| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
I overlooked a few code-paths that can lead to
locks_delete_global_locks().
Reported-by: Dmitry Vyukov <[email protected]>
Signed-off-by: Peter Zijlstra (Intel) <[email protected]>
Reviewed-by: Jeff Layton <[email protected]>
Cc: Al Viro <[email protected]>
Cc: Bruce Fields <[email protected]>
Cc: Linus Torvalds <[email protected]>
Cc: Peter Zijlstra <[email protected]>
Cc: Thomas Gleixner <[email protected]>
Cc: [email protected]
Cc: syzkaller <[email protected]>
Link: http://lkml.kernel.org/r/[email protected]
Signed-off-by: Ingo Molnar <[email protected]>
|
|
Arnd reported the following objtool warning:
kernel/locking/rwsem.o: warning: objtool: down_write_killable()+0x16: call without frame pointer save/setup
The warning means gcc placed the ____down_write() inline asm (and its
call instruction) before the frame pointer setup in
down_write_killable(), which breaks frame pointer convention and can
result in incorrect stack traces.
Force the stack frame to be created before the call instruction by
listing the stack pointer as an output operand in the inline asm
statement.
Reported-by: Arnd Bergmann <[email protected]>
Signed-off-by: Josh Poimboeuf <[email protected]>
Cc: Linus Torvalds <[email protected]>
Cc: Peter Zijlstra <[email protected]>
Cc: Thomas Gleixner <[email protected]>
Link: http://lkml.kernel.org/r/1188b7015f04baf361e59de499ee2d7272c59dce.1476393828.git.jpoimboe@redhat.com
Signed-off-by: Ingo Molnar <[email protected]>
|
|
fs/ceph/super.c: In function ‘ceph_real_mount’:
fs/ceph/super.c:818: warning: ‘root’ may be used uninitialized in this function
If s_root is already valid, dentry pointer root is never initialized,
and returned by ceph_real_mount(). This will cause a crash later when
the caller dereferences the pointer.
Fixes: ce2728aaa82bbeba ("ceph: avoid accessing / when mounting a subpath")
Signed-off-by: Geert Uytterhoeven <[email protected]>
Signed-off-by: Yan, Zheng <[email protected]>
|
|
following sequence of events tigger the race
- client readdir frag 0* -> got item 'A'
- MDS merges frag 0* and frag 1*
- client send readdir request (frag 1*, offset 2, readdir_start 'A')
- MDS reply items (that are after item 'A') in frag *
Link: http://tracker.ceph.com/issues/17286
Signed-off-by: Yan, Zheng <[email protected]>
|
|
On ARM, we get this false-positive warning since the rework of
the ext2_get_blocks interface:
fs/ext2/inode.c: In function 'ext2_get_block':
include/linux/buffer_head.h:340:16: error: 'bno' may be used uninitialized in this function [-Werror=maybe-uninitialized]
The calling conventions for this function are rather complex, and it's
not surprising that the compiler gets this wrong, I spent a long time
trying to understand how it all fits together myself.
This change to avoid the warning makes sure the compiler sees that we
always set 'bno' pointer whenever we have a positive return code.
The transformation is correct because we always arrive at the 'got_it'
label with a positive count that gets used as the return value, while
any branch to the 'cleanup' label has a negative or zero 'err'.
Fixes: 6750ad71986d ("ext2: stop passing buffer_head to ext2_get_blocks")
Signed-off-by: Arnd Bergmann <[email protected]>
Reviewed-by: Christoph Hellwig <[email protected]>
Cc: Dave Chinner <[email protected]>
Signed-off-by: Jan Kara <[email protected]>
|
|
When isofs_mount() is called to mount a device read-write, it returns
EACCES even before it checks that the device actually contains an isofs
filesystem. This may confuse mount(8) which then tries to mount all
subsequent filesystem types in read-only mode.
Fix the problem by returning EACCES only once we verify that the device
indeed contains an iso9660 filesystem.
CC: [email protected]
Fixes: 17b7f7cf58926844e1dd40f5eb5348d481deca6a
Reported-by: Kent Overstreet <[email protected]>
Reported-by: Karel Zak <[email protected]>
Signed-off-by: Jan Kara <[email protected]>
|
|
Fixes: 4246a0b63bd8 ("block: add a bi_error field to struct bio")
Signed-off-by: Junjie Mao <[email protected]>
Acked-by: David Sterba <[email protected]>
Cc: [email protected] # 4.3+
Signed-off-by: Linus Torvalds <[email protected]>
|
|
pkey_set() and pkey_get() were syscalls present in older versions
of the protection keys patches. The syscall number definitions
were inadvertently left in place. This patch removes them.
I did a git grep and verified that these are the last places in
the tree that these appear, save for the protection_keys.c tests
and Documentation. Those spots talk about functions called
pkey_get/set() which are wrappers for the direct PKRU
instructions, not the syscalls.
Signed-off-by: Dave Hansen <[email protected]>
Cc: Thomas Gleixner <[email protected]>
Cc: [email protected]
Cc: [email protected]
Cc: [email protected]
Cc: [email protected]
Cc: [email protected]
Cc: [email protected]
Cc: [email protected]
Fixes: f9afc6197e9bb ("x86: Wire up protection keys system calls")
Signed-off-by: Linus Torvalds <[email protected]>
|
|
Commit 8a71f0c656e0 ("arm64: sysreg: replace open-coded mrs_s/msr_s with
{read,write}_sysreg_s") introduced a write_sysreg_s macro for writing
to system registers that are not supported by binutils.
Unfortunately, this was implemented with the wrong template (%0 vs %x0),
so in the case that we are writing a constant 0, we will generate
invalid instruction syntax and bail with a cryptic assembler error:
| Error: constant expression required
This patch fixes the template.
Acked-by: Mark Rutland <[email protected]>
Signed-off-by: Will Deacon <[email protected]>
|
|
We should only dereference "data" after we check if it is an error
pointer.
Fixes: 54187ff9d766 ('hwmon: (max31790) Convert to use new hwmon registration API')
Signed-off-by: Dan Carpenter <[email protected]>
Signed-off-by: Guenter Roeck <[email protected]>
|
|
Unlike the temperature thresholds the temperature data is a 9-bit signed
value. This allows and additional 0.5 degrees of precision on the
reading but makes handling negative values slightly harder. In order to
have sign-extension applied correctly the 9-bit value is stored in the
upper bits of a signed 16-bit value. When presenting this in sysfs the
value is shifted and scaled appropriately.
Signed-off-by: Chris Packham <[email protected]>
Signed-off-by: Guenter Roeck <[email protected]>
|
|
pkey_set() and pkey_get() were syscalls present in older versions
of the protection keys patches. They were fully excised from the
x86 code, but some cruft was left in the generic syscall code. The
C++ comments were intended to help to make it more glaring to me to
fix them before actually submitting them. That technique worked,
but later than I would have liked.
I test-compiled this for arm64.
Fixes: a60f7b69d92c0 ("generic syscalls: Wire up memory protection keys syscalls")
Signed-off-by: Dave Hansen <[email protected]>
Acked-by: Arnd Bergmann <[email protected]>
Cc: Thomas Gleixner <[email protected]>
Cc: [email protected]
Cc: [email protected]
Cc: [email protected]
Cc: [email protected]
Cc: [email protected]
Cc: [email protected]
Cc: [email protected]
Signed-off-by: Linus Torvalds <[email protected]>
|
|
Entry Size in GITS_BASER<n> occupies 5 bits [52:48], but we mask out 8
bits.
Fixes: cc2d3216f53c ("irqchip: GICv3: ITS command queue")
Cc: [email protected]
Signed-off-by: Vladimir Murzin <[email protected]>
Signed-off-by: Marc Zyngier <[email protected]>
|
|
The RANDOMIZE_MODULE_REGION_FULL Kconfig option allows KASLR to be
configured in such a way that kernel modules and the core kernel are
allocated completely independently, which implies that modules are likely
to require branches via PLT entries to reach the core kernel. The dynamic
ftrace code does not expect that, and assumes that it can patch module
code to perform a relative branch to anywhere in the core kernel. This
may result in errors such as
branch_imm_common: offset out of range
------------[ cut here ]------------
WARNING: CPU: 3 PID: 196 at kernel/trace/ftrace.c:1995 ftrace_bug+0x220/0x2e8
Modules linked in:
CPU: 3 PID: 196 Comm: systemd-udevd Not tainted 4.8.0-22-generic #24
Hardware name: AMD Seattle/Seattle, BIOS 10:34:40 Oct 6 2016
task: ffff8d1bef7dde80 task.stack: ffff8d1bef6b0000
PC is at ftrace_bug+0x220/0x2e8
LR is at ftrace_process_locs+0x330/0x430
So make RANDOMIZE_MODULE_REGION_FULL mutually exclusive with DYNAMIC_FTRACE
at the Kconfig level.
Signed-off-by: Ard Biesheuvel <[email protected]>
Signed-off-by: Will Deacon <[email protected]>
|
|
Commit f436b2ac90a0 ("arm64: kernel: fix architected PMU registers
unconditional access") made sure we wouldn't access unimplemented
PMU registers, but also left MDCR_EL2 uninitialized in that case,
leading to trap bits being potentially left set.
Make sure we always write something in that register.
Fixes: f436b2ac90a0 ("arm64: kernel: fix architected PMU registers unconditional access")
Cc: Lorenzo Pieralisi <[email protected]>
Cc: Will Deacon <[email protected]>
Cc: <[email protected]>
Signed-off-by: Marc Zyngier <[email protected]>
Signed-off-by: Will Deacon <[email protected]>
|
|
In acpi_get_pmu_hw_inf we pass the address of a local variable to IS_ERR(),
which doesn't make sense, as the pointer must be a real, valid pointer.
This doesn't cause a functional problem, as IS_ERR() will evaluate as
false, but the check is bogus and causes static checkers to complain.
Remove the bogus check.
The bug is reported by Dan Carpenter <[email protected]> in [1]
[1] https://www.spinics.net/lists/arm-kernel/msg535957.html
Signed-off-by: Tai Nguyen <[email protected]>
Acked-by: Mark Rutland <[email protected]>
Signed-off-by: Will Deacon <[email protected]>
|
|
Commit 7ba5f605f3a0 ("arm64/numa: remove the limitation that cpu0 must
bind to node0") removed the numa cpu<->node mapping restriction whereby
logical cpu 0 always corresponds to numa node 0; removing the
restriction was correct, in that it does not really exist in practice
but the commit only updated the early mapping of logical cpu 0 to its
real numa node for the DT boot path, missing the ACPI one, leading to
boot failures on ACPI systems owing to missing node<->cpu map for
logical cpu 0.
Fix the issue by updating the ACPI boot path with code that carries out
the early cpu<->node mapping also for the boot cpu (ie cpu 0), mirroring
what is currently done in the DT boot path.
Fixes: 7ba5f605f3a0 ("arm64/numa: remove the limitation that cpu0 must bind to node0")
Signed-off-by: Lorenzo Pieralisi <[email protected]>
Tested-by: Laszlo Ersek <[email protected]>
Reported-by: Laszlo Ersek <[email protected]>
Cc: Will Deacon <[email protected]>
Cc: Laszlo Ersek <[email protected]>
Cc: Hanjun Guo <[email protected]>
Cc: Andrew Jones <[email protected]>
Cc: Zhen Lei <[email protected]>
Cc: Catalin Marinas <[email protected]>
Signed-off-by: Will Deacon <[email protected]>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux into perf/urgent
Pull perf/urgent fixes from Arnaldo Carvalho de Melo:
- Fix handling of NUMA nodes in perf.data files (Jiri Olsa)
- Fix scrolling when refreshing 'perf top --tui --hierarchy' entries (Namhyung Kim)
- Fix building of JIT support on Ubuntu 16.04 (Anton Blanchard)
- Fix handling of events including .c and .o, that were being treated as
BPF scripts instead of vendor ones (Wang Nan)
Signed-off-by: Arnaldo Carvalho de Melo <[email protected]>
Signed-off-by: Ingo Molnar <[email protected]>
|
|
When building on Ubuntu 16.04, I get the following error:
Makefile:49: *** the openjdk development package appears to me missing, install and try again. Stop.
The problem is that update-java-alternatives has multiple spaces between
fields, and cut treats each space as a new delimiter:
java-1.8.0-openjdk-ppc64el 1081 /usr/lib/jvm/java-1.8.0-openjdk-ppc64el
Fix this by using awk, which handles this fine.
Signed-off-by: Anton Blanchard <[email protected]>
Reviewed-by: Stephane Eranian <[email protected]>
Cc: Alexander Shishkin <[email protected]>
Cc: Peter Zijlstra <[email protected]>
Link: http://lkml.kernel.org/r/[email protected]
Signed-off-by: Arnaldo Carvalho de Melo <[email protected]>
|
|
This patch helps with Sukadev's vendor event tree where such events can happen.
>From Andi Kleen:
Any event including a .c/.o/.bpf currently triggers BPF compilation or loading
and then an error. This can happen for some Intel vendor events, which cannot
be used.
This patch fixes this problem by forbidding BPF file patch containing '{', '}'
and ',', make sure flex consumes the leading '{', instead of matching it using
a BPF file path.
Tested result:
$ perf stat -e '{unc_p_clockticks,unc_p_power_state_occupancy.cores_c0}' -a -I 1000
invalid or unsupported event: '{unc_p_clockticks,unc_p_power_state_occupancy.cores_c0}'
Run 'perf list' for a list of valid events
(as expected, interperted as event)
$ perf stat -e 'aaa.c' -a -I 1000
ERROR: problems with path aaa.c: No such file or directory
(as expected, interpreted as BPF source)
$ perf stat -e 'aaa.ccc' -a -I 1000
invalid or unsupported event: 'aaa.ccc'
(as expected, interpreted as event)
$ perf stat -e '{aaa.c}' -a -I 1000
ERROR: problems with path aaa.c: No such file or directory
event syntax error: '{aaa.c}'
<SKIP>
(as expected, interpreted as BPF source)
$ perf stat -e '{cycles,aaa.c}' -a -I 1000
ERROR: problems with path aaa.c: No such file or directory
event syntax error: '{cycles,aaa.c}'
(as expected, interpreted as BPF source)
Signed-off-by: Wang Nan <[email protected]>
Tested-by: Arnaldo Carvalho de Melo <[email protected]>
Reported-by: Andi Kleen <[email protected]>
Cc: Jiri Olsa <[email protected]>
Cc: Sukadev Bhattiprolu <[email protected]>
Cc: Zefan Li <[email protected]>
Cc: [email protected]
Link: http://lkml.kernel.org/r/[email protected]
Signed-off-by: Arnaldo Carvalho de Melo <[email protected]>
|
|
Signed-off-by: Ulf Hansson <[email protected]>
|
|
Accesses to the rtsx usb device, which is the parent of the rtsx memstick
device, must not be done unless it's runtime resumed. This is currently not
the case and it could trigger various errors.
Fix this by properly deal with runtime PM in this regards. This means
making sure the device is runtime resumed, when serving requests via the
->request() callback or changing settings via the ->set_param() callbacks.
Cc: <[email protected]>
Cc: Ritesh Raj Sarraf <[email protected]>
Cc: Alan Stern <[email protected]>
Signed-off-by: Ulf Hansson <[email protected]>
|
|
Accesses to the rtsx usb device, which is the parent of the rtsx memstick
device, must not be done unless it's runtime resumed.
Therefore when the rtsx_usb_ms driver polls for inserted memstick cards,
let's add pm_runtime_get|put*() to make sure accesses is done when the
rtsx usb device is runtime resumed.
Reported-by: Ritesh Raj Sarraf <[email protected]>
Tested-by: Ritesh Raj Sarraf <[email protected]>
Signed-off-by: Alan Stern <[email protected]>
Cc: <[email protected]>
Signed-off-by: Ulf Hansson <[email protected]>
|
|
Accesses of the rtsx sdmmc's parent device, which is the rtsx usb device,
must be done when it's runtime resumed. Currently this isn't case when
changing the led, so let's fix this by adding a pm_runtime_get_sync() and
a pm_runtime_put() around those operations.
Reported-by: Ritesh Raj Sarraf <[email protected]>
Tested-by: Ritesh Raj Sarraf <[email protected]>
Cc: <[email protected]>
Cc: Alan Stern <[email protected]>
Signed-off-by: Ulf Hansson <[email protected]>
|
|
The rtsx_usb_sdmmc driver may bail out in its ->set_ios() callback when no
SD card is inserted. This is wrong, as it could cause the device to remain
runtime resumed when it's unused. Fix this behaviour.
Tested-by: Ritesh Raj Sarraf <[email protected]>
Cc: <[email protected]>
Cc: Alan Stern <[email protected]>
Signed-off-by: Ulf Hansson <[email protected]>
|
|
Potentially overflowing expression 1000000 * data->timeout_clks with
type unsigned int is evaluated using 32-bit arithmetic, and then used
in a context that expects an expression of type unsigned long long.
To avoid overflow, cast 1000000U to type unsigned long long.
Special thanks to Coverity.
Fixes: 7f05538af71c ("mmc: sdhci: fix data timeout (part 2)")
Signed-off-by: Haibo Chen <[email protected]>
Cc: [email protected] # v3.15+
Acked-by: Adrian Hunter <[email protected]>
Signed-off-by: Ulf Hansson <[email protected]>
|
|
Commit fefe6733e516 ("PCI: layerscape: Move struct pcie_port setup
to probe function") changed the init ordering of the pcie structure,
but started to use the pcie->drvdata field before initializing it.
Mayhem follows.
Fix this by moving the drvdata assignment right before the first use.
Tested on LS2085a.
Fixes: efe6733e516 ("PCI: layerscape: Move struct pcie_port setup to probe function")
Signed-off-by: Marc Zyngier <[email protected]>
Signed-off-by: Bjorn Helgaas <[email protected]>
|
|
Change designware-plat maintainer to Jose Abreu.
Signed-off-by: Joao Pinto <[email protected]>
Signed-off-by: Bjorn Helgaas <[email protected]>
|
|
When CONFIG_PCC is disabled, pcc_mbox_request_channel() needs to
return ERR_PTR(-ENODEV), not a NULL pointer, as the callers of
this function use IS_ERR() to check for error code.
Signed-off-by: Duc Dang <[email protected]>
Signed-off-by: Hoan Tran <[email protected]>
Signed-off-by: Rafael J. Wysocki <[email protected]>
|
|
As it turns out, the KASLR code breaks CONFIG_MODVERSIONS, since the
kcrctab has an absolute address field that is relocated at runtime
when the kernel offset is randomized.
This has been fixed already for PowerPC in the past, so simply wire up
the existing code dealing with this issue.
Cc: <[email protected]>
Fixes: f80fb3a3d508 ("arm64: add support for kernel ASLR")
Tested-by: Timur Tabi <[email protected]>
Signed-off-by: Ard Biesheuvel <[email protected]>
Signed-off-by: Will Deacon <[email protected]>
|
|
The GICv3 architecture specification mentions that a 64bit
register can be accessed using two 32bit accesses. What it
doesn't mention is that this is only guaranteed on a system
that implements AArch32, and a pure AArch64 system is allowed
not to support this. This causes issues with the GICR_TYPER
and GITS_TYPER registers, which are both RO 64bit registers.
In order to solve this, this patch switches the TYPER accesses
to the gic_read_typer macro already used in other parts of the
driver. This makes sure that we always use a 64bit access on
64bit systems, and two 32bit accesses on 32bit system.
Signed-off-by: Marc Zyngier <[email protected]>
|
|
Remove the set but unused variable base in alarm_clock_get to fix the
following warning when building with 'W=1':
kernel/time/alarmtimer.c: In function ‘alarm_timer_create’:
kernel/time/alarmtimer.c:545:21: warning: variable ‘base’ set but not used [-Wunused-but-set-variable]
Signed-off-by: Tobias Klauser <[email protected]>
Cc: John Stultz <[email protected]>
Link: http://lkml.kernel.org/r/[email protected]
Signed-off-by: Thomas Gleixner <[email protected]>
|
|
Signed-off-by: Ingo Molnar <[email protected]>
|
|
Add Knights Mill (KNM) to the list of CPUIDs supported by PMU.
Signed-off-by: Piotr Luc <[email protected]>
Reviewed-by: Dave Hansen <[email protected]>
Cc: Andy Lutomirski <[email protected]>
Cc: Borislav Petkov <[email protected]>
Cc: Brian Gerst <[email protected]>
Cc: Denys Vlasenko <[email protected]>
Cc: H. Peter Anvin <[email protected]>
Cc: Josh Poimboeuf <[email protected]>
Cc: Linus Torvalds <[email protected]>
Cc: Peter Zijlstra <[email protected]>
Cc: Thomas Gleixner <[email protected]>
Link: http://lkml.kernel.org/r/[email protected]
Signed-off-by: Ingo Molnar <[email protected]>
|
|
Add Knights Mill (KNM) to the list of CPUIDs supported by rapl.
Signed-off-by: Piotr Luc <[email protected]>
Reviewed-by: Dave Hansen <[email protected]>
Cc: Andy Lutomirski <[email protected]>
Cc: Borislav Petkov <[email protected]>
Cc: Brian Gerst <[email protected]>
Cc: Denys Vlasenko <[email protected]>
Cc: H. Peter Anvin <[email protected]>
Cc: Josh Poimboeuf <[email protected]>
Cc: Linus Torvalds <[email protected]>
Cc: Peter Zijlstra <[email protected]>
Cc: Thomas Gleixner <[email protected]>
Link: http://lkml.kernel.org/r/[email protected]
Signed-off-by: Ingo Molnar <[email protected]>
|
|
Add Knights Mill (KNM) to the list of CPUIDs supported by PMU.
Signed-off-by: Piotr Luc <[email protected]>
Reviewed-by: Dave Hansen <[email protected]>
Cc: Andy Lutomirski <[email protected]>
Cc: Borislav Petkov <[email protected]>
Cc: Brian Gerst <[email protected]>
Cc: Denys Vlasenko <[email protected]>
Cc: H. Peter Anvin <[email protected]>
Cc: Josh Poimboeuf <[email protected]>
Cc: Linus Torvalds <[email protected]>
Cc: Peter Zijlstra <[email protected]>
Cc: Thomas Gleixner <[email protected]>
Link: http://lkml.kernel.org/r/[email protected]
Signed-off-by: Ingo Molnar <[email protected]>
|
|
Add CPUID of Knights Mill (KNM) processor to Intel family list.
Signed-off-by: Piotr Luc <[email protected]>
Reviewed-by: Dave Hansen <[email protected]>
Cc: Andy Lutomirski <[email protected]>
Cc: Borislav Petkov <[email protected]>
Cc: Brian Gerst <[email protected]>
Cc: Denys Vlasenko <[email protected]>
Cc: H. Peter Anvin <[email protected]>
Cc: Josh Poimboeuf <[email protected]>
Cc: Linus Torvalds <[email protected]>
Cc: Peter Zijlstra <[email protected]>
Cc: Thomas Gleixner <[email protected]>
Link: http://lkml.kernel.org/r/[email protected]
Signed-off-by: Ingo Molnar <[email protected]>
|
|
I was a bit over-eager in my cleanup in
commit 95c081c17f284de50eaca60d4d55643a64d39019
Author: Daniel Vetter <[email protected]>
Date: Tue Jun 21 10:54:12 2016 +0200
drm: Move master pointer from drm_minor to drm_device
Noticed by Chris Wilson.
Fixes: 95c081c17f28 ("drm: Move master pointer from drm_minor to drm_device")
Cc: Chris Wilson <[email protected]>
Cc: Chris Wilson <[email protected]>
Cc: Daniel Vetter <[email protected]>
Cc: Emil Velikov <[email protected]>
Cc: Julia Lawall <[email protected]>
Signed-off-by: Daniel Vetter <[email protected]>
Reviewed-by: Alex Deucher <[email protected]>
Tested-by: Chris Wilson <[email protected]>
Reviewed-by: Emil Velikov <[email protected]>
Signed-off-by: Dave Airlie <[email protected]>
|
|
into drm-next
Fixes for radeon and amdgpu for 4.9:
- allow an additional reg in the SI reg checker
- fix thermal sensor readback on CZ/ST
- misc bug fixes
* 'drm-next-4.9' of git://people.freedesktop.org/~agd5f/linux: (21 commits)
drm/amd/powerplay: fix bug stop dpm can't work on Vi.
drm/amd/powerplay: notify smu no display by default.
drm/amdgpu/dpm: implement thermal sensor for CZ/ST
drm/amdgpu/powerplay: implement thermal sensor for CZ/ST
drm/amdgpu: disable smu hw first on tear down
drm/amdgpu: fix amdgpu_need_full_reset (v2)
drm/amdgpu/si_dpm: Limit clocks on HD86xx part
drm/amd/powerplay: fix static checker warnings in smu7_hwmgr.c
drm/amdgpu: potential NULL dereference in debugfs code
drm/amd/powerplay: fix static checker warnings in smu7_hwmgr.c
drm/amd/powerplay: fix static checker warnings in iceland_smc.c
drm/radeon: change vblank_time's calculation method to reduce computational error.
drm/amdgpu: change vblank_time's calculation method to reduce computational error.
drm/amdgpu: clarify UVD/VCE special handling for CG
drm/amd/amdgpu: enable clockgating only after late init
drm/radeon: allow TA_CS_BC_BASE_ADDR on SI
drm/amdgpu: initialize the context reset_counter in amdgpu_ctx_init
drm/amdgpu/gfx8: fix CGCG_CGLS handling
drm/radeon: fix modeset tear down code
drm/radeon: fix up dp aux tear down (v2)
...
|
|
|
|
Smatch complains that we don't check "event->ctx" consistently. It's
never NULL so we can just remove the check.
Signed-off-by: Dan Carpenter <[email protected]>
Cc: Alexander Shishkin <[email protected]>
Cc: Arnaldo Carvalho de Melo <[email protected]>
Cc: David Carrillo-Cisneros <[email protected]>
Cc: Jiri Olsa <[email protected]>
Cc: Kan Liang <[email protected]>
Cc: Linus Torvalds <[email protected]>
Cc: Peter Zijlstra <[email protected]>
Cc: Stephane Eranian <[email protected]>
Cc: Thomas Gleixner <[email protected]>
Cc: Vince Weaver <[email protected]>
Cc: [email protected]
Cc: [email protected]
Signed-off-by: Ingo Molnar <[email protected]>
|
|
Signed-off-by: Ingo Molnar <[email protected]>
|
|
Commit:
917db484dc6a ("x86/boot: Fix kdump, cleanup aborted E820_PRAM max_pfn manipulation")
... fixed up the broken manipulations of max_pfn in the presence of
E820_PRAM ranges.
However, it also broke the sanitize_e820_map() support for not merging
E820_PRAM ranges.
Re-introduce the enabling to keep resource boundaries between
consecutive defined ranges. Otherwise, for example, an environment that
boots with memmap=2G!8G,2G!10G will end up with a single 4G /dev/pmem0
device instead of a /dev/pmem0 and /dev/pmem1 device 2G in size.
Reported-by: Dave Chinner <[email protected]>
Signed-off-by: Dan Williams <[email protected]>
Cc: <[email protected]>
Cc: Andy Lutomirski <[email protected]>
Cc: Borislav Petkov <[email protected]>
Cc: Brian Gerst <[email protected]>
Cc: Denys Vlasenko <[email protected]>
Cc: H. Peter Anvin <[email protected]>
Cc: Jeff Moyer <[email protected]>
Cc: Josh Poimboeuf <[email protected]>
Cc: Linus Torvalds <[email protected]>
Cc: Peter Zijlstra <[email protected]>
Cc: Thomas Gleixner <[email protected]>
Cc: Zhang Yi <[email protected]>
Cc: [email protected]
Fixes: 917db484dc6a ("x86/boot: Fix kdump, cleanup aborted E820_PRAM max_pfn manipulation")
Link: http://lkml.kernel.org/r/147629530854.10618.10383744751594021268.stgit@dwillia2-desk3.amr.corp.intel.com
Signed-off-by: Ingo Molnar <[email protected]>
|
|
Use distinctive name for cpu_hotplug.dep_map to avoid the actual
cpu_hotplug.lock appearing as cpu_hotplug.lock#2 in lockdep splats.
Signed-off-by: Joonas Lahtinen <[email protected]>
Reviewed-by: Chris Wilson <[email protected]>
Acked-by: Gautham R. Shenoy <[email protected]>
Cc: Andrew Morton <[email protected]>
Cc: Daniel Vetter <[email protected]>
Cc: Gautham R . Shenoy <[email protected]>
Cc: Linus Torvalds <[email protected]>
Cc: Peter Zijlstra <[email protected]>
Cc: Thomas Gleixner <[email protected]>
Cc: [email protected]
Cc: [email protected]
Signed-off-by: Ingo Molnar <[email protected]>
|
|
I observed false KSAN positives in the sctp code, when
sctp uses jprobe_return() in jsctp_sf_eat_sack().
The stray 0xf4 in shadow memory are stack redzones:
[ ] ==================================================================
[ ] BUG: KASAN: stack-out-of-bounds in memcmp+0xe9/0x150 at addr ffff88005e48f480
[ ] Read of size 1 by task syz-executor/18535
[ ] page:ffffea00017923c0 count:0 mapcount:0 mapping: (null) index:0x0
[ ] flags: 0x1fffc0000000000()
[ ] page dumped because: kasan: bad access detected
[ ] CPU: 1 PID: 18535 Comm: syz-executor Not tainted 4.8.0+ #28
[ ] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[ ] ffff88005e48f2d0 ffffffff82d2b849 ffffffff0bc91e90 fffffbfff10971e8
[ ] ffffed000bc91e90 ffffed000bc91e90 0000000000000001 0000000000000000
[ ] ffff88005e48f480 ffff88005e48f350 ffffffff817d3169 ffff88005e48f370
[ ] Call Trace:
[ ] [<ffffffff82d2b849>] dump_stack+0x12e/0x185
[ ] [<ffffffff817d3169>] kasan_report+0x489/0x4b0
[ ] [<ffffffff817d31a9>] __asan_report_load1_noabort+0x19/0x20
[ ] [<ffffffff82d49529>] memcmp+0xe9/0x150
[ ] [<ffffffff82df7486>] depot_save_stack+0x176/0x5c0
[ ] [<ffffffff817d2031>] save_stack+0xb1/0xd0
[ ] [<ffffffff817d27f2>] kasan_slab_free+0x72/0xc0
[ ] [<ffffffff817d05b8>] kfree+0xc8/0x2a0
[ ] [<ffffffff85b03f19>] skb_free_head+0x79/0xb0
[ ] [<ffffffff85b0900a>] skb_release_data+0x37a/0x420
[ ] [<ffffffff85b090ff>] skb_release_all+0x4f/0x60
[ ] [<ffffffff85b11348>] consume_skb+0x138/0x370
[ ] [<ffffffff8676ad7b>] sctp_chunk_put+0xcb/0x180
[ ] [<ffffffff8676ae88>] sctp_chunk_free+0x58/0x70
[ ] [<ffffffff8677fa5f>] sctp_inq_pop+0x68f/0xef0
[ ] [<ffffffff8675ee36>] sctp_assoc_bh_rcv+0xd6/0x4b0
[ ] [<ffffffff8677f2c1>] sctp_inq_push+0x131/0x190
[ ] [<ffffffff867bad69>] sctp_backlog_rcv+0xe9/0xa20
[ ... ]
[ ] Memory state around the buggy address:
[ ] ffff88005e48f380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ ] ffff88005e48f400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ ] >ffff88005e48f480: f4 f4 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ ] ^
[ ] ffff88005e48f500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ ] ffff88005e48f580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ ] ==================================================================
KASAN stack instrumentation poisons stack redzones on function entry
and unpoisons them on function exit. If a function exits abnormally
(e.g. with a longjmp like jprobe_return()), stack redzones are left
poisoned. Later this leads to random KASAN false reports.
Unpoison stack redzones in the frames we are going to jump over
before doing actual longjmp in jprobe_return().
Signed-off-by: Dmitry Vyukov <[email protected]>
Acked-by: Masami Hiramatsu <[email protected]>
Reviewed-by: Mark Rutland <[email protected]>
Cc: Mark Rutland <[email protected]>
Cc: Catalin Marinas <[email protected]>
Cc: Andrey Ryabinin <[email protected]>
Cc: Lorenzo Pieralisi <[email protected]>
Cc: Alexander Potapenko <[email protected]>
Cc: Will Deacon <[email protected]>
Cc: Andrew Morton <[email protected]>
Cc: Ananth N Mavinakayanahalli <[email protected]>
Cc: Anil S Keshavamurthy <[email protected]>
Cc: "David S. Miller" <[email protected]>
Cc: Masami Hiramatsu <[email protected]>
Cc: [email protected]
Cc: [email protected]
Cc: [email protected]
Link: http://lkml.kernel.org/r/[email protected]
Signed-off-by: Ingo Molnar <[email protected]>
|
|
Kprobes save and restore raw stack chunks with memcpy().
With KASAN these chunks can contain poisoned stack redzones,
as the result memcpy() interceptor produces false
stack out-of-bounds reports.
Use __memcpy() instead of memcpy() for stack copying.
__memcpy() is not instrumented by KASAN and does not lead
to the false reports.
Currently there is a spew of KASAN reports during boot
if CONFIG_KPROBES_SANITY_TEST is enabled:
[ ] Kprobe smoke test: started
[ ] ==================================================================
[ ] BUG: KASAN: stack-out-of-bounds in setjmp_pre_handler+0x17c/0x280 at addr ffff88085259fba8
[ ] Read of size 64 by task swapper/0/1
[ ] page:ffffea00214967c0 count:0 mapcount:0 mapping: (null) index:0x0
[ ] flags: 0x2fffff80000000()
[ ] page dumped because: kasan: bad access detected
[...]
Reported-by: CAI Qian <[email protected]>
Tested-by: CAI Qian <[email protected]>
Signed-off-by: Dmitry Vyukov <[email protected]>
Acked-by: Masami Hiramatsu <[email protected]>
Cc: Alexander Potapenko <[email protected]>
Cc: Alexander Shishkin <[email protected]>
Cc: Ananth N Mavinakayanahalli <[email protected]>
Cc: Andrew Morton <[email protected]>
Cc: Andrey Ryabinin <[email protected]>
Cc: Andy Lutomirski <[email protected]>
Cc: Anil S Keshavamurthy <[email protected]>
Cc: Arnaldo Carvalho de Melo <[email protected]>
Cc: Borislav Petkov <[email protected]>
Cc: Brian Gerst <[email protected]>
Cc: David S. Miller <[email protected]>
Cc: Denys Vlasenko <[email protected]>
Cc: H. Peter Anvin <[email protected]>
Cc: Jiri Olsa <[email protected]>
Cc: Josh Poimboeuf <[email protected]>
Cc: Linus Torvalds <[email protected]>
Cc: Peter Zijlstra <[email protected]>
Cc: Thomas Gleixner <[email protected]>
Cc: [email protected]
[ Improved various details. ]
Signed-off-by: Ingo Molnar <[email protected]>
|
|
Recently objtool has started reporting a few "unreachable instruction"
warnings when CONFIG_GCOV is enabled for newer versions of GCC. Usually
this warning means there's some new control flow that objtool doesn't
understand. But in this case, objtool is correct and the instructions
really are inaccessible. It's an annoying quirk of gcov, but it's
harmless, so it's ok to just silence the warnings.
With older versions of GCC, it was relatively easy to detect
gcov-specific instructions and to skip any unreachable warnings produced
by them. But GCC 6 has gotten craftier.
Instead of continuing to play whack-a-mole with gcov, just use a bigger,
more permanent hammer and disable unreachable warnings for the whole
file when gcov is enabled. This is fine to do because a) unreachable
warnings are usually of questionable value; and b) gcov isn't used for
production kernels and we can relax the checks a bit there.
Reported-by: kbuild test robot <[email protected]>
Signed-off-by: Josh Poimboeuf <[email protected]>
Cc: Andy Lutomirski <[email protected]>
Cc: Arnd Bergmann <[email protected]>
Cc: Borislav Petkov <[email protected]>
Cc: Brian Gerst <[email protected]>
Cc: Denys Vlasenko <[email protected]>
Cc: H. Peter Anvin <[email protected]>
Cc: Linus Torvalds <[email protected]>
Cc: Peter Zijlstra <[email protected]>
Cc: Thomas Gleixner <[email protected]>
Link: http://lkml.kernel.org/r/38d5c87d61d9cd46486dd2c86f46603dff0df86f.1476393584.git.jpoimboe@redhat.com
Signed-off-by: Ingo Molnar <[email protected]>
|
|
GCC 6 added a new switch statement jump table optimization which makes
objtool's life harder. It looks like:
mov [rodata addr],%reg1
... some instructions ...
jmpq *(%reg1,%reg2,8)
The optimization is quite rare, but objtool still needs to be able to
identify the pattern so that it can follow all possible control flow
paths related to the switch statement.
In order to detect the pattern, objtool starts from the indirect jump
and scans backwards through the function until it finds the first
instruction in the pattern. If it encounters an unconditional jump
along the way, it stops and considers the pattern to be not found.
As it turns out, unconditional jumps can happen, as long as they are
small forward jumps within the range being scanned.
This fixes the following warnings:
drivers/infiniband/sw/rxe/rxe_comp.o: warning: objtool: rxe_completer()+0x2f4: sibling call from callable instruction with changed frame pointer
drivers/infiniband/sw/rxe/rxe_resp.o: warning: objtool: rxe_responder()+0x10f: sibling call from callable instruction with changed frame pointer
Reported-by: Arnd Bergmann <[email protected]>
Signed-off-by: Josh Poimboeuf <[email protected]>
Cc: Andy Lutomirski <[email protected]>
Cc: Borislav Petkov <[email protected]>
Cc: Brian Gerst <[email protected]>
Cc: Denys Vlasenko <[email protected]>
Cc: H. Peter Anvin <[email protected]>
Cc: Linus Torvalds <[email protected]>
Cc: Peter Zijlstra <[email protected]>
Cc: Thomas Gleixner <[email protected]>
Link: http://lkml.kernel.org/r/8a9ed68ae1780e8d3963e4ee13f2f257fe3a3c33.1476393584.git.jpoimboe@redhat.com
Signed-off-by: Ingo Molnar <[email protected]>
|
|
In case __ceph_do_getattr returns an error and the retry_op in
ceph_read_iter is not READ_INLINE, then it's possible to invoke
__free_page on a page which is NULL, this naturally leads to a crash.
This can happen when, for example, a process waiting on a MDS reply
receives sigterm.
Fix this by explicitly checking whether the page is set or not.
Cc: [email protected] # 3.19+
Signed-off-by: Nikolay Borisov <[email protected]>
Reviewed-by: Yan, Zheng <[email protected]>
Signed-off-by: Ilya Dryomov <[email protected]>
|
|
If the header object gets deleted (perhaps along with the entire pool),
there is no point in attempting to reregister the watch. Treat this
the same as blacklisting: fail all pending and new I/Os requiring the
lock.
Signed-off-by: Ilya Dryomov <[email protected]>
|