1. 16 Sep, 2016 17 commits
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma · dd5a477c
      Linus Torvalds authored
      Pull rdma fixes from Doug Ledford:
       "Round three of 4.8 rc fixes.
      
        This is likely the last rdma pull request this cycle.  The new rxe
        driver had a few issues (you probably saw the boot bot bug report) and
        they should be addressed now.  There are a couple other fixes here,
        mainly mlx4.  There are still two outstanding issues that need
        resolved but I don't think their fix will make this kernel cycle.
      
        Summary:
      
         - Various fixes to rdmavt, ipoib, mlx5, mlx4, rxe"
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma:
        IB/rdmavt: Don't vfree a kzalloc'ed memory region
        IB/rxe: Fix kmem_cache leak
        IB/rxe: Fix race condition between requester and completer
        IB/rxe: Fix duplicate atomic request handling
        IB/rxe: Fix kernel panic in udp_setup_tunnel
        IB/mlx5: Set source mac address in FTE
        IB/mlx5: Enable MAD_IFC commands for IB ports only
        IB/mlx4: Diagnostic HW counters are not supported in slave mode
        IB/mlx4: Use correct subnet-prefix in QP1 mads under SR-IOV
        IB/mlx4: Fix code indentation in QP1 MAD flow
        IB/mlx4: Fix incorrect MC join state bit-masking on SR-IOV
        IB/ipoib: Don't allow MC joins during light MC flush
        IB/rxe: fix GFP_KERNEL in spinlock context
      dd5a477c
    • Linus Torvalds's avatar
      Merge tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc · 008f08d6
      Linus Torvalds authored
      Pull ARM SoC fixes from Arnd Bergmann:
       "Here are a couple of bugfixes for v4.8-rc.
      
        Most of them have actually been around for a while this time but for
        some reason didn't get applied early on.  The shmobile regulator fix
        is the only one that isn't completely obvious.
      
        Device tree changes:
         - archtimer interrupts must be level triggered (multiple platforms)
         - fix for USB and MMC clocks on STiH410
         - fix split DT repository in case of raspberry-pi 3
         - a new use of skeleton.dtsi on arm64 has crept in after that was
           removed.
      
        defconfig updates:
         - xilinx vdma has a new Kconfig symbol name
         - keystone requires CONFIG_NOP_USB_XCEIV since v4.8-rc1
      
        Code fixes:
         - fix regulator quirk on shmobile
         - suspend-to-ram regression on EXYNOS
      
        Maintainer updates:
         - Javier Martinez Canillas is now a reviewer for Samsung EXYNOS"
      
      * tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc:
        ARM: keystone: defconfig: Fix USB configuration
        arm64: dts: Fix broken architected timer interrupt trigger
        ARM: multi_v7_defconfig: update XILINX_VDMA
        ARM64: dts: bcm: Use a symlink to R-Pi dtsi files from arch=arm
        ARM: dts: Remove use of skeleton.dtsi from bcm283x.dtsi
        ARM: dts: STiH407-family: Provide interconnect clock for consumption in ST SDHCI
        ARM: dts: STiH410: Handle interconnect clock required by EHCI/OHCI (USB)
        ARM: shmobile: fix regulator quirk for Gen2
        ARM: EXYNOS: Clear OF_POPULATED flag from PMU node in IRQ init callback
        MAINTAINERS: Add myself as reviewer for Samsung Exynos support
      008f08d6
    • Linus Torvalds's avatar
      Merge branch 'fixes' of git://git.armlinux.org.uk/~rmk/linux-arm · cac4662a
      Linus Torvalds authored
      Pull ARM fixes from Russell King:
       "Most of this update are fixes primarily discovered from testing on the
        older StrongARM 1110 and PXA systems, as a result of recent interest
        from several people in these platforms:
      
         - Locomo interrupt handling incorrectly stores the handler data in
           the chip's private data slot: when Locomo is combined with an
           interrupt controller who's chip uses the chip private data, this
           leads to an oops.
      
         - SA1111 was missing a call to clk_disable() to clean up after a
           failed probe.
      
         - SA1111 and PCMCIA suspend/resume was broken:
      
           The PCMCIA "ds" layer was using the legacy bus suspend/resume
           methods, which the core PM code is no longer calling as a result of
           device_pm_check_callbacks() introduced in commit aa8e54b5
           ("PM / sleep: Go direct_complete if driver has no callbacks").
      
           SA1111 was broken due to changes to PCMCIA which makes PCMCIA
           suspend itself later than the SA1111 code expects, and resume
           before the SA1111 code has initialised access to the pcmcia
           sub-device.
      
         - the default SA1111 interrupt mask polarity got messed up when it
           was converted to use a dynamic interrupt base number for its
           interrupts.
      
         - fix platform_get_irq() error code propagation, which was causing
           problems on platforms where the interrupt may not be available at
            probe time in DT setups.
      
         - fix the lack of clock to PCMCIA code on PXA platforms, which was
           omitted in conversions of PXA to CCF.
      
         - fix an oops in the PXA PCMCIA code caused by a previous commit not
           realising that Lubbock is different from the rest of the PXA PCMCIA
           drivers.
      
         - ensure that SA1111 low-level PCMCIA drivers propagate their error
           codes to the main probe function, rather than the driver silently
           accepting a failure.
      
         - fix the sa11xx debugfs reporting of timing information, which
           always indicated zero due to the clock being a factor of 1000 out.
      
         - fix the polarity of the status change signal reported from the
           sockets.
      
        Lastly, one ARM specific commit from Stefan Agner fixing the LPAE
        cache attributes"
      
      * 'fixes' of git://git.armlinux.org.uk/~rmk/linux-arm:
        ARM: pxa/lubbock: add pcmcia clock
        ARM: locomo: fix locomo irq handling
        ARM: 8612/1: LPAE: initialize cache policy correctly
        ARM: sa1111: fix missing clk_disable()
        ARM: sa1111: fix pcmcia suspend/resume
        ARM: sa1111: fix pcmcia interrupt mask polarity
        ARM: sa1111: fix error code propagation in sa1111_probe()
        pcmcia: lubbock: fix sockets configuration
        pcmcia: sa1111: fix propagation of lowlevel board init return code
        pcmcia: soc_common: fix SS_STSCHG polarity
        pcmcia: sa11xx_base: add units to the timing information
        pcmcia: sa11xx_base: fix reporting of timing information
        pcmcia: ds: fix suspend/resume
      cac4662a
    • Colin Ian King's avatar
      IB/rdmavt: Don't vfree a kzalloc'ed memory region · e4618d40
      Colin Ian King authored
      The userspace memory region 'mr' is allocated with kzalloc in
      __rvt_alloc_mr  however it is incorrectly being freed with vfree in
      __rvt_free_mr. Fix this by using kfree to free it.
      Signed-off-by: default avatarColin Ian King <colin.king@canonical.com>
      Reviewed-by: default avatarLeon Romanovsky <leonro@mellanox.com>
      Acked-by: default avatarDennis Dalessandro <dennis.dalessandro@intel.com>
      Signed-off-by: default avatarDoug Ledford <dledford@redhat.com>
      e4618d40
    • Yonatan Cohen's avatar
      IB/rxe: Fix kmem_cache leak · c1cc72cb
      Yonatan Cohen authored
      Decrement qp reference when handling error path
      in completer to prevent kmem_cache leak.
      
      Fixes: 8700e3e7 ("Soft RoCE driver")
      Signed-off-by: default avatarYonatan Cohen <yonatanc@mellanox.com>
      Signed-off-by: default avatarLeon Romanovsky <leon@kernel.org>
      Signed-off-by: default avatarDoug Ledford <dledford@redhat.com>
      c1cc72cb
    • Yonatan Cohen's avatar
      IB/rxe: Fix race condition between requester and completer · 3050b998
      Yonatan Cohen authored
      rxe_requester() is sending a pkt with rxe_xmit_packet() and
      then calls rxe_update() to update the wqe and qp's psn values.
      But sometimes the response is received before the requester
      had time to update the wqe in which case the completer
      acts on errornous wqe values.
      This fix updates the wqe and qp before actually sending
      the request and rolls back when xmit fails.
      
      Fixes: 8700e3e7 ("Soft RoCE driver")
      Signed-off-by: default avatarYonatan Cohen <yonatanc@mellanox.com>
      Signed-off-by: default avatarLeon Romanovsky <leon@kernel.org>
      Signed-off-by: default avatarDoug Ledford <dledford@redhat.com>
      3050b998
    • Yonatan Cohen's avatar
      IB/rxe: Fix duplicate atomic request handling · 90894887
      Yonatan Cohen authored
      When handling ack for atomic opcodes like "fetch&add"
      or "cmp&swp", the method send_atomic_ack() saves the ack
      before sending it, in case it gets lost and never reach the
      requester. In which case the method duplicate_request()
      will need to find it using the duplicated request.psn.
      But send_atomic_ack() used a wrong psn value and thus
      the above ack was never found.
      This fix uses the ack.psn to locate the ack in case
      its needed.
      This fix also copies the ack packet to the skb's control buffer
      since duplicate_request() will need it when calling rxe_xmit_packet()
      
      Fixes: 8700e3e7 ("Soft RoCE driver")
      Signed-off-by: default avatarYonatan Cohen <yonatanc@mellanox.com>
      Signed-off-by: default avatarLeon Romanovsky <leon@kernel.org>
      Signed-off-by: default avatarDoug Ledford <dledford@redhat.com>
      90894887
    • Yonatan Cohen's avatar
      IB/rxe: Fix kernel panic in udp_setup_tunnel · dfdd6158
      Yonatan Cohen authored
      Disable creation of a UDP socket for ipv6 when
      CONFIG_IPV6 is not enabeld. Since udp_sock_create6()
      returns 0 when CONFIG_IPV6 is not set
      
      [   46.888632] IP: [<c220705a>] setup_udp_tunnel_sock+0x6/0x4f
      [   46.891355] *pdpt = 0000000000000000 *pde = f000ff53f000ff53
      [   46.893918] Oops: 0002 [#1] PREEMPT
      [   46.896014] CPU: 0 PID: 1 Comm: swapper Not tainted 4.7.0-rc4-00001-g8700e3e7 #1
      [   46.900280] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Debian-1.8.2-1 04/01/2014
      [   46.904905] task: cf06c040 ti: cf05e000 task.ti: cf05e000
      [   46.907854] EIP: 0060:[<c220705a>] EFLAGS: 00210246 CPU: 0
      [   46.911137] EIP is at setup_udp_tunnel_sock+0x6/0x4f
      [   46.914070] EAX: 00000044 EBX: 00000001 ECX: cf05fef0 EDX: ca8142e0
      [   46.917236] ESI: c2c4505b EDI: cf05fef0 EBP: cf05fed0 ESP: cf05fed0
      [   46.919836]  DS: 007b ES: 007b FS: 0000 GS: 00e0 SS: 0068
      [   46.922046] CR0: 80050033 CR2: 000001fc CR3: 02cec000 CR4: 000006b0
      [   46.924550] Stack:
      [   46.926014]  cf05ff10 c1fd4657 ca8142e0 0000000a 00000000 00000000 0000b712 00000008
      [   46.931274]  00000000 6bb5bd01 c1fd48de 00000000 00000000 cf05ff1c 00000000 00000000
      [   46.936122]  cf05ff1c c1fd4bdf 00000000 cf05ff28 c2c4507b ffffffff cf05ff88 c2bf1c74
      [   46.942350] Call Trace:
      [   46.944403]  [<c1fd4657>] rxe_setup_udp_tunnel+0x8f/0x99
      [   46.947689]  [<c1fd48de>] ? net_to_rxe+0x4e/0x4e
      [   46.950567]  [<c1fd4bdf>] rxe_net_init+0xe/0xa4
      [   46.953147]  [<c2c4507b>] rxe_module_init+0x20/0x4c
      [   46.955448]  [<c2bf1c74>] do_one_initcall+0x89/0x113
      [   46.957797]  [<c2bf15eb>] ? set_debug_rodata+0xf/0xf
      [   46.959966]  [<c2bf1dbc>] ? kernel_init_freeable+0xbe/0x15b
      [   46.962262]  [<c2bf1ddc>] kernel_init_freeable+0xde/0x15b
      [   46.964418]  [<c232eb54>] kernel_init+0x8/0xd0
      [   46.966618]  [<c2333122>] ret_from_kernel_thread+0xe/0x24
      [   46.969592]  [<c232eb4c>] ? rest_init+0x6f/0x6f
      
      Fixes: 8700e3e7 ("Soft RoCE driver")
      Signed-off-by: default avatarYonatan Cohen <yonatanc@mellanox.com>
      Signed-off-by: default avatarLeon Romanovsky <leon@kernel.org>
      Signed-off-by: default avatarDoug Ledford <dledford@redhat.com>
      dfdd6158
    • Maor Gottlieb's avatar
      IB/mlx5: Set source mac address in FTE · ee3da804
      Maor Gottlieb authored
      Set the source mac address in the FTE when L2 specification
      is provided.
      
      Fixes: 038d2ef8 ('IB/mlx5: Add flow steering support')
      Signed-off-by: default avatarMaor Gottlieb <maorg@mellanox.com>
      Signed-off-by: default avatarLeon Romanovsky <leon@kernel.org>
      Signed-off-by: default avatarDoug Ledford <dledford@redhat.com>
      ee3da804
    • Noa Osherovich's avatar
      IB/mlx5: Enable MAD_IFC commands for IB ports only · 7fae6655
      Noa Osherovich authored
      MAD_IFC command is supported only for physical functions (PF)
      and when physical port is IB. The proposed fix enforces it.
      
      Fixes: d603c809 ("IB/mlx5: Fix decision on using MAD_IFC")
      Reported-by: default avatarDavid Chang <dchang@suse.com>
      Signed-off-by: default avatarNoa Osherovich <noaos@mellanox.com>
      Signed-off-by: default avatarLeon Romanovsky <leon@kernel.org>
      Signed-off-by: default avatarDoug Ledford <dledford@redhat.com>
      7fae6655
    • Kamal Heib's avatar
      IB/mlx4: Diagnostic HW counters are not supported in slave mode · 69d269d3
      Kamal Heib authored
      Modify the mlx4_ib_diag_counters() to avoid the following error in the
      hypervisor when the slave tries to query the hardware counters in SR-IOV
      mode.
      
      mlx4_core 0000:81:00.0: Unknown command:0x30 accepted from slave:1
      
      Fixes: 3f85f2aa ("IB/mlx4: Add diagnostic hardware counters")
      Signed-off-by: default avatarKamal Heib <kamalh@mellanox.com>
      Signed-off-by: default avatarLeon Romanovsky <leon@kernel.org>
      Signed-off-by: default avatarDoug Ledford <dledford@redhat.com>
      69d269d3
    • Jack Morgenstein's avatar
      IB/mlx4: Use correct subnet-prefix in QP1 mads under SR-IOV · 8ec07bf8
      Jack Morgenstein authored
      When sending QP1 MAD packets which use a GRH, the source GID
      (which consists of the 64-bit subnet prefix, and the 64 bit port GUID)
      must be included in the packet GRH.
      
      For SR-IOV, a GID cache is used, since the source GID needs to be the
      slave's source GID, and not the Hypervisor's GID. This cache also
      included a subnet_prefix. Unfortunately, the subnet_prefix field in
      the cache was never initialized (to the default subnet prefix 0xfe80::0).
      As a result, this field remained all zeroes.  Therefore, when SR-IOV
      was active, all QP1 packets which included a GRH had a source GID
      subnet prefix of all-zeroes.
      
      However, the subnet-prefix should initially be 0xfe80::0 (the default
      subnet prefix). In addition, if OpenSM modifies a port's subnet prefix,
      the new subnet prefix must be used in the GRH when sending QP1 packets.
      To fix this we now initialize the subnet prefix in the SR-IOV GID cache
      to the default subnet prefix. We update the cached value if/when OpenSM
      modifies the port's subnet prefix. We take this cached value when sending
      QP1 packets when SR-IOV is active.
      
      Note that the value is stored as an atomic64. This eliminates any need
      for locking when the subnet prefix is being updated.
      
      Note also that we depend on the FW generating the "port management change"
      event for tracking subnet-prefix changes performed by OpenSM. If running
      early FW (before 2.9.4630), subnet prefix changes will not be tracked (but
      the default subnet prefix still will be stored in the cache; therefore
      users who do not modify the subnet prefix will not have a problem).
      IF there is a need for such tracking also for early FW, we will add that
      capability in a subsequent patch.
      
      Fixes: 1ffeb2eb ("IB/mlx4: SR-IOV IB context objects and proxy/tunnel SQP support")
      Signed-off-by: default avatarJack Morgenstein <jackm@dev.mellanox.co.il>
      Signed-off-by: default avatarLeon Romanovsky <leon@kernel.org>
      Signed-off-by: default avatarDoug Ledford <dledford@redhat.com>
      8ec07bf8
    • Jack Morgenstein's avatar
      IB/mlx4: Fix code indentation in QP1 MAD flow · baa0be70
      Jack Morgenstein authored
      The indentation in the QP1 GRH flow in procedure build_mlx_header is
      really confusing. Fix it, in preparation for a commit which touches
      this code.
      
      Fixes: 1ffeb2eb ("IB/mlx4: SR-IOV IB context objects and proxy/tunnel SQP support")
      Signed-off-by: default avatarJack Morgenstein <jackm@dev.mellanox.co.il>
      Signed-off-by: default avatarLeon Romanovsky <leon@kernel.org>
      Signed-off-by: default avatarDoug Ledford <dledford@redhat.com>
      baa0be70
    • Alex Vesker's avatar
      IB/mlx4: Fix incorrect MC join state bit-masking on SR-IOV · e5ac40cd
      Alex Vesker authored
      Because of an incorrect bit-masking done on the join state bits, when
      handling a join request we failed to detect a difference between the
      group join state and the request join state when joining as send only
      full member (0x8). This caused the MC join request not to be sent.
      This issue is relevant only when SRIOV is enabled and SM supports
      send only full member.
      
      This fix separates scope bits and join states bits a nibble each.
      
      Fixes: b9c5d6a6 ('IB/mlx4: Add multicast group (MCG) paravirtualization for SR-IOV')
      Signed-off-by: default avatarAlex Vesker <valex@mellanox.com>
      Signed-off-by: default avatarLeon Romanovsky <leon@kernel.org>
      Signed-off-by: default avatarDoug Ledford <dledford@redhat.com>
      e5ac40cd
    • Alex Vesker's avatar
      IB/ipoib: Don't allow MC joins during light MC flush · 344bacca
      Alex Vesker authored
      This fix solves a race between light flush and on the fly joins.
      Light flush doesn't set the device to down and unset IPOIB_OPER_UP
      flag, this means that if while flushing we have a MC join in progress
      and the QP was attached to BC MGID we can have a mismatches when
      re-attaching a QP to the BC MGID.
      
      The light flush would set the broadcast group to NULL causing an on
      the fly join to rejoin and reattach to the BC MCG as well as adding
      the BC MGID to the multicast list. The flush process would later on
      remove the BC MGID and detach it from the QP. On the next flush
      the BC MGID is present in the multicast list but not found when trying
      to detach it because of the previous double attach and single detach.
      
      [18332.714265] ------------[ cut here ]------------
      [18332.717775] WARNING: CPU: 6 PID: 3767 at drivers/infiniband/core/verbs.c:280 ib_dealloc_pd+0xff/0x120 [ib_core]
      ...
      [18332.775198] Hardware name: Red Hat KVM, BIOS Bochs 01/01/2011
      [18332.779411]  0000000000000000 ffff8800b50dfbb0 ffffffff813fed47 0000000000000000
      [18332.784960]  0000000000000000 ffff8800b50dfbf0 ffffffff8109add1 0000011832f58300
      [18332.790547]  ffff880226a596c0 ffff880032482000 ffff880032482830 ffff880226a59280
      [18332.796199] Call Trace:
      [18332.798015]  [<ffffffff813fed47>] dump_stack+0x63/0x8c
      [18332.801831]  [<ffffffff8109add1>] __warn+0xd1/0xf0
      [18332.805403]  [<ffffffff8109aebd>] warn_slowpath_null+0x1d/0x20
      [18332.809706]  [<ffffffffa025d90f>] ib_dealloc_pd+0xff/0x120 [ib_core]
      [18332.814384]  [<ffffffffa04f3d7c>] ipoib_transport_dev_cleanup+0xfc/0x1d0 [ib_ipoib]
      [18332.820031]  [<ffffffffa04ed648>] ipoib_ib_dev_cleanup+0x98/0x110 [ib_ipoib]
      [18332.825220]  [<ffffffffa04e62c8>] ipoib_dev_cleanup+0x2d8/0x550 [ib_ipoib]
      [18332.830290]  [<ffffffffa04e656f>] ipoib_uninit+0x2f/0x40 [ib_ipoib]
      [18332.834911]  [<ffffffff81772a8a>] rollback_registered_many+0x1aa/0x2c0
      [18332.839741]  [<ffffffff81772bd1>] rollback_registered+0x31/0x40
      [18332.844091]  [<ffffffff81773b18>] unregister_netdevice_queue+0x48/0x80
      [18332.848880]  [<ffffffffa04f489b>] ipoib_vlan_delete+0x1fb/0x290 [ib_ipoib]
      [18332.853848]  [<ffffffffa04df1cd>] delete_child+0x7d/0xf0 [ib_ipoib]
      [18332.858474]  [<ffffffff81520c08>] dev_attr_store+0x18/0x30
      [18332.862510]  [<ffffffff8127fe4a>] sysfs_kf_write+0x3a/0x50
      [18332.866349]  [<ffffffff8127f4e0>] kernfs_fop_write+0x120/0x170
      [18332.870471]  [<ffffffff81207198>] __vfs_write+0x28/0xe0
      [18332.874152]  [<ffffffff810e09bf>] ? percpu_down_read+0x1f/0x50
      [18332.878274]  [<ffffffff81208062>] vfs_write+0xa2/0x1a0
      [18332.881896]  [<ffffffff812093a6>] SyS_write+0x46/0xa0
      [18332.885632]  [<ffffffff810039b7>] do_syscall_64+0x57/0xb0
      [18332.889709]  [<ffffffff81883321>] entry_SYSCALL64_slow_path+0x25/0x25
      [18332.894727] ---[ end trace 09ebbe31f831ef17 ]---
      
      Fixes: ee1e2c82 ("IPoIB: Refresh paths instead of flushing them on SM change events")
      Signed-off-by: default avatarAlex Vesker <valex@mellanox.com>
      Signed-off-by: default avatarLeon Romanovsky <leon@kernel.org>
      Signed-off-by: default avatarDoug Ledford <dledford@redhat.com>
      344bacca
    • Alexey Khoroshilov's avatar
      IB/rxe: fix GFP_KERNEL in spinlock context · 5e102b3b
      Alexey Khoroshilov authored
      There is skb_clone(skb, GFP_KERNEL) in spinlock context
      in rxe_rcv_mcast_pkt().
      
      Found by Linux Driver Verification project (linuxtesting.org).
      Signed-off-by: default avatarAlexey Khoroshilov <khoroshilov@ispras.ru>
      Acked-by: default avatarMoni Shoua <monis@mellanox.com>
      Signed-off-by: default avatarDoug Ledford <dledford@redhat.com>
      5e102b3b
    • Arnd Bergmann's avatar
      Merge tag 'samsung-fixes-4.8-2' of... · 64086491
      Arnd Bergmann authored
      Merge tag 'samsung-fixes-4.8-2' of git://git.kernel.org/pub/scm/linux/kernel/git/krzk/linux into fixes
      
      Pull "ARM: exynos: Fixes for v4.8, secound round" from Krzysztof Kozłowski:
      
      1. A recent change in populating irqchip devices from Device Tree
         broke Suspend to RAM on Exynos boards due to lack of probing of
         PMU (Power Management Unit) driver.  Multiple drivers attach to
         the PMU's DT node: irqchip, clock controller and PMU platform
         driver for handling suspend.  The new irqchip code marked the
         PMU's DT node as OF_POPULATED but we need to attach to this
         node also PMU platform driver.
      
      2. Add Javier as additional reviewer for Exynos patches.
      
      * tag 'samsung-fixes-4.8-2' of git://git.kernel.org/pub/scm/linux/kernel/git/krzk/linux:
        ARM: EXYNOS: Clear OF_POPULATED flag from PMU node in IRQ init callback
        MAINTAINERS: Add myself as reviewer for Samsung Exynos support
      64086491
  2. 15 Sep, 2016 8 commits
    • Jann Horn's avatar
      aio: mark AIO pseudo-fs noexec · 22f6b4d3
      Jann Horn authored
      This ensures that do_mmap() won't implicitly make AIO memory mappings
      executable if the READ_IMPLIES_EXEC personality flag is set.  Such
      behavior is problematic because the security_mmap_file LSM hook doesn't
      catch this case, potentially permitting an attacker to bypass a W^X
      policy enforced by SELinux.
      
      I have tested the patch on my machine.
      
      To test the behavior, compile and run this:
      
          #define _GNU_SOURCE
          #include <unistd.h>
          #include <sys/personality.h>
          #include <linux/aio_abi.h>
          #include <err.h>
          #include <stdlib.h>
          #include <stdio.h>
          #include <sys/syscall.h>
      
          int main(void) {
              personality(READ_IMPLIES_EXEC);
              aio_context_t ctx = 0;
              if (syscall(__NR_io_setup, 1, &ctx))
                  err(1, "io_setup");
      
              char cmd[1000];
              sprintf(cmd, "cat /proc/%d/maps | grep -F '/[aio]'",
                  (int)getpid());
              system(cmd);
              return 0;
          }
      
      In the output, "rw-s" is good, "rwxs" is bad.
      Signed-off-by: default avatarJann Horn <jann@thejh.net>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      22f6b4d3
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm · 024c7e37
      Linus Torvalds authored
      Pull kvm fix from Paolo Bonzini:
       "One fix for an x86 regression in VM migration, mostly visible with
        Windows because it uses RTC periodic interrupts"
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
        kvm: x86: correctly reset dest_map->vector when restoring LAPIC state
      024c7e37
    • Darrick J. Wong's avatar
      vfs: cap dedupe request structure size at PAGE_SIZE · b71dbf10
      Darrick J. Wong authored
      Kirill A Shutemov reports that the kernel doesn't try to cap dest_count
      in any way, and uses the number to allocate kernel memory.  This causes
      high order allocation warnings in the kernel log if someone passes in a
      big enough value.  We should clamp the allocation at PAGE_SIZE to avoid
      stressing the VM.
      
      The two existing users of the dedupe ioctl never send more than 120
      requests, so we can safely clamp dest_range at PAGE_SIZE, because with
      4k pages we can handle up to 127 dedupe candidates.  Given the max
      extent length of 16MB, we can end up doing 2GB of IO which is plenty.
      
      [ Note: the "offsetof()" can't overflow, because 'count' is just a
        16-bit integer.  That's not obvious in the limited context of the
        patch, so I'm noting it here because it made me go look.  - Linus ]
      Reported-by: default avatar"Kirill A. Shutemov" <kirill@shutemov.name>
      Signed-off-by: default avatarDarrick J. Wong <darrick.wong@oracle.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      b71dbf10
    • Darrick J. Wong's avatar
      vfs: fix return type of ioctl_file_dedupe_range · 5297e0f0
      Darrick J. Wong authored
      All the VFS functions in the dedupe ioctl path return int status, so
      the ioctl handler ought to as well.
      
      Found by Coverity, CID 1350952.
      Signed-off-by: default avatarDarrick J. Wong <darrick.wong@oracle.com>
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      5297e0f0
    • Linus Torvalds's avatar
      Merge branch 'for-linus' of git://git.kernel.dk/linux-block · 46626600
      Linus Torvalds authored
      Pull block fixes from Jens Axboe:
       "A set of fixes for the current series in the realm of block.
      
        Like the previous pull request, the meat of it are fixes for the nvme
        fabrics/target code.  Outside of that, just one fix from Gabriel for
        not doing a queue suspend if we didn't get the admin queue setup in
        the first place"
      
      * 'for-linus' of git://git.kernel.dk/linux-block:
        nvme-rdma: add back dependency on CONFIG_BLOCK
        nvme-rdma: fix null pointer dereference on req->mr
        nvme-rdma: use ib_client API to detect device removal
        nvme-rdma: add DELETING queue flag
        nvme/quirk: Add a delay before checking device ready for memblaze device
        nvme: Don't suspend admin queue that wasn't created
        nvme-rdma: destroy nvme queue rdma resources on connect failure
        nvme_rdma: keep a ref on the ctrl during delete/flush
        iw_cxgb4: block module unload until all ep resources are released
        iw_cxgb4: call dev_put() on l2t allocation failure
      46626600
    • Al Viro's avatar
      fix minor infoleak in get_user_ex() · 1c109fab
      Al Viro authored
      get_user_ex(x, ptr) should zero x on failure.  It's not a lot of a leak
      (at most we are leaking uninitialized 64bit value off the kernel stack,
      and in a fairly constrained situation, at that), but the fix is trivial,
      so...
      
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
      [ This sat in different branch from the uaccess fixes since mid-August ]
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      1c109fab
    • Paolo Bonzini's avatar
      kvm: x86: correctly reset dest_map->vector when restoring LAPIC state · b0eaf450
      Paolo Bonzini authored
      When userspace sends KVM_SET_LAPIC, KVM schedules a check between
      the vCPU's IRR and ISR and the IOAPIC redirection table, in order
      to re-establish the IOAPIC's dest_map (the list of CPUs servicing
      the real-time clock interrupt with the corresponding vectors).
      
      However, __rtc_irq_eoi_tracking_restore_one was forgetting to
      set dest_map->vectors.  Because of this, the IOAPIC did not process
      the real-time clock interrupt EOI, ioapic->rtc_status.pending_eoi
      got stuck at a non-zero value, and further RTC interrupts were
      reported to userspace as coalesced.
      
      Fixes: 9e4aabe2
      Fixes: 4d99ba89
      Cc: stable@vger.kernel.org
      Cc: Joerg Roedel <jroedel@suse.de>
      Cc: David Gilbert <dgilbert@redhat.com>
      Reviewed-by: default avatarRadim Krčmář <rkrcmar@redhat.com>
      Signed-off-by: default avatarPaolo Bonzini <pbonzini@redhat.com>
      b0eaf450
    • Roger Quadros's avatar
      ARM: keystone: defconfig: Fix USB configuration · a6805884
      Roger Quadros authored
      Simply enabling CONFIG_KEYSTONE_USB_PHY doesn't work anymore
      as it depends on CONFIG_NOP_USB_XCEIV. We need to enable
      that as well.
      
      This fixes USB on Keystone boards from v4.8-rc1 onwards.
      Signed-off-by: default avatarRoger Quadros <rogerq@ti.com>
      Acked-by: default avatarSantosh Shilimkar <ssantosh@kernel.org>
      Signed-off-by: default avatarArnd Bergmann <arnd@arndb.de>
      a6805884
  3. 14 Sep, 2016 7 commits
  4. 13 Sep, 2016 8 commits