Commit Graph

663114 Commits

Author SHA1 Message Date
David Rientjes
460bcec84e mm, swap_cgroup: reschedule when neeed in swap_cgroup_swapoff()
We got need_resched() warnings in swap_cgroup_swapoff() because
swap_cgroup_ctrl[type].length is particularly large.

Reschedule when needed.

Link: http://lkml.kernel.org/r/alpine.DEB.2.10.1704061315270.80559@chino.kir.corp.google.com
Signed-off-by: David Rientjes <rientjes@google.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Vladimir Davydov <vdavydov.dev@gmail.com>
Cc: KAMEZAWA Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2017-04-08 00:47:49 -07:00
Ross Zwisler
e11f8b7b6c dax: fix radix tree insertion race
While running generic/340 in my test setup I hit the following race.  It
can happen with kernels that support FS DAX PMDs, so v4.10 thru
v4.11-rc5.

Thread 1				Thread 2
--------				--------
dax_iomap_pmd_fault()
  grab_mapping_entry()
    spin_lock_irq()
    get_unlocked_mapping_entry()
    'entry' is NULL, can't call lock_slot()
    spin_unlock_irq()
    radix_tree_preload()
					dax_iomap_pmd_fault()
					  grab_mapping_entry()
					    spin_lock_irq()
					    get_unlocked_mapping_entry()
					    ...
					    lock_slot()
					    spin_unlock_irq()
					  dax_pmd_insert_mapping()
					    <inserts a PMD mapping>
    spin_lock_irq()
    __radix_tree_insert() fails with -EEXIST
    <fall back to 4k fault, and die horribly
     when inserting a 4k entry where a PMD exists>

The issue is that we have to drop mapping->tree_lock while calling
radix_tree_preload(), but since we didn't have a radix tree entry to
lock (unlike in the pmd_downgrade case) we have no protection against
Thread 2 coming along and inserting a PMD at the same index.  For 4k
entries we handled this with a special-case response to -EEXIST coming
from the __radix_tree_insert(), but this doesn't save us for PMDs
because the -EEXIST case can also mean that we collided with a 4k entry
in the radix tree at a different index, but one that is covered by our
PMD range.

So, correctly handle both the 4k and 2M collision cases by explicitly
re-checking the radix tree for an entry at our index once we reacquire
mapping->tree_lock.

This patch has made it through a clean xfstests run with the current
v4.11-rc5 based linux/master, and it also ran generic/340 500 times in a
loop.  It used to fail within the first 10 iterations.

Link: http://lkml.kernel.org/r/20170406212944.2866-1-ross.zwisler@linux.intel.com
Signed-off-by: Ross Zwisler <ross.zwisler@linux.intel.com>
Cc: "Darrick J. Wong" <darrick.wong@oracle.com>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Dan Williams <dan.j.williams@intel.com>
Cc: Jan Kara <jack@suse.cz>
Cc: Matthew Wilcox <mawilcox@microsoft.com>
Cc: <stable@vger.kernel.org>    [4.10+]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2017-04-08 00:47:49 -07:00
David Rientjes
4fad7fb6b0 mm, thp: fix setting of defer+madvise thp defrag mode
Setting thp defrag mode of "defer+madvise" actually sets "defer" in the
kernel due to the name similarity and the out-of-order way the string is
checked in defrag_store().

Check the string in the correct order so that
TRANSPARENT_HUGEPAGE_DEFRAG_KSWAPD_OR_MADV_FLAG is set appropriately for
"defer+madvise".

Fixes: 21440d7eb9 ("mm, thp: add new defer+madvise defrag option")
Link: http://lkml.kernel.org/r/alpine.DEB.2.10.1704051814420.137626@chino.kir.corp.google.com
Signed-off-by: David Rientjes <rientjes@google.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Acked-by: Vlastimil Babka <vbabka@suse.cz>
Cc: Mel Gorman <mgorman@techsingularity.net>
Cc: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2017-04-08 00:47:48 -07:00
bsegall@google.com
5402e97af6 ptrace: fix PTRACE_LISTEN race corrupting task->state
In PT_SEIZED + LISTEN mode STOP/CONT signals cause a wakeup against
__TASK_TRACED.  If this races with the ptrace_unfreeze_traced at the end
of a PTRACE_LISTEN, this can wake the task /after/ the check against
__TASK_TRACED, but before the reset of state to TASK_TRACED.  This
causes it to instead clobber TASK_WAKING, allowing a subsequent wakeup
against TRACED while the task is still on the rq wake_list, corrupting
it.

Oleg said:
 "The kernel can crash or this can lead to other hard-to-debug problems.
  In short, "task->state = TASK_TRACED" in ptrace_unfreeze_traced()
  assumes that nobody else can wake it up, but PTRACE_LISTEN breaks the
  contract. Obviusly it is very wrong to manipulate task->state if this
  task is already running, or WAKING, or it sleeps again"

[akpm@linux-foundation.org: coding-style fixes]
Fixes: 9899d11f ("ptrace: ensure arch_ptrace/ptrace_request can never race with SIGKILL")
Link: http://lkml.kernel.org/r/xm26y3vfhmkp.fsf_-_@bsegall-linux.mtv.corp.google.com
Signed-off-by: Ben Segall <bsegall@google.com>
Acked-by: Oleg Nesterov <oleg@redhat.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2017-04-08 00:47:48 -07:00
Jessica Yu
d79bf21e0e vmlinux.lds: add missing VMLINUX_SYMBOL macros
When __{start,end}_ro_after_init is referenced from C code, we run into
the following build errors on blackfin:

  kernel/extable.c:169: undefined reference to `__start_ro_after_init'
  kernel/extable.c:169: undefined reference to `__end_ro_after_init'

The build error is due to the fact that blackfin is one of the few
arches that prepends an underscore '_' to all symbols defined in C.

Fix this by wrapping __{start,end}_ro_after_init in vmlinux.lds.h with
VMLINUX_SYMBOL(), which adds the necessary prefix for arches that have
HAVE_UNDERSCORE_SYMBOL_PREFIX.

Link: http://lkml.kernel.org/r/1491259387-15869-1-git-send-email-jeyu@redhat.com
Signed-off-by: Jessica Yu <jeyu@redhat.com>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Eddie Kovsky <ewk@edkovsky.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2017-04-08 00:47:48 -07:00
Alexander Polakov
1f06b81aea mm/page_alloc.c: fix print order in show_free_areas()
Fixes: 11fb998986 ("mm: move most file-based accounting to the node")
Link: http://lkml.kernel.org/r/1490377730.30219.2.camel@beget.ru
Signed-off-by: Alexander Polyakov <apolyakov@beget.com>
Acked-by: Michal Hocko <mhocko@suse.com>
Cc: Mel Gorman <mgorman@techsingularity.net>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: <stable@vger.kernel.org>	[4.8+]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2017-04-08 00:47:48 -07:00
Mike Rapoport
045098e944 userfaultfd: report actual registered features in fdinfo
fdinfo for userfault file descriptor reports UFFD_API_FEATURES.  Up
until recently, the UFFD_API_FEATURES was defined as 0, therefore
corresponding field in fdinfo always contained zero.  Now, with
introduction of several additional features, UFFD_API_FEATURES is not
longer 0 and it seems better to report actual features requested for the
userfaultfd object described by the fdinfo.

First, the applications that were using userfault will still see zero at
the features field in fdinfo.  Next, reporting actual features rather
than available features, gives clear indication of what userfault
features are used by an application.

Link: http://lkml.kernel.org/r/1491140181-22121-1-git-send-email-rppt@linux.vnet.ibm.com
Signed-off-by: Mike Rapoport <rppt@linux.vnet.ibm.com>
Reviewed-by: Andrea Arcangeli <aarcange@redhat.com>
Cc: Pavel Emelyanov <xemul@virtuozzo.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2017-04-08 00:47:48 -07:00
Hugh Dickins
d75450ff40 mm: fix page_vma_mapped_walk() for ksm pages
Doug Smythies reports oops with KSM in this backtrace, I've been seeing
the same:

  page_vma_mapped_walk+0xe6/0x5b0
  page_referenced_one+0x91/0x1a0
  rmap_walk_ksm+0x100/0x190
  rmap_walk+0x4f/0x60
  page_referenced+0x149/0x170
  shrink_active_list+0x1c2/0x430
  shrink_node_memcg+0x67a/0x7a0
  shrink_node+0xe1/0x320
  kswapd+0x34b/0x720

Just as observed in commit 4b0ece6fa0 ("mm: migrate: fix
remove_migration_pte() for ksm pages"), you cannot use page->index
calculations on ksm pages.

page_vma_mapped_walk() is relying on __vma_address(), where a ksm page
can lead it off the end of the page table, and into whatever nonsense is
in the next page, ending as an oops inside check_pte()'s pte_page().

KSM tells page_vma_mapped_walk() exactly where to look for the page, it
does not need any page->index calculation: and that's so also for all
the normal and file and anon pages - just not for THPs and their
subpages.  Get out early in most cases: instead of a PageKsm test, move
down the earlier not-THP-page test, as suggested by Kirill.

I'm also slightly worried that this loop can stray into other vmas, so
added a vm_end test to prevent surprises; though I have not imagined
anything worse than a very contrived case, in which a page mlocked in
the next vma might be reclaimed because it is not mlocked in this vma.

Fixes: ace71a19ce ("mm: introduce page_vma_mapped_walk()")
Link: http://lkml.kernel.org/r/alpine.LSU.2.11.1704031104400.1118@eggly.anvils
Signed-off-by: Hugh Dickins <hughd@google.com>
Reported-by: Doug Smythies <dsmythies@telus.net>
Tested-by: Doug Smythies <dsmythies@telus.net>
Reviewed-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2017-04-08 00:47:48 -07:00
Linus Torvalds
81d4bab4ce - Two stable@ fixes for the verity target's FEC support
- A stable@ fix for raid target's raid1 support (when no bitmap is used)
 
 - A 4.11 cache metadata v2 format fix to properly test blocks are clean
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJY56smAAoJEMUj8QotnQNa3xYH/39l25eGzam0cnITa31cX9uu
 lb+oWnqbgvbd65HZr2QPu9RO8LQMK9wxw40wapyYTEnkDfgeW+hmwYo3BUZ0IpdT
 Ry39KGCGaxk3L3cATSgtZT18AsWRHmKqlHLf6y98RdeFLVb3lyUFllkLF9r3M2ep
 1Ga2MiMJYffaiTsSKxwZQG3XG7mq9MNfRnCehGAQwjGgWL3EsYHNsq+Hosn/tdtZ
 2D7BvAMr2X+3xEUVevqL2dFmJ1D2tbJjtedeAKVOccErV/BofwWPUvTOFX8202+Y
 CUC9pW+hDQqpCm15Pr4N6oU4TeC4mHMwGK0SLWmoXkl3VDPbUUO3qC5AwKxsepA=
 =cWkE
 -----END PGP SIGNATURE-----

Merge tag 'dm-4.11-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm

Pull device mapper fixes from Mike Snitzer:

 - two stable fixes for the verity target's FEC support

 - a stable fix for raid target's raid1 support (when no bitmap is used)

 - a 4.11 cache metadata v2 format fix to properly test blocks are clean

* tag 'dm-4.11-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm:
  dm verity fec: fix bufio leaks
  dm raid: fix NULL pointer dereference for raid1 without bitmap
  dm cache metadata: fix metadata2 format's blocks_are_clean_separate_dirty
  dm verity fec: limit error correction recursion
2017-04-07 10:47:20 -07:00
Linus Torvalds
dc25ad3fe1 arm64 fixes:
- Restore previous SIGBUS behaviour for unhandled unaligned user accesses
 
 - Revert broken support for the contiguous bit in hugetlb (again...)
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABCgAGBQJY53foAAoJELescNyEwWM0ILEH/An3v6VSnbABDRxvXWkrTvKZ
 y4KoHVgSDqehrH8MysrrI7SlB5J5AEGjQI2SzI2InVS4j4Dd/kfqZMeZlo2Z2Idv
 KlC4FXb6QhRjJrrLCVIWCZxQL8gqP9KEI+DwB76a46WSYHHWP4ihtfYTxpTSAZbj
 mDHOmZ2udc/GjEpPzzPNOhXs0+1dEAHkQa+gW8T5HotQK+VVBwFTJKPXGNjm/YQa
 A1lLzYW/R9xRzAeEaJIGa6/jy6jJQ09vkXUdriibRi9qu7+A/xecgq3nb6puwT3j
 0BQqvVQ3eAEejlXA5L4xtdwNb3fhe8hK4pq9OgNnhSytntAtbSiqvGTHea03XKY=
 =d5YQ
 -----END PGP SIGNATURE-----

Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux

Pull arm64 fixes from Will Deacon:
 "We've got a regression fix for the signal raised when userspace makes
  an unsupported unaligned access and a revert of the contiguous
  (hugepte) support for hugetlb, which has once again been found to be
  broken. One day, maybe, we'll get it right.

  Summary:

   - restore previous SIGBUS behaviour for unhandled unaligned user
     accesses

   - revert broken support for the contiguous bit in hugetlb (again...)"

* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
  Revert "Revert "arm64: hugetlb: partial revert of 66b3923a1a0f""
  arm64: mm: unaligned access by user-land should be received as SIGBUS
2017-04-07 10:43:22 -07:00
Linus Torvalds
4f0d14b0c9 metag/usercopy: Fault handling fixes
These patches fix a bunch of longstanding (some over a decade old) metag
 user copy fault handling bugs. Thanks go to Al Viro for spotting some of
 the questionable code in the first place.
 -----BEGIN PGP SIGNATURE-----
 
 iQIcBAABCAAGBQJY5g8zAAoJEGwLaZPeOHZ6m8sP/3M5e2VPrtqK7u22QVrjIkOx
 XwtIRCbEFUf9XJhDATKnwraRcKlfespu3ibc2BrQ7e2FCa/Nx6nSipUIMW+zUmGX
 nu2DHnxh6rEEzHc5pBzmiUH8+AsoK5Q12jeQRu8PviCkn7QOOMFt6ZvOHltE0AOh
 OKycaZAbZnvgKQkYmAqxcakesALc0gSRmXLvxlIba7fnhR8fYhSCow3Fxf+DLBbh
 Hq7/7cRyZi/GNnYd0NNLVyifbZk2Xt3nfN9TadysCMc4InsYSz4uJycZZy2p/WW+
 feHJy0EUvDCRBggU7vgSpAd+7By7+tVSjGTH+dwDVwcP3ukFx6qZcu8dvrbyUoMK
 E2QBLb3DSOqPtRmjIq4AYrQUOnzCNwxDG7f02GQGFmV8VudNHUf6Y7W3xIZrT5Ke
 0Y+mcYN4ZN/g5rzBTgj5+zOMsQr1kRlBSGwt2LZq6G5oFk4ZvFXyO4pA7ZHLzP30
 cRuky9uRYvTBGzwa/vxkecjJ4w7xGZAgWHHtc9yPuetX81bJYTY2bQVeqlMvfCrb
 NzOsObBjqokkYqYe4ywaKhyxFo/Ks4X1LkvCepcj5CfcLvfFW6BuZFKw2WvPGGoB
 RSEhvWhtuok5eafb+6QDd6G2ZLo4wSnt5qbCjjWjW9sHLxWG88cOsCctq4mBT1tl
 Vnd2140H9FoAMY0H2xhc
 =MwhE
 -----END PGP SIGNATURE-----

Merge tag 'metag-for-v4.11-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/jhogan/metag

Pull metag usercopy fixes from James Hogan:
 "Metag usercopy fault handling fixes

  These patches fix a bunch of longstanding (some over a decade old)
  metag user copy fault handling bugs. Thanks go to Al Viro for spotting
  some of the questionable code in the first place"

* tag 'metag-for-v4.11-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/jhogan/metag:
  metag/usercopy: Add missing fixups
  metag/usercopy: Fix src fixup in from user rapf loops
  metag/usercopy: Set flags before ADDZ
  metag/usercopy: Zero rest of buffer from copy_from_user
  metag/usercopy: Add early abort to copy_to_user
  metag/usercopy: Fix alignment error checking
  metag/usercopy: Drop unused macros
2017-04-07 10:11:53 -07:00
Linus Torvalds
7ab661856b ACPI fix for v4.11-rc6
- Refine the check for the existence of _HID in find_child_checks()
    so that it doesn't trigger for device objects with device IDs
    made up by the kernel (Rafael Wysocki).
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQIcBAABCAAGBQJY531xAAoJEILEb/54YlRxyoMQAJ7wKKP1+1TBf+rIAb817cdp
 BBP8gPEmkEyTVaF8DkC4byLeIipbRHezq2sjChVM2uj+I1L9HnDg3lkbyISlH1h3
 UgS5/6Sg6aY+nEhNN6REZY/5es+tmUX5bLYsmttETLjluld02XbOQHPVlkY4HR8n
 o5qaMxR0sKSs9AhzWG+NLqSqTSL30uqKzxaBf7ZZPiKkKbOWctgv6ts5fKdXO8mx
 Z4FLvuRygva5L704jycGDJ/3W8gidrfi63n2QAoP5dIoc8UHfMEHVIMYxqW6HJkp
 AuZTk0zJ+KmawP+FIKAXBvPk+T4XIbzV6tWmQWmMJYuEwmilp0V4oGBIZdMdYklo
 zShQaUdpiEAsJswzQDbl6gyl2iGzeCbTgxzhPqP7h3Q7kl5igUYLw491b5S+vEPf
 Kw+eI0T14pnoyk569Abf4S25BBU5fsUiNuFBNncIZNKUd9+V7TKf8WVcxlP0BfBQ
 sCciwlAlb6R+Mxunv4pLSA3gqEdDPHfPNjS3VoWN/B23KY2YbHPk8vlXjClIVPXR
 lvtaZtInR2Ri4AlDMcFRYF7fdyMOxgN+qaLSClyCFuW1ZjyG6JPbjRoadjIgAfrO
 9B1CLiCngAYqw/QZLvAfp5ISxhR4y9WXrb9fbVCy86jPS3foKONbhe094d2V0EH8
 5s7qzE8c6a2URDjZL7sr
 =04+L
 -----END PGP SIGNATURE-----

Merge tag 'acpi-4.11-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm

Pull ACPI fix from Rafael Wysocki:
 "This fixes a core device enumeration code change made in 4.10, in
  order to address a reported issue, that went too far.

  Specifics:

   - Refine the check for the existence of _HID in find_child_checks()
     so that it doesn't trigger for device objects with device IDs made
     up by the kernel (Rafael Wysocki)"

* tag 'acpi-4.11-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
  ACPI / scan: Prefer devices without _HID for _ADR matching
2017-04-07 10:01:45 -07:00
Linus Torvalds
50bdd7a0c9 fix for 4.11 rc6
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQEcBAABAgAGBQJY5ysAAAoJELDendYovxMvEIoH/2Jl9vM9DzfdTxfyvSS0+i3/
 e3UTL4igNSBT5W4t3DL0o5IZ9e6LQ17j8VWqbpT8d6AzdvtW6xx4ZpulPuh/qTnA
 pHNUy9yPXr91k4KzSgV3ASaqxdBOIAq74t0u+BwpDjWV8Vok5oONxPf03vigfrKb
 jFLZfP0DilSI6YIsExtUqZhT1ydnG6mm0PMXGT5VfHgnotUVapSnZw8Ht/STXRbH
 SZ5a1QLcQxfFziFEmBGSOqIKLmA3TYpzBcbSVg4vjysdmf910C8tU6KFkdDhg8Gu
 3vWsjBpgxoAmdHYfElD3PDp1pyWTmKkF0jtJavcaNp0GOGD8f5jg1Rf/eozD9CA=
 =6Oc6
 -----END PGP SIGNATURE-----

Merge tag 'for-linus-4.11b-rc6-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip

Pull Xen fix from Juergen Gross:
 "A fix for error path cleanup in the xenbus handler"

* tag 'for-linus-4.11b-rc6-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
  xenbus: remove transaction holder from list before freeing
2017-04-07 09:58:01 -07:00
Liping Zhang
5380e5644a sysctl: don't print negative flag for proc_douintvec
I saw some very confusing sysctl output on my system:
  # cat /proc/sys/net/core/xfrm_aevent_rseqth
  -2
  # cat /proc/sys/net/core/xfrm_aevent_etime
  -10
  # cat /proc/sys/net/ipv4/tcp_notsent_lowat
  -4294967295

Because we forget to set the *negp flag in proc_douintvec, so it will
become a garbage value.

Since the value related to proc_douintvec is always an unsigned integer,
so we can set *negp to false explictily to fix this issue.

Fixes: e7d316a02f ("sysctl: handle error writing UINT_MAX to u32 fields")
Signed-off-by: Liping Zhang <zlpnobody@gmail.com>
Cc: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2017-04-07 09:46:44 -07:00
Liping Zhang
1680a3868f sysctl: add sanity check for proc_douintvec
Commit e7d316a02f ("sysctl: handle error writing UINT_MAX to u32
fields") introduced the proc_douintvec helper function, but it forgot to
add the related sanity check when doing register_sysctl_table.  So add
it now.

Signed-off-by: Liping Zhang <zlpnobody@gmail.com>
Cc: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2017-04-07 09:46:44 -07:00
Rafael J. Wysocki
dc752d54fd Merge branch 'acpi-scan-fixes'
* acpi-scan-fixes:
  ACPI / scan: Prefer devices without _HID for _ADR matching
2017-04-07 13:48:26 +02:00
Will Deacon
6ae979ab39 Revert "Revert "arm64: hugetlb: partial revert of 66b3923a1a0f""
The use of the contiguous bit by our hugetlb implementation violates
the break-before-make requirements of the architecture and can lead to
silent data corruption or TLB conflict aborts. Once again, disable these
hugetlb sizes whilst it gets worked out.

This reverts commit ab2e1b8923.

Conflicts:
	arch/arm64/mm/hugetlbpage.c

Signed-off-by: Will Deacon <will.deacon@arm.com>
2017-04-07 12:27:29 +01:00
Linus Torvalds
269c930e66 Changes since last update:
- Rework the inline directory verifier to avoid crashes on disk corruption
 - Don't change file size when punching holes w/ KEEP_SIZE
 - Close a kernel memory exposure bug
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABCgAGBQJY4qGYAAoJEPh/dxk0SrTr3mwQAIDqc1RlZThYETn5Mru9BeQ0
 NmiDbgO1394OSxSxpBVZCVW1jU23j3eXbOgO0oD8iEOySdTOwAoCxb78aYUkHsbS
 wKKvix2kprIfsAYfGW264MZjX2JYiBUTjhV8dYw9UB5Kot3TPvc+IgC7ICJtcb08
 y+/ycjbgMwlWxOQwkReaPhVYhKXa3/vqLBNN0E9oacSdpT10Mkb95RDxwFpe5zX2
 RjPYode8RHsoI9+OdvVwvbmPrvylxEt3jKZdnStRMjmAX/X2aUNVDYSCOSpNg+sz
 9kXec96kkoJ4oQVfiaEo0k4LWlTZnDSFe25CX8Gxu7yPgGt8XsnDADkieGBdVcYq
 2q3AfEpmQrYgnLFRu4D3A8KEX8IrP8MLAh/zY/heVp9fTx9uhDvnjF+f+F6mMYXF
 wzEf27RN+DeaXRLbHp35NOKPriT63JpRB/Hsgew6ibEiVPdy8J1+VYoJSohixr4d
 yryDiwtph25spMYxeH6HIiPCeWa6fMr08vwuasWJTEZirxYmF/ZEHTK/bU+ydlDp
 R9/UDTmiP0V10xO09bjLgFiREIO/b1fiOoniAMhhrT4tW2FL31hRpzl8jPZ++2X/
 W2xLMJ1iyVw/Cf1NDWGFIOFX6Y+lnN6dZHftNUno6MFlmdmajNaTbRTBiSGnPH4U
 URH7Dxpmkgp7xuNs8xqv
 =QdXx
 -----END PGP SIGNATURE-----

Merge tag 'xfs-4.11-fixes-3' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux

Pull XFS fixes from Darrick Wong:
 "Here are three more fixes for 4.11.

  The first one reworks the inline directory verifier to check the
  working copy of the directory metadata and to avoid triggering a
  periodic crash in xfs/348. The second patch fixes a regression in hole
  punching at EOF that corrupts files; and the third patch closes a
  kernel memory disclosure bug.

  Summary:

   - rework the inline directory verifier to avoid crashes on disk
     corruption

   - don't change file size when punching holes w/ KEEP_SIZE

   - close a kernel memory exposure bug"

* tag 'xfs-4.11-fixes-3' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux:
  xfs: fix kernel memory exposure problems
  xfs: Honor FALLOC_FL_KEEP_SIZE when punching ends of files
  xfs: rework the inline directory verifiers
2017-04-06 14:42:05 -07:00
Linus Torvalds
977674c06b Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus
Pull MIPS fixes from Ralf Baechle:
 "Lantiq:
    - Fix adding xbar resoures causing a panic

  Loongson3:
    - Some Loongson 3A don't identify themselves as having an FTLB so
      hardwire that knowledge into CPU probing.
    - Handle Loongson 3 TLB peculiarities in the fast path of the RDHWR
      emulation.
    - Fix invalid FTLB entries with huge page on VTLB+FTLB platforms
    - Add missing calculation of S-cache and V-cache cache-way size

  Ralink:
    - Fix typos in rt3883 pinctrl data

  Generic:
    - Force o32 fp64 support on 32bit MIPS64r6 kernels
    - Yet another build fix after the linux/sched.h changes
    - Wire up statx system call
    - Fix stack unwinding after introduction of IRQ stack
    - Fix spinlock code to build even for microMIPS with recent binutils

  SMP-CPS:
    - Fix retrieval of VPE mask on big endian CPUs"

* 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus:
  MIPS: IRQ Stack: Unwind IRQ stack onto task stack
  MIPS: c-r4k: Fix Loongson-3's vcache/scache waysize calculation
  MIPS: Flush wrong invalid FTLB entry for huge page
  MIPS: Check TLB before handle_ri_rdhwr() for Loongson-3
  MIPS: Add MIPS_CPU_FTLB for Loongson-3A R2
  MIPS: Lantiq: fix missing xbar kernel panic
  MIPS: smp-cps: Fix retrieval of VPE mask on big endian CPUs
  MIPS: Wire up statx system call
  MIPS: Include asm/ptrace.h now linux/sched.h doesn't
  MIPS: ralink: Fix typos in rt3883 pinctrl
  MIPS: End spinlocks with .insn
  MIPS: Force o32 fp64 support on 32bit MIPS64r6 kernels
2017-04-06 13:16:34 -07:00
Linus Torvalds
4691f4a6d4 Wei Yongjun fixed a long standing bug in the ring buffer startup test.
If for some unknown reason, the kthread that is created fails to be
 created, the return from kthread_create() is an PTR_ERR and not a NULL.
 The test incorrectly checks for NULL instead of an error.
 -----BEGIN PGP SIGNATURE-----
 
 iQExBAABCAAbBQJY5mOWFBxyb3N0ZWR0QGdvb2RtaXMub3JnAAoJEMm5BfJq2Y3L
 XcsH/iBX7Kf4ta/0Jo4+sR4+HeDmWNPVBTwlei+dvMfaK1rWDgW6hbwSJg3geUwN
 d2zL/o7uCWbXubO9sjeCX2n+ecUiUcJRheewfdm0KzaPH387ofdUd24yz3DNDNcl
 /yaZMmeApjpHJjJWxoH5TUSF/yliC2FvjHYWxgEx9qhrzldLk/r5qAealj2tKl1Q
 1cgSQEgXf5n6Wg0onBuR2JiMOo3+4lXh+pIpO1Dupalhj7cC91HatDDYrNmGRIWR
 qucf3iQLoD/m88bgpxsRortkQ09NfVJExxzIPliVoYF8VwtzL+77XD81EdgvLdTs
 WP+CAoMFk83fkuXK7Vg1HZZa5zg=
 =Z0D5
 -----END PGP SIGNATURE-----

Merge tag 'trace-v4.11-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace

Pull tracing fix from Steven Rostedt:
 "Wei Yongjun fixed a long standing bug in the ring buffer startup test.

  If for some unknown reason, the kthread that is created fails to be
  created, the return from kthread_create() is an PTR_ERR and not a
  NULL. The test incorrectly checks for NULL instead of an error"

* tag 'trace-v4.11-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
  ring-buffer: Fix return value check in test_ringbuffer()
2017-04-06 13:12:12 -07:00
Linus Torvalds
ea6b1720ce Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Pull networking fixes from David Miller:

 1) Reject invalid updates to netfilter expectation policies, from Pablo
    Neira Ayuso.

 2) Fix memory leak in nfnl_cthelper, from Jeffy Chen.

 3) Don't do stupid things if we get a neigh_probe() on a neigh entry
    whose ops lack a solicit method. From Eric Dumazet.

 4) Don't transmit packets in r8152 driver when the carrier is off, from
    Hayes Wang.

 5) Fix ipv6 packet type detection in aquantia driver, from Pavel
    Belous.

 6) Don't write uninitialized data into hw registers in bna driver, from
    Arnd Bergmann.

 7) Fix locking in ping_unhash(), from Eric Dumazet.

 8) Make BPF verifier range checks able to understand certain sequences
    emitted by LLVM, from Alexei Starovoitov.

 9) Fix use after free in ipconfig, from Mark Rutland.

10) Fix refcount leak on force commit in openvswitch, from Jarno
    Rajahalme.

11) Fix various overflow checks in AF_PACKET, from Andrey Konovalov.

12) Fix endianness bug in be2net driver, from Suresh Reddy.

13) Don't forget to wake TX queues when processing a timeout, from
    Grygorii Strashko.

14) ARP header on-stack storage is wrong in flow dissector, from Simon
    Horman.

15) Lost retransmit and reordering SNMP stats in TCP can be
    underreported. From Yuchung Cheng.

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (82 commits)
  nfp: fix potential use after free on xdp prog
  tcp: fix reordering SNMP under-counting
  tcp: fix lost retransmit SNMP under-counting
  sctp: get sock from transport in sctp_transport_update_pmtu
  net: ethernet: ti: cpsw: fix race condition during open()
  l2tp: fix PPP pseudo-wire auto-loading
  bnx2x: fix spelling mistake in macros HW_INTERRUT_ASSERT_SET_*
  l2tp: take reference on sessions being dumped
  tcp: minimize false-positives on TCP/GRO check
  sctp: check for dst and pathmtu update in sctp_packet_config
  flow dissector: correct size of storage for ARP
  net: ethernet: ti: cpsw: wake tx queues on ndo_tx_timeout
  l2tp: take a reference on sessions used in genetlink handlers
  l2tp: hold session while sending creation notifications
  l2tp: fix duplicate session creation
  l2tp: ensure session can't get removed during pppol2tp_session_ioctl()
  l2tp: fix race in l2tp_recv_common()
  sctp: use right in and out stream cnt
  bpf: add various verifier test cases for self-tests
  bpf, verifier: fix rejection of unaligned access checks for map_value_adj
  ...
2017-04-05 20:17:38 -07:00
Jakub Kicinski
c383bdd14f nfp: fix potential use after free on xdp prog
We should unregister the net_device first, before we give back
our reference on xdp_prog.  Otherwise xdp_prog may be freed
before .ndo_stop() disabled the datapath.  Found by code inspection.

Fixes: ecd63a0217 ("nfp: add XDP support in the driver")
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Reviewed-by: Simon Horman <simon.horman@netronome.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-04-05 18:46:40 -07:00
Yuchung Cheng
2d2517ee31 tcp: fix reordering SNMP under-counting
Currently the reordering SNMP counters only increase if a connection
sees a higher degree then it has previously seen. It ignores if the
reordering degree is not greater than the default system threshold.
This significantly under-counts the number of reordering events
and falsely convey that reordering is rare on the network.

This patch properly and faithfully records the number of reordering
events detected by the TCP stack, just like the comment says "this
exciting event is worth to be remembered". Note that even so TCP
still under-estimate the actual reordering events because TCP
requires TS options or certain packet sequences to detect reordering
(i.e. ACKing never-retransmitted sequence in recovery or disordered
 state).

Signed-off-by: Yuchung Cheng <ycheng@google.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Neal Cardwell <ncardwell@google.com>
Signed-off-by: Soheil Hassas Yeganeh <soheil@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-04-05 18:41:27 -07:00
Yuchung Cheng
ecde8f36f8 tcp: fix lost retransmit SNMP under-counting
The lost retransmit SNMP stat is under-counting retransmission
that uses segment offloading. This patch fixes that so all
retransmission related SNMP counters are consistent.

Fixes: 10d3be5692 ("tcp-tso: do not split TSO packets at retransmit time")
Signed-off-by: Yuchung Cheng <ycheng@google.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Neal Cardwell <ncardwell@google.com>
Signed-off-by: Soheil Hassas Yeganeh <soheil@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-04-05 18:41:27 -07:00
Linus Torvalds
aeb4a57681 - Bug fixes
- Increase buffer size to allow for SPI messages; cros_ec
 -----BEGIN PGP SIGNATURE-----
 
 iQIcBAABCAAGBQJY5OgnAAoJEFGvii+H/HdhhY0P/jojAc65zjRXhXWH+4EcCTsO
 fRoH3PsXsFylag89ytRLbeRnFumk/P51iVVig6groLh7qFcu/3zZmk3jtjojOCka
 yAbfqTTJiV9fkBEKs+hmQQJ+4nTXkPmDuwDePsE6xmrqMq1H6bSK3U5u7Bb8yj4X
 tAZtCIvGQvsJnwhnmjsjTf19UmxtYVjah2oBgDQKNsU8FXiaXmbS9yhSZZd3iv2M
 HowNeBhzNJKGkRYnCgzNlrs9dO4U/fGqRJ7Rh5vuXVNEBmEfMZbgV0svFuQYe1LM
 Ix//WvbPX7XYqYOWl7TwB7xoRb2rpai5NFtmkT6uhTYSV1RT6fNRxXi/sd24ewiq
 s2clJCsPxhds/XZ1u3C+fkMzPnoCdtWojQg6GOxaXk+qrp7XQ9Fg9eG/wqzf/9wl
 lHnsMUksgjUOWHw/WU1nDU4rVgO9j6iMk3L8UTMtAJPtO1r8S8lVDaIFRQMfcIqF
 wmdraxlOuSLm5yne3D1t1BbJMozFQi0CvpVVe1aLtPDuo/EW3SdKr5rtrOAINnEV
 AIQZLhHrpvCpKfAuLu4zr4++dziSoie+oP9H5CHFQ+upabol1u1KWTjH5NlazEvn
 gVjLCTsJXIeOaeVFstgSIWmkHVlwDtEWjAfK+efqUa/6Ivwe4Wxmb6FJR5KJ78tp
 6kzHQvZbss9EwZ+6iU8v
 =p+uD
 -----END PGP SIGNATURE-----

Merge tag 'mfd-fixes-4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/mfd

Pull MFD bug fix from Lee Jones:
 "Increase buffer size om cros-ec to allow for SPI messages"

* tag 'mfd-fixes-4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/mfd:
  mfd: cros-ec: Fix host command buffer size
2017-04-05 09:04:26 -07:00
Linus Torvalds
9f0bffa18c Kbuild fixes for v4.11
- Hand-off primary maintainership of Kbuild
 - Fix build warnings
 - Fix build error when GCOV is enabled with old compiler
 - Fix HAVE_ASM_GOTO check when GCC plugin is enabled
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJY5DVaAAoJED2LAQed4NsGOvYP/2aBSxp8k4s8XphPYXlF2ITE
 MlHWq9nJqlUBqv6Q6fTd8SiVU5LP9kSV54V8jCwBjjPV4ZxWTD0R2XDjdmW/Zzqu
 Fpjs61TScLUmpPDCwK9Q8k/FVHnjkM5H0U/9tsVWSoCUknJ3WqFNf0KcB7HIlWaH
 w5+Twt87e7dlaCbwCseWYsA3i8mkXXrdRFU+qlXHcgmfVnYEYdqjtWOKfESWGet0
 1Nwi0lQXEYb4W+vLczJ6K53BHW5dtL9+jiTZb5aGu3oTSFPFasOjGwdGDH1oVqif
 28ueGnPFzxl2FXzY0GT66/gRBQdtMnt2/vUVG2PUbCqa3MRZkRvFN8IntkmZz1iY
 2cTZ70PjKRyCr9DUw5UQnQweNB9reZlCsEC41xG21c5CLWL0/50iPX17rVAIP2D1
 GMVNWq4AEF4M98ovbyw8FEhz57ZQeVZ+dS0mmnPnL8R/a+SAiQ38ZBS18IqMPbDi
 5qsBvsqL8g5wb6d9cexzZJaFmkN4zBLek1O6EMKVH4FUOYKqR6Z470l7I4+/4UGD
 G9fkIAPGIBJoQ7gJZXQACdrtrhleFMX4JcnPycUsTiCkF86rBqWNjlp9nRPlxUw4
 HdrjwnsHL28G1rprT0Divmtjw074dxEem5PQzSD191IP+PINnXPzCVKhGKUN3uYh
 ykSDv++jHBQNGn+ivUBW
 =ZHIG
 -----END PGP SIGNATURE-----

Merge tag 'kbuild-fixes-v4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild

Pull Kbuild fixes from Masahiro Yamada:

 - hand-off primary maintainership of Kbuild

 - fix build warnings

 - fix build error when GCOV is enabled with old compiler

 - fix HAVE_ASM_GOTO check when GCC plugin is enabled

* tag 'kbuild-fixes-v4.11' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild:
  gconfig: remove misleading parentheses around a condition
  jump label: fix passing kbuild_cflags when checking for asm goto support
  Kbuild: use cc-disable-warning consistently for maybe-uninitialized
  kbuild: external module build warnings when KBUILD_OUTPUT set and W=1
  MAINTAINERS: add Masahiro Yamada as a Kbuild maintainer
2017-04-05 08:37:28 -07:00
James Hogan
b884a190af metag/usercopy: Add missing fixups
The rapf copy loops in the Meta usercopy code is missing some extable
entries for HTP cores with unaligned access checking enabled, where
faults occur on the instruction immediately after the faulting access.

Add the fixup labels and extable entries for these cases so that corner
case user copy failures don't cause kernel crashes.

Fixes: 373cd784d0 ("metag: Memory handling")
Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: linux-metag@vger.kernel.org
Cc: stable@vger.kernel.org
2017-04-05 15:25:07 +01:00
James Hogan
2c0b1df88b metag/usercopy: Fix src fixup in from user rapf loops
The fixup code to rewind the source pointer in
__asm_copy_from_user_{32,64}bit_rapf_loop() always rewound the source by
a single unit (4 or 8 bytes), however this is insufficient if the fault
didn't occur on the first load in the loop, as the source pointer will
have been incremented but nothing will have been stored until all 4
register [pairs] are loaded.

Read the LSM_STEP field of TXSTATUS (which is already loaded into a
register), a bit like the copy_to_user versions, to determine how many
iterations of MGET[DL] have taken place, all of which need rewinding.

Fixes: 373cd784d0 ("metag: Memory handling")
Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: linux-metag@vger.kernel.org
Cc: stable@vger.kernel.org
2017-04-05 15:25:07 +01:00
James Hogan
fd40eee129 metag/usercopy: Set flags before ADDZ
The fixup code for the copy_to_user rapf loops reads TXStatus.LSM_STEP
to decide how far to rewind the source pointer. There is a special case
for the last execution of an MGETL/MGETD, since it leaves LSM_STEP=0
even though the number of MGETLs/MGETDs attempted was 4. This uses ADDZ
which is conditional upon the Z condition flag, but the AND instruction
which masked the TXStatus.LSM_STEP field didn't set the condition flags
based on the result.

Fix that now by using ANDS which does set the flags, and also marking
the condition codes as clobbered by the inline assembly.

Fixes: 373cd784d0 ("metag: Memory handling")
Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: linux-metag@vger.kernel.org
Cc: stable@vger.kernel.org
2017-04-05 15:25:06 +01:00
James Hogan
563ddc1076 metag/usercopy: Zero rest of buffer from copy_from_user
Currently we try to zero the destination for a failed read from userland
in fixup code in the usercopy.c macros. The rest of the destination
buffer is then zeroed from __copy_user_zeroing(), which is used for both
copy_from_user() and __copy_from_user().

Unfortunately we fail to zero in the fixup code as D1Ar1 is set to 0
before the fixup code entry labels, and __copy_from_user() shouldn't even
be zeroing the rest of the buffer.

Move the zeroing out into copy_from_user() and rename
__copy_user_zeroing() to raw_copy_from_user() since it no longer does
any zeroing. This also conveniently matches the name needed for
RAW_COPY_USER support in a later patch.

Fixes: 373cd784d0 ("metag: Memory handling")
Reported-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: linux-metag@vger.kernel.org
Cc: stable@vger.kernel.org
2017-04-05 15:25:02 +01:00
Xin Long
3ebfdf0821 sctp: get sock from transport in sctp_transport_update_pmtu
This patch is almost to revert commit 02f3d4ce9e ("sctp: Adjust PMTU
updates to accomodate route invalidation."). As t->asoc can't be NULL
in sctp_transport_update_pmtu, it could get sk from asoc, and no need
to pass sk into that function.

It is also to remove some duplicated codes from that function.

Signed-off-by: Xin Long <lucien.xin@gmail.com>
Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-04-05 07:20:06 -07:00
James Hogan
fb8ea062a8 metag/usercopy: Add early abort to copy_to_user
When copying to userland on Meta, if any faults are encountered
immediately abort the copy instead of continuing on and repeatedly
faulting, and worse potentially copying further bytes successfully to
subsequent valid pages.

Fixes: 373cd784d0 ("metag: Memory handling")
Reported-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: linux-metag@vger.kernel.org
Cc: stable@vger.kernel.org
2017-04-05 14:49:42 +01:00
James Hogan
2257211942 metag/usercopy: Fix alignment error checking
Fix the error checking of the alignment adjustment code in
raw_copy_from_user(), which mistakenly considers it safe to skip the
error check when aligning the source buffer on a 2 or 4 byte boundary.

If the destination buffer was unaligned it may have started to copy
using byte or word accesses, which could well be at the start of a new
(valid) source page. This would result in it appearing to have copied 1
or 2 bytes at the end of the first (invalid) page rather than none at
all.

Fixes: 373cd784d0 ("metag: Memory handling")
Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: linux-metag@vger.kernel.org
Cc: stable@vger.kernel.org
2017-04-05 14:49:36 +01:00
James Hogan
ef62a2d81f metag/usercopy: Drop unused macros
Metag's lib/usercopy.c has a bunch of copy_from_user macros for larger
copies between 5 and 16 bytes which are completely unused. Before fixing
zeroing lets drop these macros so there is less to fix.

Signed-off-by: James Hogan <james.hogan@imgtec.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: linux-metag@vger.kernel.org
Cc: stable@vger.kernel.org
2017-04-05 14:49:26 +01:00
Wei Yongjun
62277de758 ring-buffer: Fix return value check in test_ringbuffer()
In case of error, the function kthread_run() returns ERR_PTR()
and never returns NULL. The NULL test in the return value check
should be replaced with IS_ERR().

Link: http://lkml.kernel.org/r/1466184839-14927-1-git-send-email-weiyj_lk@163.com

Cc: stable@vger.kernel.org
Fixes: 6c43e554a ("ring-buffer: Add ring buffer startup selftest")
Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
Signed-off-by: Steven Rostedt (VMware) <rostedt@goodmis.org>
2017-04-05 09:36:52 -04:00
Vic Yang
b2376407f9 mfd: cros-ec: Fix host command buffer size
For SPI, we can get up to 32 additional bytes for response preamble.
The current overhead (2 bytes) may cause problems when we try to receive
a big response. Update it to 32 bytes.

Without this fix we could see a kernel BUG when we receive a big response
from the Chrome EC when is connected via SPI.

Signed-off-by: Vic Yang <victoryang@google.com>
Tested-by: Enric Balletbo i Serra <enric.balletbo.collabora.com>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
2017-04-05 13:30:07 +01:00
Linus Torvalds
308ac75639 Late GPIO fixes for v4.11:
We're dealing with ACPI issues here. The first is related to
 wake IRQs on Bay Trail/Cherry Trail CPUs which are common in
 laptops. The second is about proper probe deferral when reading
 _CRS properties.
 -----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJY44fCAAoJEEEQszewGV1z+wkP/0ySyMBUDBlnIdUHjkqXV+Up
 p9KuNp8Z3VR/Zh+dN9I3RjNj0ParbkaD1sUuQLgowwMCuz+j/VdNlrStvHJjGJi2
 Zf2kV6d0CHnnLo0RnsDpQgIvqFgDawMG7a9nDrRQXVso68Yzh6Pdm+JMkvNZ8C6j
 RTPcPYh7WqYyiC1Y8OnuBTwVPyLOW/608PDYqrU4V76W+h1YYP9xLcEbDC+ORcj6
 BJLoqA1k0csC+ySNCY6ft77O7ItLapppmQqbbktO853Epmhe3PHZ9ZEjxbgpbUg4
 IBAsyIZnyayGxeowtmZZnJzSdGSpI2mzxTZPy9AQTBkWZ4Kp3hbOIjri9/UBtAu8
 amvcwTeYUFE+tm7tjm1RyKVLQgWdVfxX5UCxtderBUK5Ja106QrtwzaeJiCXM7Cj
 RbPYUftn0k9r3DU9HO1eGQ2sX5bFzWDcQjzSaftnP6G8BpIffAxj5MxSJmsgkO4Z
 yYy0+Qo42RUsUy9gTjMbKHT8/7get+iuBPtATUrtfPMfvUCM1jrvbpvQ8L+y3Wo2
 9ne1rqltZ4scBtm1ZEg8i5Ib9oF9nH3xdGr4tfjrcDmxKUza4uq2D3dPMsytlAH/
 l8vZM/bhv9ryc8qnqKsMPDDeOPmDpZ3cpioC7Xvo/0thplvI2jxOgVxpyoYmzC2c
 wcGMusEBFfeJZQDn6ArH
 =DTy3
 -----END PGP SIGNATURE-----

Merge tag 'gpio-v4.11-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio

Pull late GPIO fixes from Linus Walleij:
 "Some late coming ACPI fixes for GPIO.

  We're dealing with ACPI issues here. The first is related to wake IRQs
  on Bay Trail/Cherry Trail CPUs which are common in laptops. The second
  is about proper probe deferral when reading _CRS properties.

  For my untrained eye it seems there was some quarrel between the BIOS
  and the kernel about who is supposed to deal with wakeups from GPIO
  lines"

* tag 'gpio-v4.11-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio:
  ACPI / gpio: do not fall back to parsing _CRS when we get a deferral
  gpio: acpi: Call enable_irq_wake for _IAE GpioInts with Wake set
2017-04-04 11:40:20 -07:00
David S. Miller
e90be21b1c wireless-drivers fixes for 4.11
iwlwifi
 
 * an RCU fix
 * a fix for a potential out-of-bounds access crash
 * a fix for IBSS which has been broken since DQA was enabled
 
 rtlwifi
 
 * fix scheduling while atomic regression
 
 brcmfmac
 
 * fix use-after-free bug found by KASAN
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJY4ivhAAoJEG4XJFUm622bnNQIAId7kE+dQjX/VRRCfZl5679K
 pkcooXgqCBODA03phCCa9pDGx8O2JPoPJzDgqthHJcpD03nmp8TbiCfuZY6VT2HK
 ohwydmwh2y614V7XrLmEJ6MRl06R2ihXZRMaasPf7LIydXHYo3JFU60XOTNRKrmE
 bDvukcNeKB6s/YuMBf4247qi6mpHuWMeTBVdzUo3Ht06JH6AK2F9M81IS2AiXojY
 lAQWWBBrQT6B7fiVMw4+wRux4Mirkzy/7WJIeFS5oGPFj4ha3gGQhddVHAj8Z9hA
 zQKQxojNLj89tFKqXV3JvDQe20/bNGN81ushkkcy4l8pPtHoJylD3ladPbiXMH8=
 =vv5x
 -----END PGP SIGNATURE-----

Merge tag 'wireless-drivers-for-davem-2017-04-03' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers

Kalle Valo says:

====================
wireless-drivers fixes for 4.11

iwlwifi

* an RCU fix
* a fix for a potential out-of-bounds access crash
* a fix for IBSS which has been broken since DQA was enabled

rtlwifi

* fix scheduling while atomic regression

brcmfmac

* fix use-after-free bug found by KASAN
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2017-04-04 11:36:54 -07:00
Linus Torvalds
b824a957bf nios2 fix for v4.11
- nios2: reserve boot memory for device tree
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJY4p2VAAoJEFWoEK+e3syCoJYQAJE+airaXB1vqhdjiLxPk8yI
 1RoiLyZ5GUxDEUsQDVE1M1E4UGrKuko8TmPnLpR2AswYSCVQIUpsrGqJLXHnoYCE
 mmC4ONOTBOvptIvrMgxmzjxmhSr5sctf+o5P7RqptTdWuS4Uas9lTlrpjr9PbdRn
 qAi3H7ziTyBFiH+/TtU5s5mXv2cBi1cTCEG98xWPI0y5g3PUNp5XwpDQwKzjq8qb
 cJVQvf7/Dnj+opS5KlWuIY+sKRaLz21f8YKLbf6xpB5mH0ohdmxgfoUS607IIOVK
 3Nc2J7ZPTPOK4c3TnR0M57LIxtk1SonAaW+FF8a4q0XnokuqgVjB3m6nV1UDFp7b
 DUZKK9Rme/2/AlydX9rYxIwLNwlLyyzdN302C1InFcH71TCsCsNraxFXySkFHu0o
 aGJA6zsbEeXOsFAf4dHY3mtSwHTB7KsnZAMO15snvqFBhs/lemmznWSHCtRSiFj6
 cnCk6vkAbVMhkYTaKSB0S2kmaJ9ONdFjazqBsY1FSiFvutXqN8Wsv/BS9Hf2n/AT
 Bqgrzkt/SH0aGKvOXnUu9Bu4YdXeYg3kcxQ8VqflBwF8Uts6Fnnth91aHKs+2ORP
 E/h72N7I9GuF44ymXjSpZuKamFd/OTTMkdfigOKwP8ZW8/qNxMVBcieGY4pzAu1V
 2jrC4QnmIvtguV5Nzqo6
 =E/bW
 -----END PGP SIGNATURE-----

Merge tag 'nios2-v4.11-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/lftan/nios2

Pull nios2 fix from Ley Foon Tan:

 - nios2: reserve boot memory for device tree

* tag 'nios2-v4.11-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/lftan/nios2:
  nios2: reserve boot memory for device tree
2017-04-04 11:16:52 -07:00
Sekhar Nori
30c57f0734 net: ethernet: ti: cpsw: fix race condition during open()
TI's cpsw driver handles both OF and non-OF case for phy
connect. Unfortunately of_phy_connect() returns NULL on
error while phy_connect() returns ERR_PTR().

To handle this, cpsw_slave_open() overrides the return value
from phy_connect() to make it NULL or error.

This leaves a small window, where cpsw_adjust_link() may be
invoked for a slave while slave->phy pointer is temporarily
set to -ENODEV (or some other error) before it is finally set
to NULL.

_cpsw_adjust_link() only handles the NULL case, and an oops
results when ERR_PTR() is seen by it.

Note that cpsw_adjust_link() checks PHY status for each
slave whenever it is invoked. It can so happen that even
though phy_connect() for a given slave returns error,
_cpsw_adjust_link() is still called for that slave because
the link status of another slave changed.

Fix this by using a temporary pointer to store return value
of {of_}phy_connect() and do a one-time write to slave->phy.

Reviewed-by: Grygorii Strashko <grygorii.strashko@ti.com>
Reported-by: Yan Liu <yan-liu@ti.com>
Signed-off-by: Sekhar Nori <nsekhar@ti.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-04-04 10:33:33 -07:00
Linus Torvalds
1a589c0443 vmwgfx and msm fixes
-----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJY4xUcAAoJEAx081l5xIa+WJAP/iYhjkhcP3tRN/u+oCRKuAjw
 EmhR6AAAmF2kqbZa30e2DCDvrB5UODxRSnIWGq7FUfwB8nWW366opU18hzwdepUJ
 sCWqwtj6ZhFP4P5LZUQcjQseXmwcDnmsnY59mWKWqYDOM+5rvprN1sSBRs2Z2TfZ
 ZwBQt0AdmxkxVOarEgF3ZFCZ3cweRPvFH3WjhYvLTkWtVqoMQtKwJfkL9F8qk/QR
 +137vIOzVDM9NVu10+D2nTISGQKnwqPGkvYWpnsVbLR/AFtfkSS2NXiiP5yROwXK
 qdaQzf1jPTLGbhMlQfahajrzncxMxVm3dNcyG9D/DWqdv24cUKaT4/OsJnS7T2YW
 B1rEl12A5wsAjyOgafU6J8nCXnSdJ4VXnlI5igJCNIIuZc9DoDStpc4/7va3gyHA
 QaC7zGh1QKBQbl9sTwwinl1xuTIbROCRv+1snD07pO2KCc6Y+F7Fks31lqrucwk4
 bBGlyoPN21IJLyfzHGz9hwuKvuAtMxWgGG+GAFCzxKwjocFSktPetsPmnLKlxcdt
 DhBIWELzQ9lyzLeNeyQIFpMwLX3CxkfGa2+2xpnI8NMNVuzsTtju/20U+YHOJZwK
 C5gJRFRHlG+F2fx09cRKW1Lp37S9yN/2IDHKmkdS0JhAErBlJhMv1dRXTZXk1wNK
 z3fSS7NdMMZRVXddx5mn
 =pqDR
 -----END PGP SIGNATURE-----

Merge tag 'drm-fixes-for-v4.11-rc6' of git://people.freedesktop.org/~airlied/linux

Pull drm fixes from Dave Airlie:
 "This is just mostly stuff that missed rc5, from vmwgfx and msm
  drivers"

* tag 'drm-fixes-for-v4.11-rc6' of git://people.freedesktop.org/~airlied/linux:
  drm/msm: Make sure to detach the MMU during GPU cleanup
  drm/msm/hdmi: redefinitions of macros not required
  drm/msm/mdp5: Update SSPP_MAX value
  drm/msm/dsi: Fix bug in dsi_mgr_phy_enable
  drm/msm: Don't allow zero sized buffer objects
  drm/msm: Fix wrong pointer check in a5xx_destroy
  drm/msm: adreno: fix build error without debugfs
  drm/vmwgfx: fix integer overflow in vmw_surface_define_ioctl()
  drm/vmwgfx: Remove getparam error message
  drm/ttm: Avoid calling drm_ht_remove from atomic context
  drm/ttm, drm/vmwgfx: Relax permission checking when opening surfaces
  drm/vmwgfx: avoid calling vzalloc with a 0 size in vmw_get_cap_3d_ioctl()
  drm/vmwgfx: NULL pointer dereference in vmw_surface_define_ioctl()
  drm/vmwgfx: Type-check lookups of fence objects
2017-04-04 10:12:15 -07:00
Guillaume Nault
249ee819e2 l2tp: fix PPP pseudo-wire auto-loading
PPP pseudo-wire type is 7 (11 is L2TP_PWTYPE_IP).

Fixes: f1f39f9110 ("l2tp: auto load type modules")
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-04-04 10:08:42 -07:00
Colin Ian King
a8919661d7 bnx2x: fix spelling mistake in macros HW_INTERRUT_ASSERT_SET_*
Trival fix, rename HW_INTERRUT_ASSERT_SET_* to HW_INTERRUPT_ASSERT_SET_*

Signed-off-by: Colin Ian King <colin.king@canonical.com>
Acked-by: Yuval Mintz <Yuval.Mintz@cavium.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-04-04 10:04:49 -07:00
Guillaume Nault
e08293a4cc l2tp: take reference on sessions being dumped
Take a reference on the sessions returned by l2tp_session_find_nth()
(and rename it l2tp_session_get_nth() to reflect this change), so that
caller is assured that the session isn't going to disappear while
processing it.

For procfs and debugfs handlers, the session is held in the .start()
callback and dropped in .show(). Given that pppol2tp_seq_session_show()
dereferences the associated PPPoL2TP socket and that
l2tp_dfs_seq_session_show() might call pppol2tp_show(), we also need to
call the session's .ref() callback to prevent the socket from going
away from under us.

Fixes: fd558d186d ("l2tp: Split pppol2tp patch into separate l2tp and ppp parts")
Fixes: 0ad6614048 ("l2tp: Add debugfs files for dumping l2tp debug info")
Fixes: 309795f4be ("l2tp: Add netlink control API for L2TP")
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-04-04 10:00:56 -07:00
Jan Beulich
ac4cde398a xenbus: remove transaction holder from list before freeing
After allocation the item is being placed on the list right away.
Consequently it needs to be taken off the list before freeing in the
case xenbus_dev_request_and_reply() failed, as in that case the
callback (xenbus_dev_queue_reply()) is not being called (and if it
was called, it should do both).

Fixes: 5584ea250a
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Reviewed-by: Juergen Gross <jgross@suse.com>
Signed-off-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
2017-04-04 10:11:06 -04:00
Victor Kamensky
09a6adf53d arm64: mm: unaligned access by user-land should be received as SIGBUS
After 52d7523 (arm64: mm: allow the kernel to handle alignment faults on
user accesses) commit user-land accesses that produce unaligned exceptions
like in case of aarch32 ldm/stm/ldrd/strd instructions operating on
unaligned memory received by user-land as SIGSEGV. It is wrong, it should
be reported as SIGBUS as it was before 52d7523 commit.

Changed do_bad_area function to take signal and code parameters out of esr
value using fault_info table, so in case of do_alignment_fault fault
user-land will receive SIGBUS. Wrapped access to fault_info table into
esr_to_fault_info function.

Cc: <stable@vger.kernel.org>
Fixes: 52d7523 (arm64: mm: allow the kernel to handle alignment faults on user accesses)
Signed-off-by: Victor Kamensky <kamensky@cisco.com>
Signed-off-by: Will Deacon <will.deacon@arm.com>
2017-04-04 12:13:36 +01:00
Marcelo Ricardo Leitner
0b9aefea86 tcp: minimize false-positives on TCP/GRO check
Markus Trippelsdorf reported that after commit dcb17d22e1 ("tcp: warn
on bogus MSS and try to amend it") the kernel started logging the
warning for a NIC driver that doesn't even support GRO.

It was diagnosed that it was possibly caused on connections that were
using TCP Timestamps but some packets lacked the Timestamps option. As
we reduce rcv_mss when timestamps are used, the lack of them would cause
the packets to be bigger than expected, although this is a valid case.

As this warning is more as a hint, getting a clean-cut on the
threshold is probably not worth the execution time spent on it. This
patch thus alleviates the false-positives with 2 quick checks: by
accounting for the entire TCP option space and also checking against the
interface MTU if it's available.

These changes, specially the MTU one, might mask some real positives,
though if they are really happening, it's possible that sooner or later
it will be triggered anyway.

Reported-by: Markus Trippelsdorf <markus@trippelsdorf.de>
Cc: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-04-03 18:43:41 -07:00
Linus Torvalds
08e4e0d045 Xtensa fixes for 4.11-rc6
- make __pa work with uncached KSEG addresses, it fixes DMA memory
   mmapping and DMA debug;
 - fix torn stack dump output;
 - wire up statx syscall.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJY4tpmAAoJEFH5zJH4P6BECVsP/0VW0w0rwPS22zy0hRHQP3BQ
 QEUDK7H9X1e8DWV4rEC47mSg4IYAJD8CTGsbsMHrBLm7krgbj4WZnkcuAuW+keH9
 pjgY2jhn0a84MHIk/ubtya/L0HfjmDfEm41VAWg0uqVg+NspENxgdGJSq88eCEU7
 up3KiM2/pBrgNiCejo6Nm8+Ct/fNMY0sgPAd83SoPdlMZY22K97NqBobdkoF43kR
 KH7BqAncSIBjUnYEtxlLjqs83GVnAwDBffVObL8JEHrodV6Mmbuut3rS4buCr2xW
 MZUfyWYQOuPRWLGhPZ49tFFfHakkfoOg3jLteU7FyOvX/tIPGh9jLA86ZIm7Eu+H
 RuAdhr6gTvQfuHx+XSguANKaRG67mkPICNusGUd5/prdIU65StQYzxh+lzkCP4SE
 UDlzbwLz9/9wiC/m6k+8outytcv89WqUtWq4l3sTc0X6SUIiMna2EDYLwV9aGELQ
 Gj/3AGMSAdUsJksUBFmLJ+eT4o7ujzsonZO0aMh3IpnhnnlCbV3x/4QlVLlAyjRJ
 Dp7v+++/iMkeczqtMka8ijfuOxjS0T55e4XyTfaHODYv2ai76G0K7wfu6TTwQDf6
 4BKBxxg/SKYkOwbBAcCvQzhX7AJ18hkZaXioDuRT+7uK+ljyUMfFvF8e44yL0RVl
 AeVWbXAXBwpw6PZOEnRo
 =lq7n
 -----END PGP SIGNATURE-----

Merge tag 'xtensa-20170403' of git://github.com/jcmvbkbc/linux-xtensa

Pull Xtensa fixes from Max Filippov:

 - make __pa work with uncached KSEG addresses, it fixes DMA memory
   mmapping and DMA debug

 - fix torn stack dump output

 - wire up statx syscall

* tag 'xtensa-20170403' of git://github.com/jcmvbkbc/linux-xtensa:
  xtensa: wire up statx system call
  xtensa: fix stack dump output
  xtensa: make __pa work with uncached KSEG addresses
2017-04-03 17:56:32 -07:00
Dave Airlie
130e35e4bb Merge branch 'msm-fixes-4.11-rc6' of git://people.freedesktop.org/~robclark/linux into drm-fixes
misc msm fixes.

* 'msm-fixes-4.11-rc6' of git://people.freedesktop.org/~robclark/linux:
  drm/msm: Make sure to detach the MMU during GPU cleanup
  drm/msm/hdmi: redefinitions of macros not required
  drm/msm/mdp5: Update SSPP_MAX value
  drm/msm/dsi: Fix bug in dsi_mgr_phy_enable
  drm/msm: Don't allow zero sized buffer objects
  drm/msm: Fix wrong pointer check in a5xx_destroy
  drm/msm: adreno: fix build error without debugfs
2017-04-04 10:13:40 +10:00
Xin Long
df2729c323 sctp: check for dst and pathmtu update in sctp_packet_config
This patch is to move sctp_transport_dst_check into sctp_packet_config
from sctp_packet_transmit and add pathmtu check in sctp_packet_config.

With this fix, sctp can update dst or pathmtu before appending chunks,
which can void dropping packets in sctp_packet_transmit when dst is
obsolete or dst's mtu is changed.

This patch is also to improve some other codes in sctp_packet_config.
It updates packet max_size with gso_max_size, checks for dst and
pathmtu, and appends ecne chunk only when packet is empty and asoc
is not NULL.

It makes sctp flush work better, as we only need to set up them once
for one flush schedule. It's also safe, since asoc is NULL only when
the packet is created by sctp_ootb_pkt_new in which it just gets the
new dst, no need to do more things for it other than set packet with
transport's pathmtu.

Signed-off-by: Xin Long <lucien.xin@gmail.com>
Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-04-03 14:54:33 -07:00