1. 18 Jun, 2016 15 commits
  2. 17 Jun, 2016 22 commits
    • Rafael J. Wysocki's avatar
      Merge branch 'acpica-fixes' · 46577e6a
      Rafael J. Wysocki authored
      * acpica-fixes:
        Revert "ACPICA: ACPI 2.0, Hardware: Add access_width/bit_offset support for acpi_hw_write()"
      46577e6a
    • Rafael J. Wysocki's avatar
      Merge branches 'pm-opp' and 'pm-cpufreq-fixes' · 9d066a25
      Rafael J. Wysocki authored
      * pm-opp:
        PM / OPP: Add 'UNKNOWN' status for shared_opp in struct opp_table
      
      * pm-cpufreq-fixes:
        cpufreq: intel_pstate: Adjust _PSS[0] freqeuency if needed
      9d066a25
    • Hans de Goede's avatar
      Revert "Staging: rtl8188eu: rtw_efuse: Use sizeof type *pointer instead of sizeof type." · bc8201e3
      Hans de Goede authored
      This reverts commit b5e12ec3 ("Staging: rtl8188eu: rtw_efuse: Use
      sizeof type *pointer instead of sizeof type.").
      
      This commit is wrong, the rtw_malloc2d helper function takes the size of
      the array elements as its 3th argument, whereas sizeof(*eFuseWord)
      gives the size of a pointer instead of the size of a u16.
      
      Since sizeof(void *) > sizeof(u16) this has no adverse effects, but it
      is still wrong.
      
      Cc: Sandhya Bankar <bankarsandhya512@gmail.com>
      Signed-off-by: default avatarHans de Goede <hdegoede@redhat.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      bc8201e3
    • Hans de Goede's avatar
      Revert "Staging: drivers: rtl8188eu: use sizeof(*ptr) instead of sizeof(struct)" · 6982f867
      Hans de Goede authored
      This reverts commit 99aded71 ("Staging: drivers: rtl8188eu: use
      sizeof(*ptr) instead of sizeof(struct)").
      
      This commit is wrong, as adapt->HalData has a type of "void *", so
      now we are allocating a much to small struct, which causes the driver
      to overwrite random memory which leads to a non working driver and
      various system crashes.
      
      Cc: Jacky Boen <aqiank@gmail.com>
      Signed-off-by: default avatarHans de Goede <hdegoede@redhat.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      6982f867
    • Linus Torvalds's avatar
      Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux · 9cbbef4e
      Linus Torvalds authored
      Pull arm64 fixes from Will Deacon:
       "The main things are getting kgdb up and running with upstream GDB
        after a protocol change was reverted and fixing our spin_unlock_wait
        and spin_is_locked implementations after doing some similar work with
        PeterZ on the qspinlock code last week.  Whilst we haven't seen any
        failures in practice, it's still worth getting this fixed.
      
        Summary:
      
         - Plug the ongoing spin_unlock_wait/spin_is_locked mess
         - KGDB protocol fix to sync w/ GDB
         - Fix MIDR-based PMU probing for old 32-bit SMP systems
           (OMAP4/Realview)
         - Minor tweaks to the fault handling path"
      
      * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
        arm64: kgdb: Match pstate size with gdbserver protocol
        arm64: spinlock: Ensure forward-progress in spin_unlock_wait
        arm64: spinlock: fix spin_unlock_wait for LSE atomics
        arm64: spinlock: order spin_{is_locked,unlock_wait} against local locks
        arm: pmu: Fix non-devicetree probing
        arm64: mm: mark fault_info table const
        arm64: fix dump_instr when PAN and UAO are in use
      9cbbef4e
    • Linus Torvalds's avatar
      Merge tag 'iommu-fixes-v4.7-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu · 8c256155
      Linus Torvalds authored
      Pull IOMMU fixes from Joerg Roedel:
       "Three patches queued up:
      
         - Fix for ARM-SMMU to add a missing iommu-ops callback which is
           required by common iommu code
      
         - Fix for the rockchip iommu where the wrong MMUs got the commands
      
         - A regression fix for the Intel VT-d driver.  The regression only
           showed up on X58 chipsets with more than one iommu.  These chipsets
           seem to require that QI is enabled on all IOMMUs before it can be
           used"
      
      * tag 'iommu-fixes-v4.7-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu:
        iommu/vt-d: Enable QI on all IOMMUs before setting root entry
        iommu/rockchip: Fix zap cache during device attach
        iommu/arm-smmu: Wire up map_sg for arm-smmu-v3
      8c256155
    • Linus Torvalds's avatar
      Merge tag 'for-4.7-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/j.anaszewski/linux-leds · 7af9a170
      Linus Torvalds authored
      Pull LED fixes from Jacek Anaszewski:
      
       - Fix brightness setting upon hardware blinking enabled
      
       - Handle suspend/resume in heartbeat trigger
      
      * tag 'for-4.7-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/j.anaszewski/linux-leds:
        leds: handle suspend/resume in heartbeat trigger
        leds: core: Fix brightness setting upon hardware blinking enabled
      7af9a170
    • Chris Mason's avatar
      Merge branch 'for-chris' of... · de18c165
      Chris Mason authored
      Merge branch 'for-chris' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux into for-linus-4.7
      de18c165
    • Chandan Rajendra's avatar
      Btrfs: btrfs_check_super_valid: Allow 4096 as stripesize · dd5c9311
      Chandan Rajendra authored
      Older btrfs-progs/mkfs.btrfs sets 4096 as the stripesize. Hence
      restricting stripesize to be equal to sectorsize would cause super block
      validation to return an error on architectures where PAGE_SIZE is not
      equal to 4096.
      
      Hence as a workaround, this commit allows stripesize to be set to 4096
      bytes.
      Signed-off-by: default avatarChandan Rajendra <chandan@linux.vnet.ibm.com>
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      dd5c9311
    • David Sterba's avatar
      btrfs: remove build fixup for qgroup_account_snapshot · 89c5a544
      David Sterba authored
      Introduced in 2c1984f2 ("btrfs: build fixup for
      qgroup_account_snapshot") as temporary bisectability build fixup.
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      89c5a544
    • David Sterba's avatar
      btrfs: use new error message helper in qgroup_account_snapshot · f7af3934
      David Sterba authored
      We've renamed btrfs_std_error, this one is left from last merge.
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      f7af3934
    • Zygo Blaxell's avatar
      btrfs: avoid blocking open_ctree from cleaner_kthread · 90c711ab
      Zygo Blaxell authored
      This fixes a problem introduced in commit 2f3165ec
      "btrfs: don't force mounts to wait for cleaner_kthread to delete one or more subvolumes".
      
      open_ctree eventually calls btrfs_replay_log which in turn calls
      btrfs_commit_super which tries to lock the cleaner_mutex, causing a
      recursive mutex deadlock during mount.
      
      Instead of playing whack-a-mole trying to keep up with all the
      functions that may want to lock cleaner_mutex, put all the cleaner_mutex
      lockers back where they were, and attack the problem more directly:
      keep cleaner_kthread asleep until the filesystem is mounted.
      
      When filesystems are mounted read-only and later remounted read-write,
      open_ctree did not set fs_info->open and neither does anything else.
      Set this flag in btrfs_remount so that neither btrfs_delete_unused_bgs
      nor cleaner_kthread get confused by the common case of "/" filesystem
      read-only mount followed by read-write remount.
      Signed-off-by: default avatarZygo Blaxell <ce3g8jdj@umail.furryterror.org>
      Reviewed-by: default avatarDavid Sterba <dsterba@suse.com>
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      90c711ab
    • Josef Bacik's avatar
      Btrfs: don't BUG_ON() in btrfs_orphan_add · 3b6571c1
      Josef Bacik authored
      This is just a screwup for developers, so change it to an ASSERT() so developers
      notice when things go wrong and deal with the error appropriately if ASSERT()
      isn't enabled.  Thanks,
      Signed-off-by: default avatarJosef Bacik <jbacik@fb.com>
      Reviewed-by: default avatarMark Fasheh <mfasheh@suse.de>
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      3b6571c1
    • Jeff Mahoney's avatar
      btrfs: account for non-CoW'd blocks in btrfs_abort_transaction · 64c12921
      Jeff Mahoney authored
      The test for !trans->blocks_used in btrfs_abort_transaction is
      insufficient to determine whether it's safe to drop the transaction
      handle on the floor.  btrfs_cow_block, informed by should_cow_block,
      can return blocks that have already been CoW'd in the current
      transaction.  trans->blocks_used is only incremented for new block
      allocations. If an operation overlaps the blocks in the current
      transaction entirely and must abort the transaction, we'll happily
      let it clean up the trans handle even though it may have modified
      the blocks and will commit an incomplete operation.
      
      In the long-term, I'd like to do closer tracking of when the fs
      is actually modified so we can still recover as gracefully as possible,
      but that approach will need some discussion.  In the short term,
      since this is the only code using trans->blocks_used, let's just
      switch it to a bool indicating whether any blocks were used and set
      it when should_cow_block returns false.
      
      Cc: stable@vger.kernel.org # 3.4+
      Signed-off-by: default avatarJeff Mahoney <jeffm@suse.com>
      Reviewed-by: default avatarFilipe Manana <fdmanana@suse.com>
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      64c12921
    • Liu Bo's avatar
      Btrfs: check if extent buffer is aligned to sectorsize · c871b0f2
      Liu Bo authored
      Thanks to fuzz testing, we can pass an invalid bytenr to extent buffer
      via alloc_extent_buffer().  An unaligned eb can have more pages than it
      should have, which ends up extent buffer's leak or some corrupted content
      in extent buffer.
      
      This adds a warning to let us quickly know what was happening.
      
      Now that alloc_extent_buffer() no more returns NULL, this changes its
      caller and callers of its caller to match with the new error
      handling.
      Signed-off-by: default avatarLiu Bo <bo.li.liu@oracle.com>
      Reviewed-by: default avatarDavid Sterba <dsterba@suse.com>
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      c871b0f2
    • Heinrich Schuchardt's avatar
      btrfs: Use correct format specifier · 16ff4b45
      Heinrich Schuchardt authored
      Component mirror_num of struct btrfsic_block is defined
      as unsigned int. Use %u as format specifier.
      Signed-off-by: default avatarHeinrich Schuchardt <xypron.glpk@gmx.de>
      Reviewed-by: default avatarDavid Sterba <dsterba@suse.com>
      Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
      16ff4b45
    • Joerg Roedel's avatar
      iommu/vt-d: Enable QI on all IOMMUs before setting root entry · a4c34ff1
      Joerg Roedel authored
      This seems to be required on some X58 chipsets on systems
      with more than one IOMMU. QI does not work until it is
      enabled on all IOMMUs in the system.
      Reported-by: default avatarDheeraj CVR <cvr.dheeraj@gmail.com>
      Tested-by: default avatarDheeraj CVR <cvr.dheeraj@gmail.com>
      Fixes: 5f0a7f76 ('iommu/vt-d: Make root entry visible for hardware right after allocation')
      Cc: stable@vger.kernel.org
      Signed-off-by: default avatarJoerg Roedel <jroedel@suse.de>
      a4c34ff1
    • Linus Torvalds's avatar
      Merge tag 'pwm/for-4.7-rc4' of... · bb967271
      Linus Torvalds authored
      Merge tag 'pwm/for-4.7-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/thierry.reding/linux-pwm
      
      Pull pwm fixes from Thierry Reding:
       "These changes fix a bit of fallout from the introduction of the atomic
        API"
      
      * tag 'pwm/for-4.7-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/thierry.reding/linux-pwm:
        pwm: atmel-hlcdc: Fix default PWM polarity
        pwm: sysfs: Get return value from pwm_apply_state()
        pwm: Improve args checking in pwm_apply_state()
      bb967271
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm · 2668bc77
      Linus Torvalds authored
      Pull KVM fixes from Paolo Bonzini:
      
       - miscellaneous fixes for MIPS and s390
      
       - one new kvm_stat for s390
      
       - correctly disable VT-d posted interrupts with the rest of posted
         interrupts
      
       - "make randconfig" fix for x86 AMD
      
       - off-by-one in irq route check (the "good" kind that errors out a bit
         too early!)
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
        kvm: vmx: check apicv is active before using VT-d posted interrupt
        kvm: Fix irq route entries exceeding KVM_MAX_IRQ_ROUTES
        kvm: svm: Do not support AVIC if not CONFIG_X86_LOCAL_APIC
        kvm: svm: Fix implicit declaration for __default_cpu_present_to_apicid()
        MIPS: KVM: Fix CACHE triggered exception emulation
        MIPS: KVM: Don't unwind PC when emulating CACHE
        MIPS: KVM: Include bit 31 in segment matches
        MIPS: KVM: Fix modular KVM under QEMU
        KVM: s390: Add stats for PEI events
        KVM: s390: ignore IBC if zero
      2668bc77
    • Linus Torvalds's avatar
      Merge tag 'nfsd-4.7-1' of git://linux-nfs.org/~bfields/linux · 41ef7218
      Linus Torvalds authored
      Pull nfsd bugfixes from Bruce Fields:
       "Oleg Drokin found and fixed races in the nfsd4 state code that go back
        to the big nfs4_lock_state removal around 3.17 (but that were also
        probably hard to reproduce before client changes in 3.20 allowed the
        client to perform parallel opens).
      
        Also fix a 4.1 backchannel crash due to rpc multipath changes in 4.6.
        Trond acked the client-side rpc fixes going through my tree"
      
      * tag 'nfsd-4.7-1' of git://linux-nfs.org/~bfields/linux:
        nfsd: Make init_open_stateid() a bit more whole
        nfsd: Extend the mutex holding region around in nfsd4_process_open2()
        nfsd: Always lock state exclusively.
        rpc: share one xps between all backchannels
        nfsd4/rpc: move backchannel create logic into rpc code
        SUNRPC: fix xprt leak on xps allocation failure
        nfsd: Fix NFSD_MDS_PR_KEY on 32-bit by adding ULL postfix
      41ef7218
    • Linus Torvalds's avatar
      Merge branch 'overlayfs-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs · 9c514bed
      Linus Torvalds authored
      Pull overlayfs fixes from Miklos Szeredi:
       "This contains two regression fixes: one for the xattr API update and
        one for using the mounter's creds in file creation in overlayfs.
      
        There's also a fix for a bug in handling hard linked AF_UNIX sockets
        that's been there from day one.  This fix is overlayfs only despite
        the fact that it touches code outside the overlay filesystem: d_real()
        is an identity function for all except overlay dentries"
      
      * 'overlayfs-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs:
        ovl: fix uid/gid when creating over whiteout
        ovl: xattr filter fix
        af_unix: fix hard linked sockets on overlay
        vfs: add d_real_inode() helper
      9c514bed
    • Dan Carpenter's avatar
      KEYS: potential uninitialized variable · 38327424
      Dan Carpenter authored
      If __key_link_begin() failed then "edit" would be uninitialized.  I've
      added a check to fix that.
      
      This allows a random user to crash the kernel, though it's quite
      difficult to achieve.  There are three ways it can be done as the user
      would have to cause an error to occur in __key_link():
      
       (1) Cause the kernel to run out of memory.  In practice, this is difficult
           to achieve without ENOMEM cropping up elsewhere and aborting the
           attempt.
      
       (2) Revoke the destination keyring between the keyring ID being looked up
           and it being tested for revocation.  In practice, this is difficult to
           time correctly because the KEYCTL_REJECT function can only be used
           from the request-key upcall process.  Further, users can only make use
           of what's in /sbin/request-key.conf, though this does including a
           rejection debugging test - which means that the destination keyring
           has to be the caller's session keyring in practice.
      
       (3) Have just enough key quota available to create a key, a new session
           keyring for the upcall and a link in the session keyring, but not then
           sufficient quota to create a link in the nominated destination keyring
           so that it fails with EDQUOT.
      
      The bug can be triggered using option (3) above using something like the
      following:
      
      	echo 80 >/proc/sys/kernel/keys/root_maxbytes
      	keyctl request2 user debug:fred negate @t
      
      The above sets the quota to something much lower (80) to make the bug
      easier to trigger, but this is dependent on the system.  Note also that
      the name of the keyring created contains a random number that may be
      between 1 and 10 characters in size, so may throw the test off by
      changing the amount of quota used.
      
      Assuming the failure occurs, something like the following will be seen:
      
      	kfree_debugcheck: out of range ptr 6b6b6b6b6b6b6b68h
      	------------[ cut here ]------------
      	kernel BUG at ../mm/slab.c:2821!
      	...
      	RIP: 0010:[<ffffffff811600f9>] kfree_debugcheck+0x20/0x25
      	RSP: 0018:ffff8804014a7de8  EFLAGS: 00010092
      	RAX: 0000000000000034 RBX: 6b6b6b6b6b6b6b68 RCX: 0000000000000000
      	RDX: 0000000000040001 RSI: 00000000000000f6 RDI: 0000000000000300
      	RBP: ffff8804014a7df0 R08: 0000000000000001 R09: 0000000000000000
      	R10: ffff8804014a7e68 R11: 0000000000000054 R12: 0000000000000202
      	R13: ffffffff81318a66 R14: 0000000000000000 R15: 0000000000000001
      	...
      	Call Trace:
      	  kfree+0xde/0x1bc
      	  assoc_array_cancel_edit+0x1f/0x36
      	  __key_link_end+0x55/0x63
      	  key_reject_and_link+0x124/0x155
      	  keyctl_reject_key+0xb6/0xe0
      	  keyctl_negate_key+0x10/0x12
      	  SyS_keyctl+0x9f/0xe7
      	  do_syscall_64+0x63/0x13a
      	  entry_SYSCALL64_slow_path+0x25/0x25
      
      Fixes: f70e2e06 ('KEYS: Do preallocation for __key_link()')
      Signed-off-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
      Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
      cc: stable@vger.kernel.org
      Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
      38327424
  3. 16 Jun, 2016 3 commits