Commit Graph

562244 Commits

Author SHA1 Message Date
Vineet Gupta
323f41f9e7 ARC: dw2 unwind: Ignore CIE version !=1 gracefully instead of bailing
ARC dwarf unwinder only supports CIE version == 1
The boot time dwarf sanitizer (part of binary lookup table constructor)
would simply bail if it saw CIE version == 3, rendering unwinder with a
NULL lookup table.

It seems libgcc linked with kernel does have such entries.

With fallback linear search removed, and a NULL binary lookup table,
unwinder fails to generate any stack trace.

So allow graceful ignoring of unsupported CIE entries.

This problem was initially seen in Alexey's setup (and not mine) as he
was using buildroot built toolchain (libgcc) which doesn't get built with
CFLAGS_FOR_TARGET="-gdwarf-2 which is my default

Fixes STAR 9000985048: "kernel unwinder broken with stock tools"

Fixes: 2e22502c08 ARC: dw2 unwind: Remove falllback linear search thru FDE entries
Reported-by Alexey Brodkin <abrodkin@synopsys.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
2015-12-17 11:10:23 +05:30
Vineet Gupta
bc79c9a721 ARC: dw2 unwind: Reinstante unwinding out of modules
The fix which removed linear searching of dwarf (because binary lookup
data always exists) missed out on the fact that modules don't get the
binary lookup tables info. This caused unwinding out of modules to stop
working.

So add binary lookup header setup (equivalent of eh_frame_hdr setup) to
modules as well.

While at it, confine the header setup to within unwinder code,
reducing one API exposed out of unwinder code.

Fixes: 2e22502c08 ARC: dw2 unwind: Remove falllback linear search thru FDE entries
Cc: <stable@vger.kernel.org>
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
2015-12-17 11:10:23 +05:30
Vineet Gupta
ff1c0b6a79 ARC: [plat-sim] unbork non default CONFIG_LINUX_LINK_BASE
HIGHMEM support bumped the default memory size for nsim platform to 1G.
Thus total memory ended at the very edge of start of peripherals address
space. With linux link base shifted, memory started bleeding into
peripheral space which caused early boot bad_page spew !

Fixes: 29e332261d ("ARC: mm: HIGHMEM: populate high memory from DT")
Reported-by: Anton Kolesov <akolesov@synopsys.com>
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
2015-12-17 11:06:43 +05:30
Hannes Frederic Sowa
3036facbb7 fou: clean up socket with kfree_rcu
fou->udp_offloads is managed by RCU. As it is actually included inside
the fou sockets, we cannot let the memory go out of scope before a grace
period. We either can synchronize_rcu or switch over to kfree_rcu to
manage the sockets. kfree_rcu seems appropriate as it is used by vxlan
and geneve.

Fixes: 23461551c0 ("fou: Support for foo-over-udp RX path")
Cc: Tom Herbert <tom@herbertland.com>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-16 19:03:02 -05:00
David S. Miller
4d4f37910b Another set of fixes:
* memory leak fixes (from Ola)
  * operating mode notification spec compliance fix (from Eyal)
  * copy rfkill names in case pointer becomes invalid (myself)
  * two hardware restart fixes (myself)
  * get rid of "limiting TX power" log spam (myself)
 -----BEGIN PGP SIGNATURE-----
 
 iQIcBAABCgAGBQJWcAbmAAoJEGt7eEactAAd9Z8P/igt1Xe7sFzRq5pi5+hXKMdp
 +jaDQsp0SSc2W53puXhMOqfC6zyD7zl41gRv/u7XCq/FHNInkmzDRz7LcXPQV1CR
 yUxxUTDBZ1nIk9a5uDI9nWuBDh6wlHG0FGl1Ud5bRHcZnPUntO2hk9863rWbTwbJ
 a+jgP41o41keQll1DogWQtzK7MyaH5h8CaLtKE9cklzZlKz6Arc5beCVRGBV/Iy6
 rfe8OzA/nJLjunAvnRt+XfQYxkSroffTvrqw4j2Eb4PrWr/eFMTGojzx1qaHIM2S
 vZrd3O95KDF0fapsQimJDlkiktHhC1Dyc4AP+pKVOimzFazV6IHw6dmHz1QqvQ+7
 fRR/5bvIUtiRgOwvWSxPzbrw8xEogaZP0O2lEsL5IeOeCgOl5SMdcYqqwZaBU3b6
 igAMIeMJ5fg7rhLEHregR32V7Ykk7x5cSXK4uXIq5FlNOzHKE5oY8J4PU9Uwn5/w
 v22ikTDBOBAelSYTlzNsWHggJ4yKtvGlO4vwpqcOlPG/uroPRbS/mYgjlrtLCBcX
 XWS6mksVNKrb5nmCEd0GxmOp7ZlMXt4Ut8hE8e0eL1jcghs1rJ59z2Xf9zZDfSDN
 hVmkzS2UPcQwnpwk6UtNsv3RyxgI57ekZx30wrz+U0gvcW25Nf67NnVCspApvy09
 IWu1FPVST14NX+ibsKsf
 =z3WR
 -----END PGP SIGNATURE-----

Merge tag 'mac80211-for-davem-2015-12-15' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211

Johannes Berg says:

====================
Another set of fixes:
 * memory leak fixes (from Ola)
 * operating mode notification spec compliance fix (from Eyal)
 * copy rfkill names in case pointer becomes invalid (myself)
 * two hardware restart fixes (myself)
 * get rid of "limiting TX power" log spam (myself)
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-16 18:33:38 -05:00
Martin Roth
79aa05a24f 82xx: FCC: Fixing a bug causing to FCC port lock-up
The patch fixes FCC port lock-up, which occurs as a result of a bug
during underrun/collision handling. Within the tx_startup() function
in mac-fcc.c, the address of last BD is not calculated correctly.
As a result of wrong calculation of the last BD address, the next
transmitted BD may be set to an area out of the transmit BD ring.
This actually causes to port lock-up and it is not recoverable.

Signed-off-by: Martin Roth <martin.roth@motorolasolutions.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-16 18:32:35 -05:00
Hamish Martin
7bff47da1e gianfar: Don't enable RX Filer if not supported
After commit 15bf176db1 ("gianfar: Don't enable the Filer w/o the
Parser"), 'TSEC' model controllers (for example as seen on MPC8541E)
always have 8 bytes stripped from the front of received frames.
Only 'eTSEC' gianfar controllers have the RX Filer capability (amongst
other enhancements). Previously this was treated as always enabled
for both 'TSEC' and 'eTSEC' controllers.
In commit 15bf176db1 ("gianfar: Don't enable the Filer w/o the Parser")
a subtle change was made to the setting of 'uses_rxfcb' to effectively
always set it (since 'rx_filer_enable' was always true). This had the
side-effect of always stripping 8 bytes from the front of received frames
on 'TSEC' type controllers.

We now only enable the RX Filer capability on controller types that
support it, thereby avoiding the issue for 'TSEC' type controllers.

Reviewed-by: Chris Packham <chris.packham@alliedtelesis.co.nz>
Reviewed-by: Mark Tomlinson <mark.tomlinson@alliedtelesis.co.nz>
Signed-off-by: Hamish Martin <hamish.martin@alliedtelesis.co.nz>
Reviewed-by: Claudiu Manoil <claudiu.manoil@freescale.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-16 18:31:00 -05:00
Christian König
91acbeb68a drm/amdgpu: fix user fence handling
This fixes a random corruption under memory pressure. We need to fence
the BO for the user fence as well, otherwise it might be swapped out
and the GPU could write the fence value to an undesired location.

Signed-off-by: Christian König <christian.koenig@amd.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
Cc: stable@vger.kernel.org
2015-12-16 17:48:59 -05:00
Sebastian Siewior
6b238de189 mtd: ubi: don't leak e if schedule_erase() fails
If __erase_worker() fails to erase the EB and schedule_erase() fails as
well to do anything about it then we go RO. But that is not a reason to
leak the e argument here. Therefore clean up e.

Cc: <stable@vger.kernel.org>
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Richard Weinberger <richard@nod.at>
2015-12-16 22:59:03 +01:00
Sebastian Siewior
1a31b20cd8 mtd: ubi: fixup error correction in do_sync_erase()
Since fastmap we gained do_sync_erase(). This function can return an error
and its error handling isn't obvious. First the memory allocation for
struct ubi_work can fail and as such struct ubi_wl_entry is leaked.
However if the memory allocation succeeds then the tail function takes
care of the struct ubi_wl_entry. A free here could result in a double
free.
To make the error handling simpler, I split the tail function into one
piece which does the work and another which frees the struct ubi_work
which is passed as argument. As result do_sync_erase() can keep the
struct on stack and we get rid of one error source.

Cc: <stable@vger.kernel.org>
Fixes: 8199b901a ("UBI: Add fastmap support to the WL sub-system")
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Richard Weinberger <richard@nod.at>
2015-12-16 22:52:46 +01:00
Brian Norris
2e69d4912f UBI: fix use of "VID" vs. "EC" in header self-check
Looks like a typo, using UBI_EC_HDR_SIZE_CRC (note the "EC") to compute
the CRC for the VID header.

This shouldn't cause any functional change, as both structures are 64
bytes. Verified with:

	BUILD_BUG_ON(UBI_VID_HDR_SIZE_CRC != UBI_EC_HDR_SIZE_CRC);

Reported here:
http://lists.infradead.org/pipermail/linux-mtd/2013-September/048570.html

Reported by: Bill Pringlemeir <bpringlemeir@gmail.com>
Signed-off-by: Brian Norris <computersforpeace@gmail.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
2015-12-16 22:46:26 +01:00
Sudip Mukherjee
97cb69dd80 UBI: fix return error code
We are checking dfs_rootdir for error value or NULL. But in the
conditional ternary operator we returned -ENODEV if dfs_rootdir contains
an error value and returned PTR_ERR(dfs_rootdir) if dfs_rootdir is NULL.
So in the case of dfs_rootdir being NULL we actually assigned 0 to err
and returned it to the caller implying a success.
Lets return -ENODEV when dfs_rootdir is NULL else return
PTR_ERR(dfs_rootdir).

Signed-off-by: Sudip Mukherjee <sudip@vectorindia.org>
Signed-off-by: Richard Weinberger <richard@nod.at>
2015-12-16 22:45:04 +01:00
Steven Rostedt (Red Hat)
a50bd43935 ftrace/scripts: Have recordmcount copy the object file
Russell King found that he had weird side effects when compiling the kernel
with hard linked ccache. The reason was that recordmcount modified the
kernel in place via mmap, and when a file gets modified twice by
recordmcount, it will complain about it. To fix this issue, Russell wrote a
patch that checked if the file was hard linked more than once and would
unlink it if it was.

Linus Torvalds was not happy with the fact that recordmcount does this in
place modification. Instead of doing the unlink only if the file has two or
more hard links, it does the unlink all the time. In otherwords, it always
does a copy if it changed something. That is, it does the write out if a
change was made.

Cc: stable@vger.kernel.org # 2.6.37+
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
2015-12-16 15:46:07 -05:00
Daniel Mentz
0354aec19c dma-debug: Fix dma_debug_entry offset calculation
dma-debug uses struct dma_debug_entry to keep track of dma coherent
memory allocation requests. The virtual address is converted into a pfn
and an offset. Previously, the offset was calculated using an incorrect
bit mask.  As a result, we saw incorrect error messages from dma-debug
like the following:

"DMA-API: exceeded 7 overlapping mappings of cacheline 0x03e00000"

Cacheline 0x03e00000 does not exist on our platform.

Cc: <stable@vger.kernel.org>
Fixes: 0abdd7a81b ("dma-debug: introduce debug_dma_assert_idle()")
Signed-off-by: Daniel Mentz <danielmentz@google.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
2015-12-16 11:24:26 -08:00
Linus Torvalds
a5e90b1b07 Merge branch 'fixes' of git://ftp.arm.linux.org.uk/~rmk/linux-arm
Pull ARM fixes from Russell King:
 "Further ARM fixes:
   - Anson Huang noticed that we were corrupting a register we shouldn't
     be during suspend on some CPUs.
   - Shengjiu Wang spotted a bug in the 'swp' instruction emulation.
   - Will Deacon fixed a bug in the ASID allocator.
   - Laura Abbott fixed the kernel permission protection to apply to all
     threads running in the system.
   - I've fixed two bugs with the domain access control register
     handling, one to do with printing an appropriate value at oops
     time, and the other to further fix the uaccess_with_memcpy code"

* 'fixes' of git://ftp.arm.linux.org.uk/~rmk/linux-arm:
  ARM: 8475/1: SWP emulation: Restore original *data when failed
  ARM: 8471/1: need to save/restore arm register(r11) when it is corrupted
  ARM: fix uaccess_with_memcpy() with SW_DOMAIN_PAN
  ARM: report proper DACR value in oops dumps
  ARM: 8464/1: Update all mm structures with section adjustments
  ARM: 8465/1: mm: keep reserved ASIDs in sync with mm after multiple rollovers
2015-12-16 10:57:24 -08:00
Jeff Layton
be20aa00c6 nfsd: don't hold ls_mutex across a layout recall
We do need to serialize layout stateid morphing operations, but we
currently hold the ls_mutex across a layout recall which is pretty
ugly. It's also unnecessary -- once we've bumped the seqid and
copied it, we don't need to serialize the rest of the CB_LAYOUTRECALL
vs. anything else. Just drop the mutex once the copy is done.

This was causing a "workqueue leaked lock or atomic" warning and an
occasional deadlock.

There's more work to be done here but this fixes the immediate
regression.

Fixes: cc8a55320b "nfsd: serialize layout stateid morphing operations"
Cc: stable@vger.kernel.org
Reported-by: Kinglong Mee <kinglongmee@gmail.com>
Signed-off-by: Jeff Layton <jeff.layton@primarydata.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2015-12-16 11:49:58 -05:00
Hannes Frederic Sowa
7bbadd2d10 net: fix warnings in 'make htmldocs' by moving macro definition out of field declaration
Docbook does not like the definition of macros inside a field declaration
and adds a warning. Move the definition out.

Fixes: 79462ad02e ("net: add validation for the socket syscall protocol argument")
Reported-by: kbuild test robot <lkp@intel.com>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-16 11:44:17 -05:00
Herbert Xu
c6ff526829 rhashtable: Fix walker list corruption
The commit ba7c95ea38 ("rhashtable:
Fix sleeping inside RCU critical section in walk_stop") introduced
a new spinlock for the walker list.  However, it did not convert
all existing users of the list over to the new spin lock.  Some
continued to use the old mutext for this purpose.  This obviously
led to corruption of the list.

The fix is to use the spin lock everywhere where we touch the list.

This also allows us to do rcu_rad_lock before we take the lock in
rhashtable_walk_start.  With the old mutex this would've deadlocked
but it's safe with the new spin lock.

Fixes: ba7c95ea38 ("rhashtable: Fix sleeping inside RCU...")
Reported-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-16 11:13:14 -05:00
Herbert Xu
3a324606bb rhashtable: Enforce minimum size on initial hash table
William Hua <william.hua@canonical.com> wrote:
>
> I wasn't aware there was an enforced minimum size. I simply set the
> nelem_hint in the rhastable_params struct to 1, expecting it to grow as
> needed. This caused a segfault afterwards when trying to insert an
> element.

OK we're doing the size computation before we enforce the limit
on min_size.

---8<---
We need to do the initial hash table size computation after we
have obtained the correct min_size/max_size parameters.  Otherwise
we may end up with a hash table whose size is outside the allowed
envelope.

Fixes: a998f712f7 ("rhashtable: Round up/down min/max_size to...")
Reported-by: William Hua <william.hua@canonical.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-16 10:44:08 -05:00
Russell King
dd39a26538 scripts: recordmcount: break hardlinks
recordmcount edits the file in-place, which can cause problems when
using ccache in hardlink mode.  Arrange for recordmcount to break a
hardlinked object.

Link: http://lkml.kernel.org/r/E1a7MVT-0000et-62@rmk-PC.arm.linux.org.uk

Cc: stable@vger.kernel.org # 2.6.37+
Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
2015-12-16 09:28:23 -05:00
Mark Brown
c1f4a14940 Merge remote-tracking branches 'spi/fix/dspi' and 'spi/fix/spidev' into spi-linus 2015-12-16 13:28:32 +00:00
Mark Brown
9ce5db27f4 Merge remote-tracking branch 'spi/fix/core' into spi-linus 2015-12-16 13:28:31 +00:00
Johan Hovold
157f38f993 spi: fix parent-device reference leak
Fix parent-device reference leak due to SPI-core taking an unnecessary
reference to the parent when allocating the master structure, a
reference that was never released.

Note that driver core takes its own reference to the parent when the
master device is registered.

Fixes: 49dce689ad ("spi doesn't need class_device")
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Mark Brown <broonie@kernel.org>
Cc: stable@vger.kernel.org
2015-12-16 12:28:25 +00:00
Mark Brown
56ea1075e7 spi: spidev: Hold spi_lock over all defererences of spi in release()
We use the spi_lock spinlock to protect against races between the device
being removed and file operations on the spidev.  This means that in the
removal path all references to the device need to be done under lock as
in removal we dropping references to the device.

Reported-by: Vegard Nossum <vegard.nossum@oracle.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
2015-12-16 12:09:35 +00:00
Michael Ellerman
2475c36213 Partial revert of "powerpc: Individual System V IPC system calls"
This partially reverts commit a34236155a.

While reviewing the glibc patch to exploit the individual IPC calls,
Arnd & Andreas noticed that we were still requiring userspace to pass
IPC_64 in order to get the new style IPC API.

With a bit of cleanup in the kernel we can drop that requirement, and
instead only provide the new style API, which will simplify things for
userspace.

Rather than try and sneak that patch into 4.4, instead we will drop the
individual IPC calls for powerpc, and merge them again in 4.5 once the
cleanup patch has gone in.

Because we've already added sys_mlock2() as syscall #378, we don't do a
full revert of the IPC calls. Instead we drop the __NR #defines, and
send those now undefined syscall numbers to sys_ni_syscall(). This
leaves a gap in the syscall numbers, but we'll reuse them when we merge
the individual IPC calls.

Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Acked-by: Arnd Bergmann <arnd@arndb.de>
2015-12-16 21:52:32 +11:00
Eric Dumazet
887dc9f2ce inet: tcp: fix inetpeer_set_addr_v4()
David Ahern added a vif field in the a4 part of inetpeer_addr struct.

This broke IPv4 TCP fast open client side and more generally tcp metrics
cache, because inetpeer_addr_cmp() is now comparing two u32 instead of
one.

inetpeer_set_addr_v4() needs to properly init vif field, otherwise
the comparison result depends on uninitialized data.

Fixes: 192132b9a0 ("net: Add support for VRFs to inetpeer cache")
Reported-by: Yuchung Cheng <ycheng@google.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Neal Cardwell <ncardwell@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-16 00:14:12 -05:00
Hannes Frederic Sowa
9b29c6962b ipv6: automatically enable stable privacy mode if stable_secret set
Bjørn reported that while we switch all interfaces to privacy stable mode
when setting the secret, we don't set this mode for new interfaces. This
does not make sense, so change this behaviour.

Fixes: 622c81d57b ("ipv6: generation of stable privacy addresses for link-local and autoconf")
Reported-by: Bjørn Mork <bjorn@mork.no>
Cc: Bjørn Mork <bjorn@mork.no>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-15 23:37:32 -05:00
Lijun Pan
c4aa1937b7 fsl-ifc: add missing include on ARM64
Need to include sched.h to fix the following compilation error
if FSL_IFC is enabled on ARM64 machine.

In file included from include/linux/mmzone.h:9:0,
                 from include/linux/gfp.h:5,
                 from include/linux/kmod.h:22,
                 from include/linux/module.h:13,
                 from drivers/memory/fsl_ifc.c:22:
drivers/memory/fsl_ifc.c: In function ‘check_nand_stat’:
include/linux/wait.h:165:35: error: ‘TASK_NORMAL’ undeclared (first use in this function)
 #define wake_up(x)   __wake_up(x, TASK_NORMAL, 1, NULL)
                                   ^
drivers/memory/fsl_ifc.c:136:3: note: in expansion of macro ‘wake_up’
   wake_up(&ctrl->nand_wait);
   ^
include/linux/wait.h:165:35: note: each undeclared identifier is reported only once for each function it appears in
 #define wake_up(x)   __wake_up(x, TASK_NORMAL, 1, NULL)
                                   ^
drivers/memory/fsl_ifc.c:136:3: note: in expansion of macro ‘wake_up’
   wake_up(&ctrl->nand_wait);
   ^

Analysis is as follows:
I put some instrumental code and get the
following .h files inclusion sequence:

In file included from ./arch/arm64/include/asm/compat.h:25:0,
                 from ./arch/arm64/include/asm/stat.h:23,
                 from include/linux/stat.h:5,
                 from include/linux/module.h:10,
                 from drivers/memory/fsl_ifc.c:23:
include/linux/sched.h:113:1: error: expected ‘=’, ‘,’, ‘;’, ‘asm’ or ‘__attribute__’ before ‘struct’
 struct sched_attr {
 ^

CONFIG_COMPAT=y is enabled while 39 and 48 bit VA is selected.
When 42 bit VA is selected, it does not enable CONFIG_COMPAT=y

In ./arch/arm64/include/asm/stat.h:23, it has
"#ifdef CONFIG_COMPAT"
"#include <asm/compat.h>"
"..."
"#endif"

Since ./arch/arm64/include/asm/stat.h does not
include ./arch/arm64/include/asm/compat.h,
then it will not include include/linux/sched.h
Hence we have to manually add "#include <linux/sched.h>"
in drivers/memory/fsl_ifc.c

Signed-off-by: Lijun Pan <Lijun.Pan@freescale.com>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
2015-12-16 00:16:58 +01:00
Dan Williams
3e6110fd54 Revert "scatterlist: use sg_phys()"
commit db0fa0cb01 "scatterlist: use sg_phys()" did replacements of
the form:

    phys_addr_t phys = page_to_phys(sg_page(s));
    phys_addr_t phys = sg_phys(s) & PAGE_MASK;

However, this breaks platforms where sizeof(phys_addr_t) >
sizeof(unsigned long).  Revert for 4.3 and 4.4 to make room for a
combined helper in 4.5.

Cc: <stable@vger.kernel.org>
Cc: Jens Axboe <axboe@fb.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Russell King <linux@arm.linux.org.uk>
Cc: David Woodhouse <dwmw2@infradead.org>
Cc: Andrew Morton <akpm@linux-foundation.org>
Fixes: db0fa0cb01 ("scatterlist: use sg_phys()")
Suggested-by: Joerg Roedel <joro@8bytes.org>
Reported-by: Vitaly Lavrov <vel21ripn@gmail.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
2015-12-15 12:54:06 -08:00
tadeusz.struk@intel.com
130ed5d105 net: fix uninitialized variable issue
msg_iocb needs to be initialized on the recv/recvfrom path.
Otherwise afalg will wrongly interpret it as an async call.

Cc: stable@vger.kernel.org
Reported-by: Harald Freudenberger <freude@linux.vnet.ibm.com>
Signed-off-by: Tadeusz Struk <tadeusz.struk@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-15 15:46:48 -05:00
David S. Miller
5233252fce bluetooth: Validate socket address length in sco_sock_bind().
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-15 15:39:08 -05:00
Charlie Mooney
3eab4588c9 Input: elan_i2c - set input device's vendor and product IDs
Previously the "vendor" and "product" IDs for the elan_i2c driver simply
reported 0000.  This patch modifies the elan_i2c driver to include the
Elan vendor ID and the touchpad's product id under
input/input*/{vendor,product}.

Specifically, this is to allow us to apply a generic Elan gestures config
that will apply to all Elan touchpads on ChromeOS.  These configs  match to
input devices in various ways, but one major way is by matching on vendor
ID.  Adding this patch allows the default Elan touchpad config to be
applied to Elan touchpads in this kernel by matching on devices that have
vendor ID 04f3.

Note that product ID is also available via custom sysfs entry "product_id"
as well.

Signed-off-by: Charlie Mooney <charliemooney@chromium.org>
Signed-off-by: Dmitry Torokhov <dmitry.torokhov@gmail.com>
2015-12-15 11:35:55 -08:00
Linus Torvalds
edb42dc7bc dmaengine fixes for 4.4-rc6
This has fixes spread thru driver, notably among them
  - edma fixes for recent edma DT changes which went into 4.4
  - odd fixes for at_hdmac
  - minor fixes on bc dma and mic dma
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJWcE7VAAoJEHwUBw8lI4NH+IsP+gJEq1+xwC+Qni+oW0hUirwd
 jltn0PZiwawsBFFxj8ZoKBxRGcpLIG0YI0k/umdpeZE3bxg/IfffpBtZfZGSF8Gr
 w5lFZab2tyTjThc7PpjkGJB0ks/Dv1qlPZRx2+SoRq1IZP3ROv7i5HcTjr0pYWur
 PfGq7EkeBGxyVPeElSa7VhfzimyiDz/SS77ZgOPCagnu99rWc1A+bXGvTO367E1E
 IugN3+ndfykIHw4I3WBuVO+IC3yyXvgE21LyTIsb81iCs/ZzB3Cijb8jR3dpmtlK
 VoFJQwAdlJHw7J7pDWhMvM8HMYIErmLbFqZbDi6PHBe6ZYkLOP3z5QVIc67l1KIN
 vzIDUDvSLrFrRZ06691A6+/3yhI/g+FdlBaLeWwpcdJbmXHoEen2HrcQAF4ZUTRw
 RZQeDtgze1iBeqbzEeO5+esBcAxc2PUFKQHpt/vEB1kHoA9/KjUg5L8Mkjj6o/Xz
 uwoolopYJwI9H8rKZnX25F89N8R8cNrPXIe+qiCqPQj9cg2bmXzSTHFPdbI+t5bN
 YdOuV1qiYfzFPKStoQEjgmYEDduHw7ndUjGuw4CXGF0ctcYlkLbP3KATfLh4MLJb
 KpQ2GguIjOixlwtx/v9ovRKtqjYH5Egxa6TPiXm/MNVP2NXIXW+OG4x6OcKkLD9/
 KEDo6XywrAc0VkL+1EEy
 =r53B
 -----END PGP SIGNATURE-----

Merge tag 'dmaengine-fix-4.4-rc6' of git://git.infradead.org/users/vkoul/slave-dma

Pull dmaengine fixes from Vinod Koul:
 "This has fixes spread thru driver, notably among them:

   - edma fixes for recent edma DT changes which went into 4.4
   - odd fixes for at_hdmac
   - minor fixes on bc dma and mic dma"

* tag 'dmaengine-fix-4.4-rc6' of git://git.infradead.org/users/vkoul/slave-dma:
  dmaengine: at_xdmac: fix at_xdmac_prep_dma_memcpy()
  dmaengine: edma: DT: Change reserved slot array from 16bit to 32bit type
  dmaengine: edma: DT: Change memcpy channel array from 16bit to 32bit type
  dmaengine: mic_x100: add missing spin_unlock
  dmaengine: bcm2835-dma: Convert to use DMA pool
  dmaengine: at_xdmac: fix bad behavior in interleaved mode
  dmaengine: at_xdmac: fix false condition for memset_sg transfers
  dmaengine: at_xdmac: fix macro typo
2015-12-15 10:56:39 -08:00
Linus Torvalds
8c2b759efa fbdev fixes for 4.4
* OMAP: fix analog tv-out when using omapdrm
 * fsl: Fix kernel crash when diu_ops is not implemented
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJWcCqqAAoJEPo9qoy8lh71QZoP/0Rftvw/AYsFMFaOyJALIguI
 ou0PtZkAgAj5snmXcTcytTG7ifP1wyeJTh97SCStA8UmpbZ3o0DWkZrEMNM636Nv
 iUS/TjDeJRYHZc/KJhfLQA2M3rNCIHv9YbdptXWzBzk73bp3LvAnutp5I0J2wDT6
 zQdvRlIj0BYTBFJIl5UXnm/yVUcD3bEO79ezuwWPQ0wELl5iLRzkS0QHMvEpBe1k
 u2+9iM7wz/6kk9jetrffbV6Jg0Pr3ASHR22Dzvq55RWAMZBhnOpcSpK9T6OyiByB
 fmt5jguAAmxYDkPEPGEhSHTUcznkK/1Wmy3xRmR+DwOcQ9yjUj2/ThlQD4tsdlYu
 +uF2lngXfi2ZK0dsYVStEL8KvoxVWIJEcqregjgEeBQ46t5OPgecd5YOpMNDa2v+
 huHQpQ5ag7SBYl7EzaBTaO9gyxDJF9lupi1SvY3GRHugwkMqOQIT32lu2wtVTz59
 h2h6y726Jtc1RedervwwmviaEa772ZQpUIEC7i0zsHazsBNaicb0CoxxsMXD+F5D
 3BFsREZ+Bit/9f0Th540ar4EBlu2rFsqUspnJFWX15ITlIlbLc2cEqD+LeGnxlYL
 ims/iQYpznwwc0nICSBNMIDh+tzMDdgjG8P+IV0qnv8SHYgYc+ceMfERij+gGQrS
 e9grM4yFCWd51G8eu8/o
 =q7XP
 -----END PGP SIGNATURE-----

Merge tag 'fbdev-fixes-4.4' of git://git.kernel.org/pub/scm/linux/kernel/git/tomba/linux

Pull two fbdev fixes from Tomi Valkeinen:
 - OMAP: fix analog tv-out when using omapdrm
 - fsl: Fix kernel crash when diu_ops is not implemented

* tag 'fbdev-fixes-4.4' of git://git.kernel.org/pub/scm/linux/kernel/git/tomba/linux:
  OMAPDSS: fix timings for VENC to match what omapdrm expects
  video: fbdev: fsl: Fix kernel crash when diu_ops is not implemented
2015-12-15 10:50:13 -08:00
Linus Torvalds
5fab517d33 Wire up mlock2() syscall for ia64
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJWbxN3AAoJEKurIx+X31iB3ZoP/R2suDwiD91y7TOu0gat4NsY
 rZPYMwrm4gR3w8TLJLcj1ox099zzYcz1OntLjfaqz09hHtbrwz5BPEDM9s1AOkde
 sW8fZjcDlJbUXXRcUuftoaYy55H6Mukji3M8BF+6iNpPLvhB/8IQww84SA+PPJ0L
 +UCfyYUNk0gIWSKJ0sr7OC6n7yUlNuu/31SO1u28II737riFpW7fYT5/yn6Gf4hL
 Pi3QzQ4Ua4+bjzeiXd6EQvRXAYFE4nDTqbVuEkiBbEJ6WAoepcsYUzEFZJtYduTS
 VG8lo8etvU9OsjZGKVTujX021XyHoU5+SVZ4wU5gmL6NMd+qvRTmidbnzBjRy4jL
 7n9YpUwrfS9A3uUPCQDd9nW52z5W8zJjpA5ZbwexYDYzqFLTAeKA/dDLBpiSUkJf
 vDXWdEWWQ64uxwMUre4+EHn+joapZ+Sx/qM3o125X/uJ1UDR3S+b/ZHIGPVm87P6
 IREjiWkGz/z9vkmHBOAP+1yC7udwadHHlkE6Wew5/F4uK5QRUcqqpQmd6ZepaMK1
 TgXsVJrLBlA3umceWL0AxRVxk67LTT4RqIoh6QoJx9iK84iMsgPQ4sSQ10yd1TMf
 6MQqR7BoueVc9TaljWA+t0Yn9RTaiOP8yl3Px6qvNRZHyIY/9VStf1E6JglOTngV
 +eqklm46BNBiZDf9S3QL
 =JaQp
 -----END PGP SIGNATURE-----

Merge tag 'please-pull-mlock2' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux

Pull ia64 fix from Tony Luck:
 "Wire up mlock2() syscall for ia64"

* tag 'please-pull-mlock2' of git://git.kernel.org/pub/scm/linux/kernel/git/aegl/linux:
  [IA64] Enable mlock2 syscall for ia64
2015-12-15 10:45:29 -08:00
Eric Dumazet
225734de70 net_sched: make qdisc_tree_decrease_qlen() work for non mq
Stas Nichiporovich reported a regression in his HFSC qdisc setup
on a non multi queue device.

It turns out I mistakenly added a TCQ_F_NOPARENT flag on all qdisc
allocated in qdisc_create() for non multi queue devices, which was
rather buggy. I was clearly mislead by the TCQ_F_ONETXQUEUE that is
also set here for no good reason, since it only matters for the root
qdisc.

Fixes: 4eaf3b84f2 ("net_sched: fix qdisc_tree_decrease_qlen() races")
Reported-by: Stas Nichiporovich <stasn77@gmail.com>
Tested-by: Stas Nichiporovich <stasn77@gmail.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-15 13:41:52 -05:00
David S. Miller
58ab367b85 Merge branch 'ser_gigaset-platform-device-dealloc'
Paul Bolle says:

====================
ser_gigaset: fix deallocation of platform device structure

Sascha Levin reported that the syzkaller fuzzer triggered a WARNING in
ser_gigaset (see https://lkml.kernel.org/g/56587467.8050102@oracle.com ). It
turned out that ser_gigaset has always deallocated its platform device
structure incorrectly. Tilman submitted the patch that fixes that (3/4) and a
related cleanup (4/4).

Tilman also submitted a minor cleanup of some NULL checks (1/4) that prompted
Alan to turn those checks into WARN_ONs (2/4). If no one hits these WARN_ONs in
the next couple of releases these WARN_ONs should be removed.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-15 13:24:22 -05:00
Tilman Schmidt
8aeb3c3d65 ser_gigaset: remove unnecessary kfree() calls from release method
device->platform_data and platform_device->resource are never used
and remain NULL through their entire life. Drops the kfree() calls
for them from the device release method.

Signed-off-by: Tilman Schmidt <tilman@imap.cc>
Signed-off-by: Paul Bolle <pebolle@tiscali.nl>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-15 13:24:21 -05:00
Tilman Schmidt
4c5e354a97 ser_gigaset: fix deallocation of platform device structure
When shutting down the device, the struct ser_cardstate must not be
kfree()d immediately after the call to platform_device_unregister()
since the embedded struct platform_device is still in use.
Move the kfree() call to the release method instead.

Signed-off-by: Tilman Schmidt <tilman@imap.cc>
Fixes: 2869b23e4b ("drivers/isdn/gigaset: new M101 driver (v2)")
Reported-by: Sasha Levin <sasha.levin@oracle.com>
Signed-off-by: Paul Bolle <pebolle@tiscali.nl>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-15 13:24:21 -05:00
Alan Cox
ede03d306b ser_gigaset: turn nonsense checks into WARN_ON
These checks do nothing useful to protect the code from races. On the
other hand if the old code has been masking a real bug we would like to
know about it.

The check for tiocmset is kept because it is valid for a tty driver to
have a NULL tiocmset method. That in itself is probably a mistake given
modern coding practices - but needs fixing in the tty layer.

Signed-off-by: Alan Cox <alan@linux.intel.com>
Acked-by: Tilman Schmidt <tilman@imap.cc>
Signed-off-by: Paul Bolle <pebolle@tiscali.nl>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-15 13:24:21 -05:00
Tilman Schmidt
74375c0528 ser_gigaset: fix up NULL checks
Commit f34d7a5b70 ("tty: The big operations rework") changed
tty->driver to tty->ops but left NULL checks for tty->driver untouched.
Fix.

Signed-off-by: Tilman Schmidt <tilman@imap.cc>
[pebolle: removed Fixes tag]
Signed-off-by: Paul Bolle <pebolle@tiscali.nl>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-15 13:24:20 -05:00
Linus Torvalds
ca43444e43 Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
Pull crypto fix from Herbert Xu:
 "This fixes a boundary condition in the blkcipher SG walking code that
  can lead to a crash when used with the new chacha20 algorithm"

* 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
  crypto: skcipher - Copy iv from desc even for 0-len walks
2015-12-15 10:21:04 -08:00
Linus Torvalds
173ae9ba63 Fix user-visible spelling error
Pavel Machek reports a warning about W+X pages found in the "Persisent"
kmap area.  After grepping for it (using the correct spelling), and not
finding it, I noticed how the debug printk was just misspelled.  Fix it.

The actual mapping bug that Pavel reported is still open.  It's
apparently a separate issue from the known EFI page tables, looks like
it's related to the HIGHMEM mappings.

Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2015-12-15 10:15:57 -08:00
Dan Carpenter
389e4e04ad qlcnic: fix a timeout loop
The problem here is that at the end of the loop we test for if
idc->vnic_wait_limit is zero, but since idc->vnic_wait_limit-- is a
post-op, it actually ends up set to (u8)-1.  I have fixed this by
moving the decrement inside the loop.

Fixes: 486a5bc77a ('qlcnic: Add support for 83xx suspend and resume.')
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-15 13:11:05 -05:00
Dan Carpenter
fe0be35e2c sfc: fix a timeout loop
We test for if "tries" is zero at the end but "tries--" is a post-op so
it will end with "tries" set to -1.  I have changed it to a pre-op
instead.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-15 12:46:26 -05:00
Dan Carpenter
351434c6ba qlge: fix a timeout loop in ql_change_rx_buffers()
The problem here is that after the loop we test for "if (!i) " but
because "i--" is a post-op we exit with i set to -1.  I have fixed this
by changing it to a pre-op instead.  I had to change the starting value
from 3 to 4 so that we still iterate 3 times.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-15 12:46:03 -05:00
Dan Carpenter
c7557e6a56 amd-xgbe: fix a couple timeout loops
At the end of the loop we test "if (!count)" but because "count--" is
a post-op then the loop will end with count set to -1.  I have fixed
this by changing it to --count.

Fixes: c5aa9e3b81 ('amd-xgbe: Initial AMD 10GbE platform driver')
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-15 12:43:01 -05:00
Dan Carpenter
40d24c4d8a mISDN: fix a loop count
There are two issue here.
1)  cnt starts as maxloop + 1 so all these loops iterate one more time
    than intended.
2)  At the end of the loop we test for "if (maxloop && !cnt)" but for
    the first two loops, we end with cnt equal to -1.  Changing this to
    a pre-op means we end with cnt set to 0.

Fixes: cae86d4a4e ('mISDN: Add driver for Infineon ISDN chipset family')
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-12-15 12:42:27 -05:00
Chris Mason
1d3a5a82fe Merge branch 'for-chris-4.4' of git://git.kernel.org/pub/scm/linux/kernel/git/fdmanana/linux into for-linus-4.4 2015-12-15 09:09:59 -08:00
Chris Mason
bb1591b4ea Btrfs: check prepare_uptodate_page() error code earlier
prepare_pages() may end up calling prepare_uptodate_page() twice if our
write only spans a single page.  But if the first call returns an error,
our page will be unlocked and its not safe to call it again.

This bug goes all the way back to 2011, and it's not something commonly
hit.

While we're here, add a more explicit check for the page being truncated
away.  The bare lock_page() alone is protected only by good thoughts and
i_mutex, which we're sure to regret eventually.

Reported-by: Dave Jones <dsj@fb.com>
Signed-off-by: Chris Mason <clm@fb.com>
2015-12-15 09:09:38 -08:00