test_pages_in_a_zone() does not account for the possibility of missing
sections in the given pfn range. pfn_valid_within always returns 1 when
CONFIG_HOLES_IN_ZONE is not set, allowing invalid pfns from missing
sections to pass the test, leading to a kernel oops.
Wrap an additional pfn loop with PAGES_PER_SECTION granularity to check
for missing sections before proceeding into the zone-check code.
This also prevents a crash from offlining memory devices with missing
sections. Despite this, it may be a good idea to keep the related patch
'[PATCH 3/3] drivers: memory: prohibit offlining of memory blocks with
missing sections' because missing sections in a memory block may lead to
other problems not covered by the scope of this fix.
Signed-off-by: Andrew Banman <abanman@sgi.com>
Acked-by: Alex Thorlton <athorlton@sgi.com>
Cc: Russ Anderson <rja@sgi.com>
Cc: Alex Thorlton <athorlton@sgi.com>
Cc: Yinghai Lu <yinghai@kernel.org>
Cc: Greg KH <greg@kroah.com>
Cc: Seth Jennings <sjennings@variantweb.net>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
m32r allmodconfig was failing with the error:
error: implicit declaration of function 'read'
On checking io.h it turned out that 'read' is not defined but 'readb' is
defined and 'ioread8' will then obviously mean 'readb'.
At the same time some of the helper functions ioreadN_rep() and
iowriteN_rep() were missing which also led to the build failure.
Signed-off-by: Sudip Mukherjee <sudip@vectorindia.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
m32r allmodconfig is failing with:
In file included from ../include/linux/kvm_para.h:4:0,
from ../kernel/watchdog.c:26:
../include/uapi/linux/kvm_para.h:30:26: fatal error: asm/kvm_para.h: No such file or directory
kvm_para.h was not included in the build.
Signed-off-by: Sudip Mukherjee <sudip@vectorindia.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Fix the build warning:
arch/x86/xen/suspend.c: In function 'xen_arch_pre_suspend':
arch/x86/xen/suspend.c:70:9: error: implicit declaration of function 'xen_pv_domain' [-Werror=implicit-function-declaration]
if (xen_pv_domain())
^
Reported-by: kbuild test robot <fengguang.wu@intel.com>
Cc: Sasha Levin <sasha.levin@oracle.com>
Cc: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Cc: David Vrabel <david.vrabel@citrix.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Memory cgroup reclaim can be interrupted with mem_cgroup_iter_break()
once enough pages have been reclaimed, in which case, in contrast to a
full round-trip over a cgroup sub-tree, the current position stored in
mem_cgroup_reclaim_iter of the target cgroup does not get invalidated
and so is left holding the reference to the last scanned cgroup. If the
target cgroup does not get scanned again (we might have just reclaimed
the last page or all processes might exit and free their memory
voluntary), we will leak it, because there is nobody to put the
reference held by the iterator.
The problem is easy to reproduce by running the following command
sequence in a loop:
mkdir /sys/fs/cgroup/memory/test
echo 100M > /sys/fs/cgroup/memory/test/memory.limit_in_bytes
echo $$ > /sys/fs/cgroup/memory/test/cgroup.procs
memhog 150M
echo $$ > /sys/fs/cgroup/memory/cgroup.procs
rmdir test
The cgroups generated by it will never get freed.
This patch fixes this issue by making mem_cgroup_iter avoid taking
reference to the current position. In order not to hit use-after-free
bug while running reclaim in parallel with cgroup deletion, we make use
of ->css_released cgroup callback to clear references to the dying
cgroup in all reclaim iterators that might refer to it. This callback
is called right before scheduling rcu work which will free css, so if we
access iter->position from rcu read section, we might be sure it won't
go away under us.
[hannes@cmpxchg.org: clean up css ref handling]
Fixes: 5ac8fb31ad ("mm: memcontrol: convert reclaim iterator to simple css refcounting")
Signed-off-by: Vladimir Davydov <vdavydov@virtuozzo.com>
Signed-off-by: Johannes Weiner <hannes@cmpxchg.org>
Acked-by: Michal Hocko <mhocko@kernel.org>
Acked-by: Johannes Weiner <hannes@cmpxchg.org>
Cc: <stable@vger.kernel.org> [3.19+]
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
When resizing, it firstly extends the last gd. Once it should backup
super in the gd, it calculates new backup super and update the
corresponding value.
But it currently doesn't consider the situation that the backup super is
already done. And in this case, it still sets the bit in gd bitmap and
then decrease from bg_free_bits_count, which leads to a corrupted gd and
trigger the BUG in ocfs2_block_group_set_bits:
BUG_ON(le16_to_cpu(bg->bg_free_bits_count) < num_bits);
So check whether the backup super is done and then do the updates.
Signed-off-by: Joseph Qi <joseph.qi@huawei.com>
Reviewed-by: Jiufei Xue <xuejiufei@huawei.com>
Reviewed-by: Yiwen Jiang <jiangyiwen@huawei.com>
Cc: Mark Fasheh <mfasheh@suse.de>
Cc: Joel Becker <jlbec@evilplan.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Commit 2a037f310b ("MIPS: VDSO: Fix build error") tries to fix a build
error seen with binutils 2.24 and earlier. However, the fix does not work,
and again results in the already known build errors if the kernel is built
with an earlier version of binutils.
CC arch/mips/vdso/gettimeofday.o
/tmp/ccnOVbHT.s: Assembler messages:
/tmp/ccnOVbHT.s:50: Error: can't resolve `_start' {*UND* section} - `L0 {.text section}
/tmp/ccnOVbHT.s:374: Error: can't resolve `_start' {*UND* section} - `L0 {.text section}
scripts/Makefile.build:258: recipe for target 'arch/mips/vdso/gettimeofday.o' failed
make[2]: *** [arch/mips/vdso/gettimeofday.o] Error 1
Fixes: 2a037f310b ("MIPS: VDSO: Fix build error")
Cc: Qais Yousef <qais.yousef@imgtec.com>
Cc: linux-mips@linux-mips.org
Cc: linux-kernel@vger.kernel.org
Patchwork: https://patchwork.linux-mips.org/patch/11926/
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Propagate the return value of platform_get_irq on failure.
A simplified version of the semantic match that finds the two cases where
no error code is returned at all is as follows:
(http://coccinelle.lip6.fr/)
// <smpl>
@@
identifier ret; expression e1,e2;
@@
(
if (\(ret < 0\|ret != 0\))
{ ... return ret; }
|
ret = 0
)
... when != ret = e1
when != &ret
*if(...)
{
... when != ret = e2
when forall
return ret;
}
// </smpl>
Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
Signed-off-by: David S. Miller <davem@davemloft.net>
Commit 5b48bb8506c5 ("openvswitch: Fix helper reference leak") fixed a
reference leak on helper objects, but inadvertently introduced a leak on
the ct template.
Previously, ct_info.ct->general.use was initialized to 0 by
nf_ct_tmpl_alloc() and only incremented when ovs_ct_copy_action()
returned successful. If an error occurred while adding the helper or
adding the action to the actions buffer, the __ovs_ct_free_action()
cleanup would use nf_ct_put() to free the entry; However, this relies on
atomic_dec_and_test(ct_info.ct->general.use). This reference must be
incremented first, or nf_ct_put() will never free it.
Fix the issue by acquiring a reference to the template immediately after
allocation.
Fixes: cae3a26275 ("openvswitch: Allow attaching helpers to ct action")
Fixes: 5b48bb8506c5 ("openvswitch: Fix helper reference leak")
Signed-off-by: Joe Stringer <joe@ovn.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
dev->nr_luns reports the total number of luns available in a device
while dev->luns_per_chnl is the number of luns per channel.
When multiple channels are available, the offset is calculated from a
channel and lun id into a linear array. As it multiplies with
the total number of luns, we go out of bound when channel id > 0 and
causes the kernel to panic when we read a protected kernel memory area.
Signed-off-by: Matias Bjørling <m@bjorling.me>
Signed-off-by: Jens Axboe <axboe@fb.com>
- A previous patch updated the mlx4 driver to use vmalloc when there was
not enough memory to get a contiguous region large enough for our needs,
so we need kvfree() whenever we free that item. We missed one place,
so fix that now.
- A previous patch added code to match incoming packets against a specific
device, but failed to compensate for devices that have both InfiniBand
and Ethernet ports. Fix that.
- Under certain vlan conditions, the ocrdma driver would fail to bring up
any vlan interfaces and would print out a circular locking failure. Fix
that.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJWgWd5AAoJELgmozMOVy/dxzwP/3cfSifjE7Wp8QxgCw78gov3
Gt2zWDKNQqgAogrykCpivgDm4/CRoNBu3TnWEHl2DwoZhIT71h0H6H0bZr2cUtrv
ywWYiMX1WuR+oRG0gOCkpEuFr5fdGC3ngSNqQXSp+8BkcOCkN7andnU5JE/TXRTp
9g274kogZzYhH7LSxc29y8UFocXvfSywAsJlvpAS370j4OmxxD4EspXm6YJgVp4x
Q8s9xfyQD5sroY8VOH36IY1CvdeDBqplQI6yvr6IJ5AyJy7jt++HywTgfFWTIbgz
KktKC/7KHTPVXzwzOAexn0Ot+e42Yns7zmHaullX+liAyxPljJ844R98IBNlc2Ji
95AWP3YAsT0QOr/C5dchbbRdrPV8nq47sSrUO+mJ5Xb3pKpgMAMPlh/UK/BP40dg
6HsTqpBtNlYl4oILWo6xyxvpsk1w4m/Lad25LNwPc4Jp4BnlXbT/E1UO9FJiN3B3
E62Vo/IBBinhORmnUzUCTEePJ07izX406OZ/mh+6UqkYkiXvZjEDblcptqGQZaC7
Ng/mV3FfrilDm//W5b6/B3pTmwB496YjbALHev9nRS1XDg/gCQsVHpCjp6c5uPEW
qQ8uft4ZITgPX+dhoc4ur0jAygVx1w0dmbMwbCD5/LXpqxMF7BSeb/EslcFmeyzS
YwQq2tw8eZbhNaickM6e
=ePss
-----END PGP SIGNATURE-----
Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma
Pull rdma fixes from Doug Ledford:
"Three late 4.4-rc fixes.
The first two were very small in terms of number of lines, the third
is more lines of change than I like this late in the cycle, but there
are positive test results from Avagotech and from my own test setup
with the target hardware, and given the problem was a 100% failure
case, I sent it through.
- A previous patch updated the mlx4 driver to use vmalloc when there
was not enough memory to get a contiguous region large enough for
our needs, so we need kvfree() whenever we free that item. We
missed one place, so fix that now.
- A previous patch added code to match incoming packets against a
specific device, but failed to compensate for devices that have
both InfiniBand and Ethernet ports. Fix that.
- Under certain vlan conditions, the ocrdma driver would fail to
bring up any vlan interfaces and would print out a circular locking
failure. Fix that"
* tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma:
RDMA/be2net: Remove open and close entry points
RDMA/ocrdma: Depend on async link events from CNA
RDMA/ocrdma: Dispatch only port event when port state changes
RDMA/ocrdma: Fix vlan-id assignment in qp parameters
IB/mlx4: Replace kfree with kvfree in mlx4_ib_destroy_srq
IB/cma: cma_match_net_dev needs to take into account port_num
If null_blk is run in NULL_IRQ_TIMER mode and with queue_mode NULL_Q_RQ,
we need to restart the queue from the hrtimer interrupt. We can't
directly invoke the request_fn from that context, so punt the queue run
to async kblockd context.
Tested-by: Rabin Vincent <rabin@rab.in>
Signed-off-by: Jens Axboe <axboe@fb.com>
We currently only have an inline/sync helper to restart a stopped
queue. If drivers need an async version, they have to roll their
own. Add a generic helper instead.
Signed-off-by: Jens Axboe <axboe@fb.com>
Pull crypto fix from Herbert Xu:
"This fixes a bug in the algif_skcipher interface that can trigger a
kernel WARN_ON from user-space. It does so by using the new skcipher
interface which unlike the previous ablkcipher does not need to create
extra geniv objects which is what was used to trigger the WARN_ON"
* 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
crypto: algif_skcipher - Use new skcipher interface
Pull key handling bugfix from James Morris:
"Fix a race between keyctl_read() and keyctl_revoke()"
* 'for-linus2' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
KEYS: Fix race between read and revoke
Recently Dough Ledford reported a deadlock happening
between ocrdma-load sequence and NetworkManager service
issueing "open" on be2net interface.
The deadlock happens when any be2net hook (e.g. open/close) is called
in parallel to insmod ocrdma.ko.
A. be2net is sending administrative open/close event to ocrdma holding
device_list_mutex. It does this from ndo_open/ndo_stop hooks of be2net.
So sequence of locks is rtnl_lock---> device_list lock
B. When new ocrdma roce device gets registered, infiniband stack now
takes rtnl_lock in ib_register_device() in GID initialization routines.
So sequence of locks in this path is device_list lock ---> rtnl_lock.
This improper locking sequence causes deadlock.
In order to resolve the above deadlock condition, ocrdma intorduced a
patch to stop listening to administrative open/close events generated from
be2net driver. It now depends on link-state-change async-event generated from
CNA. This change leaves behind dead code which used to generate administrative
open/close events. This patch cleans-up all that dead code from be2net.
Reported-by: Doug Ledford <dledford@redhat.com>
CC: Sathya Perla <sathya.perla@avagotech.com>
Signed-off-by: Padmanabh Ratnakar <padmanabh.ratnakar@avagotech.com>
Signed-off-by: Selvin Xavier <selvin.xavier@avagotech.com>
Signed-off-by: Devesh Sharma <devesh.sharma@avagotech.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
Recently Dough Ledford reported a deadlock happening
between ocrdma-load sequence and NetworkManager service
issuing "open" on be2net interface.
The deadlock happens when any be2net hook (e.g. open/close) is called
in parallel to insmod ocrdma.ko.
A. be2net is sending administrative open/close event to ocrdma holding
device_list_mutex. It does this from ndo_open/ndo_stop hooks of be2net.
So sequence of locks is rtnl_lock---> device_list lock
B. When new ocrdma roce device gets registered, infiniband stack now
takes rtnl_lock in ib_register_device() in GID initialization routines.
So sequence of locks in this path is device_list lock ---> rtnl_lock.
This improper locking sequence causes deadlock.
With this patch we stop using administrative open and close events
injected by be2net driver. These events were used to dispatch PORT_ACTIVE
and PORT_ERROR events to the IB-stack. This patch implements a logic
to receive async-link-events generated from CNA whenever link-state-change
is detected. Now on, these async-events will be used to dispatch
PORT_ACTIVE and PORT_ERROR events to IB-stack.
Depending on async-events from CNA removes the need to hold device-list-mutex
and thus breaks the busy-wait scenario.
Reported-by: Doug Ledford <dledford@redhat.com>
CC: Sathya Perla <sathya.perla@avagotech.com>
Signed-off-by: Padmanabh Ratnakar <padmanabh.ratnakar@avagotech.com>
Signed-off-by: Selvin Xavier <selvin.xavier@avagotech.com>
Signed-off-by: Devesh Sharma <devesh.sharma@avagotech.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
Dispatch only port event to IB stack when port state changes.
Don't explicitly modify qps to error. Let application listen to
port events on async event queue or let QP fail with retry-exceeded
completion error.
Signed-off-by: Padmanabh Ratnakar <padmanabh.ratnakar@avagotech.com>
Signed-off-by: Devesh Sharma <devesh.sharma@avagotech.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
vlan-id is wrongly getting as 0 when PFC is enabled.
Set vlan-id configured by user in QP parameters.
In case vlan interface is not used, flash a warning to
user to configure vlan and assign vlan-id as 0 in qp params.
Fixes: dbf727de74 ('IB/core: Use GID table in AH creation and dmac resolution')
Cc: Matan Barak <matanb@mellanox.com>
Signed-off-by: Devesh Sharma <devesh.sharma@avagotech.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
Accepted or peeled off sockets were missing a security label (e.g.
SELinux) which means that socket was in "unlabeled" state.
This patch clones the sock's label from the parent sock and resolves the
issue (similar to AF_BLUETOOTH protocol family).
Cc: Paul Moore <pmoore@redhat.com>
Cc: David Teigland <teigland@redhat.com>
Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Acked-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Commit cacc062152 ("sctp: use GFP_USER for user-controlled kmalloc")
missed two other spots.
For connectx, as it's more likely to be used by kernel users of the API,
it detects if GFP_USER should be used or not.
Fixes: cacc062152 ("sctp: use GFP_USER for user-controlled kmalloc")
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Pull MIPS fixes from Ralf Baechle:
- Fix bitrot in __get_user_unaligned()
- EVA userspace accessor bug fixes.
- Fix for build issues with certain toolchains.
- Fix build error for VDSO with particular toolchain versions.
- Fix build error due to a variable that should have been removed by an
earlier patch
* 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus:
MIPS: Fix bitrot in __get_user_unaligned()
MIPS: Fix build error due to unused variables.
MIPS: VDSO: Fix build error
MIPS: CPS: drop .set mips64r2 directives
MIPS: uaccess: Take EVA into account in [__]clear_user
MIPS: uaccess: Take EVA into account in __copy_from_user()
MIPS: uaccess: Fix strlen_user with EVA
A handful of fixes for OMAP, i.MX, Allwinner and Tegra:
- A clock rate and a PHY setup fix for i.MX6Q/DL
- A couple of fixes for the reduced serial bus (sunxi-rsb) on Allwinner
- UART wakeirq fix for an OMAP4 board, timer config fixes for AM43XX.
- Suspend fix for Tegra124 Chromebooks
- Fix for missing implicit include that's different between ARM/ARM64
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJWgDAQAAoJEIwa5zzehBx3muAP/RJD+oERDw/XiBSCl4k4kvTZ
M4ep2ExO/GPXewKXyK7rlbNWMitBwttdT5OmXuuxT7BA/ODAGk90uvZSebIHRxkh
bqnt+3njeR3M6FrTp6Np+yCh3I0hLYJoRInV3Vh8XQcml0LobIIq2BbdahIg/2JO
sSDLAzJSR15CfnnKOSexvfRFoslLaKG0ffbxmR32HiMgnbq8ZfkRr7fANsrXTzoX
oHxEV0uQXBY0d1TQ71rT/4KdTKN9QsdJI6xAjUGH95MYu+ZE0DEnW/wodd/f4e+p
dyV+qoS2LHJnhYgJho3r19icM0iyNRm0Yt0GqP7ERN/y5GGa41slE9eThMG7WQ4h
Ot5DEF2GmP7tSYhp4pqEeLqHnfou9+WzxxNP6wxGceqlg9EPuPRtzdCPStZYW4rD
6+SQCvFs0vHZlEbbAfQLhRgDpvr9enGjCcWm6ntUcgwxFy0CPmRV9g5gIeipZOwi
QfJM233tudUkDQxJYrCEgKxHy3a7T3K9LgYMM0VO1JRAEpaPIBmxZ0A+Y84WJbTE
7r+r3eDC8RFF3bLbNRb/Ogt5OHOQUdElhRXcyz/BYA/X4HOT4wyVNM12aBlmW9uN
aDB4HWE2lKV/h2pxWRR1Hem1NHYRUpcdVzkwRvncDHnxCAmb82BE2x1Ub3+fqa0v
f0eO7GjUDRdPsQXn0zZn
=kNRV
-----END PGP SIGNATURE-----
Merge tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc
Pull ARM SoC fixes from Olof Johansson:
"A smallish set of fixes that we've been sitting on for a while now,
flushing the queue here so they go in. Summary:
A handful of fixes for OMAP, i.MX, Allwinner and Tegra:
- A clock rate and a PHY setup fix for i.MX6Q/DL
- A couple of fixes for the reduced serial bus (sunxi-rsb) on
Allwinner
- UART wakeirq fix for an OMAP4 board, timer config fixes for AM43XX.
- Suspend fix for Tegra124 Chromebooks
- Fix for missing implicit include that's different between
ARM/ARM64"
* tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc:
ARM: tegra: Fix suspend hang on Tegra124 Chromebooks
bus: sunxi-rsb: Fix peripheral IC mapping runtime address
bus: sunxi-rsb: Fix primary PMIC mapping hardware address
ARM: dts: Fix UART wakeirq for omap4 duovero parlor
ARM: OMAP2+: AM43xx: select ARM TWD timer
ARM: OMAP2+: am43xx: enable GENERIC_CLOCKEVENTS_BROADCAST
fsl-ifc: add missing include on ARM64
ARM: dts: imx6: Fix Ethernet PHY mode on Ventana boards
ARM: dts: imx: Fix the assigned-clock mismatch issue on imx6q/dl
bus: sunxi-rsb: unlock on error in sunxi_rsb_read()
ARM: dts: sunxi: sun6i-a31s-primo81.dts: add touchscreen axis swapping property
- Fix a thermal management issue introduced by an ACPI processor
driver change made during the 4.3 development cycle that failed
to return 0 from a function on success which triggered an error
cleanup path every time it had been called that deleted useful
data structures created previously (Srinivas Pandruvada).
- Fix a variable data type issue in the arm_big_little cpufreq
driver's SCPI support code added recently that prevents error
handling in there from working correctly (Dan Carpenter).
/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAABCAAGBQJWfw6ZAAoJEILEb/54YlRx77gQAIvjyqOhl/r/mRHsYuOvgh/G
wjpgg93K+/95auN+qldD24h228eBP3y/QEJK/aO5ZATXHXOmkBU5vEXIGzWx6bph
BZUMWsY4h/hY86tUrWrJTMkYe8HXvxZnZZ1QUtxz/+XpoaqRvl+X0v0ERcW/RWsC
04zX9cNKWZd6ya7aDZJPEDC7R2JkvD1Ok/LCwPWVQf/M0k+kv2n9LeZ8IglMigjI
9/Qy7vh0ybcqgXYPAVOPrEOQT5+jqpQ0VB6nqeDJAym7NALxYQGUq09uBfXGm/Bd
AKhXBqiR12A4PlslwMGRTFj7YVTsm+tNP1uJNQ1jXmMAnKPURdm0OAfEUj3FQlpd
1JXcqZv5UdMnoh9XIPkEMvnNUKWCr43OZieRVJxQJb/vszRxcANRO7hSERopCEg5
imnT/MgcezIpydYIgD2t1TXE14vmBszOehcP5MBW8a9EoiRHR2rvqM2/GymJPaEo
IMNqodEffXQPmDrdtrn4T8Av2RTHyYNldr8c9TENUETxucY72hOYSSjrwI5ALHMm
u83z2ZdhiPAw3LYqF3azx1wsr+hUrA36H/8ATuE0gJNdQwhO/m1iChQaG3QYG1iZ
7y9HRA16tJhu8hCYWjtQeZ9PN8MpZA9nh0WNYnymImN6icEAzNwe83OGWJi2tpTm
kbvt2QkdTDBZDlPX6VP1
=s+R5
-----END PGP SIGNATURE-----
Merge tag 'pm+acpi-4.4-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
Pull power management and ACPI fixes from Rafael Wysocki:
"These fix an ACPI processor driver regression introduced during the
4.3 cycle and a mistake in the recently added SCPI support in the
arm_big_little cpufreq driver.
Specifics:
- Fix a thermal management issue introduced by an ACPI processor
driver change made during the 4.3 development cycle that failed to
return 0 from a function on success which triggered an error
cleanup path every time it had been called that deleted useful data
structures created previously (Srinivas Pandruvada).
- Fix a variable data type issue in the arm_big_little cpufreq
driver's SCPI support code added recently that prevents error
handling in there from working correctly (Dan Carpenter)"
* tag 'pm+acpi-4.4-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
cpufreq: scpi-cpufreq: signedness bug in scpi_get_dvfs_info()
ACPI / processor: Fix thermal cooling device regression
Fix a regression which causes reshape to not start properly
sometimes.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAABCAAGBQJWe2M0AAoJEDnsnt1WYoG5NmEQAIUUMJ632WW98bWzWiuD3tWe
698jML87O/5JZ796RPF2xVmYqQsJXj8i0157/ncHhmxnszI+yu7iHMnbt5LEesOG
5/p4dnKXxjao6NnTFHdIWT4SAamj9KsLDb9M+ZCkYZIHJpeNC8uLO7mZB5cszOuy
rXC5WLs4s4GrkZirnUlYLux89ZG7Xwp/1K7ccYrilbCJGk3mDqk/cLO2Jid6wUHD
QbK2gw1sg2TK8jy5RX3+BMnk46P/Tlp061eoBjyHeI5oJZiwHuHQKbJ236py7u/k
erjpfzrWNddrqbsBzVf1xw56KwvxpGoivvXLn4gGDogfeZ0eKarG5PrZ3zN9K6Ij
gIz1gfIwZYq4N+46wDJpdG+By4tg8BGYzn8YiEHnI8Ouvfts85i/KdmfeeUBQEv1
sk7yC75duKQOL5xyEPBorouVb/5C5sUpYl8c4B0F+baRYfh+aepD5Jn40dWTzvUC
eA65NFuvSOe7IYpNdzQZOzcwxLMu4gLqQOpoAzmVJI6s9NLA+f+EHhpHNuTqwWbm
G5mwnnFyZiwN21AC+ix+Otr/7+WIRvblmcuNqqk/t5QX0yGIGIvykBN1YQ10Cstk
f2RHGZCtcl0vOhyFwXm4j5rpinkJLoDMU14G1hAYGRJMvItuuDDeG+Vl9KaxKPtE
t7owWN5Tam5WsQd3qZ+y
=koo+
-----END PGP SIGNATURE-----
Merge tag 'md/4.4-rc6-fix' of git://neil.brown.name/md
Pull md bugfix from Neil Brown:
"One more md fix for 4.4-rc
Fix a regression which causes reshape to not start properly sometimes"
* tag 'md/4.4-rc6-fix' of git://neil.brown.name/md:
md: remove check for MD_RECOVERY_NEEDED in action_store.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAABAgAGBQJWenfTAAoJEEtJtSqsAOnWmYwQAMd4R4/OwBvNgKKYyBW4D/yv
wku0ToGnmdcJ6d85eHuMVSwx/5ATAdom4W12LVxyifA4UxF2OkwMnU/hQEYFsAXJ
gWv4O9Hj6d+hv4EVMRvH5/Q9Oqp8cMDyM9GcbR6vJ6jDWn9KM6VXnaydvpWmGgLN
Zi+0YJIgHENuieQ66VNVUT+WdQ2DgkUEdZBNc5YaRGbzBrCzGF4tATWw1rZ8P0v2
tRtcY0NykoCkxRnnsa/RQfuojkzAB2vVFRl2iFg2//5rkFjo/zFyGal/VPl8hSyk
frZgZUiJRo0AEr4eZGSPc3IRliKqtdFdVrNaxIqwzG5R7YCDHjmuNq4FlLGvXpkt
xf6WgIxNrtfXMVLBizHHy5QivcsHLxW0TKq+oFQymO0L8D3IoU/9zBXLS1TcvCxL
cLn3SqxG/b7MWsq6PfVl2jI338O0uJhKAvnWhj9HsH4tgnP7Bfkn6RF8Dwy6HtJ9
SIerXqjnkw9R1KydOrVFRm4bJ4M6VxI8G/+CiUpQuSgihWvrjgqQ6HXc/nAPRGUt
6nasEuDWa4lIujACNQjgT+TgsLhiuERllI5aA0zp8LlP2jwxGFtDsAD7eaubQ7TM
xazdglGJoIDh7C+CdZBmG070uWgQlNNb5CEWrc3cF4OAmTHvXgpYv04EWpiAVec7
2j7u2+zqHGhjQ29KEJac
=84oS
-----END PGP SIGNATURE-----
Merge tag 'upstream-4.4-rc7' of git://git.infradead.org/linux-ubifs
Pull UBI bug fixes from Richard Weinberger:
"This contains four bug fixes for UBI"
* tag 'upstream-4.4-rc7' of git://git.infradead.org/linux-ubifs:
mtd: ubi: don't leak e if schedule_erase() fails
mtd: ubi: fixup error correction in do_sync_erase()
UBI: fix use of "VID" vs. "EC" in header self-check
UBI: fix return error code
with ftrace enabled. With some investigation it was discovered that it
was his compile setup. He was using ccache with hard links, which allowed
recordmcount to process the same .o twice. When this happens, recordmcount
will detect that it was already done and give a warning about it.
Russell fixed this by having recordmcount detect that the object file
has more than one hard link, and if it does, it unlinks the object file
after it maps it and processes then. This appears to fix the issue.
As you did not like the fact that recordmcount modified the file in place
and thought that it should do the modifications in memory and then write
it out to disk and move it over the old file to prevent other more subtle
issues like the one above, a second patch is added on top of Russell's to
do just that. Luckily the original code had write and lseek wrappers that
I was able to modify to not do inplace writes, but simply keep track
of the changes made in memory. When a write is made, a "update" flag is
set, and at the end of processing, if the update is set, then it writes
the file with changes out to a new file, and then renames it over the
original one.
The file descriptor is still passed to the write and lseek wrappers because
removing that would cause the change to be more intrusive. That can be
removed in a follow up cleanup patch that can wait till the next merge
window.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJWerqKAAoJEKKk/i67LK/80W0H/jbzBL4siTTenA0eZLmsxT8k
nbAM4fpdylpqUc6ku3QwjqqvbYxaLhiQsDtsVgXEoV7eelDgBedOSvCCrpZXn5co
y1VEunRfOIWMKLmoAdFUagWxdX25Pu9V6g74kdUwaiNnMtCy7+Ds7x8OwqASyd7t
e1WAhQ63ovslN88hHpkQVxCApYaocyPgU1lysBpN9dmvUS7Vkt/Bl4xhlVclnQKS
3QbPWXtS/alCOOYj/Fa71Lfi2GhDx41Z6KPq6hFgph//oPHOSIvceNnimfT+ejjw
1dKzM5EN386PhF3R27P+I0ovXnLNlCKmMZQUCUvlU/CjOOHHcIQNj8WHw9XB20k=
=5TS2
-----END PGP SIGNATURE-----
Merge tag 'trace-v4.4-rc4-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace
Pull ftrace/recordmcount fix from Steven Rostedt:
"Russell King was reporting lots of warnings when he compiled his
kernel with ftrace enabled. With some investigation it was discovered
that it was his compile setup. He was using ccache with hard links,
which allowed recordmcount to process the same .o twice. When this
happens, recordmcount will detect that it was already done and give a
warning about it.
Russell fixed this by having recordmcount detect that the object file
has more than one hard link, and if it does, it unlinks the object
file after it maps it and processes then. This appears to fix the
issue.
As you did not like the fact that recordmcount modified the file in
place and thought that it should do the modifications in memory and
then write it out to disk and move it over the old file to prevent
other more subtle issues like the one above, a second patch is added
on top of Russell's to do just that. Luckily the original code had
write and lseek wrappers that I was able to modify to not do inplace
writes, but simply keep track of the changes made in memory. When a
write is made, a "update" flag is set, and at the end of processing,
if the update is set, then it writes the file with changes out to a
new file, and then renames it over the original one.
The file descriptor is still passed to the write and lseek wrappers
because removing that would cause the change to be more intrusive.
That can be removed in a follow up cleanup patch that can wait till
the next merge window"
* tag 'trace-v4.4-rc4-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
ftrace/scripts: Have recordmcount copy the object file
scripts: recordmcount: break hardlinks
- Unwinder rework (A revert followed by better fix)
- Build errors: MMUv2, modules with -Os
- highmem section mismatch build splat
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJWfjpNAAoJEGnX8d3iisJeC08P+wRkkvtK0R5iZPqfTdSUaxFz
CYoVM8mAMF+non+b7a4bWHChDJ+HlHxqsQWbq2A/EsET/TOXmnr28KquC/qfplwd
p2I38xxsCSHK0hU1+x47VdxZdtO5VNdp+fsq7CQbHLUwg9TMCK4t8OpslrA3IbOG
W+YlHQ+7Wwgu1GbHhWOHDTPb/yqX0WByX211HomURlo9Ppi3Xv3W6xK7uGn0wUxS
DKp0pEWhLs8UQh6zGAf3zFJVjuuWpJHwAoXmQgfEeXYkA/ZOBCEh8sf+/fFZMxuK
RAItN1ZTV3HwIYh3ykJyap877MBksb7nsCE5R0l+LQW0nV485omfJgWvo2hFUL5D
Nrr93bcu8msn/mKfYtBaaQdohwlGsNY5GFaRGEv6TgKZWifFX+uUOBnZnbr2RLvn
3/cDeeK/24sYvxaHGvBs3tjnJkwWPpofr9ZHCnQT+X8MgxjHQhcBesDq/8lb90m6
G2RRqXQomdKkMBacejpKyvnulTEwMrU9itpxyIT7wfxCVGKxfdWHNHLW8KNtXsDn
02Ae7XUyuciV6RIF9lXyGa+I73T/4/ut02b4Qq7PrdfLQucwZKjIQ9nj1Om9+taV
1nSdm+VttO/Nqu2PoMKluxNHBpS1kxzEVFZWa/mXfFs+qmwRMLyKqjz0Tog+hBCv
O7951Yzp3J88HTQIwUMD
=h2pT
-----END PGP SIGNATURE-----
Merge tag 'arc-4.4-rc7-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc
Pull ARC fixes from Vineet Gupta:
"Sorry for this late pull request, but these are all important fixes
for code introduced/updated in this release which we will otherwise
end up back porting.
- Unwinder rework (A revert followed by better fix)
- Build errors: MMUv2, modules with -Os
- highmem section mismatch build splat"
* tag 'arc-4.4-rc7-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc:
ARC: dw2 unwind: Catch Dwarf SNAFUs early
ARC: dw2 unwind: Don't bail for CIE.version != 1
Revert "ARC: dw2 unwind: Ignore CIE version !=1 gracefully instead of bailing"
ARC: Fix linking errors with CONFIG_MODULE + CONFIG_CC_OPTIMIZE_FOR_SIZE
ARC: mm: fix building for MMU v2
ARC: mm: HIGHMEM: Fix section mismatch splat
Pull parisc system call restart fix from Helge Deller:
"The architectural design of parisc always uses two instructions to
call kernel syscalls (delayed branch feature). This means that the
instruction following the branch (located in the delay slot of the
branch instruction) is executed before control passes to the branch
destination.
Depending on which assembler instruction and how it is used in
usersapce in the delay slot, this sometimes made restarted syscalls
like futex() and poll() failing with -ENOSYS"
* 'parisc-4.4-4' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux:
parisc: Fix syscall restarts
Pull sparc fixes from David Miller:
1) Finally make perf stack backtraces stable on sparc, several problems
(mostly due to the context in which the user copies from the stack
are done) contributed to this.
From Rob Gardner.
2) Export ADI capability if the cpu supports it.
3) Hook up userfaultfd system call.
4) When faults happen during user copies we really have to clean up and
restore the FPU state fully. Also from Rob Gardner
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc:
tty/serial: Skip 'NULL' char after console break when sysrq enabled
sparc64: fix FP corruption in user copy functions
sparc64: Perf should save/restore fault info
sparc64: Ensure perf can access user stacks
sparc64: Don't set %pil in rtrap_nmi too early
sparc64: Add ADI capability to cpu capabilities
tty: serial: constify sunhv_ops structs
sparc: Hook up userfaultfd system call
When sysrq is triggered from console, serial driver for SUN hypervisor
console receives a console break and enables the sysrq. It expects a valid
sysrq char following with break. Meanwhile if driver receives 'NULL'
ASCII char then it disables sysrq and sysrq handler will never be invoked.
This fix skips calling uart sysrq handler when 'NULL' is received while
sysrq is enabled.
Signed-off-by: Vijay Kumar <vijay.ac.kumar@oracle.com>
Acked-by: Karl Volz <karl.volz@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Short story: Exception handlers used by some copy_to_user() and
copy_from_user() functions do not diligently clean up floating point
register usage, and this can result in a user process seeing invalid
values in floating point registers. This sometimes makes the process
fail.
Long story: Several cpu-specific (NG4, NG2, U1, U3) memcpy functions
use floating point registers and VIS alignaddr/faligndata to
accelerate data copying when source and dest addresses don't align
well. Linux uses a lazy scheme for saving floating point registers; It
is not done upon entering the kernel since it's a very expensive
operation. Rather, it is done only when needed. If the kernel ends up
not using FP regs during the course of some trap or system call, then
it can return to user space without saving or restoring them.
The various memcpy functions begin their FP code with VISEntry (or a
variation thereof), which saves the FP regs. They conclude their FP
code with VISExit (or a variation) which essentially marks the FP regs
"clean", ie, they contain no unsaved values. fprs.FPRS_FEF is turned
off so that a lazy restore will be triggered when/if the user process
accesses floating point regs again.
The bug is that the user copy variants of memcpy, copy_from_user() and
copy_to_user(), employ an exception handling mechanism to detect faults
when accessing user space addresses, and when this handler is invoked,
an immediate return from the function is forced, and VISExit is not
executed, thus leaving the fprs register in an indeterminate state,
but often with fprs.FPRS_FEF set and one or more dirty bits. This
results in a return to user space with invalid values in the FP regs,
and since fprs.FPRS_FEF is on, no lazy restore occurs.
This bug affects copy_to_user() and copy_from_user() for NG4, NG2,
U3, and U1. All are fixed by using a new exception handler for those
loads and stores that are done during the time between VISEnter and
VISExit.
n.b. In NG4memcpy, the problematic code can be triggered by a copy
size greater than 128 bytes and an unaligned source address. This bug
is known to be the cause of random user process memory corruptions
while perf is running with the callgraph option (ie, perf record -g).
This occurs because perf uses copy_from_user() to read user stacks,
and may fault when it follows a stack frame pointer off to an
invalid page. Validation checks on the stack address just obscure
the underlying problem.
Signed-off-by: Rob Gardner <rob.gardner@oracle.com>
Signed-off-by: Dave Aldridge <david.j.aldridge@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
There have been several reports of random processes being killed with
a bus error or segfault during userspace stack walking in perf. One
of the root causes of this problem is an asynchronous modification to
thread_info fault_address and fault_code, which stems from a perf
counter interrupt arriving during kernel processing of a "benign"
fault, such as a TSB miss. Since perf_callchain_user() invokes
copy_from_user() to read user stacks, a fault is not only possible,
but probable. Validity checks on the stack address merely cover up the
problem and reduce its frequency.
The solution here is to save and restore fault_address and fault_code
in perf_callchain_user() so that the benign fault handler is not
disturbed by a perf interrupt.
Signed-off-by: Rob Gardner <rob.gardner@oracle.com>
Signed-off-by: Dave Aldridge <david.j.aldridge@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
When an interrupt (such as a perf counter interrupt) is delivered
while executing in user space, the trap entry code puts ASI_AIUS in
%asi so that copy_from_user() and copy_to_user() will access the
correct memory. But if a perf counter interrupt is delivered while the
cpu is already executing in kernel space, then the trap entry code
will put ASI_P in %asi, and this will prevent copy_from_user() from
reading any useful stack data in either of the perf_callchain_user_X
functions, and thus no user callgraph data will be collected for this
sample period. An additional problem is that a fault is guaranteed
to occur, and though it will be silently covered up, it wastes time
and could perturb state.
In perf_callchain_user(), we ensure that %asi contains ASI_AIUS
because we know for a fact that the subsequent calls to
copy_from_user() are intended to read the user's stack.
[ Use get_fs()/set_fs() -DaveM ]
Signed-off-by: Rob Gardner <rob.gardner@oracle.com>
Signed-off-by: Dave Aldridge <david.j.aldridge@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Commit 28a1f53 delays setting %pil to avoid potential
hardirq stack overflow in the common rtrap_irq path.
Setting %pil also needs to be delayed in the rtrap_nmi
path for the same reason.
Signed-off-by: Rob Gardner <rob.gardner@oracle.com>
Signed-off-by: Dave Aldridge <david.j.aldridge@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Add ADI (Application Data Integrity) capability to cpu capabilities list.
ADI capability allows virtual addresses to be encoded with a tag in
bits 63-60. This tag serves as an access control key for the regions
of virtual address with ADI enabled and a key set on them. Hypervisor
encodes this capability as "adp" in "hwcap-list" property in machine
description.
Signed-off-by: Khalid Aziz <khalid.aziz@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Constifies sunhv_ops structures in tty's serial
driver since they are not modified after their
initialization.
Detected and found using Coccinelle.
Suggested-by: Julia Lawall <Julia.Lawall@lip6.fr>
Signed-off-by: Aya Mahfouz <mahfouz.saif.elyazal@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
In the original code, if we succeeded on the last iteration through the
loop then we still returned failure.
Fixes: 389e4e04ad ('qlcnic: fix a timeout loop')
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
NCM buffer sizes are negotiated with the device independently of
the network device MTU. The RX buffers are allocated by the
usbnet framework based on the rx_urb_size value set by cdc_ncm. A
single RX buffer can hold a number of MTU sized packets.
The default usbnet change_mtu ndo only modifies rx_urb_size if it
is equal to hard_mtu. And the cdc_ncm driver will set rx_urb_size
and hard_mtu independently of each other, based on dwNtbInMaxSize
and dwNtbOutMaxSize respectively. It was therefore assumed that
usbnet_change_mtu() would never touch rx_urb_size. This failed to
consider the case where dwNtbInMaxSize and dwNtbOutMaxSize happens
to be equal.
Fix by implementing an NCM specific change_mtu ndo, modifying the
netdev MTU without touching the buffer size settings.
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: David S. Miller <davem@davemloft.net>
Currently the needed_headroom field for the geneve device is left
to the default value.
This patch set it to space required for basic geneve encapsulation,
so that we can avoid the skb head re-allocation on xmit.
This give a 6% speedup for unsegment traffic on geneve tunnel.
v1 -> v2:
- add ETH_HLEN for the lower device to the needed headroom
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Acked-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Marc Haber reported we don't honor interface indexes when we receive link
local router addresses in router advertisements. Luckily the non-strict
version of ipv6_chk_addr already does the correct job here, so we can
simply use it to lighten the checks and use those addresses by default
without any configuration change.
Link: <http://permalink.gmane.org/gmane.linux.network/391348>
Reported-by: Marc Haber <mh+netdev@zugschlus.de>
Cc: Marc Haber <mh+netdev@zugschlus.de>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
The "domain" variable needs to be signed for the error handling to work.
Fixes: 8def31034d (cpufreq: arm_big_little: add SCPI interface driver)
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Viresh Kumar <viresh.kumar@linaro.org>
Acked-by: Sudeep Holla <sudeep.holla@arm.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
After hooking up system call, userfaultfd selftest was successful for
both 32 and 64 bit version of test.
Signed-off-by: Mike Kravetz <mike.kravetz@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This shouldn't be a nightmare before Christmas: just a handful
small device-specific fixes for various ASoC and HD-audio drivers.
Most of them are stable fixes.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAABCAAGBQJWeq2LAAoJEGwxgFQ9KSmkxpsQAIhERdXPVKSM6WhBA45lsblD
2dqfxGCpCw0ta0GEWuvZODxDk3N21LQ+OMH4NWnS//qYATIaQMAq1d1/gGF7IibZ
8HpHxtbHknGrzcdDhG1M2hWLQbl2psyz8CvPJ8GuGt9BSEEMLu2oCxdovvqMEanz
WFW06622XO52+giH+lelqBtS/yIypUuovEx96wiwKUX0pKqzPBlS1+fBjIxiQGx6
aEuD1wdjRwlP+P7UjrrpaNy+b7BVlodVRrOVFQzs+MouAhpoyumzD1IM4bmL65ra
1M3WYbsgYmoCTpsQGBl2BAarc1AJRaJvDoRSd+b/7gqroLjrUIldLMlqm3AQSlP8
a7+VSsIgtmrvYv2GM8B0N17av2+vY2TdE/Uf9znlz0SyMm6fiKqfjSUQWUq5sqFr
fGYdZWv513afeiQIYA31FPX3wQKd32EQzfeP/No+hjwitzZ15q+NHylZnSySL13G
Rm824cCAKrte8OZjgSIxOrFDpZj2/6Qk8kmT+dOnjIGBxn/k8ALKt7UY48TBMzKI
jvHIFEPXitIx5RZhjvWNa3mn0mveWZ69YXJsAXxZGL6W4/bBoEh/MbXgMKwwvaTo
nbDssWg/w1TfsgWxC3nFb0iso/8L1kH7bU9397kJ5vtIygj8fdSUZr4FyqZFKAN4
XuQ/WlEk1vj8GIfbFWdG
=z4qE
-----END PGP SIGNATURE-----
Merge tag 'sound-4.4-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound
Pull sound fixes from Takashi Iwai:
"This shouldn't be a nightmare before Christmas: just a handful small
device-specific fixes for various ASoC and HD-audio drivers. Most of
them are stable fixes"
* tag 'sound-4.4-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
ALSA: hda/realtek - Fix silent headphone output on MacPro 4,1 (v2)
ASoC: fsl_sai: fix no frame clk in master mode
ALSA: hda - Set SKL+ hda controller power at freeze() and thaw()
ASoC: sgtl5000: fix VAG power up timing
ASoC: rockchip: spdif: Set transmit data level to 16 samples
ASoC: wm8974: set cache type for regmap
ASoC: es8328: Fix shifts for mixer switches
ASoC: davinci-mcasp: Fix XDATA check in mcasp_start_tx
ASoC: es8328: Fix deemphasis values
Pull i915 drm fixes from Jani Nikula:
"Here's a batch of i915 fixes all around. It may be slightly bigger
than one would hope for at this stage, but they've all been through
testing in our -next before being picked up for v4.4. Also, I missed
Dave's fixes pull earlier today just because I wanted an extra testing
round on this. So I'm fairly confident.
Wishing you all the things it is customary to wish this time of the
year"
* tag 'drm-intel-fixes-2015-12-23' of git://anongit.freedesktop.org/drm-intel:
drm/i915: Correct max delay for HDMI hotplug live status checking
drm/i915: mdelay(10) considered harmful
drm/i915: Kill intel_crtc->cursor_bo
drm/i915: Workaround CHV pipe C cursor fail
drm/i915: Only spin whilst waiting on the current request
drm/i915: Limit the busy wait on requests to 5us not 10ms!
drm/i915: Break busywaiting for requests on pending signals
drm/i915: Disable primary plane if we fail to reconstruct BIOS fb (v2)
drm/i915: Set the map-and-fenceable flag for preallocated objects
drm/i915: Drop the broken cursor base==0 special casing