Commit Graph

603662 Commits

Author SHA1 Message Date
Paolo Bonzini 4c5ea0a9cd locking/static_key: Fix concurrent static_key_slow_inc()
The following scenario is possible:

    CPU 1                                   CPU 2
    static_key_slow_inc()
     atomic_inc_not_zero()
      -> key.enabled == 0, no increment
     jump_label_lock()
     atomic_inc_return()
      -> key.enabled == 1 now
                                            static_key_slow_inc()
                                             atomic_inc_not_zero()
                                              -> key.enabled == 1, inc to 2
                                             return
                                            ** static key is wrong!
     jump_label_update()
     jump_label_unlock()

Testing the static key at the point marked by (**) will follow the
wrong path for jumps that have not been patched yet.  This can
actually happen when creating many KVM virtual machines with userspace
LAPIC emulation; just run several copies of the following program:

    #include <fcntl.h>
    #include <unistd.h>
    #include <sys/ioctl.h>
    #include <linux/kvm.h>

    int main(void)
    {
        for (;;) {
            int kvmfd = open("/dev/kvm", O_RDONLY);
            int vmfd = ioctl(kvmfd, KVM_CREATE_VM, 0);
            close(ioctl(vmfd, KVM_CREATE_VCPU, 1));
            close(vmfd);
            close(kvmfd);
        }
        return 0;
    }

Every KVM_CREATE_VCPU ioctl will attempt a static_key_slow_inc() call.
The static key's purpose is to skip NULL pointer checks and indeed one
of the processes eventually dereferences NULL.

As explained in the commit that introduced the bug:

  706249c222 ("locking/static_keys: Rework update logic")

jump_label_update() needs key.enabled to be true.  The solution adopted
here is to temporarily make key.enabled == -1, and use go down the
slow path when key.enabled <= 0.

Reported-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Cc: <stable@vger.kernel.org> # v4.3+
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Fixes: 706249c222 ("locking/static_keys: Rework update logic")
Link: http://lkml.kernel.org/r/1466527937-69798-1-git-send-email-pbonzini@redhat.com
[ Small stylistic edits to the changelog and the code. ]
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2016-06-24 08:23:16 +02:00
Linus Torvalds 63c04ee7d3 This pull requests contains fixes for two critical bugs in UBI and UBIFS:
1. Fixes the possibility of losing data upon a power cut when UBI tries
    to recover from a write error.
 2. Fixes page migration on UBIFS. It turned out that the default page
    migration function is not suitable for UBIFS.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQIcBAABAgAGBQJXa5tEAAoJEEtJtSqsAOnW090P/RcQjIfVf2g3r8VRp38OQPbb
 MTd4sD/rnyt5Eq0QYUPWG5xcYK2BWI1PwpdB81JvW5hxnXPgG8DpVIxjzt/7Xgnp
 QheYe9tMfgYjDntz1rzGVa/uHSAldP9V4czgczrBW/0lwnRsZ6mLY1RA9Oz0hRdG
 cp53I8CSD0DPyqU0XkgzLkzVUstmySwQ5i46C0kQEnlRcytReOLgcjSrXXn+/Zih
 yZxhtDQSCKmQAfVmERggPXVHo8jFtVfej52ja7RFcMA2uXvXqljOBNCyLUYPdYka
 XdQEKsXRLl69ktFUXwZwPAYAW23I8+PMpsoljHDVc0hF25p8omp3D+7HE18SsMSv
 6RNnUwz+PDbiFApyoTu0SBgHN/OO9o6rjNNoRIInoKpk0NvWmrMQOo6BIFsX4yq1
 0dOVJiKXVoFuo75Yw9mOKdrV/Z5P1TvgdTBj6g03aUM9vcX1Gz6+1xKkvcXGgh02
 8qFDZdZ5L87TlpMkvtWO87Ir0ssrfjxpvxR8pPsxxqvxbfUuVmss4ILuh9AVSVk+
 d1zrz30+JZzTbIrky/7R31i6Bx2+reYdTKiPIkST9sF5WblUPSeyUoKq1OlNRYxj
 n+0Q8S5Tm/6AHXUOQFxurbXU+D7G7TaL/CsBeepvV/AqJb07+vBxUuGFH1rDbmLB
 r5dTfOXn3iNEmmNyrhgN
 =EDeX
 -----END PGP SIGNATURE-----

Merge tag 'upstream-4.7-rc5' of git://git.infradead.org/linux-ubifs

Pull UBI/UBIFS fixes from Richard Weinberger:
 "This contains fixes for two critical bugs in UBI and UBIFS:

   - fix the possibility of losing data upon a power cut when UBI tries
     to recover from a write error

   - fix page migration on UBIFS.  It turned out that the default page
     migration function is not suitable for UBIFS"

* tag 'upstream-4.7-rc5' of git://git.infradead.org/linux-ubifs:
  UBIFS: Implement ->migratepage()
  mm: Export migrate_page_move_mapping and migrate_page_copy
  ubi: Make recover_peb power cut aware
  gpio: make library immune to error pointers
  gpio: make sure gpiod_to_irq() returns negative on NULL desc
  gpio: 104-idi-48: Fix missing spin_lock_init for ack_lock
2016-06-23 22:48:48 -07:00
Linus Torvalds 0bf0ea431f Merge tag 'drm-fixes-for-v4.7-rc5' of git://people.freedesktop.org/~airlied/linux
Pull drm fixes from Dave Airlie:
 "This is the drm fixes tree for 4.7-rc5.

  It's a bit larger than normal, due to fixes for production AMD Polaris
  GPUs.  We only merged support for these in 4.7-rc1 so it would be good
  if we got all the fixes into final.  The changes don't hit any other
  hardware.

  Other than the amdgpu Polaris changes:

   - A single fix for atomic modesetting WARN
   - Nouveau fix for when fbdev is disabled
   - i915 fixes for FBC on Haswell and displayport regression
   - Exynos fix for a display panel regression and some other minor changes
   - Atmel fixes for scaling and OF graph interaction
   - Allwiinner build, warning and probing fixes
   - AMD GPU non-polaris fix for num_rbs and some minor fixes

  Also I've just moved house, and my new place is Internet challenged
  due to incompetent incumbent ISPs, hopefully sorted out in a couple of
  weeks, so I might not be too responsive over the next while.  It also
  helps Daniel is on holidays for those couple of weeks as well"

* tag 'drm-fixes-for-v4.7-rc5' of git://people.freedesktop.org/~airlied/linux: (38 commits)
  drm/atomic: Make drm_atomic_legacy_backoff reset crtc->acquire_ctx
  drm/nouveau: fix for disabled fbdev emulation
  drm/i915/fbc: Disable on HSW by default for now
  drm/i915: Revert DisplayPort fast link training feature
  drm/amd/powerplay: enable clock stretch feature for polaris
  drm/amdgpu/gfx8: update golden setting for polaris10
  drm/amd/powerplay: enable avfs feature for polaris
  drm/amdgpu/atombios: add avfs struct for Polaris10/11
  drm/amd/powerplay: add avfs related define for polaris
  drm/amd/powrplay: enable stutter_mode for polaris.
  drm/amd/powerplay: disable UVD SMU handshake for MCLK.
  drm/amd/powerplay: initialize variables which were missed.
  drm/amd/powerplay: enable PowerContainment feature for polaris10/11.
  drm/amd/powerplay: need to notify system bios pcie device ready
  drm/amd/powerplay: fix bug that function parameter was incorect.
  drm/amd/powerplay: fix logic error.
  drm: atmel-hlcdc: Fix OF graph parsing
  drm: atmel-hlcdc: actually disable scaling when no scaling is required
  drm/amdgpu: initialize amdgpu_cgs_acpi_eval_object result value
  drm/amdgpu: precedence bug in amdgpu_device_init()
  ...
2016-06-23 21:35:12 -07:00
Linus Torvalds 75befb31ec PCI updates for v4.7:
Miscellaneous
     Fix unaligned accesses in VC code (David Miller)
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJXbJqPAAoJEFmIoMA60/r88SwQALfU1xaaVmPsxHBIwmSFoQ/U
 lEYhk9OU17re949Y1XWQI8jfqv7YMQZd3XLZI4IkQE79s6zXwmpz7uti87kADvHC
 hB1J1BXiWtmLfLBT/8xhmPMqLS2gB6kdALU/kz/wBKEUN+9/hiJSm5nTZUKKkj6X
 bKVY4+DVRdWUyNs+aCF+Fp+ri1ZIcjkFz7+EIh89mYqAztlfFIsY5PD6imV/8kO+
 x365GS+lJPCiIjke1Fe7Vf3DbX6ZomlGzE+GyKRwWnK+tRFp8vcgtMPiOzPbX26D
 bGFrTUsdS6PIuq2x3l4UntuK7vVREr+jd9F1ZtQwEehuPn8BbATRNMBV4+YVj2SO
 NT7+UMwg/Mlz2ncV2sUCCqIkFMDqOueKJ94+1WNaYdI/5jW6Bl8Y8a30sKYyfrWS
 yXH8+RJK+QtRJgfGL4N1TxDLQuWqbbk2j8KstUlOap78QlmBJQOnzlSuJzUPxAo+
 +CMnHmD0wsVP7dJlLrcvHiE8UJY7kQdtSS1b2VymA0eFXZqcGjL4/83BVI9KiDpu
 ZJitrP88/DhGHpmI1KO6LjV6C/jUzarg93+DlP08JXyqLpTDHUNVI131j9US9Zzp
 9ba7jei+/ZcwcDOC8PmYwV9ZinC01L+Hzq4McJiD8KVoQW5CiMbcEwaRXdqrrEOd
 +pbY/VCXmqokaNw1vsB6
 =Ymn1
 -----END PGP SIGNATURE-----

Merge tag 'pci-v4.7-fixes-1' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci

Pull PCI fix from Bjorn Helgaas:
 "Here's a small fix for v4.7.  This problem was actually introduced in
  v4.6 when we unified Kconfig, making PCIe support available everywhere
  including sparc, where config reads into unaligned buffers cause
  warnings.  This fix is from Dave Miller.

  As a reminder, any future PCI fixes for v4.7 will probably come from
  Alex Williamson, since I'll be on vacation for most of the rest of
  this cycle.  I should be back about the time the merge window opens"

* tag 'pci-v4.7-fixes-1' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci:
  PCI: Fix unaligned accesses in VC code
2016-06-23 20:59:14 -07:00
Dave Airlie 2a3467063a MT8173 HDMI support
- device tree binding documentation for MT8173 HDMI encoder, CEC, DDC,
   and PHY
 - drivers for MT8173 HDMI encoder, CEC (HPD only for now), DDC, and PHY
 - enable HDMI output via a custom SMCCC call
 - add ddc-i2c-bus property to HDMI connector device tree binding
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABCAAGBQJXZ4jBAAoJEFDCiBxwnmDrl3IQAOiF4QznJY096yMD1zLdNSiy
 JvxhJRbSDd7i+DsfBBpjKXbkse+mKgPd+0GT2jGNYpwF98r/CmvI4zfPfHdTwFSI
 eeXY5ULIzv33pJRYUgn7SS76Z+/dQFEbKOnF5jkOpQSyWlPWI8bHclTmcDnVC+uN
 2DRfNx12gZf7eIT2UNj53znwkVXT0hZEOl/u6VFfdrYv9+A7GrwXBvcTxao4iwfb
 8vI8C2vZwMuCDMD/baSJW66CPd2MD7y0dkzD+VqW+phTvMZkbikKajIsDB5BZPcJ
 6nYdQZnT8ACi6mhpn+QX2vmQQTXK2w6q+R6ecnT5/otQ6apYxibjwrN9klJj4OFJ
 xCrg2RuXHoCwf/QzyQrEtwAJD29YPNAKgTOdBo7enFxwTfMM13dARBhQ+WMwlO5O
 QzmG8hweMpR3SntyHCCsyBF+ZZfyNsLN/0xt7Le7/lh8QCWfdTdEK1uWMOwi6eXu
 Fo75r6vT17zurBN2MQrZnY+iJKalxGWr16HrM62GfklHQ3vMOMVqT2u92Pos486y
 NKAjjdEqDAJfzOC1bIbxsKdtaOvIpMg4zgBtzqbq8190+r8mA2HSD8B9aTWEPnMN
 FqlC7vRiDyjVPZvrK5dbYnmHebF9ngL0Ib/+KAAHrUVKV3y6m+NM+EjOlx8Herr3
 DIPS8UvIAWwtuX+oorzW
 =1TLt
 -----END PGP SIGNATURE-----

Merge tag 'mediatek-drm-2016-06-20' of git://git.pengutronix.de/git/pza/linux into drm-next

MT8173 HDMI support

- device tree binding documentation for MT8173 HDMI encoder, CEC, DDC,
  and PHY
- drivers for MT8173 HDMI encoder, CEC (HPD only for now), DDC, and PHY
- enable HDMI output via a custom SMCCC call
- add ddc-i2c-bus property to HDMI connector device tree binding

* tag 'mediatek-drm-2016-06-20' of git://git.pengutronix.de/git/pza/linux:
  dt-bindings: hdmi-connector: add DDC I2C bus phandle documentation
  drm/mediatek: enable hdmi output control bit
  drm/mediatek: Add HDMI support
  dt-bindings: drm/mediatek: Add Mediatek HDMI dts binding
2016-06-24 13:16:07 +10:00
Dave Airlie 6559436d4a Merge branch 'drm/next/du' of git://linuxtv.org/pinchartl/media into drm-next
some rcar-du fixes.

* 'drm/next/du' of git://linuxtv.org/pinchartl/media:
  drm: rcar-du: error message is not needed for EPROBE_DEFER
  drm: rcar-du: error message is not needed for drm_vblank_init()
  rcar-du: add/rename DEFR6 TCON bits
2016-06-24 13:15:10 +10:00
Dave Airlie 9da1030e3c Merge tag 'drm-intel-next-2016-06-20' of git://anongit.freedesktop.org/drm-intel into drm-next
- Infrastructure for GVT-g (paravirtualized gpu on gen8+), from Zhi Wang
- another attemp at nonblocking atomic plane updates
- bugfixes and refactoring for GuC doorbell code (Dave Gordon)
- GuC command submission enabled by default, if fw available (Dave Gordon)
- more bxt w/a (Arun Siluvery)
- bxt phy improvements (Imre Deak)
- prep work for stolen objects support (Ankitprasa Sharma & Chris Wilson)
- skl/bkl w/a update from Mika Kuoppala
- bunch of small improvements and fixes all over, as usual

* tag 'drm-intel-next-2016-06-20' of git://anongit.freedesktop.org/drm-intel: (81 commits)
  drm/i915: Update DRIVER_DATE to 20160620
  drm/i915: Introduce GVT context creation API
  drm/i915: Support LRC context single submission
  drm/i915: Introduce execlist context status change notification
  drm/i915: Make addressing mode bits in context descriptor configurable
  drm/i915: Make ring buffer size of a LRC context configurable
  drm/i915: gvt: Introduce the basic architecture of GVT-g
  drm/i915: Fold vGPU active check into inner functions
  drm/i915: Use offsetof() to calculate the offset of members in PVINFO page
  drm/i915: Factor out i915_pvinfo.h
  drm/i915: Serialise presentation with imported dmabufs
  drm/i915: Use atomic commits for legacy page_flips
  drm/i915: Move fb_bits updating later in atomic_commit
  drm/i915: nonblocking commit
  Reapply "drm/i915: Pass atomic states to fbc update, functions."
  drm/i915: Roll out the helper nonblock tracking
  drm/i915: Signal drm events for atomic
  drm/i915/ilk: Don't disable SSC source if it's in use
  drm/i915/guc: (re)initialise doorbell h/w when enabling GuC submission
  drm/i915/guc: replace assign_doorbell() with select_doorbell_register()
  ...
2016-06-24 13:13:41 +10:00
Maarten Lankhorst 81e257e964 drm/atomic: Make drm_atomic_legacy_backoff reset crtc->acquire_ctx
Atomic updates may acquire more state than initially locked through
drm_modeset_lock_crtc, running with heavy stress can cause a
WARN_ON(crtc->acquire_ctx) in drm_modeset_lock_crtc:

[  601.491296] ------------[ cut here ]------------
[  601.491366] WARNING: CPU: 0 PID: 2411 at
drivers/gpu/drm/drm_modeset_lock.c:191 drm_modeset_lock_crtc+0xeb/0xf0 [drm]
[  601.491369] Modules linked in: drm i915 drm_kms_helper
[  601.491414] CPU: 0 PID: 2411 Comm: kms_cursor_lega Tainted: G     U 4.7.0-rc4-patser+ #4798
[  601.491417] Hardware name: Intel Corporation Skylake Client
[  601.491420]  0000000000000000 ffff88044d153c98 ffffffff812ead28 0000000000000000
[  601.491425]  0000000000000000 ffff88044d153cd8 ffffffff810868e6 000000bf58058030
[  601.491431]  ffff880088b415e8 ffff880458058030 ffff88008a271548 ffff88008a271568
[  601.491436] Call Trace:
[  601.491443]  [<ffffffff812ead28>] dump_stack+0x4d/0x65
[  601.491447]  [<ffffffff810868e6>] __warn+0xc6/0xe0
[  601.491452]  [<ffffffff81086968>] warn_slowpath_null+0x18/0x20
[  601.491472]  [<ffffffffc00d4ffb>] drm_modeset_lock_crtc+0xeb/0xf0 [drm]
[  601.491491]  [<ffffffffc00c5526>] drm_mode_cursor_common+0x66/0x180 [drm]
[  601.491509]  [<ffffffffc00c91cc>] drm_mode_cursor_ioctl+0x3c/0x40 [drm]
[  601.491524]  [<ffffffffc00bc94d>] drm_ioctl+0x14d/0x530 [drm]
[  601.491540]  [<ffffffffc00c9190>] ? drm_mode_setcrtc+0x520/0x520 [drm]
[  601.491545]  [<ffffffff81176aeb>] ? handle_mm_fault+0x106b/0x1430
[  601.491550]  [<ffffffff81108441>] ? stop_one_cpu+0x61/0x70
[  601.491556]  [<ffffffff811bb71d>] do_vfs_ioctl+0x8d/0x570
[  601.491560]  [<ffffffff81290d7e>] ? security_file_ioctl+0x3e/0x60
[  601.491565]  [<ffffffff811bbc74>] SyS_ioctl+0x74/0x80
[  601.491571]  [<ffffffff810e321c>] ? posix_get_monotonic_raw+0xc/0x10
[  601.491576]  [<ffffffff8175b11b>] entry_SYSCALL_64_fastpath+0x13/0x8f
[  601.491581] ---[ end trace 56f3d3d85f000d00 ]---

For good measure, test mode_config.acquire_ctx too, although this should
never happen.

Testcase: kms_cursor_legacy
Signed-off-by: Maarten Lankhorst <maarten.lankhorst@linux.intel.com>
Reviewed-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Cc: stable@vger.kernel.org
Signed-off-by: Dave Airlie <airlied@redhat.com>
2016-06-24 11:10:36 +10:00
Dave Airlie 9253d0590e Merge tag 'topic/drm-misc-2016-06-22-updated' of git://anongit.freedesktop.org/drm-intel into drm-next
Again a pile of things all over
- Conversion to rst from docbook from Jani. Looks real pretty, and the
  source is now actually readable (compared to horrible, horrible docbook
  xml)! https://01.org/linuxgraphics/gfx-docs/drm/
- device register/unregister rework from Chris, with follow-up work from
  Benjamin. Allows more drivers to demidlayer load/unload and others to
  remove a bit of boilerplate.
- master/auth related cleanup, with docs
- some dma-buf polish, merged by Sumit
- small stuff all over (like build fixes from Arnd)

Group maintainership seems to slowly take off, with both Thierry and Sumit
pushing a few things. No hiccups thus far.

* tag 'topic/drm-misc-2016-06-22-updated' of git://anongit.freedesktop.org/drm-intel: (68 commits)
  drm/vc4: Remove unused connector
  drm/fb-helper: Reduce READ_ONCE(master) to lockless_dereference
  drm/sun4i: Remove open-coded drm_connector_register_all()
  drm/vc4: Remove open-coded drm_connector_register_all()
  drm/atmel-hlcdc: Remove redundant call to drm_connector_unregister_all()
  drm: document drm_auth.c
  drm: Clear up master tracking booleans
  drm: Extract drm_is_current_master
  drm: Refactor drop/set master code a bit
  drm: Lobotomize set_busid nonsense for !pci drivers
  drm: Nuke SET_UNIQUE ioctl
  drm: Don't call drm_dev_set_unique from platform drivers
  drm/vgem: Stop calling drm_drv_set_unique
  drm: Use dev->name as fallback for dev->unique
  drm: Clean up drm_crtc.h
  drm: Move master pointer from drm_minor to drm_device
  drm: sti: rework init sequence
  drm: sti: use late_register and early_unregister callbacks
  drm/amdkfd: Clean up inline handling
  drm: Add callbacks for late registering
  ...
2016-06-24 11:01:17 +10:00
Dave Airlie f939a5f432 Merge branch 'drm-fixes-4.7' of git://people.freedesktop.org/~agd5f/linux into drm-fixes
A bit bigger than I would normally like, but most of the large changes are
for polaris support and since polaris went upstream in 4.7, I'd like
to get the fixes in so it's in good shape when the hw becomes available.
The major changes only touch the polaris code so there is little chance
for regressions on other asics.  The rest are just the usual collection
of bug fixes.

* 'drm-fixes-4.7' of git://people.freedesktop.org/~agd5f/linux:
  drm/amd/powerplay: enable clock stretch feature for polaris
  drm/amdgpu/gfx8: update golden setting for polaris10
  drm/amd/powerplay: enable avfs feature for polaris
  drm/amdgpu/atombios: add avfs struct for Polaris10/11
  drm/amd/powerplay: add avfs related define for polaris
  drm/amd/powrplay: enable stutter_mode for polaris.
  drm/amd/powerplay: disable UVD SMU handshake for MCLK.
  drm/amd/powerplay: initialize variables which were missed.
  drm/amd/powerplay: enable PowerContainment feature for polaris10/11.
  drm/amd/powerplay: need to notify system bios pcie device ready
  drm/amd/powerplay: fix bug that function parameter was incorect.
  drm/amd/powerplay: fix logic error.
  drm/amdgpu: initialize amdgpu_cgs_acpi_eval_object result value
  drm/amdgpu: precedence bug in amdgpu_device_init()
  drm/amdgpu: fix num_rbs exposed to userspace (v2)
  drm/amdgpu: missing bounds check in amdgpu_set_pp_force_state()
2016-06-24 10:51:12 +10:00
Dave Airlie 4b01ec9780 Add basic support for the sii902x RGB -> HDMI bridge.
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJXZ/bNAAoJEGXtNgF+CLcACt8P/R9N9UuaoJ9Bkpa/OBLfvIPi
 1SZliKsDjMgXrbDj9Ntidelk1g9CWx1hgYZBRofCukBPCOCLAsvGaQMVFevy0h/U
 WP7yrG9jJBDuOGBshu5WX2n+vlV+SpXEEd1N9+5ekbheJyUF4cyuzD44KkYBheo3
 31HMj7RazB6nzclMWYV2yDyUecOzrxopTsI144QCqeSS/Xn6OP64U7zgpP5G6IRx
 6VpZ3IocmEGf1wktC01P7b6a3Ry1UI8ObO3k+wIuhMFJ/8fY77AJxCTsFBL8YmPn
 aNvkxD7CoqwarTmsPOQEV+qQ5/SNhIvrAJ5eXLHO+a+fftKxBXhdy39bBCIAOMWO
 ivUXBVn0ech/1EiBVd0lRKszbK5cmC6eRzvMmTEK1hGhDC9Mi9L9yaUIo9MtXafz
 qEJbq8sXHyYlakHU1enEnwf2wny11+CQk0rYdJxNkqb5kY9TR5AqTqSoW3CkrB6L
 6ABb7Rdpeqv2BfAuK8Yns2D3WgA+V+sqHKdOJ8fRNiCmY0GBV8EY1jiXnlvms8xq
 4qAARgdYV9go3ePxMSV0j5qFWCHcPZjhnwfg44ZDhC5Y91yUGn0bimOpI7sZ/m02
 GgOSO9wAentf0ZeL4fhBz1SthFKboz98dqbuqKDeaBKPxevUGSqOKCHIxQQT1Hhe
 P8CzBSfue7ZLMPM1hvHP
 =kiBZ
 -----END PGP SIGNATURE-----

Merge tag 'drm-sii902x' of github.com:bbrezillon/linux-at91 into drm-next

Add basic support for the sii902x RGB -> HDMI bridge.

* tag 'drm-sii902x' of github.com:bbrezillon/linux-at91:
  drm/bridge: Add sii902x DT bindings doc
  drm/bridge: Add sii902x driver
2016-06-24 10:36:47 +10:00
Dave Airlie c65c3de673 Merge branch 'exynos-drm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/daeinki/drm-exynos into drm-fixes
Since HW trigger mode was suppoted we have faced with a issue
that Display panel didn't work correctly when trigger mode was changed
in booting time.
For this, we keep trigger mode with SW trigger mode in default mode
like we did before.

However, we will need to consider PSR(Panel Self Reflash) mode to resolve
this issue fundamentally later.

* 'exynos-drm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/daeinki/drm-exynos:
  drm/exynos: use logical AND in exynos_drm_plane_check_size()
  drm/exynos: remove superfluous inclusions of fbdev header
  drm/exynos: g2d: drop the _REG postfix from the stride defines
  drm/exynos: don't use HW trigger for Exynos5420/5422/5800
  drm/exynos: fimd: don't set .has_hw_trigger in s3c6400 driver data
  drm/exynos: dp: Fix NULL pointer dereference due uninitialized connector
2016-06-24 10:35:03 +10:00
Dave Airlie 59b0b70f51 Two bug fixes for the atmel-hlcdc driver.
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJXaTCnAAoJEGXtNgF+CLcAmHgQALXH8XGiQNcVgGB6SczMIvgB
 glwwICXgImLl7HL7VkxJ4Q3DAY+EMOR6wqqeyo6jF2C/fs4OEbH7OuINFOFqDMSF
 J5we8efyPWYm5xC9FLc3yVA3G7agWhyg/Ko/YtCsEVvfllDQGIxR+R1AqG4UOgW3
 rX5+Grpo+0OOWdlBb2eiQS0gomQBvyKTN0njHbEA0nmofkT+wDEzyd4JOGjLBRE4
 zbQdRwaA9ePCEQqidC6B6rpixH8Yr+1EL+aC5FPLLoA7iIt4DkKXnV1Zih9Vn4yf
 PrTNoMmTlFRVvmxXatFT6YlxH7n8USxhLMG3oaICwuW0I2o3l0dgCYLOKxzPcfwy
 szfJ24LbLrMWXolQvjaLqDpc52C0KKHEvBCGZRtzRmEuEsv80dpWgCGRajAmP29o
 IbgPwRqQf0Q18I0KZcYlViDExnN2WJm3qmEYxsaj4EgjTEZcJRBuit6vNo4sxjo6
 mGup3slCBozXSihHmYI1kTyW49k/FqbjyBJO8QKcz0eersWe1P8kJDKCmfnFuM0I
 bFZRTXkMqfEtrp9BQQZki9+9OLaZhQE3sMIQ3C6Ub1qoC8pTHevBHlr/NxDR7PNk
 3V1L5AK1MBsgBOtfZlbBbLZ/6eE+9NIgDuoCGPCIBYvxaV9BZAIVs07MoGzvPoo0
 6Y9YrjXN6iMrq1fD+hy+
 =1u1Q
 -----END PGP SIGNATURE-----

Merge tag 'drm-atmel-hlcdc-fixes/for-4.7-rc5' of github.com:bbrezillon/linux-at91 into drm-fixes

Two bug fixes for the atmel-hlcdc driver.

* tag 'drm-atmel-hlcdc-fixes/for-4.7-rc5' of github.com:bbrezillon/linux-at91:
  drm: atmel-hlcdc: Fix OF graph parsing
  drm: atmel-hlcdc: actually disable scaling when no scaling is required
2016-06-24 10:34:49 +10:00
Dave Airlie f762bfda2b Allwinner sun4i DRM driver fixes
A bunch of fixes that address:
   - Compilation errors in various corner cases
   - Move to helpers
   - Fix the pixel clock computation
   - Fix our panel probe
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJXZ7GFAAoJEBx+YmzsjxAg/MYP/RA8zMBxyhGQzrdlVrem5cpQ
 tJR4qJ8yKX+5gT8qZ3Yixx2ubGyNHkXGnj2Bt2YuSuuli9mf6SSHjEaex10aElZe
 ULPy3FHIvtce7EZe7TuC9gbC79lf+YvYkwB/7OjLk7EjWPd9vaBxWDiafsajVXlA
 nEvtNnbg4fOGf6xSvHeMT72YaPnLBPGwYz78cby0IW/4RA+X5FvMgEq008iCjN5U
 vwEuhnyUIXkisC5I/3HFUU+lOt8LphVRaPKlLQXb29ysNou6wq20jMTYCWn+kYWr
 SS04qYfwxgzirS0eK0zO0ajS0GHxMfEQ1a6qbuRNHooIgwky3ILkS94X/ssnHFh8
 TDqnBRuyKmEwu7EbQ4uIKJ8swLHa5AWg2hVN9Na1I+iioz9hh4yCLcXhOPWcHsUO
 fYsdYsGQBOHFKfAYVVno2gre9ek9DdkGN6Y6t7Vq6HzSthcAsjxmUYcPates8bhz
 kGGXlM92uzD6M8YkfJUihTsKqiuvP1DbDeW71aZU0zfvWiLjLpQGb0hbfnHUMSCj
 9rihAJhRu6OX4EINkzmccqBe3n6bvJW4DrFfxKQRoiXo0sGwztsEOOWr+9Lmpq2T
 2t2Fet6BGd8lG4hTZ3EaDGT4a/wEwwgFPiNuia1jH3AWLq7qfxuyGOPJTHImY6cL
 ubYUz1mNCHy7903nN48G
 =NkG1
 -----END PGP SIGNATURE-----

Merge tag 'sunxi-drm-fixes-for-4.7' of https://git.kernel.org/pub/scm/linux/kernel/git/mripard/linux into drm-fixes

Allwinner sun4i DRM driver fixes

A bunch of fixes that address:
  - Compilation errors in various corner cases
  - Move to helpers
  - Fix the pixel clock computation
  - Fix our panel probe

* tag 'sunxi-drm-fixes-for-4.7' of https://git.kernel.org/pub/scm/linux/kernel/git/mripard/linux:
  drm: sun4i: do cleanup if RGB output init fails
  drm/sun4i: Convert to connector register helpers
  drm/sun4i: remove simplefb at probe
  drm/sun4i: rgb: panel is an error pointer
  drm/sun4i: defer only if we didn't find our panel
  drm/sun4i: rgb: Validate the clock rate
  drm/sun4i: request exact rates to our parents
  drm: sun4i: fix probe error handling
  drm: sun4i: print DMA address correctly
  drm/sun4i: add COMMON_CLK dependency
2016-06-24 10:34:35 +10:00
Dave Airlie c38e80169b Merge tag 'drm-intel-fixes-2016-06-22' of git://anongit.freedesktop.org/drm-intel into drm-fixes
Hi Dave, just a couple of display fixes, both stable stuff. Maybe we'll
be able to enable fbc by default one day.

* tag 'drm-intel-fixes-2016-06-22' of git://anongit.freedesktop.org/drm-intel:
  drm/i915/fbc: Disable on HSW by default for now
  drm/i915: Revert DisplayPort fast link training feature
2016-06-24 10:32:30 +10:00
Dave Airlie 718cc66479 Merge branch 'linux-4.7' of git://github.com/skeggsb/linux into drm-fixes
* 'linux-4.7' of git://github.com/skeggsb/linux:
  drm/nouveau: fix for disabled fbdev emulation
2016-06-24 10:16:37 +10:00
Dmitrii Tcvetkov 52dfcc5ccf drm/nouveau: fix for disabled fbdev emulation
Hello,

after this commit:

commit f045f459d9
Author: Ben Skeggs <bskeggs@redhat.com>
Date:   Thu Jun 2 12:23:31 2016 +1000
    drm/nouveau/fbcon: fix out-of-bounds memory accesses

kernel started to oops when loading nouveau module when using GTX 780 Ti
video adapter. This patch fixes the problem.

Bug report: https://bugzilla.kernel.org/show_bug.cgi?id=120591

Signed-off-by: Dmitrii Tcvetkov <demfloro@demfloro.ru>
Suggested-by: Ilia Mirkin <imirkin@alum.mit.edu>
Fixes: f045f459d9 ("nouveau_fbcon_init()")
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
Cc: stable@vger.kernel.org
2016-06-24 07:51:32 +10:00
Chanwoo Choi 0d37189e80 PM / devfreq: Send the DEVFREQ_POSTCHANGE notification when target() is failed
This patch sends the DEVFREQ_POSTCHANGE notification when
devfreq->profile->targer() is failed. The PRECHANGE/POSTCHANGE
should be paired.

Fixes: 0fe3a66410 (PM / devfreq: Add new DEVFREQ_TRANSITION_NOTIFIER notifier)
Reported-by: Lin Huang <hl@rock-chips.com>
Signed-off-by: Chanwoo Choi <cw00.choi@samsung.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
2016-06-23 23:15:12 +02:00
Mike Galbraith 3c67a829bd cpufreq: pcc-cpufreq: Fix doorbell.access_width
Commit 920de6ebfa (ACPICA: Hardware: Enhance
acpi_hw_validate_register() with access_width/bit_offset awareness)
apparently exposed a latent bug, doorbell.access_width is initialized
to 64, but per Lv Zheng, it should be 4, and indeed, making that
change does bring pcc-cpufreq back to life.

Fixes: 920de6ebfa (ACPICA: Hardware: Enhance acpi_hw_validate_register() with access_width/bit_offset awareness)
Suggested-by: Lv Zheng <lv.zheng@intel.com>
Signed-off-by: Mike Galbraith <umgwanakikbuti@gmail.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
2016-06-23 23:09:51 +02:00
Linus Torvalds da01e18a37 x86: avoid avoid passing around 'thread_info' in stack dumping code
None of the code actually wants a thread_info, it all wants a
task_struct, and it's just converting to a thread_info pointer much too
early.

No semantic change.

Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2016-06-23 12:20:01 -07:00
Linus Torvalds 6720a305df locking: avoid passing around 'thread_info' in mutex debugging code
None of the code actually wants a thread_info, it all wants a
task_struct, and it's just converting back and forth between the two
("ti->task" to get the task_struct from the thread_info, and
"task_thread_info(task)" to go the other way).

No semantic change.

Acked-by: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2016-06-23 12:11:17 -07:00
Chandan Rajendra b7f67055d2 Btrfs: Force stripesize to the value of sectorsize
Btrfs code currently assumes stripesize to be same as
sectorsize. However Btrfs-progs (until commit
df05c7ed455f519e6e15e46196392e4757257305) has been setting
btrfs_super_block->stripesize to a value of 4096.

This commit makes sure that the value of btrfs_super_block->stripesize
is a power of 2. Later, it unconditionally sets btrfs_root->stripesize
to sectorsize.

Signed-off-by: Chandan Rajendra <chandan@linux.vnet.ibm.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Chris Mason <clm@fb.com>
2016-06-23 10:44:42 -07:00
Wang Xiaoguang c0d2f6104e btrfs: fix disk_i_size update bug when fallocate() fails
When doing truncate operation, btrfs_setsize() will first call
truncate_setsize() to set new inode->i_size, but if later
btrfs_truncate() fails, btrfs_setsize() will call
"i_size_write(inode, BTRFS_I(inode)->disk_i_size)" to reset the
inmemory inode size, now bug occurs. It's because for truncate
case btrfs_ordered_update_i_size() directly uses inode->i_size
to update BTRFS_I(inode)->disk_i_size, indeed we should use the
"offset" argument to update disk_i_size. Here is the call graph:
==>btrfs_truncate()
====>btrfs_truncate_inode_items()
======>btrfs_ordered_update_i_size(inode, last_size, NULL);
Here btrfs_ordered_update_i_size()'s offset argument is last_size.

And below test case can reveal this bug:

dd if=/dev/zero of=fs.img bs=$((1024*1024)) count=100
dev=$(losetup --show -f fs.img)
mkdir -p /mnt/mntpoint
mkfs.btrfs  -f $dev
mount $dev /mnt/mntpoint
cd /mnt/mntpoint

echo "workdir is: /mnt/mntpoint"
blocksize=$((128 * 1024))
dd if=/dev/zero of=testfile bs=$blocksize count=1
sync
count=$((17*1024*1024*1024/blocksize))
echo "file size is:" $((count*blocksize))
for ((i = 1; i <= $count; i++)); do
	i=$((i + 1))
	dst_offset=$((blocksize * i))
	xfs_io -f -c "reflink testfile 0 $dst_offset $blocksize"\
		testfile > /dev/null
done
sync

truncate --size 0 testfile
ls -l testfile
du -sh testfile
exit

In this case, truncate operation will fail for enospc reason and
"du -sh testfile" returns value greater than 0, but testfile's
size is 0, we need to reflect correct inode->i_size.

Signed-off-by: Wang Xiaoguang <wangxg.fnst@cn.fujitsu.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Chris Mason <clm@fb.com>
2016-06-23 10:44:41 -07:00
Liu Bo 415b35a55b Btrfs: fix error handling in map_private_extent_buffer
map_private_extent_buffer() can return -EINVAL in two different cases,
1. when the requested contents span two pages if nodesize is larger
   than pagesize,
2. when it detects something insane.

The 2nd one used to be only a WARN_ON(1), and we decided to return a error
to callers, but we didn't fix up all its callers, which will be
addressed by this patch.

Without this, btrfs may end up with 'general protection', ie.
reading invalid memory.

Reported-by: Vegard Nossum <vegard.nossum@oracle.com>
Signed-off-by: Liu Bo <bo.li.liu@oracle.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Chris Mason <clm@fb.com>
2016-06-23 10:44:40 -07:00
Wei Yongjun 04e1b65af2 Btrfs: fix error return code in btrfs_init_test_fs()
Fix to return a negative error code from the kern_mount() error handling
case instead of 0(ret is set to 0 by register_filesystem), as done
elsewhere in this function.

Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
Reviewed-by: Omar Sandoval <osandov@fb.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Chris Mason <clm@fb.com>
2016-06-23 10:44:39 -07:00
Doug Ledford 9903fd1374 Merge branches '4.7-rc-misc', 'hfi1-fixes', 'i40iw-rc-fixes' and 'mellanox-rc-fixes' into k.o/for-4.7-rc 2016-06-23 12:22:33 -04:00
Bart Van Assche c0cf4512a3 IB/srpt: Reduce QP buffer size
The memory needed for the send and receive queues associated with
a QP is proportional to the max_sge parameter. The current value
of that parameter is such that with an mlx4 HCA the QP buffer size
is 8 MB. Since DMA is used for communication between HCA and CPU
that buffer either has to be allocated coherently or map_single()
must succeed for that buffer. Since large contiguous allocations
are fragile and since the maximum segment size for e.g. swiotlb
is 256 KB, reduce the max_sge parameter. This patch avoids that
the following text appears on the console after SRP logout and
relogin on a system equipped with multiple IB HCAs:

mlx4_core 0000:05:00.0: swiotlb buffer is full (sz: 8388608 bytes)
swiotlb: coherent allocation failed for device 0000:05:00.0 size=8388608
CPU: 11 PID: 148 Comm: kworker/11:1 Not tainted 4.7.0-rc4-dbg+ #1
Call Trace:
 [<ffffffff812c6d35>] dump_stack+0x67/0x92
 [<ffffffff812efe71>] swiotlb_alloc_coherent+0x141/0x150
 [<ffffffff810458be>] x86_swiotlb_alloc_coherent+0x3e/0x50
 [<ffffffffa03861fa>] mlx4_buf_direct_alloc.isra.5+0x9a/0x120 [mlx4_core]
 [<ffffffffa0386545>] mlx4_buf_alloc+0x165/0x1a0 [mlx4_core]
 [<ffffffffa035053d>] create_qp_common.isra.29+0x57d/0xff0 [mlx4_ib]
 [<ffffffffa03510da>] mlx4_ib_create_qp+0x12a/0x3f0 [mlx4_ib]
 [<ffffffffa031154a>] ib_create_qp+0x3a/0x250 [ib_core]
 [<ffffffffa055dd4b>] srpt_cm_handler+0x4bb/0xcad [ib_srpt]
 [<ffffffffa02c1ab0>] cm_process_work+0x20/0xf0 [ib_cm]
 [<ffffffffa02c3640>] cm_work_handler+0x1ac0/0x2059 [ib_cm]
 [<ffffffff810737ed>] process_one_work+0x19d/0x490
 [<ffffffff81073b29>] worker_thread+0x49/0x490
 [<ffffffff8107a0ea>] kthread+0xea/0x100
 [<ffffffff815b25af>] ret_from_fork+0x1f/0x40

Fixes: b99f8e4d7b ("IB/srpt: convert to the generic RDMA READ/WRITE API")
Signed-off-by: Bart Van Assche <bart.vanassche@sandisk.com>
Cc: Laurence Oberman <loberman@redhat.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Sagi Grimberg <sagi@grimberg.me>
Signed-off-by: Doug Ledford <dledford@redhat.com>
2016-06-23 12:04:09 -04:00
Shiraz Saleem 7748e4990d i40iw: Enable level-1 PBL for fast memory registration
Set the chunk_size to enable level-1 PBL support when the fast memory
page count is more than one.

Signed-off-by: Shiraz Saleem <shiraz.saleem@intel.com>
Signed-off-by: Faisal Latif <faisal.latif@intel.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
2016-06-23 10:35:34 -04:00
Faisal Latif 0477e18145 i40iw: Return correct max_fast_reg_page_list_len
Return correct value for max_fast_reg_page_list_len from
i40iw_query_device().

Signed-off-by: Faisal Latif <faisal.latif@intel.com>
Signed-off-by: Shiraz Saleem <shiraz.saleem@intel.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
2016-06-23 10:35:34 -04:00
Faisal Latif ee23abd75c i40iw: Correct status check on i40iw_get_pble
i40iw_get_pble returns 0 on success. Correct the check on return
code.

Signed-off-by: Faisal Latif <faisal.latif@intel.com>
Signed-off-by: Shiraz Saleem <shiraz.saleem@intel.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
2016-06-23 10:35:34 -04:00
Shiraz Saleem 747f1c6d9b i40iw: Correct CQ arming
CQ is armed for solicited events only, ignoring other notification
flags. Correct this by arming for next and arming for solicited
event if IB_CQ_SOLICITED is set. Also protect CQ shadow area update
with spinlock.

Signed-off-by: Shiraz Saleem <shiraz.saleem@intel.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
2016-06-23 10:35:34 -04:00
Mike Marciniszyn c755f4afa6 IB/rdmavt: Correct qp_priv_alloc() return value test
The current drivers return errors from this calldown
wrapped in an ERR_PTR().

The rdmavt code incorrectly tests for NULL.

The code is fixed to use IS_ERR() and change ret according
to the driver return value.

Cc: Stable <stable@vger.kernel.org> # 4.6+
Reviewed-by: Dennis Dalessandro <dennis.dalessandro@intel.com>
Signed-off-by: Mike Marciniszyn <mike.marciniszyn@intel.com>
Signed-off-by: Dennis Dalessandro <dennis.dalessandro@intel.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
2016-06-23 10:16:15 -04:00
Ashutosh Dixit 8ae84f7c56 IB/hfi1: Don't zero out qp->s_ack_queue in rvt_reset_qp
Since rvt_reset_qp already zero's out qp->s_ack_queue head and tail
pointers, there is no need to zero out qp->s_ack_queue itself.

Reviewed-by: Dennis Dalessandro <dennis.dalessandro@intel.com>
Reviewed-by: Mike Marciniszyn <mike.marciniszyn@intel.com>
Signed-off-by: Ashutosh Dixit <ashutosh.dixit@intel.com>
Signed-off-by: Dennis Dalessandro <dennis.dalessandro@intel.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
2016-06-23 10:16:15 -04:00
Mike Marciniszyn 2aee309d3e IB/hfi1: Fix deadlock with txreq allocation slow path
A failure in the get_txreq() inline will result in a
slow path retry using __get_txreq().

__get_txreq() attempts to procure the qp s_lock, which
is already held in all callers.

Fix by deleting the s_lock maintenance in __get_txreq()
and add sparse syntax hooks to future proof the code.

Cc: Stable <stable@vger.kernel.org> # 4.6+
Reviewed-by: Dennis Dalessandro <dennis.dalessandro@intel.com>
Signed-off-by: Mike Marciniszyn <mike.marciniszyn@intel.com>
Signed-off-by: Dennis Dalessandro <dennis.dalessandro@intel.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
2016-06-23 10:16:15 -04:00
Chuck Lever cbc9355a93 IB/mlx4: Prevent cross page boundary allocation
Prevent cross page boundary allocation by allocating
new page, this is required to be aligned with ConnectX-3 HW
requirements.

Not doing that might cause to "RDMA read local protection" error.

Fixes: 1b2cd0fc67 ('IB/mlx4: Support the new memory registration API')
Suggested-by: Christoph Hellwig <hch@infradead.org>
Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
Reviewed-by: Sagi Grimberg <sagi@grimberg.me>
Signed-off-by: Yishai Hadas <yishaih@mellanox.com>
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Doug Ledford <dledford@redhat.com>
2016-06-23 10:08:25 -04:00
Dotan Barak 5b420d9cf7 IB/mlx4: Fix memory leak if QP creation failed
When RC, UC, or RAW QPs are created, a qp object is allocated (kzalloc).
If at a later point (in procedure create_qp_common) the qp creation fails,
this qp object must be freed.

Fixes: 1ffeb2eb8b ("IB/mlx4: SR-IOV IB context objects and proxy/tunnel SQP support")
Signed-off-by: Dotan Barak <dotanb@dev.mellanox.co.il>
Signed-off-by: Jack Morgenstein <jackm@dev.mellanox.co.il>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Doug Ledford <dledford@redhat.com>
2016-06-23 10:08:25 -04:00
Yishai Hadas 5533c18ab0 IB/mlx4: Verify port number in flow steering create flow
In procedure mlx4_ib_create_flow, passing an invalid port number
will cause an out-of-bounds array access. Data passed to this procedure
can come from user-space.  Therefore, need to validate port number
before proceeding onwards.

Note that we check against the number of physical ports declared at
the verbs (ib core) level; When bonding is active, the verbs level
sees one physical port, even though the low-level driver sees two ports.

Fixes: f77c0162a3 ("IB/mlx4: Add receive flow steering support")
Signed-off-by: Yishai Hadas <yishaih@mellanox.com>
Reviewed-by: Jack Morgenstein <jackm@dev.mellanox.co.il>
Reviewed-by: Moni Shoua <monis@mellanox.com>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Doug Ledford <dledford@redhat.com>
2016-06-23 10:07:04 -04:00
Yishai Hadas a6100603a4 IB/mlx4: Fix error flow when sending mads under SRIOV
Fix mad send error flow to prevent double freeing address handles,
and leaking tx_ring entries when SRIOV is active.

If ib_mad_post_send fails, the address handle pointer in the tx_ring entry
must be set to NULL (or there will be a double-free) and tx_tail must be
incremented (or there will be a leak of tx_ring entries).
The tx_ring is handled the same way in the send-completion handler.

Fixes: 37bfc7c1e8 ("IB/mlx4: SR-IOV multiplex and demultiplex MADs")
Signed-off-by: Yishai Hadas <yishaih@mellanox.com>
Reviewed-by: Jack Morgenstein <jackm@dev.mellanox.co.il>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Doug Ledford <dledford@redhat.com>
2016-06-23 10:07:03 -04:00
Yishai Hadas f2940e2c76 IB/mlx4: Fix the SQ size of an RC QP
When calculating the required size of an RC QP send queue, leave
enough space for masked atomic operations, which require more space than
"regular" atomic operation.

Fixes: 6fa8f71984 ("IB/mlx4: Add support for masked atomic operations")
Signed-off-by: Yishai Hadas <yishaih@mellanox.com>
Reviewed-by: Jack Morgenstein <jackm@mellanox.co.il>
Reviewed-by: Eran Ben Elisha <eranbe@mellanox.com>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Doug Ledford <dledford@redhat.com>
2016-06-23 10:06:54 -04:00
Talat Batheesh 00bf534fce IB/mlx5: Fix wrong naming of port_rcv_data counter
port_xmit_data is written instead of port_rcv_data.

Fixes: 3efd9a1121 ('IB/mlx5: Modify MAD reading counters method to use counter registers')
Signed-off-by: Talat Batheesh <talatb@mellanox.com>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Doug Ledford <dledford@redhat.com>
2016-06-23 10:03:57 -04:00
Eli Cohen c9b254955b IB/mlx5: Fix post send fence logic
If the caller specified IB_SEND_FENCE in the send flags of the work
request and no previous work request stated that the successive one
should be fenced, the work request would be executed without a fence.
This could result in RDMA read or atomic operations failure due to a MR
being invalidated. Fix this by adding the mlx5 enumeration for fencing
RDMA/atomic operations and fix the logic to apply this.

Fixes: e126ba97db ('mlx5: Add driver for Mellanox Connect-IB adapters')
Signed-off-by: Eli Cohen <eli@mellanox.com>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Doug Ledford <dledford@redhat.com>
2016-06-23 10:03:57 -04:00
Maor Gottlieb b57141c1ab IB/uverbs: Initialize ib_qp_init_attr with zeros
Initialize ib_qp_init_attr with zeros in order to avoid from garbage
in fields that won't be set with user values.

Fixes: a060b5629a ('IB/core: generic RDMA READ/WRITE API')
Signed-off-by: Maor Gottlieb <maorg@mellanox.com>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Doug Ledford <dledford@redhat.com>
2016-06-23 10:03:57 -04:00
Eli Cohen b3556005c5 IB/core: Fix false search of the IB_SA_WELL_KNOWN_GUID
When virtualziation is supported, VFs may send SA MADs to a GID formed
by the concatenation of the subnet prefix with the
IB_SA_WELL_KNOWN_GUID. When a response is required, the current code
will search the local HCA's port for the received GID to figure out the
GID index of the entry containing this GID. However, since this is not a
real GID it will not be found and error will be printed.

We change the logic to check if the destination GID is this special GID
and avoid lookup in this case and use GID index 0.

Fixes: a0c1b2a350 ('IB/core: Support accessing SA in virtualized environment')
Signed-off-by: Eli Cohen <eli@mellanox.com>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Doug Ledford <dledford@redhat.com>
2016-06-23 10:03:57 -04:00
Alex Vesker c65f6c5a36 IB/core: Fix RoCE v1 multicast join logic issue
During multicast join of RoCEv1, IGMP join state and max hop limit
were updated incorrectly. IGMP join should be sent and marked as
joined only on RoCEv2 after a successful join. Max hops should be
updated to the hop limit on RoCEv2 regardless of the join state.

Fixes: bee3c3c918 ('IB/cma: Join and leave multicast groups...')
Signed-off-by: Alex Vesker <valex@mellanox.com>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Doug Ledford <dledford@redhat.com>
2016-06-23 10:03:57 -04:00
Talat Batheesh f336ae0314 IB/core: Fix no default GIDs when netdevice reregisters
Currently, when the netdevice returned by get_netdev is unregistered,
we delete all GIDs (including the default GIDs) and reset their
attributes. Therefore, when we re-register it, no default GIDs
will be assigned (as their "default GID") attribute will be reset.
Fixing this by keeping "default GID" attribute.

Fixes: 03db3a2d81 ('IB/core: Add RoCE GID table management')
Signed-off-by: Talat Batheesh <talatb@mellanox.com>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Doug Ledford <dledford@redhat.com>
2016-06-23 10:03:57 -04:00
David Vrabel d6b186c1e2 x86/xen: avoid m2p lookup when setting early page table entries
When page tables entries are set using xen_set_pte_init() during early
boot there is no page fault handler that could handle a fault when
performing an M2P lookup.

In 64 bit guests (usually dom0) early_ioremap() would fault in
xen_set_pte_init() because an M2P lookup faults because the MFN is in
MMIO space and not mapped in the M2P.  This lookup is done to see if
the PFN in in the range used for the initial page table pages, so that
the PTE may be set as read-only.

The M2P lookup can be avoided by moving the check (and clear of RW)
earlier when the PFN is still available.

Reported-by: Kevin Moraga <kmoragas@riseup.net>
Signed-off-by: David Vrabel <david.vrabel@citrix.com>
Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Reviewed-by: Juergen Gross <jgross@suse.com>
2016-06-23 14:50:30 +01:00
Pali Rohár 5ce91714b0 hwmon: (dell-smm) Cache fan_type() calls and change fan detection
On more Dell machines (e.g. Dell Precision M3800) fan_type() call is too
expensive (CPU is too long in SMM mode) and cause kernel to hang. This is
bug in Dell SMM or BIOS.

This patch caches type for each fan (as it should not change) and changes
the way how fan presense is detected. First it try function fan_status()
as was before commit f989e55452 ("i8k: Add support for fan labels"). And
if that fails fallback to fan_type(). *_status() functions can fail in case
fan is not currently accessible (e.g. present on GPU which is currently
turned off).

Reported-by: Tolga Cakir <cevelnet@gmail.com>
Signed-off-by: Pali Rohár <pali.rohar@gmail.com>
Link: https://bugzilla.kernel.org/show_bug.cgi?id=112021
Cc: stable@vger.kernel.org # v4.0+, will need backport
Tested-by: Tolga Cakir <cevelnet@gmail.com>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
2016-06-23 06:24:23 -07:00
Rafael J. Wysocki 492a19ef8b Merge branch 'fixes' of https://git.kernel.org/pub/scm/linux/kernel/git/mzx/devfreq into pm-devfreq
Pull devfreq fixes for v4.7 from  MyungJoo Ham.

* 'fixes' of https://git.kernel.org/pub/scm/linux/kernel/git/mzx/devfreq:
  PM / devfreq: fix initialization of current frequency in last status
  PM / devfreq: exynos-nocp: Remove incorrect IS_ERR() check
  PM / devfreq: remove double put_device
  PM / devfreq: fix double call put_device
  PM / devfreq: fix duplicated kfree on devfreq pointer
  PM / devfreq: devm_kzalloc to have dev pointer more precisely
2016-06-23 14:48:41 +02:00
Andrey Grodzovsky 02ef871eca xen/pciback: Fix conf_space read/write overlap check.
Current overlap check is evaluating to false a case where a filter
field is fully contained (proper subset) of a r/w request.  This
change applies classical overlap check instead to include all the
scenarios.

More specifically, for (Hilscher GmbH CIFX 50E-DP(M/S)) device driver
the logic is such that the entire confspace is read and written in 4
byte chunks. In this case as an example, CACHE_LINE_SIZE,
LATENCY_TIMER and PCI_BIST are arriving together in one call to
xen_pcibk_config_write() with offset == 0xc and size == 4.  With the
exsisting overlap check the LATENCY_TIMER field (offset == 0xd, length
== 1) is fully contained in the write request and hence is excluded
from write, which is incorrect.

Signed-off-by: Andrey Grodzovsky <andrey2805@gmail.com>
Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>
Reviewed-by: Jan Beulich <JBeulich@suse.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: David Vrabel <david.vrabel@citrix.com>
2016-06-23 11:36:15 +01:00
Juergen Gross 1cf3874130 x86/xen: fix upper bound of pmd loop in xen_cleanhighmap()
xen_cleanhighmap() is operating on level2_kernel_pgt only. The upper
bound of the loop setting non-kernel-image entries to zero should not
exceed the size of level2_kernel_pgt.

Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Juergen Gross <jgross@suse.com>
Signed-off-by: David Vrabel <david.vrabel@citrix.com>
2016-06-23 11:36:15 +01:00