1. 19 Jan, 2017 4 commits
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid · 2ed5e5af
      Linus Torvalds authored
      Pull HID fixes from Jiri Kosina:
      
       - regression fix for generic Wacom devices, from Jason Gerecke
      
       - DMA-on-stack fixes for hid-corsair driver, from Johan Hovold
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid:
        HID: wacom: Fix sibling detection regression
        HID: corsair: fix control-transfer error handling
        HID: corsair: fix DMA buffers on stack
      2ed5e5af
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux · 4a1cc2e8
      Linus Torvalds authored
      Pull two s390 bug fixes from Martin Schwidefsky:
       "Two changes, the first is a fix to add a missing memory clobber to the
        inline assembly to load control registers. This has not caused any
        issues so far, but who knows what code gcc will generate in future
        versions.
      
        The second change is an update for the default configurations. This
        includes CONFIG_BUG_ON_DATA_CORRUPTION=y, we want this to be enabled
        for s390. The usual approach to debug problems on production systems
        is to use crash on a system dump and for us avoiding data corruptions
        is priority one"
      
      * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux:
        s390: update defconfigs
        s390/ctl_reg: make __ctl_load a full memory barrier
      4a1cc2e8
    • Linus Torvalds's avatar
      Merge tag 'for-linus-4.10-rc4-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip · 08667577
      Linus Torvalds authored
      Pull xen fix from Juergen Gross:
       "A fix for Xen running in nested virtualization environment"
      
      * tag 'for-linus-4.10-rc4-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip:
        partially revert "xen: Remove event channel notification through Xen PCI platform device"
      08667577
    • Jason Gerecke's avatar
      HID: wacom: Fix sibling detection regression · a9ce7856
      Jason Gerecke authored
      Commit 345857bb ("HID: wacom: generic: Add support for sensor offsets") included
      a change to the operation and location of the call to 'wacom_add_shared_data'
      in 'wacom_parse_and_register'. The modifications included moving it higher up
      so that it would occur before the call to 'wacom_retrieve_hid_descriptor'. This
      was done to prevent a crash that would have occured when the report containing
      tablet offsets was fed into the driver with 'wacom_hid_report_raw_event'
      (specifically: the various 'wacom_wac_*_report' functions were written with the
      assumption that they would only be called once tablet setup had completed;
      'wacom_wac_pen_report' in particular dereferences 'shared' which wasn't yet
      allocated).
      
      Moving the call to 'wacom_add_shared_data' effectively prevented the crash but
      also broke the sibiling detection code which assumes that the HID descriptor
      has been read and the various device_type flags set.
      
      To fix this situation, we restore the original 'wacom_add_shared_data'
      operation and location and instead implement an alternative change that can
      also prevent the crash. Specifically, we notice that the report functions
      mentioned above expect to be called only for input reports.  By adding a check,
      we can prevent feature reports (such as the offset report) from
      causing trouble.
      
      Fixes: 345857bb ("HID: wacom: generic: Add support for sensor offsets")
      Signed-off-by: default avatarJason Gerecke <jason.gerecke@wacom.com>
      Tested-by: default avatarPing Cheng <pingc@wacom.com>
      Reviewed-by: default avatarBenjamin Tissoires <benjamin.tissoires@redhat.com>
      Signed-off-by: default avatarJiri Kosina <jkosina@suse.cz>
      a9ce7856
  2. 18 Jan, 2017 6 commits
    • Linus Torvalds's avatar
      Merge tag 'upstream-4.10-rc5' of git://git.infradead.org/linux-ubifs · fb1d8e0e
      Linus Torvalds authored
      Pull UBIFS fixes from Richard Weinberger:
       "This contains fixes for UBIFS:
      
         - a long standing issue in UBIFS journal replay code
      
         - fallout from the merge window"
      
      * tag 'upstream-4.10-rc5' of git://git.infradead.org/linux-ubifs:
        ubifs: Fix journal replay wrt. xattr nodes
        ubifs: remove redundant checks for encryption key
        ubifs: allow encryption ioctls in compat mode
        ubifs: add CONFIG_BLOCK dependency for encryption
        ubifs: fix unencrypted journal write
        ubifs: ensure zero err is returned on successful return
      fb1d8e0e
    • Linus Torvalds's avatar
      Merge branch 'fixes' of git://git.armlinux.org.uk/~rmk/linux-arm · fa19a769
      Linus Torvalds authored
      Pull ARM fixes from Russell King:
       "A few ARM fixes:
      
         - fix a crash while performing TLB maintanence on early ARM SMP cores
      
         - blacklist Scorpion CPUs for hardware breakpoints
      
         - ARMs asm/types.h has been included as part of the UAPI due to the
           way the makefiles work, move it to uapi/asm/types.h to make it
           official
      
         - fix up ftrace syscall name matching"
      
      * 'fixes' of git://git.armlinux.org.uk/~rmk/linux-arm:
        ARM: 8613/1: Fix the uaccess crash on PB11MPCore
        MAINTAINERS: update rmk's entries
        ARM: put types.h in uapi
        ARM: 8634/1: hw_breakpoint: blacklist Scorpion CPUs
        ARM: 8632/1: ftrace: fix syscall name matching
      fa19a769
    • Linus Torvalds's avatar
      Merge branch 'smp-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · ca92e6c7
      Linus Torvalds authored
      Pull SMP hotplug update from Thomas Gleixner:
       "This contains a trivial typo fix and an extension to the core code for
        dynamically allocating states in the prepare stage.
      
        The extension is necessary right now because we need a proper way to
        unbreak LTTNG, which iscurrently non functional due to the removal of
        the notifiers. Surely it's out of tree, but it's widely used by
        distros.
      
        The simple solution would have been to reserve a state for LTTNG, but
        I'm not fond about unused crap in the kernel and the dynamic range,
        which we admittedly should have done right away, allows us to remove
        quite some of the hardcoded states, i.e. those which have no ordering
        requirements. So doing the right thing now is better than having an
        smaller intermediate solution which needs to be reworked anyway"
      
      * 'smp-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        cpu/hotplug: Provide dynamic range for prepare stage
        perf/x86/amd/ibs: Fix typo after cleanup state names in cpu/hotplug
      ca92e6c7
    • Linus Torvalds's avatar
      Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 0b75f821
      Linus Torvalds authored
      Pull timer fix from Ingo Molnar:
       "Fix a crash in the ARM-Exynos clocksource driver, triggered by CPU
        hotplug operations"
      
      * 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        clocksource/exynos_mct: Clear interrupt when cpu is shut down
      0b75f821
    • Linus Torvalds's avatar
      Merge branch 'rcu-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 49b550fe
      Linus Torvalds authored
      Pull RCU fixes from Ingo Molnar:
       "This fixes sporadic ACPI related hangs in synchronize_rcu() that were
        caused by the ACPI code mistakenly relying on an aspect of RCU that
        was neither promised to work nor reliable but which happened to work -
        until in v4.9 we changed the RCU implementation, which made the hangs
        more prominent.
      
        Since the mis-use of the RCU facility wasn't properly detected and
        prevented either, these fixes make the RCU side work reliably instead
        of working around the problem in the ACPI code.
      
        Hence the slightly larger diffstat that goes beyond the normal scope
        of RCU fixes in -rc kernels"
      
      * 'rcu-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        rcu: Narrow early boot window of illegal synchronous grace periods
        rcu: Remove cond_resched() from Tiny synchronize_sched()
      49b550fe
    • Linus Torvalds's avatar
      Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 9da96f99
      Linus Torvalds authored
      Pull perf fixes from Ingo Molnar:
       "An Intel PMU driver hotplug fix and three 'perf probe' tooling fixes"
      
      * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
        perf/x86/intel: Handle exclusive threadid correctly on CPU hotplug
        perf probe: Fix to probe on gcc generated functions in modules
        perf probe: Add error checks to offline probe post-processing
        perf probe: Fix to show correct locations for events on modules
      9da96f99
  3. 17 Jan, 2017 16 commits
    • Linus Torvalds's avatar
      Merge tag 'modules-for-v4.10-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/jeyu/linux · 0aa0313f
      Linus Torvalds authored
      Pull modules fix from Jessica Yu:
      
       - fix out-of-tree module breakage when it supplies its own definitions
         of true and false
      
      * tag 'modules-for-v4.10-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/jeyu/linux:
        taint/module: Fix problems when out-of-kernel driver defines true or false
      0aa0313f
    • Larry Finger's avatar
      taint/module: Fix problems when out-of-kernel driver defines true or false · 5eb7c0d0
      Larry Finger authored
      Commit 7fd8329b ("taint/module: Clean up global and module taint
      flags handling") used the key words true and false as character members
      of a new struct. These names cause problems when out-of-kernel modules
      such as VirtualBox include their own definitions of true and false.
      
      Fixes: 7fd8329b ("taint/module: Clean up global and module taint flags handling")
      Signed-off-by: default avatarLarry Finger <Larry.Finger@lwfinger.net>
      Cc: Petr Mladek <pmladek@suse.com>
      Cc: Jessica Yu <jeyu@redhat.com>
      Cc: Rusty Russell <rusty@rustcorp.com.au>
      Reported-by: default avatarValdis Kletnieks <Valdis.Kletnieks@vt.edu>
      Reviewed-by: default avatarPetr Mladek <pmladek@suse.com>
      Acked-by: default avatarRusty Russell <rusty@rustcorp.com.au>
      Signed-off-by: default avatarJessica Yu <jeyu@redhat.com>
      5eb7c0d0
    • Linus Torvalds's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net · 4b19a9e2
      Linus Torvalds authored
      Pull networking fixes from David Miller:
      
       1) Handle multicast packets properly in fast-RX path of mac80211, from
          Johannes Berg.
      
       2) Because of a logic bug, the user can't actually force SW
          checksumming on r8152 devices. This makes diagnosis of hw
          checksumming bugs really annoying. Fix from Hayes Wang.
      
       3) VXLAN route lookup does not take the source and destination ports
          into account, which means IPSEC policies cannot be matched properly.
          Fix from Martynas Pumputis.
      
       4) Do proper RCU locking in netvsc callbacks, from Stephen Hemminger.
      
       5) Fix SKB leaks in mlxsw driver, from Arkadi Sharshevsky.
      
       6) If lwtunnel_fill_encap() fails, we do not abort the netlink message
          construction properly in fib_dump_info(), from David Ahern.
      
       7) Do not use kernel stack for DMA buffers in atusb driver, from Stefan
          Schmidt.
      
       8) Openvswitch conntack actions need to maintain a correct checksum,
          fix from Lance Richardson.
      
       9) ax25_disconnect() is missing a check for ax25->sk being NULL, in
          fact it already checks this, but not in all of the necessary spots.
          Fix from Basil Gunn.
      
      10) Action GET operations in the packet scheduler can erroneously bump
          the reference count of the entry, making it unreleasable. Fix from
          Jamal Hadi Salim. Jamal gives a great set of example command lines
          that trigger this in the commit message.
      
      * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (46 commits)
        net sched actions: fix refcnt when GETing of action after bind
        net/mlx4_core: Eliminate warning messages for SRQ_LIMIT under SRIOV
        net/mlx4_core: Fix when to save some qp context flags for dynamic VST to VGT transitions
        net/mlx4_core: Fix racy CQ (Completion Queue) free
        net: stmmac: don't use netdev_[dbg, info, ..] before net_device is registered
        net/mlx5e: Fix a -Wmaybe-uninitialized warning
        ax25: Fix segfault after sock connection timeout
        bpf: rework prog_digest into prog_tag
        tipc: allocate user memory with GFP_KERNEL flag
        net: phy: dp83867: allow RGMII_TXID/RGMII_RXID interface types
        ip6_tunnel: Account for tunnel header in tunnel MTU
        mld: do not remove mld souce list info when set link down
        be2net: fix MAC addr setting on privileged BE3 VFs
        be2net: don't delete MAC on close on unprivileged BE3 VFs
        be2net: fix status check in be_cmd_pmac_add()
        cpmac: remove hopeless #warning
        ravb: do not use zero-length alignment DMA descriptor
        mlx4: do not call napi_schedule() without care
        openvswitch: maintain correct checksum state in conntrack actions
        tcp: fix tcp_fastopen unaligned access complaints on sparc
        ...
      4b19a9e2
    • Linus Torvalds's avatar
      Merge branch 'stable/for-linus-4.10' of... · 203f80f1
      Linus Torvalds authored
      Merge branch 'stable/for-linus-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/swiotlb
      
      Pull swiotlb fix from Konrad Rzeszutek Wilk:
       "A tiny fix to make sure that page-sized mappings are page-aligned (and
        not say straddle two pages). This is important for some drivers (such
        as NVME)"
      
      * 'stable/for-linus-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/swiotlb:
        swiotlb: ensure that page-sized mappings are page-aligned
      203f80f1
    • Linus Torvalds's avatar
      Merge tag 'mmc-v4.10-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc · 7e84b303
      Linus Torvalds authored
      Pull MMC fixes from Ulf Hansson:
       "MMC core:
         - fix regressions detecting HS/HS DDR eMMC cards related to CMD6
      
        MMC host:
         - mmc: mxs-mmc: Fix additional cycles after transmission stop
         - sdhci-acpi: Only powered up enabled acpi child devices
         - meson: avoid possible NULL dereference"
      
      * tag 'mmc-v4.10-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc:
        mmc: core: Restore parts of the polling policy when switch to HS/HS DDR
        mmc: mxs-mmc: Fix additional cycles after transmission stop
        mmc: sdhci-acpi: Only powered up enabled acpi child devices
        MMC: meson: avoid possible NULL dereference
      7e84b303
    • Linus Torvalds's avatar
      Merge tag 'for-linus-20170116' of git://git.infradead.org/linux-mtd · 7d8b8c09
      Linus Torvalds authored
      Pull MTD fixes from Brian Norris:
       "Just NAND updates from Boris:
      
         - avoid compiling xway NAND controller driver as a module (which
           didn't work)
      
         - fix tango NAND DT binding and make sure the controller is in a
           clean state at probe time
      
         - add dependency on HAS_IOMEM to the oxnas NAND driver
      
         - fix irq number validity check in the lpc32xx driver"
      
      * tag 'for-linus-20170116' of git://git.infradead.org/linux-mtd:
        mtd: nand: lpc32xx: fix invalid error handling of a requested irq
        mtd: nand: tango: Reset pbus to raw mode in probe
        mtd: nand: tango: Update DT binding description
        mtd: nand: oxnas_nand: fix build errors on arch/um, require HAS_IOMEM
        mtd: nand: xway: fix build because of module functions
        mtd: nand: xway: disable module support
      7d8b8c09
    • Ingo Molnar's avatar
      Merge tag 'perf-urgent-for-mingo-4.10-20170117' of... · 31f5260a
      Ingo Molnar authored
      Merge tag 'perf-urgent-for-mingo-4.10-20170117' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux into perf/urgent
      
      Pull 'perf probe' fixes from Arnaldo Carvalho de Melo <acme@redhat.com>
      
        - Show correct locations for 'perf probe' on modules (Masami Hiramatsu)
      
        - Correctly handle 'perf probe's on GCC generated functions in modules (Masami Hiramatsu)
      Signed-off-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
      Signed-off-by: default avatarIngo Molnar <mingo@kernel.org>
      31f5260a
    • Richard Weinberger's avatar
      ubifs: Fix journal replay wrt. xattr nodes · 1cb51a15
      Richard Weinberger authored
      When replaying the journal it can happen that a journal entry points to
      a garbage collected node.
      This is the case when a power-cut occurred between a garbage collect run
      and a commit. In such a case nodes have to be read using the failable
      read functions to detect whether the found node matches what we expect.
      
      One corner case was forgotten, when the journal contains an entry to
      remove an inode all xattrs have to be removed too. UBIFS models xattr
      like directory entries, so the TNC code iterates over
      all xattrs of the inode and removes them too. This code re-uses the
      functions for walking directories and calls ubifs_tnc_next_ent().
      ubifs_tnc_next_ent() expects to be used only after the journal and
      aborts when a node does not match the expected result. This behavior can
      render an UBIFS volume unmountable after a power-cut when xattrs are
      used.
      
      Fix this issue by using failable read functions in ubifs_tnc_next_ent()
      too when replaying the journal.
      Cc: stable@vger.kernel.org
      Fixes: 1e51764a ("UBIFS: add new flash file system")
      Reported-by: default avatarRock Lee <rockdotlee@gmail.com>
      Reviewed-by: default avatarDavid Gstir <david@sigma-star.at>
      Signed-off-by: default avatarRichard Weinberger <richard@nod.at>
      1cb51a15
    • Eric Biggers's avatar
      ubifs: remove redundant checks for encryption key · 3d4b2fcb
      Eric Biggers authored
      In several places, ubifs checked for an encryption key before creating a
      file in an encrypted directory.  This was redundant with
      fscrypt_setup_filename() or ubifs_new_inode(), and in the case of
      ubifs_link() it broke linking to special files.  So remove the extra
      checks.
      Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
      Signed-off-by: default avatarRichard Weinberger <richard@nod.at>
      3d4b2fcb
    • Eric Biggers's avatar
      ubifs: allow encryption ioctls in compat mode · a75467d9
      Eric Biggers authored
      The ubifs encryption ioctls did not work when called by a 32-bit program
      on a 64-bit kernel.  Since 'struct fscrypt_policy' is not affected by
      the word size, ubifs just needs to allow these ioctls through, like what
      ext4 and f2fs do.
      Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
      Signed-off-by: default avatarRichard Weinberger <richard@nod.at>
      a75467d9
    • Arnd Bergmann's avatar
      ubifs: add CONFIG_BLOCK dependency for encryption · 404e0b63
      Arnd Bergmann authored
      This came up during the v4.10 merge window:
      
      warning: (UBIFS_FS_ENCRYPTION) selects FS_ENCRYPTION which has unmet direct dependencies (BLOCK)
      fs/crypto/crypto.c: In function 'fscrypt_zeroout_range':
      fs/crypto/crypto.c:355:9: error: implicit declaration of function 'bio_alloc';did you mean 'd_alloc'? [-Werror=implicit-function-declaration]
         bio = bio_alloc(GFP_NOWAIT, 1);
      
      The easiest way out is to limit UBIFS_FS_ENCRYPTION to configurations
      that also enable BLOCK.
      
      Fixes: d475a507 ("ubifs: Add skeleton for fscrypto")
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Signed-off-by: default avatarRichard Weinberger <richard@nod.at>
      404e0b63
    • Peter Rosin's avatar
      ubifs: fix unencrypted journal write · 507502ad
      Peter Rosin authored
      Without this, I get the following on reboot:
      
      UBIFS error (ubi1:0 pid 703): ubifs_load_znode: bad target node (type 1) length (8240)
      UBIFS error (ubi1:0 pid 703): ubifs_load_znode: have to be in range of 48-4144
      UBIFS error (ubi1:0 pid 703): ubifs_load_znode: bad indexing node at LEB 13:11080, error 5
       magic          0x6101831
       crc            0xb1cb246f
       node_type      9 (indexing node)
       group_type     0 (no node group)
       sqnum          546
       len            128
       child_cnt      5
       level          0
       Branches:
       0: LEB 14:72088 len 161 key (133, inode)
       1: LEB 14:81120 len 160 key (134, inode)
       2: LEB 20:26624 len 8240 key (134, data, 0)
       3: LEB 14:81280 len 160 key (135, inode)
       4: LEB 20:34864 len 8240 key (135, data, 0)
      UBIFS warning (ubi1:0 pid 703): ubifs_ro_mode.part.0: switched to read-only mode, error -22
      CPU: 0 PID: 703 Comm: mount Not tainted 4.9.0-next-20161213+ #1197
      Hardware name: Atmel SAMA5
      [<c010d2ac>] (unwind_backtrace) from [<c010b250>] (show_stack+0x10/0x14)
      [<c010b250>] (show_stack) from [<c024df94>] (ubifs_jnl_update+0x2e8/0x614)
      [<c024df94>] (ubifs_jnl_update) from [<c0254bf8>] (ubifs_mkdir+0x160/0x204)
      [<c0254bf8>] (ubifs_mkdir) from [<c01a6030>] (vfs_mkdir+0xb0/0x104)
      [<c01a6030>] (vfs_mkdir) from [<c0286070>] (ovl_create_real+0x118/0x248)
      [<c0286070>] (ovl_create_real) from [<c0283ed4>] (ovl_fill_super+0x994/0xaf4)
      [<c0283ed4>] (ovl_fill_super) from [<c019c394>] (mount_nodev+0x44/0x9c)
      [<c019c394>] (mount_nodev) from [<c019c4ac>] (mount_fs+0x14/0xa4)
      [<c019c4ac>] (mount_fs) from [<c01b5338>] (vfs_kern_mount+0x4c/0xd4)
      [<c01b5338>] (vfs_kern_mount) from [<c01b6b80>] (do_mount+0x154/0xac8)
      [<c01b6b80>] (do_mount) from [<c01b782c>] (SyS_mount+0x74/0x9c)
      [<c01b782c>] (SyS_mount) from [<c0107f80>] (ret_fast_syscall+0x0/0x3c)
      UBIFS error (ubi1:0 pid 703): ubifs_mkdir: cannot create directory, error -22
      overlayfs: failed to create directory /mnt/ovl/work/work (errno: 22); mounting read-only
      
      Fixes: 7799953b ("ubifs: Implement encrypt/decrypt for all IO")
      Signed-off-by: default avatarPeter Rosin <peda@axentia.se>
      Tested-by: default avatarKevin Hilman <khilman@baylibre.com>
      Signed-off-by: default avatarRichard Weinberger <richard@nod.at>
      507502ad
    • Colin Ian King's avatar
      ubifs: ensure zero err is returned on successful return · e8f19746
      Colin Ian King authored
      err is no longer being set on a successful return path, causing
      a garbage value being returned. Fix this by setting err to zero
      for the successful return path.
      
      Found with static analysis by CoverityScan, CID 1389473
      
      Fixes: 7799953b ("ubifs: Implement encrypt/decrypt for all IO")
      Signed-off-by: default avatarColin Ian King <colin.king@canonical.com>
      Signed-off-by: default avatarRichard Weinberger <richard@nod.at>
      e8f19746
    • Zhou Chengming's avatar
      perf/x86/intel: Handle exclusive threadid correctly on CPU hotplug · 4e71de79
      Zhou Chengming authored
      The CPU hotplug function intel_pmu_cpu_starting() sets
      cpu_hw_events.excl_thread_id unconditionally to 1 when the shared exclusive
      counters data structure is already availabe for the sibling thread.
      
      This works during the boot process because the first sibling gets threadid
      0 assigned and the second sibling which shares the data structure gets 1.
      
      But when the first thread of the core is offlined and onlined again it
      shares the data structure with the second thread and gets exclusive thread
      id 1 assigned as well.
      
      Prevent this by checking the threadid of the already online thread.
      
      [ tglx: Rewrote changelog ]
      Signed-off-by: default avatarZhou Chengming <zhouchengming1@huawei.com>
      Cc: NuoHan Qiao <qiaonuohan@huawei.com>
      Cc: ak@linux.intel.com
      Cc: peterz@infradead.org
      Cc: kan.liang@intel.com
      Cc: dave.hansen@linux.intel.com
      Cc: eranian@google.com
      Cc: qiaonuohan@huawei.com
      Cc: davidcc@google.com
      Cc: guohanjun@huawei.com
      Link: http://lkml.kernel.org/r/1484536871-3131-1-git-send-email-zhouchengming1@huawei.comSigned-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
      ---					---
       arch/x86/events/intel/core.c |    7 +++++--
       1 file changed, 5 insertions(+), 2 deletions(-)
      4e71de79
    • Joonyoung Shim's avatar
      clocksource/exynos_mct: Clear interrupt when cpu is shut down · bc7c36ee
      Joonyoung Shim authored
      When a CPU goes offline a potentially pending timer interrupt is not
      cleared. When the CPU comes online again then the pending interrupt is
      delivered before the per cpu clockevent device is initialized. As a
      consequence the tick interrupt handler dereferences a NULL pointer.
      
      [   51.251378] Unable to handle kernel NULL pointer dereference at virtual address 00000040
      [   51.289348] task: ee942d00 task.stack: ee960000
      [   51.293861] PC is at tick_periodic+0x38/0xb0
      [   51.298102] LR is at tick_handle_periodic+0x1c/0x90
      
      Clear the pending interrupt in the cpu dying path.
      
      Fixes: 56a94f13 ("clocksource: exynos_mct: Avoid blocking calls in the cpu hotplug notifier")
      Reported-by: default avatarSeung-Woo Kim <sw0312.kim@samsung.com>
      Signed-off-by: default avatarJoonyoung Shim <jy0922.shim@samsung.com>
      Cc: linux-samsung-soc@vger.kernel.org
      Cc: cw00.choi@samsung.com
      Cc: daniel.lezcano@linaro.org
      Cc: stable@vger.kernel.org
      Cc: javier@osg.samsung.com
      Cc: kgene@kernel.org
      Cc: krzk@kernel.org
      Cc: linux-arm-kernel@lists.infradead.org
      Link: http://lkml.kernel.org/r/1484628876-22065-1-git-send-email-jy0922.shim@samsung.comSigned-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
      bc7c36ee
    • Jamal Hadi Salim's avatar
      net sched actions: fix refcnt when GETing of action after bind · 0faa9cb5
      Jamal Hadi Salim authored
      Demonstrating the issue:
      
      .. add a drop action
      $sudo $TC actions add action drop index 10
      
      .. retrieve it
      $ sudo $TC -s actions get action gact index 10
      
      	action order 1: gact action drop
      	 random type none pass val 0
      	 index 10 ref 2 bind 0 installed 29 sec used 29 sec
       	Action statistics:
      	Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
      	backlog 0b 0p requeues 0
      
      ... bug 1 above: reference is two.
          Reference is actually 1 but we forget to subtract 1.
      
      ... do a GET again and we see the same issue
          try a few times and nothing changes
      ~$ sudo $TC -s actions get action gact index 10
      
      	action order 1: gact action drop
      	 random type none pass val 0
      	 index 10 ref 2 bind 0 installed 31 sec used 31 sec
       	Action statistics:
      	Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
      	backlog 0b 0p requeues 0
      
      ... lets try to bind the action to a filter..
      $ sudo $TC qdisc add dev lo ingress
      $ sudo $TC filter add dev lo parent ffff: protocol ip prio 1 \
        u32 match ip dst 127.0.0.1/32 flowid 1:1 action gact index 10
      
      ... and now a few GETs:
      $ sudo $TC -s actions get action gact index 10
      
      	action order 1: gact action drop
      	 random type none pass val 0
      	 index 10 ref 3 bind 1 installed 204 sec used 204 sec
       	Action statistics:
      	Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
      	backlog 0b 0p requeues 0
      
      $ sudo $TC -s actions get action gact index 10
      
      	action order 1: gact action drop
      	 random type none pass val 0
      	 index 10 ref 4 bind 1 installed 206 sec used 206 sec
       	Action statistics:
      	Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
      	backlog 0b 0p requeues 0
      
      $ sudo $TC -s actions get action gact index 10
      
      	action order 1: gact action drop
      	 random type none pass val 0
      	 index 10 ref 5 bind 1 installed 235 sec used 235 sec
       	Action statistics:
      	Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
      	backlog 0b 0p requeues 0
      
      .... as can be observed the reference count keeps going up.
      
      After the fix
      
      $ sudo $TC actions add action drop index 10
      $ sudo $TC -s actions get action gact index 10
      
      	action order 1: gact action drop
      	 random type none pass val 0
      	 index 10 ref 1 bind 0 installed 4 sec used 4 sec
       	Action statistics:
      	Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
      	backlog 0b 0p requeues 0
      
      $ sudo $TC -s actions get action gact index 10
      
      	action order 1: gact action drop
      	 random type none pass val 0
      	 index 10 ref 1 bind 0 installed 6 sec used 6 sec
       	Action statistics:
      	Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
      	backlog 0b 0p requeues 0
      
      $ sudo $TC qdisc add dev lo ingress
      $ sudo $TC filter add dev lo parent ffff: protocol ip prio 1 \
        u32 match ip dst 127.0.0.1/32 flowid 1:1 action gact index 10
      
      $ sudo $TC -s actions get action gact index 10
      
      	action order 1: gact action drop
      	 random type none pass val 0
      	 index 10 ref 2 bind 1 installed 32 sec used 32 sec
       	Action statistics:
      	Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
      	backlog 0b 0p requeues 0
      
      $ sudo $TC -s actions get action gact index 10
      
      	action order 1: gact action drop
      	 random type none pass val 0
      	 index 10 ref 2 bind 1 installed 33 sec used 33 sec
       	Action statistics:
      	Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0)
      	backlog 0b 0p requeues 0
      
      Fixes: aecc5cef ("net sched actions: fix GETing actions")
      Signed-off-by: default avatarJamal Hadi Salim <jhs@mojatatu.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      0faa9cb5
  4. 16 Jan, 2017 14 commits
    • Linus Torvalds's avatar
      Merge tag 'nfs-for-4.10-3' of git://git.linux-nfs.org/projects/trondmy/linux-nfs · 5cf7a0f3
      Linus Torvalds authored
      Pull NFS client bugfixes from Trond Myklebust:
      
       - fix invalid fget()/fput() calls when doing file locking
      
       - fix multiple directory cache invalidation issues due to the client
         failing to recognise that the directory wasn't changed
      
       - fix client recovery when server reboots multiple times
      
      * tag 'nfs-for-4.10-3' of git://git.linux-nfs.org/projects/trondmy/linux-nfs:
        NFSv4: Fix client recovery when server reboots multiple times
        NFSv4: update_changeattr should update the attribute timestamp
        NFSv4: Don't call update_changeattr() unless the unlink is successful
        NFSv4: Don't apply change_info4 twice on rename within a directory
        NFSv4: Call update_changeattr() from _nfs4_proc_open only if a file was created
        nfs: Don't take a reference on fl->fl_file for LOCK operation
      5cf7a0f3
    • David S. Miller's avatar
      Merge branch 'mlx4-core-fixes' · 617125e7
      David S. Miller authored
      Tariq Toukan says:
      
      ====================
      mlx4 core fixes
      
      This patchset contains bug fixes from Jack to the mlx4 Core driver.
      
      Patch 1 solves a race in the flow of CQ free.
      Patch 2 moves some qp context flags update to the correct qp transition.
      Patch 3 eliminates warnings from the path of SRQ_LIMIT that flood the message log,
      and keeps them only in the path of SRQ_CATAS_ERROR.
      
      Series generated against net commit:
      1a717fcf Merge tag 'mac80211-for-davem-2017-01-13' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      617125e7
    • Jack Morgenstein's avatar
      net/mlx4_core: Eliminate warning messages for SRQ_LIMIT under SRIOV · 9577b174
      Jack Morgenstein authored
      When running SRIOV, warnings for SRQ LIMIT events flood the Hypervisor's
      message log when (correct, normally operating) apps use SRQ LIMIT events
      as a trigger to post WQEs to SRQs.
      
      Add more information to the existing debug printout for SRQ_LIMIT, and
      output the warning messages only for the SRQ CATAS ERROR event.
      
      Fixes: acba2420 ("mlx4_core: Add wrapper functions and comm channel and slave event support to EQs")
      Fixes: e0debf9c ("mlx4_core: Reduce warning message for SRQ_LIMIT event to debug level")
      Signed-off-by: default avatarJack Morgenstein <jackm@dev.mellanox.co.il>
      Signed-off-by: default avatarTariq Toukan <tariqt@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      9577b174
    • Jack Morgenstein's avatar
      net/mlx4_core: Fix when to save some qp context flags for dynamic VST to VGT transitions · 7c3945bc
      Jack Morgenstein authored
      Save the qp context flags byte containing the flag disabling vlan stripping
      in the RESET to INIT qp transition, rather than in the INIT to RTR
      transition. Per the firmware spec, the flags in this byte are active
      in the RESET to INIT transition.
      
      As a result of saving the flags in the incorrect qp transition, when
      switching dynamically from VGT to VST and back to VGT, the vlan
      remained stripped (as is required for VST) and did not return to
      not-stripped (as is required for VGT).
      
      Fixes: f0f829bf ("net/mlx4_core: Add immediate activate for VGT->VST->VGT")
      Signed-off-by: default avatarJack Morgenstein <jackm@dev.mellanox.co.il>
      Signed-off-by: default avatarTariq Toukan <tariqt@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      7c3945bc
    • Jack Morgenstein's avatar
      net/mlx4_core: Fix racy CQ (Completion Queue) free · 291c566a
      Jack Morgenstein authored
      In function mlx4_cq_completion() and mlx4_cq_event(), the
      radix_tree_lookup requires a rcu_read_lock.
      This is mandatory: if another core frees the CQ, it could
      run the radix_tree_node_rcu_free() call_rcu() callback while
      its being used by the radix tree lookup function.
      
      Additionally, in function mlx4_cq_event(), since we are adding
      the rcu lock around the radix-tree lookup, we no longer need to take
      the spinlock. Also, the synchronize_irq() call for the async event
      eliminates the need for incrementing the cq reference count in
      mlx4_cq_event().
      
      Other changes:
      1. In function mlx4_cq_free(), replace spin_lock_irq with spin_lock:
         we no longer take this spinlock in the interrupt context.
         The spinlock here, therefore, simply protects against different
         threads simultaneously invoking mlx4_cq_free() for different cq's.
      
      2. In function mlx4_cq_free(), we move the radix tree delete to before
         the synchronize_irq() calls. This guarantees that we will not
         access this cq during any subsequent interrupts, and therefore can
         safely free the CQ after the synchronize_irq calls. The rcu_read_lock
         in the interrupt handlers only needs to protect against corrupting the
         radix tree; the interrupt handlers may access the cq outside the
         rcu_read_lock due to the synchronize_irq calls which protect against
         premature freeing of the cq.
      
      3. In function mlx4_cq_event(), we change the mlx_warn message to mlx4_dbg.
      
      4. We leave the cq reference count mechanism in place, because it is
         still needed for the cq completion tasklet mechanism.
      
      Fixes: 6d90aa5c ("net/mlx4_core: Make sure there are no pending async events when freeing CQ")
      Fixes: 225c7b1f ("IB/mlx4: Add a driver Mellanox ConnectX InfiniBand adapters")
      Signed-off-by: default avatarJack Morgenstein <jackm@dev.mellanox.co.il>
      Signed-off-by: default avatarMatan Barak <matanb@mellanox.com>
      Signed-off-by: default avatarTariq Toukan <tariqt@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      291c566a
    • Heiner Kallweit's avatar
      net: stmmac: don't use netdev_[dbg, info, ..] before net_device is registered · b618ab45
      Heiner Kallweit authored
      Don't use netdev_info and friends before the net_device is registered.
      This avoids ugly messages like
      "meson8b-dwmac c9410000.ethernet (unnamed net_device) (uninitialized):
      Enable RX Mitigation via HW Watchdog Timer"
      Signed-off-by: default avatarHeiner Kallweit <hkallweit1@gmail.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b618ab45
    • Arnd Bergmann's avatar
      net/mlx5e: Fix a -Wmaybe-uninitialized warning · abeffce9
      Arnd Bergmann authored
      As found by Olof's build bot, we gain a harmless warning about a
      potential uninitialized variable reference in mlx5:
      
      drivers/net/ethernet/mellanox/mlx5/core/en_tc.c: In function 'parse_tc_fdb_actions':
      drivers/net/ethernet/mellanox/mlx5/core/en_tc.c:769:13: warning: 'out_dev' may be used uninitialized in this function [-Wmaybe-uninitialized]
      drivers/net/ethernet/mellanox/mlx5/core/en_tc.c:811:21: note: 'out_dev' was declared here
      
      This was introduced through the addition of an 'IS_ERR/PTR_ERR' pair
      that gcc is unfortunately unable to completely figure out.
      
      The problem being gcc cannot tell that if(IS_ERR()) in
      mlx5e_route_lookup_ipv4() is equivalent to checking if(err) later,
      so it assumes that 'out_dev' is used after the 'return PTR_ERR(rt)'.
      
      The PTR_ERR_OR_ZERO() case by comparison is fairly easy to detect
      by gcc, so it can't get that wrong, so it no longer warns.
      
      Hadar Hen Zion already attempted to fix the warning earlier by adding fake
      initializations, but that ended up not fully addressing all warnings, so
      I'm reverting it now that it is no longer needed.
      
      Link: http://arm-soc.lixom.net/buildlogs/mainline/v4.10-rc3-98-gcff3b2c/
      Fixes: a42485eb ("net/mlx5e: TC ipv4 tunnel encap offload error flow fixes")
      Fixes: a757d108 ("net/mlx5e: Fix kbuild warnings for uninitialized parameters")
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      Signed-off-by: default avatarOr Gerlitz <ogerlitz@mellanox.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      abeffce9
    • Basil Gunn's avatar
      ax25: Fix segfault after sock connection timeout · 8a367e74
      Basil Gunn authored
      The ax.25 socket connection timed out & the sock struct has been
      previously taken down ie. sock struct is now a NULL pointer. Checking
      the sock_flag causes the segfault.  Check if the socket struct pointer
      is NULL before checking sock_flag. This segfault is seen in
      timed out netrom connections.
      
      Please submit to -stable.
      Signed-off-by: default avatarBasil Gunn <basil@pacabunga.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      8a367e74
    • Daniel Borkmann's avatar
      bpf: rework prog_digest into prog_tag · f1f7714e
      Daniel Borkmann authored
      Commit 7bd509e3 ("bpf: add prog_digest and expose it via
      fdinfo/netlink") was recently discussed, partially due to
      admittedly suboptimal name of "prog_digest" in combination
      with sha1 hash usage, thus inevitably and rightfully concerns
      about its security in terms of collision resistance were
      raised with regards to use-cases.
      
      The intended use cases are for debugging resp. introspection
      only for providing a stable "tag" over the instruction sequence
      that both kernel and user space can calculate independently.
      It's not usable at all for making a security relevant decision.
      So collisions where two different instruction sequences generate
      the same tag can happen, but ideally at a rather low rate. The
      "tag" will be dumped in hex and is short enough to introspect
      in tracepoints or kallsyms output along with other data such
      as stack trace, etc. Thus, this patch performs a rename into
      prog_tag and truncates the tag to a short output (64 bits) to
      make it obvious it's not collision-free.
      
      Should in future a hash or facility be needed with a security
      relevant focus, then we can think about requirements, constraints,
      etc that would fit to that situation. For now, rework the exposed
      parts for the current use cases as long as nothing has been
      released yet. Tested on x86_64 and s390x.
      
      Fixes: 7bd509e3 ("bpf: add prog_digest and expose it via fdinfo/netlink")
      Signed-off-by: default avatarDaniel Borkmann <daniel@iogearbox.net>
      Acked-by: default avatarAlexei Starovoitov <ast@kernel.org>
      Cc: Andy Lutomirski <luto@kernel.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      f1f7714e
    • Masami Hiramatsu's avatar
      perf probe: Fix to probe on gcc generated functions in modules · 613f050d
      Masami Hiramatsu authored
      Fix to probe on gcc generated functions on modules. Since
      probing on a module is based on its symbol name, it should
      be adjusted on actual symbols.
      
      E.g. without this fix, perf probe shows probe definition
      on non-exist symbol as below.
      
        $ perf probe -m build-x86_64/net/netfilter/nf_nat.ko -F in_range*
        in_range.isra.12
        $ perf probe -m build-x86_64/net/netfilter/nf_nat.ko -D in_range
        p:probe/in_range nf_nat:in_range+0
      
      With this fix, perf probe correctly shows a probe on
      gcc-generated symbol.
      
        $ perf probe -m build-x86_64/net/netfilter/nf_nat.ko -D in_range
        p:probe/in_range nf_nat:in_range.isra.12+0
      
      This also fixes same problem on online module as below.
      
        $ perf probe -m i915 -D assert_plane
        p:probe/assert_plane i915:assert_plane.constprop.134+0
      Signed-off-by: default avatarMasami Hiramatsu <mhiramat@kernel.org>
      Tested-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
      Cc: Jiri Olsa <jolsa@redhat.com>
      Cc: Namhyung Kim <namhyung@kernel.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Link: http://lkml.kernel.org/r/148411450673.9978.14905987549651656075.stgit@devboxSigned-off-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
      613f050d
    • Masami Hiramatsu's avatar
      perf probe: Add error checks to offline probe post-processing · 3e96dac7
      Masami Hiramatsu authored
      Add error check codes on post processing and improve it for offline
      probe events as:
      
       - post processing fails if no matched symbol found in map(-ENOENT)
         or strdup() failed(-ENOMEM).
      
       - Even if the symbol name is the same, it updates symbol address
         and offset.
      Signed-off-by: default avatarMasami Hiramatsu <mhiramat@kernel.org>
      Cc: Jiri Olsa <jolsa@redhat.com>
      Cc: Namhyung Kim <namhyung@kernel.org>
      Cc: Peter Zijlstra <peterz@infradead.org>
      Link: http://lkml.kernel.org/r/148411443738.9978.4617979132625405545.stgit@devboxSigned-off-by: default avatarArnaldo Carvalho de Melo <acme@redhat.com>
      3e96dac7
    • Parthasarathy Bhuvaragan's avatar
      tipc: allocate user memory with GFP_KERNEL flag · 57d5f64d
      Parthasarathy Bhuvaragan authored
      Until now, we allocate memory always with GFP_ATOMIC flag.
      When the system is under memory pressure and a user tries to send,
      the send fails due to low memory. However, the user application
      can wait for free memory if we allocate it using GFP_KERNEL flag.
      
      In this commit, we use allocate memory with GFP_KERNEL for all user
      allocation.
      Reported-by: default avatarRune Torgersen <runet@innovsys.com>
      Acked-by: default avatarJon Maloy <jon.maloy@ericsson.com>
      Signed-off-by: default avatarParthasarathy Bhuvaragan <parthasarathy.bhuvaragan@ericsson.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      57d5f64d
    • Karicheri, Muralidharan's avatar
      net: phy: dp83867: allow RGMII_TXID/RGMII_RXID interface types · 34c55cf2
      Karicheri, Muralidharan authored
      Currently dp83867 driver returns error if phy interface type
      PHY_INTERFACE_MODE_RGMII_RXID is used to set the rx only internal
      delay. Similarly issue happens for PHY_INTERFACE_MODE_RGMII_TXID.
      Fix this by checking also the interface type if a particular delay
      value is missing in the phy dt bindings. Also update the DT document
      accordingly.
      Signed-off-by: default avatarMurali Karicheri <m-karicheri2@ti.com>
      Signed-off-by: default avatarSekhar Nori <nsekhar@ti.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      34c55cf2
    • Jakub Sitnicki's avatar
      ip6_tunnel: Account for tunnel header in tunnel MTU · 02ca0423
      Jakub Sitnicki authored
      With ip6gre we have a tunnel header which also makes the tunnel MTU
      smaller. We need to reserve room for it. Previously we were using up
      space reserved for the Tunnel Encapsulation Limit option
      header (RFC 2473).
      
      Also, after commit b05229f4 ("gre6: Cleanup GREv6 transmit path,
      call common GRE functions") our contract with the caller has
      changed. Now we check if the packet length exceeds the tunnel MTU after
      the tunnel header has been pushed, unlike before.
      
      This is reflected in the check where we look at the packet length minus
      the size of the tunnel header, which is already accounted for in tunnel
      MTU.
      
      Fixes: b05229f4 ("gre6: Cleanup GREv6 transmit path, call common GRE functions")
      Signed-off-by: default avatarJakub Sitnicki <jkbs@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      02ca0423