Commit Graph

589074 Commits

Author SHA1 Message Date
Paolo Bonzini 14ebda3394 KVM: x86: reduce default value of halt_poll_ns parameter
Windows lets applications choose the frequency of the timer tick,
and in Windows 10 the maximum rate was changed from 1024 Hz to
2048 Hz.  Unfortunately, because of the way the Windows API
works, most applications who need a higher rate than the default
64 Hz will just do

   timeGetDevCaps(&tc, sizeof(tc));
   timeBeginPeriod(tc.wPeriodMin);

and pick the maximum rate.  This causes very high CPU usage when
playing media or games on Windows 10, even if the guest does not
actually use the CPU very much, because the frequent timer tick
causes halt_poll_ns to kick in.

There is no really good solution, especially because Microsoft
could sooner or later bump the limit to 4096 Hz, but for now
the best we can do is lower a bit the upper limit for
halt_poll_ns. :-(

Reported-by: Jon Panozzo <jonp@lime-technology.com>
Cc: stable@vger.kernel.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-04-01 12:10:10 +02:00
Paolo Bonzini a2b5c3c0c8 KVM: Hyper-V: do not do hypercall userspace exits if SynIC is disabled
If SynIC is disabled, there is nothing that userspace can do to
handle these exits; on the other hand, userspace probably will
not know about KVM_EXIT_HYPERV_HCALL and complain about it or
even exit.  Just prevent anything bad from happening by handling
the hypercall in KVM and returning an "invalid hypercall" code.

Fixes: 83326e43f2
Cc: Andrey Smetanin <irqlevel@gmail.com>
Reviewed-by: Roman Kagan <rkagan@virtuozzo.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-04-01 12:10:09 +02:00
Yuki Shibuya 321c5658c5 KVM: x86: Inject pending interrupt even if pending nmi exist
Non maskable interrupts (NMI) are preferred to interrupts in current
implementation. If a NMI is pending and NMI is blocked by the result
of nmi_allowed(), pending interrupt is not injected and
enable_irq_window() is not executed, even if interrupts injection is
allowed.

In old kernel (e.g. 2.6.32), schedule() is often called in NMI context.
In this case, interrupts are needed to execute iret that intends end
of NMI. The flag of blocking new NMI is not cleared until the guest
execute the iret, and interrupts are blocked by pending NMI. Due to
this, iret can't be invoked in the guest, and the guest is starved
until block is cleared by some events (e.g. canceling injection).

This patch injects pending interrupts, when it's allowed, even if NMI
is blocked. And, If an interrupts is pending after executing
inject_pending_event(), enable_irq_window() is executed regardless of
NMI pending counter.

Cc: stable@vger.kernel.org
Signed-off-by: Yuki Shibuya <shibuya.yk@ncos.nec.co.jp>
Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-04-01 12:10:09 +02:00
Paolo Bonzini c26e5f303a KVM/ARM Fixes for Linux v4.6-rc2.
Fixes a bug that corrupts stage-2 translationson 16-bit VMID equipped systems
 and fixes CPU PM and Hotplug after the EL2 init code has been moved to C.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJW/jk7AAoJEEtpOizt6ddyL1EH/RcWeOllk64dLpFouig8F+Oe
 Lm7b6okB8qJjZdpyStqWYGEWjd2kwZ5buUqmCf8kNPrQ143c3xwKAeb3hBly+6vK
 RDbef6nZqqPihbYTohFzquQKOY8haselciYwmW6+Lkq8uaZ6jNSTbDKwjtDI8rry
 +1FuSZKrUVz5xaj5qn4gDJjTmnZbX5rcdtwN3S9/AikPDtNZFZHcj8Qn/ps9jjLP
 jB2XCIRXFZdxxYOAlYbRx+sTVEnsTBYAwCrvFErJAfBH8m0QR94mn1epU7QzdrKN
 dnKbG4IYy19aPmOpfhGuQrUZ1G09QNSWQQ+BhG0pvq0/GBD0exkMdRssp11AXoI=
 =XE1Y
 -----END PGP SIGNATURE-----

Merge tag 'kvm-arm-for-4.6-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm into HEAD

KVM/ARM Fixes for Linux v4.6-rc2.

Fixes a bug that corrupts stage-2 translationson 16-bit VMID equipped systems
and fixes CPU PM and Hotplug after the EL2 init code has been moved to C.
2016-04-01 12:10:06 +02:00
Heiko Carstens 3358999a8e s390: wire up preadv2/pwritev2 syscalls
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2016-04-01 08:42:38 +02:00
Pierre Morel aa624886b6 s390/pci: PCI function group 0 is valid for clp_query_pci_fn
The PCI function group 0 is a valid function group,
it is wrong to reject it.

Let's accept PCI function group 0.

Signed-off-by: Pierre Morel <pmorel@linux.vnet.ibm.com>
Acked-by: Sebastian Ott <sebott@linux.vnet.ibm.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
2016-04-01 08:42:35 +02:00
Masami Hiramatsu 353def9460 MAINTAINERS: Update my email address
Since I moved to Linaro, this old address doesn't work anymore.
I'll use my kernel.org account for upstreaming.

Signed-off-by: Masami Hiramatsu <mhiramat@kernel.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: acme@redhat.com
Cc: rostedt@goodmis.org
Link: http://lkml.kernel.org/r/1459431203-7438-1-git-send-email-mhiramat@kernel.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2016-04-01 08:35:51 +02:00
Jan Kara e84dfbe2bf ext4: retry block allocation for failed DIO and DAX writes
Currently if block allocation for DIO or DAX write fails due to ENOSPC,
we just returned it to userspace. However these ENOSPC errors can be
transient because the transaction freeing blocks has not yet committed.
This demonstrates as failures of generic/102 test when the filesystem is
mounted with 'dax' mount option.

Fix the problem by properly retrying the allocation in case of ENOSPC
error in get blocks functions used for direct IO.

Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Tested-by: Ross Zwisler <ross.zwisler@linux.intel.com>
2016-04-01 02:07:22 -04:00
Hui Wang e549d190f7 ALSA: hda - fix front mic problem for a HP desktop
The front mic jack (pink color) can't detect any plug or unplug. After
applying this fix, both detecting function and recording function
work well.

BugLink: https://bugs.launchpad.net/bugs/1564712
Cc: stable@vger.kernel.org
Signed-off-by: Hui Wang <hui.wang@canonical.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2016-04-01 07:36:39 +02:00
Theodore Ts'o daf647d2dd ext4: add lockdep annotations for i_data_sem
With the internal Quota feature, mke2fs creates empty quota inodes and
quota usage tracking is enabled as soon as the file system is mounted.
Since quotacheck is no longer preallocating all of the blocks in the
quota inode that are likely needed to be written to, we are now seeing
a lockdep false positive caused by needing to allocate a quota block
from inside ext4_map_blocks(), while holding i_data_sem for a data
inode.  This results in this complaint:

  Possible unsafe locking scenario:

        CPU0                    CPU1
        ----                    ----
   lock(&ei->i_data_sem);
                                lock(&s->s_dquot.dqio_mutex);
                                lock(&ei->i_data_sem);
   lock(&s->s_dquot.dqio_mutex);

Google-Bug-Id: 27907753

Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@vger.kernel.org
2016-04-01 01:31:28 -04:00
Peter Hurley 5e00bbfbc5 tty: Fix merge of "tty: Refactor tty_open()"
Commit e9036d0662 ("tty: Drop krefs for interrupted tty lock")
fixed a tty reference counting problem introduced in
commit 0bfd464d3f ("tty: Wait interruptibly for tty lock on reopen"),
so v4.5.0 is correct.

However, commit d6203d0c7b ("tty: Refactor tty_open()") moved the
relevant code for 4.6-rc1; correct the merge.

Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-03-31 20:49:39 -07:00
Daniel Vetter 72b9ff0612 drm/udl: Use unlocked gem unreferencing
For drm_gem_object_unreference callers are required to hold
dev->struct_mutex, which these paths don't. Enforcing this requirement
has become a bit more strict with

commit ef4c6270bf
Author: Daniel Vetter <daniel.vetter@ffwll.ch>
Date:   Thu Oct 15 09:36:25 2015 +0200

    drm/gem: Check locking in drm_gem_object_unreference

Cc: stable@vger.kernel.org
Signed-off-by: Daniel Vetter <daniel.vetter@intel.com>
Signed-off-by: Dave Airlie <airlied@redhat.com>
2016-04-01 13:22:33 +10:00
Rob Clark 7779c5e23c drm/dp: move hw_mutex up the call stack
1) don't let other threads trying to bang on aux channel interrupt the
defer timeout/logic
2) don't let other threads interrupt the i2c over aux logic

Technically, according to people who actually have the DP spec, this
should not be required.  In practice, it makes some troublesome Dell
monitor (and perhaps others) work, so probably a case of "It's compliant
if it works with windows" on the hw vendor's part..

v2: rebased to come before DPCD/AUX logging patch for easier backport
to stable branches.

Reported-by: Dave Wysochanski <dwysocha@redhat.com>
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1274157
Cc: stable@vger.kernel.org
Signed-off-by: Rob Clark <robdclark@gmail.com>
Reviewed-by: Ville Syrjälä <ville.syrjala@linux.intel.com>
Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Signed-off-by: Dave Airlie <airlied@redhat.com>
2016-04-01 13:17:36 +10:00
Dave Airlie 5456248d66 Merge branch 'drm-rockchip-next-fixes-2016-03-28' of https://github.com/markyzq/kernel-drm-rockchip into drm-fixes
bunch of rockchip fixes.

* 'drm-rockchip-next-fixes-2016-03-28' of https://github.com/markyzq/kernel-drm-rockchip:
  drm/rockchip: dw_hdmi: Don't call platform_set_drvdata()
  drm/rockchip: vop: Fix vop crtc cleanup
  drm/rockchip: dw_hdmi: Call drm_encoder_cleanup() in error path
  drm/rockchip: vop: Disable planes when disabling CRTC
  drm/rockchip: vop: Don't reject empty modesets
  drm/rockchip: cancel pending vblanks on close
  drm/rockchip: vop: fix crtc size in plane check
2016-04-01 13:14:24 +10:00
Dave Airlie 90516d89cd Merge branch 'msm-fixes-4.6-rc1' of git://people.freedesktop.org/~robclark/linux into drm-fixes
two minor msm fixes.

* 'msm-fixes-4.6-rc1' of git://people.freedesktop.org/~robclark/linux:
  drm/msm: fix typo in the !COMMON_CLK case
  drm/msm: fix bug after preclose removal
2016-04-01 13:14:10 +10:00
Dave Airlie 2f4fcb3eaf Merge branch 'drm-next-4.6' of git://people.freedesktop.org/~agd5f/linux into drm-fixes
Just a few fixes for 4.6 this week:
- Add some SI DPM quirks
- Improve the ACP Kconfig text
- Additional BO pinning checks

* 'drm-next-4.6' of git://people.freedesktop.org/~agd5f/linux:
  drm/amdgpu: Don't move pinned BOs
  drm/radeon: Don't move pinned BOs
  drm/radeon: add a dpm quirk for all R7 370 parts
  drm/radeon: add another R7 370 quirk
  drm/radeon: add a dpm quirk for sapphire Dual-X R7 370 2G D5
  drm/amd: Beef up ACP Kconfig menu text
2016-04-01 13:13:34 +10:00
Martin K. Petersen f08bb1e0db sd: Fix excessive capacity printing on devices with blocks bigger than 512 bytes
During revalidate we check whether device capacity has changed before we
decide whether to output disk information or not.

The check for old capacity failed to take into account that we scaled
sdkp->capacity based on the reported logical block size. And therefore
the capacity test would always fail for devices with sectors bigger than
512 bytes and we would print several copies of the same discovery
information.

Avoid scaling sdkp->capacity and instead adjust the value on the fly
when setting the block device capacity and generating fake C/H/S
geometry.

Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
Cc: <stable@vger.kernel.org>
Reported-by: Hannes Reinecke <hare@suse.de>
Reviewed-by: Hannes Reinicke <hare@suse.de>
Reviewed-by: Ewan Milne <emilne@redhat.com>
Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
2016-03-31 20:59:08 -04:00
Peter Hurley da5a0fc674 tty: Fix UML console breakage
User-Mode Linux supplies an alternate TTY_MAJOR driver for stdio console,
so the noctty check in tty_open() must apply only to VT driver tty0
devnode and not the UML console driver tty0 devnode.

Fixes: 11e1d4aa4d ("tty: Consolidate noctty checks in tty_open()")
Reported-by: Richard Weinberger <richard.weinberger@gmail.com>
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-03-31 17:14:14 -07:00
Daniele Palmas 79f4223257 net: usb: cdc_ncm: adding Telit LE910 V2 mobile broadband card
Telit LE910 V2 is a mobile broadband card with no ARP capabilities:
the patch makes this device to use wwan_noarp_info struct

Signed-off-by: Daniele Palmas <dnlplm@gmail.com>
Reviewed-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-03-31 17:15:35 -04:00
Nicolas Dichtel c57c7a95da rtnl: fix msg size calculation in if_nlmsg_size()
Size of the attribute IFLA_PHYS_PORT_NAME was missing.

Fixes: db24a9044e ("net: add support for phys_port_name")
CC: David Ahern <dsahern@gmail.com>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Acked-by: David Ahern <dsahern@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-03-31 16:49:54 -04:00
Fabio Estevam 32867fcc0e fec: Do not access unexisting register in Coldfire
Commit 55cd48c821 ("net: fec: stop the "rcv is not +last, " error
messages") introduces a write to a register that does not exist in
Coldfire.

Move the FEC_FTRL register access inside the FEC_QUIRK_HAS_RACC 'if' block,
so that we guarantee it will not be used on Coldfire CPUs.

Reported-by: Greg Ungerer <gerg@uclinux.org>
Signed-off-by: Fabio Estevam <fabio.estevam@nxp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-03-31 16:04:05 -04:00
Jisheng Zhang 9bd9ddb7f8 net: mvneta: replace MVNETA_CPU_D_CACHE_LINE_SIZE with L1_CACHE_BYTES
The mvneta is also used in some Marvell berlin family SoCs which may
have 64bytes cacheline size. Replace the MVNETA_CPU_D_CACHE_LINE_SIZE
usage with L1_CACHE_BYTES.

And since dma_alloc_coherent() is always cacheline size aligned, so
remove the align checks.

Signed-off-by: Jisheng Zhang <jszhang@marvell.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-03-31 15:15:01 -04:00
Jisheng Zhang b7854efce2 net: mvpp2: replace MVPP2_CPU_D_CACHE_LINE_SIZE with L1_CACHE_BYTES
The mvpp2 ip maybe used in SoCs which may have have 64bytes cacheline
size. Replace the MVPP2_CPU_D_CACHE_LINE_SIZE with L1_CACHE_BYTES.

And since dma_alloc_coherent() is always cacheline size aligned, so
remove the align checks.

Signed-off-by: Jisheng Zhang <jszhang@marvell.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-03-31 15:15:01 -04:00
Patrick Uiterwijk 13a7ebb38a net: dsa: mv88e6xxx: Clear the PDOWN bit on setup
Some of the vendor-specific bootloaders set up this part
of the initialization for us, so this was never added.
However, since upstream bootloaders don't initialize the
chip specifically, they leave the fiber MII's PDOWN flag
set, which means that the CPU port doesn't connect.

This patch checks whether this flag has been clear prior
by something else, and if not make us clear it.

Reviewed-by: Andrew Lunn <andrew@lunn.ch>
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
Tested-by: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-03-31 15:12:57 -04:00
Patrick Uiterwijk 75baacf00f net: dsa: mv88e6xxx: Introduce _mv88e6xxx_phy_page_{read, write}
Add versions of the phy_page_read and _write functions to
be used in a context where the SMI mutex is held.

Tested-by: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
Reviewed-by: Vivien Didelot <vivien.didelot@savoirfairelinux.com>
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-03-31 15:12:57 -04:00
Shawn Lin e4c0e06f94 spi: rockchip: fix probe deferral handling
Use dma_request_chan instead of dma_request_slave_channel,
in this case we can check EPROBE_DEFER without static
warning.

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Shawn Lin <shawn.lin@rock-chips.com>
Reviewed-by: Douglas Anderson <dianders@chromium.org>
Signed-off-by: Mark Brown <broonie@kernel.org>
2016-03-31 12:06:19 -07:00
Mauro Carvalho Chehab 405ddbfa68 [media] Revert "[media] media: au0828 change to use Managed Media Controller API"
Extending the lifetime of the media_device struct is not handled well
by the core, as it will erase some data from the struct, when
media_device_cleanup() is called after unregistering it.

While we have a fixup patch for it already, the usage of those new
functions are needed only when we share data with other drivers.

So, better to revert the changes.

This reverts commit 182dde7c5d ("[media] media: au0828 change
to use Managed Media Controller API")

Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
2016-03-31 15:09:04 -03:00
Mauro Carvalho Chehab c89178f57a [media] Revert "[media] sound/usb: Use Media Controller API to share media resources"
Unfortunately, this patch caused several regressions at au0828 and
snd-usb-audio, like this one:
	https://bugzilla.kernel.org/show_bug.cgi?id=115561

It also showed several troubles at the MC core that handles pretty
poorly the memory protections and data lifetime management.

So, better to revert it and fix the core before reapplying this
change.

This reverts commit aebb2b89bf ("[media] sound/usb: Use Media
Controller API to share media resources")'

Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
2016-03-31 15:02:33 -03:00
Mauro Carvalho Chehab e8e3039f5b [media] au0828: Fix dev_state handling
The au0828 dev_state is actually a bit mask. It should not be
checking with "==" but, instead, with a logic and. There are some
places where it was doing it wrong.

Fix that by replacing the dev_state set/clear/test with the
bitops.

As reviewed by Shuah:
	"Looks good. Tested running bind/unbind au0828 loop for 1000 times.
	Didn't see any problems and the v4l2_querycap() problem has been
	fixed with this patch.

	After the above test, ran bind/unbind snd_usb_audio 1000 times.
	Didn't see any problems. Generated media graph and the graph
	looks good."

Cc: stable@vger.kernel.org
Reviewed-by: Shuah Khan <shuahkh@osg.samsung.com>
Tested-by: Shuah Khan <shuahkh@osg.samsung.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
2016-03-31 15:01:35 -03:00
Shuah Khan ed940cd274 [media] au0828: fix au0828_v4l2_close() dev_state race condition
au0828_v4l2_close() check for dev_state == DEV_DISCONNECTED will fail to
detect the device disconnected state correctly, if au0828_v4l2_open() runs
to set the DEV_INITIALIZED bit. A loop test of bind/unbind found this bug
by increasing the likelihood of au0828_v4l2_open() occurring while unbind
is in progress. When au0828_v4l2_close() fails to detect that the device
is in disconnect state, it attempts to power down the device and fails with
the following general protection fault:

[  260.992962] Call Trace:
[  260.993008]  [<ffffffffa0f80f0f>] ? xc5000_sleep+0x8f/0xd0 [xc5000]
[  260.993095]  [<ffffffffa0f6803c>] ? fe_standby+0x3c/0x50 [tuner]
[  260.993186]  [<ffffffffa0ef541c>] au0828_v4l2_close+0x53c/0x620 [au0828]
[  260.993298]  [<ffffffffa0d08ec0>] v4l2_release+0xf0/0x210 [videodev]
[  260.993382]  [<ffffffff81570f9c>] __fput+0x1fc/0x6c0
[  260.993449]  [<ffffffff815714ce>] ____fput+0xe/0x10
[  260.993519]  [<ffffffff8116eb83>] task_work_run+0x133/0x1f0
[  260.993602]  [<ffffffff810035d0>] exit_to_usermode_loop+0x140/0x170
[  260.993681]  [<ffffffff810061ca>] syscall_return_slowpath+0x16a/0x1a0
[  260.993754]  [<ffffffff82835fb3>] entry_SYSCALL_64_fastpath+0xa6/0xa8

Cc: stable@vger.kernel.org
Signed-off-by: Shuah Khan <shuahkh@osg.samsung.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
2016-03-31 15:01:08 -03:00
Shuah Khan ffa8576a53 [media] media: au0828 fix to clear enable/disable/change source handlers
Fix to clear enable/disable/change source handlers in the media device
when media device is unregistered in au0828_unregister_media_device().
When au0828 module is removed, snd-usb-audio shouldn't call the handlers.
Clearing will ensure snd-usb-audio won't call them once au0828 is removed.

[mchehab@osg.samsung.com: fix a compilation breakage]
Signed-off-by: Shuah Khan <shuahkh@osg.samsung.com>
Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
2016-03-31 14:50:39 -03:00
Mauro Carvalho Chehab 0fed3fcef4 [media] v4l2-mc: cleanup a warning
A previous patch removing dtv_demod needed to be rebased,
but the hunk removing the data was not merged by mistake.

Fixes: 840f5b0572 ('media: au0828 disable tuner to demod link in au0828_media_device_register()']

Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
2016-03-31 14:50:38 -03:00
Mauro Carvalho Chehab 2e208c64e3 [media] au0828: disable tuner links and cache tuner/decoder
For au0828_enable_source() to work, the tuner links should be
disabled and the tuner/decoder should be cached at au0828 struct.

While here, put dev->decoder cache together with dev->tuner, as
it makes easier to drop both latter if/when we move the enable
routines to the V4L2 core.

Fixes: 9822f4173f ('[media] au0828: use v4l2_mc_create_media_graph()')

Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
Reviewed-by: Shuah Khan <shuahkh@osg.samsung.com>
Tested-by: Shuah Khan <shuahkh@osg.samsung.com>
2016-03-31 14:50:38 -03:00
Shaohua Li ed3b98c71c MD: add rdev reference for super write
Xiao Ni reported below crash:
[26396.335146] BUG: unable to handle kernel NULL pointer dereference at 00000000000002a8
[26396.342990] IP: [<ffffffffa0425b00>] super_written+0x20/0x80 [md_mod]
[26396.349449] PGD 0
[26396.351468] Oops: 0002 [#1] SMP
[26396.354898] Modules linked in: ext4 mbcache jbd2 raid456 async_raid6_recov async_memcpy async_pq async_xor xor async_td
[26396.408404] CPU: 5 PID: 3261 Comm: loop0 Not tainted 4.5.0 #1
[26396.414140] Hardware name: Dell Inc. PowerEdge R715/0G2DP3, BIOS 3.2.2 09/15/2014
[26396.421608] task: ffff8808339be680 ti: ffff8808365f4000 task.ti: ffff8808365f4000
[26396.429074] RIP: 0010:[<ffffffffa0425b00>]  [<ffffffffa0425b00>] super_written+0x20/0x80 [md_mod]
[26396.437952] RSP: 0018:ffff8808365f7c38  EFLAGS: 00010046
[26396.443252] RAX: ffffffffa0425ae0 RBX: ffff8804336a7900 RCX: ffffe8f9f7b41198
[26396.450371] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff8804336a7900
[26396.457489] RBP: ffff8808365f7c50 R08: 0000000000000005 R09: 00001801e02ce3d7
[26396.464608] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000
[26396.471728] R13: ffff8808338d9a00 R14: 0000000000000000 R15: ffff880833f9fe00
[26396.478849] FS:  00007f9e5066d740(0000) GS:ffff880237b40000(0000) knlGS:0000000000000000
[26396.486922] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
[26396.492656] CR2: 00000000000002a8 CR3: 00000000019ea000 CR4: 00000000000006e0
[26396.499775] Stack:
[26396.501781]  ffff8804336a7900 0000000000000000 0000000000000000 ffff8808365f7c68
[26396.509199]  ffffffff81308cd0 ffff8804336a7900 ffff8808365f7ca8 ffffffff81310637
[26396.516618]  00000000a0233a00 ffff880833f9fe00 0000000000000000 ffff880833fb0000
[26396.524038] Call Trace:
[26396.526485]  [<ffffffff81308cd0>] bio_endio+0x40/0x60
[26396.531529]  [<ffffffff81310637>] blk_update_request+0x87/0x320
[26396.537439]  [<ffffffff8131a20a>] blk_mq_end_request+0x1a/0x70
[26396.543261]  [<ffffffff81313889>] blk_flush_complete_seq+0xd9/0x2a0
[26396.549517]  [<ffffffff81313ccf>] flush_end_io+0x15f/0x240
[26396.554993]  [<ffffffff8131a22a>] blk_mq_end_request+0x3a/0x70
[26396.560815]  [<ffffffff8131a314>] __blk_mq_complete_request+0xb4/0xe0
[26396.567246]  [<ffffffff8131a35c>] blk_mq_complete_request+0x1c/0x20
[26396.573506]  [<ffffffffa04182df>] loop_queue_work+0x6f/0x72c [loop]
[26396.579764]  [<ffffffff81697844>] ? __schedule+0x2b4/0x8f0
[26396.585242]  [<ffffffff810a7812>] kthread_worker_fn+0x52/0x170
[26396.591065]  [<ffffffff810a77c0>] ? kthread_create_on_node+0x1a0/0x1a0
[26396.597582]  [<ffffffff810a7238>] kthread+0xd8/0xf0
[26396.602453]  [<ffffffff810a7160>] ? kthread_park+0x60/0x60
[26396.607929]  [<ffffffff8169bdcf>] ret_from_fork+0x3f/0x70
[26396.613319]  [<ffffffff810a7160>] ? kthread_park+0x60/0x60

md_super_write() and corresponding md_super_wait() generally are called
with reconfig_mutex locked, which prevents disk disappears. There is one
case this rule is broken. write_sb_page of bitmap.c doesn't hold the
mutex. next_active_rdev does increase rdev reference, but it decreases
the reference too early (eg, before IO finish). disk can disappear at
the window. We unconditionally increase rdev reference in
md_super_write() to avoid the race.

Reported-and-tested-by: Xiao Ni <xni@redhat.com>
Reviewed-by: Neil Brown <neilb@suse.de>
Signed-off-by: Shaohua Li <shli@fb.com>
2016-03-31 10:04:18 -07:00
Wei Fang 466ad29223 md: fix a trivial typo in comments
Fix a trivial typo in md_ioctl().

Signed-off-by: Wei Fang <fangwei1@huawei.com>
Signed-off-by: Shaohua Li <shli@fb.com>
2016-03-31 10:04:18 -07:00
Wei Fang 816b0acf3d md:raid1: fix a dead loop when read from a WriteMostly disk
If first_bad == this_sector when we get the WriteMostly disk
in read_balance(), valid disk will be returned with zero
max_sectors. It'll lead to a dead loop in make_request(), and
OOM will happen because of endless allocation of struct bio.

Since we can't get data from this disk in this case, so
continue for another disk.

Signed-off-by: Wei Fang <fangwei1@huawei.com>
Signed-off-by: Shaohua Li <shli@fb.com>
2016-03-31 10:04:17 -07:00
Oliver Neukum 5a07975ad0 USB: digi_acceleport: do sanity checking for the number of ports
The driver can be crashed with devices that expose crafted descriptors
with too few endpoints.

See: http://seclists.org/bugtraq/2016/Mar/61

Signed-off-by: Oliver Neukum <ONeukum@suse.com>
[johan: fix OOB endpoint check and add error messages ]
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-03-31 09:28:46 -07:00
Oliver Neukum c55aee1bf0 USB: cypress_m8: add endpoint sanity check
An attack using missing endpoints exists.

CVE-2016-3137

Signed-off-by: Oliver Neukum <ONeukum@suse.com>
CC: stable@vger.kernel.org
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-03-31 09:28:46 -07:00
Oliver Neukum 4e9a0b0525 USB: mct_u232: add sanity checking in probe
An attack using the lack of sanity checking in probe is known. This
patch checks for the existence of a second port.

CVE-2016-3136

Signed-off-by: Oliver Neukum <ONeukum@suse.com>
CC: stable@vger.kernel.org
[johan: add error message ]
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-03-31 09:28:46 -07:00
Vladis Dronov 836b34a935 ALSA: usb-audio: Fix double-free in error paths after snd_usb_add_audio_stream() call
create_fixed_stream_quirk(), snd_usb_parse_audio_interface() and
create_uaxx_quirk() functions allocate the audioformat object by themselves
and free it upon error before returning. However, once the object is linked
to a stream, it's freed again in snd_usb_audio_pcm_free(), thus it'll be
double-freed, eventually resulting in a memory corruption.

This patch fixes these failures in the error paths by unlinking the audioformat
object before freeing it.

Based on a patch by Takashi Iwai <tiwai@suse.de>

[Note for stable backports:
 this patch requires the commit 902eb7fd1e ('ALSA: usb-audio: Minor
 code cleanup in create_fixed_stream_quirk()')]

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1283358
Reported-by: Ralf Spenneberg <ralf@spenneberg.net>
Cc: <stable@vger.kernel.org> # see the note above
Signed-off-by: Vladis Dronov <vdronov@redhat.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2016-03-31 18:07:31 +02:00
Martin Brandenburg 878dfd3210 orangefs: minimum userspace version is 2.9.3
Version 2.9.4 isn't even released yet.

Signed-off-by: Martin Brandenburg <martin@omnibond.com>
2016-03-31 12:06:00 -04:00
Martin Brandenburg 641bb3246d orangefs: don't put readdir slot twice
This was quite an oversight. After a readdir, the module could not be
unloaded, the number of slots is wrong, and memory near the slot bitmap
is possibly corrupt. Oops.

Signed-off-by: Martin Brandenburg <martin@omnibond.com>
2016-03-31 12:06:00 -04:00
Rafael J. Wysocki bb6ab52f2b intel_pstate: Do not set utilization update hook too early
The utilization update hook in the intel_pstate driver is set too
early, as it only should be set after the policy has been fully
initialized by the core.  That may cause intel_pstate_update_util()
to use incorrect data and put the CPUs into incorrect P-states as
a result.

To prevent that from happening, make intel_pstate_set_policy() set
the utilization update hook instead of intel_pstate_init_cpu() so
intel_pstate_update_util() only runs when all things have been
initialized as appropriate.

Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
2016-03-31 17:42:15 +02:00
David S. Miller 4833a0096a Merge branch '10GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/net-queue
Jeff Kirsher says:

====================
Intel Wired LAN Driver Updates 2016-03-29

This series contains fixes to ixgbe and ixgbevf.

Tushar fixes an issue which was introduced with an earlier commit, where
hardware register RAR0 default MAC address does not get set properly.

Alex fixes two issues, first being the VXLAN port number should be stored
in network order instead of in host order.  The second fix corrects the ATR
code to handle IPv6 extension headers.  The issue was ATR code was assuming
that it would be able to use tcp_hdr for every TCP frame that came through,
but that is not the case, which resulted in bad filters being setup.

Mark fixes a use of usleep_range() to udelay() in the case where a lock
is being held.

Stefan fixes the offline self tests where ndo_stop() should be used instead
of ndo_close(), which causes IFF_UP to be cleared and interface routes get
removed.

Emil fixes the error case where we need to return an error when a MAC
address change is rejected by the PF.  This helps prevent the user from
modifying the MAC address when the operation is not permitted.

Sridhar provides three fixes for ixgbe, all dealing with traffic class
offload handling.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
2016-03-31 11:40:16 -04:00
Alfredo Alvarez Fernandez 39e2e173fb locking/lockdep: Print chain_key collision information
A sequence of pairs [class_idx -> corresponding chain_key iteration]
is printed for both the current held_lock chain and the cached chain.

That exposes the two different class_idx sequences that led to that
particular hash value.

This helps with debugging hash chain collision reports.

Signed-off-by: Alfredo Alvarez Fernandez <alfredoalvarezfernandez@gmail.com>
Acked-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-fsdevel@vger.kernel.org
Cc: sedat.dilek@gmail.com
Cc: tytso@mit.edu
Link: http://lkml.kernel.org/r/1459357416-19190-1-git-send-email-alfredoalvarezernandez@gmail.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2016-03-31 15:03:58 +02:00
Maruthi Srinivas Bayyavarapu 8eb22214b7 ALSA: hda: add AMD Polaris-10/11 AZ PCI IDs with proper driver caps
This commit fixes garbled audio on Polaris-10/11 variants

Signed-off-by: Maruthi Bayyavarapu <maruthi.bayyavarapu@amd.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
Acked-by: Christian König <christian.koenig@amd.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2016-03-31 14:59:20 +02:00
Linus Torvalds c05c2ec96b Merge branch 'parisc-4.6-2' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux
Pull parisc fixes from Helge Deller:
 "Fix seccomp filter support and SIGSYS signals on compat kernel.

  Both patches are tagged for v4.5 stable kernel"

* 'parisc-4.6-2' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux:
  parisc: Fix and enable seccomp filter support
  parisc: Fix SIGSYS signals in compat case
2016-03-31 07:55:14 -05:00
Linus Torvalds e9dcfaff01 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
Pull vfs fix from Al Viro.

Automount handling was broken by commit e3c1392808 ("namei: massage
lookup_slow() to be usable by lookup_one_len_unlocked()") moving the
test for negative dentry too early.

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
  fix the braino in "namei: massage lookup_slow() to be usable by lookup_one_len_unlocked()"
2016-03-31 07:19:39 -05:00
Linus Torvalds ca4572042e GPIO fixes for the v4.6 series:
- Prevent NULL dereference in the Xgene driver
 - Fix an uninitialized spinlock in the menz127 driver
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJW/NY4AAoJEEEQszewGV1z0DoQAJmNSTJnLBrx91NCiklZQFi2
 d8plB1CiyuZklqP2sR9g+CzbVIx2u2kNTe0vR4U0R8XdOpO7ozphLWgPBn83FZ2E
 c3OCvwvKnHe0W+75g5ljVgYzTiC1OuOAN45Mgx01vLIOsEKk39hGrW7Wh+LuTam7
 yHEf7qZljt7mDXqzHjs/ZEkuwHi2dpQN1sWTjJtmpo48P6kUuD0eibdYzrxgSgOS
 qcHZNPOejdcZK9rTGoAPt3JTMHPImXmhNonie53t5jlKOEkZ/fwNLGbEpr+YI84B
 CZK5b41Yl//4tnmiI1AFuz9fpQEPF+WxJzzu9/uqry/bx9z53IXbwWhwZqJ5wX9L
 xuMFVPSwliBx58B/+1rH50g8iwWm0CAjjxbi4zBrkk3DlmJbl2lS06JSrd9j7Kfh
 Y/xAxRx15QyhCtVS3LWz6mNbL02k43urv2TQj+ajDiDXEwt8Hdxup7pq3LnbTtcN
 GU5NOs3boBv5jX5yCVV+tukm2apoxkE/cQR0OCi/spHllZi+aokOWN9pcrLH2mDl
 3NIPHxooquQT6Xww7aXLDvnas8oHPOffuRvggGa/z2b69nT3RbO9poJS/0QK2F31
 2Xb2euVZW38NxzyzTWlrVceGBsxQfQPuS9B9Wih/5JOkfAfrPIVqPibvWgzYv1uu
 K3UzEw4thAlUqgyAMi1u
 =l6OY
 -----END PGP SIGNATURE-----

Merge tag 'gpio-v4.6-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio

Pull GPIO fixes from Linus Walleij:
 "Here are two GPIO fixes for the v4.6 series, both in drivers:

   - Prevent NULL dereference in the Xgene driver
   - Fix an uninitialized spinlock in the menz127 driver"

* tag 'gpio-v4.6-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio:
  gpio: xgene: Prevent NULL pointer dereference
  gpio: menz127: Drop lock field from struct men_z127_gpio
2016-03-31 07:13:56 -05:00
Linus Torvalds c5bce408e4 Merge branch 'libnvdimm-for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm
Pull nvdimm mcsafe_memcpy use from Dan Williams:
 "Now that mcsafe_memcpy() has landed, and the return value was been
  clarified in commit cbf8b5a2b6 ("x86/mm, x86/mce: Fix return
  type/value for memcpy_mcsafe()"), let's hook up its primary usage in
  the pmem driver.

  The compilation problems from the initial posting have been fixed,
  this has appeared in a -next release with no reported issues, and it
  picked up an ack from Ingo.  There is no pressing need to merge this
  in 4.6- rc2.  However, if we wait until 4.7 the new memcpy_mcsafe()
  capability will ship without a user in 4.6-final"

* 'libnvdimm-for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm:
  x86, pmem: use memcpy_mcsafe() for memcpy_from_pmem()
2016-03-31 06:56:50 -05:00