- 16 May, 2016 40 commits
-
-
Shaohua Li authored
BugLink: http://bugs.launchpad.net/bugs/1580754 commit 9c573de3 upstream. blk_queue_split marks bio unmergeable, which makes sense for normal bio. But if dispatching the bio to underlayer disk, the blk_queue_split checks are invalid, hence it's possible the bio becomes mergeable. In the reported bug, this bug causes trim against raid0 performance slash https://bugzilla.kernel.org/show_bug.cgi?id=117051Reported-and-tested-by:
Park Ju Hyung <qkrwngud825@gmail.com> Fixes: 6ac45aeb(block: avoid to merge splitted bio) Cc: Ming Lei <ming.lei@canonical.com> Cc: Neil Brown <neilb@suse.de> Reviewed-by:
Jens Axboe <axboe@fb.com> Signed-off-by:
Shaohua Li <shli@fb.com> Signed-off-by:
Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by:
Tim Gardner <tim.gardner@canonical.com> Signed-off-by:
Kamal Mostafa <kamal@canonical.com>
-
Chunyu Hu authored
BugLink: http://bugs.launchpad.net/bugs/1580754 commit 854145e0 upstream. Currently register functions for events will be called through the 'reg' field of event class directly without any check when seting up triggers. Triggers for events that don't support register through debug fs (events under events/ftrace are for trace-cmd to read event format, and most of them don't have a register function except events/ftrace/functionx) can't be enabled at all, and an oops will be hit when setting up trigger for those events, so just not creating them is an easy way to avoid the oops. Link: http://lkml.kernel.org/r/1462275274-3911-1-git-send-email-chuhu@redhat.com Fixes: 85f2b082 ("tracing: Add basic event trigger framework") Signed-off-by:
Chunyu Hu <chuhu@redhat.com> Signed-off-by:
Steven Rostedt <rostedt@goodmis.org> Signed-off-by:
-
Johannes Berg authored
BugLink: http://bugs.launchpad.net/bugs/1580754 commit e6436be2 upstream. In the case that dev_alloc_name() fails, e.g. because the name was given by the user and already exists, we need to clean up properly and free the per-CPU statistics. Fix that. Fixes: 5a490510 ("mac80211: use per-CPU TX/RX statistics") Signed-off-by:
Johannes Berg <johannes.berg@intel.com> Signed-off-by:
-
Oleksij Rempel authored
BugLink: http://bugs.launchpad.net/bugs/1580754 commit de478a61 upstream. by moving common code to ar5008_hw_cmn_spur_mitigate i forgot to move mask_m & mask_p initialisation. This coused a performance regression on ar9281. Fixes: f911085f ("ath9k: split ar5008_hw_spur_mitigate and reuse common code in ar9002_hw_spur_mitigate.") Reported-by:
Gustav Frederiksen <lkml2017@openmailbox.org> Tested-by:
Oleksij Rempel <linux@rempel-privat.de> Signed-off-by:
Kalle Valo <kvalo@codeaurora.org> Signed-off-by:
-
Arnd Bergmann authored
BugLink: http://bugs.launchpad.net/bugs/1580754 commit aeb6641f upstream. gcc-6 complains about the indentation of the lpfc_destroy_vport_work_array() call in lpfc_online(), which clearly doesn't look right: drivers/scsi/lpfc/lpfc_init.c: In function 'lpfc_online': drivers/scsi/lpfc/lpfc_init.c:2880:3: warning: statement is indented as if it were guarded by... [-Wmisleading-indentation] lpfc_destroy_vport_work_array(phba, vports); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/scsi/lpfc/lpfc_init.c:2863:2: note: ...this 'if' clause, but it is not if (vports != NULL) ^~ Looking at the patch that introduced this code, it's clear that the behavior is correct and the indentation is wrong. This fixes the indentation and adds curly braces around the previous if() block for clarity, as that is most likely what caused the code to be misindented in the first place. Signed-off-by:
Arnd Bergmann <arnd@arndb.de> Fixes: 549e55cd ("[SCSI] lpfc 8.2.2 : Fix locking around HBA's port_list") Reviewed-by:
Sebastian Herbszt <herbszt@gmx.de> Reviewed-by:
Hannes Reinecke <hare@suse.com> Reviewed-by:
Ewan D. Milne <emilne@redhat.com> Signed-off-by:
Martin K. Petersen <martin.petersen@oracle.com> Signed-off-by:
-
Stephen Boyd authored
BugLink: http://bugs.launchpad.net/bugs/1580754 commit 0f75e1a3 upstream. The offset seems to have been copied from the sata clk. Fix it so that enabling the crypto engine source clk works. Tested-by:
Srinivas Kandagatla <srinivas.kandagatla@linaro.org> Tested-by:
Bjorn Andersson <bjorn.andersson@linaro.org> Fixes: 5f775498 ("clk: qcom: Fully support apq8064 global clock control") Signed-off-by:
Stephen Boyd <sboyd@codeaurora.org> Signed-off-by:
-
Linus Walleij authored
BugLink: http://bugs.launchpad.net/bugs/1580754 commit ec7957a6 upstream. Despite care take to allocate clocks state containers the SP810 driver actually just supports creating one instance: all clocks registered for every instance will end up with the exact same name and __clk_init() will fail. Rename the timclken<0> .. timclken<n> to sp810_<instance>_<n> so every clock on every instance gets a unique name. This is necessary for the RealView PBA8 which has two SP810 blocks: the second block will not register its clocks unless every clock on every instance is unique and results in boot logs like this: ------------[ cut here ]------------ WARNING: CPU: 0 PID: 0 at ../drivers/clk/versatile/clk-sp810.c:137 clk_sp810_of_setup+0x110/0x154() Modules linked in: CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.5.0-rc2-00030-g352718fc39f6-dirty #225 Hardware name: ARM RealView Machine (Device Tree Support) [<c00167f8>] (unwind_backtrace) from [<c0013204>] (show_stack+0x10/0x14) [<c0013204>] (show_stack) from [<c01a049c>] (dump_stack+0x84/0x9c) [<c01a049c>] (dump_stack) from [<c0024990>] (warn_slowpath_common+0x74/0xb0) [<c0024990>] (warn_slowpath_common) from [<c0024a68>] (warn_slowpath_null+0x1c/0x24) [<c0024a68>] (warn_slowpath_null) from [<c051eb44>] (clk_sp810_of_setup+0x110/0x154) [<c051eb44>] (clk_sp810_of_setup) from [<c051e3a4>] (of_clk_init+0x12c/0x1c8) [<c051e3a4>] (of_clk_init) from [<c0504714>] (time_init+0x20/0x2c) [<c0504714>] (time_init) from [<c0501b18>] (start_kernel+0x244/0x3c4) [<c0501b18>] (start_kernel) from [<7000807c>] (0x7000807c) ---[ end trace cb88537fdc8fa200 ]--- Cc: Michael Turquette <mturquette@baylibre.com> Cc: Pawel Moll <pawel.moll@arm.com> Fixes: 6e973d2c "clk: vexpress: Add separate SP810 driver" Signed-off-by:
Linus Walleij <linus.walleij@linaro.org> Signed-off-by:
-
Srinivas Kandagatla authored
BugLink: http://bugs.launchpad.net/bugs/1580754 commit 732d6913 upstream. This patch corrects the enable register offset which is actually 0x36cc instead of 0x36c4 Signed-off-by:
-
Andreas Färber authored
BugLink: http://bugs.launchpad.net/bugs/1580754 commit bb473593 upstream. As preparation for arm64 based mesongxbb, which pulls in this code once enabling ARCH_MESON, fix a size_t vs. unsigned int type mismatch. The loop uses a local unsigned int variable, so adopt that type, matching the header. Fixes: 7a29a869 ("clk: meson: Add support for Meson clock controller") Signed-off-by:
Andreas Färber <afaerber@suse.de> Acked-by:
Carlo Caione <carlo@endlessm.com> Signed-off-by:
-
Shawn Lin authored
BugLink: http://bugs.launchpad.net/bugs/1580754 commit 2467b674 upstream. Add free memeory if rockchip_clk_register_branch fails. Fixes: a245fecb ("clk: rockchip: add basic infrastructure...") Signed-off-by:
Shawn Lin <shawn.lin@rock-chips.com> Signed-off-by:
Heiko Stuebner <heiko@sntech.de> Signed-off-by:
-
Shawn Lin authored
BugLink: http://bugs.launchpad.net/bugs/1580754 commit 1d961f11 upstream. If we fail to probe the driver, we should not directly break from the for_each_available_child_of_node since it calls of_node_get while iterating. This patch add of_node_put to fix the unbalanced call pair. Fixes: 7c696693 ("soc: rockchip: power-domain: Add power domain driver") Signed-off-by:
-
Heiko Stuebner authored
BugLink: http://bugs.launchpad.net/bugs/1580754 commit 50359819 upstream. Commit e6d5e7d9 ("clk-divider: Fix READ_ONLY when divider > 1") removed the special ops struct for read-only clocks and instead opted to handle them inside the regular ops. On the rk3368 this results in breakage as aclkm now gets set a value. While it is the same divider value, the A53 core still doesn't like it, which can result in the cpu ending up in a hang. The reason being that "ACLKENMasserts one clock cycle before the rising edge of ACLKM" and the clock should only be touched when STANDBYWFIL2 is asserted. To fix this, reintroduce the read-only ops but do include the round_rate callback. That way no writes that may be unsafe are done to the divider register in any case. The Rockchip use of the clk_divider_ops is adapted to this split again, as is the nxp, lpc18xx-ccu driver that was included since the original commit. On lpc18xx-ccu the divider seems to always be read-only so only uses the new ops now. Fixes: e6d5e7d9 ("clk-divider: Fix READ_ONLY when divider > 1") Reported-by:
Zhang Qing <zhangqing@rock-chips.com> Signed-off-by:
-
Krzysztof Halasa authored
BugLink: http://bugs.launchpad.net/bugs/1580754 commit 88e9da9a upstream. The "where" offset was added twice, fix it. Signed-off-by:
Krzysztof Hałasa <khalasa@piap.pl> Fixes: 498a92d4 ("ARM: cns3xxx: pci: avoid potential stack overflow") Signed-off-by:
Olof Johansson <olof@lixom.net> Signed-off-by:
-
Amitkumar Karwar authored
BugLink: http://bugs.launchpad.net/bugs/1580754 commit a6139b62 upstream. This patch corrects the error case in association path by returning -1. Earlier "media_connected" used to remain on in this error case causing failure for further association attempts. Signed-off-by:
Amitkumar Karwar <akarwar@marvell.com> Fixes: b887664d ('mwifiex: channel switch handling for station') Signed-off-by:
Cathy Luo <cluo@marvell.com> Signed-off-by:
-
Dan Carpenter authored
BugLink: http://bugs.launchpad.net/bugs/1580754 commit 8134233e upstream. If the call to acpi_get_object_info() fails then "info" hasn't been initialized. In that situation, we already know that "version" should be XGENE_AHCI_V1 so we don't actually need to dereference "info". Fixes: c9802a4b ('ata: ahci_xgene: Add AHCI Support for 2nd HW version of APM X-Gene SoC AHCI SATA Host controller.') Signed-off-by:
Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by:
Tejun Heo <tj@kernel.org> Signed-off-by:
-
Dan Streetman authored
BugLink: http://bugs.launchpad.net/bugs/1580754 commit da6ccaaa upstream. Make the "Attempted send on closed socket" error messages generated in nbd_request_handler() ratelimited. When the nbd socket is shutdown, the nbd_request_handler() function emits an error message for every request remaining in its queue. If the queue is large, this will spam a large amount of messages to the log. There's no need for a separate error message for each request, so this patch ratelimits it. In the specific case this was found, the system was virtual and the error messages were logged to the serial port, which overwhelmed it. Fixes: 4d48a542 ("nbd: fix I/O hang on disconnected nbds") Signed-off-by:
Dan Streetman <dan.streetman@canonical.com> Signed-off-by:
Markus Pargmann <mpa@pengutronix.de> Signed-off-by:
-
Andy Shevchenko authored
BugLink: http://bugs.launchpad.net/bugs/1580754 commit 84cb36ca upstream. We forgot to remove the clock tree if something goes wrong in ->probe(). Add a call to intel_lpss_unregister_clock() on error path in ->probe() to fix the potential issue. Fixes: 4b45efe8 (mfd: Add support for Intel Sunrisepoint LPSS devices) Signed-off-by:
Andy Shevchenko <andriy.shevchenko@linux.intel.com> Acked-by:
Mika Westerberg <mika.westerberg@linux.intel.com> Signed-off-by:
Lee Jones <lee.jones@linaro.org> Signed-off-by:
-
Julian Anastasov authored
BugLink: http://bugs.launchpad.net/bugs/1580754 commit f719e375 upstream. Jiri Bohac is reporting for a problem where the attempt to reschedule existing connection to another real server needs proper redirect for the conntrack used by the IPVS connection. For example, when IPVS connection is created to NAT-ed real server we alter the reply direction of conntrack. If we later decide to select different real server we can not alter again the conntrack. And if we expire the old connection, the new connection is left without conntrack. So, the only way to redirect both the IPVS connection and the Netfilter's conntrack is to drop the SYN packet that hits existing connection, to wait for the next jiffie to expire the old connection and its conntrack and to rely on client's retransmission to create new connection as usually. Jiri Bohac provided a fix that drops all SYNs on rescheduling, I extended his patch to do such drops only for connections that use conntrack. Here is the original report from Jiri Bohac: Since commit dc7b3eb9 ("ipvs: Fix reuse connection if real server is dead"), new connections to dead servers are redistributed immediately to new servers. The old connection is expired using ip_vs_conn_expire_now() which sets the connection timer to expire immediately. However, before the timer callback, ip_vs_conn_expire(), is run to clean the connection's conntrack entry, the new redistributed connection may already be established and its conntrack removed instead. Fix this by dropping the first packet of the new connection instead, like we do when the destination server is not available. The timer will have deleted the old conntrack entry long before the first packet of the new connection is retransmitted. Fixes: dc7b3eb9 ("ipvs: Fix reuse connection if real server is dead") Signed-off-by:
Jiri Bohac <jbohac@suse.cz> Signed-off-by:
Julian Anastasov <ja@ssi.bg> Signed-off-by:
Simon Horman <horms@verge.net.au> Signed-off-by:
-
Marco Angaroni authored
BugLink: http://bugs.launchpad.net/bugs/1580754 commit 7617a24f upstream. The IPVS SIP persistence engine is not able to parse the SIP header "Call-ID" when such header is inserted in the first positions of the SIP message. When IPVS is configured with "--pe sip" option, like for example: ipvsadm -A -u 1.2.3.4:5060 -s rr --pe sip -p 120 -o some particular messages (see below for details) do not create entries in the connection template table, which can be listed with: ipvsadm -Lcn --persistent-conn Problematic SIP messages are SIP responses having "Call-ID" header positioned just after message first line: SIP/2.0 200 OK [Call-ID header here] [rest of the headers] When "Call-ID" header is positioned down (after a few other headers) it is correctly recognized. This is due to the data offset used in get_callid function call inside ip_vs_pe_sip.c file: since dptr already points to the start of the SIP message, the value of dataoff should be initially 0. Otherwise the header is searched starting from some bytes after the first character of the SIP message. Fixes: 758ff033 ("IPVS: sip persistence engine") Signed-off-by:
Marco Angaroni <marcoangaroni@gmail.com> Acked-by:
-
Arnd Bergmann authored
BugLink: http://bugs.launchpad.net/bugs/1580754 commit 3f20efba upstream. ip_vs_fill_iph_skb_off() may not find an IP header, and gcc has determined that ip_vs_sip_fill_param() then incorrectly accesses the protocol fields: net/netfilter/ipvs/ip_vs_pe_sip.c: In function 'ip_vs_sip_fill_param': net/netfilter/ipvs/ip_vs_pe_sip.c:76:5: error: 'iph.protocol' may be used uninitialized in this function [-Werror=maybe-uninitialized] if (iph.protocol != IPPROTO_UDP) ^ net/netfilter/ipvs/ip_vs_pe_sip.c:81:10: error: 'iph.len' may be used uninitialized in this function [-Werror=maybe-uninitialized] dataoff = iph.len + sizeof(struct udphdr); ^ This adds a check for the ip_vs_fill_iph_skb_off() return code before looking at the ip header data returned from it. Signed-off-by:
-
Hariprasad S authored
BugLink: http://bugs.launchpad.net/bugs/1580754 commit 32cc92c7 upstream. For T4, kernel mode qps don't use the user doorbell. User mode qps during flow control db ringing are forced into kernel, where user doorbell is treated as kernel doorbell and proper bar2 offset in bar2 virtual space is calculated, which incase of T4 is a bogus address, causing a kernel panic due to illegal write during doorbell ringing. In case of T4, kernel mode qp bar2 virtual address should be 0. Added T4 check during bar2 virtual address calculation to return 0. Fixed Bar2 range checks based on bar2 physical address. The below oops will be fixed <1>BUG: unable to handle kernel paging request at 000000000002aa08 <1>IP: [<ffffffffa011d800>] c4iw_uld_control+0x4e0/0x880 [iw_cxgb4] <4>PGD 1416a8067 PUD 15bf35067 PMD 0 <4>Oops: 0002 [#1] SMP <4>last sysfs file: /sys/devices/pci0000:00/0000:00:03.0/0000:02:00.4/infiniband/cxgb4_0/node_guid <4>CPU 5 <4>Modules linked in: rdma_ucm rdma_cm ib_cm ib_sa ib_mad ib_uverbs ip6table_filter ip6_tables ebtable_nat ebtables ipt_MASQUERADE iptable_nat nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 xt_state nf_conntrack ipt_REJECT xt_CHECKSUM iptable_mangle iptable_filter ip_tables bridge autofs4 target_core_iblock target_core_file target_core_pscsi target_core_mod configfs bnx2fc cnic uio fcoe libfcoe libfc scsi_transport_fc scsi_tgt 8021q garp stp llc cpufreq_ondemand acpi_cpufreq freq_table mperf vhost_net macvtap macvlan tun kvm uinput microcode iTCO_wdt iTCO_vendor_support sg joydev serio_raw i2c_i801 i2c_core lpc_ich mfd_core e1000e ptp pps_core ioatdma dca i7core_edac edac_core shpchp ext3 jbd mbcache sd_mod crc_t10dif pata_acpi ata_generic ata_piix iw_cxgb4 iw_cm ib_core ib_addr cxgb4 ipv6 dm_mirror dm_region_hash dm_log dm_mod [last unloaded: scsi_wait_scan] <4> Supermicro X8ST3/X8ST3 <4>RIP: 0010:[<ffffffffa011d800>] [<ffffffffa011d800>] c4iw_uld_control+0x4e0/0x880 [iw_cxgb4] <4>RSP: 0000:ffff880155a03db0 EFLAGS: 00010006 <4>RAX: 000000000000001d RBX: ffff88013ae5fc00 RCX: ffff880155adb180 <4>RDX: 000000000002aa00 RSI: 0000000000000001 RDI: ffff88013ae5fdf8 <4>RBP: ffff880155a03e10 R08: 0000000000000000 R09: 0000000000000001 <4>R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 <4>R13: 000000000000001d R14: ffff880156414ab0 R15: ffffe8ffffc05b88 <4>FS: 0000000000000000(0000) GS:ffff8800282a0000(0000) knlGS:0000000000000000 <4>CS: 0010 DS: 0018 ES: 0018 CR0: 000000008005003b <4>CR2: 000000000002aa08 CR3: 000000015bd0e000 CR4: 00000000000007e0 <4>DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 <4>DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 <4>Process cxgb4 (pid: 394, threadinfo ffff880155a00000, task ffff880156414ab0) <4>Stack: <4> ffff880156415068 ffff880155adb180 ffff880155a03df0 ffffffffa00a344b <4><d> 00000000000003e8 ffff880155920000 0000000000000004 ffff880155920000 <4><d> ffff88015592d438 ffffffffa00a3860 ffff880155a03fd8 ffffe8ffffc05b88 <4>Call Trace: <4> [<ffffffffa00a344b>] ? enable_txq_db+0x2b/0x80 [cxgb4] <4> [<ffffffffa00a3860>] ? process_db_full+0x0/0xa0 [cxgb4] <4> [<ffffffffa00a38a6>] process_db_full+0x46/0xa0 [cxgb4] <4> [<ffffffff8109fda0>] worker_thread+0x170/0x2a0 <4> [<ffffffff810a6aa0>] ? autoremove_wake_function+0x0/0x40 <4> [<ffffffff8109fc30>] ? worker_thread+0x0/0x2a0 <4> [<ffffffff810a660e>] kthread+0x9e/0xc0 <4> [<ffffffff8100c28a>] child_rip+0xa/0x20 <4> [<ffffffff810a6570>] ? kthread+0x0/0xc0 <4> [<ffffffff8100c280>] ? child_rip+0x0/0x20 <4>Code: e9 ba 00 00 00 66 0f 1f 44 00 00 44 8b 05 29 07 02 00 45 85 c0 0f 85 71 02 00 00 8b 83 70 01 00 00 45 0f b7 ed c1 e0 0f 44 09 e8 <89> 42 08 0f ae f8 66 c7 83 82 01 00 00 00 00 44 0f b7 ab dc 01 <1>RIP [<ffffffffa011d800>] c4iw_uld_control+0x4e0/0x880 [iw_cxgb4] <4> RSP <ffff880155a03db0> <4>CR2: 000000000002aa08` Based on original work by Bharat Potnuri <bharat@chelsio.com> Fixes: 74217d4c ("iw_cxgb4: support for bar2 qid densities exceeding the page size") Signed-off-by:
Steve Wise <swise@opengridcomputing.com> Signed-off-by:
Hariprasad Shenai <hariprasad@chelsio.com> Reviewed-by:
Leon Romanovsky <leon@leon.nu> Signed-off-by:
Doug Ledford <dledford@redhat.com> Signed-off-by:
-
Greg Kroah-Hartman authored
BugLink: http://bugs.launchpad.net/bugs/1580754 This reverts commit e924c60d which was commit 7f821fc9 upstream. It shouldn't have been applied as the original was already in 4.4. Reported-by:
Jiri Slaby <jslaby@suse.cz> Cc: Michael Neuling <mikey@neuling.org> Cc: Michael Ellerman <mpe@ellerman.id.au> Signed-off-by:
-
Tim Gardner authored
BugLink: http://bugs.launchpad.net/bugs/1580754 This reverts commit 28c8fd86. Revert in favor of upstream stable. Signed-off-by:
-
Tim Gardner authored
BugLink: http://bugs.launchpad.net/bugs/1580754 This reverts commit d21526bc3c6e8df9fcba10831d2260082d4cb82f. revert in favor of upstream stable. Signed-off-by:
-
Maruthi Srinivas Bayyavarapu authored
BugLink: http://bugs.launchpad.net/bugs/1577288 This commit fixes garbled audio on Polaris-10/11 variants Signed-off-by:
Maruthi Bayyavarapu <maruthi.bayyavarapu@amd.com> Reviewed-by:
Alex Deucher <alexander.deucher@amd.com> Acked-by:
Christian König <christian.koenig@amd.com> Signed-off-by:
Takashi Iwai <tiwai@suse.de> (cherry picked from commit 8eb22214) Signed-off-by:
Joseph Salisbury <joseph.salisbury@canonical.com> Acked-by:
-
Timo Aaltonen authored
BugLink: http://bugs.launchpad.net/bugs/1580114Signed-off-by:
Timo Aaltonen <timo.aaltonen@canonical.com> Acked-by:
Brad Figg <brad.figg@canonical.com> Signed-off-by:
-
Timo Aaltonen authored
BugLink: http://bugs.launchpad.net/bugs/1580114 We can enable these to work OOTB now. Signed-off-by:
-
Kangjie Lu authored
The stack object “map” has a total size of 32 bytes. Its last 4 bytes are padding generated by compiler. These padding bytes are not initialized and sent out via “nla_put”. Signed-off-by:
Kangjie Lu <kjlu@gatech.edu> Signed-off-by:
David S. Miller <davem@davemloft.net> (cherry picked from commit 5f8e4474) CVE-2016-4486 BugLink: https://bugs.launchpad.net/bugs/1578497Signed-off-by:
Luis Henriques <luis.henriques@canonical.com> Acked-by:
Christopher Arges <chris.j.arges@canonical.com> Signed-off-by:
-
Kangjie Lu authored
The stack object “info” has a total size of 12 bytes. Its last byte is padding which is not initialized and leaked via “put_cmsg”. Signed-off-by:
-
Chris Wilson authored
BugLink: http://bugs.launchpad.net/bugs/1579610 The current error path for failure when establishing a handle for a GEM object is unbalance, e.g. we call object_close() without calling first object_open(). Use the typical onion structure to only undo what has been set up prior to the error. Signed-off-by:
Chris Wilson <chris@chris-wilson.co.uk> Reviewed-by:
Ville Syrjälä <ville.syrjala@linux.intel.com> Signed-off-by:
Daniel Vetter <daniel.vetter@ffwll.ch> (cherry picked from commit 6984128d) Signed-off-by:
Stefan Bader <stefan.bader@canonical.com> Signed-off-by:
-
Steve Beattie authored
In Ubuntu 16.10, gcc's defaults have been set to build Position Independent Executables (PIE) on amd64 and ppc64le (gcc was configured this way for s390x in Ubuntu 16.04 LTS). This breaks the kernel build on amd64. The following patch disables pie for x86 builds (though not yet verified to work with gcc configured to build PIE by default i386 -- we're not planning to enable it for that architecture). The intent is for this patch to go upstream after expanding it to additional architectures where needed, but I wanted to ensure that we could build 16.10 kernels first. I've successfully built kernels and booted them with this patch applied using the 16.10 compiler. Patch is against yakkety.git, but also applies with minor movement (no fuzz) against current linus.git. Signed-off-by:
Steve Beattie <steve.beattie@canonical.com> [apw@canonical.com: shifted up so works in arch/<arch/Makefile.] BugLink: http://bugs.launchpad.net/bugs/1574982Signed-off-by:
Andy Whitcroft <apw@canonical.com> Acked-by:
-
Maarten Lankhorst authored
BugLink: http://bugs.launchpad.net/bugs/1542939 Now that connector_mask is reliable there's no need for this function any more. Signed-off-by:
Maarten Lankhorst <maarten.lankhorst@linux.intel.com> Link: http://patchwork.freedesktop.org/patch/msgid/1451908400-25147-6-git-send-email-maarten.lankhorst@linux.intel.comSigned-off-by:
-
Maarten Lankhorst authored
BugLink: http://bugs.launchpad.net/bugs/1542939 This is useful for drivers that subclass connector_state, like tegra. Changes since v1: - Docbook updates. Signed-off-by:
-
Alexei Starovoitov authored
On a system with >32Gbyte of phyiscal memory and infinite RLIMIT_MEMLOCK, the malicious application may overflow 32-bit bpf program refcnt. It's also possible to overflow map refcnt on 1Tb system. Impose 32k hard limit which means that the same bpf program or map cannot be shared by more than 32k processes. Fixes: 1be7f75d ("bpf: enable non-root eBPF programs") Reported-by:
Jann Horn <jannh@google.com> Signed-off-by:
Alexei Starovoitov <ast@kernel.org> Acked-by:
Daniel Borkmann <daniel@iogearbox.net> Signed-off-by:
-
Thomas Gleixner authored
BugLink: http://bugs.launchpad.net/bugs/1573231 Joseph reported that a XEN guest dies with a division by 0 in the package topology setup code. This happens if cpu_info.x86_max_cores is zero. Handle that case and emit a warning. This does not fix the underlying XEN bug, but makes the code more robust. Cc: Peter Zijlstra <peterz@infradead.org> Cc: Boris Ostrovsky <boris.ostrovsky@oracle.com> Cc: David Vrabel <david.vrabel@citrix.com> Link: http://lkml.kernel.org/r/alpine.DEB.2.11.1605062046270.3540@nanosSigned-off-by:
Thomas Gleixner <tglx@linutronix.de> Signed-off-by:
Colin Ian King <colin.king@canonical.com> Acked-by:
-
Daniel Jurgens authored
BugLink: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1544978 Use htons instead of unconditionally byte swapping nexthdr. On a little endian systems shifting the byte is correct behavior, but it results in incorrect csums on big endian architectures. Fixes: f8c6455b ('net/mlx4_en: Extend checksum offloading by CHECKSUM COMPLETE') Signed-off-by:
Daniel Jurgens <danielj@mellanox.com> Reviewed-by:
Carol Soto <clsoto@us.ibm.com> Tested-by:
Tariq Toukan <tariqt@mellanox.com> Signed-off-by:
Talat Batheesh <talatb@mellanox.com> Acked-by:
-
Tim Gardner authored
BugLink: http://bugs.launchpad.net/bugs/1248289Signed-off-by:
-
Prarit Bhargava authored
BugLink: http://bugs.launchpad.net/bugs/1577898 ACPICA commit 7a3bd2d962f221809f25ddb826c9e551b916eb25 Set the mutex owner thread ID. Original patch from: Prarit Bhargava <prarit@redhat.com> Link: https://github.com/acpica/acpica/commit/7a3bd2d9Signed-off-by:
Prarit Bhargava <prarit@redhat.com> Signed-off-by:
Bob Moore <robert.moore@intel.com> Signed-off-by:
Lv Zheng <lv.zheng@intel.com> Signed-off-by:
-
Colin Ian King authored
BugLink: http://bugs.launchpad.net/bugs/1558120 AUFS introduced a subtle bug into remap_file_pages; calls to do_mmap_pgoff can lead to a change of the vma->vm_file and so the vma_fput(vma) on the file is incorrect; we should instead fput on the original file. Constant remapping the same page with multiple processes can create the following oops: [ 6.606988] BUG: unable to handle kernel NULL pointer dereference at 0000000000000228 [ 6.607010] IP: [<ffffffff811aad98>] shmem_fault+0x38/0x1e0 [ 6.607032] PGD 78d0d067 PUD 795c0067 PMD 0 [ 6.607044] Oops: 0000 [#1] SMP [ 6.607055] Modules linked in: ppdev snd_hda_codec_generic snd_hda_intel snd_hda_codec snd_hda_core snd_hwdep snd_pcm joydev input_leds serio_raw snd_timer parport_pc snd parport mac_hid i2c_piix4 8250_fintek soundcore ib_iser rdma_cm iw_cm ib_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi autofs4 btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear qxl crct10dif_pclmul ttm crc32_pclmul drm_kms_helper aesni_intel syscopyarea aes_x86_64 sysfillrect sysimgblt lrw gf128mul glue_helper ablk_helper cryptd psmouse fb_sys_fops floppy drm pata_acpi [ 6.607240] CPU: 1 PID: 1033 Comm: a.out Not tainted 4.4.0-21-generic #37-Ubuntu [ 6.607257] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014 [ 6.607278] task: ffff8800760b5280 ti: ffff88007af44000 task.ti: ffff88007af44000 [ 6.607294] RIP: 0010:[<ffffffff811aad98>] [<ffffffff811aad98>] shmem_fault+0x38/0x1e0 [ 6.607314] RSP: 0018:ffff88007af47c08 EFLAGS: 00010246 [ 6.607326] RAX: ffff88007c25cf00 RBX: 0000000000000000 RCX: 0000000000000004 [ 6.607341] RDX: 0000000000000000 RSI: ffff88007af47c78 RDI: ffff88007add44b0 [ 6.607357] RBP: ffff88007af47c68 R08: 0000000000000000 R09: ffff88007af47d38 [ 6.607373] R10: 0000000000000000 R11: 00003ffffffff000 R12: ffff88007add44b0 [ 6.607388] R13: ffff88007af47d38 R14: ffff8800795fdd00 R15: 00007fdb34174000 [ 6.607404] FS: 00007fdb3416c700(0000) GS:ffff88007fd00000(0000) knlGS:0000000000000000 [ 6.607422] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 6.607435] CR2: 0000000000000228 CR3: 000000007af83000 CR4: 00000000001406e0 [ 6.607453] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 6.607469] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 6.607484] Stack: [ 6.607490] ffff88007af47c28 00000200811cb011 8000000072af6027 00007fdb34174000 [ 6.607510] ffff88007af47c60 ffffea0001cabd80 0000000000000000 000000004a6f65dc [ 6.607530] 0000000000000000 ffff88007add44b0 ffff88007af47d38 ffff8800795fdd00 [ 6.607737] Call Trace: [ 6.607899] [<ffffffff811bc120>] __do_fault+0x50/0xe0 [ 6.608062] [<ffffffff811bfb5b>] handle_mm_fault+0xf8b/0x1820 [ 6.608225] [<ffffffff811bac05>] __get_user_pages+0x135/0x620 [ 6.608388] [<ffffffff811c5d8d>] ? vma_set_page_prot+0x3d/0x60 [ 6.608533] [<ffffffff811bb63f>] populate_vma_page_range+0x7f/0x90 [ 6.608678] [<ffffffff811bb6f3>] __mm_populate+0xa3/0x130 [ 6.608820] [<ffffffff811c79b5>] SyS_remap_file_pages+0xe5/0x2e0 [ 6.608964] [<ffffffff818244f2>] entry_SYSCALL_64_fastpath+0x16/0x71 [ 6.609107] Code: 41 54 53 49 89 fc 48 83 ec 40 c7 45 ac 00 02 00 00 65 48 8b 04 25 28 00 00 00 48 89 45 d8 31 c0 48 8b 87 a0 00 00 00 48 8b 58 20 <48> 83 bb 28 02 00 00 00 0f 85 98 00 00 00 48 8b 43 30 48 8d 56 [ 6.609480] RIP [<ffffffff811aad98>] shmem_fault+0x38/0x1e0 [ 6.609638] RSP <ffff88007af47c08> [ 6.609793] CR2: 0000000000000228 [ 6.609949] ---[ end trace f58b20cac46c4135 ]--- The reproducer is below: void do_remap(void) { const size_t page_size = sysconf(_SC_PAGESIZE); void *data; data = mmap(NULL, page_size, PROT_READ | PROT_WRITE, MAP_SHARED | MAP_ANONYMOUS, -1, 0); if (data == MAP_FAILED) { fprintf(stderr, "mmap failed\n"); exit(1); } for (;;) { if (remap_file_pages(data, page_size, 0, 0, 0) < 0) { fprintf(stderr, "remap_file_pages failed\n"); exit(1); } } munmap(data, page_size); } int main(int argc, char **argv) { int i; pid_t pids[4]; for (i = 0; i < 4; i++) { pids[i] = fork(); if (pids[i] == 0) { printf("FORK child\n"); do_remap(); exit(0); } if (pids[i] < 0) { fprintf(stderr, "fork failed\n"); } } for (i = 0; i < 4; i++) { int status; waitpid(pids[i], &status, 0); } } Signed-off-by:
-
Brian Behlendorf authored
BugLink: http://bugs.launchpad.net/bugs/1567558 Cherry-picked from 874bd959f4f15b3d4b007160ee7ad3f4111dd341 ('Fix user namespaces uid/gid mapping') https://github.com/zfsonlinux/zfs.git As described in torvalds/linux@5f3a4a2 the &init_user_ns, and not the current user_ns, should be passed to posix_acl_from_xattr() and posix_acl_to_xattr(). Conveniently the init_user_ns is available through the init credential (kcred). Signed-off-by:
Brian Behlendorf <behlendorf1@llnl.gov> Signed-off-by:
Massimo Maggi <me@massimo-maggi.eu> Closes #4177 Signed-off-by:
Seth Forshee <seth.forshee@canonical.com> Acked-by:
-
