| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
sizeof type."
This reverts commit b5e12ec38331 ("Staging: rtl8188eu: rtw_efuse: Use
sizeof type *pointer instead of sizeof type.").
This commit is wrong, the rtw_malloc2d helper function takes the size of
the array elements as its 3th argument, whereas sizeof(*eFuseWord)
gives the size of a pointer instead of the size of a u16.
Since sizeof(void *) > sizeof(u16) this has no adverse effects, but it
is still wrong.
Cc: Sandhya Bankar <[email protected]>
Signed-off-by: Hans de Goede <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
This reverts commit 99aded71b52c ("Staging: drivers: rtl8188eu: use
sizeof(*ptr) instead of sizeof(struct)").
This commit is wrong, as adapt->HalData has a type of "void *", so
now we are allocating a much to small struct, which causes the driver
to overwrite random memory which leads to a non working driver and
various system crashes.
Cc: Jacky Boen <[email protected]>
Signed-off-by: Hans de Goede <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
There is no limit on high "idx" can go. It should be less than
ARRAY_SIZE(data.states) which is 16.
The "data" variable wasn't declared in that scope so I shifted the code
around a bit to make it work. Also I made "idx" unsigned.
Fixes: f3898ea12fc1 ('drm/amd/powerplay: add some sysfs interfaces for powerplay.')
Acked-by: Christian König <[email protected]>
Signed-off-by: Dan Carpenter <[email protected]>
Signed-off-by: Alex Deucher <[email protected]>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux
Pull arm64 fixes from Will Deacon:
"The main things are getting kgdb up and running with upstream GDB
after a protocol change was reverted and fixing our spin_unlock_wait
and spin_is_locked implementations after doing some similar work with
PeterZ on the qspinlock code last week. Whilst we haven't seen any
failures in practice, it's still worth getting this fixed.
Summary:
- Plug the ongoing spin_unlock_wait/spin_is_locked mess
- KGDB protocol fix to sync w/ GDB
- Fix MIDR-based PMU probing for old 32-bit SMP systems
(OMAP4/Realview)
- Minor tweaks to the fault handling path"
* tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux:
arm64: kgdb: Match pstate size with gdbserver protocol
arm64: spinlock: Ensure forward-progress in spin_unlock_wait
arm64: spinlock: fix spin_unlock_wait for LSE atomics
arm64: spinlock: order spin_{is_locked,unlock_wait} against local locks
arm: pmu: Fix non-devicetree probing
arm64: mm: mark fault_info table const
arm64: fix dump_instr when PAN and UAO are in use
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu
Pull IOMMU fixes from Joerg Roedel:
"Three patches queued up:
- Fix for ARM-SMMU to add a missing iommu-ops callback which is
required by common iommu code
- Fix for the rockchip iommu where the wrong MMUs got the commands
- A regression fix for the Intel VT-d driver. The regression only
showed up on X58 chipsets with more than one iommu. These chipsets
seem to require that QI is enabled on all IOMMUs before it can be
used"
* tag 'iommu-fixes-v4.7-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu:
iommu/vt-d: Enable QI on all IOMMUs before setting root entry
iommu/rockchip: Fix zap cache during device attach
iommu/arm-smmu: Wire up map_sg for arm-smmu-v3
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/j.anaszewski/linux-leds
Pull LED fixes from Jacek Anaszewski:
- Fix brightness setting upon hardware blinking enabled
- Handle suspend/resume in heartbeat trigger
* tag 'for-4.7-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/j.anaszewski/linux-leds:
leds: handle suspend/resume in heartbeat trigger
leds: core: Fix brightness setting upon hardware blinking enabled
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux into for-linus-4.7
|
|
Older btrfs-progs/mkfs.btrfs sets 4096 as the stripesize. Hence
restricting stripesize to be equal to sectorsize would cause super block
validation to return an error on architectures where PAGE_SIZE is not
equal to 4096.
Hence as a workaround, this commit allows stripesize to be set to 4096
bytes.
Signed-off-by: Chandan Rajendra <[email protected]>
Signed-off-by: David Sterba <[email protected]>
|
|
Introduced in 2c1984f244838477aab ("btrfs: build fixup for
qgroup_account_snapshot") as temporary bisectability build fixup.
Signed-off-by: David Sterba <[email protected]>
|
|
We've renamed btrfs_std_error, this one is left from last merge.
Signed-off-by: David Sterba <[email protected]>
|
|
This fixes a problem introduced in commit 2f3165ecf103599f82bf0ea254039db335fb5005
"btrfs: don't force mounts to wait for cleaner_kthread to delete one or more subvolumes".
open_ctree eventually calls btrfs_replay_log which in turn calls
btrfs_commit_super which tries to lock the cleaner_mutex, causing a
recursive mutex deadlock during mount.
Instead of playing whack-a-mole trying to keep up with all the
functions that may want to lock cleaner_mutex, put all the cleaner_mutex
lockers back where they were, and attack the problem more directly:
keep cleaner_kthread asleep until the filesystem is mounted.
When filesystems are mounted read-only and later remounted read-write,
open_ctree did not set fs_info->open and neither does anything else.
Set this flag in btrfs_remount so that neither btrfs_delete_unused_bgs
nor cleaner_kthread get confused by the common case of "/" filesystem
read-only mount followed by read-write remount.
Signed-off-by: Zygo Blaxell <[email protected]>
Reviewed-by: David Sterba <[email protected]>
Signed-off-by: David Sterba <[email protected]>
|
|
This is just a screwup for developers, so change it to an ASSERT() so developers
notice when things go wrong and deal with the error appropriately if ASSERT()
isn't enabled. Thanks,
Signed-off-by: Josef Bacik <[email protected]>
Reviewed-by: Mark Fasheh <[email protected]>
Signed-off-by: David Sterba <[email protected]>
|
|
The test for !trans->blocks_used in btrfs_abort_transaction is
insufficient to determine whether it's safe to drop the transaction
handle on the floor. btrfs_cow_block, informed by should_cow_block,
can return blocks that have already been CoW'd in the current
transaction. trans->blocks_used is only incremented for new block
allocations. If an operation overlaps the blocks in the current
transaction entirely and must abort the transaction, we'll happily
let it clean up the trans handle even though it may have modified
the blocks and will commit an incomplete operation.
In the long-term, I'd like to do closer tracking of when the fs
is actually modified so we can still recover as gracefully as possible,
but that approach will need some discussion. In the short term,
since this is the only code using trans->blocks_used, let's just
switch it to a bool indicating whether any blocks were used and set
it when should_cow_block returns false.
Cc: [email protected] # 3.4+
Signed-off-by: Jeff Mahoney <[email protected]>
Reviewed-by: Filipe Manana <[email protected]>
Signed-off-by: David Sterba <[email protected]>
|
|
Thanks to fuzz testing, we can pass an invalid bytenr to extent buffer
via alloc_extent_buffer(). An unaligned eb can have more pages than it
should have, which ends up extent buffer's leak or some corrupted content
in extent buffer.
This adds a warning to let us quickly know what was happening.
Now that alloc_extent_buffer() no more returns NULL, this changes its
caller and callers of its caller to match with the new error
handling.
Signed-off-by: Liu Bo <[email protected]>
Reviewed-by: David Sterba <[email protected]>
Signed-off-by: David Sterba <[email protected]>
|
|
Component mirror_num of struct btrfsic_block is defined
as unsigned int. Use %u as format specifier.
Signed-off-by: Heinrich Schuchardt <[email protected]>
Reviewed-by: David Sterba <[email protected]>
Signed-off-by: David Sterba <[email protected]>
|
|
Fix the signed issue in mv_write_cached_reg() where the laddr
is assigned from a (long)addr instead of (unsigned long)addr.
Fixes the following warnings:
drivers/ata/sata_mv.c:989:26: warning: cast removes address space of expression
drivers/ata/sata_mv.c:989:26: warning: cast removes address space of expression
drivers/ata/sata_mv.c:989:26: warning: cast removes address space of expression
drivers/ata/sata_mv.c:989:26: warning: cast removes address space of expression
Signed-off-by: Ben Dooks <[email protected]>
Signed-off-by: Tejun Heo <[email protected]>
|
|
Most functions that take a GPIO descriptor in need to check the
descriptor for IS_ERR(). We do this mostly in the VALIDATE_DESC()
macro except for the gpiod_to_irq() function which needs special
handling.
Cc: [email protected]
Reported-by: Grygorii Strashko <[email protected]>
Reviewed-by: Grygorii Strashko <[email protected]>
Acked-by: Alexandre Courbot <[email protected]>
Signed-off-by: Linus Walleij <[email protected]>
|
|
commit 54d77198fdfbc4f0fe11b4252c1d9c97d51a3264
("gpio: bail out silently on NULL descriptors")
doesn't work for gpiod_to_irq(): drivers assume that NULL
descriptors will give negative IRQ numbers in return.
It has been pointed out that returning 0 is NO_IRQ and that
drivers should be amended to treat this as an error, but that
is for the longer term: now let us repair the semantics.
Cc: Maxime Ripard <[email protected]>
Reported-by: Hans de Goede <[email protected]>
Tested-by: Hans de Goede <[email protected]>
Signed-off-by: Linus Walleij <[email protected]>
|
|
We intended to test "usb2->phy" here instead of "dev".
Fixes: d3feb4067335 ('phy: bcm-ns-usb2: new driver for USB 2.0 PHY on Northstar')
Signed-off-by: Dan Carpenter <[email protected]>
Signed-off-by: Kishon Vijay Abraham I <[email protected]>
|
|
Fix the missing __iomem attribute in sun4i_usb_phy_write()
function. This fixes the following sparse warnings:
drivers/phy/phy-sun4i-usb.c:178:39: warning: incorrect type in initializer (different address spaces)
drivers/phy/phy-sun4i-usb.c:178:39: expected void *phyctl
drivers/phy/phy-sun4i-usb.c:178:39: got void [noderef] <asn:2>*
drivers/phy/phy-sun4i-usb.c:185:17: warning: incorrect type in argument 2 (different address spaces)
drivers/phy/phy-sun4i-usb.c:185:17: expected void volatile [noderef] <asn:2>*addr
drivers/phy/phy-sun4i-usb.c:185:17: got void *phyctl
drivers/phy/phy-sun4i-usb.c:189:24: warning: incorrect type in argument 1 (different address spaces)
drivers/phy/phy-sun4i-usb.c:189:24: expected void const volatile [noderef] <asn:2>*addr
drivers/phy/phy-sun4i-usb.c:189:24: got void *phyctl
drivers/phy/phy-sun4i-usb.c:196:17: warning: incorrect type in argument 2 (different address spaces)
drivers/phy/phy-sun4i-usb.c:196:17: expected void volatile [noderef] <asn:2>*addr
drivers/phy/phy-sun4i-usb.c:196:17: got void *phyctl
drivers/phy/phy-sun4i-usb.c:199:24: warning: incorrect type in argument 1 (different address spaces)
drivers/phy/phy-sun4i-usb.c:199:24: expected void const volatile [noderef] <asn:2>*addr
drivers/phy/phy-sun4i-usb.c:199:24: got void *phyctl
drivers/phy/phy-sun4i-usb.c:205:17: warning: incorrect type in argument 2 (different address spaces)
drivers/phy/phy-sun4i-usb.c:205:17: expected void volatile [noderef] <asn:2>*addr
drivers/phy/phy-sun4i-usb.c:205:17: got void *phyctl
drivers/phy/phy-sun4i-usb.c:208:24: warning: incorrect type in argument 1 (different address spaces)
drivers/phy/phy-sun4i-usb.c:208:24: expected void const volatile [noderef] <asn:2>*addr
drivers/phy/phy-sun4i-usb.c:208:24: got void *phyctl
drivers/phy/phy-sun4i-usb.c:210:17: warning: incorrect type in argument 2 (different address spaces)
drivers/phy/phy-sun4i-usb.c:210:17: expected void volatile [noderef] <asn:2>*addr
drivers/phy/phy-sun4i-usb.c:210:17: got void *phyctl
drivers/phy/phy-sun4i-usb.c:212:24: warning: incorrect type in argument 1 (different address spaces)
drivers/phy/phy-sun4i-usb.c:212:24: expected void const volatile [noderef] <asn:2>*addr
drivers/phy/phy-sun4i-usb.c:212:24: got void *phyctl
drivers/phy/phy-sun4i-usb.c:214:17: warning: incorrect type in argument 2 (different address spaces)
drivers/phy/phy-sun4i-usb.c:214:17: expected void volatile [noderef] <asn:2>*addr
drivers/phy/phy-sun4i-usb.c:214:17: got void *phyctl
Signed-off-by: Ben Dooks <[email protected]>
Acked-by: Hans de Goede <[email protected]>
Signed-off-by: Kishon Vijay Abraham I <[email protected]>
|
|
The interrupt 0 is not a valid interrupt number. In the event where the
retrieval of the vbus-det gpio would return null, the gpiod_to_irq
callback would return 0, while the current code makes the assumption
that it is a valid interrupt, and would go on calling request_irq.
Obviously, this would fail, preventing the driver from probing properly,
while the vbus and id gpios are optional.
Signed-off-by: Quentin Schulz <[email protected]>
Signed-off-by: Kishon Vijay Abraham I <[email protected]>
|
|
In case of error, the function devm_kzalloc() returns NULL pointer
not ERR_PTR(). The IS_ERR() test in the return value check should
be replaced with NULL test.
Signed-off-by: Wei Yongjun <[email protected]>
Reviewed-by: Heiko Stuebner <[email protected]>
Signed-off-by: Kishon Vijay Abraham I <[email protected]>
|
|
This patch fixes an issue that the driver is possible to cause
unexpected repeat interrupts if a board condition is wrong
(e.g. even if the ID pin is as function, a board supplies the VBUS.)
The reason why unexpected repeat interrupts happen is:
1) The driver changed the mode to function if it detected the ID pin
is high and the VBUS is high.
2) After the driver changed function mode, it disabled the "VBUS control"
feature. Then, the VBUS signal will be low.
3) Since the VBUS change interruption happened, the driver checked
the ID pin and VBUS.
4) Since VBUS was low, the driver changed the mode to host and enabled
the "VBUS control" feature. Then the VBUS signal will be high.
5) Since the VBUS change interruption happened, the driver did 1) above.
So, this patch modified the condition in rcar_gen3_device_recognition()
to check the ID pin only.
Fixes: 1114e2d (phy: rcar-gen3-usb2: change the mode to OTG on the combined channel)
Cc: <[email protected]> # v4.5+
Reported-by: Simon Horman <[email protected]>
Signed-off-by: Yoshihiro Shimoda <[email protected]>
Signed-off-by: Kishon Vijay Abraham I <[email protected]>
|
|
Call path:
1) snd_hdac_power_up_pm()
2) snd_hdac_power_up()
3) pm_runtime_get_sync()
4) __pm_runtime_resume()
5) rpm_resume()
The rpm_resume() returns 1 when the device is already active.
Because the return value is unmodified, the hdac regmap read/write
functions should allow this value for the retry I/O operation, too.
Signed-off-by: Jaroslav Kysela <[email protected]>
Cc: <[email protected]>
Signed-off-by: Takashi Iwai <[email protected]>
|
|
./usr/include/linux/netfilter/xt_SYNPROXY.h:11: found __[us]{8,16,32,64} type without #include <linux/types.h>
Reported-by: kbuild test robot <[email protected]>
Signed-off-by: Pablo Neira Ayuso <[email protected]>
|
|
Matt Whitlock says:
Without this line, the file xt_SYNPROXY.h does not get installed in
/usr/include/linux/netfilter/, and thus user-space programs cannot make
use of it.
Reported-by: Matt Whitlock <[email protected]>
Signed-off-by: Pablo Neira Ayuso <[email protected]>
|
|
Commit 79901317ce80 ("n_tty: Don't flush buffer when closing ldisc"),
introduced in v3.10, revealed a bug in the cx20442 codec driver
which has never been setting tty->receive_room on line discipline
open as it should from the beginning. Fix it.
Created and tested on Amstrad Delta against Linux-4.7-rc3
Signed-off-by: Janusz Krzysztofik <[email protected]>
Signed-off-by: Mark Brown <[email protected]>
|
|
During system resume:
kernel BUG at drivers/base/regmap/regcache.c:347!
...
PC is at regcache_sync+0x1c/0x128
LR is at ak4613_resume+0x28/0x34
The ak4613 driver is using a regmap cache sync to restore the
configuration of the chip on resume but does not actually define a
register cache which means that the resume is never going to work and we
trigger asserts in regmap. Fix this by enabling caching.
Based on commit d3030d11961a8c10 ("ASoC: ak4642: Enable cache usage to
fix crashes on resume") by Mark Brown <[email protected]>.
Signed-off-by: Geert Uytterhoeven <[email protected]>
Signed-off-by: Mark Brown <[email protected]>
|
|
The wm8940 driver is using a regmap cache sync to restore the
configuration of the chip when switching from OFF to STANDBY, but does
not actually define a register cache which means that the restore is
never going to work and we trigger asserts in regmap. Fix this by
enabling caching.
Based on commit d3030d11961a8c10 ("ASoC: ak4642: Enable cache usage to
fix crashes on resume") by Mark Brown <[email protected]>.
Signed-off-by: Geert Uytterhoeven <[email protected]>
Acked-by: Charles Keepax <[email protected]>
Signed-off-by: Mark Brown <[email protected]>
|
|
Bypass support was added in commit d38018f2019c ("regulator: anatop: Add
bypass support to digital LDOs"). A check for valid voltage selectors was
added in commit da0607c8df5c ("regulator: anatop: Fail on invalid voltage
selector") but it also discards all regulators that are in bypass mode. Add
check for the bypass setting. Errors below were seen on a Variscite mx6
board.
anatop_regulator 20c8000.anatop:regulator-vddcore@140: Failed to read a valid default voltage selector.
anatop_regulator: probe of 20c8000.anatop:regulator-vddcore@140 failed with error -22
anatop_regulator 20c8000.anatop:regulator-vddsoc@140: Failed to read a valid default voltage selector.
anatop_regulator: probe of 20c8000.anatop:regulator-vddsoc@140 failed with error -22
Fixes: da0607c8df5c ("regulator: anatop: Fail on invalid voltage selector")
Signed-off-by: Mika Båtsman <[email protected]>
Signed-off-by: Mark Brown <[email protected]>
|
|
Based on the latest timing specifications for the TPS65218 from the data
sheet, http://www.ti.com/lit/ds/symlink/tps65218.pdf, document SLDS206
from November 2014, we must change the i2c bus speed to better fit within
the minimum high SCL time required for proper i2c transfer.
When running at 400khz, measurements show that SCL spends
0.8125 uS/1.666 uS high/low which violates the requirement for minimum
high period of SCL provided in datasheet Table 7.6 which is 1 uS.
Switching to 100khz gives us 5 uS/5 uS high/low which both fall above
the minimum given values for 100 khz, 4.0 uS/4.7 uS high/low.
Without this patch occasionally a voltage set operation from the kernel
will appear to have worked but the actual voltage reflected on the PMIC
will not have updated, causing problems especially with cpufreq that may
update to a higher OPP without actually raising the voltage on DCDC2,
leading to a hang.
Signed-off-by: Dave Gerlach <[email protected]>
Signed-off-by: Nishanth Menon <[email protected]>
Signed-off-by: Franklin S Cooper Jr <[email protected]>
Signed-off-by: Aparna Balasubramanian <[email protected]>
Signed-off-by: Keerthy <[email protected]>
Signed-off-by: Tony Lindgren <[email protected]>
|
|
The PE primary bus cannot be got from its child devices when having
full hotplug in error recovery. The PE primary bus is cached, which
is done in commit <05ba75f84864> ("powerpc/eeh: Fix stale cached primary
bus"). In eeh_reset_device(), the flag (EEH_PE_PRI_BUS) is cleared
before the PCI hot remove. eeh_pe_bus_get() then returns NULL as the
PE primary bus in pnv_eeh_reset() and it crashes the kernel eventually.
This fixes the issue by clearing the flag (EEH_PE_PRI_BUS) before the
PCI hot add. With it, the PowerNV EEH reset backend (pnv_eeh_reset())
can get valid PE primary bus through eeh_pe_bus_get().
Fixes: 67086e32b564 ("powerpc/eeh: powerpc/eeh: Support error recovery for VF PE")
Reported-by: Pridhiviraj Paidipeddi <[email protected]>
Signed-off-by: Gavin Shan <[email protected]>
Signed-off-by: Michael Ellerman <[email protected]>
|
|
ISA 3.0 updated it to be encoded as Radix tree size = 2^(RTS + 31). We
have it encoded as 2^(RTS + 28). Add a helper with the correct encoding
and use it instead of opencoding.
Fixes: 2bfd65e45e87 ("powerpc/mm/radix: Add radix callbacks for early init routines")
Reviewed-by: Balbir Singh <[email protected]>
Signed-off-by: Aneesh Kumar K.V <[email protected]>
Signed-off-by: Michael Ellerman <[email protected]>
|
|
H_ENTER hcall handling in qemu had assumptions that a cache inhibited
hpte entry won't have memory conference set. Also older kernel
mentioned that some version of pHyp required this (the code removed
by the below commit says:
/* Make pHyp happy */
if ((rflags & _PAGE_NO_CACHE) && !(rflags & _PAGE_WRITETHRU))
hpte_r &= ~HPTE_R_M;
But with older kernel we had some inconsistent memory conherence
mapping. We always enabled memory conherence in the page fault path and
removed memory conherence is _PAGE_NO_CACHE was set when we mapped the
page via htab_bolt_mapping. The commit mentioned below tried to
consolidate that by always enabling memory conherence. But as mentioned
above that breaks Qemu H_ENTER handling.
This patch update this such that we enable memory conherence only if
cache inhibited is not set and bring fault handling, lpar and bolt
mapping in sync.
Fixes: commit 30bda41aba4e("powerpc/mm: Drop WIMG in favour of new constant")
Reported-by: Darrick J. Wong <[email protected]>
Signed-off-by: Aneesh Kumar K.V <[email protected]>
Signed-off-by: Michael Ellerman <[email protected]>
|
|
A few platforms are currently missing clocksource_probe() completely
in their time_init functionality. On OMAP3430 for example, this is
causing cpuidle to be pretty much dead, as the counter32k is not
going to be registered and instead a gptimer is used as a clocksource.
This will tick in periodic mode, preventing any deeper idle states.
While here, also drop one unnecessary check for populated DT before
existing clocksource_probe() call.
Signed-off-by: Tero Kristo <[email protected]>
Signed-off-by: Tony Lindgren <[email protected]>
|
|
After OMAP1 IRQ definitions have been changed by commit 685e2d08c54b
("ARM: OMAP1: Change interrupt numbering for sparse IRQ") introduced
in v4.2, ams-delta FIQ handler which depends on them no longer works
as expected. Fix it.
Created and tested on Amstrad Delta against Linux-4.7-rc3
Signed-off-by: Janusz Krzysztofik <[email protected]>
Signed-off-by: Tony Lindgren <[email protected]>
|
|
This seems to be required on some X58 chipsets on systems
with more than one IOMMU. QI does not work until it is
enabled on all IOMMUs in the system.
Reported-by: Dheeraj CVR <[email protected]>
Tested-by: Dheeraj CVR <[email protected]>
Fixes: 5f0a7f7614a9 ('iommu/vt-d: Make root entry visible for hardware right after allocation')
Cc: [email protected]
Signed-off-by: Joerg Roedel <[email protected]>
|
|
We were using an incorrect define to get the irq vector number.
NFP_NET_CFG_LSC is a control BAR offset, LSC interrupt vector
index is called NFP_NET_IRQ_LSC_IDX. For machines with less
than 30 CPUs this meant that we were disabling/enabling IRQ 0.
For bigger hosts we were just playing with the 31st RX/TX
interrupt.
Fixes: 0ba40af963f0 ("nfp: move link state interrupt request/free calls")
Signed-off-by: Jakub Kicinski <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/thierry.reding/linux-pwm
Pull pwm fixes from Thierry Reding:
"These changes fix a bit of fallout from the introduction of the atomic
API"
* tag 'pwm/for-4.7-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/thierry.reding/linux-pwm:
pwm: atmel-hlcdc: Fix default PWM polarity
pwm: sysfs: Get return value from pwm_apply_state()
pwm: Improve args checking in pwm_apply_state()
|
|
Pull KVM fixes from Paolo Bonzini:
- miscellaneous fixes for MIPS and s390
- one new kvm_stat for s390
- correctly disable VT-d posted interrupts with the rest of posted
interrupts
- "make randconfig" fix for x86 AMD
- off-by-one in irq route check (the "good" kind that errors out a bit
too early!)
* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
kvm: vmx: check apicv is active before using VT-d posted interrupt
kvm: Fix irq route entries exceeding KVM_MAX_IRQ_ROUTES
kvm: svm: Do not support AVIC if not CONFIG_X86_LOCAL_APIC
kvm: svm: Fix implicit declaration for __default_cpu_present_to_apicid()
MIPS: KVM: Fix CACHE triggered exception emulation
MIPS: KVM: Don't unwind PC when emulating CACHE
MIPS: KVM: Include bit 31 in segment matches
MIPS: KVM: Fix modular KVM under QEMU
KVM: s390: Add stats for PEI events
KVM: s390: ignore IBC if zero
|
|
Pull nfsd bugfixes from Bruce Fields:
"Oleg Drokin found and fixed races in the nfsd4 state code that go back
to the big nfs4_lock_state removal around 3.17 (but that were also
probably hard to reproduce before client changes in 3.20 allowed the
client to perform parallel opens).
Also fix a 4.1 backchannel crash due to rpc multipath changes in 4.6.
Trond acked the client-side rpc fixes going through my tree"
* tag 'nfsd-4.7-1' of git://linux-nfs.org/~bfields/linux:
nfsd: Make init_open_stateid() a bit more whole
nfsd: Extend the mutex holding region around in nfsd4_process_open2()
nfsd: Always lock state exclusively.
rpc: share one xps between all backchannels
nfsd4/rpc: move backchannel create logic into rpc code
SUNRPC: fix xprt leak on xps allocation failure
nfsd: Fix NFSD_MDS_PR_KEY on 32-bit by adding ULL postfix
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs
Pull overlayfs fixes from Miklos Szeredi:
"This contains two regression fixes: one for the xattr API update and
one for using the mounter's creds in file creation in overlayfs.
There's also a fix for a bug in handling hard linked AF_UNIX sockets
that's been there from day one. This fix is overlayfs only despite
the fact that it touches code outside the overlay filesystem: d_real()
is an identity function for all except overlay dentries"
* 'overlayfs-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs:
ovl: fix uid/gid when creating over whiteout
ovl: xattr filter fix
af_unix: fix hard linked sockets on overlay
vfs: add d_real_inode() helper
|
|
If __key_link_begin() failed then "edit" would be uninitialized. I've
added a check to fix that.
This allows a random user to crash the kernel, though it's quite
difficult to achieve. There are three ways it can be done as the user
would have to cause an error to occur in __key_link():
(1) Cause the kernel to run out of memory. In practice, this is difficult
to achieve without ENOMEM cropping up elsewhere and aborting the
attempt.
(2) Revoke the destination keyring between the keyring ID being looked up
and it being tested for revocation. In practice, this is difficult to
time correctly because the KEYCTL_REJECT function can only be used
from the request-key upcall process. Further, users can only make use
of what's in /sbin/request-key.conf, though this does including a
rejection debugging test - which means that the destination keyring
has to be the caller's session keyring in practice.
(3) Have just enough key quota available to create a key, a new session
keyring for the upcall and a link in the session keyring, but not then
sufficient quota to create a link in the nominated destination keyring
so that it fails with EDQUOT.
The bug can be triggered using option (3) above using something like the
following:
echo 80 >/proc/sys/kernel/keys/root_maxbytes
keyctl request2 user debug:fred negate @t
The above sets the quota to something much lower (80) to make the bug
easier to trigger, but this is dependent on the system. Note also that
the name of the keyring created contains a random number that may be
between 1 and 10 characters in size, so may throw the test off by
changing the amount of quota used.
Assuming the failure occurs, something like the following will be seen:
kfree_debugcheck: out of range ptr 6b6b6b6b6b6b6b68h
------------[ cut here ]------------
kernel BUG at ../mm/slab.c:2821!
...
RIP: 0010:[<ffffffff811600f9>] kfree_debugcheck+0x20/0x25
RSP: 0018:ffff8804014a7de8 EFLAGS: 00010092
RAX: 0000000000000034 RBX: 6b6b6b6b6b6b6b68 RCX: 0000000000000000
RDX: 0000000000040001 RSI: 00000000000000f6 RDI: 0000000000000300
RBP: ffff8804014a7df0 R08: 0000000000000001 R09: 0000000000000000
R10: ffff8804014a7e68 R11: 0000000000000054 R12: 0000000000000202
R13: ffffffff81318a66 R14: 0000000000000000 R15: 0000000000000001
...
Call Trace:
kfree+0xde/0x1bc
assoc_array_cancel_edit+0x1f/0x36
__key_link_end+0x55/0x63
key_reject_and_link+0x124/0x155
keyctl_reject_key+0xb6/0xe0
keyctl_negate_key+0x10/0x12
SyS_keyctl+0x9f/0xe7
do_syscall_64+0x63/0x13a
entry_SYSCALL64_slow_path+0x25/0x25
Fixes: f70e2e06196a ('KEYS: Do preallocation for __key_link()')
Signed-off-by: Dan Carpenter <[email protected]>
Signed-off-by: David Howells <[email protected]>
cc: [email protected]
Signed-off-by: Linus Torvalds <[email protected]>
|
|
Since 32b8a8e59c9c ("sit: add IPv4 over IPv4 support")
ipip6_err() may be called for packets whose IP protocol is
IPPROTO_IPIP as well as those whose IP protocol is IPPROTO_IPV6.
In the case of IPPROTO_IPIP packets the correct protocol value is not
passed to ipv4_update_pmtu() or ipv4_redirect().
This patch resolves this problem by using the IP protocol of the packet
rather than a hard-coded value. This appears to be consistent
with the usage of the protocol of a packet by icmp_socket_deliver()
the caller of ipip6_err().
I was able to exercise the redirect case by using a setup where an ICMP
redirect was received for the destination of the encapsulated packet.
However, it appears that although incorrect the protocol field is not used
in this case and thus no problem manifests. On inspection it does not
appear that a problem will manifest in the fragmentation needed/update pmtu
case either.
In short I believe this is a cosmetic fix. None the less, the use of
IPPROTO_IPV6 seems wrong and confusing.
Reviewed-by: Dinan Gunawardena <[email protected]>
Signed-off-by: Simon Horman <[email protected]>
Acked-by: YOSHIFUJI Hideaki <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
If percpu_ref initialization fails during css_create(), the free path
can end up trying to free css->id of zero. As ID 0 is unused, it
doesn't cause a critical breakage but it does trigger a warning
message. Fix it by setting css->id to -1 from init_and_link_css().
Signed-off-by: Tejun Heo <[email protected]>
Cc: Wenwei Tao <[email protected]>
Fixes: 01e586598b22 ("cgroup: release css->id after css_free")
Cc: [email protected] # v4.0+
Signed-off-by: Tejun Heo <[email protected]>
|
|
The mlx4e driver does not support more than one port for VXLAN offload. As
such expecting the hardware to offload other ports is invalid since it
appears the parsing logic is used to perform Tx checksum and segmentation
offloads. Use the vxlan_port number to determine in which cases we can
apply the offload and in which cases we can not.
Signed-off-by: Alexander Duyck <[email protected]>
Reviewed-by: Tariq Toukan <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
When building with -Wextra, we get a harmless warning from the
EFX_EXTRACT_OWORD32 macro:
ethernet/sfc/farch.c: In function 'efx_farch_test_registers':
ethernet/sfc/farch.c:119:30: error: comparison of unsigned expression < 0 is always false [-Werror=type-limits]
ethernet/sfc/farch.c:124:144: error: comparison of unsigned expression < 0 is always false [-Werror=type-limits]
ethernet/sfc/farch.c:124:392: error: comparison of unsigned expression < 0 is always false [-Werror=type-limits]
ethernet/sfc/farch.c:124:731: error: comparison of unsigned expression < 0 is always false [-Werror=type-limits]
The macro and the caller are both correct, but we can avoid the
warning by changing the index variable to a signed type.
Signed-off-by: Arnd Bergmann <[email protected]>
Acked-by: Bert Kenward <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
Current versions of gdb do not interoperate cleanly with kgdb on arm64
systems because gdb and kgdb do not use the same register description.
This patch modifies kgdb to work with recent releases of gdb (>= 7.8.1).
Compatibility with gdb (after the patch is applied) is as follows:
gdb-7.6 and earlier Ok
gdb-7.7 series Works if user provides custom target description
gdb-7.8(.0) Works if user provides custom target description
gdb-7.8.1 and later Ok
When commit 44679a4f142b ("arm64: KGDB: Add step debugging support") was
introduced it was paired with a gdb patch that made an incompatible
change to the gdbserver protocol. This patch was eventually merged into
the gdb sources:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commit;h=a4d9ba85ec5597a6a556afe26b712e878374b9dd
The change to the protocol was mostly made to simplify big-endian support
inside the kernel gdb stub. Unfortunately the gdb project released
gdb-7.7.x and gdb-7.8.0 before the protocol incompatibility was identified
and reversed:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commit;h=bdc144174bcb11e808b4e73089b850cf9620a7ee
This leaves us in a position where kgdb still uses the no-longer-used
protocol; gdb-7.8.1, which restored the original behaviour, was
released on 2014-10-29.
I don't believe it is possible to detect/correct the protocol
incompatiblity which means the kernel must take a view about which
version of the gdb remote protocol is "correct". This patch takes the
view that the original/current version of the protocol is correct
and that version found in gdb-7.7.x and gdb-7.8.0 is anomalous.
Signed-off-by: Daniel Thompson <[email protected]>
Signed-off-by: Will Deacon <[email protected]>
|
|
ath.git fixes for 4.7. Major changes:
ath9k
* fix GPIO mask regression with AR9462 and AR9565
ath10k
* fix deadlock while processing rx_in_ord_ind
* fix crash related to printing firmware features in debug mode
* fix deadlock when peer cannot be created
|
|
path_b_ok is being assigned but immediately after path_a_ok is being
compared to the value 0x03. This appears to be a typo on the
variable name, compare path_b_ok instead.
Signed-off-by: Colin Ian King <[email protected]>
Signed-off-by: Jes Sorensen <[email protected]>
Signed-off-by: Kalle Valo <[email protected]>
|