It was first reported and reproduced by Petr (thanks!) in
https://bugzilla.kernel.org/show_bug.cgi?id=119581
free_percpu(rt->rt6i_pcpu) used to always happen in ip6_dst_destroy().
However, after fixing a deadlock bug in
commit 9c7370a166 ("ipv6: Fix a potential deadlock when creating pcpu rt"),
free_percpu() is not called before setting non_pcpu_rt->rt6i_pcpu to NULL.
It is worth to note that rt6i_pcpu is protected by table->tb6_lock.
kmemleak somehow did not report it. We nailed it down by
observing the pcpu entries in /proc/vmallocinfo (first suggested
by Hannes, thanks!).
Signed-off-by: Martin KaFai Lau <kafai@fb.com>
Fixes: 9c7370a166 ("ipv6: Fix a potential deadlock when creating pcpu rt")
Reported-by: Petr Novopashenniy <pety@rusnet.ru>
Tested-by: Petr Novopashenniy <pety@rusnet.ru>
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Cc: Hannes Frederic Sowa <hannes@stressinduktion.org>
Cc: Petr Novopashenniy <pety@rusnet.ru>
Signed-off-by: David S. Miller <davem@davemloft.net>
dn_fib_count_nhs() could enter an infinite loop if nhp->rtnh_len == 0
(i.e. if userspace passes a malformed netlink message).
Let's use the helpers from net/nexthop.h which take care of all this
stuff. We can do exactly the same as e.g. fib_count_nexthops() and
fib_get_nhs() from net/ipv4/fib_semantics.c.
This fixes the softlockup for me.
Cc: Thomas Graf <tgraf@suug.ch>
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
The FIFO unlocking mechanism in acpi_dbg has been broken by the
following commit:
Commit: 287980e49f
Subject: remove lots of IS_ERR_VALUE abuses
It converted !IS_ERR_VALUE(ret) into !ret which was not entirely
correct. Fix the regression by taking ret > 0 into account too as
appropriate.
Fixes: 287980e49f (remove lots of IS_ERR_VALUE abuses)
Signed-off-by: Lv Zheng <lv.zheng@intel.com>
[ rjw: Simplifications, changelog & subject massage ]
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
We verify "u_cmd.outsize" and "u_cmd.insize" but we need to make sure
that those values have not changed between the two copy_from_user()
calls. Otherwise it could lead to a buffer overflow.
Additionally, cros_ec_cmd_xfer() can set s_cmd->insize to a lower value.
We should use the new smaller value so we don't copy too much data to
the user.
Reported-by: Pengfei Wang <wpengfeinudt@gmail.com>
Fixes: a841178445 ('mfd: cros_ec: Use a zero-length array for command data')
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Tested-by: Gwendal Grignou <gwendal@chromium.org>
Cc: <stable@vger.kernel.org> # v4.2+
Signed-off-by: Olof Johansson <olof@lixom.net>
Fixes a regression caused by a stupid thinko from "disp/sor/gf119: both
links use the same training register".
Signed-off-by: Ben Skeggs <bskeggs@redhat.com>
Cc: stable@vger.kernel.org
There is a lock order issue in acpi_load_tables(). The namespace lock
is held before holding the interpreter lock.
With ACPI_MUTEX_DEBUG enabled in the kernel, this is printed to the
log during boot:
[ 0.885699] ACPI Error: Invalid acquire order: Thread 405884224 owns [ACPI_MTX_Namespace], wants [ACPI_MTX_Interpreter] (20160422/utmutex-263)
[ 0.885881] ACPI Error: Could not acquire AML Interpreter mutex (20160422/exutils-95)
[ 0.893846] ACPI Error: Mutex [0x0] is not acquired, cannot release (20160422/utmutex-326)
[ 0.894019] ACPI Error: Could not release AML Interpreter mutex (20160422/exutils-133)
The issue has been introduced by the following commit:
Commit: 2f38b1b16d
ACPICA Commit: bfe03ffcde8ed56a7eae38ea0b188aeb12f9c52e
Subject: ACPICA: Namespace: Fix a regression that MLC support triggers
dead lock in dynamic table loading
Which fixed a deadlock issue for acpi_ns_load_table() in
acpi_ex_add_table() but didn't take care of the lock order in
acpi_ns_load_table() correctly.
Originally (before the above commit), ACPICA used the
namespace/interpreter locks in the following 2 key code
paths:
1. Table loading:
acpi_ns_load_table
L(Namespace)
acpi_ns_parse_table
acpi_ns_one_complete_parse
U(Namespace)
2. Object evaluation:
acpi_ns_evaluate
L(Interpreter)
acpi_ps_execute_method
U(Interpreter)
acpi_ns_load_table
L(Namespace)
U(Namespace)
acpi_ev_initialize_region
L(Namespace)
U(Namespace)
address_space.setup
L(Namespace)
U(Namespace)
address_space.handler
L(Namespace)
U(Namespace)
acpi_os_wait_semaphore
acpi_os_acquire_mutex
acpi_os_sleep
L(Interpreter)
U(Interpreter)
During runtime, while acpi_ns_evaluate is called, the lock order is
always Interpreter -> Namespace.
In turn, the problematic commit acquires the locks in the following
order:
3. Table loading:
acpi_ns_load_table
L(Namespace)
acpi_ns_parse_table
L(Interpreter)
acpi_ns_one_complete_parse
U(Interpreter)
U(Namespace)
To fix the lock order issue, move the interpreter lock to
acpi_ns_load_table() to ensure the lock order correctness:
4. Table loading:
acpi_ns_load_table
L(Interpreter)
L(Namespace)
acpi_ns_parse_table
acpi_ns_one_complete_parse
U(Namespace)
U(Interpreter)
However, this doesn't fix the current design issues related to the
namespace lock. For example, we can notice that in acpi_ns_evaluate(),
outside of acpi_ns_load_table(), the namespace objects may be created
by the named object creation control methods. And the creation of
the method-owned namespace objects are not locked by the namespace
lock. This patch doesn't try to fix such kind of existing issues.
Fixes: 2f38b1b16d (ACPICA: Namespace: Fix a regression that MLC support triggers dead lock in dynamic table loading)
Signed-off-by: Lv Zheng <lv.zheng@intel.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Change t4fw_version.h to update latest firmware version number
Signed-off-by: Ganesh Goudar <ganeshgr@chelsio.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
GCC complains on unused-but-set-variable, clean this up.
Fixes: 23898c763f ('net/mlx5: E-Switch, Modify node guid on vf set MAC')
Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
Acked-by: Saeed Mahameed <saeedm@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Currently, link notifications are not sent by
bond_set_slave_link_state() upon enslavement if
the slave is enslaved when up.
This happens because slave->link default init value
is 0, which is the same as BOND_LINK_UP, resulting
in bond_set_slave_link_state() ignoring this transition.
This patch sets the default value of slave->link to
BOND_LINK_NOCHANGE, assuring it will count as a state
transition and thus trigger notification logic.
Signed-off-by: Aviv Heller <avivh@mellanox.com>
Reviewed-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
The RTL8152 doesn't have U1U2 and U2P3 features, so use different
runtime functions for RTL812 and RTL8153 by adding autosuspend_en()
to rtl_ops.
Signed-off-by: Hayes Wang <hayeswang@realtek.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This reverts commit 1e4a806403.
This creates more problems than it solves right now. Compile
testing needs to go in with patches fixing the problems it
uncovers.
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
When mapping an interrupt to a VP(E) we must use the identifier for the
VP that the hardware expects, and this does not always match up with the
Linux CPU number. Commit d46812bb0b ("irqchip: mips-gic: Use HW IDs
for VPE_OTHER_ADDR") corrected this for the cases that existed at the
time it was written, but commit 2af70a9620 ("irqchip/mips-gic: Add a
IPI hierarchy domain") added another case before the former patch was
merged. This leads to incorrectly using Linux CPU numbers when mapping
interrupts to VPs, which breaks on certain systems such as those with
multi-core I6400 CPUs. Fix by adding the appropriate call to
mips_cm_vp_id() to retrieve the expected VP identifier.
Fixes: d46812bb0b ("irqchip: mips-gic: Use HW IDs for VPE_OTHER_ADDR")
Fixes: 2af70a9620 ("irqchip/mips-gic: Add a IPI hierarchy domain")
Signed-off-by: Paul Burton <paul.burton@imgtec.com>
Cc: linux-mips@linux-mips.org
Cc: Jason Cooper <jason@lakedaemon.net>
Cc: Qais Yousef <qsyousef@gmail.com>
Cc: Ralf Baechle <ralf@linux-mips.org>
Cc: Marc Zyngier <marc.zyngier@arm.com>
Cc: stable@vger.kernel.org
Link: http://lkml.kernel.org/r/20160705132600.27730-1-paul.burton@imgtec.com
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
This solves the issue that a headphone is not working on the docking
unit.
Signed-off-by: Torsten Hilbrich <torsten.hilbrich@secunet.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
of_node_put needs to be called when the device node which is got
from of_parse_phandle has finished using.
Cc: Maxime Ripard <maxime.ripard@free-electrons.com>
Cc: Chen-Yu Tsai <wens@csie.org>
Signed-off-by: Peter Chen <peter.chen@nxp.com>
Signed-off-by: Maxime Ripard <maxime.ripard@free-electrons.com>
A qeth_card contains a napi_struct linked to the net_device during
device probing. This struct must be deleted when removing the qeth
device, otherwise Panic on oops can occur when qeth devices are
repeatedly removed and added.
Fixes: a1c3ed4c9c ("qeth: NAPI support for l2 and l3 discipline")
Cc: stable@vger.kernel.org # v2.6.37+
Signed-off-by: Ursula Braun <ubraun@linux.vnet.ibm.com>
Tested-by: Alexander Klein <ALKL@de.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This reverts commit a788a4a040.
This patch is wrong, the type returned doesn't fit
what the error pointer macros expect.
Signed-off-by: David S. Miller <davem@davemloft.net>
This is likely that checking 'fman->fifo_offset' instead of
'fman->cam_offset' is expected here.
Signed-off-by: Christophe JAILLET <christophe.jaillet@wanadoo.fr>
Signed-off-by: David S. Miller <davem@davemloft.net>
Several Lenovo users have reported problems with their Sierra
Wireless EM7455 modem. The driver has loaded successfully and
the MBIM management channel has appeared to work, including
establishing a connection to the mobile network. But no frames
have been received over the data interface.
The problem affects all EM7455 and MC7455, and is assumed to
affect other modems based on the same Qualcomm chipset and
baseband firmware.
Testing narrowed the problem down to what seems to be a
firmware timing bug during initialization. Adding a short sleep
while probing is sufficient to make the problem disappear.
Experiments have shown that 1-2 ms is too little to have any
effect, while 10-20 ms is enough to reliably succeed.
Reported-by: Stefan Armbruster <ml001@armbruster-it.de>
Reported-by: Ralph Plawetzki <ralph@purejava.org>
Reported-by: Andreas Fett <andreas.fett@secunet.com>
Reported-by: Rasmus Lerdorf <rasmus@lerdorf.com>
Reported-by: Samo Ratnik <samo.ratnik@gmail.com>
Reported-and-tested-by: Aleksander Morgado <aleksander@aleksander.es>
Signed-off-by: Bjørn Mork <bjorn@mork.no>
Signed-off-by: David S. Miller <davem@davemloft.net>
If register_pernet_subsys() fails, we shouldn't try to call
unregister_pernet_subsys().
Fixes: 467fa15356 ("RDS-TCP: Support multiple RDS-TCP listen endpoints, one per netns.")
Cc: stable@vger.kernel.org
Cc: Sowmini Varadhan <sowmini.varadhan@oracle.com>
Cc: David S. Miller <davem@davemloft.net>
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
Acked-by: Sowmini Varadhan <sowmini.varadhan@oracle.com>
Acked-by: Santosh Shilimkar <santosh.shilimkar@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
For ipv6+udp+geneve encapsulation data, the max_mtu should subtract
sizeof(ipv6hdr), instead of sizeof(iphdr).
Signed-off-by: Haishuang Yan <yanhaishuang@cmss.chinamobile.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This reverts commit 923b93e451.
Make sure consumers do not overwrite gpio flags for pins that have
already been claimed.
While adding support for gpio drivers to refuse a request using
unsupported flags, the order of when the requested flag was checked and
the new flags were applied was reversed to that consumers could
overwrite flags for already requested gpios.
This not only affects device-tree setups where two drivers could request
the same gpio using conflicting configurations, but also allowed user
space to clear gpio flags for already claimed pins simply by attempting
to export them through the sysfs interface. By for example clearing the
FLAG_ACTIVE_LOW flag this way, user space could effectively change the
polarity of a signal.
Reverting this change obviously prevents gpio drivers from doing sanity
checks on the flags in their request callbacks. Fortunately only one
recently added driver (gpio-tps65218 in v4.6) appears to do this, and a
follow up patch could restore this functionality through a different
interface.
Cc: stable <stable@vger.kernel.org> # 4.4
Signed-off-by: Johan Hovold <johan@kernel.org>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
This fixes the issue descirbe in bug 117531
(https://bugzilla.kernel.org/show_bug.cgi?id=117531).
It's a regression introduced in linux 4.5 that causes a Oops at load of
gpio_sch and prevents powering off the computer.
The issue is that sch_gpio_reg_set is called in sch_gpio_probe before
gpio_chip data is initialized with the pointer to the sch_gpio struct. As
sch_gpio_reg_set calls gpiochip_get_data, it returns NULL which causes
the Oops.
The patch follows Mika's advice (https://lkml.org/lkml/2016/5/9/61) and
consists in modifying sch_gpio_reg_get and sch_gpio_reg_set to take a
sch_gpio struct directly instead of a gpio_chip, which avoids the call to
gpiochip_get_data.
Thanks Mika for your patience with me :-)
Cc: stable@vger.kernel.org
Signed-off-by: Colin Pitrat <colin.pitrat@gmail.com>
Acked-by: Alexandre Courbot <acourbot@nvidia.com>
Acked-by: Mika Westerberg <mika.westerberg@linux.intel.com>
Signed-off-by: Linus Walleij <linus.walleij@linaro.org>
Snooze is a poll idle state in powernv and pseries platforms. Snooze
has a timeout so that if a CPU stays in snooze for more than target
residency of the next available idle state, then it would exit
thereby giving chance to the cpuidle governor to re-evaluate and
promote the CPU to a deeper idle state. Therefore whenever snooze
exits due to this timeout, its last_residency will be target_residency
of the next deeper state.
Commit e93e59ce5b "cpuidle: Replace ktime_get() with local_clock()"
changed the math around last_residency calculation. Specifically,
while converting last_residency value from nano- to microseconds, it
carries out right shift by 10. Because of that, in snooze timeout
exit scenarios last_residency calculated is roughly 2.3% less than
target_residency of the next available state. This pattern is picked
up by get_typical_interval() in the menu governor and therefore
expected_interval in menu_select() is frequently less than the
target_residency of any state other than snooze.
Due to this we are entering snooze at a higher rate, thereby
affecting the single thread performance.
Fix this by using more precise division via ktime_us_delta().
Fixes: e93e59ce5b "cpuidle: Replace ktime_get() with local_clock()"
Reported-by: Anton Blanchard <anton@samba.org>
Bisected-by: Shilpasri G Bhat <shilpa.bhat@linux.vnet.ibm.com>
Signed-off-by: Shreyas B. Prabhu <shreyas@linux.vnet.ibm.com>
Acked-by: Daniel Lezcano <daniel.lezcano@linaro.org>
Acked-by: Balbir Singh <bsingharora@gmail.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
The user timer tu->qused counter may go to a negative value when
multiple concurrent reads are performed since both the check and the
decrement of tu->qused are done in two individual locked contexts.
This results in bogus read outs, and the endless loop in the
user-space side.
The fix is to move the decrement of the tu->qused counter into the
same spinlock context as the zero-check of the counter.
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Per VT-d spec Section 10.4.2 ("Capability Register"), the maximum
number of possible domains is 64K; indeed this is the maximum value
that the cap_ndoms() macro will expand to. Since the value 65536
will not fix in a u16, the 'did' variable must be promoted to an
int, otherwise the test for < 65536 will always be true and the
loop will never end.
The symptom, in my case, was a hung machine during suspend.
Fixes: 3bd4f9112f ("iommu/vt-d: Fix overflow of iommu->domains array")
Signed-off-by: Aaron Campbell <aaron@monkey.org>
Signed-off-by: Joerg Roedel <jroedel@suse.de>
Pull fuse fix from Miklos Szeredi:
"This makes sure userspace filesystems are not broken by the parallel
lookups and readdir feature"
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse:
fuse: serialize dirops by default
Pull overlayfs fixes from Miklos Szeredi:
"This contains fixes for a dentry leak, a regression in 4.6 noticed by
Docker users and missing write access checking in truncate"
* 'overlayfs-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs:
ovl: warn instead of error if d_type is not supported
ovl: get_write_access() in truncate
ovl: fix dentry leak for default_permissions
This patch updates the event constraints for non-PEBS mode for
Intel Broadwell and Skylake processors. When HT is off, each
CPU gets 8 generic counters. However, not all events can be
programmed on any of the 8 counters. This patch adds the
constraints for the MEM_* events which can only be measured on the
bottom 4 counters. The constraints are also valid when HT is off
because, then, there are only 4 generic counters and they are the
bottom counters.
Signed-off-by: Stephane Eranian <eranian@google.com>
Cc: Alexander Shishkin <alexander.shishkin@linux.intel.com>
Cc: Arnaldo Carvalho de Melo <acme@redhat.com>
Cc: Jiri Olsa <jolsa@redhat.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Vince Weaver <vincent.weaver@maine.edu>
Cc: kan.liang@intel.com
Link: http://lkml.kernel.org/r/1467411742-13245-1-git-send-email-eranian@google.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
overlay needs underlying fs to support d_type. Recently I put in a
patch in to detect this condition and started failing mount if
underlying fs did not support d_type.
But this breaks existing configurations over kernel upgrade. Those who
are running docker (partially broken configuration) with xfs not
supporting d_type, are surprised that after kernel upgrade docker does
not run anymore.
https://github.com/docker/docker/issues/22937#issuecomment-229881315
So instead of erroring out, detect broken configuration and warn
about it. This should allow existing docker setups to continue
working after kernel upgrade.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Fixes: 45aebeaf4f ("ovl: Ensure upper filesystem supports d_type")
Cc: <stable@vger.kernel.org> 4.6
Pull MIPS fix from Ralf Baechle:
"Only a single fix for 4.7 pending at this point. It fixes an issue
that may lead to corruption of the cache mode bits in the page table"
* 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus:
MIPS: Fix possible corruption of cache mode by mprotect.
- tm: Always reclaim in start_thread() for exec() class syscalls from Cyril Bur
- tm: Avoid SLB faults in treclaim/trecheckpoint when RI=0 from Michael Neuling
- eeh: Fix wrong argument passed to eeh_rmv_device() from Gavin Shan
- Initialise pci_io_base as early as possible from Darren Stevens
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJXeEmsAAoJEFHr6jzI4aWAwMMQAKs/u9rwB3gpOkNJSHajN1Dd
kdqDufzLxLDwbWnMfqM1+bcO2EOjPhKbtpbzhG6oeiET8undRRoLsjHS5rZeYK5h
cviRPEJ/Yz8ZWaIgFGI8+02gXwU0MJhuTY8NPexXmsh4FRdKYwEuCIJShl30lg22
P7UrJ2SCNM+H/uZyS07B7thiwBeAKSp6VkLTpuW/QDz2j1ra/F22dTh7c0Agdahd
INAMAnh9nYeuMVYn4XjOOlQ07JnBTuf1/W5Wxlw4i/86rVq+Hy8zh5r1X52oysR5
lZl63B9q3agKG9cc9lSN2ibTDVerlFMwB2QysX2a6Uy7+y2SB3hS7VS1RTXCh3hg
/omApGGVW3Hh+E2CuKfFLQySU55NRpLAoTGravGr/KsH4wZP/n/fkrctldCrqm7P
sTPT52+t+iJQk4fiskRY3yQ7DTTnt3rTC8MJRGqvLuCheolLll4NQaWOF75AJP+7
WFWtC4QHOTPERMkhqLnZDG2vNuDg1H8chuZ2+PxtIs6G1vuOEun+MTZAYh4u6XWE
bAIT9rV3xBdE17bzYOQz7lU1y7yNVtP7xkm0HIOAHlU4gUrjQp5u8F3TnPW3/M0m
8GeaZdrPjhsaNg31YZODAeM8Ddf+N9d2a2VPIr/fzytURhMe0ss3Z/MdMoYRATab
Lh1o+G3gDo9MVaphoJ3w
=oEAY
-----END PGP SIGNATURE-----
Merge tag 'powerpc-4.7-5' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux
Pull powerpc fixes from Michael Ellerman:
- tm: Always reclaim in start_thread() for exec() class syscalls from
Cyril Bur
- tm: Avoid SLB faults in treclaim/trecheckpoint when RI=0 from Michael
Neuling
- eeh: Fix wrong argument passed to eeh_rmv_device() from Gavin Shan
- Initialise pci_io_base as early as possible from Darren Stevens
* tag 'powerpc-4.7-5' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux:
powerpc: Initialise pci_io_base as early as possible
powerpc/tm: Avoid SLB faults in treclaim/trecheckpoint when RI=0
powerpc/eeh: Fix wrong argument passed to eeh_rmv_device()
powerpc/tm: Always reclaim in start_thread() for exec() class syscalls
When initializing the PHY control register, the FIFO depth bits are
written without reading the previous register value, i.e. all other
bits are overwritten with zero. This disables automatic MDI-X
configuration, which is enabled by default. Fix initialization by doing
a read/modify/write operation.
Signed-off-by: Stefan Hauser <stefan@shauser.net>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
The interrupt worker code for the enc28j60 relies only on the TXIF flag to
determinate if the packet transmission was completed. However the datasheet
specifies in section 12.1.3 that TXERIF will clear the TXRTS after a
transmit abort. Also in section 12.1.4 that TXIF will be set
when TXRTS transitions from '1' to '0'. Therefore the TXIF flag is enabled
during transmission errors.
This causes a race condition, since the worker code will invoke
enc28j60_tx_clear() -> netif_wake_queue(), potentially invoking the
ndo_start_xmit function to send a new packet. The enc28j60_send_packet function
uses a workqueue that invokes enc28j60_hw_tx(). In between this function is
called, the worker from the interrupt handler will enter the path for error
handler because of the TXERIF flag, causing to invoke enc28j60_tx_clear() again
and releasing the packet scheduled for transmission, causing a kernel crash with
due a NULL pointer.
These crashes due a NULL pointer were observed under stress conditions of the
device. A BUG_ON() sequence was used to validate the issue was fixed, and has
been running without problems for 2 years now.
Signed-off-by: Diego Dompe <dompe@hpe.com>
Acked-by: Sergio Valverde <sergio.valverde@hpe.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
(resent due to overhelpful mail client corrupting patch)
At least on Meson GXBB, the CORE_IRQ_MTL_RX_OVERFLOW interrupt is thrown
with the stmmac1000 driver, which does not support set_rx_tail_ptr. With
this patch and the clock fixes, 1G ethernet works on ODROID-C2.
Signed-off-by: Matt Corallo <git@bluematt.me>
Signed-off-by: David S. Miller <davem@davemloft.net>
Pull drm fixes frlm Dave Airlie:
"Just some AMD and Intel fixes, the AMD ones are further production
Polaris fixes, and the Intel ones fix some early timeouts, some PCI ID
changes and a couple of other fixes.
Still a bit Internet challenged here, hopefully end of next week will
solve it"
* tag 'drm-fixes-for-v4.7-rc6' of git://people.freedesktop.org/~airlied/linux:
drm/i915: Fix missing unlock on error in i915_ppgtt_info()
drm/amd/powerplay: workaround for UVD clock issue
drm/amdgpu: add ACLK_CNTL setting for polaris10
drm/amd/powerplay: fix issue uvd dpm can't enabled on Polaris11.
drm/amd/powerplay: Workaround for Memory EDC Error on Polaris10.
drm/i915: Removing PCI IDs that are no longer listed as Kabylake.
drm/i915: Add more Kabylake PCI IDs.
drm/i915: Avoid early timeout during AUX transfers
drm/i915/hsw: Avoid early timeout during LCPLL disable/restore
drm/i915/lpt: Avoid early timeout during FDI PHY reset
drm/i915/bxt: Avoid early timeout during PLL enable
drm/i915: Refresh cached DP port register value on resume
drm/amd/powerplay: Update CKS on/ CKS off voltage offset calculation
drm/amd/powerplay: disable FFC.
drm/amd/powerplay: add some definition for FFC feature on polaris.
A few small driver-specific fixes for SPI, all in the normal important
if you hit them category especially the rockchip driver fix which
addresses a race which has been exposed more frequently with some recent
performance improvements.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJXd4PmAAoJECTWi3JdVIfQ0A4H/1D1m/bsdAY0FS12YQteV1GQ
JYUvj/CWNiuV1MSqIU0WWrlMFO9EwtsojytLIfmGNPXUvPMSpW/Q3IJqhRrQWhmN
Zl1FUUUIz+sGBsqwq6nZbDJxJhpT6/Tb7YDFR6Oi4l7VeB4Sisv5ax6Ay+uwa/mp
cvrb/ULILLCHAv0v+6rSjIkZlvD1Yc+08SbbUrTPtVdcY0TDbJEkZ+U2IviCsxmP
PuqdPUgFIEy7j+hnbEib24f5BNZ/m1a0DY012+es7fSkD5DVa2h71kxS54RC6QYn
BkkMdK7moflBpbipKlI/eBPz73eePO9SxBwUZFLSUzG4DJEJE2mKKRVyU2LHpGA=
=uU1M
-----END PGP SIGNATURE-----
Merge tag 'spi-fix-v4.7-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi
Pull spi fixes from Mark Brown:
"A few small driver-specific fixes for SPI, all in the normal important
if you hit them category especially the rockchip driver fix which
addresses a race which has been exposed more frequently with some
recent performance improvements"
* tag 'spi-fix-v4.7-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi:
spi: sunxi: fix transfer timeout
spi: sun4i: fix FIFO limit
spi: rockchip: Signal unfinished DMA transfers
spi: spi-ti-qspi: Suspend the queue before removing the device
Two small fixes for the regulator subsystem - one fixing a crash with
one of the devices supported by the max77620 driver, another fixing
startup for the anatop regulator when it starts up with the regulator in
bypass mode.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJXd4GeAAoJECTWi3JdVIfQ+g8H/jpOOKEri6SVaatEbk2J33oA
YD6EpSV4BRVGQRRLSY11tz3Md45xPLhe47kRpT1antgplKVEAJYARGYGVLmCovGz
nFXqbQzeTvxs6o6UdrkJlFLDmn4yZgrL4MqhjfxLUzX+Yz/3neQZq6KhESCWKphT
WPBrNa90s0j+nBCGJV0LxcuoZiKt6th/GUjr0gngepckrg3gIxJJyRVvtE9iVyip
JYdVTfHt/aYJihIdKAPnXa4M9Ky5KY8ZNTySYcyUaXT3VLDK/UNFFO25q4Nw6F5a
6XgcjwcFYDpZitf7pQYYfoobDbgTJ1XllPujEP82rIafruAvAKtfORHnvVJfRlU=
=ZA94
-----END PGP SIGNATURE-----
Merge tag 'regulator-fix-v4.7-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator
Pull regulator fixes from Mark Brown:
"Two small fixes for the regulator subsystem - one fixing a crash with
one of the devices supported by the max77620 driver, another fixing
startup for the anatop regulator when it starts up with the regulator
in bypass mode"
* tag 'regulator-fix-v4.7-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator:
regulator: max77620: check for valid regulator info
regulator: anatop: allow regulator to be in bypass mode
rockchip clk driver fixes for newly added rk3399 support.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAABCAAGBQJXdwP4AAoJEK0CiJfG5JUlG8oP/R+kfW2OBvwrJ4ubGnl68obU
PoLqATqi9S3Zq7nEd4B04+SQT4OBgj63YnCAEwJY9D7KSCoJNYL9nML9FzB/MCiC
R2Yune3PIsaEuZFZObnURGO5eRxyZqSJEGgzck1LXwrX/BCyrVHGYsJ0EWm2exZo
zp8YPpM73oILwwCJGivVATNWXFT9HtQ1nfxAmH/e288t6nNuCnXPJf7PLm1t6ERF
fjQiPRILodQqB3OtKEYvEv2z682RC0Zivwv6O/dd0FEG33aXB2VgAlCz8Ttp/brf
fFV5L+i7XjDGDyBcZR2dYCOGwx42XYFOKvUpK+ePnbD0x23V3MSjwFU4yeItZlnD
3PKO0lIJgbRjMtL4a03iWLzcaxDEbMb+/RVPMUtUWoGyId9l2S+cUblB7NuzTfLL
RnTu6ttUSh3IY81eiAkrDRjafdAkswOf3lJweg+Rx2OZhzaKX0UcpDBaeUdzdqx6
lxZ8chv8zYnfjgYUEu2jYvIIM/0VoHZgDmvarNRMreATPaOYqDMTfwsGZeTYcvNU
qZhpNmue3c1cKGAYwzO3elB3KwhuB+83DVXGJu+6/RabbSk3OTMhaGwIH1NSQeCj
nStb6C9h+Mog9ZTFukUlx7js6d0O8GmjlT4crlWxJ4QGdDvS2j7/hT53e8uK7SLl
N5WzJrO9szvkZ8ZC9/LI
=fAAu
-----END PGP SIGNATURE-----
Merge tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux
Pull clk fixes from Stephen Boyd:
"A small fix for the newly added oxnas clk driver and a handful of
rockchip clk driver fixes for newly added rk3399 support"
* tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux:
clk: Fix return value check in oxnas_stdclk_probe()
clk: rockchip: release io resource when failing to init clk on rk3399
clk: rockchip: fix cpuclk registration error handling
clk: rockchip: Revert "clk: rockchip: reset init state before mmc card initialization"
clk: rockchip: fix incorrect parent for rk3399's {c,g}pll_aclk_perihp_src
clk: rockchip: mark rk3399 GIC clocks as critical
clk: rockchip: initialize flags of clk_init_data in mmc-phase clock
A small clutch of hardware specific fixes for various ASoC devices, all
small individually and important if you have that device but not
otherwise.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJXd39qAAoJECTWi3JdVIfQFPEH/0EkO4NyV5Lwe6vgiLL/MBxF
Quo7Q9qG7c5TGob1Jsqs1xnacxR194xSs6hnIKD3E7QqtdHMBXpOdUnphniD7/I6
NFP0/b+/leFabXN9DH/Bd8+1csC1mAeYbqzvjRYKU1obag6MrF5+YNiK0QaUyVY2
nqCrdD6O8Ko3LCdsriWv0vj+cSekVsz5KlCB2Ob0RuPu+v/1GmYcjBcy8ILl2y41
KL+s4H5K/H5gG+WAFBict94pa4Ag4BFDJc22/wAeAjCGPA1tlN6SJicqYTFDpzRA
9Wr6kAPN3JaHqDZVeRpDt8z0QyTLpvYB68D3PNw3vCFcbBnCsjDSGw7Fmfyj1AI=
=/0YH
-----END PGP SIGNATURE-----
Merge tag 'asoc-fix-v4.7-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus
ASoC: Fixes for v4.7
A small clutch of hardware specific fixes for various ASoC devices, all
small individually and important if you have that device but not
otherwise.
here's a batch of i915 fixes for 4.7.
* tag 'drm-intel-fixes-2016-06-30' of git://anongit.freedesktop.org/drm-intel:
drm/i915: Fix missing unlock on error in i915_ppgtt_info()
drm/i915: Removing PCI IDs that are no longer listed as Kabylake.
drm/i915: Add more Kabylake PCI IDs.
drm/i915: Avoid early timeout during AUX transfers
drm/i915/hsw: Avoid early timeout during LCPLL disable/restore
drm/i915/lpt: Avoid early timeout during FDI PHY reset
drm/i915/bxt: Avoid early timeout during PLL enable
drm/i915: Refresh cached DP port register value on resume
Just a few more late fixes for Polaris cards.
* 'drm-fixes-4.7' of git://people.freedesktop.org/~agd5f/linux:
drm/amd/powerplay: workaround for UVD clock issue
drm/amdgpu: add ACLK_CNTL setting for polaris10
drm/amd/powerplay: fix issue uvd dpm can't enabled on Polaris11.
drm/amd/powerplay: Workaround for Memory EDC Error on Polaris10.
drm/amd/powerplay: Update CKS on/ CKS off voltage offset calculation
drm/amd/powerplay: disable FFC.
drm/amd/powerplay: add some definition for FFC feature on polaris.
The following testcase may result in a page table entries with a invalid
CCA field being generated:
static void *bindstack;
static int sysrqfd;
static void protect_low(int protect)
{
mprotect(bindstack, BINDSTACK_SIZE, protect);
}
static void sigbus_handler(int signal, siginfo_t * info, void *context)
{
void *addr = info->si_addr;
write(sysrqfd, "x", 1);
printf("sigbus, fault address %p (should not happen, but might)\n",
addr);
abort();
}
static void run_bind_test(void)
{
unsigned int *p = bindstack;
p[0] = 0xf001f001;
write(sysrqfd, "x", 1);
/* Set trap on access to p[0] */
protect_low(PROT_NONE);
write(sysrqfd, "x", 1);
/* Clear trap on access to p[0] */
protect_low(PROT_READ | PROT_WRITE | PROT_EXEC);
write(sysrqfd, "x", 1);
/* Check the contents of p[0] */
if (p[0] != 0xf001f001) {
write(sysrqfd, "x", 1);
/* Reached, but shouldn't be */
printf("badness, shouldn't happen but does\n");
abort();
}
}
int main(void)
{
struct sigaction sa;
sysrqfd = open("/proc/sysrq-trigger", O_WRONLY);
if (sigprocmask(SIG_BLOCK, NULL, &sa.sa_mask)) {
perror("sigprocmask");
return 0;
}
sa.sa_sigaction = sigbus_handler;
sa.sa_flags = SA_SIGINFO | SA_NODEFER | SA_RESTART;
if (sigaction(SIGBUS, &sa, NULL)) {
perror("sigaction");
return 0;
}
bindstack = mmap(NULL,
BINDSTACK_SIZE,
PROT_READ | PROT_WRITE | PROT_EXEC,
MAP_PRIVATE | MAP_ANONYMOUS, -1, 0);
if (bindstack == MAP_FAILED) {
perror("mmap bindstack");
return 0;
}
printf("bindstack: %p\n", bindstack);
run_bind_test();
printf("done\n");
return 0;
}
There are multiple ingredients for this:
1) PAGE_NONE is defined to _CACHE_CACHABLE_NONCOHERENT, which is CCA 3
on all platforms except SB1 where it's CCA 5.
2) _page_cachable_default must have bits set which are not set
_CACHE_CACHABLE_NONCOHERENT.
3) Either the defective version of pte_modify for XPA or the standard
version must be in used. However pte_modify for the 36 bit address
space support is no affected.
In that case additional bits in the final CCA mode may generate an invalid
value for the CCA field. On the R10000 system where this was tracked
down for example a CCA 7 has been observed, which is Uncached Accelerated.
Fixed by:
1) Using the proper CCA mode for PAGE_NONE just like for all the other
PAGE_* pte/pmd bits.
2) Fix the two affected variants of pte_modify.
Further code inspection also shows the same issue to exist in pmd_modify
which would affect huge page systems.
Issue in pte_modify tracked down by Alastair Bridgewater, PAGE_NONE
and pmd_modify issue found by me.
The history of this goes back beyond Linus' git history. Chris Dearman's
commit 351336929c ("[MIPS] Allow setting of
the cache attribute at run time.") missed the opportunity to fix this
but it was originally introduced in lmo commit
d523832cf12007b3242e50bb77d0c9e63e0b6518 ("Missing from last commit.")
and 32cc38229ac7538f2346918a09e75413e8861f87 ("New configuration option
CONFIG_MIPS_UNCACHED.")
Signed-off-by: Ralf Baechle <ralf@linux-mips.org>
Reported-by: Alastair Bridgewater <alastair.bridgewater@gmail.com>
Since commit 103544d869 (ACPI,PCI,IRQ: reduce resource requirements)
the penalty values are calculated on the fly rather than at boot time.
This works fine for PCI interrupts but not so well for ISA interrupts.
The information on whether or not an ISA interrupt is in use is not
available to the pci_link.c code directly. That information is
obtained from the outside via acpi_penalize_isa_irq(). [If its
"active" argument is true, then the IRQ is in use by ISA.]
Since the current code relies on PCI Link objects for determination
of penalties, we are factoring in the PCI penalty twice after
acpi_penalize_isa_irq() function is called.
To avoid that, limit the newly added functionality to just PCI
interrupts so that old behavior is still maintained.
Fixes: 103544d869 (ACPI,PCI,IRQ: reduce resource requirements)
Signed-off-by: Sinan Kaya <okaya@codeaurora.org>
Tested-by: Wim Osterholt <wim@djo.tudelft.nl>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Trying to make the ISA and PCI init functionality common turned out
to be a bad idea, because the ISA path depends on external
functionality.
Restore the previous behavior and limit the refactoring to PCI
interrupts only.
Fixes: 1fcb6a813c "ACPI,PCI,IRQ: remove redundant code in acpi_irq_penalty_init()"
Signed-off-by: Sinan Kaya <okaya@codeaurora.org>
Tested-by: Wim Osterholt <wim@djo.tudelft.nl>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
The change introduced in commit 103544d869 (ACPI,PCI,IRQ: reduce
resource requirements) omitted the initially applied PCI_POSSIBLE
penalty when the IRQ is active.
Incorrect calculation of the penalty leads the ACPI code to assigning
a wrong interrupt number to a PCI INTx interrupt.
This would not be as bad as it sounds in theory. It would just cause
the interrupts to be shared and result in performance penalty.
However, some drivers (like the parallel port driver) don't like
interrupt sharing and in the above case they will causes all of
the PCI drivers wanting to share the interrupt to be unable to
request it.
The issue has not been caught in testing because the behavior is
platform-specific and depends on the peripherals ending up sharing
the IRQ and their drivers.
Before the above commit the code would add the PCI_POSSIBLE value
divided by the number of possible IRQ users to the IRQ penalty
during initialization.
Later in that code path, if the IRQ is chosen as the active IRQ or
if it is used by ISA; additional penalties are added.
Fixes: 103544d869 (ACPI,PCI,IRQ: reduce resource requirements)
Signed-off-by: Sinan Kaya <okaya@codeaurora.org>
Tested-by: Wim Osterholt <wim@djo.tudelft.nl>
[ rjw: Changelog ]
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
Fix an expression in the ACPI PCI IRQ management code added by a
recent commit that overlooked missing parens in it, so the result
of the computation is incorrect in some cases (Sinan Kaya).
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQIcBAABCAAGBQJXdtScAAoJEILEb/54YlRx5r4P/AwWjfh3wPsDCXCajSkiqR7b
raPnXYXvVhEC4ZfqLpuID1sk/DzQL/MZmkFpB8PUYkf1onOKXcd9MDsyiVdOuJi/
gqP64yzGI+n79qq4u+vhUlujsDH11X8WtKxNQoZWWdHoLR5o/qhYA4c3kZ0yjzim
uD/3GWtXsmbPMyBMJjOIFJLFpj3DgizxER3PUL0WdX1XB8YXX/e16WT4+8IkHVru
mM8Mk389+iQoKfDgWAL9ImOcfY9xXh0IPkKF/kHT2D0CG4qHfjGWUfu124hu83Fp
YGIhcmX0De5cwb3PchQ4Uga2U4KbzKgAhW574RFD+pCmY5EX/fjYDaPPCU4Gctzf
RNTG3JIS+mpR2maC+t73lJUanQSxS4GahXtEGfJ7ci3q85sIXuX5GSqd9CkXScCZ
/0Ww+xjiXyeo1EE/PFC0rXZT7h5bzCdpqWbUUhcSDnFKj8TLz/LjiNd6vCFZAVUF
G/7p9rY2n+Nid8j7DVITKcYS6HuaucKOTGKbPp7P3HBXc5N3d5vqrSrVcwQ/Yi+g
hwaoDle506BUvTgIwrjCEPBRFRmFz8uRHOMMbpugzYZm2Kn5UUF3Za358NqI6pYR
LiosgEiCXYFQScDeFOV5QD9hRGRoWaL6C54po1d459MGjqgwDt4lolbOhy7BIWXj
pJMmdHbczB0VT6KRyYxs
=r8BR
-----END PGP SIGNATURE-----
Merge tag 'acpi-4.7-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm
Pull ACPI fix from Rafael Wysocki:
"Fix an expression in the ACPI PCI IRQ management code added by a
recent commit that overlooked missing parens in it, so the result of
the computation is incorrect in some cases (Sinan Kaya)"
* tag 'acpi-4.7-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm:
ACPI,PCI,IRQ: correct operator precedence
Martin KaFai Lau