Defrag user check in ip_expire was not updated after adding support for
"conntrack zones".
This bug manifests as a RFC violation, since the router will send
the icmp time exceeeded message when using conntrack zones.
Signed-off-by: Vasily Averin <vvs@openvz.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
ieee80211_reconfig already holds rtnl, so calling
cfg80211_sched_scan_stopped results in deadlock.
Use the rtnl-version of this function instead.
Fixes: d43c6b6 ("mac80211: reschedule sched scan after HW restart")
Cc: stable@vger.kernel.org (3.14+)
Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Add locked-version for cfg80211_sched_scan_stopped.
This is used for some users that might want to
call it when rtnl is already locked.
Fixes: d43c6b6 ("mac80211: reschedule sched scan after HW restart")
Cc: stable@vger.kernel.org (3.14+)
Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
cfg80211 is notified about connection failures by
__cfg80211_connect_result() call. However, this
function currently does not free cfg80211 sme.
This results in hanging connection attempts in some cases
e.g. when mac80211 authentication attempt is denied,
we have this function call:
ieee80211_rx_mgmt_auth() -> cfg80211_rx_mlme_mgmt() ->
cfg80211_process_auth() -> cfg80211_sme_rx_auth() ->
__cfg80211_connect_result()
but cfg80211_sme_free() is never get called.
Fixes: ceca7b712 ("cfg80211: separate internal SME implementation")
Cc: stable@vger.kernel.org (3.10+)
Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Filter out incoming multicast packages before applying their bitrate
to the rx bitrate station info field to prevent them from setting the
rx bitrate to the basic multicast rate.
Signed-off-by: Henning Rogge <hrogge@gmail.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
When building the name for the workqueue thread, make sure a format
string cannot leak in from the disk name.
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
The ubi->free_count should be updated with every insert/remove to/from
the ubi->free list.
Signed-off-by: Tanya Brokhman <tlinder@codeaurora.org>
Reviewed-by: Dolev Raviv <draviv@codeaurora.org>
Acked-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
In case of an error (if there are not free PEB's for example),
__wl_get_peb will return a negative value. In order to prevent access
violation we need to test the returned value prior to using it later on.
Signed-off-by: Tatyana Brokhman <tlinder@codeaurora.org>
Reviewed-by: Dolev Raviv <draviv@codeaurora.org>
Acked-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
Dan's "smatch" checker found out that there was a bug in the error path of the
'ubifs_remount_rw()' function. Instead of jumping to the "out" label which
cleans-things up, we just returned.
This patch fixes the problem.
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
Daniel Borkmann says:
====================
BPF cleanups
v3->v4:
- Sorry, noticed and fixed a typo in patch 3, rest as is
v2->v3:
- Included Dave's feedback for unsigned long type in patch 3
- Patch 1 and patch 2 unchanged since v1, dropped other
two for now
v1->v2:
- Only changed patch 5 as to suggestion from Alexei
- Rest is the same
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
This contains only some minor misc cleanpus. We can spare us the
extra variable declaration in __skb_get_pay_offset(), the cast in
__get_random_u32() is rather unnecessary and in __sk_migrate_realloc()
we can remove the memcpy() and do a direct assignment of the structs.
Latter was suggested by Fengguang Wu found with coccinelle. Also,
remaining pointer casts of long should be unsigned long instead.
Suggested-by: Fengguang Wu <fengguang.wu@intel.com>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Acked-by: Alexei Starovoitov <ast@plumgrid.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
The current code is a bit hard to parse on which registers can be used,
how they are mapped and all play together. It makes much more sense to
define this a bit more clearly so that the code is a bit more intuitive.
This patch cleans this up, and makes naming a bit more consistent among
the code. This also allows for moving some of the defines into the header
file. Clearing of A and X registers in __sk_run_filter() do not get a
particular register name assigned as they have not an 'official' function,
but rather just result from the concrete initial mapping of old BPF
programs. Since for BPF helper functions for BPF_CALL we already use
small letters, so be consistent here as well. No functional changes.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Acked-by: Alexei Starovoitov <ast@plumgrid.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This patch simplifies label naming for the BPF jump-table.
When we define labels via DL(), we just concatenate/textify
the combination of instruction opcode which consists of the
class, subclass, word size, target register and so on. Each
time we leave BPF_ prefix intact, so that e.g. the preprocessor
generates a label BPF_ALU_BPF_ADD_BPF_X for DL(BPF_ALU, BPF_ADD,
BPF_X) whereas a label name of ALU_ADD_X is much more easy
to grasp. Pure cleanup only.
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Acked-by: Alexei Starovoitov <ast@plumgrid.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
hhf_change() takes the sch_tree_lock and releases it but misses the
error cases. Fix the missed case here.
To reproduce try a command like this,
# tc qdisc change dev p3p2 root hhf quantum 40960 non_hh_weight 300000
Signed-off-by: John Fastabend <john.r.fastabend@intel.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
In particular, this patch tries to clarify internal BPF calling
convention and adds internal BPF examples, JIT guide, use cases.
Signed-off-by: Alexei Starovoitov <ast@plumgrid.com>
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
- only an email address change to the MAINTAINERS file
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJTZjv8AAoJEAAOaEEZVoIVo2gQAJr3WA+VGZXFXhhdmSqcGyqo
rtJWUWiVfiJyW52YiXTbySDtTFj9YFCi2Z4GFVJY7m74+rNyWBhdPXd1x30HUXuX
imUTGeJ739fSEj1DOL49E/R9KDuTi4lmgoEBwvwLdjnP3gjpPOXRjezjY8D+fhhh
WxKlSIQab5qwrcjBr7FqV/dA6MvRmwvTHYYfSXx1H3HALyi1rJcqVo9W3FeRhWvY
qivT4+2a6A78ZBnxSZ4kA187w9ThBDaMpF76Scmh51YK+iDUOZQWcqVBvOiK3mBJ
A7qNfB+1BN8/YWlMCi2eHwbwNxPHUiGrBL9DVHiHk6wKHkI8cM7m8GH7G8JNbQ4C
oBgzUj9jkK2aA5WMcFJ+Y/QeRy2Ls/gujZHU7ziVHcS/j+T6uPRjCAzr8eoZp9Xj
WMCew7UQaxTG//UtUOBYSblqR1cjtH6WGzhqlmceBdl+haanK27zUwwG0VgLLIIC
6VIXnLMHFNfiG+l4S7Yrfam5kXY/BEbjZXP0Et66cpQ60B6PRsg/p6RvTiLlnW+F
cenbmtm3xGg9OPZoz4TvIPfXJRD5jkXHkuWOV4pTyVnI76CitBhzeIXjgGlO9ei7
4g17+dQkoFKpU61Jc/L2O6zn+C4bl7UWBgZLHabiyxEIqQAAspuJpBx/CBCMaCv6
NNUDew91UH0NBn14eNmU
=JLHy
-----END PGP SIGNATURE-----
Merge tag 'locks-v3.15-3' of git://git.samba.org/jlayton/linux
Pull file locking change from Jeff Layton:
"Only an email address change to the MAINTAINERS file"
* tag 'locks-v3.15-3' of git://git.samba.org/jlayton/linux:
MAINTAINERS: email address change for Jeff Layton
arm64 move of of_clk_init() call in a previous commit
- Default DMA ops changed to non-coherent to preserve compatibility with
32-bit ARM DT files. The "dma-coherent" property can be used to
explicitly mark a device coherent. The Applied Micro DT file has been
updated to avoid DMA cache maintenance for the X-Gene SATA controller
(the only arm64 related driver with such assumption in -rc mainline)
- Fixmap correction for earlyprintk
- kern_addr_valid() fix for huge pages
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iQIcBAABAgAGBQJTZhiPAAoJEGvWsS0AyF7xGBUQAIthlCZGjq3yFh+P3YbZBbfh
8HEg3xQIEunaUTMLxrZ9c32rHdOwWMivmaStb7XfIzYc6XIGGnFwk0VFnxlBtOS/
yOw6khNy3d5b+R2yVVXJdOwGDvUJ7ZlZ4G35RbpFXqmHVOiT2JP5Pv/8hp/Ct3UE
eBoLjLYkvrnBgZyjBafTjc+ExjtViMdACNUCZ+fPfvWVF2pWesB72P9/+QT4DZ4Q
g+QXmtTviysFJPzi2LqVukPL5HzxrOcJql9F0lPEdCVypRHDQtNZfMf7aftZVRue
8z6IaqgwQuOkHko50RFcrPF1AbEnQWbbA//Mfm1YaJLtlaUwgEXS8jryP4MVGM/s
wjJD42tY80ysTFFiWjlqYx6wumtSjkZzLQIo7K+MjvleGaciRMsM5u2OyQJ6o8sR
GMLButOfZj1GOFPE56Xn6R27MzONS1eiCFR99dsnPPwNlqGuY7KEacAHGYRfEe75
g0Qwzj1sM6d+RHQKidWFRvvMQg5bxAENt1rpFJJ1cCge/jL2QqgbPhVPzMCM4nrW
xGQzSKO+5L1CLtH4gRd7Jdyg7tUrRBFzC8HXk/o6moO+lOebKzCpq4tNiW/MOwPG
sGCzmr2TpN6ImEjOhjYUByqa+XGUsz1n7d53Itkz8+pxsXhYHvd8iC1hOpNwakVM
h/0rfXwD782k1N3S++MH
=kRLA
-----END PGP SIGNATURE-----
Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux
Pull arm64 fixes from Catalin Marinas:
"These are mostly arm64 fixes with an additional arm(64) platform fix
for the initialisation of vexpress clocks (the latter only affecting
arm64; the arch/arm64 code is SoC agnostic and does not rely on early
SoC-specific calls)
- vexpress platform clocks initialisation moved earlier following the
arm64 move of of_clk_init() call in a previous commit
- Default DMA ops changed to non-coherent to preserve compatibility
with 32-bit ARM DT files. The "dma-coherent" property can be used
to explicitly mark a device coherent. The Applied Micro DT file
has been updated to avoid DMA cache maintenance for the X-Gene SATA
controller (the only arm64 related driver with such assumption in
-rc mainline)
- Fixmap correction for earlyprintk
- kern_addr_valid() fix for huge pages"
* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
vexpress: Initialise the sysregs before setting up the clocks
arm64: Mark the Applied Micro X-Gene SATA controller as DMA coherent
arm64: Use bus notifiers to set per-device coherent DMA ops
arm64: Make default dma_ops to be noncoherent
arm64: fixmap: fix missing sub-page offset for earlyprintk
arm64: Fix for the arm64 kern_addr_valid() function
This is two patches both fixing bugs in drivers (virtio-scsi and mpt2sas)
causing an oops in certain circumstances.
Signed-off-by: James Bottomley <JBottomley@Parallels.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQEcBAABAgAGBQJTZdBVAAoJEDeqqVYsXL0MIYMIAI/rDIV/MeF0OZd3nzTaEAIG
i8HPPgBTmSKmK3q04Pjjtc1CHW3unH6cr1tG1L4r1tyoxwcnZ0+x87fi3KcLIpBb
G6o/31QpniNQ/3LNdwCHtyl760XVZhWz6XpJ/NCmWuYeKx1RmT3W+ggnXD+fznNs
3h347rIrr4efkgRJIzzfi6pYa55VmvI6M7J/RpXmMg/IcfF+GBJfyEp0AsmIoYno
YVwFBB8h9cVsgvhROn8i1pYq1YOf9jo298LLMULMIvu9iZWHp57GOzA4HzyEa9kp
T1I6AzwJGbmirJsm0yD1hKgJns3Za+ZA3FeP5qQ7BX38YI7EKkkd+qtCMzT1YfY=
=whLk
-----END PGP SIGNATURE-----
Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi
Pull SCSI fixes from James Bottomley:
"This is two patches both fixing bugs in drivers (virtio-scsi and
mpt2sas) causing an oops in certain circumstances"
* tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi:
[SCSI] virtio-scsi: Skip setting affinity on uninitialized vq
[SCSI] mpt2sas: Don't disable device twice at suspend.
else we may fail to forward skb even if original fragments do fit
outgoing link mtu:
1. remote sends 2k packets in two 1000 byte frags, DF set
2. we want to forward but only see '2k > mtu and DF set'
3. we then send icmp error saying that outgoing link is 1500
But original sender never sent a packet that would not fit
the outgoing link.
Setting local_df makes outgoing path test size vs.
IPCB(skb)->frag_max_size, so we will still send the correct
error in case the largest original size did not fit
outgoing link mtu.
Reported-by: Maxime Bizon <mbizon@freebox.fr>
Suggested-by: Maxime Bizon <mbizon@freebox.fr>
Fixes: 5f2d04f1f9 (ipv4: fix path MTU discovery with connection tracking)
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Following arm64 commit bc3ee18a7a (arm64: init: Move of_clk_init to
time_init()), vexpress_osc_of_setup() is called via of_clk_init() long
before initcalls are issued. Initialising the vexpress oscillators
requires the vespress sysregs to be already initialised, so this patch
adds an explicit call to vexpress_sysreg_of_early_init() in vexpress
oscillator setup function.
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Tested-by: Will Deacon <will.deacon@arm.com>
Acked-by: Will Deacon <will.deacon@arm.com>
Tested-by: Pawel Moll <pawel.moll@arm.com>
Acked-by: Pawel Moll <pawel.moll@arm.com>
Cc: Mike Turquette <mturquette@linaro.org>
Commit e114a710aa ("tcp: fix cwnd limited checking to improve
congestion control") obsoleted in_flight parameter from
tcp_is_cwnd_limited() and its callers.
This patch does the removal as promised.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Acked-by: Neal Cardwell <ncardwell@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Commit 6a20dbd6ca,
"tty: Fix race condition between __tty_buffer_request_room and flush_to_ldisc"
correctly identifies an unsafe race condition between
__tty_buffer_request_room() and flush_to_ldisc(), where the consumer
flush_to_ldisc() prematurely advances the head before consuming the
last of the data committed. For example:
CPU 0 | CPU 1
__tty_buffer_request_room | flush_to_ldisc
... | ...
| count = head->commit - head->read
n = tty_buffer_alloc() |
b->commit = b->used |
b->next = n |
| if (!count) /* T */
| if (head->next == NULL) /* F */
| buf->head = head->next
In this case, buf->head has been advanced but head->commit may have
been updated with a new value.
Instead of reintroducing an unnecessary lock, fix the race locklessly.
Read the commit-next pair in the reverse order of writing, which guarantees
the commit value read is the latest value written if the head is
advancing.
Reported-by: Manfred Schlaegl <manfred.schlaegl@gmx.at>
Cc: <stable@vger.kernel.org> # 3.12.x+
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This reverts commit 6a20dbd6ca.
Although the commit correctly identifies an unsafe race condition
between __tty_buffer_request_room() and flush_to_ldisc(), the commit
fixes the race with an unnecessary spinlock in a lockless algorithm.
The follow-on commit, "tty: Fix lockless tty buffer race" fixes
the race locklessly.
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
When 'console=hvc0' is specified to the kernel parameter in x86 KVM guest,
hvc console is setup within a kthread. However, that will cause SEGV
and the boot will fail when the driver is builtin to the kernel,
because currently hvc_console_setup() is annotated with '__init'. This
patch removes '__init' to boot the guest successfully with 'console=hvc0'.
Signed-off-by: Tomoki Sekiyama <tomoki.sekiyama@hds.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
The tty atomic_write_lock does not provide an exclusion guarantee for
the tty driver if the termios settings are LECHO & !OPOST. And since
it is unexpected and not allowed to call TTY buffer helpers like
tty_insert_flip_string concurrently, this may lead to crashes when
concurrect writers call pty_write. In that case the following two
writers:
* the ECHOing from a workqueue and
* pty_write from the process
race and can overflow the corresponding TTY buffer like follows.
If we look into tty_insert_flip_string_fixed_flag, there is:
int space = __tty_buffer_request_room(port, goal, flags);
struct tty_buffer *tb = port->buf.tail;
...
memcpy(char_buf_ptr(tb, tb->used), chars, space);
...
tb->used += space;
so the race of the two can result in something like this:
A B
__tty_buffer_request_room
__tty_buffer_request_room
memcpy(buf(tb->used), ...)
tb->used += space;
memcpy(buf(tb->used), ...) ->BOOM
B's memcpy is past the tty_buffer due to the previous A's tb->used
increment.
Since the N_TTY line discipline input processing can output
concurrently with a tty write, obtain the N_TTY ldisc output_lock to
serialize echo output with normal tty writes. This ensures the tty
buffer helper tty_insert_flip_string is not called concurrently and
everything is fine.
Note that this is nicely reproducible by an ordinary user using
forkpty and some setup around that (raw termios + ECHO). And it is
present in kernels at least after commit
d945cb9cce (pty: Rework the pty layer to
use the normal buffering logic) in 2.6.31-rc3.
js: add more info to the commit log
js: switch to bool
js: lock unconditionally
js: lock only the tty->ops->write call
References: CVE-2014-0196
Reported-and-tested-by: Jiri Slaby <jslaby@suse.cz>
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Alan Cox <alan@lxorguk.ukuu.org.uk>
Cc: <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
The sleep function was updated to put the serial port to sleep only when necessary.
This appears to resolve the errant behavior of the driver as described in
Kernel Bug 61961 – "My Exar Corp. XR17C/D152 Dual PCI UART modem does not
work with 3.8.0".
Signed-off-by: Michael Welling <mwelling@ieee.org>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Per reference manuals of Freescale P1020 and P2020 SoCs, USB controller
present in these SoCs has bit 17 of USBx_CONTROL register marked as
Reserved - there is no PHY_CLK_VALID bit there.
Testing for this bit in ehci_fsl_setup_phy() behaves differently on two
P1020RDB boards available here - on one board test passes and fsl-usb
init succeeds, but on other board test fails, causing fsl-usb init to
fail.
This patch changes ehci_fsl_setup_phy() not to test PHY_CLK_VALID on
controller version 1.6 that (per manual) does not have this bit.
Signed-off-by: Nikita Yushchenko <nyushchenko@dev.rtsoft.ru>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Even if the USB-to-ATAPI converter supported multiple LUNs, this
driver would always detect the same physical device or media because
it doesn't use srb->device->lun in any way.
Tested with an Hewlett-Packard CD-Writer Plus 8200e.
Signed-off-by: Daniele Forsi <dforsi@gmail.com>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Dan writes:
"The Dell drivers use the same configuration for PIDs:
81A2: Dell Wireless 5806 Gobi(TM) 4G LTE Mobile Broadband Card
81A3: Dell Wireless 5570 HSPA+ (42Mbps) Mobile Broadband Card
81A4: Dell Wireless 5570e HSPA+ (42Mbps) Mobile Broadband Card
81A8: Dell Wireless 5808 Gobi(TM) 4G LTE Mobile Broadband Card
81A9: Dell Wireless 5808e Gobi(TM) 4G LTE Mobile Broadband Card
These devices are all clearly Sierra devices, but are also definitely
Gobi-based. The A8 might be the MC7700/7710 and A9 is likely a MC7750.
>From DellGobi5kSetup.exe from the Dell drivers:
usbif0: serial/firmware loader?
usbif2: nmea
usbif3: modem/ppp
usbif8: net/QMI"
Cc: <stable@vger.kernel.org>
Reported-by: AceLan Kao <acelan.kao@canonical.com>
Reported-by: Dan Williams <dcbw@redhat.com>
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Some OHCI controllers from ATI/AMD seem to have difficulty with
"global" USB suspend, that is, suspending an entire USB bus without
setting the suspend feature for each port connected to a device. When
we try to resume the child devices, the controller gives timeout
errors on the unsuspended ports, requiring resets, and can even cause
ohci-hcd to hang; see
http://marc.info/?l=linux-usb&m=139514332820398&w=2
and the following messages.
This patch fixes the problem by adding a new quirk flag to ohci-hcd.
The flag causes the ohci_rh_suspend() routine to suspend each
unsuspended, enabled port before suspending the root hub. This
effectively converts the "global" suspend to an ordinary root-hub
suspend. There is no need to unsuspend these ports when the root hub
is resumed, because the child devices will be resumed anyway in the
course of a normal system resume ("global" suspend is never used for
runtime PM).
This patch should be applied to all stable kernels which include
commit 0aa2832dd0 (USB: use "global suspend" for system sleep on
USB-2 buses) or a backported version thereof.
Signed-off-by: Alan Stern <stern@rowland.harvard.edu>
Reported-by: Peter Münster <pmlists@free.fr>
Tested-by: Peter Münster <pmlists@free.fr>
CC: <stable@vger.kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Since the default DMA ops for arm64 are non-coherent, mark the X-Gene
controller explicitly as dma-coherent to avoid additional cache
maintenance.
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Cc: Loc Ho <lho@apm.com>
Recently, the default DMA ops have been changed to non-coherent for
alignment with 32-bit ARM platforms (and DT files). This patch adds bus
notifiers to be able to set the coherent DMA ops (with no cache
maintenance) for devices explicitly marked as coherent via the
"dma-coherent" DT property.
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Currently arm64 dma_ops is by default made coherent which makes it
opposite in default policy from arm.
Make default dma_ops to be noncoherent (same as arm), as currently there
aren't any dma-capable drivers which assumes coherent ops
Signed-off-by: Ritesh Harjani <ritesh.harjani@gmail.com>
Acked-by: Will Deacon <will.deacon@arm.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Commit d57c33c5da (add generic fixmap.h) added (among other
similar things) set_fixmap_io to deal with early ioremap of devices.
More recently, commit bf4b558eba (arm64: add early_ioremap support)
converted the arm64 earlyprintk to use set_fixmap_io. A side effect of
this conversion is that my virtual machines have stopped booting when
I pass "earlyprintk=uart8250-8bit,0x3f8" to the guest kernel.
Turns out that the new earlyprintk code doesn't care at all about
sub-page offsets, and just assumes that the earlyprintk device will
be page-aligned. Obviously, that doesn't play well with the above example.
Further investigation shows that set_fixmap_io uses __set_fixmap instead
of __set_fixmap_offset. A fix is to introduce a set_fixmap_offset_io that
uses the latter, and to remove the superflous call to fix_to_virt
(which only returns the value that set_fixmap_io has already given us).
With this applied, my VMs are back in business. Tested on a Cortex-A57
platform with kvmtool as platform emulation.
Cc: Will Deacon <will.deacon@arm.com>
Acked-by: Mark Salter <msalter@redhat.com>
Acked-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Fix for the arm64 kern_addr_valid() function to recognize
virtual addresses in the kernel logical memory map. The
function fails as written because it does not check whether
the addresses in that region are mapped at the pmd level to
2MB or 512MB pages, continues the page table walk to the
pte level, and issues a garbage value to pfn_valid().
Tested on 4K-page and 64K-page kernels.
Signed-off-by: Dave Anderson <anderson@redhat.com>
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>
Pull irq fixes from Thomas Gleixner:
"This udpate delivers:
- A fix for dynamic interrupt allocation on x86 which is required to
exclude the GSI interrupts from the dynamic allocatable range.
This was detected with the newfangled tablet SoCs which have GPIOs
and therefor allocate a range of interrupts. The MSI allocations
already excluded the GSI range, so we never noticed before.
- The last missing set_irq_affinity() repair, which was delayed due
to testing issues
- A few bug fixes for the armada SoC interrupt controller
- A memory allocation fix for the TI crossbar interrupt controller
- A trivial kernel-doc warning fix"
* 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
irqchip: irq-crossbar: Not allocating enough memory
irqchip: armanda: Sanitize set_irq_affinity()
genirq: x86: Ensure that dynamic irq allocation does not conflict
linux/interrupt.h: fix new kernel-doc warnings
irqchip: armada-370-xp: Fix releasing of MSIs
irqchip: armada-370-xp: implement the ->check_device() msi_chip operation
irqchip: armada-370-xp: fix invalid cast of signed value into unsigned variable
Pull timer fixes from Thomas Gleixner:
"This update brings along:
- Two fixes for long standing bugs in the hrtimer code, one which
prevents remote enqueuing and the other preventing arbitrary delays
after a interrupt hang was detected
- A fix in the timer wheel which prevents math overflow
- A fix for a long standing issue with the architected ARM timer
related to the C3STOP mechanism.
- A trivial compile fix for nspire SoC clocksource"
* 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
timer: Prevent overflow in apply_slack
hrtimer: Prevent remote enqueue of leftmost timers
hrtimer: Prevent all reprogramming if hang detected
clocksource: nspire: Fix compiler warning
clocksource: arch_arm_timer: Fix age-old arch timer C3STOP detection issue
rcu_dereference(). It required rcu_dereference_sched() instead of
the normal rcu_dereference(). It produces a nasty RCU lockdep splat
due to the incorrect rcu notation.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJTZF+rAAoJEKQekfcNnQGufrIH/1Wa1hzNoq8n1JmejythN6Yn
lQ9RvD0NFrKcO3wd8XyYUoRQXNZ0RJ6JJzERyNygVWp8zLF9TifywaFCZpyNEH91
58qidUdAEBaOMHB6WAVVg056kSC7QG5+kRzgFKktQNDac29Ykw2hJBrFoAAlkoi2
7slBOpnRnpgGn6cRU7hjCbaZs/RvVOJ9J00JeOWFFcM8vFcKMNZBypnwSpRCwc51
ZU8O4UhewqwXuTL35Lrnoaf6LZltkaudbRsc4/xgidT+S6djXU+6vnboerdBajh9
aWCNcI8WVV6UXkJ7X/Ft7i7gV181iCvU+vUVk9REXatEgH1RBTJlMhwgqH4fiLM=
=vEMu
-----END PGP SIGNATURE-----
Merge tag 'trace-fixes-v3.15-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace
Pull tracing fix from Steven Rostedt:
"This is a small fix where the trigger code used the wrong
rcu_dereference(). It required rcu_dereference_sched() instead of the
normal rcu_dereference(). It produces a nasty RCU lockdep splat due
to the incorrect rcu notation"
Acked-by: Paul E. McKenney <paulmck@linux.vnet.ibm.com>
* tag 'trace-fixes-v3.15-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
tracing: Use rcu_dereference_sched() for trace event triggers
As trace event triggers are now part of the mainline kernel, I added
my trace event trigger tests to my test suite I run on all my kernels.
Now these tests get run under different config options, and one of
those options is CONFIG_PROVE_RCU, which checks under lockdep that
the rcu locking primitives are being used correctly. This triggered
the following splat:
===============================
[ INFO: suspicious RCU usage. ]
3.15.0-rc2-test+ #11 Not tainted
-------------------------------
kernel/trace/trace_events_trigger.c:80 suspicious rcu_dereference_check() usage!
other info that might help us debug this:
rcu_scheduler_active = 1, debug_locks = 0
4 locks held by swapper/1/0:
#0: ((&(&j_cdbs->work)->timer)){..-...}, at: [<ffffffff8104d2cc>] call_timer_fn+0x5/0x1be
#1: (&(&pool->lock)->rlock){-.-...}, at: [<ffffffff81059856>] __queue_work+0x140/0x283
#2: (&p->pi_lock){-.-.-.}, at: [<ffffffff8106e961>] try_to_wake_up+0x2e/0x1e8
#3: (&rq->lock){-.-.-.}, at: [<ffffffff8106ead3>] try_to_wake_up+0x1a0/0x1e8
stack backtrace:
CPU: 1 PID: 0 Comm: swapper/1 Not tainted 3.15.0-rc2-test+ #11
Hardware name: /DG965MQ, BIOS MQ96510J.86A.0372.2006.0605.1717 06/05/2006
0000000000000001 ffff88007e083b98 ffffffff819f53a5 0000000000000006
ffff88007b0942c0 ffff88007e083bc8 ffffffff81081307 ffff88007ad96d20
0000000000000000 ffff88007af2d840 ffff88007b2e701c ffff88007e083c18
Call Trace:
<IRQ> [<ffffffff819f53a5>] dump_stack+0x4f/0x7c
[<ffffffff81081307>] lockdep_rcu_suspicious+0x107/0x110
[<ffffffff810ee51c>] event_triggers_call+0x99/0x108
[<ffffffff810e8174>] ftrace_event_buffer_commit+0x42/0xa4
[<ffffffff8106aadc>] ftrace_raw_event_sched_wakeup_template+0x71/0x7c
[<ffffffff8106bcbf>] ttwu_do_wakeup+0x7f/0xff
[<ffffffff8106bd9b>] ttwu_do_activate.constprop.126+0x5c/0x61
[<ffffffff8106eadf>] try_to_wake_up+0x1ac/0x1e8
[<ffffffff8106eb77>] wake_up_process+0x36/0x3b
[<ffffffff810575cc>] wake_up_worker+0x24/0x26
[<ffffffff810578bc>] insert_work+0x5c/0x65
[<ffffffff81059982>] __queue_work+0x26c/0x283
[<ffffffff81059999>] ? __queue_work+0x283/0x283
[<ffffffff810599b7>] delayed_work_timer_fn+0x1e/0x20
[<ffffffff8104d3a6>] call_timer_fn+0xdf/0x1be^M
[<ffffffff8104d2cc>] ? call_timer_fn+0x5/0x1be
[<ffffffff81059999>] ? __queue_work+0x283/0x283
[<ffffffff8104d823>] run_timer_softirq+0x1a4/0x22f^M
[<ffffffff8104696d>] __do_softirq+0x17b/0x31b^M
[<ffffffff81046d03>] irq_exit+0x42/0x97
[<ffffffff81a08db6>] smp_apic_timer_interrupt+0x37/0x44
[<ffffffff81a07a2f>] apic_timer_interrupt+0x6f/0x80
<EOI> [<ffffffff8100a5d8>] ? default_idle+0x21/0x32
[<ffffffff8100a5d6>] ? default_idle+0x1f/0x32
[<ffffffff8100ac10>] arch_cpu_idle+0xf/0x11
[<ffffffff8107b3a4>] cpu_startup_entry+0x1a3/0x213
[<ffffffff8102a23c>] start_secondary+0x212/0x219
The cause is that the triggers are protected by rcu_read_lock_sched() but
the data is dereferenced with rcu_dereference() which expects it to
be protected with rcu_read_lock(). The proper reference should be
rcu_dereference_sched().
Cc: Tom Zanussi <tom.zanussi@linux.intel.com>
Cc: stable@vger.kernel.org # 3.14+
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
- There are two bugs in the ACPI PNP core that cause errors to
be returned if optional ACPI methods are not present. After
an ACPI core change made in 3.14 one of those errors leads
to serial port suspend failures on some systems. Fix from
Rafael J Wysocki.
- A recently added PNP quirk related to Intel chipsets intorduced
a build error in unusual configurations (PNP without PCI). Fix
from Bjorn Helgaas.
- An ACPI EC workaround related to system suspend on Samsung machines
added in 3.14 introduced a race causing some valid EC events to be
discarded. Fix from Kieran Clancy.
- The acpi-cpufreq driver fails to load on some systems after a 3.14
commit related to APIC ID parsing that overlooked one corner case.
Fix from Lan Tianyu.
- Fix for a recently introduced build problem in the ppc-corenet
cpufreq driver from Tim Gardner.
- A recent cpufreq core change to ensure serialization of frequency
transitions for drivers with a ->target_index() callback overlooked
the fact that some of those drivers had been doing operations
introduced by it into the core already by themselves. That resulted
in a mess in which the core and the drivers try to do the same thing
and block each other which leads to deadlocks. Fixes for the
powernow-k7, powernow-k6, and longhaul cpufreq drivers from
Srivatsa S Bhat.
- Fix for a computational error in the powernow-k6 cpufreq driver
from Srivatsa S Bhat.
/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAABCAAGBQJTZCgMAAoJEILEb/54YlRxfaoQAKHm8FePiu269gZiejU1wA/+
SpGfqK4Src03ylIguIfZBXIKO30L9ZqWrKxnfAipPFO2zc53KW6Ip25UGvN9Is01
Sdw/EV1JNh3Su4kZJDXpNj2OjwuE4GyCuNaccaD6H8ns3qpxK0JNEHFww5d+1UzQ
WdAEbEqe/G+H9Y1gEX8N2yk3wji1h2SPFsD82Lo8F8L2c3qseYMThSG/plnYyPgr
ZSnw7I2xeNB9a7LsVzNMlkfgYW0Op3uUTWJQbpxkHCEZjrhctdYzg2G9P9lKoYTA
X7XAChZrYEGwRrRQZ8X8esPBrqLAqkgkQTksQOzFWvXTS2PoiUb+YV0NXYwWfccS
omASYqMc0dprUnNFCbh4XjeubKGc1x7KuhSGCV+7QjF0ryNt65vMBUM52wwZ/sNk
1qJjNAiJDKj/mJ2Ova/Jma2sQJR+1KCnPvzITCpBSfZwNugGMKaWPo8evRv98DE4
EW7lSSNKcIOR4iM2xd4al9IFWtWEJHiiNaRjMGUn6gsyVjsafGt24lbyr3uohTCo
memzQaH7SLi4AzCBdo8xXd5vOXUPqGGQMoCkp2IEmPm+WDjKTCbcNZhmvZ9j3Swe
SMU2ScSpr+MTWrG/ITOjD2+iAlOsjWDMLQjZD27du8HSXLs8FV92l+Um2rvlFnzi
sX3lS1gHLROes3b56fnQ
=FeTn
-----END PGP SIGNATURE-----
Merge tag 'pm+acpi-3.15-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
Pull ACPI and power management fixes from Rafael Wysocki:
"A bunch of regression fixes this time. They fix two regressions in
the PNP subsystem, one in the ACPI processor driver and one in the
ACPI EC driver, four cpufreq driver regressions and an unrelated bug
in one of the drivers. The regressions are recent or introduced in
3.14.
Specifics:
- There are two bugs in the ACPI PNP core that cause errors to be
returned if optional ACPI methods are not present. After an ACPI
core change made in 3.14 one of those errors leads to serial port
suspend failures on some systems. Fix from Rafael J Wysocki.
- A recently added PNP quirk related to Intel chipsets intorduced a
build error in unusual configurations (PNP without PCI). Fix from
Bjorn Helgaas.
- An ACPI EC workaround related to system suspend on Samsung machines
added in 3.14 introduced a race causing some valid EC events to be
discarded. Fix from Kieran Clancy.
- The acpi-cpufreq driver fails to load on some systems after a 3.14
commit related to APIC ID parsing that overlooked one corner case.
Fix from Lan Tianyu.
- Fix for a recently introduced build problem in the ppc-corenet
cpufreq driver from Tim Gardner.
- A recent cpufreq core change to ensure serialization of frequency
transitions for drivers with a ->target_index() callback overlooked
the fact that some of those drivers had been doing operations
introduced by it into the core already by themselves. That
resulted in a mess in which the core and the drivers try to do the
same thing and block each other which leads to deadlocks. Fixes
for the powernow-k7, powernow-k6, and longhaul cpufreq drivers from
Srivatsa S Bhat.
- Fix for a computational error in the powernow-k6 cpufreq driver
from Srivatsa S Bhat"
* tag 'pm+acpi-3.15-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
ACPI / processor: Fix failure of loading acpi-cpufreq driver
PNP / ACPI: Do not return errors if _DIS or _SRS are not present
PNP: Fix compile error in quirks.c
ACPI / EC: Process rather than discard events in acpi_ec_clear
cpufreq: ppc-corenet-cpufreq: Fix __udivdi3 modpost error
cpufreq: powernow-k7: Fix double invocation of cpufreq_freq_transition_begin/end
cpufreq: powernow-k6: Fix double invocation of cpufreq_freq_transition_begin/end
cpufreq: powernow-k6: Fix incorrect comparison with max_multipler
cpufreq: longhaul: Fix double invocation of cpufreq_freq_transition_begin/end
This branch fixes a bug where a device can get stuck in the deferred
list even though all its dependencies are met. The bug has existed for a
long time, but new platform conversions to device tree have exposed it.
This patch is needed to get those platforms working.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJTYl5gAAoJEMWQL496c2LNX9IP/3j7ntTupA4/UIPNyf+ZZmZh
7N++Jv6clx6sFzBabmLa1sWhavXo+n4w76uFTx3lVlkcENyW4F7/rAqJJknz4byV
QWlCQhB8pAScaZiCHxy8kHoRSu48bmGIDZedwudZyEfTgX5ERvaAJKOTRWhOf8ll
X43Pefo2blYIh8hRGIl636DrQkYvAU4o89Eu84Wr2FtNe6+DUHqSceEZzfntwKy6
S2BSaUw+DilaOs4hTj0lOwkJ8QLqbG3uhzhDWJlvJFMqBhpYAi5BeWcPDzh2k0Gf
NAZQzW9TTg6JStSVagIXukxRjxD+OVQpPhvy1rBlVctgw45L34D2zBZw69Kh1LjI
uYS9sCLU/Ra9MNI67lWojKfkhcOrcuRHBF3+PcFv6FkzxRFC9PKQgzqii/LDlwqp
Zf9imuFd70jyrJtpnQcLTF5YesnXRX6CB/dnDOzw44JQEOCd9Fq8pm9wRx2UXFsb
E4qmiHAatnlWRX2pXHe/cYcryzrkZkRpzY4d9hVoodqynX9oqzPBZRB4cvAfNABF
QpTCyusAcDyZHF/64EOFNclL4iBQ19KAcUbxMkdnqxkhTk0xuF409eVQTgKODQa8
30i4eP70FV6NXNrr5u4qKoWIUzJnw7VYGNGiAwvmKbJe+JAp53p7C0eqgmGAFt/3
EKoEhe6pzmlMutPPx7ER
=ADbi
-----END PGP SIGNATURE-----
Merge tag 'dt-for-linus' of git://git.secretlab.ca/git/linux
Pull driver core deferred probe fix from Grant Likely:
"Drivercore race condition fix (exposed by devicetree)
This branch fixes a bug where a device can get stuck in the deferred
list even though all its dependencies are met. The bug has existed
for a long time, but new platform conversions to device tree have
exposed it. This patch is needed to get those platforms working.
This was the pending bug fix I mentioned in my previous pull request.
Normally this would go through Greg's tree seeing that it is a
drivercore change, but devicetree exposes the problem. I've discussed
with Greg and he okayed me asking you to pull directly"
* tag 'dt-for-linus' of git://git.secretlab.ca/git/linux:
drivercore: deferral race condition fix
* acpi-ec:
ACPI / EC: Process rather than discard events in acpi_ec_clear
* acpi-processor:
ACPI / processor: Fix failure of loading acpi-cpufreq driver
Yuchung discovered tcp_is_cwnd_limited() was returning false in
slow start phase even if the application filled the socket write queue.
All congestion modules take into account tcp_is_cwnd_limited()
before increasing cwnd, so this behavior limits slow start from
probing the bandwidth at full speed.
The problem is that even if write queue is full (aka we are _not_
application limited), cwnd can be under utilized if TSO should auto
defer or TCP Small queues decided to hold packets.
So the in_flight can be kept to smaller value, and we can get to the
point tcp_is_cwnd_limited() returns false.
With TCP Small Queues and FQ/pacing, this issue is more visible.
We fix this by having tcp_cwnd_validate(), which is supposed to track
such things, take into account unsent_segs, the number of segs that we
are not sending at the moment due to TSO or TSQ, but intend to send
real soon. Then when we are cwnd-limited, remember this fact while we
are processing the window of ACKs that comes back.
For example, suppose we have a brand new connection with cwnd=10; we
are in slow start, and we send a flight of 9 packets. By the time we
have received ACKs for all 9 packets we want our cwnd to be 18.
We implement this by setting tp->lsnd_pending to 9, and
considering ourselves to be cwnd-limited while cwnd is less than
twice tp->lsnd_pending (2*9 -> 18).
This makes tcp_is_cwnd_limited() more understandable, by removing
the GSO/TSO kludge, that tried to work around the issue.
Note the in_flight parameter can be removed in a followup cleanup
patch.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Neal Cardwell <ncardwell@google.com>
Signed-off-by: Yuchung Cheng <ycheng@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This switches a few remaining capable(CAP_NET_ADMIN) to ns_capable so
that root in a user namespace may set tc rules inside that namespace.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Jamal Hadi Salim <jhs@mojatatu.com>
Cc: "David S. Miller" <davem@davemloft.net>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Vasily Averin