Commit Graph

547232 Commits

Author SHA1 Message Date
Ingo Molnar 95c632f4e4 Merge remote-tracking branch 'tglx/x86/urgent' into x86/urgent
Pick up the WCHAN fixes from Thomas.

Signed-off-by: Ingo Molnar <mingo@kernel.org>
2015-10-01 09:02:11 +02:00
Thomas Gleixner 7ba78053aa x86/process: Unify 32bit and 64bit implementations of get_wchan()
The stack layout and the functionality is identical. Use the 64bit
version for all of x86.

Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Borislav Petkov <bp@alien8.de>
Reviewed-by: Dmitry Vyukov <dvyukov@google.com>
Cc: Andrey Ryabinin <ryabinin.a.a@gmail.com>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Andrey Konovalov <andreyknvl@google.com>
Cc: Kostya Serebryany <kcc@google.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: kasan-dev <kasan-dev@googlegroups.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Sasha Levin <sasha.levin@oracle.com>
Cc: Wolfram Gloger <wmglo@dent.med.uni-muenchen.de>
Link: http://lkml.kernel.org/r/20150930083302.779694618@linutronix.de
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
2015-09-30 21:51:34 +02:00
Thomas Gleixner eddd3826a1 x86/process: Add proper bound checks in 64bit get_wchan()
Dmitry Vyukov reported the following using trinity and the memory
error detector AddressSanitizer
(https://code.google.com/p/address-sanitizer/wiki/AddressSanitizerForKernel).

[ 124.575597] ERROR: AddressSanitizer: heap-buffer-overflow on
address ffff88002e280000
[ 124.576801] ffff88002e280000 is located 131938492886538 bytes to
the left of 28857600-byte region [ffffffff81282e0a, ffffffff82e0830a)
[ 124.578633] Accessed by thread T10915:
[ 124.579295] inlined in describe_heap_address
./arch/x86/mm/asan/report.c:164
[ 124.579295] #0 ffffffff810dd277 in asan_report_error
./arch/x86/mm/asan/report.c:278
[ 124.580137] #1 ffffffff810dc6a0 in asan_check_region
./arch/x86/mm/asan/asan.c:37
[ 124.581050] #2 ffffffff810dd423 in __tsan_read8 ??:0
[ 124.581893] #3 ffffffff8107c093 in get_wchan
./arch/x86/kernel/process_64.c:444

The address checks in the 64bit implementation of get_wchan() are
wrong in several ways:

 - The lower bound of the stack is not the start of the stack
   page. It's the start of the stack page plus sizeof (struct
   thread_info)

 - The upper bound must be:

       top_of_stack - TOP_OF_KERNEL_STACK_PADDING - 2 * sizeof(unsigned long).

   The 2 * sizeof(unsigned long) is required because the stack pointer
   points at the frame pointer. The layout on the stack is: ... IP FP
   ... IP FP. So we need to make sure that both IP and FP are in the
   bounds.

Fix the bound checks and get rid of the mix of numeric constants, u64
and unsigned long. Making all unsigned long allows us to use the same
function for 32bit as well.

Use READ_ONCE() when accessing the stack. This does not prevent a
concurrent wakeup of the task and the stack changing, but at least it
avoids TOCTOU.

Also check task state at the end of the loop. Again that does not
prevent concurrent changes, but it avoids walking for nothing.

Add proper comments while at it.

Reported-by: Dmitry Vyukov <dvyukov@google.com>
Reported-by: Sasha Levin <sasha.levin@oracle.com>
Based-on-patch-from: Wolfram Gloger <wmglo@dent.med.uni-muenchen.de>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Borislav Petkov <bp@alien8.de>
Reviewed-by: Dmitry Vyukov <dvyukov@google.com>
Cc: Andrey Ryabinin <ryabinin.a.a@gmail.com>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Andrey Konovalov <andreyknvl@google.com>
Cc: Kostya Serebryany <kcc@google.com>
Cc: Alexander Potapenko <glider@google.com>
Cc: kasan-dev <kasan-dev@googlegroups.com>
Cc: Denys Vlasenko <dvlasenk@redhat.com>
Cc: Andi Kleen <ak@linux.intel.com>
Cc: Wolfram Gloger <wmglo@dent.med.uni-muenchen.de>
Cc: stable@vger.kernel.org
Link: http://lkml.kernel.org/r/20150930083302.694788319@linutronix.de
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
2015-09-30 21:51:34 +02:00
Andrey Ryabinin 4ac86a6dce x86, efi, kasan: Fix build failure on !KASAN && KMEMCHECK=y kernels
With KMEMCHECK=y, KASAN=n we get this build failure:

  arch/x86/platform/efi/efi.c:673:3:    error: implicit declaration of function ‘memcpy’ [-Werror=implicit-function-declaration]
  arch/x86/platform/efi/efi_64.c:139:2: error: implicit declaration of function ‘memcpy’ [-Werror=implicit-function-declaration]
  arch/x86/include/asm/desc.h:121:2:    error: implicit declaration of function ‘memcpy’ [-Werror=implicit-function-declaration]

Don't #undef memcpy if KASAN=n.

Reported-by: Ingo Molnar <mingo@kernel.org>
Reported-by: Sedat Dilek <sedat.dilek@gmail.com>
Signed-off-by: Andrey Ryabinin <ryabinin.a.a@gmail.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Matt Fleming <matt.fleming@intel.com>
Cc: Mike Galbraith <efault@gmx.de>
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Fixes: 769a8089c1 ("x86, efi, kasan: #undef memset/memcpy/memmove per arch")
Link: http://lkml.kernel.org/r/1443544814-20122-1-git-send-email-ryabinin.a.a@gmail.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2015-09-30 09:29:53 +02:00
Ingo Molnar ccf79c238f Linux 4.3-rc3
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJWB9f6AAoJEHm+PkMAQRiGiFMIAJYFLIkF/dXFYMNPGsRGRGYO
 SsQkfYzjy4i/yloyVlGB33e6dqxWdVgCeqYC77TO+1CBq34o6dqM4PACTrhjtS+3
 qQvaP/qn6cSoaGIkdD3v43CCiwMpZZ5+Uj7F7Uz8N4twrpykOZFMM5T7f1lrsG2F
 wJGafmvok9NU2F2wYwaJ8JrzsF6iO6ibFeB8BosRF5Ba4nKqiXVI0xNa0R8PFDm3
 tbh/IkkqokemEqnHyWyszhGFsCQupi+QgsjY/LhWUcCaL7HLEgJmkBX0tXNlgMmK
 TFCq7L8Bigu4nlgZ/iVUB9kh4GTBNVcbdRVN3loJFlczFJlIAa171OVlfRu3lvU=
 =m29x
 -----END PGP SIGNATURE-----

Merge tag 'v4.3-rc3' into x86/urgent, before applying dependent fix

Signed-off-by: Ingo Molnar <mingo@kernel.org>
2015-09-30 09:29:27 +02:00
Vitaly Kuznetsov 1e034743e9 x86/hyperv: Fix the build in the !CONFIG_KEXEC_CORE case
Recent changes in the Hyper-V driver:

  b4370df2b1 ("Drivers: hv: vmbus: add special crash handler")

broke the build when CONFIG_KEXEC_CORE is not set:

  arch/x86/built-in.o: In function `hv_machine_crash_shutdown':
  arch/x86/kernel/cpu/mshyperv.c:112: undefined reference to `native_machine_crash_shutdown'

Decorate all kexec related code with #ifdef CONFIG_KEXEC_CORE.

Reported-by: Jim Davis <jim.epost@gmail.com>
Reported-by: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Cc: devel@linuxdriverproject.org
Cc: K. Y. Srinivasan <kys@microsoft.com>
Cc: Haiyang Zhang <haiyangz@microsoft.com>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Link: http://lkml.kernel.org/r/1443002577-25370-1-git-send-email-vkuznets@redhat.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
2015-09-30 07:44:15 +02:00
Linus Torvalds 9ffecb1028 Linux 4.3-rc3 2015-09-27 07:50:08 -04:00
Linus Torvalds 162e6df47c Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull x86 fixes from Thomas Gleixner:
 "Two bugfixes from Andy addressing at least some of the subtle NMI
  related wreckage which has been reported by Sasha Levin"

* 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  x86/nmi/64: Fix a paravirt stack-clobbering bug in the NMI code
  x86/paravirt: Replace the paravirt nop with a bona fide empty function
2015-09-27 06:51:42 -04:00
Linus Torvalds 5a6bdf06bb Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
Pull irq fix from Thomass Gleixner:
 "A bugfix for the atmel aic5 irq chip driver which caches the wrong
  data and thereby breaking resume"

* 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
  irqchip/atmel-aic5: Use per chip mask caches in mask/unmask()
2015-09-27 06:50:23 -04:00
Linus Torvalds c905929ac9 Merge branch 'fixes' of git://ftp.arm.linux.org.uk/~rmk/linux-arm
Pull ARM fixes from Russell King:
 "Just two fixes: wire up the new system calls added during the last
  merge window, and fix another user access site"

* 'fixes' of git://ftp.arm.linux.org.uk/~rmk/linux-arm:
  ARM: alignment: fix alignment handling for uaccess changes
  ARM: wire up new syscalls
2015-09-27 06:48:48 -04:00
Linus Torvalds 685b5f1de6 ARM: SoC fixes for v4.3-rc
Our first real batch of fixes this release cycle. There's a collection of
 them here:
 
 - A fixup for a build breakage that hits on arm64 allmodconfig in QCOM SCM
   firmware drivers
 - MMC fixes for OMAP that had quite a bit of breakage this merge window.
 - Misc build/warning fixes on PXA and OMAP
 - A couple of minor fixes for Beagleboard X15 which is now starting to see
   a few more users in the wild
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJWB3+pAAoJEIwa5zzehBx36sAP/idEfXiZJiriXSLcU1AkWo23
 PAeIiIpENn6tbYrI0ogN+I63uNE9TkrWP/us9ZlPqQJOG29DVyol0YuAEmT3VSeo
 hColJInE2450fPxFw7hKOWnQ2En30fI5cIHUHzDNJl1Tn2liE4K2FuenSLmf34KH
 XQ2VkNMjj8uM9C0UMy/Tescm3r4LYKk9NXVG+oWDkw1PVdFMsBIE1Vo7KLWGJ6Ta
 Ig6Ub2A2ag1usJjjaTNJsbU4WRxHk37/r+psDzyTTxhp9ulS0uer84K7pqW7AVWn
 NsTUI83z3grKvnQrlTNKu7WCJH4Q+Xgru05mV3yhEoza+X7RhMAWX7zAgq7D3fDX
 mRT4L5RLZJZ8GDsWS35BMxBOOi3uxfPUtT1k2YobJeQYKaHaE06S5K9BMbaPCV6M
 d7ShNGuESz9RRLRDQFYaCqhZHyYoWxS1o0gczoEqB9/piPS7Fv7rQ1tujEU+/o8r
 8uwN6zYmcUJJykn+NxPP6Qskc4vWT+nQaGOp7YKkUFrh6wgssIOlU1HoYfPssjbM
 A0LHFZ1vRNFxtdnPhSi9A5IvVg4ST2G47MSV46ifplWzGyJXbDxuBV1/sCxbfUFn
 FRXt5FakkkbhTm/PsC9Dd/CYBx1HMlGoAP6nvmMccmmvWKTfEzjkuyTDhPWGihZN
 ZSos4D3kdlKnEtRZYfrx
 =ThcO
 -----END PGP SIGNATURE-----

Merge tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc

Pull ARM SoC fixes from Olof Johansson:
 "Our first real batch of fixes this release cycle.  Nothing really
  concerning, and diffstat is a bit inflated due to some DT contents
  moving around on STi platforms.

  There's a collection of them here:

   - A fixup for a build breakage that hits on arm64 allmodconfig in
     QCOM SCM firmware drivers
   - MMC fixes for OMAP that had quite a bit of breakage this merge
     window.
   - Misc build/warning fixes on PXA and OMAP
   - A couple of minor fixes for Beagleboard X15 which is now starting
     to see a few more users in the wild"

* tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (31 commits)
  ARM: sti: dt: adapt DT to fix probe/bind issues in DRM driver
  ARM: dts: fix omap2+ address translation for pbias
  firmware: qcom: scm: Add function stubs for ARM64
  ARM: dts: am57xx-beagle-x15: use palmas-usb for USB2
  ARM: omap2plus_defconfig: enable GPIO_PCA953X
  ARM: dts: omap5-uevm.dts: fix i2c5 pinctrl offsets
  ARM: OMAP2+: AM43XX: Enable autoidle for clks in am43xx_init_late
  ARM: dts: am57xx-beagle-x15: Update Phy supplies
  ARM: pxa: balloon3: Fix build error
  ARM: dts: Fixup model name for HP t410 dts
  ARM: dts: DRA7: fix a typo in ethernet
  ARM: omap2plus_defconfig: make PCF857x built-in
  ARM: dts: Use ti,pbias compatible string for pbias
  ARM: OMAP5: Cleanup options for SoC only build
  ARM: DRA7: Select missing options for SoC only build
  ARM: OMAP2+: board-generic: Remove stale of_irq macros
  ARM: OMAP4+: PM: erratum is used by OMAP5 and DRA7 as well
  ARM: dts: omap3-igep: Move eth IRQ pinmux to IGEPv2 common dtsi
  ARM: dts: am57xx-beagle-x15: Add wakeup irq for mcp79410
  ARM: dts: am335x-phycore-som: Fix mpu voltage
  ...
2015-09-27 06:45:18 -04:00
Linus Torvalds 69ea8b8577 Merge branch 'for-next' of git://git.samba.org/sfrench/cifs-2.6
Pull CIFS fixes from Steve French:
 "Four fixes from testing at the recent SMB3 Plugfest including two
  important authentication ones (one fixes authentication problems to
  some popular servers when clock times differ more than two hours
  between systems, the other fixes Kerberos authentication for SMB3)"

* 'for-next' of git://git.samba.org/sfrench/cifs-2.6:
  fix encryption error checks on mount
  [SMB3] Fix sec=krb5 on smb3 mounts
  cifs: use server timestamp for ntlmv2 authentication
  disabling oplocks/leases via module parm enable_oplocks broken for SMB3
2015-09-27 06:42:54 -04:00
Olof Johansson e46fc90ec2 ARM: pxa: fixes for v4.3
These fixes are mainly regression fixes triggered by irq changes,
 common clock framework introduction and sound side-effect of
 other platforms.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJV/nW0AAoJEAP2et0duMsSAP0QAKqFrk4GyRNTFxDQNBj43jrS
 3dHtbbTp04sf/RotcGbPPfGvWkv4LAc4CGYnMC3lXZw64HdIHtuHiiwrj3eeuoH9
 zw0xJpbzcHyu25i9wrOY06WgJ4TfTwqfBhhZZ9xoYs8XjuhbKxOP/X7ytSQ56aK9
 iyYCiE4sB4Ikgiu9iOvoztqo3SgtLuK7HYIgV5XASbVqtco4pLfq0upTbfkOesqw
 V9/+rnG5IaHAxgxuCT/UFg4uP1mW0W8EgC4UGi+Vi2MPQ5kmUwSSTmCcIYGryBem
 etJth5b8Q0AEnlEnx5plAhCPskpU7YkPCticQAmQkdU3fJC09+rzkgV66dOi64Mz
 f6YfGH/UXaHZjYZqIDRStN+Bp7HKJRBXNTtRUFfRFY40mKQFrcyrxPmYWIAiwY+E
 62O2/qzMMuycxlQo7xhH00qEK9oB2VfshhqXKRHWDhKyAjPbvhF6h0tnHBJSsPzi
 HJRtzs5dHtCqYBjVY21U391D7IA5lEck4cOExvVRbe1dn2eGbOZcLTS+caZbzhEy
 ulYbS4QZvtFTh7+dRhpG0jTuxIjMbZskogvOSET/wNuZewu7IrFMZt8ySPFbHwDs
 h5i+TZVfxcXu8kv+C5rT5q0bAP18p8dzowgzODh5iQpwTLahZ7tUPJmF+sC3QuSd
 zAOeAqKy3RQ8NL74LMPo
 =fNDY
 -----END PGP SIGNATURE-----

Merge tag 'pxa-fixes-v4.3' of https://github.com/rjarzmik/linux into fixes

ARM: pxa: fixes for v4.3

These fixes are mainly regression fixes triggered by irq changes,
common clock framework introduction and sound side-effect of
other platforms.

* tag 'pxa-fixes-v4.3' of https://github.com/rjarzmik/linux:
  ARM: pxa: balloon3: Fix build error
  ARM: pxa: ssp: Fix build error by removing originally incorrect DT binding
  ARM: pxa: fix DFI bus lockups on startup

Signed-off-by: Olof Johansson <olof@lixom.net>
2015-09-26 22:23:26 -07:00
Olof Johansson b8ba826f8d Fixes for omaps for v4.3-rc cycle:
- Two more patches to fix most of the MMC regressions with the
   PBIAS regulator changes. At least two MMC driver related issues
   still seems to remain for omap3 legacy booting and omap4 duovero.
   Note that the dts changes depend on a recent regulator fix, and
   are based on the regulator commit now in mainline kernel
 
 - Enable autoidle for am43xx clocks to prevent clocks from staying
   always on
 
 - Fix i2c5 pinctrl offsets for omap5-uevm
 
 - Enable PCA953X as that's needed for HDMI to work on omap5
 
 - Update phy supplies for beagle x15 beta board
 
 - Use palmas-usb for on beagle x15 to start using the related
   driver that recently got merged
 -
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJWBKnGAAoJEBvUPslcq6Vzps4QAIJGO+P3Fivcaso+1Spw41ib
 tTQUgF5dGX1It7HageKyd8mk9d5ywlZ3iFCJKuxdJAZfzSzdW6QdF/XKvH5K26nO
 +imDQV/WdGYcgKGQWvkMGbaWIcqxkSU1Wk/VWIlibXd875vVE5Koit5yvtQZTt19
 Xxk7Sj3ADCQ+WTgh+k/hFlvypjbKnWfV2HvCZ+tPPDHQA0IVejAfWn4u3jmcx6S9
 VY1CnU5NzQNNLmXaYwuUSKYFnipfrljsNvZfwLvVFYOfApWOAKpWzs2GdX161TJx
 oZdMhSVwJ9gBGRGhv33GXNouVmq4aEesXwg8M0fd8WpWWXVDI8SkEgALU9eghgGx
 Z41OuJIXS9udgqQdfwK2EUrynKKhQ/R1ywAM4SHyGCbs+FO3yAE8Gxgot/cnaGGx
 xJkog31VkHfG2ucGjBMaMJQ9oJfCtyT9tTdpHOnaKVrnn/7ZQwDbRR/npsTaA1Vg
 6EZvcYJpkmQ8Z/wYdMVvHrbzZ5GY/FRsRo8MwADmarLGRJ8aN+T3ZXik/cFmEqu+
 UN2OkOWn0i/OTdw8ED7pzvTMFr/mOZW1G51cj9W/uuVrA5nEmIWxrlVYm90aiE65
 Qz+f+qcTiVFFatpEq9CUhxsvOiDZ9gbBW130f/hmrkKm3PziAla3V1n+nOcO6/IF
 UBINOYy30yfDDccmbpnS
 =UnKL
 -----END PGP SIGNATURE-----

Merge tag 'omap-for-v4.3/fixes-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap into fixes

Fixes for omaps for v4.3-rc cycle:

- Two more patches to fix most of the MMC regressions with the
  PBIAS regulator changes. At least two MMC driver related issues
  still seems to remain for omap3 legacy booting and omap4 duovero.
  Note that the dts changes depend on a recent regulator fix, and
  are based on the regulator commit now in mainline kernel

- Enable autoidle for am43xx clocks to prevent clocks from staying
  always on

- Fix i2c5 pinctrl offsets for omap5-uevm

- Enable PCA953X as that's needed for HDMI to work on omap5

- Update phy supplies for beagle x15 beta board

- Use palmas-usb for on beagle x15 to start using the related
  driver that recently got merged

* tag 'omap-for-v4.3/fixes-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap:
  ARM: dts: fix omap2+ address translation for pbias
  ARM: dts: am57xx-beagle-x15: use palmas-usb for USB2
  ARM: omap2plus_defconfig: enable GPIO_PCA953X
  ARM: dts: omap5-uevm.dts: fix i2c5 pinctrl offsets
  ARM: OMAP2+: AM43XX: Enable autoidle for clks in am43xx_init_late
  ARM: dts: am57xx-beagle-x15: Update Phy supplies
  regulator: pbias: program pbias register offset in pbias driver
  ARM: omap2plus_defconfig: Enable MUSB DMA support
  ARM: DRA752: Add ID detect for ES2.0
  ARM: OMAP3: vc: fix 'or' always true warning
  ARM: OMAP2+: Fix booting if no timer parent clock is available
  ARM: OMAP2+: omap-device: fix race deferred probe of omap_hsmmc vs omap_device_late_init

Signed-off-by: Olof Johansson <olof@lixom.net>
2015-09-26 22:22:31 -07:00
Linus Torvalds d8cc3972b2 Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
Pull crypto fixes from Herbert Xu:
 "This fixes the following issues:

   - check the return value of platform_get_irq as signed int in xgene.

   - skip adf_dev_restore on virtual functions in qat.

   - fix double-free with backlogged requests in marvell_cesa"

* git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6:
  hwrng: xgene - fix handling platform_get_irq
  crypto: qat - VF should never trigger SBR on PH
  crypto: marvell - properly handle CRYPTO_TFM_REQ_MAY_BACKLOG-flagged requests
2015-09-26 21:05:23 -04:00
Linus Torvalds c91d707295 Merge git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending
Pull SCSI target fixes from Nicholas Bellinger:
 "This includes a iser-target series from Jenny + Sagi @ Mellanox that
  addresses the few remaining active I/O shutdown bugs, along with a
  patch to support zero-copy for immediate data payloads that gives a
  nice performance improvement for small block WRITEs.

  Also included are some recent >= v4.2 regression bug-fixes.  The most
  notable is a RCU conversion regression for SPC-3 PR registrations, and
  recent removal of obsolete RFC-3720 markers that introduced a login
  regression bug with MSFT iSCSI initiators.

  Thanks to everyone who has been testing + reporting bugs for v4.x"

* git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending:
  iscsi-target: Avoid OFMarker + IFMarker negotiation
  target: Make TCM_WRITE_PROTECT failure honor D_SENSE bit
  target: Fix target_sense_desc_format NULL pointer dereference
  target: Propigate backend read-only to core_tpg_add_lun
  target: Fix PR registration + APTPL RCU conversion regression
  iser-target: Skip data copy if all the command data comes as immediate
  iser-target: Change the recv buffers posting logic
  iser-target: Fix pending connections handling in target stack shutdown sequnce
  iser-target: Remove np_ prefix from isert_np members
  iser-target: Remove unused variables
  iser-target: Put the reference on commands waiting for unsol data
  iser-target: remove command with state ISTATE_REMOVE
2015-09-26 21:02:42 -04:00
Linus Torvalds bcba282ab3 USB fixes for 4.3-rc3
Here are some USB driver fixes for 4.3-rc3.
 
 There's the usual assortment of new device ids, combined with xhci and
 gadget driver fixes.  Full details in the shortlog.  All of these have
 been in linux-next with no reported problems.
 
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iEYEABECAAYFAlYGzJ0ACgkQMUfUDdst+yneGACgxrj/ZJGgY09tkItvvejHoYrF
 tgQAoI/cRL7C9aoWt7DjMxmbFnQE8hC7
 =jsj/
 -----END PGP SIGNATURE-----

Merge tag 'usb-4.3-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb

Pull USB fixes from Greg KH:
 "Here are some USB driver fixes for 4.3-rc3.

  There's the usual assortment of new device ids, combined with xhci and
  gadget driver fixes.  Full details in the shortlog.  All of these have
  been in linux-next with no reported problems"

* tag 'usb-4.3-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: (34 commits)
  MAINTAINERS: remove amd5536udc USB gadget driver maintainer
  USB: whiteheat: fix potential null-deref at probe
  xhci: init command timeout timer earlier to avoid deleting it uninitialized
  xhci: change xhci 1.0 only restrictions to support xhci 1.1
  usb: xhci: exit early in xhci_setup_device() if we're halted or dying
  usb: xhci: stop everything on the first call to xhci_stop
  usb: xhci: Clear XHCI_STATE_DYING on start
  usb: xhci: lock mutex on xhci_stop
  xhci: Move xhci_pme_quirk() behind #ifdef CONFIG_PM
  xhci: give command abortion one more chance before killing xhci
  usb: Use the USB_SS_MULT() macro to get the burst multiplier.
  usb: dwc3: gadget: Fix BUG in RT config
  usb: musb: fix cppi channel teardown for isoch transfer
  usb: phy: isp1301: Export I2C module alias information
  usb: gadget: drop null test before destroy functions
  usb: gadget: dummy_hcd: in transfer(), return data sent, not limit
  usb: gadget: dummy_hcd: fix rescan logic for transfer
  usb: gadget: dummy_hcd: fix unneeded else-if condition
  usb: gadget: dummy_hcd: emulate sending zlp in packet logic
  usb: musb: dsps: fix polling in device-only mode
  ...
2015-09-26 21:00:28 -04:00
Linus Torvalds fb740f9bab TTY/Serial driver fix for 4.3-rc3
Here is one serial driver fix for 4.3-rc3 that resolves a module loading
 issue due to splitting up of the 8250 driver into smaller pieces.  It's
 been in linux-next with no reported problems.
 
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iEYEABECAAYFAlYGzDcACgkQMUfUDdst+ymPYQCfYBt3kC2L/hzKWlkAlDmWKDQ+
 dVQAn3boCixXmujGQnLliLEbCAU3p4xP
 =Onb3
 -----END PGP SIGNATURE-----

Merge tag 'tty-4.3-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty

Pull serial driver fix from Greg KH:
 "Here is one serial driver fix for 4.3-rc3 that resolves a module
  loading issue due to splitting up of the 8250 driver into smaller
  pieces.  It's been in linux-next with no reported problems"

* tag 'tty-4.3-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty:
  tty: serial: Add missing module license for 8250_base.ko
2015-09-26 20:58:38 -04:00
Linus Torvalds b11e7b81bf Staging driver fixes for 4.3-rc3
Here are some tiny staging driver and documentation fixes for 4.3-rc3.
 
 All of these resolve reported issues that people have found and have
 been in the linux-next tree for a while with no problems.
 
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iEYEABECAAYFAlYGy54ACgkQMUfUDdst+ykLsQCeM/qForbTIO0AarIgTGe+Mato
 ohcAn3Lv4VUp8yYTj/n3s1/NZ8XexCkh
 =/Tt9
 -----END PGP SIGNATURE-----

Merge tag 'staging-4.3-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging

Pull staging driver fixes from Greg KH:
 "Here are some tiny staging driver and documentation fixes for 4.3-rc3.

  All of these resolve reported issues that people have found and have
  been in the linux-next tree for a while with no problems"

* tag 'staging-4.3-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging:
  MAINTAINERS: Update email address for Martyn Welch
  staging: ion: fix corruption of ion_import_dma_buf
  staging: dgap: Remove myself from the MAINTAINERS file
  staging: most: Add dependency to HAS_IOMEM
  staging: unisys: remove reference of visorutil
  staging: unisys: visornic: handle error return from device registration
  staging: unisys: stop device registration before visorbus registration
  staging: unisys: visorbus: Unregister driver on error
  staging: unisys: visornic: Fix receive bytes statistics
  staging: unisys: unregister netdev when create debugfs fails
  staging: fbtft: replace master->setup() with spi_setup()
  staging: fbtft: fix 9-bit SPI support detection
  staging/lustre: change Lustre URLs and mailing list
  staging/android: Update ION TODO per LPC discussion
  Staging: most: MOST and MOSTCORE should depend on HAS_DMA
  staging: most: fix HDM_USB dependencies and build errors
2015-09-26 20:56:50 -04:00
Linus Torvalds 7c1efeae6d driver core fix for 4.3-rc3
Here is one driver core fix for 4.3-rc3 that resolves a reported oops.
 
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iEYEABECAAYFAlYGyxEACgkQMUfUDdst+ymSHQCeLbNU+CN+kiCrEVRBxTKud08u
 yXUAoIy62VQpqHqJZaAYsLhSj9a9DHL3
 =Y3WE
 -----END PGP SIGNATURE-----

Merge tag 'driver-core-4.3-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core

Pull driver core fix from Greg KH:
 "Here is one driver core fix for 4.3-rc3 that resolves a reported oops"

* tag 'driver-core-4.3-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core:
  cpu/cacheinfo: Fix teardown path
2015-09-26 20:54:53 -04:00
Linus Torvalds 64b796e231 Char/Misc driver fixes for 4.3-rc3
Here's some tiny char and misc driver fixes that resolve some reported
 errors for 4.3-rc3.  All of these have been in linux-next with no
 problems for a while.
 
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iEYEABECAAYFAlYGyqYACgkQMUfUDdst+ymQ+gCfU53bctJdhOVz/4z1YqHC+vJN
 r/QAoJb6sddHgurOGXLOo5IenVOLJ3Sz
 =fmIB
 -----END PGP SIGNATURE-----

Merge tag 'char-misc-4.3-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc

Pull char/misc driver fixes from Greg KH:
 "Here's some tiny char and misc driver fixes that resolve some reported
  errors for 4.3-rc3.

  All of these have been in linux-next with no problems for a while"

* tag 'char-misc-4.3-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc:
  extcon: Fix attached value returned by is_extcon_changed
  Drivers: hv: vmbus: fix init_vp_index() for reloading hv_netvsc
  mei: fix debugfs files leak on error path
  thunderbolt: Allow loading of module on recent Apple MacBooks with thunderbolt 2 controller
2015-09-26 20:53:15 -04:00
Linus Torvalds 518a7cb698 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Pull networking fixes from David Miller:

 1) When we run a tap on netlink sockets, we have to copy mmap'd SKBs
    instead of cloning them.  From Daniel Borkmann.

 2) When converting classical BPF into eBPF, fix the setting of the
    source reg to BPF_REG_X.  From Tycho Andersen.

 3) Fix igmpv3/mldv2 report parsing in the bridge multicast code, from
    Linus Lussing.

 4) Fix dst refcounting for ipv6 tunnels, from Martin KaFai Lau.

 5) Set NLM_F_REPLACE flag properly when replacing ipv6 routes, from
    Roopa Prabhu.

 6) Add some new cxgb4 PCI device IDs, from Hariprasad Shenai.

 7) Fix headroom tests and SKB leaks in ipv6 fragmentation code, from
    Florian Westphal.

 8) Check DMA mapping errors in bna driver, from Ivan Vecera.

 9) Several 8139cp bug fixes (dev_kfree_skb_any in interrupt context,
    misclearing of interrupt status in TX timeout handler, etc.) from
    David Woodhouse.

10) In tipc, reset SKB header pointer after skb_linearize(), from Erik
    Hugne.

11) Fix autobind races et al. in netlink code, from Herbert Xu with
    help from Tejun Heo and others.

12) Missing SET_NETDEV_DEV in sunvnet driver, from Sowmini Varadhan.

13) Fix various races in timewait timer and reqsk_queue_hadh_req, from
    Eric Dumazet.

14) Fix array overruns in mac80211, from Johannes Berg and Dan
    Carpenter.

15) Fix data race in rhashtable_rehash_one(), from Dmitriy Vyukov.

16) Fix race between poll_one_napi and napi_disable, from Neil Horman.

17) Fix byte order in geneve tunnel port config, from John W Linville.

18) Fix handling of ARP replies over lightweight tunnels, from Jiri
    Benc.

19) We can loop when fib rule dumps cross multiple SKBs, fix from Wilson
    Kok and Roopa Prabhu.

20) Several reference count handling bug fixes in the PHY/MDIO layer
    from Russel King.

21) Fix lockdep splat in ppp_dev_uninit(), from Guillaume Nault.

22) Fix crash in icmp_route_lookup(), from David Ahern.

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (116 commits)
  net: Fix panic in icmp_route_lookup
  net: update docbook comment for __mdiobus_register()
  ppp: fix lockdep splat in ppp_dev_uninit()
  net: via/Kconfig: GENERIC_PCI_IOMAP required if PCI not selected
  phy: marvell: add link partner advertised modes
  net: fix net_device refcounting
  phy: add phy_device_remove()
  phy: fixed-phy: properly validate phy in fixed_phy_update_state()
  net: fix phy refcounting in a bunch of drivers
  of_mdio: fix MDIO phy device refcounting
  phy: add proper phy struct device refcounting
  phy: fix mdiobus module safety
  net: dsa: fix of_mdio_find_bus() device refcount leak
  phy: fix of_mdio_find_bus() device refcount leak
  ip6_tunnel: Reduce log level in ip6_tnl_err() to debug
  ip6_gre: Reduce log level in ip6gre_err() to debug
  fib_rules: fix fib rule dumps across multiple skbs
  bnx2x: byte swap rss_key to comply to Toeplitz specs
  net: revert "net_sched: move tp->root allocation into fw_init()"
  lwtunnel: remove source and destination UDP port config option
  ...
2015-09-26 06:01:33 -04:00
David Ahern bdb06cbf77 net: Fix panic in icmp_route_lookup
Andrey reported a panic:

[ 7249.865507] BUG: unable to handle kernel pointer dereference at 000000b4
[ 7249.865559] IP: [<c16afeca>] icmp_route_lookup+0xaa/0x320
[ 7249.865598] *pdpt = 0000000030f7f001 *pde = 0000000000000000
[ 7249.865637] Oops: 0000 [#1]
...
[ 7249.866811] CPU: 0 PID: 0 Comm: swapper/0 Not tainted
4.3.0-999-generic #201509220155
[ 7249.866876] Hardware name: MSI MS-7250/MS-7250, BIOS 080014  08/02/2006
[ 7249.866916] task: c1a5ab00 ti: c1a52000 task.ti: c1a52000
[ 7249.866949] EIP: 0060:[<c16afeca>] EFLAGS: 00210246 CPU: 0
[ 7249.866981] EIP is at icmp_route_lookup+0xaa/0x320
[ 7249.867012] EAX: 00000000 EBX: f483ba48 ECX: 00000000 EDX: f2e18a00
[ 7249.867045] ESI: 000000c0 EDI: f483ba70 EBP: f483b9ec ESP: f483b974
[ 7249.867077]  DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068
[ 7249.867108] CR0: 8005003b CR2: 000000b4 CR3: 36ee07c0 CR4: 000006f0
[ 7249.867141] Stack:
[ 7249.867165]  320310ee 00000000 00000042 320310ee 00000000 c1aeca00
f3920240 f0c69180
[ 7249.867268]  f483ba04 f855058b a89b66cd f483ba44 f8962f4b 00000000
e659266c f483ba54
[ 7249.867361]  8004753c f483ba5c f8962f4b f2031140 000003c1 ffbd8fa0
c16b0e00 00000064
[ 7249.867448] Call Trace:
[ 7249.867494]  [<f855058b>] ? e1000_xmit_frame+0x87b/0xdc0 [e1000e]
[ 7249.867534]  [<f8962f4b>] ? tcp_in_window+0xeb/0xb10 [nf_conntrack]
[ 7249.867576]  [<f8962f4b>] ? tcp_in_window+0xeb/0xb10 [nf_conntrack]
[ 7249.867615]  [<c16b0e00>] ? icmp_send+0xa0/0x380
[ 7249.867648]  [<c16b102f>] icmp_send+0x2cf/0x380
[ 7249.867681]  [<f89c8126>] nf_send_unreach+0xa6/0xc0 [nf_reject_ipv4]
[ 7249.867714]  [<f89cd0da>] reject_tg+0x7a/0x9f [ipt_REJECT]
[ 7249.867746]  [<f88c29a7>] ipt_do_table+0x317/0x70c [ip_tables]
[ 7249.867780]  [<f895e0a6>] ? __nf_conntrack_find_get+0x166/0x3b0
[nf_conntrack]
[ 7249.867838]  [<f895eea8>] ? nf_conntrack_in+0x398/0x600 [nf_conntrack]
[ 7249.867889]  [<f84c0035>] iptable_filter_hook+0x35/0x80 [iptable_filter]
[ 7249.867933]  [<c16776a1>] nf_iterate+0x71/0x80
[ 7249.867970]  [<c1677715>] nf_hook_slow+0x65/0xc0
[ 7249.868002]  [<c1681811>] __ip_local_out_sk+0xc1/0xd0
[ 7249.868034]  [<c1680f30>] ? ip_forward_options+0x1a0/0x1a0
[ 7249.868066]  [<c1681836>] ip_local_out_sk+0x16/0x30
[ 7249.868097]  [<c1684054>] ip_send_skb+0x14/0x80
[ 7249.868129]  [<c16840f4>] ip_push_pending_frames+0x34/0x40
[ 7249.868163]  [<c16844a2>] ip_send_unicast_reply+0x282/0x310
[ 7249.868196]  [<c16a0863>] tcp_v4_send_reset+0x1b3/0x380
[ 7249.868227]  [<c16a1b63>] tcp_v4_rcv+0x323/0x990
[ 7249.868257]  [<c16776a1>] ? nf_iterate+0x71/0x80
[ 7249.868289]  [<c167dc2b>] ip_local_deliver_finish+0x8b/0x230
[ 7249.868322]  [<c167df4c>] ip_local_deliver+0x4c/0xa0
[ 7249.868353]  [<c167dba0>] ? ip_rcv_finish+0x390/0x390
[ 7249.868384]  [<c167d88c>] ip_rcv_finish+0x7c/0x390
[ 7249.868415]  [<c167e280>] ip_rcv+0x2e0/0x420
...

Prior to the VRF change the oif was not set in the flow struct, so the
VRF support should really have only added the vrf_master_ifindex lookup.

Fixes: 613d09b30f ("net: Use VRF device index for lookups on TX")
Cc: Andrey Melnikov <temnota.am@gmail.com>
Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-09-25 21:44:02 -07:00
Russell King 59f069789c net: update docbook comment for __mdiobus_register()
Update the docbook comment for __mdiobus_register() to include the new
module owner argument.  This resolves a warning found by the 0-day
builder.

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-09-25 21:37:19 -07:00
Greg Kroah-Hartman b473197724 MAINTAINERS: remove amd5536udc USB gadget driver maintainer
Thomas can no longer work on the driver, so he asked me to mark the
MAINTAINER entry as "Orphan" with the hope that someone else would
someday pick it up.

Cc: Thomas Dahlmann <dahlmann.thomas@arcor.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2015-09-25 20:45:27 -07:00
Linus Torvalds d4a748a10e Merge branch 'for-4.3-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup
Pull another cgroup fix from Tejun Heo:
 "The cgroup writeback support got inadvertently enabled for traditional
  hierarchies revealing two regressions which are currently being worked
  on.  It shouldn't have been enabled on traditional hierarchies, so
  disable it on them.  This is enough to make the regressions go away
  for people who aren't experimenting with cgroup"

* 'for-4.3-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup:
  cgroup, writeback: don't enable cgroup writeback on traditional hierarchies
2015-09-25 16:20:55 -07:00
Guillaume Nault 58a89ecaca ppp: fix lockdep splat in ppp_dev_uninit()
ppp_dev_uninit() locks all_ppp_mutex while under rtnl mutex protection.
ppp_create_interface() must then lock these mutexes in that same order
to avoid possible deadlock.

[  120.880011] ======================================================
[  120.880011] [ INFO: possible circular locking dependency detected ]
[  120.880011] 4.2.0 #1 Not tainted
[  120.880011] -------------------------------------------------------
[  120.880011] ppp-apitest/15827 is trying to acquire lock:
[  120.880011]  (&pn->all_ppp_mutex){+.+.+.}, at: [<ffffffffa0145f56>] ppp_dev_uninit+0x64/0xb0 [ppp_generic]
[  120.880011]
[  120.880011] but task is already holding lock:
[  120.880011]  (rtnl_mutex){+.+.+.}, at: [<ffffffff812e4255>] rtnl_lock+0x12/0x14
[  120.880011]
[  120.880011] which lock already depends on the new lock.
[  120.880011]
[  120.880011]
[  120.880011] the existing dependency chain (in reverse order) is:
[  120.880011]
[  120.880011] -> #1 (rtnl_mutex){+.+.+.}:
[  120.880011]        [<ffffffff81073a6f>] lock_acquire+0xcf/0x10e
[  120.880011]        [<ffffffff813ab18a>] mutex_lock_nested+0x56/0x341
[  120.880011]        [<ffffffff812e4255>] rtnl_lock+0x12/0x14
[  120.880011]        [<ffffffff812d9d94>] register_netdev+0x11/0x27
[  120.880011]        [<ffffffffa0147b17>] ppp_ioctl+0x289/0xc98 [ppp_generic]
[  120.880011]        [<ffffffff8113b367>] do_vfs_ioctl+0x4ea/0x532
[  120.880011]        [<ffffffff8113b3fd>] SyS_ioctl+0x4e/0x7d
[  120.880011]        [<ffffffff813ad7d7>] entry_SYSCALL_64_fastpath+0x12/0x6f
[  120.880011]
[  120.880011] -> #0 (&pn->all_ppp_mutex){+.+.+.}:
[  120.880011]        [<ffffffff8107334e>] __lock_acquire+0xb07/0xe76
[  120.880011]        [<ffffffff81073a6f>] lock_acquire+0xcf/0x10e
[  120.880011]        [<ffffffff813ab18a>] mutex_lock_nested+0x56/0x341
[  120.880011]        [<ffffffffa0145f56>] ppp_dev_uninit+0x64/0xb0 [ppp_generic]
[  120.880011]        [<ffffffff812d5263>] rollback_registered_many+0x19e/0x252
[  120.880011]        [<ffffffff812d5381>] rollback_registered+0x29/0x38
[  120.880011]        [<ffffffff812d53fa>] unregister_netdevice_queue+0x6a/0x77
[  120.880011]        [<ffffffffa0146a94>] ppp_release+0x42/0x79 [ppp_generic]
[  120.880011]        [<ffffffff8112d9f6>] __fput+0xec/0x192
[  120.880011]        [<ffffffff8112dacc>] ____fput+0x9/0xb
[  120.880011]        [<ffffffff8105447a>] task_work_run+0x66/0x80
[  120.880011]        [<ffffffff81001801>] prepare_exit_to_usermode+0x8c/0xa7
[  120.880011]        [<ffffffff81001900>] syscall_return_slowpath+0xe4/0x104
[  120.880011]        [<ffffffff813ad931>] int_ret_from_sys_call+0x25/0x9f
[  120.880011]
[  120.880011] other info that might help us debug this:
[  120.880011]
[  120.880011]  Possible unsafe locking scenario:
[  120.880011]
[  120.880011]        CPU0                    CPU1
[  120.880011]        ----                    ----
[  120.880011]   lock(rtnl_mutex);
[  120.880011]                                lock(&pn->all_ppp_mutex);
[  120.880011]                                lock(rtnl_mutex);
[  120.880011]   lock(&pn->all_ppp_mutex);
[  120.880011]
[  120.880011]  *** DEADLOCK ***

Fixes: 8cb775bc0a ("ppp: fix device unregistration upon netns deletion")
Reported-by: Sedat Dilek <sedat.dilek@gmail.com>
Tested-by: Sedat Dilek <sedat.dilek@gmail.com>
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-09-25 12:38:11 -07:00
Sudip Mukherjee 21343ac21e net: via/Kconfig: GENERIC_PCI_IOMAP required if PCI not selected
The builds of allmodconfig of avr32 is failing with:

drivers/net/ethernet/via/via-rhine.c:1098:2: error: implicit declaration
of function 'pci_iomap' [-Werror=implicit-function-declaration]
drivers/net/ethernet/via/via-rhine.c:1119:2: error: implicit declaration
of function 'pci_iounmap' [-Werror=implicit-function-declaration]

The generic empty pci_iomap and pci_iounmap is used only if CONFIG_PCI
is not defined and CONFIG_GENERIC_PCI_IOMAP is defined.

Add GENERIC_PCI_IOMAP in the dependency list for VIA_RHINE as we are
getting build failure when CONFIG_PCI and CONFIG_GENERIC_PCI_IOMAP both
are not defined.

Signed-off-by: Sudip Mukherjee <sudip@vectorindia.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-09-25 12:36:58 -07:00
Russell King 357cd64c18 phy: marvell: add link partner advertised modes
Read the standard link partner advertisment registers and store it in
phydev->lp_advertising, so ethtool can report this information to
userspace via ethtool.  Zero it as per genphy if autonegotiation is
disabled.  Tested with a Marvell 88E1512 PHY.

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-09-25 12:23:47 -07:00
Linus Torvalds 03e8f64486 Merge branch 'for-linus-4.3' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs
Pull btrfs fixes from Chris Mason:
 "This is an assorted set I've been queuing up:

  Jeff Mahoney tracked down a tricky one where we ended up starting IO
  on the wrong mapping for special files in btrfs_evict_inode.  A few
  people reported this one on the list.

  Filipe found (and provided a test for) a difficult bug in reading
  compressed extents, and Josef fixed up some quota record keeping with
  snapshot deletion.  Chandan killed off an accounting bug during DIO
  that lead to WARN_ONs as we freed inodes"

* 'for-linus-4.3' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs:
  Btrfs: keep dropped roots in cache until transaction commit
  Btrfs: Direct I/O: Fix space accounting
  btrfs: skip waiting on ordered range for special files
  Btrfs: fix read corruption of compressed and shared extents
  Btrfs: remove unnecessary locking of cleaner_mutex to avoid deadlock
  Btrfs: don't initialize a space info as full to prevent ENOSPC
2015-09-25 12:08:41 -07:00
Linus Torvalds 101688f534 NFS client bugfixes for Linux 4.3
Highlights include:
 
 Stable patches:
 - fix v4.2 SEEK on files over 2 gigs
 - Fix a layout segment reference leak when pNFS I/O falls back to inband I/O.
 - Fix recovery of recalled read delegations
 
 Bugfixes:
 - Fix a case where NFSv4 fails to send CLOSE after a server reboot
 - Fix sunrpc to wait for connections to complete before retrying
 - Fix sunrpc races between transport connect/disconnect and shutdown
 - Fix an infinite loop when layoutget fail with BAD_STATEID
 - nfs/filelayout: Fix NULL reference caused by double freeing of fh_array
 - Fix a bogus WARN_ON_ONCE() in O_DIRECT when layout commit_through_mds is set
 - Fix layoutreturn/close ordering issues.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJWBWKdAAoJEGcL54qWCgDy2rUP/iIWUQSpUPfKKw7xquQUQe4j
 ci4nFxpJ/zhKj1u7x3wrkxZAXcEooYo+ZJ7ayzROKcfQL/sUSWGbSLdr3mqrQynv
 b0SDmnJK9V+CdBQrA+Jp5UGQxcumpMxsAfqVznT0qkf/wDp44DCVgDz5Aj8cRbWU
 6xPfMgVLEnXiId9IgKqg3sJ2NmvMZXuI9sHM6hp6OzRmQDjTcx+LgRz7tnQHgaEk
 zGz8R6eDm3OA0wfApqZwJ6JY793HsDdy30W9L0Yi2PVGXfzwoEB8AqgLVwSDIY1B
 5hG5zn3tg9PSz9vhJ7M2h4AgFHdB3w3XGdJUafwqZEeqEIagw1iFCWlMyo/lE2dG
 G7oob9Jiiwxjc3RDWn2wGaafymrrWZwl2nYzC4O3UvJ3hVJ0mEl1iJagK1m8LzfN
 fmnP7tTyPuoOXkzDogZ0YI3FrngO6430PoR2hUPkS1yce/a+IV0HQEmXbSDSwN80
 1d9zyC9TnPj6rFjZeaGxGK17BpkC0oIQCPq4OSJB4396wzAwMqoJjJVVWWeAK4UC
 PxzoXqAAaBFguSsDbuBMcXgiuUw/7DIZ/pdzsWSiCFgocgF5ZdJdieCNtGk0nbLM
 37R7HCauF93JDrkpUMKPnLXScb2IbEh31pFtKzptJYKwMxEiScXXiP3NE9hfX65i
 2zLkl2aBvd154RvVKNbp
 =GdeV
 -----END PGP SIGNATURE-----

Merge tag 'nfs-for-4.3-2' of git://git.linux-nfs.org/projects/trondmy/linux-nfs

Pull NFS client bugfixes from Trond Myklebust:
 "Highlights include:

  Stable patches:
   - fix v4.2 SEEK on files over 2 gigs
   - Fix a layout segment reference leak when pNFS I/O falls back to inband I/O.
   - Fix recovery of recalled read delegations

  Bugfixes:
   - Fix a case where NFSv4 fails to send CLOSE after a server reboot
   - Fix sunrpc to wait for connections to complete before retrying
   - Fix sunrpc races between transport connect/disconnect and shutdown
   - Fix an infinite loop when layoutget fail with BAD_STATEID
   - nfs/filelayout: Fix NULL reference caused by double freeing of fh_array
   - Fix a bogus WARN_ON_ONCE() in O_DIRECT when layout commit_through_mds is set
   - Fix layoutreturn/close ordering issues"

* tag 'nfs-for-4.3-2' of git://git.linux-nfs.org/projects/trondmy/linux-nfs:
  NFS41: make close wait for layoutreturn
  NFS: Skip checking ds_cinfo.buckets when lseg's commit_through_mds is set
  NFSv4.x/pnfs: Don't try to recover stateids twice in layoutget
  NFSv4: Recovery of recalled read delegations is broken
  NFS: Fix an infinite loop when layoutget fail with BAD_STATEID
  NFS: Do cleanup before resetting pageio read/write to mds
  SUNRPC: xs_sock_mark_closed() does not need to trigger socket autoclose
  SUNRPC: Lock the transport layer on shutdown
  nfs/filelayout: Fix NULL reference caused by double freeing of fh_array
  SUNRPC: Ensure that we wait for connections to complete before retrying
  SUNRPC: drop null test before destroy functions
  nfs: fix v4.2 SEEK on files over 2 gigs
  SUNRPC: Fix races between socket connection and destroy code
  nfs: fix pg_test page count calculation
  Failing to send a CLOSE if file is opened WRONLY and server reboots on a 4.x mount
2015-09-25 11:33:52 -07:00
Linus Torvalds ddff42e592 sound fixes for 4.3-rc3
This ended up with a larger set of fixes than wished, unfortunately.
 As diffstat shows, the majority of changes are for various ASoC
 drivers (Realtek, Wolfson codec drivers, etc), in addition to a couple
 of HD-audio regression fixes.  All these are reasonably small and
 nothing to scare much.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 
 iQIcBAABCAAGBQJWBTxTAAoJEGwxgFQ9KSmkzroQAIQNPQd3EFlVOQzRKTu6qFe4
 MiCOwHdc8GHTS2ZmXrFiL9gOn8MzMCUjVLaxxK9oVCdM6maC/IpbQz7mFQKXyqRW
 KkmVop/V0LNV4elw6RhDYYlDSwjP8vgD3MjJc8y3Hr8cpydrEUDDNFrdvpDBp5rE
 Tj9r2CxJBc2l06GteRiwjTZl0IjfLr9lseJiwtNHohmNJeDgVGHK3GOxOxiUxHgd
 VpdCG3VuzIdqNi1+Dp0PjFqHdw2aAgzaMbJL57X7nIktQwDM8bwM74cZMd4ykJIZ
 aIY8SrMuLMdu2yD80EqVLej3vy+fEAJovhA4GRA3bFfqBrrQtteNMMdJ01kqkZSI
 cQhjlJ3G7xwcF/88CzNI7eoyn5f5USl78NuCQvxvU2cqhuWeog/t0jgQcVCJBZFh
 Z+2QGlg/dg1EZ5WujQ8eETDAI9FYz0g56Q4N/reKtjCHjs8RRcfZXchn/J8ZvQQ0
 E2bRwazdZzeS3m4xzVka9Y1B3ei2F8CXJ9g1iQNPzkurHy4MStIuygp6ICIpvLlw
 RX/0c14p60TTz2SKXCNEwfcaW6F9pHqzmh4tEZXqq4LNgXgp17y7MNv/T+1yw/KW
 X8O7M40GAoUIH77Rr3UGayuCE38eNrggaox3BJvtyFtSy7RR7HS7TKSxzlNtkUCK
 5tN2uTta3YoA14OJUix9
 =cdb6
 -----END PGP SIGNATURE-----

Merge tag 'sound-4.3-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound

Pull sound fixes from Takashi Iwai:
 "This ended up with a larger set of fixes than wished, unfortunately.

  As diffstat shows, the majority of changes are for various ASoC
  drivers (Realtek, Wolfson codec drivers, etc), in addition to a couple
  of HD-audio regression fixes.  All these are reasonably small and
  nothing to scare much"

* tag 'sound-4.3-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (29 commits)
  ALSA: hda - Disable power_save_node for Thinkpads
  ALSA: hda/tegra - async probe for avoiding module loading deadlock
  ASoC: rt5645: Prevent the pop sound in case of playback and the jack is plugging
  ASoC: rt5645: Increase the delay time to remove the pop sound
  ASoC: rt5645: Use the type SOC_DAPM_SINGLE_AUTODISABLE to prevent the weird sound in runtime of power up
  ASoC: pxa: pxa2xx-ac97: fix dma requestor lines
  MAINTAINERS: Update website and git repo for Wolfson Microelectronics
  ASoC: fsl_ssi: Fix checking of dai format for AC97 mode
  ASoC: wm0010: fix error path
  ASoC: wm0010: fix memory leak
  ASoC: wm8960: correct the max register value of mic boost pga
  ASoC: wm8962: remove 64k sample rate support
  ASoC: davinci-mcasp: Fix devm_kasprintf format string
  ASoC: fix broken pxa SoC support
  ASoC: davinci-mcasp: Set .symmetric_rates = 1 in snd_soc_dai_driver
  ASoC: au1x: psc-i2s: Fix unused variable 'ret' warning
  ASoC: SPEAr: Make SND_SPEAR_SOC select SND_SOC_GENERIC_DMAENGINE_PCM
  ASoC: mediatek: Increase periods_min in capture
  ASoC: davinci-mcasp: Revise the FIFO threshold calculation
  ASoC: wm8960: correct gain value for input PGA and add microphone PGA
  ...
2015-09-25 11:25:30 -07:00
Linus Torvalds 966966a630 PCI updates for v4.3:
Resource management
     - Revert pci_read_bridge_bases() unification (Bjorn Helgaas)
     - Clear IORESOURCE_UNSET when clipping a bridge window (Bjorn Helgaas)
 
   MSI
     - Fix MSI IRQ domains for VFs on virtual buses (Alex Williamson)
 
   Renesas R-Car host bridge driver
     - Add R8A7794 support (Sergei Shtylyov)
 
   Miscellaneous
     - Fix devfn for VPD access through function 0 (Alex Williamson)
     - Use function 0 VPD only for identical functions (Alex Williamson)
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJWBUq2AAoJEFmIoMA60/r8wbwP/0D/+fKEPYJlB6hx1wLHpVk3
 K//vEwH0RgA3v2X53QUoHg94gTYhSZLKX0zdAFshbphE0HCZ6AO3UO+/ZJ3cui6J
 PYvKOnhby2ErNotZqrs3DQIM8rGgl0ZVgoFQrAWEvwiHRHI/r2ArK/oR4PiBjxJT
 StYuJoTkZIlJyHXza6tvHDcWi+Jc8t8r0HC4Vs32BlaVBQM0SH3CMxHfhJw/Q9xP
 WHFif1sH0N+p7WDyHH71C1T8POOgXY73BsD2AC0se3lRYZ9SVkOVy9ECGUucx8F6
 LDAuFelwRvW2Dr9kh38+5f8Xp155E+eZ6zRWW9/JlrUKVEtHhOFhtrRfDNKHuDCt
 B9ETrxDiSUFAdQ2weye9BK6aXK0CHF6YP3PCbvK77qFUUsN8csFSKktanKrFAbML
 CdjkVkEoeLHw+aXzyDg0pSBRZMQ24dTQDh7YqOFZGuEjCLPXOEQ8nitf0IzBB0KI
 4QetT/QK3bKkgtVKTwPP+s9f4g+fA/oiwJ21ZTV9hi/9upywTa/umCUvH9Fmb8Fp
 VZeTzugSht0+ioXpaF/6/KO0Ccp/t5uAHYeuBBMqiHX7ks8DdnfPCwbWNRKkg25O
 Qy7Y8VnnOtesRCAqBq5y/hHlLUluMkjYpEblYFiD6HBWcjUh6xE6LlIO4mwnjqWI
 zjB3w7+0GOrvS7dBSx0N
 =f4c3
 -----END PGP SIGNATURE-----

Merge tag 'pci-v4.3-fixes-1' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci

Pull PCI fixes from Bjorn Helgaas:
 "These are fixes for things we merged for v4.3 (VPD, MSI, and bridge
  window management), and a new Renesas R8A7794 SoC device ID.

  Details:

  Resource management:
   - Revert pci_read_bridge_bases() unification (Bjorn Helgaas)
   - Clear IORESOURCE_UNSET when clipping a bridge window (Bjorn
     Helgaas)

  MSI:
   - Fix MSI IRQ domains for VFs on virtual buses (Alex Williamson)

  Renesas R-Car host bridge driver:
   - Add R8A7794 support (Sergei Shtylyov)

  Miscellaneous:
   - Fix devfn for VPD access through function 0 (Alex Williamson)
   - Use function 0 VPD only for identical functions (Alex Williamson)"

* tag 'pci-v4.3-fixes-1' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci:
  PCI: rcar: Add R8A7794 support
  PCI: Use function 0 VPD for identical functions, regular VPD for others
  PCI: Fix devfn for VPD access through function 0
  PCI/MSI: Fix MSI IRQ domains for VFs on virtual buses
  PCI: Clear IORESOURCE_UNSET when clipping a bridge window
  PCI: Revert "PCI: Call pci_read_bridge_bases() from core instead of arch code"
2015-09-25 11:16:53 -07:00
Linus Torvalds b6d980f493 AMD fixes for bugs introduced in the 4.2 merge window,
and a few PPC bug fixes too.
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQEcBAABAgAGBQJWBSn7AAoJEL/70l94x66Dxd4H/RT6kWWj9x4grEYUkcJUDyK2
 AXm7XcKQm04auwAic8Otr+ts/Qix/50kWmBe/TU0QLgqb8rj5Dj3yGFK6Z1y6mAz
 KvaxqMJd4tZGTqN0DDvC2ItEdzjfAdeJZo/FHXqPHVspG0G14T7STLna02LTBBEJ
 tNzY9qor8nFhg2fT2szqKaudUNgTqkCTpo57o2BrHE96SHG+m0WdpQCV1F5hPVpg
 Te0Pb7qX9xng5n3sQ7IV/t3QYbrza1ACwNQS9XJa0Yu6iEz7JdmVmzHQASK9ynn6
 hUHhsNYGx4IsPjPtfJk2GroNaRDZL+VMzw07tfcOvPx8xkS9hS63pwzmSBqfLrM=
 =Ywqn
 -----END PGP SIGNATURE-----

Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm

Pull KVM fixes from Paolo Bonzini:
 "AMD fixes for bugs introduced in the 4.2 merge window, and a few PPC
  bug fixes too"

* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
  KVM: disable halt_poll_ns as default for s390x
  KVM: x86: fix off-by-one in reserved bits check
  KVM: x86: use correct page table format to check nested page table reserved bits
  KVM: svm: do not call kvm_set_cr0 from init_vmcb
  KVM: x86: trap AMD MSRs for the TSeg base and mask
  KVM: PPC: Book3S: Take the kvm->srcu lock in kvmppc_h_logical_ci_load/store()
  KVM: PPC: Book3S HV: Pass the correct trap argument to kvmhv_commence_exit
  KVM: PPC: Book3S HV: Fix handling of interrupted VCPUs
  kvm: svm: reset mmu on VCPU reset
2015-09-25 10:51:40 -07:00
Linus Torvalds 57cb635c5c powerpc fixes for 4.3 #2
- Wire up sys_membarrier()
  - cxl: Fix lockdep warning while creating afu_err_buff from Vaibhav
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJWBK25AAoJEFHr6jzI4aWAjpgP/2ZObQW0NToo88d3H2ERiKP9
 S6c8jAkq+NKEKiNyjQ2pf+rwruVjH/DYIMl6HE9wqyEfVtwPqIOjfaVZiXQG6fno
 +BPomCA1negqC3AvVuY9QELYD8rBcZ9nbUK1FeGwlZZySNteaSnz5xi/BvwTo1rm
 puJOSW4KCk/DpGnN6nuBVOJc7NKoGBgbTc3vXqyQVOF+Lu2BQlkfscbHgDnqVrT9
 R5tE6U6pQJVZFD15pxmp6dmib8ujoX0eVKFz89rzEsKTcDIBvnPTyjMYr3Y5Z5hS
 AhOKtunfZg6LOmeg+zd7u1FNwY3PL9ir59fWu5WUXIvqao67k04Li6eggzyZNQNV
 FT8gnj4pFzpNfv1Czm93Ki4dXd3uTYg02OuB3iPq3R3qKuL6cDwS2NGIl0y5iTqI
 kVVQp7u5UVdRdjCNgKmAe48kzVDzAR7B9OFdQBu0JE4NF107ubZKhpokEoagRyru
 CCe+WK1zXvj9S6UaX8f2Mg//oxTqz3jykxr5R2pHb9eFppuKFbj3hmF081OIrcBQ
 rQTR+3MMfEzqw19LaqLWRo70FSMSz8E79+vlHAjdSr5L7FY5YCmioWN231zq5W1R
 69ENkRaCLHdBLysitdrUXnf2uTcrwIRQuqkohG7JWys2+gz1/mqJUsa2rmXKAvuN
 JP3skFQMPlduIzSEy5rI
 =RQ5A
 -----END PGP SIGNATURE-----

Merge tag 'powerpc-4.3-3' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux

Pull powerpc fixes from Michael Ellerman:
 - Wire up sys_membarrier()
 - cxl: Fix lockdep warning while creating afu_err_buff from Vaibhav

* tag 'powerpc-4.3-3' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
  cxl: Fix lockdep warning while creating afu_err_buff attribute
  powerpc: Wire up sys_membarrier()
2015-09-25 10:11:26 -07:00
David Hildenbrand 920552b213 KVM: disable halt_poll_ns as default for s390x
We observed some performance degradation on s390x with dynamic
halt polling. Until we can provide a proper fix, let's enable
halt_poll_ns as default only for supported architectures.

Architectures are now free to set their own halt_poll_ns
default value.

Signed-off-by: David Hildenbrand <dahi@linux.vnet.ibm.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-09-25 10:31:30 +02:00
Paolo Bonzini 58c95070da KVM: x86: fix off-by-one in reserved bits check
29ecd66019 ("KVM: x86: avoid uninitialized variable warning",
2015-09-06) introduced a not-so-subtle problem, which probably
escaped review because it was not part of the patch context.

Before the patch, leaf was always equal to iterator.level.  After,
it is equal to iterator.level - 1 in the call to is_shadow_zero_bits_set,
and when is_shadow_zero_bits_set does another "-1" the check on
reserved bits becomes incorrect.  Using "iterator.level" in the call
fixes this call trace:

WARNING: CPU: 2 PID: 17000 at arch/x86/kvm/mmu.c:3385 handle_mmio_page_fault.part.93+0x1a/0x20 [kvm]()
Modules linked in: tun sha256_ssse3 sha256_generic drbg binfmt_misc ipv6 vfat fat fuse dm_crypt dm_mod kvm_amd kvm crc32_pclmul aesni_intel aes_x86_64 lrw gf128mul glue_helper ablk_helper cryptd fam15h_power amd64_edac_mod k10temp edac_core amdkfd amd_iommu_v2 radeon acpi_cpufreq
[...]
Call Trace:
  dump_stack+0x4e/0x84
  warn_slowpath_common+0x95/0xe0
  warn_slowpath_null+0x1a/0x20
  handle_mmio_page_fault.part.93+0x1a/0x20 [kvm]
  tdp_page_fault+0x231/0x290 [kvm]
  ? emulator_pio_in_out+0x6e/0xf0 [kvm]
  kvm_mmu_page_fault+0x36/0x240 [kvm]
  ? svm_set_cr0+0x95/0xc0 [kvm_amd]
  pf_interception+0xde/0x1d0 [kvm_amd]
  handle_exit+0x181/0xa70 [kvm_amd]
  ? kvm_arch_vcpu_ioctl_run+0x68b/0x1730 [kvm]
  kvm_arch_vcpu_ioctl_run+0x6f6/0x1730 [kvm]
  ? kvm_arch_vcpu_ioctl_run+0x68b/0x1730 [kvm]
  ? preempt_count_sub+0x9b/0xf0
  ? mutex_lock_killable_nested+0x26f/0x490
  ? preempt_count_sub+0x9b/0xf0
  kvm_vcpu_ioctl+0x358/0x710 [kvm]
  ? __fget+0x5/0x210
  ? __fget+0x101/0x210
  do_vfs_ioctl+0x2f4/0x560
  ? __fget_light+0x29/0x90
  SyS_ioctl+0x4c/0x90
  entry_SYSCALL_64_fastpath+0x16/0x73
---[ end trace 37901c8686d84de6 ]---

Reported-by: Borislav Petkov <bp@alien8.de>
Tested-by: Borislav Petkov <bp@alien8.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-09-25 10:31:29 +02:00
Paolo Bonzini 6fec21449a KVM: x86: use correct page table format to check nested page table reserved bits
Intel CPUID on AMD host or vice versa is a weird case, but it can
happen.  Handle it by checking the host CPU vendor instead of the
guest's in reset_tdp_shadow_zero_bits_mask.  For speed, the
check uses the fact that Intel EPT has an X (executable) bit while
AMD NPT has NX.

Reported-by: Borislav Petkov <bp@alien8.de>
Tested-by: Borislav Petkov <bp@alien8.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-09-25 10:31:28 +02:00
Paolo Bonzini 79a8059d24 KVM: svm: do not call kvm_set_cr0 from init_vmcb
kvm_set_cr0 may want to call kvm_zap_gfn_range and thus access the
memslots array (SRCU protected).  Using a mini SRCU critical section
is ugly, and adding it to kvm_arch_vcpu_create doesn't work because
the VMX vcpu_create callback calls synchronize_srcu.

Fixes this lockdep splat:

===============================
[ INFO: suspicious RCU usage. ]
4.3.0-rc1+ #1 Not tainted
-------------------------------
include/linux/kvm_host.h:488 suspicious rcu_dereference_check() usage!

other info that might help us debug this:
rcu_scheduler_active = 1, debug_locks = 0
1 lock held by qemu-system-i38/17000:
 #0:  (&(&kvm->mmu_lock)->rlock){+.+...}, at: kvm_zap_gfn_range+0x24/0x1a0 [kvm]

[...]
Call Trace:
 dump_stack+0x4e/0x84
 lockdep_rcu_suspicious+0xfd/0x130
 kvm_zap_gfn_range+0x188/0x1a0 [kvm]
 kvm_set_cr0+0xde/0x1e0 [kvm]
 init_vmcb+0x760/0xad0 [kvm_amd]
 svm_create_vcpu+0x197/0x250 [kvm_amd]
 kvm_arch_vcpu_create+0x47/0x70 [kvm]
 kvm_vm_ioctl+0x302/0x7e0 [kvm]
 ? __lock_is_held+0x51/0x70
 ? __fget+0x101/0x210
 do_vfs_ioctl+0x2f4/0x560
 ? __fget_light+0x29/0x90
 SyS_ioctl+0x4c/0x90
 entry_SYSCALL_64_fastpath+0x16/0x73

Reported-by: Borislav Petkov <bp@alien8.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2015-09-25 10:31:22 +02:00
Nicholas Bellinger 673681cafa iscsi-target: Avoid OFMarker + IFMarker negotiation
This patch fixes a v4.2+ regression introduced by commit c04a6091
that removed support for obsolete sync-and-steering markers usage
as originally defined in RFC-3720.

The regression would involve attempting to send OFMarker=No +
IFMarker=No keys during opertional negotiation login phase,
including when initiators did not actually propose these keys.

The result for MSFT iSCSI initiators would be random junk in
TCP stream after the last successful login request was been sent
signaling the move to full feature phase (FFP) operation.

To address this bug, go ahead and avoid negotiating these keys
by default unless the initiator explicitly proposes them, but
still respond to them with 'No' if they are proposed.

Reported-by: Dragan Milivojević <galileo@pkm-inc.com>
Bisected-by: Christophe Vu-Brugier <cvubrugier@fastmail.fm>
Tested-by: Christophe Vu-Brugier <cvubrugier@fastmail.fm>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2015-09-24 23:24:46 -07:00
Nicholas Bellinger 8fa3a86748 target: Make TCM_WRITE_PROTECT failure honor D_SENSE bit
This patch changes transport_lookup_cmd_lun() to obtain
se_lun->lun_ref + se_cmd->se_device rcu_dereference during
TCM_WRITE_PROTECT -> CHECK_CONDITION failure status.

Do this to ensure the active control D_SENSE mode page bit
is being honored.

Reported-by: Sagi Grimberg <sagig@mellanox.com>
Reviewed-by: Sagi Grimberg <sagig@mellanox.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2015-09-24 23:17:27 -07:00
Nicholas Bellinger f3bb467ff6 target: Fix target_sense_desc_format NULL pointer dereference
This patch allows target_sense_desc_format() to be called without a
valid se_device pointer, which can occur during an early exception
ahead of transport_lookup_cmd_lun() setting up se_cmd->se_device.

This addresses a v4.3-rc1 specific NULL pointer dereference
regression introduced by commit 4e4937e8.

Cc: Sagi Grimberg <sagig@mellanox.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Hannes Reinecke <hare@suse.de>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2015-09-24 23:17:23 -07:00
Nicholas Bellinger eeeb952223 target: Propigate backend read-only to core_tpg_add_lun
This patch adds a DF_READ_ONLY flag that is used by IBLOCK to
signal when a backend has been set to read-only mode, in order
to propigate read-only status up to core_tpg_add_lun() for all
future LUN fabric exports.

With this is place, existing emulation for reporting read-only
in spc_emulate_modesense() and normal transport_lookup_cmd_lun()
TCM_WRITE_PROTECTED status checking just works as expected.

Reported-by: Joeue Deng <joeue404@gmail.com>
Reported-by: Andy Grover <agrover@redhat.com>
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2015-09-24 23:17:21 -07:00
Nicholas Bellinger 3ccd6e83df target: Fix PR registration + APTPL RCU conversion regression
This patch fixes a v4.2+ regression introduced by commit 79dc9c9e86
where lookup of t10_pr_registration->pr_reg_deve and associated
->pr_kref get was missing from __core_scsi3_do_alloc_registration(),
which is responsible for setting DEF_PR_REG_ACTIVE.

This would result in REGISTER operations completing successfully,
but subsequent core_scsi3_pr_seq_non_holder() checking would fail
with !DEF_PR_REG_ACTIVE -> RESERVATION CONFLICT status.

Update __core_scsi3_add_registration() to drop ->pr_kref reference
after registration and any optional ALL_TG_PT=1 processing has
completed.  Update core_scsi3_decode_spec_i_port() to release
the new parent local_pr_reg->pr_kref as well.

Also, update __core_scsi3_check_aptpl_registration() to perform
the same target_nacl_find_deve() lookup + ->pr_kref get, now that
__core_scsi3_add_registration() expects to drop the reference.

Finally, since there are cases when se_dev_entry->se_lun_acl can
still be dereferenced in core_scsi3_lunacl_undepend_item() while
holding ->pr_kref, go ahead and move explicit rcu_assign_pointer()
NULL assignments within core_disable_device_list_for_node() until
after orig->pr_comp finishes.

Reported-by: Scott L. Lykens <scott@lykens.org>
Tested-by: Scott L. Lykens <scott@lykens.org>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Hannes Reinecke <hare@suse.de>
Cc: Lee Duncan <lduncan@suse.com>
Cc: <stable@vger.kernel.org> # v4.2+
Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
2015-09-24 23:17:07 -07:00
David S. Miller b626ef0128 Merge branch 'phy-mdio-refcnt'
Russell King says:

====================
Phy, mdiobus, and netdev struct device fixes

The third version of this series fixes the build error which David
identified, and drops the broken changes for the Cavium Thunger BGX
ethernet driver as this driver requires some complex changes to
resolve the leakage - and this is best done by people who can test
the driver.

Compared to v2, the only patch which has changed is patch 6
  "net: fix phy refcounting in a bunch of drivers"

I _think_ I've been able to build-test all the drivers touched by
that patch to some degree now, though several of them needed the
Kconfig hacked to allow it (not all had || COMPILE_TEST clause on
their dependencies.)

Previous cover letters below:

This is the second version of the series, with the comments David had
on the first patch fixed up.  Original series description with updated
diffstat below.

While looking at the DSA code, I noticed we have a
of_find_net_device_by_node(), and it looks like users of that are
similarly buggy - it looks like net/dsa/dsa.c is the only user.  Fix
that too.

Hi,

While looking at the phy code, I identified a number of weaknesses
where refcounting on device structures was being leaked, where
modules could be removed while in-use, and where the fixed-phy could
end up having unintended consequences caused by incorrect calls to
fixed_phy_update_state().

This patch series resolves those issues, some of which were discovered
with testing on an Armada 388 board.  Not all patches are fully tested,
particularly the one which touches several network drivers.

When resolving the struct device refcounting problems, several different
solutions were considered before settling on the implementation here -
one of the considerations was to avoid touching many network drivers.
The solution here is:

	phy_attach*() - takes a refcount
	phy_detach*() - drops the phy_attach refcount

Provided drivers always attach and detach their phys, which they should
already be doing, this should change nothing, even if they leak a refcount.

	of_phy_find_device() and of_* functions which use that take
	a refcount.  Arrange for this refcount to be dropped once
	the phy is attached.

This is the reason why the previous change is important - we can't drop
this refcount taken by of_phy_find_device() until something else holds
a reference on the device.  This resolves the leaked refcount caused by
using of_phy_connect() or of_phy_attach().

Even without the above changes, these drivers are leaking by calling
of_phy_find_device().  These drivers are addressed by adding the
appropriate release of that refcount.

The mdiobus code also suffered from the same kind of leak, but thankfully
this only happened in one place - the mdio-mux code.

I also found that the try_module_get() in the phy layer code was utterly
useless: phydev->dev.driver was guaranteed to always be NULL, so
try_module_get() was always being called with a NULL argument.  I proved
this with my SFP code, which declares its own MDIO bus - the module use
count was never incremented irrespective of how I set the MDIO bus up.
This allowed the MDIO bus code to be removed from the kernel while there
were still PHYs attached to it.

One other bug was discovered: while using in-band-status with mvneta, it
was found that if a real phy is attached with in-band-status enabled,
and another ethernet interface is using the fixed-phy infrastructure, the
interface using the fixed-phy infrastructure is configured according to
the other interface using the in-band-status - which is caused by the
fixed-phy code not verifying that the phy_device passed in is actually
a fixed-phy device, rather than a real MDIO phy.

Lastly, having mdio_bus reversing phy_device_register() internals seems
like a layering violation - it's trivial to move that code to the phy
device layer.
====================

Tested-by: Florian Fainelli <f.fainelli@gmail.com>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-09-24 23:04:53 -07:00
Russell King 9861f72074 net: fix net_device refcounting
of_find_net_device_by_node() uses class_find_device() internally to
lookup the corresponding network device.  class_find_device() returns
a reference to the embedded struct device, with its refcount
incremented.

Add a comment to the definition in net/core/net-sysfs.c indicating the
need to drop this refcount, and fix the DSA code to drop this refcount
when the OF-generated platform data is cleaned up and freed.  Also
arrange for the ref to be dropped when handling errors.

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-09-24 23:04:53 -07:00
Russell King 38737e490d phy: add phy_device_remove()
Add a phy_device_remove() function to complement phy_device_register(),
which undoes the effects of phy_device_register() by removing the phy
device from visibility, but not freeing it.

This allows these details to be moved out of the mdio bus code into
the phy code where this action belongs.

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-09-24 23:04:53 -07:00
Russell King d618bf2bfd phy: fixed-phy: properly validate phy in fixed_phy_update_state()
Validate that the phy_device passed into fixed_phy_update_state() is a
fixed-phy device before walking the list of phys for a fixed phy at the
same address.

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-09-24 23:04:53 -07:00
Russell King 04d53b20fe net: fix phy refcounting in a bunch of drivers
of_phy_find_device() increments the phy struct device refcount, which
we need to properly balance.  Add code to network drivers using this
function to ensure that the struct device refcount is correctly
balanced.

For xgene, looking back in the history, we should be able to use
of_phy_connect() with a zero flags argument for the DT case as this is
how the driver used to operate prior to de7b5b3d79 ("net: eth: xgene:
change APM X-Gene SoC platform ethernet to support ACPI").

This leaves the Cavium Thunder BGX unfixed; fixing this driver is a
complicated task, one which the maintainers need to be involved with.

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-09-24 23:04:53 -07:00
Russell King f018ae7a8c of_mdio: fix MDIO phy device refcounting
bus_find_device() is defined as:

 * This is similar to the bus_for_each_dev() function above, but it
 * returns a reference to a device that is 'found' for later use, as
 * determined by the @match callback.

and it does indeed return a reference-counted pointer to the device:

        while ((dev = next_device(&i)))
                if (match(dev, data) && get_device(dev))
                                        ^^^^^^^^^^^^^^^
                        break;
        klist_iter_exit(&i);
        return dev;

What that means is that when we're done with the struct device, we must
drop that reference.  Neither of_phy_connect() nor of_phy_attach() did
this when phy_connect_direct() or phy_attach_direct() failed.

With our previous patch, phy_connect_direct() and phy_attach_direct()
take a new refcount on the phy device when successful, so we can drop
our local reference immediatley after these functions, whether or not
they succeeded.

Signed-off-by: Russell King <rmk+kernel@arm.linux.org.uk>
Acked-by: Rob Herring <robh@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-09-24 23:04:52 -07:00