Commit Graph

591831 Commits

Author SHA1 Message Date
David S. Miller
909b27f706 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
The nf_conntrack_core.c fix in 'net' is not relevant in 'net-next'
because we no longer have a per-netns conntrack hash.

The ip_gre.c conflict as well as the iwlwifi ones were cases of
overlapping changes.

Conflicts:
	drivers/net/wireless/intel/iwlwifi/mvm/tx.c
	net/ipv4/ip_gre.c
	net/netfilter/nf_conntrack_core.c

Signed-off-by: David S. Miller <davem@davemloft.net>
2016-05-15 13:32:48 -04:00
Linus Torvalds
272911b889 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Pull networking fixes from David Miller:

 1) Fix mvneta/bm dependencies, from Arnd Bergmann.

 2) RX completion hw bug workaround in bnxt_en, from Michael Chan.

 3) Kernel pointer leak in nf_conntrack, from Linus.

 4) Hoplimit route attribute limits not enforced properly, from Paolo
    Abeni.

 5) qlcnic driver NULL deref fix from Dan Carpenter.

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net:
  arm64: bpf: jit JMP_JSET_{X,K}
  net/route: enforce hoplimit max value
  nf_conntrack: avoid kernel pointer value leak in slab name
  drivers: net: xgene: fix register offset
  drivers: net: xgene: fix statistics counters race condition
  drivers: net: xgene: fix ununiform latency across queues
  drivers: net: xgene: fix sharing of irqs
  drivers: net: xgene: fix IPv4 forward crash
  xen-netback: fix extra_info handling in xenvif_tx_err()
  net: mvneta: bm: fix dependencies again
  bnxt_en: Add workaround to detect bad opaque in rx completion (part 2)
  bnxt_en: Add workaround to detect bad opaque in rx completion (part 1)
  qlcnic: potential NULL dereference in qlcnic_83xx_get_minidump_template()
2016-05-14 14:15:06 -07:00
Florian Fainelli
8fbb89c6fb net: switchdev: Drop EXPERIMENTAL from description
Switchdev has been around for quite a while now, putting "EXPERIMENTAL"
in the description is no longer accurate, drop it.

Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
Acked-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-05-14 17:06:37 -04:00
Zi Shen Lim
98397fc547 arm64: bpf: jit JMP_JSET_{X,K}
Original implementation commit e54bcde3d6 ("arm64: eBPF JIT compiler")
had the relevant code paths, but due to an oversight always fail jiting.

As a result, we had been falling back to BPF interpreter whenever a BPF
program has JMP_JSET_{X,K} instructions.

With this fix, we confirm that the corresponding tests in lib/test_bpf
continue to pass, and also jited.

...
[    2.784553] test_bpf: #30 JSET jited:1 188 192 197 PASS
[    2.791373] test_bpf: #31 tcpdump port 22 jited:1 325 677 625 PASS
[    2.808800] test_bpf: #32 tcpdump complex jited:1 323 731 991 PASS
...
[    3.190759] test_bpf: #237 JMP_JSET_K: if (0x3 & 0x2) return 1 jited:1 110 PASS
[    3.192524] test_bpf: #238 JMP_JSET_K: if (0x3 & 0xffffffff) return 1 jited:1 98 PASS
[    3.211014] test_bpf: #249 JMP_JSET_X: if (0x3 & 0x2) return 1 jited:1 120 PASS
[    3.212973] test_bpf: #250 JMP_JSET_X: if (0x3 & 0xffffffff) return 1 jited:1 89 PASS
...

Fixes: e54bcde3d6 ("arm64: eBPF JIT compiler")
Signed-off-by: Zi Shen Lim <zlim.lnx@gmail.com>
Acked-by: Will Deacon <will.deacon@arm.com>
Acked-by: Yang Shi <yang.shi@linaro.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-05-14 16:11:45 -04:00
Paolo Abeni
626abd59e5 net/route: enforce hoplimit max value
Currently, when creating or updating a route, no check is performed
in both ipv4 and ipv6 code to the hoplimit value.

The caller can i.e. set hoplimit to 256, and when such route will
 be used, packets will be sent with hoplimit/ttl equal to 0.

This commit adds checks for the RTAX_HOPLIMIT value, in both ipv4
ipv6 route code, substituting any value greater than 255 with 255.

This is consistent with what is currently done for ADVMSS and MTU
in the ipv4 code.

Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-05-14 15:33:32 -04:00
Linus Torvalds
31b0b385f6 nf_conntrack: avoid kernel pointer value leak in slab name
The slab name ends up being visible in the directory structure under
/sys, and even if you don't have access rights to the file you can see
the filenames.

Just use a 64-bit counter instead of the pointer to the 'net' structure
to generate a unique name.

This code will go away in 4.7 when the conntrack code moves to a single
kmemcache, but this is the backportable simple solution to avoiding
leaking kernel pointers to user space.

Fixes: 5b3501faa8 ("netfilter: nf_conntrack: per netns nf_conntrack_cachep")
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Acked-by: Eric Dumazet <eric.dumazet@gmail.com>
Cc: stable@vger.kernel.org
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-05-14 15:04:43 -04:00
Linus Torvalds
6ba5b85fd4 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
Pull vfs fixes from Al Viro:
 "Overlayfs fixes from Miklos, assorted fixes from me.

  Stable fodder of varying severity, all sat in -next for a while"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
  ovl: ignore permissions on underlying lookup
  vfs: add lookup_hash() helper
  vfs: rename: check backing inode being equal
  vfs: add vfs_select_inode() helper
  get_rock_ridge_filename(): handle malformed NM entries
  ecryptfs: fix handling of directory opening
  atomic_open(): fix the handling of create_error
  fix the copy vs. map logics in blk_rq_map_user_iov()
  do_splice_to(): cap the size before passing to ->splice_read()
2016-05-14 11:59:43 -07:00
David S. Miller
b915065862 Merge branch 'xgene-fixes'
Iyappan Subramanian says:

====================
drivers: net: xgene: Bug fixes

This patch set addresses the following bug fixes that were found during testing.

  1. IPv4 forward test crash
    - drivers: net: xgene: fix IPv4 forward crash

  2. Sharing of irqs
    - drivers: net: xgene: fix sharing of irqs

  3. Ununiform latency across queues
    - drivers: net: xgene: fix ununiform latency across queues

  4. Fix statistics counters race condition
    - drivers: net: xgene: fix statistics counters race condition

  5. Correcting register offset and field lengths
    - drivers: net: xgene: fix register offset

v2: Address review comments from v1
- Defer TSO fix, and reposting all other patches from v1

v1:
- Initial version
====================

Signed-off-by: Iyappan Subramanian <isubramanian@apm.com>

Signed-off-by: David S. Miller <davem@davemloft.net>
2016-05-13 21:12:07 -04:00
Iyappan Subramanian
e2f2d9a726 drivers: net: xgene: fix register offset
This patch fixes SG_RX_DV_GATE_REG_0_ADDR register offset
and ring state field lengths.

Signed-off-by: Iyappan Subramanian <isubramanian@apm.com>
Tested-by: Toan Le <toanle@apm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-05-13 21:12:07 -04:00
Iyappan Subramanian
3bb502f830 drivers: net: xgene: fix statistics counters race condition
This patch fixes the race condition on updating the statistics
counters by moving the counters to the ring structure.

Signed-off-by: Iyappan Subramanian <isubramanian@apm.com>
Tested-by: Toan Le <toanle@apm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-05-13 21:12:06 -04:00
Iyappan Subramanian
1b090a4839 drivers: net: xgene: fix ununiform latency across queues
This patch addresses ununiform latency across queues by adding
more queues to match with, upto number of CPU cores.

Also, number of interrupts are increased and the channel numbers
are reordered.

Signed-off-by: Iyappan Subramanian <isubramanian@apm.com>
Tested-by: Toan Le <toanle@apm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-05-13 21:12:06 -04:00
Iyappan Subramanian
46a22d29a5 drivers: net: xgene: fix sharing of irqs
Since hardware doesn't allow sharing of interrupts,
this patch fixes the same by removing IRQF_SHARED flag.

Signed-off-by: Iyappan Subramanian <isubramanian@apm.com>
Tested-by: Toan Le <toanle@apm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-05-13 21:12:06 -04:00
Iyappan Subramanian
b30cfd241f drivers: net: xgene: fix IPv4 forward crash
This patch fixes the crash observed during IPv4 forward test by
setting the drop field in the dbptr.

Signed-off-by: Iyappan Subramanian <isubramanian@apm.com>
Tested-by: Toan Le <toanle@apm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-05-13 21:12:06 -04:00
David S. Miller
8ea658cea4 Merge branch '1GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/next-queue
Jeff Kirsher says:

====================
1GbE Intel Wired LAN Driver Updates 2016-05-13

This series contains updates to e1000e, igb and igbvf.

Steve Shih fixes an issue for disabling auto-negotiation and forcing
speed and duplex settings for non-copper media.

Brian Walsh cleanups some inconsistency in the use of return variables
names to avoid confusion.

Jake cleans up the drivers to use the BIT() macro when it can, which will
future proof the drivers for GCC 6 when it gets released.  Cleaned up
dead code which was never being used.  Also fixed e1000e, where it was
incorrectly restting the SYSTIM registers every time the ioctl was being
run.

Denys Vlasenko fixes an oversight where incvalue variable holds a 32
bit value so we should declare it as such, instead of 64 bits.  Also
fixed an overflow check, where two reads are the same, then it is not
an overflow.

Nathan Sullivan fixes the PTP timestamps for transmit and receive
latency based on the current link speed.

Alexander Duyck adds support for partial GSO segmentation in the case
of tunnels for igb and igbvf.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2016-05-13 21:08:24 -04:00
Linus Torvalds
1410b74e40 Merge branch 'for-4.6-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup
Pull cgroup fixes from Tejun Heo:
 "During v4.6-rc1 cgroup namespace support was merged.  There is an
  issue where it's impossible to tell whether a given cgroup mount point
  is bind mounted or namespaced.  Serge has been working on the issue
  but it took longer than expected to resolve, so the late pull request.

  Given that it's a completely new feature and the patches don't touch
  anything else, the risk seems acceptable.  However, if this is too
  late, an alternative is plugging new cgroup ns creation for v4.6 and
  retrying for v4.7"

* 'for-4.6-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup:
  cgroup: fix compile warning
  kernfs: kernfs_sop_show_path: don't return 0 after seq_dentry call
  cgroup, kernfs: make mountinfo show properly scoped path for cgroup namespaces
  kernfs_path_from_node_locked: don't overwrite nlen
2016-05-13 16:26:46 -07:00
Linus Torvalds
da92223908 Merge branch 'for-4.6-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq
Pull workqueue fix from Tejun Heo:
 "CPU hotplug callbacks can invoke DOWN_FAILED w/o preceding
  DOWN_PREPARE which can trigger a WARN_ON() in workqueue.

  The bug has been there for a very long time.  It only triggers if CPU
  down fails at a specific point and I don't think it has adverse
  effects other than the warning messages.  The fix is very low impact"

* 'for-4.6-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq:
  workqueue: fix rebind bound workers warning
2016-05-13 16:16:51 -07:00
Jacob Keller
aa524b66c5 e1000e: don't modify SYSTIM registers during SIOCSHWTSTAMP ioctl
The e1000e_config_hwtstamp function was incorrectly resetting the SYSTIM
registers every time the ioctl was being run. If you happened to be
running ptp4l and lost the PTP connect (removing cable, or blocking the
UDP traffic for example), then ptp4l will eventually perform a restart
which involves re-requesting timestamp settings. In e1000e this has the
unfortunate and incorrect result of resetting SYSTIME to the kernel
time. Since kernel time is usually in UTC, and PTP time is in TAI, this
results in the leap second being re-applied.

Fix this by extracting the SYSTIME reset out into its own function,
e1000e_ptp_reset, which we call during reset to restore the hardware
registers. This function will (a) restart the timecounter based on the
new system time, (b) restore the previous PPB setting, and (c) restore
the previous hwtstamp settings.

In order to perform (b), I had to modify the adjfreq ptp function
pointer to store the old delta each time it is called. This also has the
side effect of restoring the correct base timinca register correctly.
The driver does not need to explicitly zero the ptp_delta variable since
the entire adapter structure comes zero-initialized.

Reported-by: Brian Walsh <brian@walsh.ws>
Signed-off-by: Jacob Keller <jacob.e.keller@intel.com>
Tested-by: Brian Walsh <brian@walsh.ws>
Tested-by: Aaron Brown <aaron.f.brown@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2016-05-13 15:30:44 -07:00
Alexander Duyck
e10715d3e9 igb/igbvf: Add support for GSO partial
This patch adds support for partial GSO segmentation in the case of
tunnels.  Specifically with this change the driver an perform segmentation
as long as the frame either has IPv6 inner headers, or we are allowed to
mangle the IP IDs on the inner header.  This is needed because we will not
be modifying any fields from the start of the start of the outer transport
header to the start of the inner transport header as we are treating them
like they are just a block of IP options.

Signed-off-by: Alexander Duyck <aduyck@mirantis.com>
Tested-by: Aaron Brown <aaron.f.brown@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2016-05-13 15:26:37 -07:00
Jacob Keller
942c711206 e1000e: mark shifted values as unsigned
The E1000_ICH_NVM_SIG_MASK value is shifted, out to the 31st bit, which
is the signed bit for signed constants. Mark these values as unsigned to
prevent compiler warnings and issues on platforms which a different
signed bit implementation.

Signed-off-by: Jacob Keller <jacob.e.keller@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2016-05-13 15:19:05 -07:00
Jacob Keller
18dd239207 e1000e: use BIT() macro for bit defines
This prevents signed bitshift issues when the shift would overwrite the
signed bit, and prevents making this mistake in the future when copying
and modifying code.

Use GENMASK or the unsigned postfix for cases which aren't suitable for
BIT() macro.

Signed-off-by: Jacob Keller <jacob.e.keller@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2016-05-13 15:15:36 -07:00
Jacob Keller
0ed2dbf4f4 igbvf: use BIT() macro instead of shifts
To prevent signed bitshift issues, and improve code readability, use the
BIT() macro. Also make use of GENMASK or the unsigned postfix where this
is more appropriate than BIT()

Signed-off-by: Jacob Keller <jacob.e.keller@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2016-05-13 15:12:03 -07:00
Jacob Keller
12b28b4108 igbvf: remove unused variable and dead code
The variable rdlen is set but never used, and thus setting it is dead
code. Remove it.

Signed-off-by: Jacob Keller <jacob.e.keller@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2016-05-13 15:06:33 -07:00
Nathan Sullivan
3f544d2a4d igb: adjust PTP timestamps for Tx/Rx latency
Table 7-62 on page 338 of the i210 datasheet lists TX and RX latencies
for the various speeds the chip supports.  To give better PTP timestamp
accuracy, adjust the timestamps by the amounts Intel gives based on
current link speed.

Signed-off-by: Nathan Sullivan <nathan.sullivan@ni.com>
Tested-by: Aaron Brown <aaron.f.brown@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2016-05-13 15:02:08 -07:00
Denys Vlasenko
ab507c9a54 e1000e: e1000e_cyclecounter_read(): do overflow check only if needed
SYSTIMH:SYSTIML registers are incremented by 24-bit value TIMINCA[23..0]

er32(SYSTIML) are probably moderately expensive (they are pci bus reads).
Can we avoid one of them? Yes, we can.

If the SYSTIML value we see is smaller than 0xff000000, the overflow
into SYSTIMH would require at least two increments.

We do two reads, er32(SYSTIML) and er32(SYSTIMH), in this order.

Even if one increment happens between them, the overflow into SYSTIMH
is impossible, and we can avoid doing another er32(SYSTIML) read
and overflow check.

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
Tested-by: Aaron Brown <aaron.f.brown@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2016-05-13 14:56:35 -07:00
Denys Vlasenko
a07fd74d5e e1000e: e1000e_cyclecounter_read(): fix er32(SYSTIML) overflow check
If two consecutive reads of the counter are the same, it is also
not an overflow.  "systimel_1 < systimel_2" should be
"systimel_1 <= systimel_2".

Before the patch, we could perform an *erroneous* correction:

Let's say that systimel_1 == systimel_2 == 0xffffffff.
"systimel_1 < systimel_2" is false, we think it's an overflow,
we read "systimeh = er32(SYSTIMH)" which meanwhile had incremented,
and use "(systimeh << 32) + systimel_2" value which is 2^32 too large.

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
CC: intel-wired-lan@lists.osuosl.org
Tested-by: Aaron Brown <aaron.f.brown@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2016-05-13 14:52:31 -07:00
Denys Vlasenko
fb5277f2c2 e1000e: e1000e_cyclecounter_read(): incvalue is 32 bits, not 64
"incvalue" variable holds a result of "er32(TIMINCA) &
E1000_TIMINCA_INCVALUE_MASK" and used in "do_div(temp, incvalue)"
as a divisor.

Thus, "u64 incvalue" declaration is probably a mistake.
Even though it seems to be a harmless one, let's fix it.

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
Tested-by: Aaron Brown <aaron.f.brown@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2016-05-13 14:46:45 -07:00
Jacob Keller
8008f68cb8 igb: make igb_update_pf_vlvf static
Signed-off-by: Jacob Keller <jacob.e.keller@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2016-05-13 14:39:59 -07:00
Jacob Keller
a51d8c217b igb: use BIT() macro or unsigned prefix
For bitshifts, we should make use of the BIT macro when possible, and
ensure that other bitshifts are marked as unsigned. This helps prevent
signed bitshift errors, and ensures similar style.

Make use of GENMASK and the unsigned postfix where BIT() isn't
appropriate.

Signed-off-by: Jacob Keller <jacob.e.keller@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2016-05-13 14:39:47 -07:00
Brian Walsh
847042a6a5 e1000e: Cleanup consistency in ret_val variable usage
Fixed the file to use a consistent ret_val for return value checking.

Signed-off-by: Brian Walsh <brian@walsh.ws>
Tested-by: Aaron Brown <aaron.f.brown@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2016-05-13 14:30:40 -07:00
Steve Shih
e11f303e3d e1000e: fix ethtool autoneg off for non-copper
This patch fixes the issues for disabling auto-negotiation and forcing
speed and duplex settings for the non-copper media.

For non-copper media, e1000_get_settings should return ETH_TP_MDI_INVALID for
eth_tp_mdix_ctrl instead of ETH_TP_MDI_AUTO so subsequent e1000_set_settings
call would not fail with -EOPNOTSUPP.

e1000_set_spd_dplx should not automatically turn autoneg back on for forced
1000 Mbps full duplex settings for non-copper media.

Cc: xe-kernel@external.cisco.com
Cc: Daniel Walker <dwalker@fifo99.com>
Signed-off-by: Steve Shih <sshih@cisco.com>
Tested-by: Aaron Brown <aaron.f.brown@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
2016-05-13 14:23:37 -07:00
Linus Torvalds
65643e3abe Merge branch 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull scheduler fix from Ingo Molnar:
 "This is a revert to fix an interactivity problem.

  The proper fixes for the problems that the reverted commit exposed are
  now in sched/core (consisting of 3 patches), but were too risky for
  v4.6 and will arrive in the v4.7 merge window"

* 'sched-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  Revert "sched/fair: Fix fairness issue on migration"
2016-05-13 12:21:17 -07:00
Linus Torvalds
f7f4d43b23 Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull perf fixes from Ingo Molnar:
 "An uncharacteristically large number of bugs popped up in the last
  week:

   - various tooling fixes, two crashes and build problems
   - two Intel PT fixes
   - an KNL uncore driver fix
   - an Intel PMU driver fix"

* 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  perf stat: Fallback to user only counters when perf_event_paranoid > 1
  perf evsel: Handle EACCESS + perf_event_paranoid=2 in fallback()
  perf evsel: Improve EPERM error handling in open_strerror()
  tools lib traceevent: Do not reassign parg after collapse_tree()
  perf probe: Check if dwarf_getlocations() is available
  perf dwarf: Guard !x86_64 definitions under #ifdef else clause
  perf tools: Use readdir() instead of deprecated readdir_r()
  perf thread_map: Use readdir() instead of deprecated readdir_r()
  perf script: Use readdir() instead of deprecated readdir_r()
  perf tools: Use readdir() instead of deprecated readdir_r()
  perf/core: Disable the event on a truncated AUX record
  perf/x86/intel/pt: Generate PMI in the STOP region as well
  perf/x86: Fix undefined shift on 32-bit kernels
  perf/x86/msr: Fix SMI overflow
  perf/x86/intel/uncore: Fix CHA registers configuration procedure for Knights Landing platform
  perf diff: Fix duplicated output column
2016-05-13 11:54:02 -07:00
Linus Torvalds
18759462b6 Three more bug fixes for ARM SoCs this week:
- The Atmel sama5d2 was registering the wrong NFC device type
 - On Atmel sam9x5, the power management controller had an incorrect
   register area size
 - On ARM64 Allwinner machine was not secting the generic irqchip
   code, causing build errors in some configurations
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIVAwUAVzX1BGCrR//JCVInAQILnA//VG5KC42ohWCzlLrD1zmRamJ0R3YttuS7
 7HWDzokTHzSX3DQ0GRVRZZ333rpqPXnDq3egz67FIBMpI9kP8wYRWvn8FWC7dS1v
 6hy1m5mjJgaF7M2FcSLWyKCgRcnI61LRLhsLp8vinZsOPisfV0PMtq/bMeJALOKv
 wZVfRaY6WbWo8ejPxXQY4f86qkYIPDZ4ExzymAJQwthXMR7E8BZN+ygIWkriP6kv
 JxlkOSkU9qTtqShRILG+qUvlwQyNOgI/zjZ0tCRq05pzO3wUpUQLILNeM4yIcCpn
 LOQqKHJ7VsH0V+9QIXtF1Q71MDRwx/e87VkBsyvpF096HlBfTsPmhwiLNxzcQ09U
 fddSCPRAk3WZMsJ/gpMRvAGNF+65/MM8a1QpcHnyvAGM2nRa+FeaZJ1d/aEh7q/o
 P4Tj7fCg/K3DNbidWTXgwiDtaCeoCaxjsoWSXPArboLdsTTZznaDDgjI8UwmdIZ4
 CSt28ba5ugPYqpHdMbiNCNW08ofeBi6nyI094yibJYoggVq5rrHJIcT/rhkhFmMs
 Z+WfSbp6KIbjaGvBEQA+S2Ed1VzndcTQSrzdM/sQE54uBQmQZs6bvWCx5xTYzTMP
 gr8nJT+ZILzFnclqRvF7qX58fJCrFj5acyV9edr2axMN2SR9EmcN8dtnrOF3Evw5
 8dn6DIYppKE=
 =HPqy
 -----END PGP SIGNATURE-----

Merge tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc

Pull ARM SoC fixes from Arnd Bergmann:
 "Three more bug fixes for ARM SoCs this week:

   - The Atmel sama5d2 was registering the wrong NFC device type

   - On Atmel sam9x5, the power management controller had an incorrect
     register area size

   - On ARM64 Allwinner machine was not secting the generic irqchip
     code, causing build errors in some configurations"

* tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc:
  ARM: dts: at91: sam9x5: Fix the memory range assigned to the PMC
  arm64/sunxi: 4.6-rc1: Add dependency on generic irq chip
  ARM: dts: at91: sama5d2: use "atmel,sama5d3-nfc" compatible for nfc
2016-05-13 09:52:00 -07:00
Linus Torvalds
c3548b730d regulator: Fixes for v4.6
A small collection of driver specific fixes for the regulator
 subsysetem:
 
  - Fix handling of probe deferral for GPIO regulators.
  - Fix a typo in the module alias for DA9053.
  - Fix the definition of BUCK9 in the S2MPS11 driver.  This change looks
    larger than it is because an irregularity in the hardware means that
    the macro used to define bucks 6-10 needs duplicating and tweaking
    to have a separate macro for 9.
  - Fix a series of errors in the definitions of the LDOs the AXP20x
    regulators, some of which had always been present and some of which
    were introduced in the merge window.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJXNazxAAoJECTWi3JdVIfQd9EH/0x/3Era4ctuLFP/dKVg+lAQ
 PDwgGRlHg1RVyEzzy1ZWqew//P7hgBo6urwFHjcczBE95e0bBhhMJERGnhya07uq
 eWYfPARl1zHxEm0gOfLBDaFAW8YIaNyXiEsW/aTeViNIL9/HIAd/ZTZhJiDLPiAF
 FdNs3yzBuAR5SHsnvCTXZY1d20LeQC6AC2nWUo2WrcyKKZZ0HamrSLP0lMq0OHVQ
 n2h/8f1g9TcykakCStB/4D8vLKMt0OYmalh3Y/C/JGkWnhMoBTLRgktrNFh6lnh9
 E0SnMXSuZbC9+mv8MLRHQft6XagDYzNq+odwSb9tfqbXqBdncOpvvVr6hLmzxGk=
 =sVmG
 -----END PGP SIGNATURE-----

Merge tag 'regulator-fix-v4.6-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator

Pull regulator fixes from Mark Brown:
 "A small collection of driver specific fixes for the regulator
  subsysetem:

   - Fix handling of probe deferral for GPIO regulators

   - Fix a typo in the module alias for DA9053

   - Fix the definition of BUCK9 in the S2MPS11 driver.  This change
     looks larger than it is because an irregularity in the hardware
     means that the macro used to define bucks 6-10 needs duplicating
     and tweaking to have a separate macro for 9

   - Fix a series of errors in the definitions of the LDOs the AXP20x
     regulators, some of which had always been present and some of which
     were introduced in the merge window"

* tag 'regulator-fix-v4.6-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator:
  regulator: da9063: Correct module alias prefix to fix module autoloading
  regulator: axp20x: Fix axp22x ldo_io registration error on cold boot
  regulator: axp20x: Fix axp22x ldo_io voltage ranges
  regulator: axp20x: Fix LDO4 linear voltage range
  regulator: s2mps11: Fix invalid selector mask and voltages for buck9
  regulator: gpio: check return value of of_get_named_gpio
2016-05-13 09:46:00 -07:00
Linus Torvalds
c42b8fe941 regmap: Fixes for v4.6
This is rather too late so it'd be completely understandable if you
 don't want to pull it at this point, I had thought I'd sent this earlier
 but it seems I didn't.  Everything has been in -next for some time now.
 
 The main set of fixes here are mopping up some more issues with MMIO,
 fixing handling of endianness configuration in DT (which just wasn't
 working at all) and cases where the register and value endianness are
 different.
 
 There is also a fix for bulk register reads on SPMI.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJXNaKUAAoJECTWi3JdVIfQoxEH/1DZGfeFyqhh4cdxrYz6UUr/
 MbfMDR1wxNEvD4pifak6wYzQlern2Ki4J8ac72LP2OH9MYEoVs7kxESdSbqcVerc
 uWQmn1qzj41hBSP5I4zmHIvYAwDry3B8mVVK9aYk+kBZLyOiw0eoMgZYyxB9cqws
 pnfR4+5XHcaLGxh8QdIM7cXW1YOykXma4ivdwjwSlgWhYLGdh++j/uo9IUxqCrSa
 qqxfMLPvAtEcksH8p4sJoRjibVDvzLXOvr3jMVHWyFoRGNDDB4TRiPkvydI04vYP
 39pjg3c4gIAmp/RFyie1B8+zm4C+EQAkeiyH6D4jq8k9Gu6Y/XhqwFIAKtni3zg=
 =k8tp
 -----END PGP SIGNATURE-----

Merge tag 'regmap-fix-v4.6-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regmap

Pull regmap fixes from Mark Brown:
 "This is rather too late so it'd be completely understandable if you
  don't want to pull it at this point, I had thought I'd sent this
  earlier but it seems I didn't.  Everything has been in -next for some
  time now.

  The main set of fixes here are mopping up some more issues with MMIO,
  fixing handling of endianness configuration in DT (which just wasn't
  working at all) and cases where the register and value endianness are
  different.

  There is also a fix for bulk register reads on SPMI"

* tag 'regmap-fix-v4.6-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regmap:
  regmap: spmi: Fix regmap_spmi_ext_read in multi-byte case
  regmap: mmio: Explicitly say little endian is the defualt in the bus config
  regmap: mmio: Parse endianness definitions from DT
  regmap: Fix implicit inclusion of device.h
  regmap: mmio: Fix value endianness selection
  regmap: fix documentation to match code
2016-05-13 09:40:32 -07:00
Linus Torvalds
90fa7c7fa3 media fixes for v4.6-rc8
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJXNbnRAAoJEAhfPr2O5OEV9NAP/R72SwjZZrPV8ABV/yF6iiRL
 pEcnDWP1vfOq3hlWKAvKHtzyAh13zUlkf0WAZJ5SFbkIyxrPD1mNCjwqNdYPFUpS
 m2kAP7E8sU3ldRCdlD9QpsaOnrnRVpsPc8ChawqRyp0gVs/b+I3cJ82l2S1JHwTR
 wO+7Uid3FwDtgzuiTecmtDiqKJJ1AgW3YNXJXnug2L6bAhPxHgJct+OV2K/n37de
 MSIaVNHkIZxaFLXtIoCWiyxhJQCngAQhdDm+wxNGWupSdxmqArBq9QljX/6ZR9rB
 7OFT8Td85J59WmMhxSvbjfCnlj0KO/fJX/QIaBXK4gFtolZxgpVAsxHaWMWtrrii
 UitDMcRL1aEyygpwW72BqJ62r4RQn1QBBTRUaGlAWzYwZU6C0B0Aj70qhxdocjNE
 cxv6ND2WftbYIUEQceLrFV7Qzee07YIS+FapB1Vda1s+mDtfCBnfd+n5gTkGmIeY
 bweoHGAELDPyLntu6iboqAtG5MiSWGUtOEAZsYhm7ugY5OeCh8wiq4lUDsb2hQ3T
 TnaCVPHEFghN5+KAmiFcp46lOCab8H0crmfEmSMGzcIMf1fZBYUc8TjceGb5GHI/
 l2uNYAUz7vrZvs/qX/tKfIEERlzDgDTvw1T8NL6yt8fKzZA4Ajr3WhWntBbrfnXi
 KplRJ1ngkpoArG4+24v9
 =PEbo
 -----END PGP SIGNATURE-----

Merge tag 'media/v4.6-6' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media

Pull media fix from Mauro Carvalho Chehab:
 "A revert fixing a breakage that caused an OOPS on all VB2-based DVB
  drivers.

  We already have a proper fix, but it sounds safer to keep it being
  tested for a while and not hurry, to avoid the risk of another
  regression, specially since this is meant to be c/c to stable.  So,
  for now, let's just revert the broken patch"

* tag 'media/v4.6-6' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media:
  Revert "[media] videobuf2-v4l2: Verify planes array in buffer dequeueing"
2016-05-13 09:34:59 -07:00
Linus Torvalds
9dcf8a58c7 Merge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linux
Pull drm fixes from Dave Airlie:
 "A bunch of radeon displayport mode setting fixes, and some misc i915
  fixes.

  There is one revert, the MST audio code in i915 was causing some
  oopses, so we've decided just to drop it until next kernel when we can
  fix it properly"

* 'drm-fixes' of git://people.freedesktop.org/~airlied/linux:
  drm/amdgpu: fix DP mode validation
  drm/radeon: fix DP mode validation
  drm/i915: Bail out of pipe config compute loop on LPT
  drm/radeon: fix PLL sharing on DCE6.1 (v2)
  drm/radeon: fix DP link training issue with second 4K monitor
  Revert "drm/i915: start adding dp mst audio"
  drm/i915/bdw: Add missing delay during L3 SQC credit programming
  drm/i915/lvds: separate border enable readout from panel fitter
  drm/i915: Update CDCLK_FREQ register on BDW after changing cdclk frequency
2016-05-13 09:27:05 -07:00
Linus Torvalds
dc0f2f87ea Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
Pull crypto fix from Herbert Xu:
 "This fixes a bug in the RSA self-test that may cause crashes on some
  architectures such as SPARC"

* 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
  crypto: testmgr - Use kmalloc memory for RSA input
2016-05-13 09:21:31 -07:00
Mark Brown
9689dab30a Merge remote-tracking branches 'regulator/fix/axp20x', 'regulator/fix/da9063', 'regulator/fix/gpio' and 'regulator/fix/s2mps11' into regulator-linus 2016-05-13 11:11:08 +01:00
Mark Brown
2a2cd52190 Merge remote-tracking branches 'regmap/fix/be', 'regmap/fix/doc' and 'regmap/fix/spmi' into regmap-linus 2016-05-13 10:36:10 +01:00
Mark Brown
066a0e0b49 Merge remote-tracking branch 'regmap/fix/mmio' into regmap-linus 2016-05-13 10:36:09 +01:00
Dave Airlie
e02aacb6de Merge branch 'drm-fixes-4.6' of git://people.freedesktop.org/~agd5f/linux into drm-fixes
DP mode validation regression fix.
* 'drm-fixes-4.6' of git://people.freedesktop.org/~agd5f/linux:
  drm/amdgpu: fix DP mode validation
  drm/radeon: fix DP mode validation
2016-05-13 16:03:39 +10:00
Paul Durrant
72eec92acc xen-netback: fix extra_info handling in xenvif_tx_err()
Patch 562abd39 "xen-netback: support multiple extra info fragments
passed from frontend" contained a mistake which can result in an in-
correct number of responses being generated when handling errors
encountered when processing packets containing extra info fragments.
This patch fixes the problem.

Signed-off-by: Paul Durrant <paul.durrant@citrix.com>
Reported-by: Jan Beulich <JBeulich@suse.com>
Cc: Wei Liu <wei.liu2@citrix.com>
Acked-by: Wei Liu <wei.liu2@citrix.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-05-13 01:58:57 -04:00
Alexander Duyck
ed7cbbce54 udp: Resolve NULL pointer dereference over flow-based vxlan device
While testing an OpenStack configuration using VXLANs I saw the following
call trace:

 RIP: 0010:[<ffffffff815fad49>] udp4_lib_lookup_skb+0x49/0x80
 RSP: 0018:ffff88103867bc50  EFLAGS: 00010286
 RAX: ffff88103269bf00 RBX: ffff88103269bf00 RCX: 00000000ffffffff
 RDX: 0000000000004300 RSI: 0000000000000000 RDI: ffff880f2932e780
 RBP: ffff88103867bc60 R08: 0000000000000000 R09: 000000009001a8c0
 R10: 0000000000004400 R11: ffffffff81333a58 R12: ffff880f2932e794
 R13: 0000000000000014 R14: 0000000000000014 R15: ffffe8efbfd89ca0
 FS:  0000000000000000(0000) GS:ffff88103fd80000(0000) knlGS:0000000000000000
 CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
 CR2: 0000000000000488 CR3: 0000000001c06000 CR4: 00000000001426e0
 Stack:
  ffffffff81576515 ffffffff815733c0 ffff88103867bc98 ffffffff815fcc17
  ffff88103269bf00 ffffe8efbfd89ca0 0000000000000014 0000000000000080
  ffffe8efbfd89ca0 ffff88103867bcc8 ffffffff815fcf8b ffff880f2932e794
 Call Trace:
  [<ffffffff81576515>] ? skb_checksum+0x35/0x50
  [<ffffffff815733c0>] ? skb_push+0x40/0x40
  [<ffffffff815fcc17>] udp_gro_receive+0x57/0x130
  [<ffffffff815fcf8b>] udp4_gro_receive+0x10b/0x2c0
  [<ffffffff81605863>] inet_gro_receive+0x1d3/0x270
  [<ffffffff81589e59>] dev_gro_receive+0x269/0x3b0
  [<ffffffff8158a1b8>] napi_gro_receive+0x38/0x120
  [<ffffffffa0871297>] gro_cell_poll+0x57/0x80 [vxlan]
  [<ffffffff815899d0>] net_rx_action+0x160/0x380
  [<ffffffff816965c7>] __do_softirq+0xd7/0x2c5
  [<ffffffff8107d969>] run_ksoftirqd+0x29/0x50
  [<ffffffff8109a50f>] smpboot_thread_fn+0x10f/0x160
  [<ffffffff8109a400>] ? sort_range+0x30/0x30
  [<ffffffff81096da8>] kthread+0xd8/0xf0
  [<ffffffff81693c82>] ret_from_fork+0x22/0x40
  [<ffffffff81096cd0>] ? kthread_park+0x60/0x60

The following trace is seen when receiving a DHCP request over a flow-based
VXLAN tunnel.  I believe this is caused by the metadata dst having a NULL
dev value and as a result dev_net(dev) is causing a NULL pointer dereference.

To resolve this I am replacing the check for skb_dst(skb)->dev with just
skb->dev.  This makes sense as the callers of this function are usually in
the receive path and as such skb->dev should always be populated.  In
addition other functions in the area where these are called are already
using dev_net(skb->dev) to determine the namespace the UDP packet belongs
in.

Fixes: 63058308cd ("udp: Add udp6_lib_lookup_skb and udp4_lib_lookup_skb")
Signed-off-by: Alexander Duyck <aduyck@mirantis.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-05-13 01:56:14 -04:00
Eric Dumazet
b4411457d5 sunrpc: set SOCK_FASYNC
sunrpc is using SOCKWQ_ASYNC_NOSPACE without setting SOCK_FASYNC,
so the recent optimizations done in sk_set_bit() and sk_clear_bit()
broke it.

There is still the risk that a subsequent sock_fasync() call
would clear SOCK_FASYNC, but sunrpc does not use this yet.

Fixes: 9317bb6982 ("net: SOCKWQ_ASYNC_NOSPACE optimizations")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Jiri Pirko <jiri@resnulli.us>
Reported-by: Huang, Ying <ying.huang@intel.com>
Tested-by: Jiri Pirko <jiri@resnulli.us>
Tested-by: Huang, Ying <ying.huang@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-05-13 01:43:52 -04:00
Ingo Molnar
636fa4a7b0 perf/urgent fixes:
User visible:
 
 - Fallback to usermode only counters when perf_event_paranoid > 1, which
   is the case now (Arnaldo Carvalho de Melo)
 
 - Do not reassign parg after collapse_tree() in libtraceevent, which
   may cause tool crashes (Steven Rostedt)
 
 Build fixes:
 
 - Fix the build on Fedora Rawhide, where readdir_r() is deprecated and
   also wrt -Werror=unused-const-variable= + x86_32_regoffset_table on
   !x86_64 (Arnaldo Carvalho de Melo)
 
 - Fix the build on Ubuntu 12.04.5, where dwarf_getlocations() isn't
   available, i.e. libdw-dev < 0.157 (Arnaldo Carvalho de Melo)
 
 Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQIcBAABCAAGBQJXNOELAAoJENZQFvNTUqpAEmcQAJIZePquYNAsnTcRAPcgXjSG
 wdxMK1xlHW8WgPi7OoU6a2Hx04xRtEc8CUsb4mTUa1umAMe7Fp9BCuWZrX2tNAxJ
 y6tn95RkMSxZSbPp9SvSJDLAi7NrOafoblPnsjLw3bpdMTY+ngxhMq2Aftjpz5ai
 Ok3sC3deCYoibSzpxLNkoBPPR7eOhK8wzcVNAvu5mPY0EF9VPpNF+yPs6mW38wBs
 TQtji1X7049bAjxMLeeXcR4Z6x5hhVM6i3U1lB5XSMoqkcQMLFHJze7Fe5VLMc/3
 jtZFZvV79PlAhJtYxlLeuuSjjuaZ6dCSE+87YYAmukup3SMp3sCTvba+7YhWEgEE
 hZEAaHe8eJbSQndhYpY82mV+AQe4dINTgdLBoV1uQ5EUh/KlOaph3MuCb2jMXtVb
 JLROl6wktgFJ75NzkHvix798DtOVyLqa5z0H2h27Jqm2LqrotIn+trXuz6a+0nxP
 aoHsKPyZYytPvZoWHjesIn86iOSCrLN8UGhaQPTIunfO0evlSvEkWtAqU1u4mX+P
 CqDFI4/2dZXnAVBZvk47xsrcxhkvEO63SDv3AIdXvsihYBGJLtaVKT9qfsxyxyqN
 fAy9MghKrPXTRRJP9Z/Fzbycbv/ioiRdnNmj+cgWkPkjqt+lr5Q1V+B9BZhqsWHF
 Fl0GoIr//HFjSk7gSFaN
 =qn4a
 -----END PGP SIGNATURE-----

Merge tag 'perf-urgent-for-mingo-20160512' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux into perf/urgent

Pull perf/urgent fixes from Arnaldo Carvalho de Melo:

- Fallback to usermode-only counters when perf_event_paranoid > 1, which
  is the case now (Arnaldo Carvalho de Melo)

- Do not reassign parg after collapse_tree() in libtraceevent, which
  may cause tool crashes (Steven Rostedt)

- Fix the build on Fedora Rawhide, where readdir_r() is deprecated and
  also wrt -Werror=unused-const-variable= + x86_32_regoffset_table on
  !x86_64 (Arnaldo Carvalho de Melo)

- Fix the build on Ubuntu 12.04.5, where dwarf_getlocations() isn't
  available, i.e. libdw-dev < 0.157 (Arnaldo Carvalho de Melo)

Signed-off-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2016-05-13 07:35:12 +02:00
Linus Torvalds
a2ccb68b1e Merge branch 'akpm' (patches from Andrew)
Merge fixes from Andrew Morton:
 "4 fixes"

* emailed patches from Andrew Morton <akpm@linux-foundation.org>:
  mm: thp: calculate the mapcount correctly for THP pages during WP faults
  ksm: fix conflict between mmput and scan_get_next_rmap_item
  ocfs2: fix posix_acl_create deadlock
  ocfs2: revert using ocfs2_acl_chmod to avoid inode cluster lock hang
2016-05-12 18:44:24 -07:00
Andrea Arcangeli
6d0a07edd1 mm: thp: calculate the mapcount correctly for THP pages during WP faults
This will provide fully accuracy to the mapcount calculation in the
write protect faults, so page pinning will not get broken by false
positive copy-on-writes.

total_mapcount() isn't the right calculation needed in
reuse_swap_page(), so this introduces a page_trans_huge_mapcount()
that is effectively the full accurate return value for page_mapcount()
if dealing with Transparent Hugepages, however we only use the
page_trans_huge_mapcount() during COW faults where it strictly needed,
due to its higher runtime cost.

This also provide at practical zero cost the total_mapcount
information which is needed to know if we can still relocate the page
anon_vma to the local vma. If page_trans_huge_mapcount() returns 1 we
can reuse the page no matter if it's a pte or a pmd_trans_huge
triggering the fault, but we can only relocate the page anon_vma to
the local vma->anon_vma if we're sure it's only this "vma" mapping the
whole THP physical range.

Kirill A. Shutemov discovered the problem with moving the page
anon_vma to the local vma->anon_vma in a previous version of this
patch and another problem in the way page_move_anon_rmap() was called.

Andrew Morton discovered that CONFIG_SWAP=n wouldn't build in a
previous version, because reuse_swap_page must be a macro to call
page_trans_huge_mapcount from swap.h, so this uses a macro again
instead of an inline function. With this change at least it's a less
dangerous usage than it was before, because "page" is used only once
now, while with the previous code reuse_swap_page(page++) would have
called page_mapcount on page+1 and it would have increased page twice
instead of just once.

Dean Luick noticed an uninitialized variable that could result in a
rmap inefficiency for the non-THP case in a previous version.

Mike Marciniszyn said:

: Our RDMA tests are seeing an issue with memory locking that bisects to
: commit 61f5d698cc ("mm: re-enable THP")
:
: The test program registers two rather large MRs (512M) and RDMA
: writes data to a passive peer using the first and RDMA reads it back
: into the second MR and compares that data.  The sizes are chosen randomly
: between 0 and 1024 bytes.
:
: The test will get through a few (<= 4 iterations) and then gets a
: compare error.
:
: Tracing indicates the kernel logical addresses associated with the individual
: pages at registration ARE correct , the data in the "RDMA read response only"
: packets ARE correct.
:
: The "corruption" occurs when the packet crosse two pages that are not physically
: contiguous.   The second page reads back as zero in the program.
:
: It looks like the user VA at the point of the compare error no longer points to
: the same physical address as was registered.
:
: This patch totally resolves the issue!

Link: http://lkml.kernel.org/r/1462547040-1737-2-git-send-email-aarcange@redhat.com
Signed-off-by: Andrea Arcangeli <aarcange@redhat.com>
Reviewed-by: "Kirill A. Shutemov" <kirill@shutemov.name>
Reviewed-by: Dean Luick <dean.luick@intel.com>
Tested-by: Alex Williamson <alex.williamson@redhat.com>
Tested-by: Mike Marciniszyn <mike.marciniszyn@intel.com>
Tested-by: Josh Collier <josh.d.collier@intel.com>
Cc: Marc Haber <mh+linux-kernel@zugschlus.de>
Cc: <stable@vger.kernel.org>	[4.5]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2016-05-12 15:52:50 -07:00
Zhou Chengming
7496fea9a6 ksm: fix conflict between mmput and scan_get_next_rmap_item
A concurrency issue about KSM in the function scan_get_next_rmap_item.

task A (ksmd):				|task B (the mm's task):
					|
mm = slot->mm;				|
down_read(&mm->mmap_sem);		|
					|
...					|
					|
spin_lock(&ksm_mmlist_lock);		|
					|
ksm_scan.mm_slot go to the next slot;	|
					|
spin_unlock(&ksm_mmlist_lock);		|
					|mmput() ->
					|	ksm_exit():
					|
					|spin_lock(&ksm_mmlist_lock);
					|if (mm_slot && ksm_scan.mm_slot != mm_slot) {
					|	if (!mm_slot->rmap_list) {
					|		easy_to_free = 1;
					|		...
					|
					|if (easy_to_free) {
					|	mmdrop(mm);
					|	...
					|
					|So this mm_struct may be freed in the mmput().
					|
up_read(&mm->mmap_sem);			|

As we can see above, the ksmd thread may access a mm_struct that already
been freed to the kmem_cache.  Suppose a fork will get this mm_struct from
the kmem_cache, the ksmd thread then call up_read(&mm->mmap_sem), will
cause mmap_sem.count to become -1.

As suggested by Andrea Arcangeli, unmerge_and_remove_all_rmap_items has
the same SMP race condition, so fix it too.  My prev fix in function
scan_get_next_rmap_item will introduce a different SMP race condition, so
just invert the up_read/spin_unlock order as Andrea Arcangeli said.

Link: http://lkml.kernel.org/r/1462708815-31301-1-git-send-email-zhouchengming1@huawei.com
Signed-off-by: Zhou Chengming <zhouchengming1@huawei.com>
Suggested-by: Andrea Arcangeli <aarcange@redhat.com>
Reviewed-by: Andrea Arcangeli <aarcange@redhat.com>
Cc: Hugh Dickins <hughd@google.com>
Cc: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: Geliang Tang <geliangtang@163.com>
Cc: Minchan Kim <minchan@kernel.org>
Cc: Hanjun Guo <guohanjun@huawei.com>
Cc: Ding Tianhong <dingtianhong@huawei.com>
Cc: Li Bin <huawei.libin@huawei.com>
Cc: Zhen Lei <thunder.leizhen@huawei.com>
Cc: Xishi Qiu <qiuxishi@huawei.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2016-05-12 15:52:50 -07:00
Junxiao Bi
c25a1e0671 ocfs2: fix posix_acl_create deadlock
Commit 702e5bc68a ("ocfs2: use generic posix ACL infrastructure")
refactored code to use posix_acl_create.  The problem with this function
is that it is not mindful of the cluster wide inode lock making it
unsuitable for use with ocfs2 inode creation with ACLs.  For example,
when used in ocfs2_mknod, this function can cause deadlock as follows.
The parent dir inode lock is taken when calling posix_acl_create ->
get_acl -> ocfs2_iop_get_acl which takes the inode lock again.  This can
cause deadlock if there is a blocked remote lock request waiting for the
lock to be downconverted.  And same deadlock happened in ocfs2_reflink.
This fix is to revert back using ocfs2_init_acl.

Fixes: 702e5bc68a ("ocfs2: use generic posix ACL infrastructure")
Signed-off-by: Tariq Saeed <tariq.x.saeed@oracle.com>
Signed-off-by: Junxiao Bi <junxiao.bi@oracle.com>
Cc: Mark Fasheh <mfasheh@suse.de>
Cc: Joel Becker <jlbec@evilplan.org>
Cc: Joseph Qi <joseph.qi@huawei.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2016-05-12 15:52:50 -07:00