[PATCH 8/8] staging: rts5208: fix style warnings in xd.c
This patch fixes the following checkpatch.pl warning in xd.c: WARNING: else is not generally useful after a break or return It also makes code more uniform with the new changes Signed-off-by: Sergio Paracuellos--- drivers/staging/rts5208/xd.c | 38 ++ 1 file changed, 14 insertions(+), 24 deletions(-) diff --git a/drivers/staging/rts5208/xd.c b/drivers/staging/rts5208/xd.c index ff423fa..1de02bb 100644 --- a/drivers/staging/rts5208/xd.c +++ b/drivers/staging/rts5208/xd.c @@ -1622,10 +1622,8 @@ static int xd_read_multiple_pages(struct rtsx_chip *chip, u32 phy_blk, u8 reg_val, page_cnt; int zone_no, retval, i; - if (start_page > end_page) { - rtsx_trace(chip); - return STATUS_FAIL; - } + if (start_page > end_page) + goto Status_Fail; page_cnt = end_page - start_page; zone_no = (int)(log_blk / 1000); @@ -1641,8 +1639,7 @@ static int xd_read_multiple_pages(struct rtsx_chip *chip, u32 phy_blk, if (detect_card_cd(chip, XD_CARD) != STATUS_SUCCESS) { xd_set_err_code(chip, XD_NO_CARD); - rtsx_trace(chip); - return STATUS_FAIL; + goto Status_Fail; } } } @@ -1677,8 +1674,7 @@ static int xd_read_multiple_pages(struct rtsx_chip *chip, u32 phy_blk, if (retval == -ETIMEDOUT) { xd_set_err_code(chip, XD_TO_ERROR); - rtsx_trace(chip); - return STATUS_FAIL; + goto Status_Fail; } else { rtsx_trace(chip); goto Fail; @@ -1711,8 +1707,7 @@ static int xd_read_multiple_pages(struct rtsx_chip *chip, u32 phy_blk, if (detect_card_cd(chip, XD_CARD) != STATUS_SUCCESS) { xd_set_err_code(chip, XD_NO_CARD); - rtsx_trace(chip); - return STATUS_FAIL; + goto Status_Fail; } xd_set_err_code(chip, XD_ECC_ERROR); @@ -1720,8 +1715,7 @@ static int xd_read_multiple_pages(struct rtsx_chip *chip, u32 phy_blk, new_blk = xd_get_unused_block(chip, zone_no); if (new_blk == NO_NEW_BLK) { XD_CLR_BAD_OLDBLK(xd_card); - rtsx_trace(chip); - return STATUS_FAIL; + goto Status_Fail; } retval = xd_copy_page(chip, phy_blk, new_blk, 0, @@ -1735,8 +1729,7 @@ static int xd_read_multiple_pages(struct rtsx_chip *chip, u32 phy_blk, XD_CLR_BAD_NEWBLK(xd_card); } XD_CLR_BAD_OLDBLK(xd_card); - rtsx_trace(chip); - return STATUS_FAIL; + goto Status_Fail; } xd_set_l2p_tbl(chip, zone_no, log_off, (u16)(new_blk & 0x3FF)); xd_erase_block(chip, phy_blk); @@ -1744,6 +1737,7 @@ static int xd_read_multiple_pages(struct rtsx_chip *chip, u32 phy_blk, XD_CLR_BAD_OLDBLK(xd_card); } +Status_Fail: rtsx_trace(chip); return STATUS_FAIL; } @@ -1842,10 +1836,8 @@ static int xd_write_multiple_pages(struct rtsx_chip *chip, u32 old_blk, dev_dbg(rtsx_dev(chip), "%s, old_blk = 0x%x, new_blk = 0x%x, log_blk = 0x%x\n", __func__, old_blk, new_blk, log_blk); - if (start_page > end_page) { - rtsx_trace(chip); - return STATUS_FAIL; - } + if (start_page > end_page) + goto Status_Fail; page_cnt = end_page - start_page; zone_no = (int)(log_blk / 1000); @@ -1854,10 +1846,8 @@ static int xd_write_multiple_pages(struct rtsx_chip *chip, u32 old_blk, page_addr = (new_blk << xd_card->block_shift) + start_page; retval = xd_send_cmd(chip, READ1_1); - if (retval != STATUS_SUCCESS) { - rtsx_trace(chip); - return STATUS_FAIL; - } + if (retval != STATUS_SUCCESS) + goto Status_Fail; rtsx_init_cmd(chip); @@ -1892,8 +1882,7 @@ static int xd_write_multiple_pages(struct rtsx_chip *chip, u32 old_blk, if (retval == -ETIMEDOUT) { xd_set_err_code(chip, XD_TO_ERROR); - rtsx_trace(chip); - return STATUS_FAIL; + goto Status_Fail; } else { rtsx_trace(chip); goto Fail; @@ -1933,6 +1922,7 @@ static int xd_write_multiple_pages(struct rtsx_chip *chip, u32 old_blk, xd_mark_bad_block(chip, new_blk);
[PATCH 6/8] staging: rts5208: fix style warnings in spi.c
This patch fixes the following checkpatch.pl warning in spi.c: WARNING: line over 80 characters Signed-off-by: Sergio Paracuellos--- drivers/staging/rts5208/spi.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/staging/rts5208/spi.c b/drivers/staging/rts5208/spi.c index 26eb2a1..13c539c 100644 --- a/drivers/staging/rts5208/spi.c +++ b/drivers/staging/rts5208/spi.c @@ -39,7 +39,8 @@ static int spi_init(struct rtsx_chip *chip) int retval; retval = rtsx_write_register(chip, SPI_CONTROL, 0xFF, -CS_POLARITY_LOW | DTO_MSB_FIRST | SPI_MASTER | SPI_MODE0 | SPI_AUTO); +CS_POLARITY_LOW | DTO_MSB_FIRST +| SPI_MASTER | SPI_MODE0 | SPI_AUTO); if (retval) { rtsx_trace(chip); return retval; -- 1.9.1
[PATCH] Bluetooth: btwilink: Save the packet type before sending
Running with KASAN produces some messages: BUG: KASAN: use-after-free in ti_st_send_frame+0x9c/0x16c at addr ffc064868fe8 Read of size 1 by task kworker/u17:1/1266 Hardware name: HiKey Development Board (DT) Workqueue: hci0 hci_cmd_work Call trace: [] dump_backtrace+0x0/0x178 [] show_stack+0x20/0x28 [] dump_stack+0xa8/0xe0 [] print_trailer+0x110/0x174 [] object_err+0x4c/0x5c [] kasan_report_error+0x254/0x54c [] kasan_report+0x64/0x70 [] __asan_load1+0x4c/0x54 [] ti_st_send_frame+0x9c/0x16c [] hci_send_frame+0xb4/0x118 [] hci_cmd_work+0xcc/0x154 [] process_one_work+0x26c/0x7a4 [] worker_thread+0x9c/0x73c [] kthread+0x138/0x154 [] ret_from_fork+0x10/0x40 The packet is being accessed for statistics after it has been freed. Save the packet type before sending for statistics afterwards. Signed-off-by: Laura Abbott--- Originally found and tested on 4.4 based branch. --- drivers/bluetooth/btwilink.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/bluetooth/btwilink.c b/drivers/bluetooth/btwilink.c index 485281b..ef51c9c 100644 --- a/drivers/bluetooth/btwilink.c +++ b/drivers/bluetooth/btwilink.c @@ -245,6 +245,7 @@ static int ti_st_send_frame(struct hci_dev *hdev, struct sk_buff *skb) { struct ti_st *hst; long len; + int pkt_type; hst = hci_get_drvdata(hdev); @@ -258,6 +259,7 @@ static int ti_st_send_frame(struct hci_dev *hdev, struct sk_buff *skb) * Freeing skb memory is taken care in shared transport layer, * so don't free skb memory here. */ + pkt_type = hci_skb_pkt_type(skb); len = hst->st_write(skb); if (len < 0) { kfree_skb(skb); @@ -268,7 +270,7 @@ static int ti_st_send_frame(struct hci_dev *hdev, struct sk_buff *skb) /* ST accepted our skb. So, Go ahead and do rest */ hdev->stat.byte_tx += len; - ti_st_tx_complete(hst, hci_skb_pkt_type(skb)); + ti_st_tx_complete(hst, pkt_type); return 0; } -- 2.7.4
[PATCH 5/8] staging: rts5208: fix style warnings in rtsx_sys.h
This patch fixes the following checkpatch.pl warning in rtsx_sys.h: WARNING: do not add new typedefs Signed-off-by: Sergio Paracuellos--- drivers/staging/rts5208/rtsx_sys.h | 2 -- 1 file changed, 2 deletions(-) diff --git a/drivers/staging/rts5208/rtsx_sys.h b/drivers/staging/rts5208/rtsx_sys.h index 0b6b4d4..f49bed9 100644 --- a/drivers/staging/rts5208/rtsx_sys.h +++ b/drivers/staging/rts5208/rtsx_sys.h @@ -28,8 +28,6 @@ #include "rtsx_chip.h" #include "rtsx_card.h" -typedef dma_addr_t ULONG_PTR; - static inline void rtsx_exclusive_enter_ss(struct rtsx_chip *chip) { struct rtsx_dev *dev = chip->rtsx; -- 1.9.1
[PATCH 7/8] staging: rts5208: fix style warnings in sd.c
This patch fixes the following checkpatch.pl warning in sd.c: WARNING: else is not generally useful after a break or return It also makes code more uniform with the new changes Signed-off-by: Sergio Paracuellos--- drivers/staging/rts5208/sd.c | 173 +++ 1 file changed, 61 insertions(+), 112 deletions(-) diff --git a/drivers/staging/rts5208/sd.c b/drivers/staging/rts5208/sd.c index e72c432..b0bbb36 100644 --- a/drivers/staging/rts5208/sd.c +++ b/drivers/staging/rts5208/sd.c @@ -2588,16 +2588,12 @@ static int reset_sd(struct rtsx_chip *chip) #endif retval = sd_prepare_reset(chip); - if (retval != STATUS_SUCCESS) { - rtsx_trace(chip); - return STATUS_FAIL; - } + if (retval != STATUS_SUCCESS) + goto Status_Fail; retval = sd_dummy_clock(chip); - if (retval != STATUS_SUCCESS) { - rtsx_trace(chip); - return STATUS_FAIL; - } + if (retval != STATUS_SUCCESS) + goto Status_Fail; if (CHK_SDIO_EXIST(chip) && !CHK_SDIO_IGNORED(chip) && try_sdio) { int rty_cnt = 0; @@ -2605,8 +2601,7 @@ static int reset_sd(struct rtsx_chip *chip) for (; rty_cnt < chip->sdio_retry_cnt; rty_cnt++) { if (detect_card_cd(chip, SD_CARD) != STATUS_SUCCESS) { sd_set_err_code(chip, SD_NO_CARD); - rtsx_trace(chip); - return STATUS_FAIL; + goto Status_Fail; } retval = sd_send_cmd_get_rsp(chip, IO_SEND_OP_COND, 0, @@ -2618,8 +2613,7 @@ static int reset_sd(struct rtsx_chip *chip) dev_dbg(rtsx_dev(chip), "SD_IO card (Function number: %d)!\n", func_num); chip->sd_io = 1; - rtsx_trace(chip); - return STATUS_FAIL; + goto Status_Fail; } break; @@ -2637,10 +2631,8 @@ static int reset_sd(struct rtsx_chip *chip) RTY_SD_RST: retval = sd_send_cmd_get_rsp(chip, GO_IDLE_STATE, 0, SD_RSP_TYPE_R0, NULL, 0); - if (retval != STATUS_SUCCESS) { - rtsx_trace(chip); - return STATUS_FAIL; - } + if (retval != STATUS_SUCCESS) + goto Status_Fail; wait_timeout(20); @@ -2658,10 +2650,8 @@ static int reset_sd(struct rtsx_chip *chip) retval = sd_send_cmd_get_rsp(chip, GO_IDLE_STATE, 0, SD_RSP_TYPE_R0, NULL, 0); - if (retval != STATUS_SUCCESS) { - rtsx_trace(chip); - return STATUS_FAIL; - } + if (retval != STATUS_SUCCESS) + goto Status_Fail; wait_timeout(20); } @@ -2672,39 +2662,32 @@ static int reset_sd(struct rtsx_chip *chip) if (retval != STATUS_SUCCESS) { if (detect_card_cd(chip, SD_CARD) != STATUS_SUCCESS) { sd_set_err_code(chip, SD_NO_CARD); - rtsx_trace(chip); - return STATUS_FAIL; + goto Status_Fail; } j++; - if (j < 3) { + if (j < 3) goto RTY_SD_RST; - } else { - rtsx_trace(chip); - return STATUS_FAIL; - } + else + goto Status_Fail; } retval = sd_send_cmd_get_rsp(chip, SD_APP_OP_COND, voltage, SD_RSP_TYPE_R3, rsp, 5); if (retval != STATUS_SUCCESS) { k++; - if (k < 3) { + if (k < 3) goto RTY_SD_RST; - } else { - rtsx_trace(chip); - return STATUS_FAIL; - } + else + goto Status_Fail; } i++; wait_timeout(20); } while (!(rsp[1] & 0x80) && (i < 255)); - if (i == 255) { - rtsx_trace(chip); - return STATUS_FAIL; - } + if (i == 255) + goto Status_Fail; if (hi_cap_flow) { if (rsp[1] & 0x40) @@ -2721,26 +2704,20
[PATCH 2/8] staging: rts5208: fix style warnings in rtsx.c
This patch fixes the following checkpatch.pl warning in rtsx.c: WARNING: Symbolic permissions are not preferred. Signed-off-by: Sergio Paracuellos--- drivers/staging/rts5208/rtsx.c | 12 ++-- 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/drivers/staging/rts5208/rtsx.c b/drivers/staging/rts5208/rtsx.c index d7554f4..5d65a5c 100644 --- a/drivers/staging/rts5208/rtsx.c +++ b/drivers/staging/rts5208/rtsx.c @@ -34,27 +34,27 @@ MODULE_LICENSE("GPL"); static unsigned int delay_use = 1; -module_param(delay_use, uint, S_IRUGO | S_IWUSR); +module_param(delay_use, uint, 0644); MODULE_PARM_DESC(delay_use, "seconds to delay before using a new device"); static int ss_en; -module_param(ss_en, int, S_IRUGO | S_IWUSR); +module_param(ss_en, int, 0644); MODULE_PARM_DESC(ss_en, "enable selective suspend"); static int ss_interval = 50; -module_param(ss_interval, int, S_IRUGO | S_IWUSR); +module_param(ss_interval, int, 0644); MODULE_PARM_DESC(ss_interval, "Interval to enter ss state in seconds"); static int auto_delink_en; -module_param(auto_delink_en, int, S_IRUGO | S_IWUSR); +module_param(auto_delink_en, int, 0644); MODULE_PARM_DESC(auto_delink_en, "enable auto delink"); static unsigned char aspm_l0s_l1_en; -module_param(aspm_l0s_l1_en, byte, S_IRUGO | S_IWUSR); +module_param(aspm_l0s_l1_en, byte, 0644); MODULE_PARM_DESC(aspm_l0s_l1_en, "enable device aspm"); static int msi_en; -module_param(msi_en, int, S_IRUGO | S_IWUSR); +module_param(msi_en, int, 0644); MODULE_PARM_DESC(msi_en, "enable msi"); static irqreturn_t rtsx_interrupt(int irq, void *dev_id); -- 1.9.1
Re: [PATCH v2 3/4] i2c: i801: Do not create iTCO watchdog when WDAT table exists
On Tue, Sep 20, 2016 at 03:30:53PM +0300, Mika Westerberg wrote: > ACPI WDAT table is the preferred way to use hardware watchdog over the > native iTCO_wdt. Windows only uses this table for its hardware watchdog > implementation so we should be relatively safe to trust it has been > validated by OEMs > > Prevent iTCO watchdog creation if we detect that there is ACPI WDAT table. > > Signed-off-by: Mika Westerberg> Reviewed-by: Guenter Roeck Acked-by: Wolfram Sang signature.asc Description: PGP signature
[PATCH 4.7 132/184] Revert "wext: Fix 32 bit iwpriv compatibility issue with 64 bit Kernel"
4.7-stable review patch. If anyone has any objections, please let me know. -- From: Johannes Bergcommit 4d0bd46a4d55383f7b925e6cf7865a77e0f0e020 upstream. This reverts commit 3d5fdff46c4b2b9534fa2f9fc78e90a48e0ff724. Ben Hutchings pointed out that the commit isn't safe since it assumes that the structure used by the driver is iw_point, when in fact there's no way to know about that. Fortunately, the only driver in the tree that ever runs this code path is the wilc1000 staging driver, so it doesn't really matter. Clearly I should have investigated this better before applying, sorry. Reported-by: Ben Hutchings Fixes: 3d5fdff46c4b ("wext: Fix 32 bit iwpriv compatibility issue with 64 bit Kernel") Signed-off-by: Johannes Berg Signed-off-by: Greg Kroah-Hartman --- net/wireless/wext-core.c | 25 ++--- 1 file changed, 2 insertions(+), 23 deletions(-) --- a/net/wireless/wext-core.c +++ b/net/wireless/wext-core.c @@ -958,29 +958,8 @@ static int wireless_process_ioctl(struct return private(dev, iwr, cmd, info, handler); } /* Old driver API : call driver ioctl handler */ - if (dev->netdev_ops->ndo_do_ioctl) { -#ifdef CONFIG_COMPAT - if (info->flags & IW_REQUEST_FLAG_COMPAT) { - int ret = 0; - struct iwreq iwr_lcl; - struct compat_iw_point *iwp_compat = (void *) >u.data; - - memcpy(_lcl, iwr, sizeof(struct iwreq)); - iwr_lcl.u.data.pointer = compat_ptr(iwp_compat->pointer); - iwr_lcl.u.data.length = iwp_compat->length; - iwr_lcl.u.data.flags = iwp_compat->flags; - - ret = dev->netdev_ops->ndo_do_ioctl(dev, (void *) _lcl, cmd); - - iwp_compat->pointer = ptr_to_compat(iwr_lcl.u.data.pointer); - iwp_compat->length = iwr_lcl.u.data.length; - iwp_compat->flags = iwr_lcl.u.data.flags; - - return ret; - } else -#endif - return dev->netdev_ops->ndo_do_ioctl(dev, ifr, cmd); - } + if (dev->netdev_ops->ndo_do_ioctl) + return dev->netdev_ops->ndo_do_ioctl(dev, ifr, cmd); return -EOPNOTSUPP; }
Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active
On 22/09/2016 19:46, Tom Lendacky wrote: >> > Do you mean, it is encrypted here because we're in the guest kernel? > Yes, the idea is that the SEV guest will be running encrypted from the > start, including the BIOS/UEFI, and so all of the EFI related data will > be encrypted. Unless this is part of some spec, it's easier if things are the same in SME and SEV. Paolo
[PATCH 4.7 077/184] iio: accel: bmc150: reset chip at init time
4.7-stable review patch. If anyone has any objections, please let me know. -- From: Olof Johanssoncommit 1c500840934a138bd6b13556c210516e9301fbee upstream. In at least one known setup, the chip comes up in a state where reading the chip ID returns garbage unless it's been reset, due to noise on the wires during system boot. All supported chips have the same reset method, and based on the datasheets they all need 1.3 or 1.8ms to recover after reset. So, do the conservative thing here and always reset the chip. Signed-off-by: Olof Johansson Reviewed-by: Srinivas Pandruvada Signed-off-by: Jonathan Cameron Signed-off-by: Greg Kroah-Hartman --- drivers/iio/accel/bmc150-accel-core.c | 11 +++ 1 file changed, 11 insertions(+) --- a/drivers/iio/accel/bmc150-accel-core.c +++ b/drivers/iio/accel/bmc150-accel-core.c @@ -67,6 +67,9 @@ #define BMC150_ACCEL_REG_PMU_BW0x10 #define BMC150_ACCEL_DEF_BW125 +#define BMC150_ACCEL_REG_RESET 0x14 +#define BMC150_ACCEL_RESET_VAL 0xB6 + #define BMC150_ACCEL_REG_INT_MAP_0 0x19 #define BMC150_ACCEL_INT_MAP_0_BIT_SLOPE BIT(2) @@ -1497,6 +1500,14 @@ static int bmc150_accel_chip_init(struct int ret, i; unsigned int val; + /* +* Reset chip to get it in a known good state. A delay of 1.8ms after +* reset is required according to the data sheets of supported chips. +*/ + regmap_write(data->regmap, BMC150_ACCEL_REG_RESET, +BMC150_ACCEL_RESET_VAL); + usleep_range(1800, 2500); + ret = regmap_read(data->regmap, BMC150_ACCEL_REG_CHIP_ID, ); if (ret < 0) { dev_err(dev, "Error: Reading chip id\n");
[PATCH 4.7 103/184] ARM: dts: armada-388-clearfog: number LAN ports properly
4.7-stable review patch. If anyone has any objections, please let me know. -- From: Russell Kingcommit d9fd3c918114cfd3995947339549c7341181efb0 upstream. Currently, the ports as seen from the rear number as: eth0 sfp lan5 lan4 lan3 lan2 lan1 lan6 which is illogical - this came about because the rev 2.0 boards have the LEDs on the front for the DSA switch (lan5-1) reversed. Rev 2.1 boards fixed the LED issue, and the Clearfog case numbers the lan ports increasing from left to right. Maintaining this illogical numbering causes confusion, with reports that "my link isn't coming up" and "my connection negotiates 10base-Half" both of which are due to people thinking that the port next to the SFP is lan1. Fix this by renumbering the ports to match people's expectations. [gregory.clem...@free-electrons.com: added the Fixes and stable tags] Fixes: 4c945e8556ec ("ARM: dts: Add SolidRun Armada 388 Clearfog A1 DT file") Signed-off-by: Russell King Reviewed-by: Andrew Lunn Signed-off-by: Gregory CLEMENT Signed-off-by: Greg Kroah-Hartman --- arch/arm/boot/dts/armada-388-clearfog.dts |8 1 file changed, 4 insertions(+), 4 deletions(-) --- a/arch/arm/boot/dts/armada-388-clearfog.dts +++ b/arch/arm/boot/dts/armada-388-clearfog.dts @@ -406,12 +406,12 @@ port@0 { reg = <0>; - label = "lan1"; + label = "lan5"; }; port@1 { reg = <1>; - label = "lan2"; + label = "lan4"; }; port@2 { @@ -421,12 +421,12 @@ port@3 { reg = <3>; - label = "lan4"; + label = "lan2"; }; port@4 { reg = <4>; - label = "lan5"; + label = "lan1"; }; port@5 {
[PATCH 4.7 098/184] ARM: imx6: add missing BM_CLPCR_BYPASS_PMIC_READY setting for imx6sx
4.7-stable review patch. If anyone has any objections, please let me know. -- From: Anson Huangcommit 8aade778f787305fdbfd3c1d54e6b583601b5902 upstream. i.MX6SX has bypass PMIC ready function, as this function is normally NOT enabled on the board design, so we need to bypass the PMIC ready pin check during DSM mode resume flow, otherwise, the internal DSM resume logic will be waiting for this signal to be ready forever and cause resume fail. Signed-off-by: Anson Huang Fixes: ff843d621bfc ("ARM: imx: add suspend support for i.mx6sx") Tested-by: Peter Chen Signed-off-by: Shawn Guo Signed-off-by: Greg Kroah-Hartman --- arch/arm/mach-imx/pm-imx6.c |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/arch/arm/mach-imx/pm-imx6.c +++ b/arch/arm/mach-imx/pm-imx6.c @@ -310,7 +310,7 @@ int imx6_set_lpm(enum mxc_cpu_pwr_mode m val |= 0x3 << BP_CLPCR_STBY_COUNT; val |= BM_CLPCR_VSTBY; val |= BM_CLPCR_SBYOS; - if (cpu_is_imx6sl()) + if (cpu_is_imx6sl() || cpu_is_imx6sx()) val |= BM_CLPCR_BYPASS_PMIC_READY; if (cpu_is_imx6sl() || cpu_is_imx6sx() || cpu_is_imx6ul()) val |= BM_CLPCR_BYP_MMDC_CH0_LPM_HS;
[PATCH 4.7 100/184] ARM: OMAP3: hwmod data: Add sysc information for DSI
4.7-stable review patch. If anyone has any objections, please let me know. -- From: Sebastian Reichelcommit b46211d6dcfb81a8af66b8684a42d629183670d4 upstream. Add missing sysconfig/sysstatus information to OMAP3 hwmod. The information has been checked against OMAP34xx and OMAP36xx TRM. Without this change DSI block is not reset during boot, which is required for working Nokia N950 display. Signed-off-by: Sebastian Reichel Signed-off-by: Tony Lindgren Signed-off-by: Greg Kroah-Hartman --- arch/arm/mach-omap2/omap_hwmod_3xxx_data.c | 12 1 file changed, 12 insertions(+) --- a/arch/arm/mach-omap2/omap_hwmod_3xxx_data.c +++ b/arch/arm/mach-omap2/omap_hwmod_3xxx_data.c @@ -722,8 +722,20 @@ static struct omap_hwmod omap3xxx_dss_di * display serial interface controller */ +static struct omap_hwmod_class_sysconfig omap3xxx_dsi_sysc = { + .rev_offs = 0x, + .sysc_offs = 0x0010, + .syss_offs = 0x0014, + .sysc_flags = (SYSC_HAS_AUTOIDLE | SYSC_HAS_CLOCKACTIVITY | + SYSC_HAS_ENAWAKEUP | SYSC_HAS_SIDLEMODE | + SYSC_HAS_SOFTRESET | SYSS_HAS_RESET_STATUS), + .idlemodes = (SIDLE_FORCE | SIDLE_NO | SIDLE_SMART), + .sysc_fields= _hwmod_sysc_type1, +}; + static struct omap_hwmod_class omap3xxx_dsi_hwmod_class = { .name = "dsi", + .sysc = _dsi_sysc, }; static struct omap_hwmod_irq_info omap3xxx_dsi1_irqs[] = {
Re: [PATCH] ARM: dts: exynos: Add reboot reason support for Trats2
Hi, Thanks for the patch, it is nice that someone did this! When I saw the syscon reboot mode driver, I though about such feature but never had time or will to implement it. Great job! Few comments below. On Thu, Sep 22, 2016 at 06:48:35PM +0200, Wolfgang Wiedmeyer wrote: > This allows to reboot the device into recovery mode and into the download > mode of the bootloader. Which bootloader? Probably UBoot... or Samsung stock one? Could you put that information here? > > Signed-off-by: Wolfgang Wiedmeyer> --- > arch/arm/boot/dts/exynos4412-trats2.dts | 14 ++ > arch/arm/boot/dts/exynos4x12.dtsi | 2 +- > 2 files changed, 15 insertions(+), 1 deletion(-) > > diff --git a/arch/arm/boot/dts/exynos4412-trats2.dts > b/arch/arm/boot/dts/exynos4412-trats2.dts > index 129e973..a38d1e3 100644 > --- a/arch/arm/boot/dts/exynos4412-trats2.dts > +++ b/arch/arm/boot/dts/exynos4412-trats2.dts > @@ -1294,3 +1294,17 @@ > vtmu-supply = <_reg>; > status = "okay"; > }; > + > + { > + compatible = "syscon", "simple-mfd"; > + > + reboot-mode { > + compatible = "syscon-reboot-mode"; > + offset = <0x80c>; > + > + mode-normal = <0x12345670>; > + mode-bootloader = <0x12345671>; > + mode-download = <0x12345671>; > + mode-recovery = <0x12345674>; Hmmm, how did you get these values? Are they already supported? It would be nice to document them: 1. In Documentation/arm/Samsung/Bootloader-interface.txt 2. In header. I hate such magic numbers... you could add new header next to existing rockchip one: include/dt-bindings/soc/samsung,boot-mode.h (and update maintainers entry :) ) Best regards, Krzysztof > + }; > +}; > diff --git a/arch/arm/boot/dts/exynos4x12.dtsi > b/arch/arm/boot/dts/exynos4x12.dtsi > index c452499..b58c14e 100644 > --- a/arch/arm/boot/dts/exynos4x12.dtsi > +++ b/arch/arm/boot/dts/exynos4x12.dtsi > @@ -179,7 +179,7 @@ > ranges; > status = "disabled"; > > - pmu@1002 { > + pmu: pmu@1002 { > reg = <0x1002 0x3000>; > }; > > -- > Website: https://fossencdi.org > OpenPGP: 0F30 D1A0 2F73 F70A 6FEE 048E 5816 A24C 1075 7FC4 > Key download: https://wiedmeyer.de/keys/ww.asc >
Re: [PATCH v2] i2c / ACPI: Do not touch an I2C device if it belongs to another adapter
On Tue, Sep 20, 2016 at 04:59:25PM +0300, Mika Westerberg wrote: > When enumerating I2C devices connected to an I2C adapter we scan the whole > namespace (as it is possible to have devices anywhere in that namespace, > not just below the I2C adapter device) and add each found device to the I2C > bus in question. > > Now after commit 525e6fabeae2 ("i2c / ACPI: add support for ACPI > reconfigure notifications") checking of the adapter handle to the one found > in the I2cSerialBus() resource was moved to happen after resources of the > I2C device has been parsed. This means that if the I2cSerialBus() resource > points to an adapter that does not exists in the system we still parse > those resources. This is problematic in particular because > acpi_dev_resource_interrupt() tries to configure GSI if the device also has > an Interrupt() resource. Failing to do that results errrors like this to be > printed on the console: > > [ 10.409490] ERROR: Unable to locate IOAPIC for GSI 37 > > To fix this we pass the I2C adapter to i2c_acpi_get_info() and make sure > the handle matches the one in the I2cSerialBus() resource before doing > anything else to the device. > > Reported-and-tested-by: Nicolai Stange> Signed-off-by: Mika Westerberg Applied to for-next, thanks! signature.asc Description: PGP signature
[PATCH 4.7 105/184] ARM: dts: overo: fix gpmc nand on boards with ethernet
4.7-stable review patch. If anyone has any objections, please let me know. -- From: Johan Hovoldcommit 153b58ea932b2d0642fa5cd41c93bb0555f3f09b upstream. The gpmc ranges property for NAND at CS0 was being overridden by later includes that defined gpmc ethernet nodes, effectively breaking NAND on these systems: omap-gpmc 6e00.gpmc: /ocp/gpmc@6e00/nand@0,0 has malformed 'reg' property Instead of redefining the NAND range in every such dtsi, define all currently used ranges in omap3-overo-base.dtsi. Fixes: 98ce6007efb4 ("ARM: dts: overo: Support PoP NAND") Signed-off-by: Johan Hovold Signed-off-by: Tony Lindgren Signed-off-by: Greg Kroah-Hartman --- arch/arm/boot/dts/omap3-overo-base.dtsi |4 +++- arch/arm/boot/dts/omap3-overo-chestnut43-common.dtsi |2 -- arch/arm/boot/dts/omap3-overo-tobi-common.dtsi |2 -- arch/arm/boot/dts/omap3-overo-tobiduo-common.dtsi|3 --- 4 files changed, 3 insertions(+), 8 deletions(-) --- a/arch/arm/boot/dts/omap3-overo-base.dtsi +++ b/arch/arm/boot/dts/omap3-overo-base.dtsi @@ -223,7 +223,9 @@ }; { - ranges = <0 0 0x3000 0x100>;/* CS0 */ + ranges = <0 0 0x3000 0x100>,/* CS0 */ +<4 0 0x2b00 0x100>,/* CS4 */ +<5 0 0x2c00 0x100>;/* CS5 */ nand@0,0 { compatible = "ti,omap2-nand"; --- a/arch/arm/boot/dts/omap3-overo-chestnut43-common.dtsi +++ b/arch/arm/boot/dts/omap3-overo-chestnut43-common.dtsi @@ -55,8 +55,6 @@ #include "omap-gpmc-smsc9221.dtsi" { - ranges = <5 0 0x2c00 0x100>;/* CS5 */ - ethernet@gpmc { reg = <5 0 0xff>; interrupt-parent = <>; --- a/arch/arm/boot/dts/omap3-overo-tobi-common.dtsi +++ b/arch/arm/boot/dts/omap3-overo-tobi-common.dtsi @@ -27,8 +27,6 @@ #include "omap-gpmc-smsc9221.dtsi" { - ranges = <5 0 0x2c00 0x100>;/* CS5 */ - ethernet@gpmc { reg = <5 0 0xff>; interrupt-parent = <>; --- a/arch/arm/boot/dts/omap3-overo-tobiduo-common.dtsi +++ b/arch/arm/boot/dts/omap3-overo-tobiduo-common.dtsi @@ -15,9 +15,6 @@ #include "omap-gpmc-smsc9221.dtsi" { - ranges = <4 0 0x2b00 0x100>,/* CS4 */ -<5 0 0x2c00 0x100>;/* CS5 */ - smsc1: ethernet@gpmc { reg = <5 0 0xff>; interrupt-parent = <>;
[PATCH 4.7 097/184] ARM: imx6: add missing BM_CLPCR_BYP_MMDC_CH0_LPM_HS setting for imx6ul
4.7-stable review patch. If anyone has any objections, please let me know. -- From: Peter Chencommit f5a49057c71433e35a4712ab8d8f00641b3e1ec0 upstream. There is a missing BM_CLPCR_BYP_MMDC_CH0_LPM_HS setting for imx6ul, without it, the "standby" mode can't work well, the system can't be resumed. With this commit, the "standby" mode works well. Signed-off-by: Peter Chen Cc: Anson Huang Fixes: ee4a5f838c84 ("ARM: imx: add suspend/resume support for i.mx6ul") Signed-off-by: Shawn Guo Signed-off-by: Greg Kroah-Hartman --- arch/arm/mach-imx/pm-imx6.c |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/arch/arm/mach-imx/pm-imx6.c +++ b/arch/arm/mach-imx/pm-imx6.c @@ -295,7 +295,7 @@ int imx6_set_lpm(enum mxc_cpu_pwr_mode m val &= ~BM_CLPCR_SBYOS; if (cpu_is_imx6sl()) val |= BM_CLPCR_BYPASS_PMIC_READY; - if (cpu_is_imx6sl() || cpu_is_imx6sx()) + if (cpu_is_imx6sl() || cpu_is_imx6sx() || cpu_is_imx6ul()) val |= BM_CLPCR_BYP_MMDC_CH0_LPM_HS; else val |= BM_CLPCR_BYP_MMDC_CH1_LPM_HS;
[PATCH 4.7 099/184] ARM: kirkwood: ib62x0: fix size of u-boot environment partition
4.7-stable review patch. If anyone has any objections, please let me know. -- From: Simon Baatzcommit a77893767aac17a33887d1c429120790fbc2 upstream. Commit 148c274ea644 ("ARM: kirkwood: ib62x0: add u-boot environment partition") split the "u-boot" partition into "u-boot" and "u-boot environment". However, instead of the size of the environment, an offset was given, resulting in overlapping partitions. Signed-off-by: Simon Baatz Fixes: 148c274ea644 ("ARM: kirkwood: ib62x0: add u-boot environment partition") Cc: Jason Cooper Cc: Andrew Lunn Cc: Gregory Clement Cc: Sebastian Hesselbarth Cc: Luka Perkov Reviewed-by: Andrew Lunn Signed-off-by: Gregory CLEMENT Signed-off-by: Greg Kroah-Hartman --- arch/arm/boot/dts/kirkwood-ib62x0.dts |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/arch/arm/boot/dts/kirkwood-ib62x0.dts +++ b/arch/arm/boot/dts/kirkwood-ib62x0.dts @@ -113,7 +113,7 @@ partition@e { label = "u-boot environment"; - reg = <0xe 0x10>; + reg = <0xe 0x2>; }; partition@10 {
[PATCH 14/14] GPU-DRM-TTM: Mark an array of text strings as "const" in ttm_dma_pool_init()
From: Markus ElfringDate: Thu, 22 Sep 2016 18:46:01 +0200 The local variable "n" was not modified after it was initialized with a few text strings. Thus express this detail also by the data type qualifier "const". Signed-off-by: Markus Elfring --- drivers/gpu/drm/ttm/ttm_page_alloc_dma.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/gpu/drm/ttm/ttm_page_alloc_dma.c b/drivers/gpu/drm/ttm/ttm_page_alloc_dma.c index aa1679d..e21c1b3 100644 --- a/drivers/gpu/drm/ttm/ttm_page_alloc_dma.c +++ b/drivers/gpu/drm/ttm/ttm_page_alloc_dma.c @@ -574,7 +574,7 @@ static int ttm_dma_pool_match(struct device *dev, void *res, void *match_data) static struct dma_pool *ttm_dma_pool_init(struct device *dev, gfp_t flags, enum pool_type type) { - char *n[] = {"wc", "uc", "cached", " dma32", "unknown",}; + char const * const n[] = {"wc", "uc", "cached", " dma32", "unknown",}; enum pool_type t[] = {IS_WC, IS_UC, IS_CACHED, IS_DMA32, IS_UNDEFINED}; struct device_pools *sec_pool; struct dma_pool *pool, **ptr; -- 2.10.0
[PATCH 4.7 102/184] ARM: dts: imx6qdl: Fix SPDIF regression
4.7-stable review patch. If anyone has any objections, please let me know. -- From: Fabio Estevamcommit f065e9e4addd75c21bb976bb2558648bf4f61de6 upstream. Commit 833f2cbf7091 ("ARM: dts: imx6: change the core clock of spdif") changed many more clocks than only the SPDIF core clock as stated in the commit message. The MLB clock has been added and this causes SPDIF regression as reported by Xavi Drudis Ferran and also in this forum post: https://forum.digikey.com/thread/34240 The MX6Q Reference Manual does not mention that MLB is a clock related to SPDIF, so change it back to a dummy clock to restore SPDIF functionality. Thanks to Ambika for providing the fix at: https://community.nxp.com/thread/387131 Fixes: 833f2cbf7091 ("ARM: dts: imx6: change the core clock of spdif") Reported-by: Xavi Drudis Ferran Signed-off-by: Fabio Estevam Tested-by: Xavi Drudis Ferran Signed-off-by: Shawn Guo Signed-off-by: Greg Kroah-Hartman --- arch/arm/boot/dts/imx6qdl.dtsi |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/arch/arm/boot/dts/imx6qdl.dtsi +++ b/arch/arm/boot/dts/imx6qdl.dtsi @@ -242,7 +242,7 @@ clocks = < IMX6QDL_CLK_SPDIF_GCLK>, < IMX6QDL_CLK_OSC>, < IMX6QDL_CLK_SPDIF>, < IMX6QDL_CLK_ASRC>, < IMX6QDL_CLK_DUMMY>, < IMX6QDL_CLK_ESAI_EXTAL>, -< IMX6QDL_CLK_IPG>, < IMX6QDL_CLK_MLB>, +< IMX6QDL_CLK_IPG>, < IMX6QDL_CLK_DUMMY>, < IMX6QDL_CLK_DUMMY>, < IMX6QDL_CLK_SPBA>; clock-names = "core", "rxtx0", "rxtx1", "rxtx2",
Re: [tip:sched/core] sched/core: Avoid _cond_resched() for PREEMPT=y
On Thu, Sep 22, 2016 at 02:25:01PM -0400, Mikulas Patocka wrote: > I've found a document that says that cond_resched() is needed on > preemptible kernels to mark RCU quiescent states: > > https://lwn.net/Articles/603252/ > > Paul, is cond_resched() still needed on current RCU implementation? Or not? It can be if you loop in the kernel for a very long time. But cond_resched_rcu_qs() is instead needed in cases where there is only one runnable non-idle non-nohz task on a given CPU. Thanx, Paul > Mikulas > > > > On Thu, 22 Sep 2016, tip-bot for Peter Zijlstra wrote: > > > Commit-ID: 35a773a07926a22bf19d77ee00024522279c4e68 > > Gitweb: > > http://git.kernel.org/tip/35a773a07926a22bf19d77ee00024522279c4e68 > > Author: Peter Zijlstra> > AuthorDate: Mon, 19 Sep 2016 12:57:53 +0200 > > Committer: Ingo Molnar > > CommitDate: Thu, 22 Sep 2016 14:53:46 +0200 > > > > sched/core: Avoid _cond_resched() for PREEMPT=y > > > > On fully preemptible kernels _cond_resched() is pointless, so avoid > > emitting any code for it. > > > > Signed-off-by: Peter Zijlstra (Intel) > > Cc: Linus Torvalds > > Cc: Mikulas Patocka > > Cc: Oleg Nesterov > > Cc: Peter Zijlstra > > Cc: Thomas Gleixner > > Cc: linux-kernel@vger.kernel.org > > Signed-off-by: Ingo Molnar > > --- > > include/linux/sched.h | 4 > > kernel/sched/core.c | 2 ++ > > 2 files changed, 6 insertions(+) > > > > diff --git a/include/linux/sched.h b/include/linux/sched.h > > index f00ee8e..b99fcd1 100644 > > --- a/include/linux/sched.h > > +++ b/include/linux/sched.h > > @@ -3209,7 +3209,11 @@ static inline int signal_pending_state(long state, > > struct task_struct *p) > > * cond_resched_lock() will drop the spinlock before scheduling, > > * cond_resched_softirq() will enable bhs before scheduling. > > */ > > +#ifndef CONFIG_PREEMPT > > extern int _cond_resched(void); > > +#else > > +static inline int _cond_resched(void) { return 0; } > > +#endif > > > > #define cond_resched() ({ \ > > ___might_sleep(__FILE__, __LINE__, 0); \ > > diff --git a/kernel/sched/core.c b/kernel/sched/core.c > > index b2ec53c..d7babcc 100644 > > --- a/kernel/sched/core.c > > +++ b/kernel/sched/core.c > > @@ -4883,6 +4883,7 @@ SYSCALL_DEFINE0(sched_yield) > > return 0; > > } > > > > +#ifndef CONFIG_PREEMPT > > int __sched _cond_resched(void) > > { > > if (should_resched(0)) { > > @@ -4892,6 +4893,7 @@ int __sched _cond_resched(void) > > return 0; > > } > > EXPORT_SYMBOL(_cond_resched); > > +#endif > > > > /* > > * __cond_resched_lock() - if a reschedule is pending, drop the given lock, > > >
[PATCH 4.7 108/184] bus: arm-ccn: Do not attempt to configure XPs for cycle counter
4.7-stable review patch. If anyone has any objections, please let me know. -- From: Pawel Mollcommit b7c1beb278e8e3dc664ed3df3fc786db126120a9 upstream. Fuzzing the CCN perf driver revealed a small but definitely dangerous mistake in the event setup code. When a cycle counter is requested, the driver should not reconfigure the events bus at all, otherwise it will corrupt (in most but the simplest cases) its configuration and may end up accessing XP array out of its bounds and corrupting control registers. Reported-by: Mark Rutland Reviewed-by: Mark Rutland Tested-by: Mark Rutland Signed-off-by: Pawel Moll Signed-off-by: Greg Kroah-Hartman --- drivers/bus/arm-ccn.c |4 1 file changed, 4 insertions(+) --- a/drivers/bus/arm-ccn.c +++ b/drivers/bus/arm-ccn.c @@ -895,6 +895,10 @@ static void arm_ccn_pmu_xp_dt_config(str struct arm_ccn_component *xp; u32 val, dt_cfg; + /* Nothing to do for cycle counter */ + if (hw->idx == CCN_IDX_PMU_CYCLE_COUNTER) + return; + if (CCN_CONFIG_TYPE(event->attr.config) == CCN_TYPE_XP) xp = >xp[CCN_CONFIG_XP(event->attr.config)]; else
[PATCH 4.7 042/184] pNFS/flexfiles: Fix an Oopsable condition when connection to the DS fails
4.7-stable review patch. If anyone has any objections, please let me know. -- From: Trond Myklebustcommit 3dc147359e3dcdf0648f1e2c11f62cfae3160df0 upstream. If the attempt to connect to a DS fails inside ff_layout_pg_init_read or ff_layout_pg_init_write, then we currently end up clearing the layout segment carried by the struct nfs_pageio_descriptor, causing an Oops when we later call into ff_layout_read_pagelist/ff_layout_write_pagelist. The fix is to ensure we return the layout and then retry. Fixes: 446ca2195303 ("pNFS/flexfiles: When initing reads or writes, we...") Signed-off-by: Trond Myklebust Signed-off-by: Greg Kroah-Hartman --- fs/nfs/flexfilelayout/flexfilelayout.c| 37 ++ fs/nfs/flexfilelayout/flexfilelayoutdev.c | 19 --- 2 files changed, 28 insertions(+), 28 deletions(-) --- a/fs/nfs/flexfilelayout/flexfilelayout.c +++ b/fs/nfs/flexfilelayout/flexfilelayout.c @@ -806,11 +806,14 @@ ff_layout_choose_best_ds_for_read(struct { struct nfs4_ff_layout_segment *fls = FF_LAYOUT_LSEG(lseg); struct nfs4_pnfs_ds *ds; + bool fail_return = false; int idx; /* mirrors are sorted by efficiency */ for (idx = start_idx; idx < fls->mirror_array_cnt; idx++) { - ds = nfs4_ff_layout_prepare_ds(lseg, idx, false); + if (idx+1 == fls->mirror_array_cnt) + fail_return = true; + ds = nfs4_ff_layout_prepare_ds(lseg, idx, fail_return); if (ds) { *best_idx = idx; return ds; @@ -859,6 +862,7 @@ ff_layout_pg_init_read(struct nfs_pageio struct nfs4_pnfs_ds *ds; int ds_idx; +retry: /* Use full layout for now */ if (!pgio->pg_lseg) ff_layout_pg_get_read(pgio, req, false); @@ -871,10 +875,13 @@ ff_layout_pg_init_read(struct nfs_pageio ds = ff_layout_choose_best_ds_for_read(pgio->pg_lseg, 0, _idx); if (!ds) { - if (ff_layout_no_fallback_to_mds(pgio->pg_lseg)) - goto out_pnfs; - else + if (!ff_layout_no_fallback_to_mds(pgio->pg_lseg)) goto out_mds; + pnfs_put_lseg(pgio->pg_lseg); + pgio->pg_lseg = NULL; + /* Sleep for 1 second before retrying */ + ssleep(1); + goto retry; } mirror = FF_LAYOUT_COMP(pgio->pg_lseg, ds_idx); @@ -890,12 +897,6 @@ out_mds: pnfs_put_lseg(pgio->pg_lseg); pgio->pg_lseg = NULL; nfs_pageio_reset_read_mds(pgio); - return; - -out_pnfs: - pnfs_set_lo_fail(pgio->pg_lseg); - pnfs_put_lseg(pgio->pg_lseg); - pgio->pg_lseg = NULL; } static void @@ -909,6 +910,7 @@ ff_layout_pg_init_write(struct nfs_pagei int i; int status; +retry: if (!pgio->pg_lseg) { pgio->pg_lseg = pnfs_update_layout(pgio->pg_inode, req->wb_context, @@ -940,10 +942,13 @@ ff_layout_pg_init_write(struct nfs_pagei for (i = 0; i < pgio->pg_mirror_count; i++) { ds = nfs4_ff_layout_prepare_ds(pgio->pg_lseg, i, true); if (!ds) { - if (ff_layout_no_fallback_to_mds(pgio->pg_lseg)) - goto out_pnfs; - else + if (!ff_layout_no_fallback_to_mds(pgio->pg_lseg)) goto out_mds; + pnfs_put_lseg(pgio->pg_lseg); + pgio->pg_lseg = NULL; + /* Sleep for 1 second before retrying */ + ssleep(1); + goto retry; } pgm = >pg_mirrors[i]; mirror = FF_LAYOUT_COMP(pgio->pg_lseg, i); @@ -956,12 +961,6 @@ out_mds: pnfs_put_lseg(pgio->pg_lseg); pgio->pg_lseg = NULL; nfs_pageio_reset_write_mds(pgio); - return; - -out_pnfs: - pnfs_set_lo_fail(pgio->pg_lseg); - pnfs_put_lseg(pgio->pg_lseg); - pgio->pg_lseg = NULL; } static unsigned int --- a/fs/nfs/flexfilelayout/flexfilelayoutdev.c +++ b/fs/nfs/flexfilelayout/flexfilelayoutdev.c @@ -379,7 +379,7 @@ nfs4_ff_layout_prepare_ds(struct pnfs_la devid = >mirror_ds->id_node; if (ff_layout_test_devid_unavailable(devid)) - goto out; + goto out_fail; ds = mirror->mirror_ds->ds; /* matching smp_wmb() in _nfs4_pnfs_v3/4_ds_connect */ @@ -405,15 +405,16 @@ nfs4_ff_layout_prepare_ds(struct pnfs_la mirror->mirror_ds->ds_versions[0].rsize = max_payload; if (mirror->mirror_ds->ds_versions[0].wsize > max_payload)
[PATCH 4.7 041/184] kernfs: dont depend on d_find_any_alias() when generating notifications
4.7-stable review patch. If anyone has any objections, please let me know. -- From: Tejun Heocommit df6a58c5c5aa8ecb1e088ecead3fa33ae70181f1 upstream. kernfs_notify_workfn() sends out file modified events for the scheduled kernfs_nodes. Because the modifications aren't from userland, it doesn't have the matching file struct at hand and can't use fsnotify_modify(). Instead, it looked up the inode and then used d_find_any_alias() to find the dentry and used fsnotify_parent() and fsnotify() directly to generate notifications. The assumption was that the relevant dentries would have been pinned if there are listeners, which isn't true as inotify doesn't pin dentries at all and watching the parent doesn't pin the child dentries even for dnotify. This led to, for example, inotify watchers not getting notifications if the system is under memory pressure and the matching dentries got reclaimed. It can also be triggered through /proc/sys/vm/drop_caches or a remount attempt which involves shrinking dcache. fsnotify_parent() only uses the dentry to access the parent inode, which kernfs can do easily. Update kernfs_notify_workfn() so that it uses fsnotify() directly for both the parent and target inodes without going through d_find_any_alias(). While at it, supply the target file name to fsnotify() from kernfs_node->name. Signed-off-by: Tejun Heo Reported-by: Evgeny Vereshchagin Fixes: d911d9874801 ("kernfs: make kernfs_notify() trigger inotify events too") Cc: John McCutchan Cc: Robert Love Cc: Eric Paris Signed-off-by: Greg Kroah-Hartman --- fs/kernfs/file.c | 28 +--- 1 file changed, 21 insertions(+), 7 deletions(-) --- a/fs/kernfs/file.c +++ b/fs/kernfs/file.c @@ -840,21 +840,35 @@ repeat: mutex_lock(_mutex); list_for_each_entry(info, _root(kn)->supers, node) { + struct kernfs_node *parent; struct inode *inode; - struct dentry *dentry; + /* +* We want fsnotify_modify() on @kn but as the +* modifications aren't originating from userland don't +* have the matching @file available. Look up the inodes +* and generate the events manually. +*/ inode = ilookup(info->sb, kn->ino); if (!inode) continue; - dentry = d_find_any_alias(inode); - if (dentry) { - fsnotify_parent(NULL, dentry, FS_MODIFY); - fsnotify(inode, FS_MODIFY, inode, FSNOTIFY_EVENT_INODE, -NULL, 0); - dput(dentry); + parent = kernfs_get_parent(kn); + if (parent) { + struct inode *p_inode; + + p_inode = ilookup(info->sb, parent->ino); + if (p_inode) { + fsnotify(p_inode, FS_MODIFY | FS_EVENT_ON_CHILD, +inode, FSNOTIFY_EVENT_INODE, kn->name, 0); + iput(p_inode); + } + + kernfs_put(parent); } + fsnotify(inode, FS_MODIFY, inode, FSNOTIFY_EVENT_INODE, +kn->name, 0); iput(inode); }
[PATCH 4.7 039/184] powerpc/mm: Dont alias user region to other regions below PAGE_OFFSET
4.7-stable review patch. If anyone has any objections, please let me know. -- From: Paul Mackerrascommit f077aaf0754bcba0fffdbd925bc12f09cd1e38aa upstream. In commit c60ac5693c47 ("powerpc: Update kernel VSID range", 2013-03-13) we lost a check on the region number (the top four bits of the effective address) for addresses below PAGE_OFFSET. That commit replaced a check that the top 18 bits were all zero with a check that bits 46 - 59 were zero (performed for all addresses, not just user addresses). This means that userspace can access an address like 0x1000_0xxx__ and we will insert a valid SLB entry for it. The VSID used will be the same as if the top 4 bits were 0, but the page size will be some random value obtained by indexing beyond the end of the mm_ctx_high_slices_psize array in the paca. If that page size is the same as would be used for region 0, then userspace just has an alias of the region 0 space. If the page size is different, then no HPTE will be found for the access, and the process will get a SIGSEGV (since hash_page_mm() will refuse to create a HPTE for the bogus address). The access beyond the end of the mm_ctx_high_slices_psize can be at most 5.5MB past the array, and so will be in RAM somewhere. Since the access is a load performed in real mode, it won't fault or crash the kernel. At most this bug could perhaps leak a little bit of information about blocks of 32 bytes of memory located at offsets of i * 512kB past the paca->mm_ctx_high_slices_psize array, for 1 <= i <= 11. Fixes: c60ac5693c47 ("powerpc: Update kernel VSID range") Signed-off-by: Paul Mackerras Reviewed-by: Aneesh Kumar K.V Signed-off-by: Michael Ellerman Signed-off-by: Greg Kroah-Hartman --- arch/powerpc/mm/slb_low.S |7 ++- 1 file changed, 6 insertions(+), 1 deletion(-) --- a/arch/powerpc/mm/slb_low.S +++ b/arch/powerpc/mm/slb_low.S @@ -113,7 +113,12 @@ BEGIN_FTR_SECTION END_MMU_FTR_SECTION_IFCLR(MMU_FTR_1T_SEGMENT) b slb_finish_load_1T -0: +0: /* +* For userspace addresses, make sure this is region 0. +*/ + cmpdi r9, 0 + bne 8f + /* when using slices, we extract the psize off the slice bitmaps * and then we need to get the sllp encoding off the mmu_psize_defs * array.
[PATCH 4.7 053/184] rapidio/tsi721: fix incorrect detection of address translation condition
4.7-stable review patch. If anyone has any objections, please let me know. -- From: Alexandre Bouninecommit b30069291dc7f9b9a073c33d619818fe4a8e50de upstream. Fix incorrect condition to identify involvment of a address translation mechanism. This bug results in NULL pointer kernel crash dump in cases when mapping of inbound RapidIO address range is requested within existing aprture. Link: http://lkml.kernel.org/r/20160901173144.2983-1-alexandre.boun...@idt.com Signed-off-by: Alexandre Bounine Cc: Matt Porter Cc: Andre van Herk Cc: Barry Wood Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman --- drivers/rapidio/devices/tsi721.c |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/rapidio/devices/tsi721.c +++ b/drivers/rapidio/devices/tsi721.c @@ -1148,7 +1148,7 @@ static int tsi721_rio_map_inb_mem(struct } else if (ibw_start < (ib_win->rstart + ib_win->size) && (ibw_start + ibw_size) > ib_win->rstart) { /* Return error if address translation involved */ - if (direct && ib_win->xlat) { + if (!direct || ib_win->xlat) { ret = -EFAULT; break; }
[PATCH 12/14] GPU-DRM-TTM: Less function calls in ttm_dma_pool_init() after error detection
From: Markus ElfringDate: Thu, 22 Sep 2016 17:30:52 +0200 The kfree() function was called in up to two cases by the ttm_dma_pool_init() function during error handling even if the passed variable contained a null pointer. Adjust jump targets according to the Linux coding style convention. Signed-off-by: Markus Elfring --- drivers/gpu/drm/ttm/ttm_page_alloc_dma.c | 10 +- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/drivers/gpu/drm/ttm/ttm_page_alloc_dma.c b/drivers/gpu/drm/ttm/ttm_page_alloc_dma.c index d5f41ed..4c50196 100644 --- a/drivers/gpu/drm/ttm/ttm_page_alloc_dma.c +++ b/drivers/gpu/drm/ttm/ttm_page_alloc_dma.c @@ -591,12 +591,12 @@ static struct dma_pool *ttm_dma_pool_init(struct device *dev, gfp_t flags, pool = kmalloc_node(sizeof(struct dma_pool), GFP_KERNEL, dev_to_node(dev)); if (!pool) - goto err_mem; + goto free_devres; sec_pool = kmalloc_node(sizeof(struct device_pools), GFP_KERNEL, dev_to_node(dev)); if (!sec_pool) - goto err_mem; + goto free_pool; INIT_LIST_HEAD(_pool->pools); sec_pool->dev = dev; @@ -637,10 +637,10 @@ static struct dma_pool *ttm_dma_pool_init(struct device *dev, gfp_t flags, devres_add(dev, ptr); return pool; -err_mem: - devres_free(ptr); - kfree(sec_pool); + free_pool: kfree(pool); + free_devres: + devres_free(ptr); return ERR_PTR(-ENOMEM); } -- 2.10.0
[PATCH 4.7 037/184] powerpc/powernv : Drop reference added by kset_find_obj()
4.7-stable review patch. If anyone has any objections, please let me know. -- From: Mukesh Ojhacommit a9cbf0b2195b695cbcaa4e2770948c212e9a upstream. In a situation, where Linux kernel gets notified about duplicate error log from OPAL, it is been observed that kernel fails to remove sysfs entries (/sys/firmware/opal/elog/0x) of such error logs. This is because, we currently search the error log/dump kobject in the kset list via 'kset_find_obj()' routine. Which eventually increment the reference count by one, once it founds the kobject. So, unless we decrement the reference count by one after it found the kobject, we would not be able to release the kobject properly later. This patch adds the 'kobject_put()' which was missing earlier. Signed-off-by: Mukesh Ojha Reviewed-by: Vasant Hegde Signed-off-by: Benjamin Herrenschmidt Signed-off-by: Greg Kroah-Hartman --- arch/powerpc/platforms/powernv/opal-dump.c |7 ++- arch/powerpc/platforms/powernv/opal-elog.c |7 ++- 2 files changed, 12 insertions(+), 2 deletions(-) --- a/arch/powerpc/platforms/powernv/opal-dump.c +++ b/arch/powerpc/platforms/powernv/opal-dump.c @@ -370,6 +370,7 @@ static irqreturn_t process_dump(int irq, uint32_t dump_id, dump_size, dump_type; struct dump_obj *dump; char name[22]; + struct kobject *kobj; rc = dump_read_info(_id, _size, _type); if (rc != OPAL_SUCCESS) @@ -381,8 +382,12 @@ static irqreturn_t process_dump(int irq, * that gracefully and not create two conflicting * entries. */ - if (kset_find_obj(dump_kset, name)) + kobj = kset_find_obj(dump_kset, name); + if (kobj) { + /* Drop reference added by kset_find_obj() */ + kobject_put(kobj); return 0; + } dump = create_dump_obj(dump_id, dump_size, dump_type); if (!dump) --- a/arch/powerpc/platforms/powernv/opal-elog.c +++ b/arch/powerpc/platforms/powernv/opal-elog.c @@ -247,6 +247,7 @@ static irqreturn_t elog_event(int irq, v uint64_t elog_type; int rc; char name[2+16+1]; + struct kobject *kobj; rc = opal_get_elog_size(, , ); if (rc != OPAL_SUCCESS) { @@ -269,8 +270,12 @@ static irqreturn_t elog_event(int irq, v * that gracefully and not create two conflicting * entries. */ - if (kset_find_obj(elog_kset, name)) + kobj = kset_find_obj(elog_kset, name); + if (kobj) { + /* Drop reference added by kset_find_obj() */ + kobject_put(kobj); return IRQ_HANDLED; + } create_elog_obj(log_id, elog_size, elog_type);
[PATCH 4.7 054/184] mm: introduce get_task_exe_file
4.7-stable review patch. If anyone has any objections, please let me know. -- From: Mateusz Guzikcommit cd81a9170e69e018bbaba547c1fd85a585f5697a upstream. For more convenient access if one has a pointer to the task. As a minor nit take advantage of the fact that only task lock + rcu are needed to safely grab ->exe_file. This saves mm refcount dance. Use the helper in proc_exe_link. Signed-off-by: Mateusz Guzik Acked-by: Konstantin Khlebnikov Acked-by: Richard Guy Briggs Signed-off-by: Paul Moore Signed-off-by: Greg Kroah-Hartman --- fs/proc/base.c |7 +-- include/linux/mm.h |1 + kernel/fork.c | 23 +++ 3 files changed, 25 insertions(+), 6 deletions(-) --- a/fs/proc/base.c +++ b/fs/proc/base.c @@ -1552,18 +1552,13 @@ static const struct file_operations proc static int proc_exe_link(struct dentry *dentry, struct path *exe_path) { struct task_struct *task; - struct mm_struct *mm; struct file *exe_file; task = get_proc_task(d_inode(dentry)); if (!task) return -ENOENT; - mm = get_task_mm(task); + exe_file = get_task_exe_file(task); put_task_struct(task); - if (!mm) - return -ENOENT; - exe_file = get_mm_exe_file(mm); - mmput(mm); if (exe_file) { *exe_path = exe_file->f_path; path_get(_file->f_path); --- a/include/linux/mm.h +++ b/include/linux/mm.h @@ -1975,6 +1975,7 @@ extern void mm_drop_all_locks(struct mm_ extern void set_mm_exe_file(struct mm_struct *mm, struct file *new_exe_file); extern struct file *get_mm_exe_file(struct mm_struct *mm); +extern struct file *get_task_exe_file(struct task_struct *task); extern bool may_expand_vm(struct mm_struct *, vm_flags_t, unsigned long npages); extern void vm_stat_account(struct mm_struct *, vm_flags_t, long npages); --- a/kernel/fork.c +++ b/kernel/fork.c @@ -801,6 +801,29 @@ struct file *get_mm_exe_file(struct mm_s EXPORT_SYMBOL(get_mm_exe_file); /** + * get_task_exe_file - acquire a reference to the task's executable file + * + * Returns %NULL if task's mm (if any) has no associated executable file or + * this is a kernel thread with borrowed mm (see the comment above get_task_mm). + * User must release file via fput(). + */ +struct file *get_task_exe_file(struct task_struct *task) +{ + struct file *exe_file = NULL; + struct mm_struct *mm; + + task_lock(task); + mm = task->mm; + if (mm) { + if (!(task->flags & PF_KTHREAD)) + exe_file = get_mm_exe_file(mm); + } + task_unlock(task); + return exe_file; +} +EXPORT_SYMBOL(get_task_exe_file); + +/** * get_task_mm - acquire a reference to the task's mm * * Returns %NULL if the task has no mm. Checks PF_KTHREAD (meaning
[PATCH 4.7 049/184] kexec: fix double-free when failing to relocate the purgatory
4.7-stable review patch. If anyone has any objections, please let me know. -- From: Thiago Jung Bauermanncommit 070c43eea5043e950daa423707ae3c77e2f48edb upstream. If kexec_apply_relocations fails, kexec_load_purgatory frees pi->sechdrs and pi->purgatory_buf. This is redundant, because in case of error kimage_file_prepare_segments calls kimage_file_post_load_cleanup, which will also free those buffers. This causes two warnings like the following, one for pi->sechdrs and the other for pi->purgatory_buf: kexec-bzImage64: Loading purgatory failed [ cut here ] WARNING: CPU: 1 PID: 2119 at mm/vmalloc.c:1490 __vunmap+0xc1/0xd0 Trying to vfree() nonexistent vm area (c9e91000) Modules linked in: CPU: 1 PID: 2119 Comm: kexec Not tainted 4.8.0-rc3+ #5 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 Call Trace: dump_stack+0x4d/0x65 __warn+0xcb/0xf0 warn_slowpath_fmt+0x4f/0x60 ? find_vmap_area+0x19/0x70 ? kimage_file_post_load_cleanup+0x47/0xb0 __vunmap+0xc1/0xd0 vfree+0x2e/0x70 kimage_file_post_load_cleanup+0x5e/0xb0 SyS_kexec_file_load+0x448/0x680 ? putname+0x54/0x60 ? do_sys_open+0x190/0x1f0 entry_SYSCALL_64_fastpath+0x13/0x8f ---[ end trace 158bb74f5950ca2b ]--- Fix by setting pi->sechdrs an pi->purgatory_buf to NULL, since vfree won't try to free a NULL pointer. Link: http://lkml.kernel.org/r/1472083546-23683-1-git-send-email-bauer...@linux.vnet.ibm.com Signed-off-by: Thiago Jung Bauermann Acked-by: Baoquan He Cc: "Eric W. Biederman" Cc: Vivek Goyal Cc: Dave Young Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman --- kernel/kexec_file.c |3 +++ 1 file changed, 3 insertions(+) --- a/kernel/kexec_file.c +++ b/kernel/kexec_file.c @@ -887,7 +887,10 @@ int kexec_load_purgatory(struct kimage * return 0; out: vfree(pi->sechdrs); + pi->sechdrs = NULL; + vfree(pi->purgatory_buf); + pi->purgatory_buf = NULL; return ret; }
[PATCH 4.7 047/184] pNFS: Ensure LAYOUTGET and LAYOUTRETURN are properly serialised
4.7-stable review patch. If anyone has any objections, please let me know. -- From: Trond Myklebustcommit bf0291dd2267a2b9a4cd74d65249553d11bb45d6 upstream. According to RFC5661, the client is responsible for serialising LAYOUTGET and LAYOUTRETURN to avoid ambiguity. Consider the case where we send both in parallel. Client Server == == LAYOUTGET(seqid=X) LAYOUTRETURN(seqid=X) LAYOUTGET return seqid=X+1 LAYOUTRETURN return seqid=X+2 Process LAYOUTRETURN Forget layout stateid Process LAYOUTGET Set seqid=X+1 The client processes the layoutget/layoutreturn in the wrong order, and since the result of the layoutreturn was to clear the only existing layout segment, the client forgets the layout stateid. When the LAYOUTGET comes in, it is treated as having a completely new stateid, and so the client sets the wrong sequence id... Fix is to check if there are outstanding LAYOUTGET requests before we send the LAYOUTRETURN (note that LAYOUGET will already wait if it sees an outstanding LAYOUTRETURN). Signed-off-by: Trond Myklebust Signed-off-by: Trond Myklebust Signed-off-by: Greg Kroah-Hartman --- fs/nfs/pnfs.c |3 +++ 1 file changed, 3 insertions(+) --- a/fs/nfs/pnfs.c +++ b/fs/nfs/pnfs.c @@ -876,6 +876,9 @@ void pnfs_clear_layoutreturn_waitbit(str static bool pnfs_prepare_layoutreturn(struct pnfs_layout_hdr *lo) { + /* Serialise LAYOUTGET/LAYOUTRETURN */ + if (atomic_read(>plh_outstanding) != 0) + return false; if (test_and_set_bit(NFS_LAYOUT_RETURN, >plh_flags)) return false; lo->plh_return_iomode = 0;
[PATCH 4.7 052/184] ahci: disable correct irq for dummy ports
4.7-stable review patch. If anyone has any objections, please let me know. -- From: Christoph Hellwigcommit 9b4b3f6a062b22550e62523efe5213776cdd426b upstream. irq already contains the interrupt number for the port, don't add the port index to it. Signed-off-by: Christoph Hellwig Signed-off-by: Tejun Heo Fixes: d684a90d38e2 ("ahci: per-port msix support") Signed-off-by: Greg Kroah-Hartman --- drivers/ata/libahci.c |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/ata/libahci.c +++ b/drivers/ata/libahci.c @@ -2516,7 +2516,7 @@ static int ahci_host_activate_multi_irqs /* Do not receive interrupts sent by dummy ports */ if (!pp) { - disable_irq(irq + i); + disable_irq(irq); continue; }
[PATCH 4.7 059/184] IB/hfi1: Reset QSFP on every run through channel tuning
4.7-stable review patch. If anyone has any objections, please let me know. -- From: Easwar Hariharancommit b5e710195492f682d93097cddac13e594d39a946 upstream. Active QSFP cables were reset only every alternate iteration of the channel tuning algorithm instead of every iteration due to incorrect reset of the flag that controlled QSFP reset, resulting in using stale QSFP status in the channel tuning algorithm. Fixes: 8ebd4cf1852a ("Add active and optical cable support") Reviewed-by: Dean Luick Signed-off-by: Easwar Hariharan Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford Signed-off-by: Greg Kroah-Hartman --- drivers/infiniband/hw/hfi1/platform.c |6 +- 1 file changed, 5 insertions(+), 1 deletion(-) --- a/drivers/infiniband/hw/hfi1/platform.c +++ b/drivers/infiniband/hw/hfi1/platform.c @@ -638,9 +638,13 @@ static int tune_active_qsfp(struct hfi1_ if (ret) return ret; + /* +* We'll change the QSFP memory contents from here on out, thus we set a +* flag here to remind ourselves to reset the QSFP module. This prevents +* reuse of stale settings established in our previous pass through. +*/ if (ppd->qsfp_info.reset_needed) { reset_qsfp(ppd); - ppd->qsfp_info.reset_needed = 0; refresh_qsfp_cache(ppd, >qsfp_info); } else { ppd->qsfp_info.reset_needed = 1;
Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active
On Thu, Sep 22, 2016 at 08:23:36PM +0200, Paolo Bonzini wrote: > Unless this is part of some spec, it's easier if things are the same in > SME and SEV. Yeah, I was pondering over how sprinkling sev_active checks might not be so clean. I'm wondering if we could make the EFI regions presented to the guest unencrypted too, as part of some SEV-specific init routine so that the guest kernel doesn't need to do anything different. -- Regards/Gruss, Boris. SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg) --
Re: GPU-DRM-TILCDC: Less function calls in tilcdc_convert_slave_node() after error detection
>> The of_node_put() function was called in some cases >> by the tilcdc_convert_slave_node() function during error handling >> even if the passed variable contained a null pointer. >> >> * Adjust jump targets according to the Linux coding style convention. >> >> * Split a condition check for resource detection failures so that >> each pointer from these function calls will be checked immediately. >> >> See also background information: >> Topic "CWE-754: Improper check for unusual or exceptional conditions" >> Link: https://cwe.mitre.org/data/definitions/754.html >> > > I don't really agree with this patch. This kind of feedback can be fine at first glance. > There is no harm in calling of_node_put() with NULL as an argument The cost of additional function calls will be eventually not noticed just because they belong to an exception handling implementation so far. > and because of that there is no point in making the function more complex There is inherent software complexity involved. > and harder to maintain. How do you think about to discuss this aspect a bit more? I suggest to reconsider this design detail if it is really acceptable for the safe implementation of such a software module. * How much will it matter in general that one function call was performed in this use case without checking its return value immediately? * Should it usually be determined quicker if a required resource could be acquired before trying the next allocation? Regards, Markus
[PATCH 4.7 050/184] mm, oom: prevent premature OOM killer invocation for high order request
4.7-stable review patch. If anyone has any objections, please let me know. -- From: Michal Hockocommit 6b4e3181d7bd5ca5ab6f45929e4a5ffa7ab4ab7f upstream. There have been several reports about pre-mature OOM killer invocation in 4.7 kernel when order-2 allocation request (for the kernel stack) invoked OOM killer even during basic workloads (light IO or even kernel compile on some filesystems). In all reported cases the memory is fragmented and there are no order-2+ pages available. There is usually a large amount of slab memory (usually dentries/inodes) and further debugging has shown that there are way too many unmovable blocks which are skipped during the compaction. Multiple reporters have confirmed that the current linux-next which includes [1] and [2] helped and OOMs are not reproducible anymore. A simpler fix for the late rc and stable is to simply ignore the compaction feedback and retry as long as there is a reclaim progress and we are not getting OOM for order-0 pages. We already do that for CONFING_COMPACTION=n so let's reuse the same code when compaction is enabled as well. [1] http://lkml.kernel.org/r/20160810091226.6709-1-vba...@suse.cz [2] http://lkml.kernel.org/r/f7a9ea9d-bb88-bfd6-e340-3a9335593...@suse.cz Fixes: 0a0337e0d1d1 ("mm, oom: rework oom detection") Link: http://lkml.kernel.org/r/20160823074339.gb23...@dhcp22.suse.cz Signed-off-by: Michal Hocko Tested-by: Olaf Hering Tested-by: Ralf-Peter Rohbeck Cc: Markus Trippelsdorf Cc: Arkadiusz Miskiewicz Cc: Ralf-Peter Rohbeck Cc: Jiri Slaby Cc: Vlastimil Babka Cc: Joonsoo Kim Cc: Tetsuo Handa Cc: David Rientjes Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman --- mm/page_alloc.c | 50 ++ 1 file changed, 2 insertions(+), 48 deletions(-) --- a/mm/page_alloc.c +++ b/mm/page_alloc.c @@ -3254,53 +3254,6 @@ __alloc_pages_direct_compact(gfp_t gfp_m return NULL; } -static inline bool -should_compact_retry(struct alloc_context *ac, int order, int alloc_flags, -enum compact_result compact_result, enum migrate_mode *migrate_mode, -int compaction_retries) -{ - int max_retries = MAX_COMPACT_RETRIES; - - if (!order) - return false; - - /* -* compaction considers all the zone as desperately out of memory -* so it doesn't really make much sense to retry except when the -* failure could be caused by weak migration mode. -*/ - if (compaction_failed(compact_result)) { - if (*migrate_mode == MIGRATE_ASYNC) { - *migrate_mode = MIGRATE_SYNC_LIGHT; - return true; - } - return false; - } - - /* -* make sure the compaction wasn't deferred or didn't bail out early -* due to locks contention before we declare that we should give up. -* But do not retry if the given zonelist is not suitable for -* compaction. -*/ - if (compaction_withdrawn(compact_result)) - return compaction_zonelist_suitable(ac, order, alloc_flags); - - /* -* !costly requests are much more important than __GFP_REPEAT -* costly ones because they are de facto nofail and invoke OOM -* killer to move on while costly can fail and users are ready -* to cope with that. 1/4 retries is rather arbitrary but we -* would need much more detailed feedback from compaction to -* make a better decision. -*/ - if (order > PAGE_ALLOC_COSTLY_ORDER) - max_retries /= 4; - if (compaction_retries <= max_retries) - return true; - - return false; -} #else static inline struct page * __alloc_pages_direct_compact(gfp_t gfp_mask, unsigned int order, @@ -3311,6 +3264,8 @@ __alloc_pages_direct_compact(gfp_t gfp_m return NULL; } +#endif /* CONFIG_COMPACTION */ + static inline bool should_compact_retry(struct alloc_context *ac, unsigned int order, int alloc_flags, enum compact_result compact_result, @@ -3337,7 +3292,6 @@ should_compact_retry(struct alloc_contex } return false; } -#endif /* CONFIG_COMPACTION */ /* Perform direct synchronous page reclaim */ static int
[PATCH 4.7 055/184] audit: fix exe_file access in audit_exe_compare
4.7-stable review patch. If anyone has any objections, please let me know. -- From: Mateusz Guzikcommit 5efc244346f9f338765da3d592f7947b0afdc4b5 upstream. Prior to the change the function would blindly deference mm, exe_file and exe_file->f_inode, each of which could have been NULL or freed. Use get_task_exe_file to safely obtain stable exe_file. Signed-off-by: Mateusz Guzik Acked-by: Konstantin Khlebnikov Acked-by: Richard Guy Briggs Signed-off-by: Paul Moore Signed-off-by: Greg Kroah-Hartman --- kernel/audit_watch.c |8 +--- 1 file changed, 5 insertions(+), 3 deletions(-) --- a/kernel/audit_watch.c +++ b/kernel/audit_watch.c @@ -19,6 +19,7 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ +#include #include #include #include @@ -544,10 +545,11 @@ int audit_exe_compare(struct task_struct unsigned long ino; dev_t dev; - rcu_read_lock(); - exe_file = rcu_dereference(tsk->mm->exe_file); + exe_file = get_task_exe_file(tsk); + if (!exe_file) + return 0; ino = exe_file->f_inode->i_ino; dev = exe_file->f_inode->i_sb->s_dev; - rcu_read_unlock(); + fput(exe_file); return audit_mark_compare(mark, ino, dev); }
Re: [tip:sched/core] sched/core: Avoid _cond_resched() for PREEMPT=y
On Thu, Sep 22, 2016 at 02:25:01PM -0400, Mikulas Patocka wrote: > I've found a document that says that cond_resched() is needed on > preemptible kernels to mark RCU quiescent states: > > https://lwn.net/Articles/603252/ > > Paul, is cond_resched() still needed on current RCU implementation? Or not? No, we ripped that out. See 4a81e8328d37 ("rcu: Reduce overhead of cond_resched() checks for RCU")
[PATCH 0/2] Ajust lockdep static allocations
These patches adjust the static allocations for lockdep data structures used for debugging locking correctness. The current code reserves about 4MB extra space for these data structures. Most of the configurations do not need these many data structures. While testing, I have not seen it go beyond 20% of already reserved entries. $grep "lock-classes" /proc/lockdep_stats lock-classes: 1560 [max: 8191] Reserving even more space seems unreasonable. So, keeping the default entries small as before the Commit 1413c0389333 ("lockdep: Increase static allocations"). Added new CONFIG_PROVE_LOCKING_PLUS in case someone needs more entries to debug their large configuration. Patch 1 : Adjusts the sizes based on the new config parameter patch 2 : Adds new config parameter Babu Moger (2): lockdep: Keep the default static allocations small config: Add new CONFIG_PROVE_LOCKING_PLUS kernel/locking/lockdep_internals.h | 14 +++--- lib/Kconfig.debug | 10 ++ 2 files changed, 21 insertions(+), 3 deletions(-)
[PATCH 4.7 032/184] ipv6: addrconf: fix dev refcont leak when DAD failed
4.7-stable review patch. If anyone has any objections, please let me know. -- From: Wei Yongjun[ Upstream commit 751eb6b6042a596b0080967c1a529a9fe98dac1d ] In general, when DAD detected IPv6 duplicate address, ifp->state will be set to INET6_IFADDR_STATE_ERRDAD and DAD is stopped by a delayed work, the call tree should be like this: ndisc_recv_ns -> addrconf_dad_failure<- missing ifp put -> addrconf_mod_dad_work -> schedule addrconf_dad_work() -> addrconf_dad_stop() <- missing ifp hold before call it addrconf_dad_failure() called with ifp refcont holding but not put. addrconf_dad_work() call addrconf_dad_stop() without extra holding refcount. This will not cause any issue normally. But the race between addrconf_dad_failure() and addrconf_dad_work() may cause ifp refcount leak and netdevice can not be unregister, dmesg show the following messages: IPv6: eth0: IPv6 duplicate address fe80::XX:::XX detected! ... unregister_netdevice: waiting for eth0 to become free. Usage count = 1 Cc: sta...@vger.kernel.org Fixes: c15b1ccadb32 ("ipv6: move DAD and addrconf_verify processing to workqueue") Signed-off-by: Wei Yongjun Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- net/ipv6/addrconf.c |2 ++ 1 file changed, 2 insertions(+) --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c @@ -1906,6 +1906,7 @@ errdad: spin_unlock_bh(>lock); addrconf_mod_dad_work(ifp, 0); + in6_ifa_put(ifp); } /* Join to solicited addr multicast group. @@ -3771,6 +3772,7 @@ static void addrconf_dad_work(struct wor addrconf_dad_begin(ifp); goto out; } else if (action == DAD_ABORT) { + in6_ifa_hold(ifp); addrconf_dad_stop(ifp, 1); goto out; }
Re: [PATCH] smp: smp_call_on_cpu(): use INIT_WORK_ONSTACK() for automatic work_struct
On Thu, Sep 22, 2016 at 08:17:58PM +0200, Nicolai Stange wrote: > This new warning > > INFO: trying to register non-static key. > the code is fine but needs lockdep annotation. > turning off the locking correctness validator. > CPU: 0 PID: 82 Comm: kworker/0:1 Not tainted 4.8.0-rc6+ #360 > Hardware name: Dell Inc. Latitude E6540/0725FP, BIOS A10 06/26/2014 > Workqueue: events smp_call_on_cpu_callback https://lkml.kernel.org/r/tip-8db549491c4a3ce9e1d509b75f78516e497f4...@git.kernel.org
[PATCH 4.7 004/184] drm/msm: protect against faults from copy_from_user() in submit ioctl
4.7-stable review patch. If anyone has any objections, please let me know. -- From: Rob Clarkcommit d78d383ab354b0b9e1d23404ae0d9fbdeb9aa035 upstream. An evil userspace could try to cause deadlock by passing an unfaulted-in GEM bo as submit->bos (or submit->cmds) table. Which will trigger msm_gem_fault() while we already hold struct_mutex. See: https://github.com/freedreno/msmtest/blob/master/evilsubmittest.c Signed-off-by: Rob Clark Signed-off-by: Greg Kroah-Hartman --- drivers/gpu/drm/msm/msm_drv.h|6 ++ drivers/gpu/drm/msm/msm_gem.c|9 + drivers/gpu/drm/msm/msm_gem_submit.c |2 ++ 3 files changed, 17 insertions(+) --- a/drivers/gpu/drm/msm/msm_drv.h +++ b/drivers/gpu/drm/msm/msm_drv.h @@ -148,6 +148,12 @@ struct msm_drm_private { } vram; struct msm_vblank_ctrl vblank_ctrl; + + /* task holding struct_mutex.. currently only used in submit path +* to detect and reject faults from copy_from_user() for submit +* ioctl. +*/ + struct task_struct *struct_mutex_task; }; struct msm_format { --- a/drivers/gpu/drm/msm/msm_gem.c +++ b/drivers/gpu/drm/msm/msm_gem.c @@ -196,11 +196,20 @@ int msm_gem_fault(struct vm_area_struct { struct drm_gem_object *obj = vma->vm_private_data; struct drm_device *dev = obj->dev; + struct msm_drm_private *priv = dev->dev_private; struct page **pages; unsigned long pfn; pgoff_t pgoff; int ret; + /* This should only happen if userspace tries to pass a mmap'd +* but unfaulted gem bo vaddr into submit ioctl, triggering +* a page fault while struct_mutex is already held. This is +* not a valid use-case so just bail. +*/ + if (priv->struct_mutex_task == current) + return VM_FAULT_SIGBUS; + /* Make sure we don't parallel update on a fault, nor move or remove * something from beneath our feet */ --- a/drivers/gpu/drm/msm/msm_gem_submit.c +++ b/drivers/gpu/drm/msm/msm_gem_submit.c @@ -394,6 +394,7 @@ int msm_ioctl_gem_submit(struct drm_devi return -ENOMEM; mutex_lock(>struct_mutex); + priv->struct_mutex_task = current; ret = submit_lookup_objects(submit, args, file); if (ret) @@ -479,6 +480,7 @@ out: submit_cleanup(submit); if (ret) msm_gem_submit_free(submit); + priv->struct_mutex_task = NULL; mutex_unlock(>struct_mutex); return ret; }
[PATCH 4.7 008/184] bpf: fix write helpers with regards to non-linear parts
4.7-stable review patch. If anyone has any objections, please let me know. -- From: Daniel Borkmann[ Upstream commit 0ed661d5a48fa6df0b50ae64d27fe759a3ce42cf ] Fix the bpf_try_make_writable() helper and all call sites we have in BPF, it's currently defect with regards to skbs when the write_len spans into non-linear parts, no matter if cloned or not. There are multiple issues at once. First, using skb_store_bits() is not correct since even if we have a cloned skb, page frags can still be shared. To really make them private, we need to pull them in via __pskb_pull_tail() first, which also gets us a private head via pskb_expand_head() implicitly. This is for helpers like bpf_skb_store_bytes(), bpf_l3_csum_replace(), bpf_l4_csum_replace(). Really, the only thing reasonable and working here is to call skb_ensure_writable() before any write operation. Meaning, via pskb_may_pull() it makes sure that parts we want to access are pulled in and if not does so plus unclones the skb implicitly. If our write_len still fits the headlen and we're cloned and our header of the clone is not writable, then we need to make a private copy via pskb_expand_head(). skb_store_bits() is a bit misleading and only safe to store into non-linear data in different contexts such as 357b40a18b04 ("[IPV6]: IPV6_CHECKSUM socket option can corrupt kernel memory"). For above BPF helper functions, it means after fixed bpf_try_make_writable(), we've pulled in enough, so that we operate always based on skb->data. Thus, the call to skb_header_pointer() and skb_store_bits() becomes superfluous. In bpf_skb_store_bytes(), the len check is unnecessary too since it can only pass in maximum of BPF stack size, so adding offset is guaranteed to never overflow. Also bpf_l3/4_csum_replace() helpers must test for proper offset alignment since they use __sum16 pointer for writing resulting csum. The remaining helpers that change skb data not discussed here yet are bpf_skb_vlan_push(), bpf_skb_vlan_pop() and bpf_skb_change_proto(). The vlan helpers internally call either skb_ensure_writable() (pop case) and skb_cow_head() (push case, for head expansion), respectively. Similarly, bpf_skb_proto_xlat() takes care to not mangle page frags. Fixes: 608cd71a9c7c ("tc: bpf: generalize pedit action") Fixes: 91bc4822c3d6 ("tc: bpf: add checksum helpers") Fixes: 3697649ff29e ("bpf: try harder on clones when writing into skb") Signed-off-by: Daniel Borkmann Acked-by: Alexei Starovoitov Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- net/core/filter.c | 70 +- 1 file changed, 18 insertions(+), 52 deletions(-) --- a/net/core/filter.c +++ b/net/core/filter.c @@ -1353,54 +1353,33 @@ static inline int bpf_try_make_writable( { int err; - if (!skb_cloned(skb)) - return 0; - if (skb_clone_writable(skb, write_len)) - return 0; - err = pskb_expand_head(skb, 0, 0, GFP_ATOMIC); - if (!err) - bpf_compute_data_end(skb); + err = skb_ensure_writable(skb, write_len); + bpf_compute_data_end(skb); + return err; } static u64 bpf_skb_store_bytes(u64 r1, u64 r2, u64 r3, u64 r4, u64 flags) { - struct bpf_scratchpad *sp = this_cpu_ptr(_sp); struct sk_buff *skb = (struct sk_buff *) (long) r1; - int offset = (int) r2; + unsigned int offset = (unsigned int) r2; void *from = (void *) (long) r3; unsigned int len = (unsigned int) r4; void *ptr; if (unlikely(flags & ~(BPF_F_RECOMPUTE_CSUM | BPF_F_INVALIDATE_HASH))) return -EINVAL; - - /* bpf verifier guarantees that: -* 'from' pointer points to bpf program stack -* 'len' bytes of it were initialized -* 'len' > 0 -* 'skb' is a valid pointer to 'struct sk_buff' -* -* so check for invalid 'offset' and too large 'len' -*/ - if (unlikely((u32) offset > 0x || len > sizeof(sp->buff))) + if (unlikely(offset > 0x)) return -EFAULT; if (unlikely(bpf_try_make_writable(skb, offset + len))) return -EFAULT; - ptr = skb_header_pointer(skb, offset, len, sp->buff); - if (unlikely(!ptr)) - return -EFAULT; - + ptr = skb->data + offset; if (flags & BPF_F_RECOMPUTE_CSUM) skb_postpull_rcsum(skb, ptr, len); memcpy(ptr, from, len); - if (ptr == sp->buff) - /* skb_store_bits cannot return -EFAULT here */ - skb_store_bits(skb, offset, ptr, len); - if (flags & BPF_F_RECOMPUTE_CSUM) skb_postpush_rcsum(skb, ptr, len); if (flags & BPF_F_INVALIDATE_HASH) @@ -1423,12 +1402,12 @@ static const struct bpf_func_proto bpf_s static u64
[PATCH 1/2] lockdep: Keep the default static allocations small
The Commit 1413c0389333 ("lockdep: Increase static allocations") doubled the static allocation for lockdep. The size is unusually high and not required for majority of the configurations. This could cause problems to some environments with limited memory configurations. We are already seeing issues on our sparc configuration where kernel fails to boot when lockdep feature is enabled. This patch keeps the default size to same as before Commit 1413c0389333 ("lockdep: Increase static allocations"). Adding the new config parameter CONFIG_PROVE_LOCKING_PLUS in case someone needs to enable more static space for lockdep entries, lock chains and stack traces to debug large configurations. Signed-off-by: Babu Moger--- kernel/locking/lockdep_internals.h | 14 +++--- 1 files changed, 11 insertions(+), 3 deletions(-) diff --git a/kernel/locking/lockdep_internals.h b/kernel/locking/lockdep_internals.h index 51c4b24..47336a6 100644 --- a/kernel/locking/lockdep_internals.h +++ b/kernel/locking/lockdep_internals.h @@ -54,18 +54,26 @@ enum { * table (if it's not there yet), and we check it for lock order * conflicts and deadlocks. */ +#ifdef CONFIG_PROVE_LOCKING_PLUS #define MAX_LOCKDEP_ENTRIES32768UL #define MAX_LOCKDEP_CHAINS_BITS16 -#define MAX_LOCKDEP_CHAINS (1UL << MAX_LOCKDEP_CHAINS_BITS) - -#define MAX_LOCKDEP_CHAIN_HLOCKS (MAX_LOCKDEP_CHAINS*5) /* * Stack-trace: tightly packed array of stack backtrace * addresses. Protected by the hash_lock. */ #define MAX_STACK_TRACE_ENTRIES524288UL +#else +#define MAX_LOCKDEP_ENTRIES16384UL +#define MAX_LOCKDEP_CHAINS_BITS15 +#define MAX_STACK_TRACE_ENTRIES262144UL +#endif + +#define MAX_LOCKDEP_CHAINS (1UL << MAX_LOCKDEP_CHAINS_BITS) + +#define MAX_LOCKDEP_CHAIN_HLOCKS (MAX_LOCKDEP_CHAINS*5) + extern struct list_head all_lock_classes; extern struct lock_chain lock_chains[]; -- 1.7.1
[PATCH 4.7 045/184] NFSv4.x: Fix a refcount leak in nfs_callback_up_net
4.7-stable review patch. If anyone has any objections, please let me know. -- From: Trond Myklebustcommit 98b0f80c2396224bbbed81792b526e6c72ba9efa upstream. On error, the callers expect us to return without bumping nn->cb_users[]. Signed-off-by: Trond Myklebust Signed-off-by: Greg Kroah-Hartman --- fs/nfs/callback.c |1 + 1 file changed, 1 insertion(+) --- a/fs/nfs/callback.c +++ b/fs/nfs/callback.c @@ -275,6 +275,7 @@ static int nfs_callback_up_net(int minor err_socks: svc_rpcb_cleanup(serv, net); err_bind: + nn->cb_users[minorversion]--; dprintk("NFS: Couldn't create callback socket: err = %d; " "net = %p\n", ret, net); return ret;
[PATCH 4.7 000/184] 4.7.5-stable review
This is the start of the stable review cycle for the 4.7.5 release. There are 184 patches in this series, all will be posted as a response to this one. If anyone has any issues with these being applied, please let me know. Responses should be made by Sat Sep 24 17:40:23 UTC 2016. Anything received after that time might be too late. The whole patch series can be found in one patch at: kernel.org/pub/linux/kernel/v4.x/stable-review/patch-4.7.5-rc1.gz or in the git tree and branch at: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-4.7.y and the diffstat can be found below. thanks, greg k-h - Pseudo-Shortlog of commits: Greg Kroah-HartmanLinux 4.7.5-rc1 Linus Torvalds Add braces to avoid "ambiguous ‘else’" compiler warnings Thomas Gleixner genirq/msi: Fix broken debug output Arnd Bergmann iwlegacy: avoid warning about missing braces Al Viro ia64: copy_from_user() should zero the destination on access_ok() failure Al Viro ppc32: fix copy_from_user() Al Viro sparc32: fix copy_from_user() Al Viro mn10300: copy_from_user() should zero on access_ok() failure... Al Viro nios2: copy_from_user() should zero the tail of destination Al Viro openrisc: fix copy_from_user() Al Viro parisc: fix copy_from_user() Al Viro metag: copy_from_user() should zero the destination on access_ok() failure Al Viro alpha: fix copy_from_user() Al Viro asm-generic: make copy_from_user() zero the destination properly Al Viro mips: copy_from_user() must zero the destination on access_ok() failure Al Viro hexagon: fix strncpy_from_user() error return Pan Xinhui sh: cmpxchg: fix a bit shift bug in big_endian os Al Viro sh: fix copy_from_user() Al Viro score: fix copy_from_user() and friends Al Viro blackfin: fix copy_from_user() Al Viro cris: buggered copy_from_user/copy_to_user/clear_user Al Viro frv: fix clear_user() Al Viro asm-generic: make get_user() clear the destination on errors Vineet Gupta ARC: uaccess: get_user to zero out dest in cause of fault Al Viro s390: get_user() should zero on failure Al Viro score: fix __get_user/get_user Al Viro nios2: fix __get_user() Al Viro sh64: failing __get_user() should zero Al Viro m32r: fix __get_user() Al Viro mn10300: failing __get_user() and get_user() should zero Al Viro fix minor infoleak in get_user_ex() Al Viro microblaze: fix copy_from_user() Al Viro avr32: fix copy_from_user() Al Viro microblaze: fix __get_user() Al Viro fix iov_iter_fault_in_readable() Boris Brezillon irqchip/atmel-aic: Fix potential deadlock in ->xlate() Boris Brezillon genirq: Provide irq_gc_{lock_irqsave,unlock_irqrestore}() helpers Lee Jones mmc: sdhci-st: Handle interconnect clock Chuck Lever svcauth_gss: Revert 64c59a3726f2 ("Remove unnecessary allocation") Kristian H. Kristensen drm: Only use compat ioctl for addfb2 on X86/IA64 Ville Syrjälä drm/i915: Ignore OpRegion panel type except on select machines Jan Leupold drm: atmel-hlcdc: Fix vertical scaling Arnd Bergmann kconfig: tinyconfig: provide whole choice blocks to avoid warnings Mike Danese mpssd: fix buffer overflow warning Christophe Leroy powerpc/32: Fix again csum_partial_copy_generic() Christophe Leroy powerpc/32: Fix csum_partial_copy_generic() Jeffrey Hugo x86/efi: Use efi_exit_boot_services() Jeffrey Hugo efi/libstub: Use efi_exit_boot_services() in FDT Jeffrey Hugo efi/libstub: Introduce ExitBootServices helper Jeffrey Hugo efi/libstub: Allocate headspace in
[PATCH 4.7 009/184] net/irda: handle iriap_register_lsap() allocation failure
4.7-stable review patch. If anyone has any objections, please let me know. -- From: Vegard Nossum[ Upstream commit 5ba092efc7ddff040777ae7162f1d195f513571b ] If iriap_register_lsap() fails to allocate memory, self->lsap is set to NULL. However, none of the callers handle the failure and irlmp_connect_request() will happily dereference it: iriap_register_lsap: Unable to allocated LSAP! UBSAN: Undefined behaviour in net/irda/irlmp.c:378:2 member access within null pointer of type 'struct lsap_cb' CPU: 1 PID: 15403 Comm: trinity-c0 Not tainted 4.8.0-rc1+ #81 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.9.3-0-ge2fc41e-prebuilt.qemu-project.org 04/01/2014 88010c7e78a8 82344f40 41b58ab3 84f98000 82344e94 88010c7e78d0 88010c7e7880 88010630ad00 84a5fae0 84d3f5c0 017a Call Trace: [] dump_stack+0xac/0xfc [] ubsan_epilogue+0xd/0x8a [] __ubsan_handle_type_mismatch+0x157/0x411 [] irlmp_connect_request+0x7ac/0x970 [] iriap_connect_request+0xa0/0x160 [] state_s_disconnect+0x88/0xd0 [] iriap_do_client_event+0x94/0x120 [] iriap_getvaluebyclass_request+0x3e0/0x6d0 [] irda_find_lsap_sel+0x1eb/0x630 [] irda_connect+0x828/0x12d0 [] SYSC_connect+0x22b/0x340 [] SyS_connect+0x9/0x10 [] do_syscall_64+0x1b3/0x4b0 [] entry_SYSCALL64_slow_path+0x25/0x25 The bug seems to have been around since forever. There's more problems with missing error checks in iriap_init() (and indeed all of irda_init()), but that's a bigger problem that needs very careful review and testing. This patch will fix the most serious bug (as it's easily reached from unprivileged userspace). I have tested my patch with a reproducer. Signed-off-by: Vegard Nossum Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- net/irda/iriap.c |8 ++-- 1 file changed, 6 insertions(+), 2 deletions(-) --- a/net/irda/iriap.c +++ b/net/irda/iriap.c @@ -185,8 +185,12 @@ struct iriap_cb *iriap_open(__u8 slsap_s self->magic = IAS_MAGIC; self->mode = mode; - if (mode == IAS_CLIENT) - iriap_register_lsap(self, slsap_sel, mode); + if (mode == IAS_CLIENT) { + if (iriap_register_lsap(self, slsap_sel, mode)) { + kfree(self); + return NULL; + } + } self->confirm = callback; self->priv = priv;
[PATCH 4.7 005/184] bpf: fix method of PTR_TO_PACKET reg id generation
4.7-stable review patch. If anyone has any objections, please let me know. -- From: Jakub Kicinski[ Upstream commit 1f415a74b0ca64b5bfacbb12d71ed2ec050a8cfb ] Using per-register incrementing ID can lead to find_good_pkt_pointers() confusing registers which have completely different values. Consider example: 0: (bf) r6 = r1 1: (61) r8 = *(u32 *)(r6 +76) 2: (61) r0 = *(u32 *)(r6 +80) 3: (bf) r7 = r8 4: (07) r8 += 32 5: (2d) if r8 > r0 goto pc+9 R0=pkt_end R1=ctx R6=ctx R7=pkt(id=0,off=0,r=32) R8=pkt(id=0,off=32,r=32) R10=fp 6: (bf) r8 = r7 7: (bf) r9 = r7 8: (71) r1 = *(u8 *)(r7 +0) 9: (0f) r8 += r1 10: (71) r1 = *(u8 *)(r7 +1) 11: (0f) r9 += r1 12: (07) r8 += 32 13: (2d) if r8 > r0 goto pc+1 R0=pkt_end R1=inv56 R6=ctx R7=pkt(id=0,off=0,r=32) R8=pkt(id=1,off=32,r=32) R9=pkt(id=1,off=0,r=32) R10=fp 14: (71) r1 = *(u8 *)(r9 +16) 15: (b7) r7 = 0 16: (bf) r0 = r7 17: (95) exit We need to get a UNKNOWN_VALUE with imm to force id generation so lines 0-5 make r7 a valid packet pointer. We then read two different bytes from the packet and add them to copies of the constructed packet pointer. r8 (line 9) and r9 (line 11) will get the same id of 1, independently. When either of them is validated (line 13) - find_good_pkt_pointers() will also mark the other as safe. This leads to access on line 14 being mistakenly considered safe. Fixes: 969bf05eb3ce ("bpf: direct packet access") Signed-off-by: Jakub Kicinski Acked-by: Alexei Starovoitov Acked-by: Daniel Borkmann Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- kernel/bpf/verifier.c |3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/kernel/bpf/verifier.c +++ b/kernel/bpf/verifier.c @@ -194,6 +194,7 @@ struct verifier_env { struct verifier_state_list **explored_states; /* search pruning optimization */ struct bpf_map *used_maps[MAX_USED_MAPS]; /* array of map's used by eBPF program */ u32 used_map_cnt; /* number of used maps */ + u32 id_gen; /* used to generate unique reg IDs */ bool allow_ptr_leaks; }; @@ -1277,7 +1278,7 @@ add_imm: /* dst_reg stays as pkt_ptr type and since some positive * integer value was added to the pointer, increment its 'id' */ - dst_reg->id++; + dst_reg->id = ++env->id_gen; /* something was added to pkt_ptr, set range and off to zero */ dst_reg->off = 0;
[PATCH 4.7 007/184] vti: flush x-netns xfrm cache when vti interface is removed
4.7-stable review patch. If anyone has any objections, please let me know. -- From: Lance Richardson[ Upstream commit a5d0dc810abf3d6b241777467ee1d6efb02575fc ] When executing the script included below, the netns delete operation hangs with the following message (repeated at 10 second intervals): kernel:unregister_netdevice: waiting for lo to become free. Usage count = 1 This occurs because a reference to the lo interface in the "secure" netns is still held by a dst entry in the xfrm bundle cache in the init netns. Address this problem by garbage collecting the tunnel netns flow cache when a cross-namespace vti interface receives a NETDEV_DOWN notification. A more detailed description of the problem scenario (referencing commands in the script below): (1) ip link add vti_test type vti local 1.1.1.1 remote 1.1.1.2 key 1 The vti_test interface is created in the init namespace. vti_tunnel_init() attaches a struct ip_tunnel to the vti interface's netdev_priv(dev), setting the tunnel net to _net. (2) ip link set vti_test netns secure The vti_test interface is moved to the "secure" netns. Note that the associated struct ip_tunnel still has tunnel->net set to _net. (3) ip netns exec secure ping -c 4 -i 0.02 -I 192.168.100.1 192.168.200.1 The first packet sent using the vti device causes xfrm_lookup() to be called as follows: dst = xfrm_lookup(tunnel->net, skb_dst(skb), fl, NULL, 0); Note that tunnel->net is the init namespace, while skb_dst(skb) references the vti_test interface in the "secure" namespace. The returned dst references an interface in the init namespace. Also note that the first parameter to xfrm_lookup() determines which flow cache is used to store the computed xfrm bundle, so after xfrm_lookup() returns there will be a cached bundle in the init namespace flow cache with a dst referencing a device in the "secure" namespace. (4) ip netns del secure Kernel begins to delete the "secure" namespace. At some point the vti_test interface is deleted, at which point dst_ifdown() changes the dst->dev in the cached xfrm bundle flow from vti_test to lo (still in the "secure" namespace however). Since nothing has happened to cause the init namespace's flow cache to be garbage collected, this dst remains attached to the flow cache, so the kernel loops waiting for the last reference to lo to go away. ip link add br1 type bridge ip link set dev br1 up ip addr add dev br1 1.1.1.1/8 ip netns add secure ip link add vti_test type vti local 1.1.1.1 remote 1.1.1.2 key 1 ip link set vti_test netns secure ip netns exec secure ip link set vti_test up ip netns exec secure ip link s lo up ip netns exec secure ip addr add dev lo 192.168.100.1/24 ip netns exec secure ip route add 192.168.200.0/24 dev vti_test ip xfrm policy flush ip xfrm state flush ip xfrm policy add dir out tmpl src 1.1.1.1 dst 1.1.1.2 \ proto esp mode tunnel mark 1 ip xfrm policy add dir in tmpl src 1.1.1.2 dst 1.1.1.1 \ proto esp mode tunnel mark 1 ip xfrm state add src 1.1.1.1 dst 1.1.1.2 proto esp spi 1 \ mode tunnel enc des3_ede 0x112233445566778811223344556677881122334455667788 ip xfrm state add src 1.1.1.2 dst 1.1.1.1 proto esp spi 1 \ mode tunnel enc des3_ede 0x112233445566778811223344556677881122334455667788 ip netns exec secure ping -c 4 -i 0.02 -I 192.168.100.1 192.168.200.1 ip netns del secure Reported-by: Hangbin Liu Reported-by: Jan Tluka Signed-off-by: Lance Richardson Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- net/ipv4/ip_vti.c | 31 +++ 1 file changed, 31 insertions(+) --- a/net/ipv4/ip_vti.c +++ b/net/ipv4/ip_vti.c @@ -557,6 +557,33 @@ static struct rtnl_link_ops vti_link_ops .get_link_net = ip_tunnel_get_link_net, }; +static bool is_vti_tunnel(const struct net_device *dev) +{ + return dev->netdev_ops == _netdev_ops; +} + +static int vti_device_event(struct notifier_block *unused, + unsigned long event, void *ptr) +{ + struct net_device *dev = netdev_notifier_info_to_dev(ptr); + struct ip_tunnel *tunnel = netdev_priv(dev); + + if (!is_vti_tunnel(dev)) + return NOTIFY_DONE; + + switch (event) { + case NETDEV_DOWN: + if (!net_eq(tunnel->net, dev_net(dev))) + xfrm_garbage_collect(tunnel->net); + break; + } + return NOTIFY_DONE; +} + +static struct notifier_block vti_notifier_block __read_mostly = { + .notifier_call = vti_device_event, +}; + static int __init vti_init(void) { const char *msg; @@ -564,6 +591,8 @@ static int __init vti_init(void) pr_info("IPv4 over IPsec tunneling driver\n"); + register_netdevice_notifier(_notifier_block); + msg = "tunnel
[PATCH 2/2] config: Add new CONFIG_PROVE_LOCKING_PLUS
Adding the new config parameter CONFIG_PROVE_LOCKING_PLUS in case someone needs to enable more static space for lockdep entries, lock chains and stack traces to debug large configurations. The default size is kept small to cover majority of the configs. Signed-off-by: Babu Moger--- lib/Kconfig.debug | 10 ++ 1 files changed, 10 insertions(+), 0 deletions(-) diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug index b9cfdbf..d5d995e 100644 --- a/lib/Kconfig.debug +++ b/lib/Kconfig.debug @@ -1070,6 +1070,16 @@ config PROVE_LOCKING For more details, see Documentation/locking/lockdep-design.txt. +config PROVE_LOCKING_PLUS + bool "Reserve extra space for prove locking correctness" + depends on PROVE_LOCKING + default n + help +This feature reserves more space for lockdep entries, lock chains +and stack traces to debug large configurations. This could add +about additional 4MB static memory to kernel size. This is not +suitable for embedded or other limited memory configurations. + config LOCKDEP bool depends on DEBUG_KERNEL && TRACE_IRQFLAGS_SUPPORT && STACKTRACE_SUPPORT && LOCKDEP_SUPPORT -- 1.7.1
[PATCH 4.4 084/118] drm: atmel-hlcdc: Fix vertical scaling
4.4-stable review patch. If anyone has any objections, please let me know. -- From: Jan Leupoldcommit d31ed3f05763644840c654a384eaefa94c097ba2 upstream. The code is applying the same scaling for the X and Y components, thus making the scaling feature only functional when both components have the same scaling factor. Do the s/_w/_h/ replacement where appropriate to fix vertical scaling. Signed-off-by: Jan Leupold Fixes: 1a396789f65a2 ("drm: add Atmel HLCDC Display Controller support") Signed-off-by: Boris Brezillon Signed-off-by: Greg Kroah-Hartman --- drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_plane.c | 10 +- 1 file changed, 5 insertions(+), 5 deletions(-) --- a/drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_plane.c +++ b/drivers/gpu/drm/atmel-hlcdc/atmel_hlcdc_plane.c @@ -316,19 +316,19 @@ atmel_hlcdc_plane_update_pos_and_size(st u32 *coeff_tab = heo_upscaling_ycoef; u32 max_memsize; - if (state->crtc_w < state->src_w) + if (state->crtc_h < state->src_h) coeff_tab = heo_downscaling_ycoef; for (i = 0; i < ARRAY_SIZE(heo_upscaling_ycoef); i++) atmel_hlcdc_layer_update_cfg(>layer, 33 + i, 0x, coeff_tab[i]); - factor = ((8 * 256 * state->src_w) - (256 * 4)) / -state->crtc_w; + factor = ((8 * 256 * state->src_h) - (256 * 4)) / +state->crtc_h; factor++; - max_memsize = ((factor * state->crtc_w) + (256 * 4)) / + max_memsize = ((factor * state->crtc_h) + (256 * 4)) / 2048; - if (max_memsize > state->src_w) + if (max_memsize > state->src_h) factor--; factor_reg |= (factor << 16) | 0x8000; }
[PATCH 4.4 116/118] ppc32: fix copy_from_user()
4.4-stable review patch. If anyone has any objections, please let me know. -- From: Al Virocommit 224264657b8b228f949b42346e09ed8c90136a8e upstream. should clear on access_ok() failures. Also remove the useless range truncation logics. Signed-off-by: Al Viro Signed-off-by: Greg Kroah-Hartman --- arch/powerpc/include/asm/uaccess.h | 21 ++--- 1 file changed, 2 insertions(+), 19 deletions(-) --- a/arch/powerpc/include/asm/uaccess.h +++ b/arch/powerpc/include/asm/uaccess.h @@ -323,30 +323,17 @@ extern unsigned long __copy_tofrom_user( static inline unsigned long copy_from_user(void *to, const void __user *from, unsigned long n) { - unsigned long over; - - if (access_ok(VERIFY_READ, from, n)) + if (likely(access_ok(VERIFY_READ, from, n))) return __copy_tofrom_user((__force void __user *)to, from, n); - if ((unsigned long)from < TASK_SIZE) { - over = (unsigned long)from + n - TASK_SIZE; - return __copy_tofrom_user((__force void __user *)to, from, - n - over) + over; - } ++ memset(to, 0, n); return n; } static inline unsigned long copy_to_user(void __user *to, const void *from, unsigned long n) { - unsigned long over; - if (access_ok(VERIFY_WRITE, to, n)) return __copy_tofrom_user(to, (__force void __user *)from, n); - if ((unsigned long)to < TASK_SIZE) { - over = (unsigned long)to + n - TASK_SIZE; - return __copy_tofrom_user(to, (__force void __user *)from, - n - over) + over; - } return n; } @@ -437,10 +424,6 @@ static inline unsigned long clear_user(v might_fault(); if (likely(access_ok(VERIFY_WRITE, addr, size))) return __clear_user(addr, size); - if ((unsigned long)addr < TASK_SIZE) { - unsigned long over = (unsigned long)addr + size - TASK_SIZE; - return __clear_user(addr, size - over) + over; - } return size; }
Re: [PATCH 2/2] net: thunderx: Support for byte queue limits
On 09/22/2016 02:05 AM, sunil.kovv...@gmail.com wrote: > From: Sunil Goutham> > This patch adds support for byte queue limits > > Signed-off-by: Sunil Goutham Where is the code that calls netdev_tx_reset_queue()? This is needed in the function that brings down the interface, did your test survive a up/down/up sequence? > --- > drivers/net/ethernet/cavium/thunder/nicvf_main.c | 11 ++-- > drivers/net/ethernet/cavium/thunder/nicvf_queues.c | 30 > ++ > 2 files changed, 29 insertions(+), 12 deletions(-) > > diff --git a/drivers/net/ethernet/cavium/thunder/nicvf_main.c > b/drivers/net/ethernet/cavium/thunder/nicvf_main.c > index 7d00162..453e3a0 100644 > --- a/drivers/net/ethernet/cavium/thunder/nicvf_main.c > +++ b/drivers/net/ethernet/cavium/thunder/nicvf_main.c > @@ -516,7 +516,8 @@ static int nicvf_init_resources(struct nicvf *nic) > static void nicvf_snd_pkt_handler(struct net_device *netdev, > struct cmp_queue *cq, > struct cqe_send_t *cqe_tx, > - int cqe_type, int budget) > + int cqe_type, int budget, > + unsigned int *tx_pkts, unsigned int *tx_bytes) > { > struct sk_buff *skb = NULL; > struct nicvf *nic = netdev_priv(netdev); > @@ -547,6 +548,8 @@ static void nicvf_snd_pkt_handler(struct net_device > *netdev, > } > nicvf_put_sq_desc(sq, hdr->subdesc_cnt + 1); > prefetch(skb); > + (*tx_pkts)++; > + *tx_bytes += skb->len; > napi_consume_skb(skb, budget); > sq->skbuff[cqe_tx->sqe_ptr] = (u64)NULL; > } else { > @@ -662,6 +665,7 @@ static int nicvf_cq_intr_handler(struct net_device > *netdev, u8 cq_idx, > struct cmp_queue *cq = >cq[cq_idx]; > struct cqe_rx_t *cq_desc; > struct netdev_queue *txq; > + unsigned int tx_pkts = 0, tx_bytes = 0; > > spin_lock_bh(>lock); > loop: > @@ -701,7 +705,7 @@ loop: > case CQE_TYPE_SEND: > nicvf_snd_pkt_handler(netdev, cq, > (void *)cq_desc, CQE_TYPE_SEND, > - budget); > + budget, _pkts, _bytes); > tx_done++; > break; > case CQE_TYPE_INVALID: > @@ -730,6 +734,9 @@ done: > netdev = nic->pnicvf->netdev; > txq = netdev_get_tx_queue(netdev, > nicvf_netdev_qidx(nic, cq_idx)); > + if (tx_pkts) > + netdev_tx_completed_queue(txq, tx_pkts, tx_bytes); > + > nic = nic->pnicvf; > if (netif_tx_queue_stopped(txq) && netif_carrier_ok(netdev)) { > netif_tx_start_queue(txq); > diff --git a/drivers/net/ethernet/cavium/thunder/nicvf_queues.c > b/drivers/net/ethernet/cavium/thunder/nicvf_queues.c > index 178c5c7..a4fc501 100644 > --- a/drivers/net/ethernet/cavium/thunder/nicvf_queues.c > +++ b/drivers/net/ethernet/cavium/thunder/nicvf_queues.c > @@ -1082,6 +1082,24 @@ static inline void nicvf_sq_add_cqe_subdesc(struct > snd_queue *sq, int qentry, > imm->len = 1; > } > > +static inline void nicvf_sq_doorbell(struct nicvf *nic, struct sk_buff *skb, > + int sq_num, int desc_cnt) > +{ > + struct netdev_queue *txq; > + > + txq = netdev_get_tx_queue(nic->pnicvf->netdev, > + skb_get_queue_mapping(skb)); > + > + netdev_tx_sent_queue(txq, skb->len); > + > + /* make sure all memory stores are done before ringing doorbell */ > + smp_wmb(); > + > + /* Inform HW to xmit all TSO segments */ > + nicvf_queue_reg_write(nic, NIC_QSET_SQ_0_7_DOOR, > + sq_num, desc_cnt); > +} > + > /* Segment a TSO packet into 'gso_size' segments and append > * them to SQ for transfer > */ > @@ -1141,12 +1159,8 @@ static int nicvf_sq_append_tso(struct nicvf *nic, > struct snd_queue *sq, > /* Save SKB in the last segment for freeing */ > sq->skbuff[hdr_qentry] = (u64)skb; > > - /* make sure all memory stores are done before ringing doorbell */ > - smp_wmb(); > + nicvf_sq_doorbell(nic, skb, sq_num, desc_cnt); > > - /* Inform HW to xmit all TSO segments */ > - nicvf_queue_reg_write(nic, NIC_QSET_SQ_0_7_DOOR, > - sq_num, desc_cnt); > nic->drv_stats.tx_tso++; > return 1; > } > @@ -1219,12 +1233,8 @@ doorbell: > nicvf_sq_add_cqe_subdesc(sq, qentry, tso_sqe, skb); > } > > - /* make sure all memory stores are done before ringing doorbell */ > - smp_wmb(); > + nicvf_sq_doorbell(nic, skb, sq_num, subdesc_cnt); > > - /* Inform HW to xmit new packet */ > -
[PATCH v3] dmaengine: s3c24xx: Add dma_slave_map for s3c2440 devices
This patch updates the s3c24xx dma driver to be able to pass a dma_slave_map array via the platform data. This is needed to be able to use the new, simpler dmaengine API [1]. I used the virtual DMA channels as a parameter for the dma_filter function. By doing that, I could reuse the existing filter function in drivers/dma/s3c24xx-dma.c. I have tested this on my mini2440 board with the audio driver. According to my observations, dma_request_slave_channel in the function dmaengine_pcm_new in the file sound/soc/soc-generic-dmaengine-pcm.c now returns a valid DMA channel whereas before no DMA channel was returned at that point. Entries for DMACH_XD0, DMACH_XD1 and DMACH_TIMER are missing because I don't realy know which driver to use for these. [1] http://lists.infradead.org/pipermail/linux-arm-kernel/2015-December/393635.html Signed-off-by: Sam Van Den BergeReviewed-by: Sylwester Nawrocki Acked-by: Arnd Bergmann Acked-by: Krzysztof Kozlowski --- This patch depends on the audio fixes from Sylwester Nawrocki (http://www.spinics.net/lists/arm-kernel/msg521918.html) Changes since v2: - s/3c2440-sdi/s3c2440-sdi/ - Removed reference to the audio fixes of Sylwester from the commit message because I don't think it belongs in the commit message itself. Changes since v1: - rename arm into dmaengine in title - one channel for s3c2440-sdi named "rx-tx" arch/arm/mach-s3c24xx/common.c| 35 +++ drivers/dma/s3c24xx-dma.c | 3 +++ include/linux/platform_data/dma-s3c24xx.h | 6 ++ 3 files changed, 44 insertions(+) diff --git a/arch/arm/mach-s3c24xx/common.c b/arch/arm/mach-s3c24xx/common.c index fe7485d..f6c3f15 100644 --- a/arch/arm/mach-s3c24xx/common.c +++ b/arch/arm/mach-s3c24xx/common.c @@ -33,6 +33,7 @@ #include #include #include +#include #include #include @@ -445,10 +446,44 @@ static struct s3c24xx_dma_channel s3c2440_dma_channels[DMACH_MAX] = { [DMACH_USB_EP4] = { S3C24XX_DMA_APB, true, S3C24XX_DMA_CHANREQ(4, 3), }, }; +static const struct dma_slave_map s3c2440_dma_slave_map[] = { + /* TODO: DMACH_XD0 */ + /* TODO: DMACH_XD1 */ + { "s3c2440-sdi", "rx-tx", (void *)DMACH_SDI }, + { "s3c2410-spi.0", "rx", (void *)DMACH_SPI0 }, + { "s3c2410-spi.0", "tx", (void *)DMACH_SPI0 }, + { "s3c2410-spi.1", "rx", (void *)DMACH_SPI1 }, + { "s3c2410-spi.1", "tx", (void *)DMACH_SPI1 }, + { "s3c2440-uart.0", "rx", (void *)DMACH_UART0 }, + { "s3c2440-uart.0", "tx", (void *)DMACH_UART0 }, + { "s3c2440-uart.1", "rx", (void *)DMACH_UART1 }, + { "s3c2440-uart.1", "tx", (void *)DMACH_UART1 }, + { "s3c2440-uart.2", "rx", (void *)DMACH_UART2 }, + { "s3c2440-uart.2", "tx", (void *)DMACH_UART2 }, + { "s3c2440-uart.3", "rx", (void *)DMACH_UART3 }, + { "s3c2440-uart.3", "tx", (void *)DMACH_UART3 }, + /* TODO: DMACH_TIMER */ + { "s3c24xx-iis", "rx", (void *)DMACH_I2S_IN }, + { "s3c24xx-iis", "tx", (void *)DMACH_I2S_OUT }, + { "samsung-ac97", "rx", (void *)DMACH_PCM_IN }, + { "samsung-ac97", "tx", (void *)DMACH_PCM_OUT }, + { "samsung-ac97", "rx", (void *)DMACH_MIC_IN }, + { "s3c-hsudc", "rx0", (void *)DMACH_USB_EP1 }, + { "s3c-hsudc", "rx1", (void *)DMACH_USB_EP2 }, + { "s3c-hsudc", "rx2", (void *)DMACH_USB_EP3 }, + { "s3c-hsudc", "rx3", (void *)DMACH_USB_EP4 }, + { "s3c-hsudc", "tx0", (void *)DMACH_USB_EP1 }, + { "s3c-hsudc", "tx1", (void *)DMACH_USB_EP2 }, + { "s3c-hsudc", "tx2", (void *)DMACH_USB_EP3 }, + { "s3c-hsudc", "tx3", (void *)DMACH_USB_EP4 } +}; + static struct s3c24xx_dma_platdata s3c2440_dma_platdata = { .num_phy_channels = 4, .channels = s3c2440_dma_channels, .num_channels = DMACH_MAX, + .slave_map = s3c2440_dma_slave_map, + .slavecnt = ARRAY_SIZE(s3c2440_dma_slave_map), }; struct platform_device s3c2440_device_dma = { diff --git a/drivers/dma/s3c24xx-dma.c b/drivers/dma/s3c24xx-dma.c index ce67075..d5c85e7 100644 --- a/drivers/dma/s3c24xx-dma.c +++ b/drivers/dma/s3c24xx-dma.c @@ -1301,6 +1301,9 @@ static int s3c24xx_dma_probe(struct platform_device *pdev) s3cdma->slave.device_prep_dma_cyclic = s3c24xx_dma_prep_dma_cyclic; s3cdma->slave.device_config = s3c24xx_dma_set_runtime_config; s3cdma->slave.device_terminate_all = s3c24xx_dma_terminate_all; + s3cdma->slave.filter.map = pdata->slave_map; + s3cdma->slave.filter.mapcnt = pdata->slavecnt; + s3cdma->slave.filter.fn = s3c24xx_dma_filter; /* Register as many memcpy channels as there are physical channels */ ret = s3c24xx_dma_init_virtual_channels(s3cdma, >memcpy, diff --git a/include/linux/platform_data/dma-s3c24xx.h b/include/linux/platform_data/dma-s3c24xx.h index 89ba1b0..4f9aba4 100644 ---
Re: [PATCH v4 10/10] cpufreq: intel_pstate: Use CPPC to get max performance
On Wed, 2016-09-21 at 22:30 +0200, Rafael J. Wysocki wrote: > On Wed, Sep 21, 2016 at 9:19 PM, Srinivas Pandruvada >wrote: > > > > > > + > > +static void intel_pstate_check_and_enable_itmt(int cpu) > > +{ > > + /* > > +* For checking whether there is any difference in the maximum > > +* performance for each CPU, need to wait till we have CPPC > > +* data from all CPUs called from the cpufreq core. If there is a > > +* difference in the maximum performance, then we have ITMT support. > > +* If ITMT is supported, update the scheduler core priority for each > > +* CPU and call to enable the ITMT feature. > > +*/ > > + if (cpumask_subset(topology_core_cpumask(cpu), > > _read_cpu_mask)) { > > + int cpu_index; > > + int max_prio; > > + struct cpudata *cpu; > > + bool itmt_support = false; > > + > > + cpu = all_cpu_data[cpumask_first(_read_cpu_mask)]; > > + max_prio = cpu->cppc_perf->highest_perf; > > + for_each_cpu(cpu_index, _read_cpu_mask) { > > + cpu = all_cpu_data[cpu_index]; > > + if (max_prio != cpu->cppc_perf->highest_perf) { > > + itmt_support = true; > > + break; > > + } > > + } > > + > > + if (!itmt_support) > > + return; > > + > > + for_each_cpu(cpu_index, _read_cpu_mask) { > > + cpu = all_cpu_data[cpu_index]; > > + > > sched_set_itmt_core_prio(cpu->cppc_perf->highest_perf, > > +cpu_index); > > + } > My current understanding is that we need to rebuild sched domains > after setting the priorities, No, that's not true. We need to rebuild the sched domains only when the sched domain flags are changed, not when we are changing the priorities. Only the sched domain flag is a property of the sched domain. CPU priority values are not part of sched domain. Morten had similar question about whether we need to rebuild sched domain when we change cpu priorities when we first post the patches. Peter has explained that it wasn't necessary. http://lkml.iu.edu/hypermail/linux/kernel/1608.3/01753.html > so what if there are two CPU packages > and there are highest_perf differences in both, and we first enumerate > the first package entirely before getting to the second one? > > In that case we'll schedule the work item after enumerating the first > package and it may rebuild the sched domains before all priorities are > set for the second package, may it not? That is not a problem. For the second package, all the cpu priorities are initialized to the same value. So even if we start to do asym_packing in the scheduler for the whole system, on the second package, all the cpus are treated equally by the scheduler. We will operate as if there is no favored core till we update the priorities of the cpu on the second package. That said, we don't enable ITMT automatically for 2 package system. So the explicit sysctl command to enable ITMT and cause the sched domain rebuild for 2 package system is most likely to come after we have discovered and set all the cpu priorities. > > This seems to require some more consideration. > > > > > + /* > > +* Since this function is in the hotcpu notifier callback > > +* path, submit a task to workqueue to call > > +* sched_set_itmt_support(). > > +*/ > > + schedule_work(_itmt_work); > It doesn't make sense to do this more than once IMO and what if we > attempt to schedule the work item again when it has been scheduled > once already? Don't we need any protection here? It is not a problem for sched_set_itmt_support to be called more than once. First, we will ignore the second call if sched_itmt_capable has already been set to the same value in the previous sched_set_itmt_support call. Secondly, the call to update sched_itmt_capable is protected by the itmt_update_mutex. Thanks. Tim
[PATCH 4.4 086/118] genirq: Provide irq_gc_{lock_irqsave,unlock_irqrestore}() helpers
4.4-stable review patch. If anyone has any objections, please let me know. -- From: Boris Brezilloncommit ebf9ff753c041b296241990aef76163bbb2cc9c8 upstream. Some irqchip drivers need to take the generic chip lock outside of the irq context. Provide the irq_gc_{lock_irqsave,unlock_irqrestore}() helpers to allow one to disable irqs while entering a critical section protected by gc->lock. Note that we do not provide optimized version of these helpers for !SMP, because they are not called from the hot-path. [ tglx: Added a comment when these helpers should be [not] used ] Signed-off-by: Boris Brezillon Cc: Jason Cooper Cc: Marc Zyngier Cc: Nicolas Ferre Cc: Alexandre Belloni Link: http://lkml.kernel.org/r/1473775109-4192-1-git-send-email-boris.brezil...@free-electrons.com Signed-off-by: Thomas Gleixner Signed-off-by: Greg Kroah-Hartman --- include/linux/irq.h | 10 ++ 1 file changed, 10 insertions(+) --- a/include/linux/irq.h +++ b/include/linux/irq.h @@ -916,6 +916,16 @@ static inline void irq_gc_lock(struct ir static inline void irq_gc_unlock(struct irq_chip_generic *gc) { } #endif +/* + * The irqsave variants are for usage in non interrupt code. Do not use + * them in irq_chip callbacks. Use irq_gc_lock() instead. + */ +#define irq_gc_lock_irqsave(gc, flags) \ + raw_spin_lock_irqsave(&(gc)->lock, flags) + +#define irq_gc_unlock_irqrestore(gc, flags)\ + raw_spin_unlock_irqrestore(&(gc)->lock, flags) + static inline void irq_reg_writel(struct irq_chip_generic *gc, u32 val, int reg_offset) {
[PATCH 4.4 114/118] mn10300: copy_from_user() should zero on access_ok() failure...
4.4-stable review patch. If anyone has any objections, please let me know. -- From: Al Virocommit ae7cc577ec2a4a6151c9e928fd1f595d953ecef1 upstream. Signed-off-by: Al Viro Signed-off-by: Greg Kroah-Hartman --- arch/mn10300/lib/usercopy.c |4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/arch/mn10300/lib/usercopy.c +++ b/arch/mn10300/lib/usercopy.c @@ -9,7 +9,7 @@ * as published by the Free Software Foundation; either version * 2 of the Licence, or (at your option) any later version. */ -#include +#include unsigned long __generic_copy_to_user(void *to, const void *from, unsigned long n) @@ -24,6 +24,8 @@ __generic_copy_from_user(void *to, const { if (access_ok(VERIFY_READ, from, n)) __copy_user_zeroing(to, from, n); + else + memset(to, 0, n); return n; }
[PATCH 4.7 010/184] net/sctp: always initialise sctp_ht_iter::start_fail
4.7-stable review patch. If anyone has any objections, please let me know. -- From: Vegard Nossum[ Upstream commit 54236ab09e9696a27baaae693c288920a26e8588 ] sctp_transport_seq_start() does not currently clear iter->start_fail on success, but relies on it being zero when it is allocated (by seq_open_net()). This can be a problem in the following sequence: open() // allocates iter (and implicitly sets iter->start_fail = 0) read() - iter->start() // fails and sets iter->start_fail = 1 - iter->stop() // doesn't call sctp_transport_walk_stop() (correct) read() again - iter->start() // succeeds, but doesn't change iter->start_fail - iter->stop() // doesn't call sctp_transport_walk_stop() (wrong) We should initialize sctp_ht_iter::start_fail to zero if ->start() succeeds, otherwise it's possible that we leave an old value of 1 there, which will cause ->stop() to not call sctp_transport_walk_stop(), which causes all sorts of problems like not calling rcu_read_unlock() (and preempt_enable()), eventually leading to more warnings like this: BUG: sleeping function called from invalid context at mm/slab.h:388 in_atomic(): 0, irqs_disabled(): 0, pid: 16551, name: trinity-c2 Preemption disabled at:[] rhashtable_walk_start+0x46/0x150 [] preempt_count_add+0x1fb/0x280 [] _raw_spin_lock+0x12/0x40 [] rhashtable_walk_start+0x46/0x150 [] sctp_transport_walk_start+0x2f/0x60 [] sctp_transport_seq_start+0x4d/0x150 [] traverse+0x170/0x850 [] seq_read+0x7cc/0x1180 [] proc_reg_read+0xbc/0x180 [] do_loop_readv_writev+0x134/0x210 [] do_readv_writev+0x565/0x660 [] vfs_readv+0x67/0xa0 [] do_preadv+0x126/0x170 [] SyS_preadv+0xc/0x10 [] do_syscall_64+0x19c/0x410 [] return_from_SYSCALL_64+0x0/0x6a [] 0x Notice that this is a subtly different stacktrace from the one in commit 5fc382d875 ("net/sctp: terminate rhashtable walk correctly"). Cc: Xin Long Cc: Herbert Xu Cc: Eric W. Biederman Cc: Marcelo Ricardo Leitner Signed-off-by: Vegard Nossum Acked-By: Neil Horman Acked-by: Marcelo Ricardo Leitner Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- net/sctp/proc.c |1 + 1 file changed, 1 insertion(+) --- a/net/sctp/proc.c +++ b/net/sctp/proc.c @@ -293,6 +293,7 @@ static void *sctp_transport_seq_start(st return ERR_PTR(err); } + iter->start_fail = 0; return sctp_transport_get_idx(seq_file_net(seq), >hti, *pos); }
Re: [RFC PATCH v1 09/28] x86/efi: Access EFI data as encrypted when SEV is active
On 22/09/2016 20:47, Tom Lendacky wrote: > > Because the firmware volume is written to high memory in encrypted form, > > and because the PEI phase runs in 32-bit mode, the firmware code will be > > encrypted; on the other hand, data that is placed in low memory for the > > kernel can be unencrypted, thus limiting differences between SME and SEV. > > I like the idea of limiting the differences but it would leave the EFI > data and ACPI tables exposed and able to be manipulated. Hmm, that makes sense. So I guess this has to stay, and Borislav's proposal doesn't fly either. Paolo
[PATCH 4.7 015/184] net/mlx5: Added missing check of msg length in verifying its signature
4.7-stable review patch. If anyone has any objections, please let me know. -- From: Paul Blakey[ Upstream commit 2c0f8ce1b584a4d7b8ff53140d21dfed99834940 ] Set and verify signature calculates the signature for each of the mailbox nodes, even for those that are unused (from cache). Added a missing length check to set and verify only those which are used. While here, also moved the setting of msg's nodes token to where we already go over them. This saves a pass because checksum is disabled, and the only useful thing remaining that set signature does is setting the token. Fixes: e126ba97dba9 ('mlx5: Add driver for Mellanox Connect-IB adapters') Signed-off-by: Paul Blakey Signed-off-by: Saeed Mahameed Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 83 -- 1 file changed, 53 insertions(+), 30 deletions(-) --- a/drivers/net/ethernet/mellanox/mlx5/core/cmd.c +++ b/drivers/net/ethernet/mellanox/mlx5/core/cmd.c @@ -143,13 +143,14 @@ static struct mlx5_cmd_layout *get_inst( return cmd->cmd_buf + (idx << cmd->log_stride); } -static u8 xor8_buf(void *buf, int len) +static u8 xor8_buf(void *buf, size_t offset, int len) { u8 *ptr = buf; u8 sum = 0; int i; + int end = len + offset; - for (i = 0; i < len; i++) + for (i = offset; i < end; i++) sum ^= ptr[i]; return sum; @@ -157,41 +158,49 @@ static u8 xor8_buf(void *buf, int len) static int verify_block_sig(struct mlx5_cmd_prot_block *block) { - if (xor8_buf(block->rsvd0, sizeof(*block) - sizeof(block->data) - 1) != 0xff) + size_t rsvd0_off = offsetof(struct mlx5_cmd_prot_block, rsvd0); + int xor_len = sizeof(*block) - sizeof(block->data) - 1; + + if (xor8_buf(block, rsvd0_off, xor_len) != 0xff) return -EINVAL; - if (xor8_buf(block, sizeof(*block)) != 0xff) + if (xor8_buf(block, 0, sizeof(*block)) != 0xff) return -EINVAL; return 0; } -static void calc_block_sig(struct mlx5_cmd_prot_block *block, u8 token, - int csum) +static void calc_block_sig(struct mlx5_cmd_prot_block *block) { - block->token = token; - if (csum) { - block->ctrl_sig = ~xor8_buf(block->rsvd0, sizeof(*block) - - sizeof(block->data) - 2); - block->sig = ~xor8_buf(block, sizeof(*block) - 1); - } + int ctrl_xor_len = sizeof(*block) - sizeof(block->data) - 2; + size_t rsvd0_off = offsetof(struct mlx5_cmd_prot_block, rsvd0); + + block->ctrl_sig = ~xor8_buf(block, rsvd0_off, ctrl_xor_len); + block->sig = ~xor8_buf(block, 0, sizeof(*block) - 1); } -static void calc_chain_sig(struct mlx5_cmd_msg *msg, u8 token, int csum) +static void calc_chain_sig(struct mlx5_cmd_msg *msg) { struct mlx5_cmd_mailbox *next = msg->next; + int size = msg->len; + int blen = size - min_t(int, sizeof(msg->first.data), size); + int n = (blen + MLX5_CMD_DATA_BLOCK_SIZE - 1) + / MLX5_CMD_DATA_BLOCK_SIZE; + int i = 0; - while (next) { - calc_block_sig(next->buf, token, csum); + for (i = 0; i < n && next; i++) { + calc_block_sig(next->buf); next = next->next; } } static void set_signature(struct mlx5_cmd_work_ent *ent, int csum) { - ent->lay->sig = ~xor8_buf(ent->lay, sizeof(*ent->lay)); - calc_chain_sig(ent->in, ent->token, csum); - calc_chain_sig(ent->out, ent->token, csum); + ent->lay->sig = ~xor8_buf(ent->lay, 0, sizeof(*ent->lay)); + if (csum) { + calc_chain_sig(ent->in); + calc_chain_sig(ent->out); + } } static void poll_timeout(struct mlx5_cmd_work_ent *ent) @@ -222,12 +231,17 @@ static int verify_signature(struct mlx5_ struct mlx5_cmd_mailbox *next = ent->out->next; int err; u8 sig; + int size = ent->out->len; + int blen = size - min_t(int, sizeof(ent->out->first.data), size); + int n = (blen + MLX5_CMD_DATA_BLOCK_SIZE - 1) + / MLX5_CMD_DATA_BLOCK_SIZE; + int i = 0; - sig = xor8_buf(ent->lay, sizeof(*ent->lay)); + sig = xor8_buf(ent->lay, 0, sizeof(*ent->lay)); if (sig != 0xff) return -EINVAL; - while (next) { + for (i = 0; i < n && next; i++) { err = verify_block_sig(next->buf); if (err) return err; @@ -656,7 +670,6 @@ static void cmd_work_handler(struct work spin_unlock_irqrestore(>alloc_lock, flags); } - ent->token = alloc_token(cmd); cmd->ent_arr[ent->idx] = ent; lay = get_inst(cmd,
[PATCH 4.7 012/184] tipc: fix NULL pointer dereference in shutdown()
4.7-stable review patch. If anyone has any objections, please let me know. -- From: Vegard Nossum[ Upstream commit d2fbdf76b85bcdfe57b8ef2ba09d20e8ada79abd ] tipc_msg_create() can return a NULL skb and if so, we shouldn't try to call tipc_node_xmit_skb() on it. general protection fault: [#1] PREEMPT SMP KASAN CPU: 3 PID: 30298 Comm: trinity-c0 Not tainted 4.7.0-rc7+ #19 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014 task: 8800baf09980 ti: 8800595b8000 task.ti: 8800595b8000 RIP: 0010:[] [] tipc_node_xmit_skb+0x6b/0x140 RSP: 0018:8800595bfce8 EFLAGS: 00010246 RAX: RBX: RCX: 3023b0e0 RDX: RSI: dc00 RDI: 83d12580 RBP: 8800595bfd78 R08: ed000b2b7f32 R09: R10: fbfff0759725 R11: R12: 11000b2b7f9f R13: 8800595bfd58 R14: 83d12580 R15: dc00 FS: 7fcdde242700() GS:88011af8() knlGS: CS: 0010 DS: ES: CR0: 80050033 CR2: 7fcddde1db10 CR3: 6874b000 CR4: 06e0 DR0: 7fcdde248000 DR1: 7fcddd73d000 DR2: 7fcdde248000 DR3: DR6: 0ff0 DR7: 00090602 Stack: 0018 0018 41b58ab3 83954208 830bb400 8800595bfd30 8309d767 0018 0018 8800595bfd78 8309da1a 810ee611 Call Trace: [] tipc_shutdown+0x553/0x880 [] SyS_shutdown+0x14b/0x170 [] do_syscall_64+0x19c/0x410 [] entry_SYSCALL64_slow_path+0x25/0x25 Code: 90 00 b4 0b 83 c7 00 f1 f1 f1 f1 4c 8d 6d e0 c7 40 04 00 00 00 f4 c7 40 08 f3 f3 f3 f3 48 89 d8 48 c1 e8 03 c7 45 b4 00 00 00 00 <80> 3c 30 00 75 78 48 8d 7b 08 49 8d 75 c0 48 b8 00 00 00 00 00 RIP [] tipc_node_xmit_skb+0x6b/0x140 RSP ---[ end trace 57b0484e351e71f1 ]--- I feel like we should maybe return -ENOMEM or -ENOBUFS, but I'm not sure userspace is equipped to handle that. Anyway, this is better than a GPF and looks somewhat consistent with other tipc_msg_create() callers. Signed-off-by: Vegard Nossum Acked-by: Ying Xue Acked-by: Jon Maloy Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- net/tipc/socket.c |3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/net/tipc/socket.c +++ b/net/tipc/socket.c @@ -2180,7 +2180,8 @@ restart: TIPC_CONN_MSG, SHORT_H_SIZE, 0, dnode, onode, dport, oport, TIPC_CONN_SHUTDOWN); - tipc_node_xmit_skb(net, skb, dnode, tsk->portid); + if (skb) + tipc_node_xmit_skb(net, skb, dnode, tsk->portid); } tsk->connected = 0; sock->state = SS_DISCONNECTING;
[PATCH 4.4 117/118] genirq/msi: Fix broken debug output
4.4-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixnercommit 4364e1a29be16b2783c0bcbc263f61236af64281 upstream. virq is not required to be the same for all msi descs. Use the base irq number from the desc in the debug printk. Reported-by: Ingo Molnar Signed-off-by: Thomas Gleixner Signed-off-by: Greg Kroah-Hartman --- kernel/irq/msi.c |1 + 1 file changed, 1 insertion(+) --- a/kernel/irq/msi.c +++ b/kernel/irq/msi.c @@ -298,6 +298,7 @@ int msi_domain_alloc_irqs(struct irq_dom ops->msi_finish(, 0); for_each_msi_entry(desc, dev) { + virq = desc->irq; if (desc->nvec_used == 1) dev_dbg(dev, "irq %d for MSI\n", virq); else
[PATCH 10/14] GPU-DRM-TTM: Return directly after a failed kobject_init_and_add() in ttm_dma_page_alloc_init()
From: Markus ElfringDate: Thu, 22 Sep 2016 16:24:43 +0200 * Return directly after a call of the function "kobject_init_and_add" failed here. * Delete the jump target "err" which became unnecessary with this refactoring. Signed-off-by: Markus Elfring --- drivers/gpu/drm/ttm/ttm_page_alloc_dma.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/drivers/gpu/drm/ttm/ttm_page_alloc_dma.c b/drivers/gpu/drm/ttm/ttm_page_alloc_dma.c index feba278..c21f45f 100644 --- a/drivers/gpu/drm/ttm/ttm_page_alloc_dma.c +++ b/drivers/gpu/drm/ttm/ttm_page_alloc_dma.c @@ -1102,12 +1102,10 @@ int ttm_dma_page_alloc_init(struct ttm_mem_global *glob, unsigned max_pages) >kobj, "dma_pool"); if (unlikely(ret != 0)) { kobject_put(&_manager->kobj); - goto err; + return ret; } ttm_dma_pool_mm_shrink_init(_manager); return 0; -err: - return ret; } void ttm_dma_page_alloc_fini(void) -- 2.10.0
[PATCH 4.4 094/118] m32r: fix __get_user()
4.4-stable review patch. If anyone has any objections, please let me know. -- From: Al Virocommit c90a3bc5061d57e7931a9b7ad14784e1a0ed497d upstream. Signed-off-by: Al Viro Signed-off-by: Greg Kroah-Hartman --- arch/m32r/include/asm/uaccess.h |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/arch/m32r/include/asm/uaccess.h +++ b/arch/m32r/include/asm/uaccess.h @@ -219,7 +219,7 @@ extern int fixup_exception(struct pt_reg #define __get_user_nocheck(x, ptr, size) \ ({ \ long __gu_err = 0; \ - unsigned long __gu_val; \ + unsigned long __gu_val = 0; \ might_fault(); \ __get_user_size(__gu_val, (ptr), (size), __gu_err); \ (x) = (__force __typeof__(*(ptr)))__gu_val; \
Re: [PATCH] iio: accel: sca3000_core: avoid potentially uninitialized variable
On 22/09/16 10:43, Arnd Bergmann wrote: > The newly added __sca3000_get_base_freq function handles all valid > modes of the SCA3000_REG_ADDR_MODE register, but gcc notices > that any other value (i.e. 0x00) causes the base_freq variable to > not get initialized: > > drivers/staging/iio/accel/sca3000_core.c: In function 'sca3000_write_raw': > drivers/staging/iio/accel/sca3000_core.c:527:23: error: 'base_freq' may be > used uninitialized in this function [-Werror=maybe-uninitialized] > > This adds explicit error handling for unexpected register values, > to ensure this cannot happen. > > Fixes: e0f3fc9b47e6 ("iio: accel: sca3000_core: implemented > IIO_CHAN_INFO_SAMP_FREQ") > Signed-off-by: Arnd BergmannApplied to the togreg branch of iio.git. Initially pushed out as testing for the autobuilders to play with it. 'Bug' has been there a long time. The patch just move the code so I'm not going to rush this one in. Worth hardening this corner though! Thanks, Jonathan > --- > drivers/staging/iio/accel/sca3000_core.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/drivers/staging/iio/accel/sca3000_core.c > b/drivers/staging/iio/accel/sca3000_core.c > index d626125d7af9..564b36d4f648 100644 > --- a/drivers/staging/iio/accel/sca3000_core.c > +++ b/drivers/staging/iio/accel/sca3000_core.c > @@ -468,6 +468,8 @@ static inline int __sca3000_get_base_freq(struct > sca3000_state *st, > case SCA3000_MEAS_MODE_OP_2: > *base_freq = info->option_mode_2_freq; > break; > + default: > + ret = -EINVAL; > } > error_ret: > return ret; >
[PATCH 08/14] GPU-DRM-TTM: Rename a jump label in ttm_dma_pool_shrink_scan()
From: Markus ElfringDate: Thu, 22 Sep 2016 16:02:36 +0200 Adjust a jump label according to the current Linux coding style convention. Signed-off-by: Markus Elfring --- drivers/gpu/drm/ttm/ttm_page_alloc_dma.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/ttm/ttm_page_alloc_dma.c b/drivers/gpu/drm/ttm/ttm_page_alloc_dma.c index ce3d361..e3f5542 100644 --- a/drivers/gpu/drm/ttm/ttm_page_alloc_dma.c +++ b/drivers/gpu/drm/ttm/ttm_page_alloc_dma.c @@ -1025,7 +1025,7 @@ ttm_dma_pool_shrink_scan(struct shrinker *shrink, struct shrink_control *sc) if (!mutex_trylock(&_manager->lock)) return SHRINK_STOP; if (!_manager->npools) - goto out; + goto unlock; pool_offset = ++start_pool % _manager->npools; list_for_each_entry(p, &_manager->pools, pools) { unsigned nr_free; @@ -1046,7 +1046,7 @@ ttm_dma_pool_shrink_scan(struct shrinker *shrink, struct shrink_control *sc) p->pool->dev_name, p->pool->name, current->pid, nr_free, shrink_pages); } -out: + unlock: mutex_unlock(&_manager->lock); return freed; } -- 2.10.0
[PATCH 07/14] GPU-DRM-TTM: Rename jump labels in ttm_dma_page_pool_free()
From: Markus ElfringDate: Thu, 22 Sep 2016 15:32:32 +0200 Adjust jump labels according to the current Linux coding style convention. Signed-off-by: Markus Elfring --- drivers/gpu/drm/ttm/ttm_page_alloc_dma.c | 9 - 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/drivers/gpu/drm/ttm/ttm_page_alloc_dma.c b/drivers/gpu/drm/ttm/ttm_page_alloc_dma.c index 9dc1632..ce3d361 100644 --- a/drivers/gpu/drm/ttm/ttm_page_alloc_dma.c +++ b/drivers/gpu/drm/ttm/ttm_page_alloc_dma.c @@ -449,7 +449,7 @@ static unsigned ttm_dma_page_pool_free(struct dma_pool *pool, unsigned nr_free, return 0; } INIT_LIST_HEAD(_pages); -restart: + lock_restart: spin_lock_irqsave(>lock, irq_flags); /* We picking the oldest ones off the list */ @@ -489,14 +489,13 @@ restart: /* free all so restart the processing */ if (nr_free) - goto restart; + goto lock_restart; /* Not allowed to fall through or break because * following context is inside spinlock while we are * outside here. */ - goto out; - + goto check_pages_to_free; } } @@ -510,7 +509,7 @@ restart: if (freed_pages) ttm_dma_pages_put(pool, _pages, pages_to_free, freed_pages); -out: + check_pages_to_free: if (pages_to_free != static_buf) kfree(pages_to_free); return nr_free; -- 2.10.0
[PATCH 4.4 089/118] microblaze: fix __get_user()
4.4-stable review patch. If anyone has any objections, please let me know. -- From: Al Virocommit e98b9e37ae04562d52c96f46b3cf4c2e80222dc1 upstream. Signed-off-by: Al Viro Signed-off-by: Greg Kroah-Hartman --- arch/microblaze/include/asm/uaccess.h |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/arch/microblaze/include/asm/uaccess.h +++ b/arch/microblaze/include/asm/uaccess.h @@ -227,7 +227,7 @@ extern long __user_bad(void); #define __get_user(x, ptr) \ ({ \ - unsigned long __gu_val; \ + unsigned long __gu_val = 0; \ /*unsigned long __gu_ptr = (unsigned long)(ptr);*/ \ long __gu_err; \ switch (sizeof(*(ptr))) { \
[PATCH] mm: delete unnecessary and unsafe init_tlb_ubc()
init_tlb_ubc() looked unnecessary to me: tlb_ubc is statically initialized with zeroes in the init_task, and copied from parent to child while it is quiescent in arch_dup_task_struct(); so I went to delete it. But inserted temporary debug WARN_ONs in place of init_tlb_ubc() to check that it was always empty at that point, and found them firing: because memcg reclaim can recurse into global reclaim (when allocating biosets for swapout in my case), and arrive back at the init_tlb_ubc() in shrink_node_memcg(). Resetting tlb_ubc.flush_required at that point is wrong: if the upper level needs a deferred TLB flush, but the lower level turns out not to, we miss a TLB flush. But fortunately, that's the only part of the protocol that does not nest: with the initialization removed, cpumask collects bits from upper and lower levels, and flushes TLB when needed. Fixes: 72b252aed506 ("mm: send one IPI per CPU to TLB flush all entries after unmapping pages") Signed-off-by: Hugh DickinsCc: sta...@vger.kernel.org # 4.3+ --- mm/vmscan.c | 19 --- 1 file changed, 19 deletions(-) --- 4.8-rc7/mm/vmscan.c 2016-09-05 16:42:52.496692429 -0700 +++ linux/mm/vmscan.c 2016-09-22 09:32:37.900894833 -0700 @@ -2303,23 +2303,6 @@ out: } } -#ifdef CONFIG_ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH -static void init_tlb_ubc(void) -{ - /* -* This deliberately does not clear the cpumask as it's expensive -* and unnecessary. If there happens to be data in there then the -* first SWAP_CLUSTER_MAX pages will send an unnecessary IPI and -* then will be cleared. -*/ - current->tlb_ubc.flush_required = false; -} -#else -static inline void init_tlb_ubc(void) -{ -} -#endif /* CONFIG_ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH */ - /* * This is a basic per-node page freer. Used by both kswapd and direct reclaim. */ @@ -2355,8 +2338,6 @@ static void shrink_node_memcg(struct pgl scan_adjusted = (global_reclaim(sc) && !current_is_kswapd() && sc->priority == DEF_PRIORITY); - init_tlb_ubc(); - blk_start_plug(); while (nr[LRU_INACTIVE_ANON] || nr[LRU_ACTIVE_FILE] || nr[LRU_INACTIVE_FILE]) {
[PATCH 4.4 035/118] iio: fix pressure data output unit in hid-sensor-attributes
4.4-stable review patch. If anyone has any objections, please let me know. -- From: Kweh, Hock Leongcommit 36afb176d3c9580651d7f410ed7f000ec48b5137 upstream. According to IIO ABI definition, IIO_PRESSURE data output unit is kilopascal: http://lxr.free-electrons.com/source/Documentation/ABI/testing/sysfs-bus-iio This patch fix output unit of HID pressure sensor IIO driver from pascal to kilopascal to follow IIO ABI definition. Signed-off-by: Kweh, Hock Leong Reviewed-by: Srinivas Pandruvada Signed-off-by: Jonathan Cameron Signed-off-by: Greg Kroah-Hartman --- drivers/iio/common/hid-sensors/hid-sensor-attributes.c |4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/drivers/iio/common/hid-sensors/hid-sensor-attributes.c +++ b/drivers/iio/common/hid-sensors/hid-sensor-attributes.c @@ -56,8 +56,8 @@ static struct { {HID_USAGE_SENSOR_ALS, 0, 1, 0}, {HID_USAGE_SENSOR_ALS, HID_USAGE_SENSOR_UNITS_LUX, 1, 0}, - {HID_USAGE_SENSOR_PRESSURE, 0, 10, 0}, - {HID_USAGE_SENSOR_PRESSURE, HID_USAGE_SENSOR_UNITS_PASCAL, 1, 0}, + {HID_USAGE_SENSOR_PRESSURE, 0, 100, 0}, + {HID_USAGE_SENSOR_PRESSURE, HID_USAGE_SENSOR_UNITS_PASCAL, 0, 1000}, }; static int pow_10(unsigned power)
[PATCH 4.7 014/184] net/mlx5: Fix pci error recovery flow
4.7-stable review patch. If anyone has any objections, please let me know. -- From: Mohamad Haj Yahia[ Upstream commit 1061c90f524963a0a90e7d2f9a6bfa666458af51 ] When PCI error is detected we should save the state of the pci prior to disabling it. Also when receiving pci slot reset call we need to verify that the device is responsive. Fixes: 89d44f0a6c73 ('net/mlx5_core: Add pci error handlers to mlx5_core driver') Signed-off-by: Mohamad Haj Yahia Signed-off-by: Saeed Mahameed Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- drivers/net/ethernet/mellanox/mlx5/core/main.c | 59 - 1 file changed, 29 insertions(+), 30 deletions(-) --- a/drivers/net/ethernet/mellanox/mlx5/core/main.c +++ b/drivers/net/ethernet/mellanox/mlx5/core/main.c @@ -1392,36 +1392,12 @@ static pci_ers_result_t mlx5_pci_err_det dev_info(>dev, "%s was called\n", __func__); mlx5_enter_error_state(dev); mlx5_unload_one(dev, priv); + pci_save_state(pdev); mlx5_pci_disable_device(dev); return state == pci_channel_io_perm_failure ? PCI_ERS_RESULT_DISCONNECT : PCI_ERS_RESULT_NEED_RESET; } -static pci_ers_result_t mlx5_pci_slot_reset(struct pci_dev *pdev) -{ - struct mlx5_core_dev *dev = pci_get_drvdata(pdev); - int err = 0; - - dev_info(>dev, "%s was called\n", __func__); - - err = mlx5_pci_enable_device(dev); - if (err) { - dev_err(>dev, "%s: mlx5_pci_enable_device failed with error code: %d\n" - , __func__, err); - return PCI_ERS_RESULT_DISCONNECT; - } - pci_set_master(pdev); - pci_set_power_state(pdev, PCI_D0); - pci_restore_state(pdev); - - return err ? PCI_ERS_RESULT_DISCONNECT : PCI_ERS_RESULT_RECOVERED; -} - -void mlx5_disable_device(struct mlx5_core_dev *dev) -{ - mlx5_pci_err_detected(dev->pdev, 0); -} - /* wait for the device to show vital signs by waiting * for the health counter to start counting. */ @@ -1449,21 +1425,44 @@ static int wait_vital(struct pci_dev *pd return -ETIMEDOUT; } -static void mlx5_pci_resume(struct pci_dev *pdev) +static pci_ers_result_t mlx5_pci_slot_reset(struct pci_dev *pdev) { struct mlx5_core_dev *dev = pci_get_drvdata(pdev); - struct mlx5_priv *priv = >priv; int err; dev_info(>dev, "%s was called\n", __func__); - pci_save_state(pdev); - err = wait_vital(pdev); + err = mlx5_pci_enable_device(dev); if (err) { + dev_err(>dev, "%s: mlx5_pci_enable_device failed with error code: %d\n" + , __func__, err); + return PCI_ERS_RESULT_DISCONNECT; + } + + pci_set_master(pdev); + pci_restore_state(pdev); + + if (wait_vital(pdev)) { dev_err(>dev, "%s: wait_vital timed out\n", __func__); - return; + return PCI_ERS_RESULT_DISCONNECT; } + return PCI_ERS_RESULT_RECOVERED; +} + +void mlx5_disable_device(struct mlx5_core_dev *dev) +{ + mlx5_pci_err_detected(dev->pdev, 0); +} + +static void mlx5_pci_resume(struct pci_dev *pdev) +{ + struct mlx5_core_dev *dev = pci_get_drvdata(pdev); + struct mlx5_priv *priv = >priv; + int err; + + dev_info(>dev, "%s was called\n", __func__); + err = mlx5_load_one(dev, priv); if (err) dev_err(>dev, "%s: mlx5_load_one failed with error code: %d\n"
[PATCH 4.7 011/184] net: ipv6: Do not keep IPv6 addresses when IPv6 is disabled
4.7-stable review patch. If anyone has any objections, please let me know. -- From: Mike Manning[ Upstream commit bc5616325af0cd919f01cbf6d553aa0a ] If IPv6 is disabled when the option is set to keep IPv6 addresses on link down, userspace is unaware of this as there is no such indication via netlink. The solution is to remove the IPv6 addresses in this case, which results in netlink messages indicating removal of addresses in the usual manner. This fix also makes the behavior consistent with the case of having IPv6 disabled first, which stops IPv6 addresses from being added. Fixes: f1705ec197e7 ("net: ipv6: Make address flushing on ifdown optional") Signed-off-by: Mike Manning Acked-by: David Ahern Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- net/ipv6/addrconf.c |4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c @@ -3469,7 +3469,7 @@ static int addrconf_ifdown(struct net_de /* combine the user config with event to determine if permanent * addresses are to be removed from address hash table */ - keep_addr = !(how || _keep_addr <= 0); + keep_addr = !(how || _keep_addr <= 0 || idev->cnf.disable_ipv6); /* Step 2: clear hash table */ for (i = 0; i < IN6_ADDR_HSIZE; i++) { @@ -3525,7 +3525,7 @@ restart: /* re-combine the user config with event to determine if permanent * addresses are to be removed from the interface list */ - keep_addr = (!how && _keep_addr > 0); + keep_addr = (!how && _keep_addr > 0 && !idev->cnf.disable_ipv6); INIT_LIST_HEAD(_list); list_for_each_entry_safe(ifa, tmp, >addr_list, if_list) {
[PATCH 4.7 017/184] net sched: fix encoding to use real length
4.7-stable review patch. If anyone has any objections, please let me know. -- From: Jamal Hadi Salim[ Upstream commit 28a10c426e81afc88514bca8e73affccf850fdf6 ] Encoding of the metadata was using the padded length as opposed to the real length of the data which is a bug per specification. This has not been an issue todate because all metadatum specified so far has been 32 bit where aligned and data length are the same width. This also includes a bug fix for validating the length of a u16 field. But since there is no metadata of size u16 yes we are fine to include it here. While at it get rid of magic numbers. Fixes: ef6980b6becb ("net sched: introduce IFE action") Signed-off-by: Jamal Hadi Salim Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- net/sched/act_ife.c | 18 ++ 1 file changed, 10 insertions(+), 8 deletions(-) --- a/net/sched/act_ife.c +++ b/net/sched/act_ife.c @@ -52,7 +52,7 @@ int ife_tlv_meta_encode(void *skbdata, u u32 *tlv = (u32 *)(skbdata); u16 totlen = nla_total_size(dlen); /*alignment + hdr */ char *dptr = (char *)tlv + NLA_HDRLEN; - u32 htlv = attrtype << 16 | totlen; + u32 htlv = attrtype << 16 | dlen; *tlv = htonl(htlv); memset(dptr, 0, totlen - NLA_HDRLEN); @@ -134,7 +134,7 @@ EXPORT_SYMBOL_GPL(ife_release_meta_gen); int ife_validate_meta_u32(void *val, int len) { - if (len == 4) + if (len == sizeof(u32)) return 0; return -EINVAL; @@ -143,8 +143,8 @@ EXPORT_SYMBOL_GPL(ife_validate_meta_u32) int ife_validate_meta_u16(void *val, int len) { - /* length will include padding */ - if (len == NLA_ALIGN(2)) + /* length will not include padding */ + if (len == sizeof(u16)) return 0; return -EINVAL; @@ -652,12 +652,14 @@ static int tcf_ife_decode(struct sk_buff u8 *tlvdata = (u8 *)tlv; u16 mtype = tlv->type; u16 mlen = tlv->len; + u16 alen; mtype = ntohs(mtype); mlen = ntohs(mlen); + alen = NLA_ALIGN(mlen); - if (find_decode_metaid(skb, ife, mtype, (mlen - 4), - (void *)(tlvdata + 4))) { + if (find_decode_metaid(skb, ife, mtype, (mlen - NLA_HDRLEN), + (void *)(tlvdata + NLA_HDRLEN))) { /* abuse overlimits to count when we receive metadata * but dont have an ops for it */ @@ -666,8 +668,8 @@ static int tcf_ife_decode(struct sk_buff ife->tcf_qstats.overlimits++; } - tlvdata += mlen; - ifehdrln -= mlen; + tlvdata += alen; + ifehdrln -= alen; tlv = (struct meta_tlvhdr *)tlvdata; }
[PATCH 4.4 006/118] fscrypto: require write access to mount to set encryption policy
4.4-stable review patch. If anyone has any objections, please let me know. -- From: Eric Biggerscommit ba63f23d69a3a10e7e527a02702023da68ef8a6d upstream. Since setting an encryption policy requires writing metadata to the filesystem, it should be guarded by mnt_want_write/mnt_drop_write. Otherwise, a user could cause a write to a frozen or readonly filesystem. This was handled correctly by f2fs but not by ext4. Make fscrypt_process_policy() handle it rather than relying on the filesystem to get it right. Signed-off-by: Eric Biggers Cc: sta...@vger.kernel.org # 4.1+; check fs/{ext4,f2fs} Signed-off-by: Theodore Ts'o Acked-by: Jaegeuk Kim Signed-off-by: Greg Kroah-Hartman --- fs/ext4/ioctl.c |6 ++ 1 file changed, 6 insertions(+) --- a/fs/ext4/ioctl.c +++ b/fs/ext4/ioctl.c @@ -629,7 +629,13 @@ resizefs_out: goto encryption_policy_out; } + err = mnt_want_write_file(filp); + if (err) + goto encryption_policy_out; + err = ext4_process_policy(, inode); + + mnt_drop_write_file(filp); encryption_policy_out: return err; #else
[PATCH 4.7 019/184] tcp: properly scale window in tcp_v[46]_reqsk_send_ack()
4.7-stable review patch. If anyone has any objections, please let me know. -- From: Eric Dumazet[ Upstream commit 20a2b49fc538540819a0c552877086548cff8d8d ] When sending an ack in SYN_RECV state, we must scale the offered window if wscale option was negotiated and accepted. Tested: Following packetdrill test demonstrates the issue : 0.000 socket(..., SOCK_STREAM, IPPROTO_TCP) = 3 +0 setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0 +0 bind(3, ..., ...) = 0 +0 listen(3, 1) = 0 // Establish a connection. +0 < S 0:0(0) win 2 +0 > S. 0:0(0) ack 1 win 28960 +0 < . 1:11(10) ack 1 win 156 // check that window is properly scaled ! +0 > . 1:1(0) ack 1 win 226 Signed-off-by: Eric Dumazet Cc: Yuchung Cheng Cc: Neal Cardwell Acked-by: Yuchung Cheng Acked-by: Neal Cardwell Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- net/ipv4/tcp_ipv4.c |8 +++- net/ipv6/tcp_ipv6.c |8 +++- 2 files changed, 14 insertions(+), 2 deletions(-) --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c @@ -814,8 +814,14 @@ static void tcp_v4_reqsk_send_ack(const u32 seq = (sk->sk_state == TCP_LISTEN) ? tcp_rsk(req)->snt_isn + 1 : tcp_sk(sk)->snd_nxt; + /* RFC 7323 2.3 +* The window field (SEG.WND) of every outgoing segment, with the +* exception of segments, MUST be right-shifted by +* Rcv.Wind.Shift bits: +*/ tcp_v4_send_ack(sock_net(sk), skb, seq, - tcp_rsk(req)->rcv_nxt, req->rsk_rcv_wnd, + tcp_rsk(req)->rcv_nxt, + req->rsk_rcv_wnd >> inet_rsk(req)->rcv_wscale, tcp_time_stamp, req->ts_recent, 0, --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c @@ -937,9 +937,15 @@ static void tcp_v6_reqsk_send_ack(const /* sk->sk_state == TCP_LISTEN -> for regular TCP_SYN_RECV * sk->sk_state == TCP_SYN_RECV -> for Fast Open. */ + /* RFC 7323 2.3 +* The window field (SEG.WND) of every outgoing segment, with the +* exception of segments, MUST be right-shifted by +* Rcv.Wind.Shift bits: +*/ tcp_v6_send_ack(sk, skb, (sk->sk_state == TCP_LISTEN) ? tcp_rsk(req)->snt_isn + 1 : tcp_sk(sk)->snd_nxt, - tcp_rsk(req)->rcv_nxt, req->rsk_rcv_wnd, + tcp_rsk(req)->rcv_nxt, + req->rsk_rcv_wnd >> inet_rsk(req)->rcv_wscale, tcp_time_stamp, req->ts_recent, sk->sk_bound_dev_if, tcp_v6_md5_do_lookup(sk, _hdr(skb)->daddr), 0, 0);
[PATCH 4.7 001/184] clocksource/drivers/sun4i: Clear interrupts after stopping timer in probe function
4.7-stable review patch. If anyone has any objections, please let me know. -- From: Chen-Yu Tsaicommit b53e7d000d9e6e9fd2c6eb6b82d2783c67fd599e upstream. The bootloader (U-boot) sometimes uses this timer for various delays. It uses it as a ongoing counter, and does comparisons on the current counter value. The timer counter is never stopped. In some cases when the user interacts with the bootloader, or lets it idle for some time before loading Linux, the timer may expire, and an interrupt will be pending. This results in an unexpected interrupt when the timer interrupt is enabled by the kernel, at which point the event_handler isn't set yet. This results in a NULL pointer dereference exception, panic, and no way to reboot. Clear any pending interrupts after we stop the timer in the probe function to avoid this. Signed-off-by: Chen-Yu Tsai Signed-off-by: Daniel Lezcano Acked-by: Maxime Ripard Signed-off-by: Greg Kroah-Hartman --- drivers/clocksource/sun4i_timer.c |9 - 1 file changed, 8 insertions(+), 1 deletion(-) --- a/drivers/clocksource/sun4i_timer.c +++ b/drivers/clocksource/sun4i_timer.c @@ -123,12 +123,16 @@ static struct clock_event_device sun4i_c .set_next_event = sun4i_clkevt_next_event, }; +static void sun4i_timer_clear_interrupt(void) +{ + writel(TIMER_IRQ_EN(0), timer_base + TIMER_IRQ_ST_REG); +} static irqreturn_t sun4i_timer_interrupt(int irq, void *dev_id) { struct clock_event_device *evt = (struct clock_event_device *)dev_id; - writel(0x1, timer_base + TIMER_IRQ_ST_REG); + sun4i_timer_clear_interrupt(); evt->event_handler(evt); return IRQ_HANDLED; @@ -193,6 +197,9 @@ static void __init sun4i_timer_init(stru /* Make sure timer is stopped before playing with interrupts */ sun4i_clkevt_time_stop(0); + /* clear timer0 interrupt */ + sun4i_timer_clear_interrupt(); + sun4i_clockevent.cpumask = cpu_possible_mask; sun4i_clockevent.irq = irq;
[PATCH 09/14] GPU-DRM-TTM: Return directly after a failed kzalloc() in ttm_dma_page_alloc_init()
From: Markus ElfringDate: Thu, 22 Sep 2016 16:16:36 +0200 * Return directly after a memory allocation failed in this function at the beginning. * Delete the explicit initialisation for the local variable "ret" which became unnecessary with this refactoring. Signed-off-by: Markus Elfring --- drivers/gpu/drm/ttm/ttm_page_alloc_dma.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/drivers/gpu/drm/ttm/ttm_page_alloc_dma.c b/drivers/gpu/drm/ttm/ttm_page_alloc_dma.c index e3f5542..feba278 100644 --- a/drivers/gpu/drm/ttm/ttm_page_alloc_dma.c +++ b/drivers/gpu/drm/ttm/ttm_page_alloc_dma.c @@ -1080,7 +1080,7 @@ static void ttm_dma_pool_mm_shrink_fini(struct ttm_pool_manager *manager) int ttm_dma_page_alloc_init(struct ttm_mem_global *glob, unsigned max_pages) { - int ret = -ENOMEM; + int ret; WARN_ON(_manager); @@ -1088,7 +1088,7 @@ int ttm_dma_page_alloc_init(struct ttm_mem_global *glob, unsigned max_pages) _manager = kzalloc(sizeof(*_manager), GFP_KERNEL); if (!_manager) - goto err; + return -ENOMEM; mutex_init(&_manager->lock); INIT_LIST_HEAD(&_manager->pools); -- 2.10.0
Re: "CodingStyle: Clarify and complete chapter 7" in docs-next
On Thu, 2016-09-22 at 13:57 +0200, Jean Delvare wrote: > Sure. But I'm afraid you keep changing topics and I have no idea where > you are going. We started with "should there be a space before jump > labels", then out of nowhere we were discussing the wording of the > output of checkpatch (how is that related?) and now you pull statistics > out of your hat, like these numbers imply anything. No, not out of a hat. Those are the results of a silly script that runs checkpatch on every .[ch] kernel file (but not tools/) with: --show-types --terse --emacs --strict --no-summary --quiet -f The magnitude of "ERRORS" is high and it's not necessary or useful to modify old or obsolete code just to reduce that magnitude. > checkpatch was called checkPATCH for a reason. That's why I promote the --force option to limit using checkpatch on files outside of staging. https://patchwork.kernel.org/patch/9332205/ Andrew? Are you going to apply that one day? > ERROR means that the new code isn't allowed to do that. Period. Disagree. The compiler doesn't care. The value of consistency in reducing defects is very hard to quantify.
Re: [PATCH 1/1] cpufreq: pcc-cpufreq: Re-introduce deadband effect to reduce number of frequency changes
On Mon, Sep 19, 2016 at 10:39:18PM +0300, Stratos Karafotis wrote: > On Mon, Sep 19, 2016 at 7:16 PM, Andreas Herrmannwrote: > > On Fri, Sep 16, 2016 at 09:58:42PM +0300, Stratos Karafotis wrote: > >> Hi, > >> > >> [ I 'm resending this message, because I think some recipients didn't > >> receive > >> it. ] > >> > >> On 16/09/2016 12:47 μμ, Andreas Herrmann wrote: > >> > On Wed, Sep 07, 2016 at 10:32:01AM +0530, Viresh Kumar wrote: > >> >> On 01-09-16, 15:21, Andreas Herrmann wrote: > >> >>> On Mon, Aug 29, 2016 at 11:31:53AM +0530, Viresh Kumar wrote: ---8<--- > >> > It seems that the decision how to best map load values to target > >> > frequencies is kind of hardware specific. > >> > > >> > Maybe a solution to this is that the cpufreq driver should be able to > >> > provide a mapping function to overwrite the current default > >> > calculation. FYI, I've created new patches to address the issue. First one will be to introduce a map_load_to_freq function. The default being what commit 6393d6 introduced (no deadband). Second patch will than introduce a specific function for pcc-cpufreq to fall back to what was used before commit 6393d6. I just want to assemble gathered performance data and I am planning to send those patches tomorrow. > >> I'm not familiar with ppc-cpufreq drive but maybe patch 6393d6 just > >> uncovered an "issue" that was already existed but only on higher loads. > >> > >> Because, with or without patch 6393d6, if the specific CPU doesn't > >> use a frequency table, there will many frequency transitions in > >> higher loads too. I believe, though, that the side effect it's smaller > >> in higher frequencies because CPUs tend to work on lowest and highest > >> frequencies. > > > > Might be. I didn't test this specifically. Hopefully I'll also find time to gather some ftrace data wrt this. > >> What about a patch in ppc-cpufreq driver that permits frequency > >> changes only in specific steps and not in arbitrary values? > > > > Which steps would you use? What scheme would be universal usable for > > all affected system using this driver? > > Just an idea. I would split the frequency range (max_freq - min_freq) > into ~10 steps. But I'm not familiar with the affected systems and > of course I can't prove this is an ideal approach. I've modified the pcc-cpufreq specific map_load_to_freq function to do just that (map load values to 10 discrete frequency values) instead of falling back to the deadband (pre-commit-6393d6-version). Unfortunately this resulted in lower performance compared to pre-commit-6393d6-version. > > I had played with an approach to only make use of min_freq and > > max_freq which eventually didn't result in better performance > > in comparison to code before commit 6393d6. > > Regards, > Stratos Regards, Andreas
Re: [PATCH 0/2] Fix warnings for i2c-rk3x.c
On Thu, Sep 22, 2016 at 07:29:22PM +0800, David Wu wrote: > David Wu (2): > i2c: rk3x: Fix sparse warning > i2c: rk3x: fix variable 'min_total_ns' unused warning > Applied to for-next, thanks! signature.asc Description: PGP signature
[PATCH 4.7 175/184] parisc: fix copy_from_user()
4.7-stable review patch. If anyone has any objections, please let me know. -- From: Al Virocommit aace880feea38875fbc919761b77e5732a3659ef upstream. Signed-off-by: Al Viro Signed-off-by: Greg Kroah-Hartman --- arch/parisc/include/asm/uaccess.h |6 -- 1 file changed, 4 insertions(+), 2 deletions(-) --- a/arch/parisc/include/asm/uaccess.h +++ b/arch/parisc/include/asm/uaccess.h @@ -10,6 +10,7 @@ #include #include +#include #define VERIFY_READ 0 #define VERIFY_WRITE 1 @@ -221,13 +222,14 @@ static inline unsigned long __must_check unsigned long n) { int sz = __compiletime_object_size(to); -int ret = -EFAULT; +unsigned long ret = n; if (likely(sz == -1 || !__builtin_constant_p(n) || sz >= n)) ret = __copy_from_user(to, from, n); else copy_from_user_overflow(); - + if (unlikely(ret)) + memset(to + (n - ret), 0, ret); return ret; }
[PATCH 4.7 157/184] m32r: fix __get_user()
4.7-stable review patch. If anyone has any objections, please let me know. -- From: Al Virocommit c90a3bc5061d57e7931a9b7ad14784e1a0ed497d upstream. Signed-off-by: Al Viro Signed-off-by: Greg Kroah-Hartman --- arch/m32r/include/asm/uaccess.h |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/arch/m32r/include/asm/uaccess.h +++ b/arch/m32r/include/asm/uaccess.h @@ -219,7 +219,7 @@ extern int fixup_exception(struct pt_reg #define __get_user_nocheck(x, ptr, size) \ ({ \ long __gu_err = 0; \ - unsigned long __gu_val; \ + unsigned long __gu_val = 0; \ might_fault(); \ __get_user_size(__gu_val, (ptr), (size), __gu_err); \ (x) = (__force __typeof__(*(ptr)))__gu_val; \
Re: [PATCH v2] fs/select: add vmalloc fallback for select(2)
On 09/22/2016 07:07 PM, Eric Dumazet wrote: On Thu, 2016-09-22 at 18:56 +0200, Vlastimil Babka wrote: On 09/22/2016 06:49 PM, Eric Dumazet wrote: > On Thu, 2016-09-22 at 18:43 +0200, Vlastimil Babka wrote: >> The select(2) syscall performs a kmalloc(size, GFP_KERNEL) where size grows >> with the number of fds passed. We had a customer report page allocation >> failures of order-4 for this allocation. This is a costly order, so it might >> easily fail, as the VM expects such allocation to have a lower-order fallback. >> >> Such trivial fallback is vmalloc(), as the memory doesn't have to be >> physically contiguous. Also the allocation is temporary for the duration of the >> syscall, so it's unlikely to stress vmalloc too much. > > vmalloc() uses a vmap_area_lock spinlock, and TLB flushes. > > So I guess allowing vmalloc() being called from an innocent application > doing a select() might be dangerous, especially if this select() happens > thousands of time per second. Isn't seq_buf_alloc() similarly exposed? And ipc_alloc()? Possibly. We don't have a library function (attempting kmalloc(), fallback to vmalloc() presumably to avoid abuses, but I guess some patches were accepted without thinking about this. So in the case of select() it seems like the memory we need 6 bits per file descriptor, multiplied by the highest possible file descriptor (nfds) as passed to the syscall. According to the man page of select: EINVAL nfds is negative or exceeds the RLIMIT_NOFILE resource limit (see getrlimit(2)). The code actually seems to silently cap the value instead of returning EINVAL though? (IIUC): /* max_fds can increase, so grab it once to avoid race */ rcu_read_lock(); fdt = files_fdtable(current->files); max_fds = fdt->max_fds; rcu_read_unlock(); if (n > max_fds) n = max_fds; The default for this cap seems to be 1024 where I checked (again, IIUC, it's what ulimit -n returns?). I wasn't able to change it to more than 2048, which makes the bitmaps still below PAGE_SIZE. So if I get that right, the system admin would have to allow really large RLIMIT_NOFILE to even make vmalloc() possible here. So I don't see it as a large concern? Vlastimil
[PATCH 4.7 156/184] mn10300: failing __get_user() and get_user() should zero
4.7-stable review patch. If anyone has any objections, please let me know. -- From: Al Virocommit 43403eabf558d2800b429cd886e996fd555aa542 upstream. Signed-off-by: Al Viro Signed-off-by: Greg Kroah-Hartman --- arch/mn10300/include/asm/uaccess.h |1 + 1 file changed, 1 insertion(+) --- a/arch/mn10300/include/asm/uaccess.h +++ b/arch/mn10300/include/asm/uaccess.h @@ -166,6 +166,7 @@ struct __large_struct { unsigned long bu "2:\n" \ " .section.fixup,\"ax\"\n"\ "3:\n\t"\ + " mov 0,%1\n" \ " mov %3,%0\n"\ " jmp 2b\n" \ " .previous\n"\
[PATCH 4.7 170/184] hexagon: fix strncpy_from_user() error return
4.7-stable review patch. If anyone has any objections, please let me know. -- From: Al Virocommit f35c1e0671728d1c9abc405d05ef548b5fcb2fc4 upstream. It's -EFAULT, not -1 (and contrary to the comment in there, __strnlen_user() can return 0 - on faults). Acked-by: Richard Kuo Signed-off-by: Al Viro Signed-off-by: Greg Kroah-Hartman --- arch/hexagon/include/asm/uaccess.h |3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/arch/hexagon/include/asm/uaccess.h +++ b/arch/hexagon/include/asm/uaccess.h @@ -103,7 +103,8 @@ static inline long hexagon_strncpy_from_ { long res = __strnlen_user(src, n); - /* return from strnlen can't be zero -- that would be rubbish. */ + if (unlikely(!res)) + return -EFAULT; if (res > n) { copy_from_user(dst, src, n);
[PATCH 4.7 179/184] sparc32: fix copy_from_user()
4.7-stable review patch. If anyone has any objections, please let me know. -- From: Al Virocommit 917400cecb4b52b5cde5417348322bb9c8272fa6 upstream. Acked-by: David S. Miller Signed-off-by: Al Viro Signed-off-by: Greg Kroah-Hartman --- arch/sparc/include/asm/uaccess_32.h |4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/arch/sparc/include/asm/uaccess_32.h +++ b/arch/sparc/include/asm/uaccess_32.h @@ -263,8 +263,10 @@ static inline unsigned long copy_from_us { if (n && __access_ok((unsigned long) from, n)) return __copy_user((__force void __user *) to, from, n); - else + else { + memset(to, 0, n); return n; + } } static inline unsigned long __copy_from_user(void *to, const void __user *from, unsigned long n)
Re: "CodingStyle: Clarify and complete chapter 7" in docs-next
On Thu, 2016-09-22 at 14:11 +0100, Al Viro wrote: > The main intent of checkpatch these days appears to be providing an easy > way of thoughtless inflation of commit counts, everything else be damned. You've made this statement several times over many years. I don't believe it's true. I doubt anyone is getting paid per commit. Who really cares enough to game some stupid little metric? If it's really a big deal, name some names. Otherwise please stop with this dubious argument/point. > Some of these checks are common-sense, some are > absolutely arbitrary, Essentially all of the checkpatch rules are arbitrary. The compiler doesn't care one way or another. All the checks exist just to make code appear more consistent. The conceit being that more consistent code is easier for humans to read and spot potential defects and possible reuse patterns.
[PATCH 4.7 183/184] genirq/msi: Fix broken debug output
4.7-stable review patch. If anyone has any objections, please let me know. -- From: Thomas Gleixnercommit 4364e1a29be16b2783c0bcbc263f61236af64281 upstream. virq is not required to be the same for all msi descs. Use the base irq number from the desc in the debug printk. Reported-by: Ingo Molnar Signed-off-by: Thomas Gleixner Signed-off-by: Greg Kroah-Hartman --- kernel/irq/msi.c |1 + 1 file changed, 1 insertion(+) --- a/kernel/irq/msi.c +++ b/kernel/irq/msi.c @@ -352,6 +352,7 @@ int msi_domain_alloc_irqs(struct irq_dom ops->msi_finish(, 0); for_each_msi_entry(desc, dev) { + virq = desc->irq; if (desc->nvec_used == 1) dev_dbg(dev, "irq %d for MSI\n", virq); else
[PATCH] staging:android:io: Fix multiple styling issues
This patch fixes 1 error, 1 warning and 14 checks found by checkpatch. Signed-off-by: Yannis Damigos--- drivers/staging/android/ion/ion_of.c | 49 ++-- 1 file changed, 24 insertions(+), 25 deletions(-) diff --git a/drivers/staging/android/ion/ion_of.c b/drivers/staging/android/ion/ion_of.c index de0899a..c930416 100644 --- a/drivers/staging/android/ion/ion_of.c +++ b/drivers/staging/android/ion/ion_of.c @@ -26,17 +26,17 @@ #include "ion_of.h" int ion_parse_dt_heap_common(struct device_node *heap_node, - struct ion_platform_heap *heap, - struct ion_of_heap *compatible) +struct ion_platform_heap *heap, +struct ion_of_heap *compatible) { int i; - for (i = 0; compatible[i].name != NULL; i++) { + for (i = 0; compatible[i].name; i++) { if (of_device_is_compatible(heap_node, compatible[i].compat)) break; } - if (compatible[i].name == NULL) + if (!compatible[i].name) return -ENODEV; heap->id = compatible[i].heap_id; @@ -47,33 +47,33 @@ int ion_parse_dt_heap_common(struct device_node *heap_node, /* Some kind of callback function pointer? */ pr_info("%s: id %d type %d name %s align %lx\n", __func__, - heap->id, heap->type, heap->name, heap->align); + heap->id, heap->type, heap->name, heap->align); return 0; } int ion_setup_heap_common(struct platform_device *parent, - struct device_node *heap_node, - struct ion_platform_heap *heap) + struct device_node *heap_node, + struct ion_platform_heap *heap) { int ret = 0; switch (heap->type) { - case ION_HEAP_TYPE_CARVEOUT: - case ION_HEAP_TYPE_CHUNK: - if (heap->base && heap->size) - return 0; - - ret = of_reserved_mem_device_init(heap->priv); - break; - default: - break; + case ION_HEAP_TYPE_CARVEOUT: + case ION_HEAP_TYPE_CHUNK: + if (heap->base && heap->size) + return 0; + + ret = of_reserved_mem_device_init(heap->priv); + break; + default: + break; } return ret; } struct ion_platform_data *ion_parse_dt(struct platform_device *pdev, - struct ion_of_heap *compatible) + struct ion_of_heap *compatible) { int num_heaps, ret; const struct device_node *dt_node = pdev->dev.of_node; @@ -88,13 +88,13 @@ struct ion_platform_data *ion_parse_dt(struct platform_device *pdev, return ERR_PTR(-EINVAL); heaps = devm_kzalloc(>dev, - sizeof(struct ion_platform_heap)*num_heaps, - GFP_KERNEL); +sizeof(struct ion_platform_heap) * num_heaps, +GFP_KERNEL); if (!heaps) return ERR_PTR(-ENOMEM); data = devm_kzalloc(>dev, sizeof(struct ion_platform_data), - GFP_KERNEL); + GFP_KERNEL); if (!data) return ERR_PTR(-ENOMEM); @@ -106,7 +106,7 @@ struct ion_platform_data *ion_parse_dt(struct platform_device *pdev, return ERR_PTR(ret); heap_pdev = of_platform_device_create(node, heaps[i].name, - >dev); + >dev); if (!pdev) return ERR_PTR(-ENOMEM); heap_pdev->dev.platform_data = [i]; @@ -119,7 +119,6 @@ struct ion_platform_data *ion_parse_dt(struct platform_device *pdev, i++; } - data->heaps = heaps; data->nr = num_heaps; return data; @@ -155,14 +154,13 @@ static int rmem_ion_device_init(struct reserved_mem *rmem, struct device *dev) heap->base = rmem->base; heap->base = rmem->size; pr_debug("%s: heap %s base %pa size %pa dev %p\n", __func__, - heap->name, >base, >size, dev); +heap->name, >base, >size, dev); return 0; } static void rmem_ion_device_release(struct reserved_mem *rmem, - struct device *dev) + struct device *dev) { - return; } static const struct reserved_mem_ops rmem_dma_ops = { @@ -181,5 +179,6 @@ static int __init rmem_ion_setup(struct reserved_mem *rmem) rmem->ops = _dma_ops; return 0; } +
[PATCH 4.7 159/184] nios2: fix __get_user()
4.7-stable review patch. If anyone has any objections, please let me know. -- From: Al Virocommit 2e29f50ad5e23db37dde9be71410d95d50241ecd upstream. a) should not leave crap on fault b) should _not_ require access_ok() in any cases. Signed-off-by: Al Viro Signed-off-by: Greg Kroah-Hartman --- arch/nios2/include/asm/uaccess.h |4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/arch/nios2/include/asm/uaccess.h +++ b/arch/nios2/include/asm/uaccess.h @@ -139,7 +139,7 @@ extern long strnlen_user(const char __us #define __get_user_unknown(val, size, ptr, err) do { \ err = 0;\ - if (copy_from_user(&(val), ptr, size)) {\ + if (__copy_from_user(&(val), ptr, size)) { \ err = -EFAULT; \ } \ } while (0) @@ -166,7 +166,7 @@ do { \ ({ \ long __gu_err = -EFAULT;\ const __typeof__(*(ptr)) __user *__gu_ptr = (ptr); \ - unsigned long __gu_val; \ + unsigned long __gu_val = 0; \ __get_user_common(__gu_val, sizeof(*(ptr)), __gu_ptr, __gu_err);\ (x) = (__force __typeof__(x))__gu_val; \ __gu_err; \
Re: crash by cdc_acm driver in kernels 4.8-rc1/5
> >Please look up the bConfigurationValue for your device > >in sysfs. I didn't explicitly say that this was done under kernel-4.7.4, otherwise it may have been impossible under 4.8 . On Thu, Sep 22, 2016 at 04:40:50PM +0200, Oliver Neukum wrote: > > OK. Strange. Please do > > dmesg -c > echo 9 > /proc/sysrq-trigger > modprobe cdc_acm > echo "module cdc_acm +mpf" > /sys/kernel/debug/dynamic_debug/control > > [plug your device in] > > and provide the full output of dmesg after that. You don't state if this must be done in a safe 4.7.4 or a crashable 4.8. (if I get that far to retrieve dmesg to a file). Anyway, echo "module cdc_acm +mpf" > /sys/kernel/debug/dynamic_debug/control results in 'No such file or directory' because there is no 'dynamic_debug'. The kernel option DYNAMIC_DEBUG was not set. A new kernel is compiling now.. Groeten, Wim.
[PATCH 4.7 161/184] s390: get_user() should zero on failure
4.7-stable review patch. If anyone has any objections, please let me know. -- From: Al Virocommit fd2d2b191fe75825c4c7a6f12f3fef35aaed7dd7 upstream. Signed-off-by: Al Viro Signed-off-by: Greg Kroah-Hartman --- arch/s390/include/asm/uaccess.h |8 1 file changed, 4 insertions(+), 4 deletions(-) --- a/arch/s390/include/asm/uaccess.h +++ b/arch/s390/include/asm/uaccess.h @@ -209,28 +209,28 @@ int __put_user_bad(void) __attribute__(( __chk_user_ptr(ptr);\ switch (sizeof(*(ptr))) { \ case 1: { \ - unsigned char __x; \ + unsigned char __x = 0; \ __gu_err = __get_user_fn(&__x, ptr, \ sizeof(*(ptr))); \ (x) = *(__force __typeof__(*(ptr)) *) &__x; \ break; \ }; \ case 2: { \ - unsigned short __x; \ + unsigned short __x = 0; \ __gu_err = __get_user_fn(&__x, ptr, \ sizeof(*(ptr))); \ (x) = *(__force __typeof__(*(ptr)) *) &__x; \ break; \ }; \ case 4: { \ - unsigned int __x; \ + unsigned int __x = 0; \ __gu_err = __get_user_fn(&__x, ptr, \ sizeof(*(ptr))); \ (x) = *(__force __typeof__(*(ptr)) *) &__x; \ break; \ }; \ case 8: { \ - unsigned long long __x; \ + unsigned long long __x = 0; \ __gu_err = __get_user_fn(&__x, ptr, \ sizeof(*(ptr))); \ (x) = *(__force __typeof__(*(ptr)) *) &__x; \
[PATCH 4.7 073/184] iio: ad799x: Fix buffered capture for ad7991/ad7995/ad7999
4.7-stable review patch. If anyone has any objections, please let me know. -- From: Lars-Peter Clausencommit 7d3cc21dab5313a02f2f3ca8164529b828a030d1 upstream. The data buffer for captured mode for the ad799x driver is allocated in the update_scan_mode() callback. This callback is not set in the iio_info struct for the ad7791/ad7995/ad7999, which means that the data buffer is not allocated when a captured transfer is started. As a result the driver crashes when the first sample is received. To fix this properly set the update_scan_mode() callback. Fixes: d8dca33027c1 ("staging:iio:ad799x: Preallocate sample buffer") Signed-off-by: Lars-Peter Clausen Signed-off-by: Jonathan Cameron Signed-off-by: Greg Kroah-Hartman --- drivers/iio/adc/ad799x.c |1 + 1 file changed, 1 insertion(+) --- a/drivers/iio/adc/ad799x.c +++ b/drivers/iio/adc/ad799x.c @@ -533,6 +533,7 @@ static struct attribute_group ad799x_eve static const struct iio_info ad7991_info = { .read_raw = _read_raw, .driver_module = THIS_MODULE, + .update_scan_mode = ad799x_update_scan_mode, }; static const struct iio_info ad7993_4_7_8_noirq_info = {
[PATCH 4.7 072/184] iio:ti-ads1015: fix a wrong pointer definition.
4.7-stable review patch. If anyone has any objections, please let me know. -- From: Giorgio Dal Molincommit 522caebb2c3684f4a1d154526fb5e33f1381e92a upstream. The call to i2c_get_clientdata(client) returns a struct iio_dev*, not the needed struct ads1015_data*. We need here an intermediate step as in the function: void ads1015_get_channels_config(struct i2c_client *client). Signed-off-by: Giorgio Dal Molin Fixes: ecc24e72f437 ("iio: adc: Add TI ADS1015 ADC driver support") Signed-off-by: Jonathan Cameron Signed-off-by: Greg Kroah-Hartman --- drivers/iio/adc/ti-ads1015.c |3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/drivers/iio/adc/ti-ads1015.c +++ b/drivers/iio/adc/ti-ads1015.c @@ -403,7 +403,8 @@ static const struct iio_info ads1015_inf #ifdef CONFIG_OF static int ads1015_get_channels_config_of(struct i2c_client *client) { - struct ads1015_data *data = i2c_get_clientdata(client); + struct iio_dev *indio_dev = i2c_get_clientdata(client); + struct ads1015_data *data = iio_priv(indio_dev); struct device_node *node; if (!client->dev.of_node ||
[PATCH 4.7 035/184] tcp: cwnd does not increase in TCP YeAH
4.7-stable review patch. If anyone has any objections, please let me know. -- From: Artem Germanov[ Upstream commit db7196a0d0984b933ccf2cd6a60e26abf466e8a3 ] Commit 76174004a0f19785a328f40388e87e982bbf69b9 (tcp: do not slow start when cwnd equals ssthresh ) introduced regression in TCP YeAH. Using 100ms delay 1% loss virtual ethernet link kernel 4.2 shows bandwidth ~500KB/s for single TCP connection and kernel 4.3 and above (including 4.8-rc4) shows bandwidth ~100KB/s. That is caused by stalled cwnd when cwnd equals ssthresh. This patch fixes it by proper increasing cwnd in this case. Signed-off-by: Artem Germanov Acked-by: Dmitry Adamushko Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- net/ipv4/tcp_yeah.c |2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/net/ipv4/tcp_yeah.c +++ b/net/ipv4/tcp_yeah.c @@ -76,7 +76,7 @@ static void tcp_yeah_cong_avoid(struct s if (!tcp_is_cwnd_limited(sk)) return; - if (tp->snd_cwnd <= tp->snd_ssthresh) + if (tcp_in_slow_start(tp)) tcp_slow_start(tp, acked); else if (!yeah->doing_reno_now) {
[PATCH 4.7 043/184] pNFS: The client must not do I/O to the DS if its lease has expired
4.7-stable review patch. If anyone has any objections, please let me know. -- From: Trond Myklebustcommit b88fa69eaa8649f11828158c7b65c4bcd886ebd5 upstream. Ensure that the client conforms to the normative behaviour described in RFC5661 Section 12.7.2: "If a client believes its lease has expired, it MUST NOT send I/O to the storage device until it has validated its lease." So ensure that we wait for the lease to be validated before using the layout. Signed-off-by: Trond Myklebust Signed-off-by: Greg Kroah-Hartman --- fs/nfs/pnfs.c |1 + 1 file changed, 1 insertion(+) --- a/fs/nfs/pnfs.c +++ b/fs/nfs/pnfs.c @@ -1527,6 +1527,7 @@ pnfs_update_layout(struct inode *ino, } lookup_again: + nfs4_client_recover_expired_lease(clp); first = false; spin_lock(>i_lock); lo = pnfs_find_alloc_layout(ino, ctx, gfp_flags);
[PATCH 4.7 084/184] USB: serial: simple: add support for another Infineon flashloader
4.7-stable review patch. If anyone has any objections, please let me know. -- From: Daniele Palmascommit f190fd92458da3e869b4e2c6289e2c617490ae53 upstream. This patch adds support for Infineon flashloader 0x8087/0x0801. The flashloader is used in Telit LE940B modem family with Telit flashing application. Signed-off-by: Daniele Palmas Signed-off-by: Johan Hovold Signed-off-by: Greg Kroah-Hartman --- drivers/usb/serial/usb-serial-simple.c |3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/drivers/usb/serial/usb-serial-simple.c +++ b/drivers/usb/serial/usb-serial-simple.c @@ -54,7 +54,8 @@ DEVICE(funsoft, FUNSOFT_IDS); /* Infineon Flashloader driver */ #define FLASHLOADER_IDS() \ { USB_DEVICE_INTERFACE_CLASS(0x058b, 0x0041, USB_CLASS_CDC_DATA) }, \ - { USB_DEVICE(0x8087, 0x0716) } + { USB_DEVICE(0x8087, 0x0716) }, \ + { USB_DEVICE(0x8087, 0x0801) } DEVICE(flashloader, FLASHLOADER_IDS); /* Google Serial USB SubClass */
[PATCH 4.4 036/118] iio: accel: kxsd9: Fix scaling bug
4.4-stable review patch. If anyone has any objections, please let me know. -- From: Linus Walleijcommit 307fe9dd11ae44d4f8881ee449a7cbac36e1f5de upstream. All the scaling of the KXSD9 involves multiplication with a fraction number < 1. However the scaling value returned from IIO_INFO_SCALE was unpredictable as only the micros of the value was assigned, and not the integer part, resulting in scaling like this: $cat in_accel_scale -1057462640.011978 Fix this by assigning zero to the integer part. Tested-by: Jonathan Cameron Signed-off-by: Linus Walleij Signed-off-by: Jonathan Cameron Signed-off-by: Greg Kroah-Hartman --- drivers/iio/accel/kxsd9.c |1 + 1 file changed, 1 insertion(+) --- a/drivers/iio/accel/kxsd9.c +++ b/drivers/iio/accel/kxsd9.c @@ -166,6 +166,7 @@ static int kxsd9_read_raw(struct iio_dev ret = spi_w8r8(st->us, KXSD9_READ(KXSD9_REG_CTRL_C)); if (ret < 0) goto error_ret; + *val = 0; *val2 = kxsd9_micro_scales[ret & KXSD9_FS_MASK]; ret = IIO_VAL_INT_PLUS_MICRO; break;
[PATCH 4.4 018/118] kexec: fix double-free when failing to relocate the purgatory
4.4-stable review patch. If anyone has any objections, please let me know. -- From: Thiago Jung Bauermanncommit 070c43eea5043e950daa423707ae3c77e2f48edb upstream. If kexec_apply_relocations fails, kexec_load_purgatory frees pi->sechdrs and pi->purgatory_buf. This is redundant, because in case of error kimage_file_prepare_segments calls kimage_file_post_load_cleanup, which will also free those buffers. This causes two warnings like the following, one for pi->sechdrs and the other for pi->purgatory_buf: kexec-bzImage64: Loading purgatory failed [ cut here ] WARNING: CPU: 1 PID: 2119 at mm/vmalloc.c:1490 __vunmap+0xc1/0xd0 Trying to vfree() nonexistent vm area (c9e91000) Modules linked in: CPU: 1 PID: 2119 Comm: kexec Not tainted 4.8.0-rc3+ #5 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 Call Trace: dump_stack+0x4d/0x65 __warn+0xcb/0xf0 warn_slowpath_fmt+0x4f/0x60 ? find_vmap_area+0x19/0x70 ? kimage_file_post_load_cleanup+0x47/0xb0 __vunmap+0xc1/0xd0 vfree+0x2e/0x70 kimage_file_post_load_cleanup+0x5e/0xb0 SyS_kexec_file_load+0x448/0x680 ? putname+0x54/0x60 ? do_sys_open+0x190/0x1f0 entry_SYSCALL_64_fastpath+0x13/0x8f ---[ end trace 158bb74f5950ca2b ]--- Fix by setting pi->sechdrs an pi->purgatory_buf to NULL, since vfree won't try to free a NULL pointer. Link: http://lkml.kernel.org/r/1472083546-23683-1-git-send-email-bauer...@linux.vnet.ibm.com Signed-off-by: Thiago Jung Bauermann Acked-by: Baoquan He Cc: "Eric W. Biederman" Cc: Vivek Goyal Cc: Dave Young Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Signed-off-by: Greg Kroah-Hartman --- kernel/kexec_file.c |3 +++ 1 file changed, 3 insertions(+) --- a/kernel/kexec_file.c +++ b/kernel/kexec_file.c @@ -934,7 +934,10 @@ int kexec_load_purgatory(struct kimage * return 0; out: vfree(pi->sechdrs); + pi->sechdrs = NULL; + vfree(pi->purgatory_buf); + pi->purgatory_buf = NULL; return ret; }
[PATCH 4.4 039/118] serial: 8250_mid: fix divide error bug if baud rate is 0
4.4-stable review patch. If anyone has any objections, please let me know. -- From: Andy Shevchenkocommit 47b34d2ef266e2c283b514d65c8963c2ccd42474 upstream. Since the commit c1a67b48f6a5 ("serial: 8250_pci: replace switch-case by formula for Intel MID"), the 8250 driver crashes in the byt_set_termios() function with a divide error. This is caused by the fact that a baud rate of 0 (B0) is not handled properly. Fix it by falling back to B9600 in this case. Reported-by: "Mendez Salinas, Fernando" Fixes: c1a67b48f6a5 ("serial: 8250_pci: replace switch-case by formula for Intel MID") Signed-off-by: Andy Shevchenko Signed-off-by: Greg Kroah-Hartman --- drivers/tty/serial/8250/8250_mid.c |3 +++ 1 file changed, 3 insertions(+) --- a/drivers/tty/serial/8250/8250_mid.c +++ b/drivers/tty/serial/8250/8250_mid.c @@ -149,6 +149,9 @@ static void mid8250_set_termios(struct u unsigned long w = BIT(24) - 1; unsigned long mul, div; + /* Gracefully handle the B0 case: fall back to B9600 */ + fuart = fuart ? fuart : 9600 * 16; + if (mid->board->freq < fuart) { /* Find prescaler value that satisfies Fuart < Fref */ if (mid->board->freq > baud)