoticed
because of bootloader configured registers until few days ago. We
are not detecting the onenand clock rate properly unless we have
CONFIG_OMAP_GPMC_DEBUG set and this causes onenand corruption
that can be easily be reproduced.
There seems to be also an additional bug still lurking around for
onenand corruption. But that is still being investigated and
it does not seem to be GPMC timings related.
Meanwhile, it would be good to get this fix into v4.4 to prevent
wrong timings from corrupting onenand.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJWj+LZAAoJEBvUPslcq6VzRwMQAN9cxwbGblHuEnt22GJEQNUP
XRgAB6j00zKugAYg5QCXihZf+SgQuvI8VeB+BeI0K0vL0zNnLlF/jiKYg1fwzDvr
jcKx8dKbcfI7idWtNP2DL1nWe9dDjT+hBye3xH/DavXFcvFiuMLrBtbZ2WO1zPn7
MYADo5jh+X3/Cl+9okS0q7ZblaZ+txs+8dl87bIkup96A2hYw/Zp+h4H7PcnJbFn
4YyOVMsHwTUeCXCbcd5aDZvENN4uhXYFZXo1glrB4GePz7F7ST+vgUZkhuSqI4Z0
vwRpYPjLtZfsvW9SWodMLt7r7qIKYbEX7ATtjYIV2QLa8QL14KUZLFk35VgXGCA5
WciP3UeNQrzQPUSnDfthYDVDWV50EbrN0Tw3/f+xo4RDGYfMZ5A26jZsJavHaEHj
stB0EGy72RkqUJmCqquP3X2k1W2JsFbhI/WKyHxZspOuvadFzbfW5Rz8I1ad6+68
b485s5qPLYpufZj5+03wAnuCJBVz8A6x6qAZqi2sIaHbqa8H0b0/u85Svrfe0y45
PxxwLbjipWy2/FCTicJL3HiboSGdJoXXO6ru65oEqG7J6BFGk/607QCSpEB3FWbW
jx/4WbdMcsoPgqlbFoCG5TSPD7esMdhBNlZirZiAvRoPeSdmQVOy230dLn7Cek7z
3ws+XPHWsOSgATpwvE//
=QtBl
-----END PGP SIGNATURE-----
Merge tag 'omap-for-v4.4/onenand-corruption' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap into fixes
Pull "urgent onenand file system corruption fix for n900" from Tony Lindgren:
Last minute urgent pull request to prevent file system corruption
on Nokia N900.
Looks like we have a GPMC bus timing bug that has gone unnoticed
because of bootloader configured registers until few days ago. We
are not detecting the onenand clock rate properly unless we have
CONFIG_OMAP_GPMC_DEBUG set and this causes onenand corruption
that can be easily be reproduced.
There seems to be also an additional bug still lurking around for
onenand corruption. But that is still being investigated and
it does not seem to be GPMC timings related.
Meanwhile, it would be good to get this fix into v4.4 to prevent
wrong timings from corrupting onenand.
* tag 'omap-for-v4.4/onenand-corruption' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap:
ARM: OMAP2+: Fix onenand rate detection to avoid filesystem corruption
This reverts commit d380561113.
If we end up splitting on the first segment, we don't adjust
the sector count. That results in hitting a BUG() with attempting
to split 0 sectors.
As this is just a performance issue and not a regression since
4.3 release, let's just rever this change. That gives us more
time to test a real fix for 4.5, which would be marked for
stable anyway.
Mark the dra7xx PCI host driver as broken. This driver was first merged in
v3.17 and has never worked. Although the driver compiles just fine, it is
missing an essential device reset. If the driver is included, the kernel
locks up hard shortly after booting, before any console output appears.
Signed-off-by: Richard Cochran <richardcochran@gmail.com>
Signed-off-by: Bjorn Helgaas <bhelgaas@google.com>
The dmi_ver wasn't updated correctly before the dmi_decode method run
to save the uuid.
That resulted in "dmidecode -s system-uuid" and
/sys/class/dmi/id/product_uuid disagreeing. The latter was buggy and
this fixes it.
Reported-by: Federico Simoncelli <fsimonce@redhat.com>
Fixes: 9f9c9cbb60 ("drivers/firmware/dmi_scan.c: fetch dmi version from SMBIOS if it exists")
Fixes: 79bae42d51 ("dmi_scan: refactor dmi_scan_machine(), {smbios,dmi}_present()")
Signed-off-by: Andrea Arcangeli <aarcange@redhat.com>
Signed-off-by: Jean Delvare <jdelvare@suse.de>
The dn->name is expected to be used as a literal, so add the missing
"%s".
Fixes: 263b4c1a64 (ACPI / property: Expose data-only subnodes via sysfs)
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Pull drm nouveau fix from Dave Airlie:
"Still not back to work, but I decided to forward this fix"
* 'drm-fixes' of git://people.freedesktop.org/~airlied/linux:
drm/nouveau/gr/nv40: fix oops in interrupt handler
The patches include fixes for:
* Two build issues, one in the ipmmu-vmsa driver and one for the
new generic dma-api implemention used on arm64
* A performance fix for said dma-api implemention
* An issue caused by a wrong offset in map_sg in the same code
as above
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAABAgAGBQJWjrtUAAoJECvwRC2XARrjBs8P/i+KWbiFqDDnlpk492OAib75
IlCWw9IydVbn0foshZg5isZyx6UP2t4PoNeK2JLrN48BKw6fs3AFzPMXF7ur6/o5
UP/S/RsdC8zcy12GvrCONQl2SYqnENvMjZZwtjmobYYrRISJ2RYHNND5VjTwofqh
SitxPB9/g4MlD8dwFKgkgkA4jEwN8klbkm7qGBq3zeuDY7Gk8SVep+rRTnlXnk50
6vJVPVvfYD+HIdvNwIQp+Y6iFzLE2aNP090Rq33xHjBNuIgvkpEXE7XPjsKvdC5I
LbWskbwiUPoviX3ti283Zoijv45My6i9lzn2n2ESOp6JpZb4KytRoWbLhtJ3TvjO
vTxBqbhj9iok770xecaNpIg9Of5evVRsOpGLwWxpzH/bwzlqtIGvRi+pzFC1atB9
ye9djC6uA7mUVgHG5XZXH1dO3sHk4AxqnDvzv9N6jZC1Cvp+7NVBRdr7QtVRojnY
e7cc+DwoZr48bad4WtbiIjRxYRXue6+QjlD02WfqHpiHa3R9mguCyVeFxQzp1JRL
6QbCzuqqhdR0ie7dDAn30xQXsBzfiHyShlWn8B3z7JshV3vh3BPNVVOFVQMpMt56
Wlgmry68r0W/HR1R6UuU+EoaBD7NSTBTZvL8illod/esMz6LMnGgPphm8dBvlGrb
2WtGtIuqA5RvOJGI4aVC
=AFI4
-----END PGP SIGNATURE-----
Merge tag 'iommu-fixes-v4.4-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu
Pull IOMMU fixes from Joerg Roedel:
- Two build issues, one in the ipmmu-vmsa driver and one for the new
generic dma-api implemention used on arm64
- A performance fix for said dma-api implemention
- An issue caused by a wrong offset in map_sg in the same code as above
* tag 'iommu-fixes-v4.4-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu:
iommu/dma: Use correct offset in map_sg
iommu/ipmmu-vmsa: Don't truncate ttbr if LPAE is not enabled
iommu/dma: Avoid unlikely high-order allocations
iommu/dma: Add some missing #includes
ftrace_module_init() and do_init_module() that the allocations made
in ftrace_module_init() will not be freed, resulting in a memory leak.
The solution is to call ftrace_release_mod() on the failing module in
the fail path befor do_init_module() is called. This will remove any
allocations made for that module, and nothing if ftrace_module_init()
wasn't called yet for that module.
Note, once do_init_module() is called, the MODULE_GOING notifiers are
called for the failed module, which calls into the ftrace code to do the
proper clean up (basically calling ftrace_release_mod()).
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJWjqzAAAoJEKKk/i67LK/8WgIH/3OTlOqrr527nodzj5glLgyn
GJRyQcI2VNq1m63KjWRO1QtH0OPIB/kFEyBVruNb3FEU3jQHgUNOk5whDkiOdcbp
yXBXkTkhyNOSAUxm95drUkEQiwDScfU6FjUy2dQjdyi4+86sYKRP+FIdL6B1Q5vk
M2w2JRVe2HU5RnONf63AUPcRRA+PbUqGk3S9i+HwOfCMqVEEoayRVmxibTnlEsba
YCf6d1ppzimd4c2FcyCnoyFGkfDUZWDQw2RFdWaEtOTKTzFz25hMebw4omwMQ9pt
gdbve/sY2e9BI4yHIew+tmDDWqfT8ejpXhn/eOzWd074HD7hzxU7xfd2UXZRD7w=
=x94j
-----END PGP SIGNATURE-----
Merge tag 'trace-v4.4-rc4-4' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace
Pull ftrace fix from Steven Rostedt:
"PeiyangX Qiu reported that if a module fails to load between calling
ftrace_module_init() and do_init_module() that the allocations made in
ftrace_module_init() will not be freed, resulting in a memory leak.
The solution is to call ftrace_release_mod() on the failing module in
the fail path befor do_init_module() is called. This will remove any
allocations made for that module, and nothing if ftrace_module_init()
wasn't called yet for that module.
Note, once do_init_module() is called, the MODULE_GOING notifiers are
called for the failed module, which calls into the ftrace code to do
the proper clean up (basically calling ftrace_release_mod())"
* tag 'trace-v4.4-rc4-4' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
ftrace/module: Call clean up function when module init fails early
If the module init code fails after calling ftrace_module_init() and before
calling do_init_module(), we can suffer from a memory leak. This is because
ftrace_module_init() allocates pages to store the locations that ftrace
hooks are placed in the module text. If do_init_module() fails, it still
calls the MODULE_GOING notifiers which will tell ftrace to do a clean up of
the pages it allocated for the module. But if load_module() fails before
then, the pages allocated by ftrace_module_init() will never be freed.
Call ftrace_release_mod() on the module if load_module() fails before
getting to do_init_module().
Link: http://lkml.kernel.org/r/567CEA31.1070507@intel.com
Reported-by: "Qiu, PeiyangX" <peiyangx.qiu@intel.com>
Fixes: a949ae560a "ftrace/module: Hardcode ftrace_module_init() call into load_module()"
Cc: stable@vger.kernel.org # v2.6.38+
Acked-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
Since WM8650 has the same 'WMT' SDHC controller as WM8505, and the driver
is already in the kernel, this node enables the controller support for
WM8650
Signed-off-by: Roman Volkov <rvolkov@v1ros.org>
Reviewed-by: Alexey Charkov <alchark@gmail.com>
Cc: stable@vger.kernel.org
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Commit 69fb4dcada ("power: Add an axp20x-usb-power driver") introduced a
new driver for the USB power supply used on various Allwinner based SBCs.
However, the driver was not added to multi_v7_defconfig which breaks USB
support for some boards (e.g. LeMaker BananaPi) as the kernel will now
turn off the USB power supply during boot by default if the driver isn't
present. (This was not the case in linux 4.3 or lower where the USB power
was always left on.)
Hence, add the driver to multi_v7_defconfig in order to keep USB support
working on those boards that require it.
Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
Tested-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
Acked-by: Maxime Ripard <maxime.ripard@free-electrons.com>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
While setting the KVM PIT counters in 'kvm_pit_load_count', if
'hpet_legacy_start' is set, the function disables the timer on
channel[0], instead of the respective index 'channel'. This is
because channels 1-3 are not linked to the HPET. Fix the caller
to only activate the special HPET processing for channel 0.
Reported-by: P J P <pjp@fedoraproject.org>
Fixes: 0185604c2d
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
When mapping a non-page-aligned scatterlist entry, we copy the original
offset to the output DMA address before aligning it to hand off to
iommu_map_sg(), then later adding the IOVA page address portion to get
the final mapped address. However, when the IOVA page size is smaller
than the CPU page size, it is the offset within the IOVA page we want,
not that within the CPU page, which can easily be larger than an IOVA
page and thus result in an incorrect final address.
Fix the bug by taking only the IOVA-aligned part of the offset as the
basis of the DMA address, not the whole thing.
Signed-off-by: Robin Murphy <robin.murphy@arm.com>
Signed-off-by: Joerg Roedel <jroedel@suse.de>
For interrupt controller that doesn't support irq_disable and hardware
with level interrupt, an extra interrupt can be pending. This patch fixes
the issue by setting IRQ_DISABLE_UNLAZY flag for the interrupt line.
Reference: http://git.kernel.org/tip/e9849777d0e27cdd2902805be51da73e7c79578c
Signed-off-by: Rameshwar Prasad Sahu <rsahu@apm.com>
Signed-off-by: Vinod Koul <vinod.koul@intel.com>
These async_XX functions are called from md/raid5 in an atomic
section, between get_cpu() and put_cpu(), so they must not sleep.
So use GFP_NOWAIT rather than GFP_IO.
Dan Williams writes: Longer term async_tx needs to be merged into md
directly as we can allocate this unmap data statically per-stripe
rather than per request.
Fixed: 7476bd79fc ("async_pq: convert to dmaengine_unmap_data")
Cc: stable@vger.kernel.org (v3.13+)
Reported-and-tested-by: Stanislav Samsonov <slava@annapurnalabs.com>
Acked-by: Dan Williams <dan.j.williams@intel.com>
Signed-off-by: NeilBrown <neilb@suse.com>
Signed-off-by: Vinod Koul <vinod.koul@intel.com>
Commit 0976c946a6
"arm/versatile: Fix versatile irq specifications"
has an off-by-one error on the Versatile AB that has
been regressing the Versatile AB hardware for some time.
However it seems like the interrupt assignments have
never been correct and I have now adjusted them according
to the specification. The masks for the valid interrupts
made it impossible to assign the right SIC interrupt
for the MMCI, so I went in and fixed these to correspond
to the specifications, and added references if anyone
wants to double-check.
Due to the Versatile PB including the Versatile AB
as a base DTS file, we need to override and correct
some values to correspond to the actual changes in the
hardware.
For the Versatile PB I don't think the IRQ line
assignment for MMCI has ever been correct for either of
the two MMCI blocks. It would be nice if someone with the
physical PB board could test this.
Patch tested on the Versatile AB, QEMU for Versatile AB
and QEMU for Versatile PB.
Cc: Rob Herring <robh@kernel.org>
Cc: Grant Likely <grant.likely@linaro.org>
Cc: stable@vger.kernel.org
Fixes: 0976c946a6 ("arm/versatile: Fix versatile irq specifications")
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Olof Johansson <olof@lixom.net>
The Nomadik has sporadic crashes because of these latencies, setting
them to max makes the platform work nicely, so use this values for
now.
These latencies were set to 2 since the Nomadik platform was merged,
but I suspect they never took effect until the right size and
associativity for the cache was specified in the device tree and
that is why the crash comes now.
Cc: stable@vger.kernel.org
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Signed-off-by: Olof Johansson <olof@lixom.net>
reported mid cycle. Unfortunately, some of them took a bit long to get proper
testing and feedback.
* Assign the default MTD name earlier in the registration process, so
partition parsers (like cmdlinepart) see the right name. Without this, some
systems may come up with unpartitioned flash. This was a v4.4-rc1
regression.
* Revert some new Winbond SPI NOR flash unlocking/locking support; new code in
v4.4 caused regressions on some Spansion flash.
* Fix mis-typed parameter ordering in SPI NOR unlock function; this bug was
introduced in v4.4-rc1.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJWjc+bAAoJEFySrpd9RFgt0vcP/ilmoZGwbKhOY9eYK00N6kzK
qzNWWZtinlS/T+H8GAHK1+K/+KroREiQ7EY9pob1QpJMZ6UBTNslVKCTEieMIXFV
KoVlOj9rVAD4Aaldh+oWDQ2hggUxNMIrtDvR6D2PJIpCfMeQkB4ZgVeSeQbBFTif
/tIvv06Pdnngrv6Zq/xpWCqEMjrrI/rsZG0yGhlw96want+vF8Lxs16dVdn8U4cW
x3b6K9WhFEW0s4kQzoHRjmNZK36TRVBa/AZrzNXdbDjSF5Sbc3WqUw6OTDD14Pke
Pmy6oflRe5Zt+gajnTuqi8BANaXbXuzXg69hFZSrTW3BRxZaaw0/EHNtkloQqQfG
/IQWUeO5UywJ8UZavhGCzzZYrcUTz7nARy9GBtXq9ke1CMRUzPKTPw8qD6sGleFw
ruMkybKojvm4Jl95u1/Uxeiy/UC7Dy+DxL1btLrjz8dJrp5gZ74mYeueR73NGJQm
2nShsIP3OHoZs/VOD7bpwqjchIqtO0RCYgNefP0stOWL1Zmgq78Ss8+U8nSdwwbh
lgBxV76g1EC2UUkm15dAtTSsJuoHAHJPZ5EoYy4JPa8deKi44DHDTYyKzirpA/ib
QyCA3MjCCfpPw82UHAhOsmxXpEaoAlAtQIztowePew7iiJBSJr40KkCz8ibbV+n0
9dRGZoee9/MSTnHGPpnR
=xE25
-----END PGP SIGNATURE-----
Merge tag 'for-linus-20160106' of git://git.infradead.org/linux-mtd
Pull MTD fixes from Brian Norris:
"Three last MTD fixes for v4.4. These are all fixes for regressions
and bugs reported mid cycle. Unfortunately, some of them took a bit
long to get proper testing and feedback.
- Assign the default MTD name earlier in the registration process, so
partition parsers (like cmdlinepart) see the right name. Without
this, some systems may come up with unpartitioned flash. This was
a v4.4-rc1 regression.
- Revert some new Winbond SPI NOR flash unlocking/locking support;
new code in v4.4 caused regressions on some Spansion flash.
- Fix mis-typed parameter ordering in SPI NOR unlock function; this
bug was introduced in v4.4-rc1"
* tag 'for-linus-20160106' of git://git.infradead.org/linux-mtd:
mtd: spi-nor: fix stm_is_locked_sr() parameters
mtd: spi-nor: fix Spansion regressions (aliased with Winbond)
mtd: fix cmdlinepart parser, early naming for auto-filled MTD
Pull networking fixes from David Miller:
"As usual, there are a couple straggler bug fixes:
1) qlcnic_alloc_mbx_args() error returns are not checked in qlcnic
driver. Fix from Insu Yun.
2) SKB refcounting bug in connector, from Florian Westphal.
3) vrf_get_saddr() has to propagate fib_lookup() errors to it's
callers, from David Ahern.
4) Fix AF_UNIX splice/bind deadlock, from Rainer Weikusat.
5) qdisc_rcu_free() fails to free the per-cpu qstats. Fix from John
Fastabend.
6) vmxnet3 driver passes wrong page to dma_map_page(), fix from
Shrikrishna Khare.
7) Don't allow zero cwnd in tcp_cwnd_reduction(), from Yuchung Cheng"
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net:
tcp: fix zero cwnd in tcp_cwnd_reduction
Driver: Vmxnet3: Fix regression caused by 5738a09
net: qmi_wwan: Add WeTelecom-WPD600N
mkiss: fix scribble on freed memory
net: possible use after free in dst_release
net: sched: fix missing free per cpu on qstats
ARM: net: bpf: fix zero right shift
6pack: fix free memory scribbles
net: filter: make JITs zero A for SKF_AD_ALU_XOR_X
bridge: Only call /sbin/bridge-stp for the initial network namespace
af_unix: Fix splice-bind deadlock
net: Propagate lookup failure in l3mdev_get_saddr to caller
r8152: add reset_resume function
connector: bump skb->users before callback invocation
cxgb4: correctly handling failed allocation
qlcnic: correctly handle qlcnic_alloc_mbx_args
Patch 3759824da8 ("tcp: PRR uses CRB mode by default and SS mode
conditionally") introduced a bug that cwnd may become 0 when both
inflight and sndcnt are 0 (cwnd = inflight + sndcnt). This may lead
to a div-by-zero if the connection starts another cwnd reduction
phase by setting tp->prior_cwnd to the current cwnd (0) in
tcp_init_cwnd_reduction().
To prevent this we skip PRR operation when nothing is acked or
sacked. Then cwnd must be positive in all cases as long as ssthresh
is positive:
1) The proportional reduction mode
inflight > ssthresh > 0
2) The reduction bound mode
a) inflight == ssthresh > 0
b) inflight < ssthresh
sndcnt > 0 since newly_acked_sacked > 0 and inflight < ssthresh
Therefore in all cases inflight and sndcnt can not both be 0.
We check invalid tp->prior_cwnd to avoid potential div0 bugs.
In reality this bug is triggered only with a sequence of less common
events. For example, the connection is terminating an ECN-triggered
cwnd reduction with an inflight 0, then it receives reordered/old
ACKs or DSACKs from prior transmission (which acks nothing). Or the
connection is in fast recovery stage that marks everything lost,
but fails to retransmit due to local issues, then receives data
packets from other end which acks nothing.
Fixes: 3759824da8 ("tcp: PRR uses CRB mode by default and SS mode conditionally")
Reported-by: Oleksandr Natalenko <oleksandr@natalenko.name>
Signed-off-by: Yuchung Cheng <ycheng@google.com>
Signed-off-by: Neal Cardwell <ncardwell@google.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>