Commit Graph

575331 Commits

Author SHA1 Message Date
Christian König 6378076bcf drm/amdgpu: disable direct VM updates when vm_debug is set
That should make user space bugs more obvious.

Signed-off-by: Christian König <christian.koenig@amd.com>
Reviewed-by: Alex Deucher <alexander.deucher@amd.com>
2016-02-24 12:46:06 -05:00
Bradley Pankow 827108d080 amdgpu: fix NULL pointer dereference at tonga_check_states_equal
The event_data passed from pem_fini was not cleared upon initialization.
This caused NULL checks to pass and cast_const_phw_tonga_power_state to
attempt to dereference an invalid pointer. Clear the event_data in
pem_init and pem_fini before calling pem_handle_event.

Reviewed-by:  Rex Zhu <Rex.Zhu@amd.com>
Signed-off-by: Bradley Pankow <btpankow@gmail.com>
Signed-off-by: Alex Deucher <alexander.deucher@amd.com>
2016-02-24 12:46:05 -05:00
Marc Zyngier fd451b90e7 arm64: KVM: vgic-v3: Restore ICH_APR0Rn_EL2 before ICH_APR1Rn_EL2
The GICv3 architecture spec says:

Writing to the active priority registers in any order other than
the following order will result in UNPREDICTABLE behavior:
- ICH_AP0R<n>_EL2.
- ICH_AP1R<n>_EL2.

So let's not pointlessly go against the rule...

Acked-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
2016-02-24 17:25:58 +00:00
Greg Kroah-Hartman 428b315a24 usb: fixes for v4.5-rc6
The most important fixes here are:
 
 a) yet another fix to dwc3's EP transfer resource
 assignment logic. This time around we will be
 pre-allocating transfer resources to avoid any
 future issues;
 
 b) two DMA fixes for the old MUSB driver.
 
 c) dwc2's data toggle fix for FS
 
 Other than these, we have a few other minor fixes
 elsewhere.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJWzAM4AAoJEIaOsuA1yqREBCUP+QGgS85vE3L4pdVsvIg92j5l
 9kgSyhJvJEbWlxPQlft08gvYlazD1993IP1UW3aFVDVpJt/yxf1rd7zqMrnh1jSM
 c0SWYrlXVpkPuH15o4JaNjSajsJ9CM7kOg32WcleOmqugWiY4et98wrOkxIYtm1Y
 5cR34O12WL+XcdgluxNz0CF3UQTvnI3EurwJzLMRvEqG/QmUCoN6Ie3nRxKOglhn
 /UIHVT2kv/qN1L3QgdNPZzn3n3fX7ZdSg6sTMjdM7VWGNOrziK6658KBx9q64XeG
 G3HQyOtxzXhAMHFHNxjh0RCkg+KJL+vkfouZJHtEZtX8JialnGwGIVnnyCbqZTwn
 VVQcR8Jwh5Ph2oBIAyefqjFPIiKrvZ+Xq34j912W03KGertIoAW+8uOWM4Y6i8Ey
 CU/kvUPjyI6I7znddJaeLvik3AL4G9YIi2rMdLs33ayWFhU3A0Lyg5mIdZox5w+Z
 sMBe8OOfr5DnbgzzHyRW2yoTQrGSy11q8ZJom88jXreH3afM1naMduhnDAaYGN9/
 X2WmIu+NyyxbK/VeDsr4RiZtgmAp/8udfkootPkbAcH68mPlQo5/tztdYAFOrcNa
 gUmvL4j4yukagBG1XiKyS2eevnRqGq4bRwMkCzQ4PutZUQr67Wk+LxllUEvhSIFp
 7puDKjAIKHHd6lQZykmp
 =5QjC
 -----END PGP SIGNATURE-----

Merge tag 'fixes-for-v4.5-rc6' of http://git.kernel.org/pub/scm/linux/kernel/git/balbi/usb into usb-linus

Felipe writes:

usb: fixes for v4.5-rc6

The most important fixes here are:

a) yet another fix to dwc3's EP transfer resource
assignment logic. This time around we will be
pre-allocating transfer resources to avoid any
future issues;

b) two DMA fixes for the old MUSB driver.

c) dwc2's data toggle fix for FS

Other than these, we have a few other minor fixes
elsewhere.
2016-02-24 09:04:21 -08:00
Olof Johansson d877a214d5 Renesas ARM Based SoC Fixes for v4.5
* Avoid writing to .text
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJWxqjiAAoJENfPZGlqN0++L3cP/2sJqc/apSDngPLv/K+JajST
 bsnJXwwSKtqybzlBr6SbjCcE1XCorKg1ShdTxeW4lwWMqYCpeB70gDrIYETQq3y8
 nNP5vyKfUbr53CNPNE5XabUXdZvUq0ZiNUU80t6wGqqzLYz+aho0u8fC20P280w3
 557YY6Kq+Kt38E8SbO7NeowjBMQHVnvMlQq7mtmoCCCNHc9qYF/rweCqPj37+Mpy
 K5MMHEnYciVGyIBry41e5Wi9DXTbMnnutw6PwGmuBIwujcNut2dckS59GDUsh3HB
 N6tP0H03xks+DUfPZVis8+k7b9nKELJZ5IDYIxE39M8uKb3sjBW6spuoV3yjooql
 k6EpiQqL+ux5opF9+WV3A3ZJN+w1IQs0B/OGqEj1JcRj003A+GRmG3HB0SIteNUB
 GhFPAUyX9WLFopEi3flkOatRbYgod3w6YkKA7nNjaR+z2TVFZ+O+GTfuXyRnjy16
 qDRqJhGrAgH5JputXBKCepnA068laK+kpFuvCxGt5LvTJovHO4xAM3kqwBCJ6ZbQ
 RL21bVlq1OK+t3gyNMLJa1eS0Ew3HMLGlWZfiI6FI8PlZPKwb91LYqprOyxPRitf
 +3AjWu7BmFDgLwHVsiibDpdS3TDGopv5u60/APuOxyAQ/PgDhFZjXhg5grHn+hxS
 Y1mjE1NH4RnTYKgSWapu
 =i1ze
 -----END PGP SIGNATURE-----

Merge tag 'renesas-soc-fixes-for-v4.5' of git://git.kernel.org/pub/scm/linux/kernel/git/horms/renesas into fixes

Renesas ARM Based SoC Fixes for v4.5

* Avoid writing to .text

* tag 'renesas-soc-fixes-for-v4.5' of git://git.kernel.org/pub/scm/linux/kernel/git/horms/renesas:
  ARM: shmobile: Remove shmobile_boot_arg
  ARM: shmobile: Move shmobile_smp_{mpidr, fn, arg}[] from .text to .bss
  ARM: shmobile: r8a7779: Remove remainings of removed SCU boot setup code
  ARM: shmobile: Move shmobile_scu_base from .text to .bss

Signed-off-by: Olof Johansson <olof@lixom.net>
2016-02-24 08:48:22 -08:00
Steven Rostedt (Red Hat) d045437a16 tracing: Fix showing function event in available_events
The ftrace:function event is only displayed for parsing the function tracer
data. It is not used to enable function tracing, and does not include an
"enable" file in its event directory.

Originally, this event was kept separate from other events because it did
not have a ->reg parameter. But perf added a "reg" parameter for its use
which caused issues, because it made the event available to functions where
it was not compatible for.

Commit 9b63776fa3 "tracing: Do not enable function event with enable"
added a TRACE_EVENT_FL_IGNORE_ENABLE flag that prevented the function event
from being enabled by normal trace events. But this commit missed keeping
the function event from being displayed by the "available_events" directory,
which is used to show what events can be enabled by set_event.

One documented way to enable all events is to:

 cat available_events > set_event

But because the function event is displayed in the available_events, this
now causes an INVALID error:

 cat: write error: Invalid argument

Reported-by: Chunyu Hu <chuhu@redhat.com>
Fixes: 9b63776fa3 "tracing: Do not enable function event with enable"
Cc: stable@vger.kernel.org # 3.4+
Signed-off-by: Steven Rostedt <rostedt@goodmis.org>
2016-02-24 09:17:11 -05:00
Christian Borntraeger d7444794a0 KVM: async_pf: do not warn on page allocation failures
In async_pf we try to allocate with NOWAIT to get an element quickly
or fail. This code also handle failures gracefully. Lets silence
potential page allocation failures under load.

qemu-system-s39: page allocation failure: order:0,mode:0x2200000
[...]
Call Trace:
([<00000000001146b8>] show_trace+0xf8/0x148)
[<000000000011476a>] show_stack+0x62/0xe8
[<00000000004a36b8>] dump_stack+0x70/0x98
[<0000000000272c3a>] warn_alloc_failed+0xd2/0x148
[<000000000027709e>] __alloc_pages_nodemask+0x94e/0xb38
[<00000000002cd36a>] new_slab+0x382/0x400
[<00000000002cf7ac>] ___slab_alloc.constprop.30+0x2dc/0x378
[<00000000002d03d0>] kmem_cache_alloc+0x160/0x1d0
[<0000000000133db4>] kvm_setup_async_pf+0x6c/0x198
[<000000000013dee8>] kvm_arch_vcpu_ioctl_run+0xd48/0xd58
[<000000000012fcaa>] kvm_vcpu_ioctl+0x372/0x690
[<00000000002f66f6>] do_vfs_ioctl+0x3be/0x510
[<00000000002f68ec>] SyS_ioctl+0xa4/0xb8
[<0000000000781c5e>] system_call+0xd6/0x264
[<000003ffa24fa06a>] 0x3ffa24fa06a

Cc: stable@vger.kernel.org
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: Dominik Dingel <dingel@linux.vnet.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-02-24 14:47:46 +01:00
Paolo Bonzini 0c1d77f4ba KVM: x86: fix conversion of addresses to linear in 32-bit protected mode
Commit e8dd2d2d64 ("Silence compiler warning in arch/x86/kvm/emulate.c",
2015-09-06) broke boot of the Hurd.  The bug is that the "default:"
case actually could modify "la", but after the patch this change is
not reflected in *linear.

The bug is visible whenever a non-zero segment base causes the linear
address to wrap around the 4GB mark.

Fixes: e8dd2d2d64
Cc: stable@vger.kernel.org
Reported-by: Aurelien Jarno <aurelien@aurel32.net>
Tested-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-02-24 14:47:45 +01:00
Paolo Bonzini 172b2386ed KVM: x86: fix missed hardware breakpoints
Sometimes when setting a breakpoint a process doesn't stop on it.
This is because the debug registers are not loaded correctly on
VCPU load.

The following simple reproducer from Oleg Nesterov tries using debug
registers in two threads.  To see the bug, run a 2-VCPU guest with
"taskset -c 0" and run "./bp 0 1" inside the guest.

    #include <unistd.h>
    #include <signal.h>
    #include <stdlib.h>
    #include <stdio.h>
    #include <sys/wait.h>
    #include <sys/ptrace.h>
    #include <sys/user.h>
    #include <asm/debugreg.h>
    #include <assert.h>

    #define offsetof(TYPE, MEMBER) ((size_t) &((TYPE *)0)->MEMBER)

    unsigned long encode_dr7(int drnum, int enable, unsigned int type, unsigned int len)
    {
        unsigned long dr7;

        dr7 = ((len | type) & 0xf)
            << (DR_CONTROL_SHIFT + drnum * DR_CONTROL_SIZE);
        if (enable)
            dr7 |= (DR_GLOBAL_ENABLE << (drnum * DR_ENABLE_SIZE));

        return dr7;
    }

    int write_dr(int pid, int dr, unsigned long val)
    {
        return ptrace(PTRACE_POKEUSER, pid,
                offsetof (struct user, u_debugreg[dr]),
                val);
    }

    void set_bp(pid_t pid, void *addr)
    {
        unsigned long dr7;
        assert(write_dr(pid, 0, (long)addr) == 0);
        dr7 = encode_dr7(0, 1, DR_RW_EXECUTE, DR_LEN_1);
        assert(write_dr(pid, 7, dr7) == 0);
    }

    void *get_rip(int pid)
    {
        return (void*)ptrace(PTRACE_PEEKUSER, pid,
                offsetof(struct user, regs.rip), 0);
    }

    void test(int nr)
    {
        void *bp_addr = &&label + nr, *bp_hit;
        int pid;

        printf("test bp %d\n", nr);
        assert(nr < 16); // see 16 asm nops below

        pid = fork();
        if (!pid) {
            assert(ptrace(PTRACE_TRACEME, 0,0,0) == 0);
            kill(getpid(), SIGSTOP);
            for (;;) {
                label: asm (
                    "nop; nop; nop; nop;"
                    "nop; nop; nop; nop;"
                    "nop; nop; nop; nop;"
                    "nop; nop; nop; nop;"
                );
            }
        }

        assert(pid == wait(NULL));
        set_bp(pid, bp_addr);

        for (;;) {
            assert(ptrace(PTRACE_CONT, pid, 0, 0) == 0);
            assert(pid == wait(NULL));

            bp_hit = get_rip(pid);
            if (bp_hit != bp_addr)
                fprintf(stderr, "ERR!! hit wrong bp %ld != %d\n",
                    bp_hit - &&label, nr);
        }
    }

    int main(int argc, const char *argv[])
    {
        while (--argc) {
            int nr = atoi(*++argv);
            if (!fork())
                test(nr);
        }

        while (wait(NULL) > 0)
            ;
        return 0;
    }

Cc: stable@vger.kernel.org
Suggested-by: Nadav Amit <namit@cs.technion.ac.il>
Reported-by: Andrey Wagin <avagin@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-02-24 14:47:39 +01:00
Rafael J. Wysocki e249714571 Revert "ACPI, PCI, irq: remove interrupt count restriction"
Revert commit b5bd026954 (ACPI, PCI, irq: remove interrupt count
restriction) that introduced a boot regression on some systems
where it caused kmalloc() to be used too early.

Link: http://marc.info/?l=linux-acpi&m=145580159209240&w=2
Reported-by: Nalla, Ravikanth <ravikanth.nalla@hpe.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
2016-02-24 13:55:38 +01:00
Rafael J. Wysocki 5ec5d10682 Revert "ACPI / PCI: Simplify acpi_penalize_isa_irq()"
Revert commit 0971686954 "ACPI / PCI: Simplify acpi_penalize_isa_irq()"
that depends on commit b5bd026954 (ACPI, PCI, irq: remove interrupt
count restriction) which introduced a regression and needs to be
reverted for this reason.

Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
2016-02-24 13:53:46 +01:00
Marc Zyngier 1d6a821277 arm/arm64: KVM: Feed initialized memory to MMIO accesses
On an MMIO access, we always copy the on-stack buffer info
the shared "run" structure, even if this is a read access.
This ends up leaking up to 8 bytes of uninitialized memory
into userspace, depending on the size of the access.

An obvious fix for this one is to only perform the copy if
this is an actual write.

Reviewed-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
2016-02-24 11:53:09 +00:00
Valentin Rothberg 9ef2d8be55 arc: SMP: CONFIG_ARC_IPI_DBG cleanup
Previous Commit ("ARC: SMP: No need for CONFIG_ARC_IPI_DBG") removed
the Kconfig option ARC_IPI_DBG.  Remove the last reference on this
option.

Signed-off-by: Valentin Rothberg <valentinrothberg@gmail.com>
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
2016-02-24 14:15:39 +05:30
Carlo Caione 79318452cb MAINTAINERS: Extend info, add wiki and ml for meson arch
Update the maintainers info with wiki and mailing list for the meson
platform. Fix a wrong file attribution and add maintainership for the
generic meson platforms.

Signed-off-by: Carlo Caione <carlo@endlessm.com>
Signed-off-by: Olof Johansson <olof@lixom.net>
2016-02-24 00:11:12 -08:00
Olof Johansson 9fa6c2b1aa Two omap fixes for omaps against v4.5-rc5:
- Yet another fix for n900 onenand to avoid corruption. This time to
   fix the issue of mounting onenand back and forth between the original
   maemo kernel and mainline Linux kernel. And it also seems there will
   be two more fixes coming via the MTD tree as issues were discovered
   also in the onenand driver during testing.
 
 - Revert tps65217 regulator clean up as it breaks MMC for am335x
   variants. The proper way to clean this up is just to rename the
   tps65217.dtsi file into tps65217-am335x.dtsi as a similar setup
   is used on many am335x boards.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJWy321AAoJEBvUPslcq6Vz0osQAI7OJXSLqdmle3eV2Y2AbdpJ
 jgZV31sjxCgnE91toURDpzzCNmpBwXKX8m2CToE4gCfERS9iNI1CXnV63AoR6A1Q
 mUbzWDuulTDlwdEs/1n2E6QlYi/HYISYUI0sEZdK71nyStNDjsXfALpTfOSMMFj/
 Jcr8FcCTM8ZdfvzAungijzc4szAJ1PHuV68PUbgE6t9c6s0zQfrT1E+Ty9CLPkyk
 jnVCLCCrgHe+9oIXDQYE0z473h69Ij9PfIJmcYlTH+Gcu8hIT2FK9UyrgUQcKrSl
 w4l1u8ZOA9225oYDjLE7RczPAsauIX1VHBqsNEVhmWsMc4LIjWdM+kF/8nB4Rve2
 UfGjtfdVIN07PksilvCJr4HhZI8eTfWRvMgsGN8ypTZX8roFoHHwzjwrS245X5ve
 VMdS3ZcTZsR8SoHrSYCJzfs10d27JDfL3ya5ekQREEJsANxwVSk2aHwRyTnxdMFd
 lMmbzWKiYtzLs8Uvol+4h/wp8LCllP7/LKE8SkN/D6gc+jCzu5M4uOgj1c5lZtjM
 mFawFqpO4a2bQbcyTLCzQ2oHaTAW+suXZ5TcszKblm35gSY61kK0uTP89lRS/6Fv
 UF7+SqJwmM4eaqS5KvfkT/8GcOkWpG/iXtoNlIMiTNyMNjWutJ/WpTaUQ34TdwGV
 etQjXrmU5xEI1Kow7T+h
 =tAiy
 -----END PGP SIGNATURE-----

Merge tag 'omap-for-v4.5/fixes-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap into fixes

Two omap fixes for omaps against v4.5-rc5:

- Yet another fix for n900 onenand to avoid corruption. This time to
  fix the issue of mounting onenand back and forth between the original
  maemo kernel and mainline Linux kernel. And it also seems there will
  be two more fixes coming via the MTD tree as issues were discovered
  also in the onenand driver during testing.

- Revert tps65217 regulator clean up as it breaks MMC for am335x
  variants. The proper way to clean this up is just to rename the
  tps65217.dtsi file into tps65217-am335x.dtsi as a similar setup
  is used on many am335x boards.

* tag 'omap-for-v4.5/fixes-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap:
  ARM: OMAP2+: Fix onenand initialization to avoid filesystem corruption
  Revert "regulator: tps65217: remove tps65217.dtsi file"

Signed-off-by: Olof Johansson <olof@lixom.net>
2016-02-24 00:10:11 -08:00
Antoine Tenart a9e5547b19 MAINTAINERS: alpine: add a new maintainer and update the entry
Add myself as a co-maintainer for the Alpine support. Also update the
entry to take in account Alpine ARM64 boards, Alpine ARM device trees
and Alpine-specific drivers.

Signed-off-by: Antoine Tenart <antoine.tenart@free-electrons.com>
Acked-by: Tsahee Zidenberg <tsahee@annapurnalabs.com>
Signed-off-by: Olof Johansson <olof@lixom.net>
2016-02-24 00:09:12 -08:00
Ludovic Desroches 5e45a2589d ARM: at91/dt: fix typo in sama5d2 pinmux descriptions
PIN_PA15 macro has the same value as PIN_PA14 so we were overriding PA14
mux/configuration.

Signed-off-by: Ludovic Desroches <ludovic.desroches@atmel.com>
Reported-by: Cyrille Pitchen <cyrille.pitchen@atmel.com>
Fixes: 7f16cb676c ("ARM: at91/dt: add sama5d2 pinmux")
Cc: <stable@vger.kernel.org> # v4.4+
Signed-off-by: Alexandre Belloni <alexandre.belloni@free-electrons.com>
Signed-off-by: Olof Johansson <olof@lixom.net>
2016-02-24 00:08:19 -08:00
Olof Johansson b223c9f593 The i.MX fixes for v4.5:
- Drop the bogus interrupt-parent from i.MX6 CAAM node, which leads to
    the CAAM IRQs not getting unmasked at the GPC level.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJWwEEWAAoJEFBXWFqHsHzOvv4H/29Q3aZBN/L/0JzPyCckfWSw
 /l2UGsFW5UIBPbrOPW9tEPd4WRAUQ3BJKM2iNvvSSeNMvEO/Ni1+CtzQabCv7CGb
 sKRZOIQ8e8782K4aNmCMMwrVBhPMAewFuh4DkCDdN55sE5kN9CkDO0d6jzaHsDJf
 8GnuT5kq6qblV1HdsdVnEBjwL73v3wByUhUN3T6BplM4l9GtRRu7ox6s3dDdM4jG
 ohBRafPo0s+pMOI8LRs7howHQwAuSHCMP7zOzqCOwvSAa+GOwKIjpQFvAKU+mfex
 h+c2bdNxSCkDPG/QBwfk723qRWrDND0hMetHGNFn1zh8s0HhBzp7bNXKnLC5JF8=
 =9ONj
 -----END PGP SIGNATURE-----

Merge tag 'imx-fixes-4.5' of git://git.kernel.org/pub/scm/linux/kernel/git/shawnguo/linux into fixes

The i.MX fixes for v4.5:
 - Drop the bogus interrupt-parent from i.MX6 CAAM node, which leads to
   the CAAM IRQs not getting unmasked at the GPC level.

* tag 'imx-fixes-4.5' of git://git.kernel.org/pub/scm/linux/kernel/git/shawnguo/linux:
  ARM: dts: imx6: remove bogus interrupt-parent from CAAM node

Signed-off-by: Olof Johansson <olof@lixom.net>
2016-02-24 00:05:58 -08:00
Olof Johansson e3acd74f92 Few fixes for omaps against v4.5-rc3:
- Improve omap_device error message to tell driver writers what is
   wrong after commit 5de85b9d57 ("PM / runtime: Re-init runtime PM
   states at probe error and driver unbind"). There will be also a
   handful of driver related fixes also queued separately. But adding
   this error message makes it easy to fix any omap_device using
   drivers suffering from this issue so I think it's important to
   have.
 
 - Also related to commit 5de85b9d57 discussion, let's fix a bug
   where disabling PM runtime via sysfs will also cause the hardware
   state to be different from PM runtime state.
 
 - Fix audio clocks for beagle-x15.
 
 - Use wakeup-source instead of gpio-key,wakeup for the new entries
   that sneaked in during the merge window.
 
 - Fix a legacy booting vs device tree based booting regression for
   n900 where the legacy user space expects to have the device
   revision available in /proc/atags also when booted with device
   tree.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJWvmElAAoJEBvUPslcq6VzZ7sQAIdMX4Tn1z1lWA/dOvjczzSf
 5hZM9CBAn3McXAFKjKRLHbUDfkRGv/VQunbaZaQ8/nJQX3vlW9sd56oqHioQ2kAT
 DwrxdtX4aUasleGQmQh/gK0CI/eOhKpkARVrFr9XyAYS+My8xPes7sWlM5y9GCUO
 zJXsUH/FtXH/IgSO76QfkFceVUedNy0lYZqgEy5DcwJIwO5ZjuYF75Iy5xRDnX4G
 VSKKA8ap0qrTrAU2zBfb/djcLxt/7MgE0HBGMnEIXNRnQtFzw5NUzTibA0LUuj27
 YgpdcdiuBz6icCIuNJZH8GjWsx9J4BalHb2+qhDQtm0EJhV+uhpbXJ3BoPqvVw/7
 6Sv767DnbsBs2L8w1i0+DspRjJxKEfJxifISlbOz2g0O17Lbm1y+CPu767TUiuQ/
 KNHNfuI3uIxFfTZKEA6ae42wwFGP2B3SEaPOH5uINB6HjybNpRb6/xQNRe5OfY8E
 dG5Y8hsPjqsx9HiD2eqlpYlb8o7Yhf5vowXFG6EvwLM6rm1lL/9pOh3HGQXin075
 QTWHkhpwS/ihpEeRgJiG1sNTY5EjiqDvCZSDADpg1Nx4+RgdWm/WBxJEiflmaC0h
 ONdjcCsoApnrRRaWmVEUaYvZl9JmkUNH1r//PbWI9pDgvSqQUFOFEQmOoAo2W1xj
 4L6GzuxjNCERq8mc/8tC
 =1rk2
 -----END PGP SIGNATURE-----

Merge tag 'omap-for-v4.5/fixes-rc3-v2' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap into fixes

Few fixes for omaps against v4.5-rc3:

- Improve omap_device error message to tell driver writers what is
  wrong after commit 5de85b9d57 ("PM / runtime: Re-init runtime PM
  states at probe error and driver unbind"). There will be also a
  handful of driver related fixes also queued separately. But adding
  this error message makes it easy to fix any omap_device using
  drivers suffering from this issue so I think it's important to
  have.

- Also related to commit 5de85b9d57 discussion, let's fix a bug
  where disabling PM runtime via sysfs will also cause the hardware
  state to be different from PM runtime state.

- Fix audio clocks for beagle-x15.

- Use wakeup-source instead of gpio-key,wakeup for the new entries
  that sneaked in during the merge window.

- Fix a legacy booting vs device tree based booting regression for
  n900 where the legacy user space expects to have the device
  revision available in /proc/atags also when booted with device
  tree.

* tag 'omap-for-v4.5/fixes-rc3-v2' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap:
  ARM: OMAP2+: Fix omap_device for module reload on PM runtime forbid
  ARM: OMAP2+: Improve omap_device error for driver writers
  ARM: DTS: am57xx-beagle-x15: Select SYS_CLK2 for audio clocks
  ARM: dts: am335x/am57xx: replace gpio-key,wakeup with wakeup-source property
  ARM: OMAP2+: Set system_rev from ATAGS for n900

Signed-off-by: Olof Johansson <olof@lixom.net>
2016-02-24 00:05:11 -08:00
Olof Johansson 74a46ec6fb Merge tag 'mvebu-fixes-4.5-2' of git://git.infradead.org/linux-mvebu into fixes
mvebu fixes for 4.5 (part 2)

- Fix the missing mtd flash on linkstation lswtgl
- Use unique machine name for the kirkwood ds112 (for Debian flash-kernel tool)

* tag 'mvebu-fixes-4.5-2' of git://git.infradead.org/linux-mvebu:
  ARM: dts: orion5x: fix the missing mtd flash on linkstation lswtgl
  ARM: dts: kirkwood: use unique machine name for ds112

Signed-off-by: Olof Johansson <olof@lixom.net>
2016-02-24 00:04:59 -08:00
Andy Lutomirski 04d1d281dc x86/entry/32: Add an ASM_CLAC to entry_SYSENTER_32
Both before and after 5f310f739b ("x86/entry/32: Re-implement
SYSENTER using the new C path"), we relied on a uaccess very early
in the SYSENTER path to clear AC.  After that change, though, we can
potentially make it all the way into C code with AC set, which
enlarges the attack surface for SMAP bypass by doing SYSENTER with
AC set.

Strengthen the SMAP protection by addding the missing ASM_CLAC right
at the beginning.

Signed-off-by: Andy Lutomirski <luto@kernel.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Borislav Petkov <bp@alien8.de>
Cc: Brian Gerst <brgerst@gmail.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: http://lkml.kernel.org/r/3e36be110724896e32a4a1fe73bacb349d3cba94.1456262295.git.luto@kernel.org
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2016-02-24 08:43:04 +01:00
Vineet Gupta d73b73f562 ARC: SMP: No need for CONFIG_ARC_IPI_DBG
This was more relevant during SMP bringup.

The warning for bogus msg better be visible always.

Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
2016-02-24 11:07:32 +05:30
Vineet Gupta 3dea30ca5b ARCv2: Elide sending new cross core intr if receiver didn't ack prev
ARConnect/MCIP IPI sending has a retry-wait loop in case caller had
not seen a previous such interrupt. Turns out that it is not needed at
all. Linux cross core calling allows coalescing multiple IPIs to same
receiver - it is fine as long as there is one.

This logic is built into upper layer already, at a higher level of
abstraction. ipi_send_msg_one() sets the actual msg payload, but it only
calls MCIP IPI sending if msg holder was empty (using
atomic-set-new-and-get-old construct). Thus it is unlikely that the
retry-wait looping was ever getting exercised at all.

Cc: Chuck Jordan <cjordan@synopsys.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
2016-02-24 11:07:31 +05:30
Vineet Gupta 9681787930 ARCv2: SMP: Push IPI_IRQ into IPI provider
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
2016-02-24 11:07:31 +05:30
Vineet Gupta dbcbc7e7ce ARC: [intc-compact] Remove IPI setup from ARCompact port
There is no real ARC700 based SMP SoC so remove IPI definition.
EZChip's SMP ARC700 is going to use a different intc and IPI provider
anyways.

Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
2016-02-24 11:07:31 +05:30
Vineet Gupta bb143f814e ARCv2: SMP: Emulate IPI to self using software triggered interrupt
ARConnect/MCIP Inter-Core-Interrupt module can't send interrupt to
local core. So use core intc capability to trigger software
interrupt to self, using an unsued IRQ #21.

This showed up as csd deadlock with LTP trace_sched on a dual core
system. This test acts as scheduler fuzzer, triggering all sorts of
schedulting activity. Trouble starts with IPI to self, which doesn't get
delivered (effectively lost due to H/w capability), but the msg intended
to be sent remain enqueued in per-cpu @ipi_data.

All subsequent IPIs to this core from other cores get elided due to the
IPI coalescing optimization in ipi_send_msg_one() where a pending msg
implies an IPI already sent and assumes other core is yet to ack it.
After the elided IPI, other core simply goes into csd_lock_wait()
but never comes out as this core never sees the interrupt.

Fixes STAR 9001008624

Cc: Peter Zijlstra <peterz@infradead.org>
Cc: <stable@vger.kernel.org>        [4.2]
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
2016-02-24 11:07:28 +05:30
Linus Torvalds 84e54c46b2 Fix a 112 byte leak for each IO request that is requeued while DM
multipath is handling faults due to path failures.  This leak does not
 happen if blk-mq DM multipath is used.  It only occurs if .request_fn DM
 multipath is stacked ontop of blk-mq paths (e.g. scsi-mq devices).
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJWzL++AAoJEMUj8QotnQNa++YIAOHGHCMSODU37RVEeTgPXQMX
 snT95xbUySmvW5s1uGBISD/kObiwqtr/aDcPqMP4G3piuaRVs07V8wqn2vWVOU9z
 g3DEmPF7lsJYg5zisFqmQt1looISplxvXTUPA96vs6VHjUmn4uJKSCTEMtoXp4Xz
 SbE0wZgM0p7IQY/dwRqVT7M0wMAoQRNGEz9+AyzvWCx47FFVTAO2RRG8af92Uikf
 SpQSqvxxlK/eptexAgEspBcJ/o12vCQc99OFyYgf7td28o3DmBsPg2z+nwDmdIdP
 NpvmlOE5dyYfS3ysKSdd2E3kNgyUNI0g9Y+gPtR1EvP87HJfESj4yNcznRFzTmk=
 =4YyS
 -----END PGP SIGNATURE-----

Merge tag 'dm-4.5-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm

Pull device mapper fix from Mike Snitzer:
 "Fix a 112 byte leak for each IO request that is requeued while DM
  multipath is handling faults due to path failures.

  This leak does not happen if blk-mq DM multipath is used.  It only
  occurs if .request_fn DM multipath is stacked ontop of blk-mq paths
  (e.g. scsi-mq devices)"

* tag 'dm-4.5-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm:
  dm: fix dm_rq_target_io leak on faults with .request_fn DM w/ blk-mq paths
2016-02-23 19:03:43 -08:00
Linus Torvalds 0ecdcd3a52 MMC host:
- omap_hsmmc: Fix PM regression for deferred probe
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJWzLxnAAoJEP4mhCVzWIwpbPIP/A7oMVfUh5s1tMRzHaXb/SPp
 1hbhu4pIGfIioBS9SLHdeJoIaJZ/+B92YQZyiCi/fsnBDeeqXEc4vv2lwHknojbC
 3O64LCj7EeBRW1aDs7jPj9bnJPCzpdBS0gtMa1mTvqMu0BoVludFDS1d7hX9Jxly
 pIrtyqGtNcYZ2/FVcf1tMr4V2wbPpOexW25ieI3x/+AJ5euWsxCWU0AugtOULfJI
 56H6g90x2bRWDjf778K9EvBCuKv0Z5Dz4l61RQDkxwqA03LoL6qq+ANLU9NZx5Cb
 C2Jefk5Bc7pI5s1vbqJh1W0Qoqn/JDwsBefwGOPbrEz8frp7QpZQzpthsY74wIRX
 T5jqDnFWEHX3acbay7oh2GwhOoLlq8AI589XgqxOnLTKxW+w8bKI8Mb80ELPx7iK
 XXQigX6eTVAQiXg2nW/RfcwalKLh6LXxQip8Es+c/PwzhfZonMVryxyLYZUqwGmH
 5W0Z1CUSMsMytVJkf9HBv7p59Q+DDlFV0tcUJa/l+X4XGH3O4LgAtRUrE0ZWtPni
 8h+VMi9h3J5KenOxhx2wAATiuG7DlPC435zIRGspFPqYSQYCURFYdwbP83K1Xuha
 XESoyYfSVQ6gp8KEFmxGzjS6SaQmgWgy26x/GE3OdXu6SbHJIf9GtkDPp5zgbC1u
 8h0F47JqtzVKQA+E74Kt
 =9BcW
 -----END PGP SIGNATURE-----

Merge tag 'mmc-v4.5-rc4' of git://git.linaro.org/people/ulf.hansson/mmc

Pull MMC fix from Ulf Hansson:
 "Here's an mmc fix intended for v4.5 rc6.

  MMC host:
   - omap_hsmmc: Fix PM regression for deferred probe"

* tag 'mmc-v4.5-rc4' of git://git.linaro.org/people/ulf.hansson/mmc:
  mmc: omap_hsmmc: Fix PM regression with deferred probe for pm_runtime_reinit
2016-02-23 18:54:58 -08:00
Arnd Bergmann c45442055d nvdimm: use 'u64' for pfn flags
A recent bugfix changed pfn_t to always be 64-bit wide, but did not
change the code in pmem.c, which is now broken on 32-bit architectures
as reported by gcc:

In file included from ../drivers/nvdimm/pmem.c:28:0:
drivers/nvdimm/pmem.c: In function 'pmem_alloc':
include/linux/pfn_t.h:15:17: error: large integer implicitly truncated to unsigned type [-Werror=overflow]
 #define PFN_DEV (1ULL << (BITS_PER_LONG_LONG - 3))

This changes the intermediate pfn_flags in struct pmem_device to
be 64 bit wide as well, so they can store the flags correctly.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Fixes: db78c22230 ("mm: fix pfn_t vs highmem")
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
2016-02-23 17:17:20 -08:00
Toshi Kani 93f834df9c devm_memremap: Fix error value when memremap failed
devm_memremap() returns an ERR_PTR() value in case of error.
However, it returns NULL when memremap() failed.  This causes
the caller, such as the pmem driver, to proceed and oops later.

Change devm_memremap() to return ERR_PTR(-ENXIO) when memremap()
failed.

Signed-off-by: Toshi Kani <toshi.kani@hpe.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: <stable@vger.kernel.org>
Reviewed-by: Ross Zwisler <ross.zwisler@linux.intel.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
2016-02-23 17:17:20 -08:00
Dan Williams 4577b06655 nfit: update address range scrub commands to the acpi 6.1 format
The original format of these commands from the "NVDIMM DSM Interface
Example" [1] are superseded by the ACPI 6.1 definition of the "NVDIMM Root
Device _DSMs" [2].

[1]: http://pmem.io/documents/NVDIMM_DSM_Interface_Example.pdf
[2]: http://www.uefi.org/sites/default/files/resources/ACPI_6_1.pdf
     "9.20.7 NVDIMM Root Device _DSMs"

Changes include:
1/ New 'restart' fields in ars_status, unfortunately these are
   implemented in the middle of the existing definition so this change
   is not backwards compatible.  The expectation is that shipping
   platforms will only ever support the ACPI 6.1 definition.

2/ New status values for ars_start ('busy') and ars_status ('overflow').

Cc: Vishal Verma <vishal.l.verma@intel.com>
Cc: Linda Knippers <linda.knippers@hpe.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
2016-02-23 17:17:20 -08:00
Rafael J. Wysocki 351228eaa2 Merge branch 'for-rafael' of https://git.kernel.org/pub/scm/linux/kernel/git/mzx/devfreq into pm-devfreq
Pull a devfreq fix for v4.5 from MyungJoo Ham.

* 'for-rafael' of https://git.kernel.org/pub/scm/linux/kernel/git/mzx/devfreq:
  PM / devfreq: tegra: Set freq in rate callback
2016-02-24 02:13:43 +01:00
Linus Torvalds 420eb6d7ef NFS client bugfixes for Linux 4.5
Stable bugfixes:
 - Fix nfs_size_to_loff_t
 - NFSv4: Fix a dentry leak on alias use
 
 Other bugfixes:
 - Don't schedule a layoutreturn if the layout segment can be freed immediately.
 - Always set NFS_LAYOUT_RETURN_REQUESTED with lo->plh_return_iomode
 - rpcrdma_bc_receive_call() should init rq_private_buf.len
 - fix stateid handling for the NFS v4.2 operations
 - pnfs/blocklayout: fix a memeory leak when using,vmalloc_to_page
 - fix panic in gss_pipe_downcall() in fips mode
 - Fix a race between layoutget and pnfs_destroy_layout
 - Fix a race between layoutget and bulk recalls
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJWzKShAAoJEGcL54qWCgDyN0QQALiX8v2wvn07vE5ZeXB5uONq
 +mfx8avhEoc3NVrpG6F4Kj+yJmHeAbkgIygnhZn4tcM/2YRxGDwlVLHb++yUTHO9
 8zEi+tiKx9f5pK2PxRQ0PjavVxO/xOyO0/QNrUdnj8hSNR9ow+YOVjEYUulbuhIg
 VAI3oSy5qIKgtDyW7w5PuPpTXLo74hPmyqHaa+ZIr2et//nJMSsw++vAmSg3oqXq
 6QkLWPHt/8yvDRRn2hKkbD9gOrFCVfaZIGLM6Q0zRWAcGTzJi94ELzPdm8cVpD1o
 eXKcufgLXPt3GOeAmxZ9kwQeebR6IFcvkYom5dsPhtMBuzXu1wpanU8PGgYIQ0VA
 88b2YNl+TZpiVbRzxSEellZq5b+zapH/VVVnYptZiq9wUTACc7jK6W2heqe5PzaT
 iepTGCAE21tV5JewcITMQHDZiOjRNdtbBzgixI7pNfMN8whU6e5NHYj6psZqT7cf
 xEEZzL+RBJuCFKhXSPbBefccA4HCRkDEpT+2QgrMbS4KKfWOg36UNbJ2kgbvcRVi
 HTqoRONR6zMzYBhyMlLaUuJ1co8nSHgEsL81Q3MwWSY6gucSW7jeJ2stR20KJIo1
 7qgod9Ac/BAIozjzywi0LtmxouPyPU8cqaboMhSRVPDKfFlqZBNBkFLNWwgoYXMa
 r1afZQwNeRRbZUR3RulE
 =/WDS
 -----END PGP SIGNATURE-----

Merge tag 'nfs-for-4.5-4' of git://git.linux-nfs.org/projects/trondmy/linux-nfs

Pull NFS client bugfixes from Trond Myklebust:
 "Stable bugfixes:
   - Fix nfs_size_to_loff_t
   - NFSv4: Fix a dentry leak on alias use

  Other bugfixes:
   - Don't schedule a layoutreturn if the layout segment can be freed
     immediately.
   - Always set NFS_LAYOUT_RETURN_REQUESTED with lo->plh_return_iomode
   - rpcrdma_bc_receive_call() should init rq_private_buf.len
   - fix stateid handling for the NFS v4.2 operations
   - pnfs/blocklayout: fix a memeory leak when using,vmalloc_to_page
   - fix panic in gss_pipe_downcall() in fips mode
   - Fix a race between layoutget and pnfs_destroy_layout
   - Fix a race between layoutget and bulk recalls"

* tag 'nfs-for-4.5-4' of git://git.linux-nfs.org/projects/trondmy/linux-nfs:
  NFSv4.x/pnfs: Fix a race between layoutget and bulk recalls
  NFSv4.x/pnfs: Fix a race between layoutget and pnfs_destroy_layout
  auth_gss: fix panic in gss_pipe_downcall() in fips mode
  pnfs/blocklayout: fix a memeory leak when using,vmalloc_to_page
  nfs4: fix stateid handling for the NFS v4.2 operations
  NFSv4: Fix a dentry leak on alias use
  xprtrdma: rpcrdma_bc_receive_call() should init rq_private_buf.len
  pNFS: Always set NFS_LAYOUT_RETURN_REQUESTED with lo->plh_return_iomode
  pNFS: Fix pnfs_mark_matching_lsegs_return()
  nfs: fix nfs_size_to_loff_t
2016-02-23 16:39:21 -08:00
Linus Torvalds de9e478b9d x86: fix SMAP in 32-bit environments
In commit 11f1a4b975 ("x86: reorganize SMAP handling in user space
accesses") I changed how the stac/clac instructions were generated
around the user space accesses, which then made it possible to do
batched accesses efficiently for user string copies etc.

However, in doing so, I completely spaced out, and didn't even think
about the 32-bit case.  And nobody really even seemed to notice, because
SMAP doesn't even exist until modern Skylake processors, and you'd have
to be crazy to run 32-bit kernels on a modern CPU.

Which brings us to Andy Lutomirski.

He actually tested the 32-bit kernel on new hardware, and noticed that
it doesn't work.  My bad.  The trivial fix is to add the required
uaccess begin/end markers around the raw accesses in <asm/uaccess_32.h>.

I feel a bit bad about this patch, just because that header file really
should be cleaned up to avoid all the duplicated code in it, and this
commit just expands on the problem.  But this just fixes the bug without
any bigger cleanup surgery.

Reported-and-tested-by: Andy Lutomirski <luto@kernel.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2016-02-23 16:25:20 -08:00
Mark Rutland 236cf17c25 KVM: arm/arm64: vgic: Ensure bitmaps are long enough
When we allocate bitmaps in vgic_vcpu_init_maps, we divide the number of
bits we need by 8 to figure out how many bytes to allocate. However,
bitmap elements are always accessed as unsigned longs, and if we didn't
happen to allocate a size such that size % sizeof(unsigned long) == 0,
bitmap accesses may go past the end of the allocation.

When using KASAN (which does byte-granular access checks), this results
in a continuous stream of BUGs whenever these bitmaps are accessed:

=============================================================================
BUG kmalloc-128 (Tainted: G    B          ): kasan: bad access detected
-----------------------------------------------------------------------------

INFO: Allocated in vgic_init.part.25+0x55c/0x990 age=7493 cpu=3 pid=1730
INFO: Slab 0xffffffbde6d5da40 objects=16 used=15 fp=0xffffffc935769700 flags=0x4000000000000080
INFO: Object 0xffffffc935769500 @offset=1280 fp=0x          (null)

Bytes b4 ffffffc9357694f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffffffc935769500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffffffc935769510: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffffffc935769520: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffffffc935769530: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffffffc935769540: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffffffc935769550: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffffffc935769560: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Object ffffffc935769570: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Padding ffffffc9357695b0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Padding ffffffc9357695c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Padding ffffffc9357695d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Padding ffffffc9357695e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
Padding ffffffc9357695f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
CPU: 3 PID: 1740 Comm: kvm-vcpu-0 Tainted: G    B           4.4.0+ #17
Hardware name: ARM Juno development board (r1) (DT)
Call trace:
[<ffffffc00008e770>] dump_backtrace+0x0/0x280
[<ffffffc00008ea04>] show_stack+0x14/0x20
[<ffffffc000726360>] dump_stack+0x100/0x188
[<ffffffc00030d324>] print_trailer+0xfc/0x168
[<ffffffc000312294>] object_err+0x3c/0x50
[<ffffffc0003140fc>] kasan_report_error+0x244/0x558
[<ffffffc000314548>] __asan_report_load8_noabort+0x48/0x50
[<ffffffc000745688>] __bitmap_or+0xc0/0xc8
[<ffffffc0000d9e44>] kvm_vgic_flush_hwstate+0x1bc/0x650
[<ffffffc0000c514c>] kvm_arch_vcpu_ioctl_run+0x2ec/0xa60
[<ffffffc0000b9a6c>] kvm_vcpu_ioctl+0x474/0xa68
[<ffffffc00036b7b0>] do_vfs_ioctl+0x5b8/0xcb0
[<ffffffc00036bf34>] SyS_ioctl+0x8c/0xa0
[<ffffffc000086cb0>] el0_svc_naked+0x24/0x28
Memory state around the buggy address:
 ffffffc935769400: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffffffc935769480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffffffc935769500: 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
                   ^
 ffffffc935769580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffffffc935769600: 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================

Fix the issue by always allocating a multiple of sizeof(unsigned long),
as we do elsewhere in the vgic code.

Fixes: c1bfb577a ("arm/arm64: KVM: vgic: switch to dynamic allocation")
Cc: stable@vger.kernel.org
Acked-by: Marc Zyngier <marc.zyngier@arm.com>
Acked-by: Christoffer Dall <christoffer.dall@linaro.org>
Signed-off-by: Mark Rutland <mark.rutland@arm.com>
Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
2016-02-23 19:02:48 +00:00
Stefan Hajnoczi b7052cd7bc sunrpc/cache: fix off-by-one in qword_get()
The qword_get() function NUL-terminates its output buffer.  If the input
string is in hex format \xXXXX... and the same length as the output
buffer, there is an off-by-one:

  int qword_get(char **bpp, char *dest, int bufsize)
  {
      ...
      while (len < bufsize) {
          ...
          *dest++ = (h << 4) | l;
          len++;
      }
      ...
      *dest = '\0';
      return len;
  }

This patch ensures the NUL terminator doesn't fall outside the output
buffer.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Cc: stable@vger.kernel.org
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
2016-02-23 13:20:16 -05:00
Alexey Brodkin 3e5177c191 arc: get rid of DEVTMPFS dependency on INITRAMFS_SOURCE
Even though DEVTMPFS is required when our pre-built initramfs
is used it is not the case in general. It is perfectly possible
to use initramfs with device nodes already populated or there
could be other usages, see discussion below for more detials:
http://thread.gmane.org/gmane.comp.embedded.openwrt.devel/37819/focus=37821

This change removes mentioned dependency from arch/arc/Kconfig
updating instead those defconfigs that are usually used with this
kind of pre-build initramfs.

And while at it all touched defconfigs were regenerated via
savedefconfig and some options were removed:
 * USB is selected by other options implicitly
 * VGA_CONSOLE is disableb for ARC since
   031e29b587
 * EXT3_FS automatically selects EXT4_FS
 * MTDxxx and JFFS2_FS make no sense for AXS because
   AXS NAND controller is not upstreamed
 * NET_OSCI_LAN is not in upstream as well
 * ARCPGU_xxx options make no sense because ARC PGU is not yet
   in upstream and when it gets there all config options would
   be taken from devicetree

Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Signed-off-by: Vineet Gupta <vgupta@synopsys.com>
2016-02-23 12:31:04 +05:30
Felipe Balbi 3b2435192f MAINTAINERS: drop OMAP USB and MUSB maintainership
Now that I have switched to another company, I won't
be able to help by maintaining OMAP USB Support and/or
the MUSB driver.

OMAP USB Support is left Orphaned. MUSB's new
maintainer will be Bin Liu from Texas Instruments
who has accepted to take over starting with v4.6.

Cc: Bin Liu <b-liu@ti.com>
Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Felipe Balbi <balbi@kernel.org>
2016-02-23 08:51:39 +02:00
Cristian Birsan 4c2ba0c673 usb: musb: fix DMA for host mode
Commit ac33cdb166 ("usb: musb: Remove ifdefs for musb_host_rx in
musb_host.c part5") introduces a problem setting DMA host mode.

The musb_advance_schedule() is called immediately after receiving an
endpoint RX interrupt without waiting for the DMA transfer to complete.

As a consequence when the dma complete interrupt arrives the in_qh
member of hw_ep is already null an the musb_host_rx() exits on !urb
error case. Fix the done condition that advances the musb schedule.

Signed-off-by: Cristian Birsan <cristian.birsan@microchip.com>
Signed-off-by: Joshua Henderson <joshua.henderson@microchip.com>
Tested-by: Ladislav Michl <ladis@linux-mips.org>
Signed-off-by: Felipe Balbi <balbi@kernel.org>
2016-02-23 08:51:38 +02:00
Ivan T. Ivanov 8de4b3a3fc usb: phy: msm: Trigger USB state detection work in DRD mode
When working in Dual Role Device mode, USB state machine is not kicked,
when host or gadget drivers are loaded. Fix this be explicitly triggering
state detection on client driver load.

Issue is that if the board is booted without micro usb cable and usb
device attached, kernel fails to populate the usb host and device.
The reason for this is that the state machine worker logic only checks
for USB_DR_MODE_PERIPHERAL and USB_DR_MODE_HOST modes to run worker
thread. However if the phy is configured in OTG mode it would fail
to run the state machine, resulting in failure to detect for very
first time.

This patch fixes the issue by removing the explicit checks.

Issue is noticed on Qualcomm Dragon board DB410C.

[srinivas.kandagatla@linaro.org: Added more details to log]
Signed-off-by: Ivan T. Ivanov <ivan.ivanov@linaro.org>
Signed-off-by: Srinivas Kandagatla <srinivas.kandagatla@linaro.org>
Signed-off-by: Felipe Balbi <balbi@kernel.org>
2016-02-23 08:51:38 +02:00
Simon Appleby ca1c118942 usb: gadget: net2280: fix endpoint max packet for super speed connections
This patch fixes the register offset used for super-speed connection's
max packet size. Without it using the 338x series of devices in enhanced
mode will only allow full or high speed operation to function correctly.

Signed-off-by: Simon Appleby <simon.appleby@pickeringtest.com>
Signed-off-by: Felipe Balbi <balbi@kernel.org>
2016-02-23 08:51:38 +02:00
Marek Szyprowski 7b0a271d5c usb: gadget: gadgetfs: unregister gadget only if it got successfully registered
Gadgetfs driver called usb_gadget_unregister_driver unconditionally, even
if it didn't register it earlier due to other failures. This patch fixes
this.

Reported-by: Vegard Nossum <vegard.nossum@oracle.com>
Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Tested-by: Vegard Nossum <vegard.nossum@oracle.com>
Signed-off-by: Felipe Balbi <balbi@kernel.org>
2016-02-23 08:51:37 +02:00
Marek Szyprowski 31b994a498 usb: gadget: remove driver from pending list on probe error
Retry gadget probe only if the probe result is -EPROBE_DEFER, not on
every probe error.

Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com>
Signed-off-by: Felipe Balbi <balbi@kernel.org>
2016-02-23 08:51:37 +02:00
Bryan O'Donoghue dd71a17b11 x86/platform/intel/quark: Change the kernel's IMR lock bit to false
Currently when setting up an IMR around the kernel's .text section we lock
that IMR, preventing further modification. While superficially this appears
to be the right thing to do, in fact this doesn't account for a legitimate
change in the memory map such as when executing a new kernel via kexec.

In such a scenario a second kernel can have a different size and location
to it's predecessor and can view some of the memory occupied by it's
predecessor as legitimately usable DMA RAM. If this RAM were then
subsequently allocated to DMA agents within the system it could conceivably
trigger an IMR violation.

This patch fixes the this potential situation by keeping the kernel's .text
section IMR lock bit false by default.

Suggested-by: Ingo Molnar <mingo@kernel.org>
Reported-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Signed-off-by: Bryan O'Donoghue <pure.logic@nexus-software.ie>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: boon.leong.ong@intel.com
Cc: paul.gortmaker@windriver.com
Link: http://lkml.kernel.org/r/1456190999-12685-2-git-send-email-pure.logic@nexus-software.ie
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2016-02-23 07:35:53 +01:00
Tomeu Vizoso dbb0c7c430 PM / devfreq: tegra: Set freq in rate callback
As per the documentation of the devfreq_dev_profile.target callback, set
the freq argument to the new frequency before returning.

This caused endless messages like this after recent changes in the core:

devfreq 6000c800.actmon: Couldn't update frequency transition information.

Signed-off-by: Tomeu Vizoso <tomeu.vizoso@collabora.com>
Reported-by: Tyler Baker <tyler.baker@linaro.org>
Tested-by: Thierry Reding <treding@nvidia.com>
Acked-by: Thierry Reding <treding@nvidia.com>
Signed-off-by: MyungJoo Ham <myungjoo.ham@samsung.com>
2016-02-23 14:27:42 +09:00
Trond Myklebust 9fd4b9fc76 NFSv4.x/pnfs: Fix a race between layoutget and bulk recalls
Replace another case where the layout 'plh_block_lgets' can trigger
infinite loops in send_layoutget().

Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
2016-02-22 17:46:34 -05:00
Trond Myklebust 2454dfea0a NFSv4.x/pnfs: Fix a race between layoutget and pnfs_destroy_layout
If the server reboots while there is a layoutget outstanding, then
the call to pnfs_choose_layoutget_stateid() will fail with an EAGAIN
error, which causes an infinite loop in send_layoutget(). The reason
why we never break out of the loop is that the layout 'plh_block_lgets'
field is never cleared.

Fix is to replace plh_block_lgets with NFS_LAYOUT_INVALID_STID, which
can be reset after a new layoutget.

Fixes: ab7d763e47 ("pNFS: Ensure nfs4_layoutget_prepare returns...")
Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com>
2016-02-22 17:34:59 -05:00
Linus Torvalds 4de8ebeff8 Two more small fixes.
One is by Yang Shi who added a READ_ONCE_NOCHECK() to the scan of the
 stack made by the stack tracer. As the stack tracer scans the entire
 kernel stack, KASAN triggers seeing it as a "stack out of bounds" error.
 As the scan is looking at the contents of the stack from parent functions.
 The NOCHECK() tells KASAN that this is done on purpose, and is not some
 kind of stack overflow.
 
 The second fix is to the ftrace selftests, to retrieve the PID of executed
 commands from the shell with "$!" and not by parsing "jobs".
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJWyycyAAoJEKKk/i67LK/8ALoH/RkMZ7Cih7vXb30wB13xSNrB
 6o4ApuC4YOS9Un/4ruCXb+cGbW2LJLHkEU2ageoHLOZMvwuAM7iQ6fTUW1KxCRP2
 ECvqyqi0ZRyoi/CibxVVH9hHEAJzUTwok67nkLeZBqIN9Fglcfd7toAwgcrH3y59
 Pybyv5CV2eaff5IKoLXKZJNRLdrVLeM7v4BvdI0dxEikhWZ0XsA0RoIaNfTPqyQJ
 F6sJ/njdoMMJK4N8CCPxlvnvEOzn0DnJnfUNUQEj5J3YU9DbAHAACaBSg5oSh9oK
 BcFYKV2GIzPku1cafutRRlErcGyB2yqv7bB8Eo86zXRHbeonaj4XGJmH276ldVg=
 =srlj
 -----END PGP SIGNATURE-----

Merge tag 'trace-fixes-v4.5-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace

Pull tracing fixes from Steven Rostedt:
 "Two more small fixes.

  One is by Yang Shi who added a READ_ONCE_NOCHECK() to the scan of the
  stack made by the stack tracer.  As the stack tracer scans the entire
  kernel stack, KASAN triggers seeing it as a "stack out of bounds"
  error.  As the scan is looking at the contents of the stack from
  parent functions.  The NOCHECK() tells KASAN that this is done on
  purpose, and is not some kind of stack overflow.

  The second fix is to the ftrace selftests, to retrieve the PID of
  executed commands from the shell with '$!' and not by parsing 'jobs'"

* tag 'trace-fixes-v4.5-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace:
  tracing, kasan: Silence Kasan warning in check_stack of stack_tracer
  ftracetest: Fix instance test to use proper shell command for pids
2016-02-22 14:09:18 -08:00
Tero Kristo a0d54c3899 clk: ti: omap3+: dpll: use non-locking version of clk_get_rate
As the code in this file is being executed within irq context in some
cases, we must avoid the clk_get_rate which uses mutex internally.
Switch the code to use clk_hw_get_rate instead which is non-locking.

This fixes an issue where PM runtime will hang the system if enabled
with a serial console before a suspend-resume cycle.

Signed-off-by: Tero Kristo <t-kristo@ti.com>
Tested-by: Tony Lindgren <tony@atomide.com>
Fixes: a53ad8ef3d ("clk: ti: Convert to clk_hw based provider APIs")
Signed-off-by: Stephen Boyd <sboyd@codeaurora.org>
2016-02-22 14:03:02 -08:00
Linus Torvalds 692b8c663c Xen bug fixes for 4.5-rc5
- Two scsiback fixes (resource leak and spurious warning).
 - Fix DMA mapping of compound pages on arm/arm64.
 - Fix some pciback regressions in MSI-X handling.
 - Fix a pcifront crash due to some uninitialize state.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJWyvatAAoJEFxbo/MsZsTRBFcH+wWnv0/N+gKib3cKCI4lwmTg
 n8iVgf8dNWwD36M2s/OlzCAglAIt8Xr6ySNvPqTerpm7lT9yXlIVQxGXTbIGuTAA
 h8Kt8WiC0BNLHHlLxBuCz62KR47DvMhsr84lFURE8FmpUiulFjXmRcbrZkHIMYRS
 l/X+xJWO1vxwrSYho0P9n3ksTWHm488DTPvZz3ICNI2G2sndDfbT3gv3tMDaQhcX
 ZaQR93vtIoldqk29Ga59vaVtksbgxHZIbasY9PQ8rqOxHJpDQbPzpjocoLxAzf50
 cioQVyKQ7i9vUvZ+B3TTAOhxisA2hDwNhLGQzmjgxe2TXeKdo3yjYwO6m1dDBzY=
 =VY/S
 -----END PGP SIGNATURE-----

Merge tag 'for-linus-4.5-rc5-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip

Pull xen bug fixes from David Vrabel:

 - Two scsiback fixes (resource leak and spurious warning).

 - Fix DMA mapping of compound pages on arm/arm64.

 - Fix some pciback regressions in MSI-X handling.

 - Fix a pcifront crash due to some uninitialize state.

* tag 'for-linus-4.5-rc5-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
  xen/pcifront: Fix mysterious crashes when NUMA locality information was extracted.
  xen/pcifront: Report the errors better.
  xen/pciback: Save the number of MSI-X entries to be copied later.
  xen/pciback: Check PF instead of VF for PCI_COMMAND_MEMORY
  xen: fix potential integer overflow in queue_reply
  xen/arm: correctly handle DMA mapping of compound pages
  xen/scsiback: avoid warnings when adding multiple LUNs to a domain
  xen/scsiback: correct frontend counting
2016-02-22 13:57:01 -08:00