1. 21 Apr, 2017 26 commits
  2. 18 Apr, 2017 14 commits
    • Greg Kroah-Hartman's avatar
      Linux 4.10.11 · 4c031101
      Greg Kroah-Hartman authored
      4c031101
    • Marek Szyprowski's avatar
      dma-buf: add support for compat ioctl · 2ef9c8dd
      Marek Szyprowski authored
      commit 888022c0 upstream.
      
      Add compat ioctl support to dma-buf. This lets one to use DMA_BUF_IOCTL_SYNC
      ioctl from 32bit application on 64bit kernel. Data structures for both 32
      and 64bit modes are same, so there is no need for additional translation
      layer.
      Signed-off-by: default avatarMarek Szyprowski <m.szyprowski@samsung.com>
      Reviewed-by: default avatarChristian König <christian.koenig@amd.com>
      Acked-by: default avatarDaniel Vetter <daniel.vetter@ffwll.ch>
      Signed-off-by: default avatarSumit Semwal <sumit.semwal@linaro.org>
      Link: http://patchwork.freedesktop.org/patch/msgid/1487683261-2655-1-git-send-email-m.szyprowski@samsung.comSigned-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      2ef9c8dd
    • Andrey Konovalov's avatar
      net/packet: fix overflow in check for priv area size · 10e13823
      Andrey Konovalov authored
      commit 2b6867c2 upstream.
      
      Subtracting tp_sizeof_priv from tp_block_size and casting to int
      to check whether one is less then the other doesn't always work
      (both of them are unsigned ints).
      
      Compare them as is instead.
      
      Also cast tp_sizeof_priv to u64 before using BLK_PLUS_PRIV, as
      it can overflow inside BLK_PLUS_PRIV otherwise.
      Signed-off-by: default avatarAndrey Konovalov <andreyknvl@google.com>
      Acked-by: default avatarEric Dumazet <edumazet@google.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      10e13823
    • Horia Geantă's avatar
      crypto: caam - fix invalid dereference in caam_rsa_init_tfm() · 50d60091
      Horia Geantă authored
      commit 33fa46d7 upstream.
      
      In case caam_jr_alloc() fails, ctx->dev carries the error code,
      thus accessing it with dev_err() is incorrect.
      
      Fixes: 8c419778 ("crypto: caam - add support for RSA algorithm")
      Signed-off-by: default avatarHoria Geantă <horia.geanta@nxp.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      50d60091
    • Horia Geantă's avatar
      crypto: caam - fix RNG deinstantiation error checking · 41889ca0
      Horia Geantă authored
      commit 40c98cb5 upstream.
      
      RNG instantiation was previously fixed by
      commit 62743a41 ("crypto: caam - fix RNG init descriptor ret. code checking")
      while deinstantiation was not addressed.
      
      Since the descriptors used are similar, in the sense that they both end
      with a JUMP HALT command, checking for errors should be similar too,
      i.e. status code 7000_0000h should be considered successful.
      
      Fixes: 1005bccd ("crypto: caam - enable instantiation of all RNG4 state handles")
      Signed-off-by: default avatarHoria Geantă <horia.geanta@nxp.com>
      Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      41889ca0
    • Matt Redfearn's avatar
      MIPS: IRQ Stack: Fix erroneous jal to plat_irq_dispatch · 8e94a6f4
      Matt Redfearn authored
      commit c25f8064 upstream.
      
      Commit dda45f70 ("MIPS: Switch to the irq_stack in interrupts")
      changed both the normal and vectored interrupt handlers. Unfortunately
      the vectored version, "except_vec_vi_handler", was incorrectly modified
      to unconditionally jal to plat_irq_dispatch, rather than doing a jalr to
      the vectored handler that has been set up. This is ok for many platforms
      which set the vectored handler to plat_irq_dispatch anyway, but will
      cause problems with platforms that use other handlers.
      
      Fixes: dda45f70 ("MIPS: Switch to the irq_stack in interrupts")
      Signed-off-by: default avatarMatt Redfearn <matt.redfearn@imgtec.com>
      Cc: Ralf Baechle <ralf@linux-mips.org>
      Cc: Paul Burton <paul.burton@imgtec.com>
      Cc: linux-mips@linux-mips.org
      Patchwork: https://patchwork.linux-mips.org/patch/15110/Signed-off-by: default avatarJames Hogan <james.hogan@imgtec.com>
      Signed-off-by: default avatarAmit Pundir <amit.pundir@linaro.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      8e94a6f4
    • Matt Redfearn's avatar
      MIPS: Select HAVE_IRQ_EXIT_ON_IRQ_STACK · 4a1fe14b
      Matt Redfearn authored
      commit 3cc3434f upstream.
      
      Since do_IRQ is now invoked on a separate IRQ stack, we select
      HAVE_IRQ_EXIT_ON_IRQ_STACK so that softirq's may be invoked directly
      from irq_exit(), rather than requiring do_softirq_own_stack.
      Signed-off-by: default avatarMatt Redfearn <matt.redfearn@imgtec.com>
      Acked-by: default avatarJason A. Donenfeld <jason@zx2c4.com>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: linux-mips@linux-mips.org
      Cc: linux-kernel@vger.kernel.org
      Patchwork: https://patchwork.linux-mips.org/patch/14744/Signed-off-by: default avatarRalf Baechle <ralf@linux-mips.org>
      Signed-off-by: default avatarAmit Pundir <amit.pundir@linaro.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      4a1fe14b
    • Matt Redfearn's avatar
      MIPS: Switch to the irq_stack in interrupts · 2c7235db
      Matt Redfearn authored
      commit dda45f70 upstream.
      
      When enterring interrupt context via handle_int or except_vec_vi, switch
      to the irq_stack of the current CPU if it is not already in use.
      
      The current stack pointer is masked with the thread size and compared to
      the base or the irq stack. If it does not match then the stack pointer
      is set to the top of that stack, otherwise this is a nested irq being
      handled on the irq stack so the stack pointer should be left as it was.
      
      The in-use stack pointer is placed in the callee saved register s1. It
      will be saved to the stack when plat_irq_dispatch is invoked and can be
      restored once control returns here.
      Signed-off-by: default avatarMatt Redfearn <matt.redfearn@imgtec.com>
      Acked-by: default avatarJason A. Donenfeld <jason@zx2c4.com>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: James Hogan <james.hogan@imgtec.com>
      Cc: Paul Burton <paul.burton@imgtec.com>
      Cc: linux-mips@linux-mips.org
      Cc: linux-kernel@vger.kernel.org
      Patchwork: https://patchwork.linux-mips.org/patch/14743/Signed-off-by: default avatarRalf Baechle <ralf@linux-mips.org>
      Signed-off-by: default avatarAmit Pundir <amit.pundir@linaro.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      2c7235db
    • Matt Redfearn's avatar
      MIPS: Only change $28 to thread_info if coming from user mode · b21e28ea
      Matt Redfearn authored
      commit 510d8636 upstream.
      
      The SAVE_SOME macro is used to save the execution context on all
      exceptions.
      If an exception occurs while executing user code, the stack is switched
      to the kernel's stack for the current task, and register $28 is switched
      to point to the current_thread_info, which is at the bottom of the stack
      region.
      If the exception occurs while executing kernel code, the stack is left,
      and this change ensures that register $28 is not updated. This is the
      correct behaviour when the kernel can be executing on the separate irq
      stack, because the thread_info will not be at the base of it.
      
      With this change, register $28 is only switched to it's kernel
      conventional usage of the currrent thread info pointer at the point at
      which execution enters kernel space. Doing it on every exception was
      redundant, but OK without an IRQ stack, but will be erroneous once that
      is introduced.
      Signed-off-by: default avatarMatt Redfearn <matt.redfearn@imgtec.com>
      Acked-by: default avatarJason A. Donenfeld <jason@zx2c4.com>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: James Hogan <james.hogan@imgtec.com>
      Cc: Paul Burton <paul.burton@imgtec.com>
      Cc: linux-mips@linux-mips.org
      Cc: linux-kernel@vger.kernel.org
      Patchwork: https://patchwork.linux-mips.org/patch/14742/Signed-off-by: default avatarRalf Baechle <ralf@linux-mips.org>
      Signed-off-by: default avatarAmit Pundir <amit.pundir@linaro.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      b21e28ea
    • Matt Redfearn's avatar
      MIPS: Stack unwinding while on IRQ stack · ece65a60
      Matt Redfearn authored
      commit d42d8d10 upstream.
      
      Within unwind stack, check if the stack pointer being unwound is within
      the CPU's irq_stack and if so use that page rather than the task's stack
      page.
      Signed-off-by: default avatarMatt Redfearn <matt.redfearn@imgtec.com>
      Acked-by: default avatarJason A. Donenfeld <jason@zx2c4.com>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Adam Buchbinder <adam.buchbinder@gmail.com>
      Cc: Maciej W. Rozycki <macro@imgtec.com>
      Cc: Marcin Nowakowski <marcin.nowakowski@imgtec.com>
      Cc: Chris Metcalf <cmetcalf@mellanox.com>
      Cc: James Hogan <james.hogan@imgtec.com>
      Cc: Paul Burton <paul.burton@imgtec.com>
      Cc: Jiri Slaby <jslaby@suse.cz>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: linux-mips@linux-mips.org
      Cc: linux-kernel@vger.kernel.org
      Patchwork: https://patchwork.linux-mips.org/patch/14741/Signed-off-by: default avatarRalf Baechle <ralf@linux-mips.org>
      Signed-off-by: default avatarAmit Pundir <amit.pundir@linaro.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      ece65a60
    • Matt Redfearn's avatar
      MIPS: Introduce irq_stack · 6b720ff3
      Matt Redfearn authored
      commit fe8bd18f upstream.
      
      Allocate a per-cpu irq stack for use within interrupt handlers.
      
      Also add a utility function on_irq_stack to determine if a given stack
      pointer is within the irq stack for that cpu.
      Signed-off-by: default avatarMatt Redfearn <matt.redfearn@imgtec.com>
      Acked-by: default avatarJason A. Donenfeld <jason@zx2c4.com>
      Cc: Thomas Gleixner <tglx@linutronix.de>
      Cc: Paolo Bonzini <pbonzini@redhat.com>
      Cc: Chris Metcalf <cmetcalf@mellanox.com>
      Cc: Petr Mladek <pmladek@suse.com>
      Cc: James Hogan <james.hogan@imgtec.com>
      Cc: Paul Burton <paul.burton@imgtec.com>
      Cc: Aaron Tomlin <atomlin@redhat.com>
      Cc: Andrew Morton <akpm@linux-foundation.org>
      Cc: linux-kernel@vger.kernel.org
      Cc: linux-mips@linux-mips.org
      Patchwork: https://patchwork.linux-mips.org/patch/14740/Signed-off-by: default avatarRalf Baechle <ralf@linux-mips.org>
      Signed-off-by: default avatarAmit Pundir <amit.pundir@linaro.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      6b720ff3
    • Stanislaw Gruszka's avatar
      rt2x00usb: do not anchor rx and tx urb's · 612973c5
      Stanislaw Gruszka authored
      commit 93c7018e upstream.
      
      We might kill TX or RX urb during rt2x00usb_flush_entry(), what can
      cause anchor list corruption like shown below:
      
      [ 2074.035633] WARNING: CPU: 2 PID: 14480 at lib/list_debug.c:33 __list_add+0xac/0xc0
      [ 2074.035634] list_add corruption. prev->next should be next (ffff88020f362c28), but was dead000000000100. (prev=ffff8801d161bb70).
      <snip>
      [ 2074.035670] Call Trace:
      [ 2074.035672]  [<ffffffff813bde47>] dump_stack+0x63/0x8c
      [ 2074.035674]  [<ffffffff810a2231>] __warn+0xd1/0xf0
      [ 2074.035676]  [<ffffffff810a22af>] warn_slowpath_fmt+0x5f/0x80
      [ 2074.035678]  [<ffffffffa073855d>] ? rt2x00usb_register_write_lock+0x3d/0x60 [rt2800usb]
      [ 2074.035679]  [<ffffffff813dbe4c>] __list_add+0xac/0xc0
      [ 2074.035681]  [<ffffffff81591c6c>] usb_anchor_urb+0x4c/0xa0
      [ 2074.035683]  [<ffffffffa07322af>] rt2x00usb_kick_rx_entry+0xaf/0x100 [rt2x00usb]
      [ 2074.035684]  [<ffffffffa0732322>] rt2x00usb_clear_entry+0x22/0x30 [rt2x00usb]
      
      To fix do not anchor TX and RX urb's, it is not needed as during
      shutdown we kill those urbs in rt2x00usb_free_entries().
      
      Cc: Vishal Thanki <vishalthanki@gmail.com>
      Fixes: 8b4c0009 ("rt2x00usb: Use usb anchor to manage URB")
      Signed-off-by: default avatarStanislaw Gruszka <sgruszka@redhat.com>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      Signed-off-by: default avatarAmit Pundir <amit.pundir@linaro.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      612973c5
    • Stanislaw Gruszka's avatar
      rt2x00usb: fix anchor initialization · 244ff096
      Stanislaw Gruszka authored
      commit 0488a612 upstream.
      
      If device fail to initialize we can OOPS in rt2x00lib_remove_dev(), due
      to using uninitialized usb_anchor structure:
      
      [  855.435820] ieee80211 phy3: rt2x00usb_vendor_request: Error - Vendor Request 0x07 failed for offset 0x1000 with error -19
      [  855.435826] ieee80211 phy3: rt2800_probe_rt: Error - Invalid RT chipset 0x0000, rev 0000 detected
      [  855.435829] ieee80211 phy3: rt2x00lib_probe_dev: Error - Failed to allocate device
      [  855.435845] BUG: unable to handle kernel NULL pointer dereference at 0000000000000028
      [  855.435900] IP: _raw_spin_lock_irq+0xd/0x30
      [  855.435926] PGD 0
      [  855.435953] Oops: 0002 [#1] SMP
      <snip>
      [  855.437011] Call Trace:
      [  855.437029]  ? usb_kill_anchored_urbs+0x27/0xc0
      [  855.437061]  rt2x00lib_remove_dev+0x190/0x1c0 [rt2x00lib]
      [  855.437097]  rt2x00lib_probe_dev+0x246/0x7a0 [rt2x00lib]
      [  855.437149]  ? ieee80211_roc_setup+0x9e/0xd0 [mac80211]
      [  855.437183]  ? __kmalloc+0x1af/0x1f0
      [  855.437207]  ? rt2x00usb_probe+0x13d/0xc50 [rt2x00usb]
      [  855.437240]  rt2x00usb_probe+0x155/0xc50 [rt2x00usb]
      [  855.437273]  rt2800usb_probe+0x15/0x20 [rt2800usb]
      [  855.437304]  usb_probe_interface+0x159/0x2d0
      [  855.437333]  driver_probe_device+0x2bb/0x460
      
      Patch changes initialization sequence to fix the problem.
      
      Cc: Vishal Thanki <vishalthanki@gmail.com>
      Fixes: 8b4c0009 ("rt2x00usb: Use usb anchor to manage URB")
      Signed-off-by: default avatarStanislaw Gruszka <sgruszka@redhat.com>
      Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
      Cc: Signed-off-by: Amit Pundir <amit.pundir@linaro.org>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      244ff096
    • Tigran Mkrtchyan's avatar
      nfs: flexfiles: fix kernel OOPS if MDS returns unsupported DS type · df741f77
      Tigran Mkrtchyan authored
      commit f17f8a14 upstream.
      
      this fix aims to fix dereferencing of a mirror in an error state when MDS
      returns unsupported DS type (IOW, not v3), which causes the following oops:
      
      [  220.370709] BUG: unable to handle kernel NULL pointer dereference at 0000000000000065
      [  220.370842] IP: ff_layout_mirror_valid+0x2d/0x110 [nfs_layout_flexfiles]
      [  220.370920] PGD 0
      
      [  220.370972] Oops: 0000 [#1] SMP
      [  220.371013] Modules linked in: nfnetlink_queue nfnetlink_log bluetooth nfs_layout_flexfiles rpcsec_gss_krb5 nfsv4 dns_resolver nfs fscache nf_conntrack_netbios_ns nf_conntrack_broadcast xt_CT ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 xt_conntrack ip_set nfnetlink ebtable_nat ebtable_broute bridge stp llc ip6table_raw ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_security iptable_raw iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack libcrc32c iptable_mangle iptable_security ebtable_filter ebtables ip6table_filter ip6_tables binfmt_misc intel_rapl x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel btrfs kvm arc4 snd_hda_codec_hdmi iwldvm irqbypass crct10dif_pclmul crc32_pclmul ghash_clmulni_intel intel_cstate mac80211 xor uvcvideo
      [  220.371814]  videobuf2_vmalloc videobuf2_memops snd_hda_codec_idt mei_wdt videobuf2_v4l2 snd_hda_codec_generic iTCO_wdt ppdev videobuf2_core iTCO_vendor_support dell_rbtn dell_wmi iwlwifi sparse_keymap dell_laptop dell_smbios snd_hda_intel dcdbas videodev snd_hda_codec dell_smm_hwmon snd_hda_core media cfg80211 intel_uncore snd_hwdep raid6_pq snd_seq intel_rapl_perf snd_seq_device joydev i2c_i801 rfkill lpc_ich snd_pcm parport_pc mei_me parport snd_timer dell_smo8800 mei snd shpchp soundcore tpm_tis tpm_tis_core tpm nfsd auth_rpcgss nfs_acl lockd grace sunrpc i915 nouveau mxm_wmi ttm i2c_algo_bit drm_kms_helper crc32c_intel e1000e drm sdhci_pci firewire_ohci sdhci serio_raw mmc_core firewire_core ptp crc_itu_t pps_core wmi fjes video
      [  220.372568] CPU: 7 PID: 4988 Comm: cat Not tainted 4.10.5-200.fc25.x86_64 #1
      [  220.372647] Hardware name: Dell Inc. Latitude E6520/0J4TFW, BIOS A06 07/11/2011
      [  220.372729] task: ffff94791f6ea580 task.stack: ffffb72b88c0c000
      [  220.372802] RIP: 0010:ff_layout_mirror_valid+0x2d/0x110 [nfs_layout_flexfiles]
      [  220.372883] RSP: 0018:ffffb72b88c0f970 EFLAGS: 00010246
      [  220.372945] RAX: 0000000000000000 RBX: ffff9479015ca600 RCX: ffffffffffffffed
      [  220.373025] RDX: ffffffffffffffed RSI: ffff9479753dc980 RDI: 0000000000000000
      [  220.373104] RBP: ffffb72b88c0f988 R08: 000000000001c980 R09: ffffffffc0ea6112
      [  220.373184] R10: ffffef17477d9640 R11: ffff9479753dd6c0 R12: ffff9479211c7440
      [  220.373264] R13: ffff9478f45b7790 R14: 0000000000000001 R15: ffff9479015ca600
      [  220.373345] FS:  00007f555fa3e700(0000) GS:ffff9479753c0000(0000) knlGS:0000000000000000
      [  220.373435] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      [  220.373506] CR2: 0000000000000065 CR3: 0000000196044000 CR4: 00000000000406e0
      [  220.373586] Call Trace:
      [  220.373627]  nfs4_ff_layout_prepare_ds+0x5e/0x200 [nfs_layout_flexfiles]
      [  220.373708]  ff_layout_pg_init_read+0x81/0x160 [nfs_layout_flexfiles]
      [  220.373806]  __nfs_pageio_add_request+0x11f/0x4a0 [nfs]
      [  220.373886]  ? nfs_create_request.part.14+0x37/0x330 [nfs]
      [  220.373967]  nfs_pageio_add_request+0xb2/0x260 [nfs]
      [  220.374042]  readpage_async_filler+0xaf/0x280 [nfs]
      [  220.374103]  read_cache_pages+0xef/0x1b0
      [  220.374166]  ? nfs_read_completion+0x210/0x210 [nfs]
      [  220.374239]  nfs_readpages+0x129/0x200 [nfs]
      [  220.374293]  __do_page_cache_readahead+0x1d0/0x2f0
      [  220.374352]  ondemand_readahead+0x17d/0x2a0
      [  220.374403]  page_cache_sync_readahead+0x2e/0x50
      [  220.374460]  generic_file_read_iter+0x6c8/0x950
      [  220.374532]  ? nfs_mapping_need_revalidate_inode+0x17/0x40 [nfs]
      [  220.374617]  nfs_file_read+0x6e/0xc0 [nfs]
      [  220.374670]  __vfs_read+0xe2/0x150
      [  220.374715]  vfs_read+0x96/0x130
      [  220.374758]  SyS_read+0x55/0xc0
      [  220.374801]  entry_SYSCALL_64_fastpath+0x1a/0xa9
      [  220.374856] RIP: 0033:0x7f555f570bd0
      [  220.374900] RSP: 002b:00007ffeb73e1b38 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
      [  220.374986] RAX: ffffffffffffffda RBX: 00007f555f839ae0 RCX: 00007f555f570bd0
      [  220.375066] RDX: 0000000000020000 RSI: 00007f555fa41000 RDI: 0000000000000003
      [  220.375145] RBP: 0000000000021010 R08: ffffffffffffffff R09: 0000000000000000
      [  220.375226] R10: 00007f555fa40010 R11: 0000000000000246 R12: 0000000000022000
      [  220.375305] R13: 0000000000021010 R14: 0000000000001000 R15: 0000000000002710
      [  220.375386] Code: 66 66 90 55 48 89 e5 41 54 53 49 89 fc 48 83 ec 08 48 85 f6 74 2e 48 8b 4e 30 48 89 f3 48 81 f9 00 f0 ff ff 77 1e 48 85 c9 74 15 <48> 83 79 78 00 b8 01 00 00 00 74 2c 48 83 c4 08 5b 41 5c 5d c3
      [  220.375653] RIP: ff_layout_mirror_valid+0x2d/0x110 [nfs_layout_flexfiles] RSP: ffffb72b88c0f970
      [  220.375748] CR2: 0000000000000065
      [  220.403538] ---[ end trace bcdca752211b7da9 ]---
      Signed-off-by: default avatarTigran Mkrtchyan <tigran.mkrtchyan@desy.de>
      Signed-off-by: default avatarAnna Schumaker <Anna.Schumaker@Netapp.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      df741f77