(Another one for the f_path debacle.)
ltp fcntl33 testcase caused an Oops in selinux_file_send_sigiotask.
The reason is that generic_add_lease() used filp->f_path.dentry->inode
while all the others use file_inode(). This makes a difference for files
opened on overlayfs since the former will point to the overlay inode the
latter to the underlying inode.
So generic_add_lease() added the lease to the overlay inode and
generic_delete_lease() removed it from the underlying inode. When the file
was released the lease remained on the overlay inode's lock list, resulting
in use after free.
Reported-by: Eryu Guan <eguan@redhat.com>
Fixes: 4bacc9c923 ("overlayfs: Make f_path always point to the overlay and f_inode to the underlay")
Cc: <stable@vger.kernel.org>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Reviewed-by: Jeff Layton <jlayton@redhat.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Saeed Mahameed says:
====================
Mellanox 100G mlx5 resiliency and xmit path fixes
This series provides two set of fixes to the mlx5 driver:
- Resiliency fixes for reset flow and internal pci errors
- xmit path fixes
Please consider queuing those patches for -stable (4.6).
Reset flow fixes for core driver:
- Add more commands to the list of error simulated commands
when pci errors occur
- Avoid calling sleeping function by the health poll thread
- Fix incorrect page count when in internal error
- Fix timeout in wait vital for VFs
- Deadlock fix and Timeout handling in commands interface
Reset flow and resiliency fixes for mlx5e netdev driver:
- Handle RQ flush in error cases
- Implement ndo_tx_timeout callback
- Timeout if SQ doesn't flush during close
- Log link state changes
- Validate BW weight values of ETS
xmit path fixes:
- Fix wrong fallback assumption in select queue callback
- Account for all L2 headers when copying headers into inline segment
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Add Link UP/Down prints to kernel log when link state changes
Signed-off-by: Shaker Daibes <shakerd@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Valid weight assigned to ETS TClass values are 1-100
Fixes: 08fb1dacdd ('net/mlx5e: Support DCBNL IEEE ETS')
Signed-off-by: Rana Shahout <ranas@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
The default fallback function used by mlx5e select queue can return
any TX queues in range [0..dev->num_real_tx_queues).
The current implementation assumes that the fallback function returns
a number in the range [0.. number of channels). Actually
dev->num_real_tx_queues = (number of channels) * dev->num_tc;
which is more than the expected range if num_tc is configured and could
lead to crashes.
To fix this we test if num_tc is not configured we can safely return the
fallback suggestion, if not we will reciprocal_scale the fallback
result and normalize it to the desired range.
Fixes: 08fb1dacdd ('net/mlx5e: Support DCBNL IEEE ETS')
Signed-off-by: Rana Shahout <ranas@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Reported-by: Doug Ledford <dledford@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
ConnectX4-Lx uses an inline wqe mode that currently defaults to
requiring the entire L2 header be included in the wqe.
This patch fixes mlx5e_get_inline_hdr_size() to account for
all L2 headers (VLAN, QinQ, etc) using skb_network_offset(skb).
Fixes: e586b3b0ba ("net/mlx5: Ethernet Datapath files")
Signed-off-by: Matthew Finlay <matt@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Add a timeout to avoid an infinite loop waiting for RQ's to flush. This
occurs during AER/EEH and will also happen if the device stops posting
completions due to internal error or reset, or if moving the RQ to the
error state fails. Also cleanup posted receive resources when closing
the RQ.
Fixes: f62b8bb8f2 ('net/mlx5: Extend mlx5_core to support ConnectX-4 Ethernet functionality')
Signed-off-by: Daniel Jurgens <danielj@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Add callback to handle TX timeouts.
Fixes: f62b8bb8f2 ('net/mlx5: Extend mlx5_core to support ConnectX-4 Ethernet functionality')
Signed-off-by: Daniel Jurgens <danielj@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Avoid an infinite loop by timing out waiting for the SQ to flush. Also
clean up the TX descriptors if that happens.
Fixes: f62b8bb8f2 ('net/mlx5: Extend mlx5_core to support ConnectX-4 Ethernet functionality')
Signed-off-by: Daniel Jurgens <danielj@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
The current implementation does not handle timeout in case of command
with callback request, and this can lead to deadlock if the command
doesn't get fw response.
Add delayed callback timeout work before posting the command to fw.
In case of real fw command completion we will cancel the delayed work.
In case of fw command timeout the callback timeout handler will be
called and it will simulate fw completion with timeout error.
Fixes: e126ba97db ('mlx5: Add driver for Mellanox Connect-IB adapters')
Signed-off-by: Mohamad Haj Yahia <mohamad@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Call command completion handler in case of timeout when working in
interrupts mode.
Avoid flushing the commands workqueue after acquiring the semaphores to
prevent a potential deadlock.
Fixes: e126ba97db ('mlx5: Add driver for Mellanox Connect-IB adapters')
Signed-off-by: Mohamad Haj Yahia <mohamad@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
The device ID for VFs is in a different location than PFs. This results
in the poll always timing out for VFs. There's no good way to read the
VF device ID without using the PF's configuration space. Switch to waiting
for the health poll to start incrementing. Also remove the 1s sleep
at the beginning.
fixes: 89d44f0a6c ('net/mlx5_core: Add pci error handlers to mlx5_core
driver')
Signed-off-by: Daniel Jurgens <danielj@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Change page cleanup flow when in internal error to properly decrement
the page counts when reclaiming pages. The prevents timing out waiting
for extra pages that were actually cleaned up previously.
fixes: 89d44f0a6c ('net/mlx5_core: Add pci error handlers to mlx5_core driver')
Signed-off-by: Daniel Jurgens <danielj@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
In internal error state the health poll thread will eventually call
synchronize_irq() (to safely trigger command completions) which might
sleep, so we are calling sleeping function from atomic context which is
invalid.
Here we move trigger_cmd_completions(dev) to enter error state which is
the earliest stage in error state handling.
This way we won't need to wait for next health poll to trigger command
completions and will solve the scheduling while atomic issue.
mlx5_enter_error_state can be called from two contexts, protect it with
dev->intf_state_lock
Fixes: 89d44f0a6c ('net/mlx5_core: Add pci error handlers to mlx5_core driver')
Signed-off-by: Mohamad Haj Yahia <mohamad@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
In case of internal error state we will simulate the commands status
through the return value translation function, but we need to simulate
all the teardown fw commands as successful so we will not have fw
command failure prints.
This also fix memory leaks that happen because we skip teardown stages
due to failed fw commands.
Fixes: 89d44f0a6c ('net/mlx5_core: Add pci error handlers to mlx5_core driver')
Signed-off-by: Mohamad Haj Yahia <mohamad@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
ether_addr_equal_64bits() requires some care about its arguments,
namely that 8 bytes might be read, even if last 2 byte values are not
used.
KASan detected a violation with null_mac_addr and lacpdu_mcast_addr
in bond_3ad.c
Same problem with mac_bcast[] and mac_v6_allmcast[] in bond_alb.c :
Although the 8-byte alignment was there, KASan would detect out
of bound accesses.
Fixes: 815117adaf ("bonding: use ether_addr_equal_unaligned for bond addr compare")
Fixes: bb54e58929 ("bonding: Verify RX LACPDU has proper dest mac-addr")
Fixes: 885a136c52 ("bonding: use compare_ether_addr_64bits() in ALB")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Acked-by: Dmitry Vyukov <dvyukov@google.com>
Acked-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
Acked-by: Ding Tianhong <dingtianhong@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
The default value of reg-2f in codec rt5650 is 0x5002, not 0x1002.
Signed-off-by: Bard Liao <bardliao@realtek.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
LINK_OFF_WAKE_EN should be cleared after autoresume, otherwise after
system suspend, the system would wake up when linking off occurs.
Signed-off-by: Hayes Wang <hayeswang@realtek.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
We're making all reset line users specify whether their lines are
shared with other IP or they operate them exclusively. In this case
the line is exclusively used only by this IP, so use the *_exclusive()
API accordingly.
Acked-by: Felipe Balbi <felipe.balbi@linux.intel.com>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
We're making all reset line users specify whether their lines are
shared with other IP or they operate them exclusively. In this case
the line is exclusively used only by this IP, so use the *_exclusive()
API accordingly.
Acked-by: Kishon Vijay Abraham I <kishon@ti.com>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
On the STiH410 B2120 development board the MiPHY28lp shares its reset
line with the Synopsys DWC3 SuperSpeed (SS) USB 3.0 Dual-Role-Device
(DRD). New functionality in the reset subsystems forces consumers to
be explicit when requesting shared/exclusive reset lines.
Acked-by: Kishon Vijay Abraham I <kishon@ti.com>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
Call wmb() to ensure writes are complete before
hardware fetches updated Tx descriptors.
Signed-off-by: Sony Chacko <sony.chacko@qlogic.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Fix boot crash that triggers if this driver is built into a kernel and
run on non-AMD systems.
AMD northbridges users call amd_cache_northbridges() and it returns
a negative value to signal that we weren't able to cache/detect any
northbridges on the system.
At least, it should do so as all its callers expect it to do so. But it
does return a negative value only when kmalloc() fails.
Fix it to return -ENODEV if there are no NBs cached as otherwise, amd_nb
users like amd64_edac, for example, which relies on it to know whether
it should load or not, gets loaded on systems like Intel Xeons where it
shouldn't.
Reported-and-tested-by: Tony Battersby <tonyb@cybernetics.com>
Signed-off-by: Borislav Petkov <bp@suse.de>
Cc: <stable@vger.kernel.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Link: http://lkml.kernel.org/r/1466097230-5333-2-git-send-email-bp@alien8.de
Link: https://lkml.kernel.org/r/5761BEB0.9000807@cybernetics.com
Signed-off-by: Ingo Molnar <mingo@kernel.org>
- m_start() in fs/namespace.c expects that ns->event is incremented each
time a mount added or removed from ns->list.
- umount_tree() removes items from the list but does not increment event
counter, expecting that it's done before the function is called.
- There are some codepaths that call umount_tree() without updating
"event" counter. e.g. from __detach_mounts().
- When this happens m_start may reuse a cached mount structure that no
longer belongs to ns->list (i.e. use after free which usually leads
to infinite loop).
This change fixes the above problem by incrementing global event counter
before invoking umount_tree().
Change-Id: I622c8e84dcb9fb63542372c5dbf0178ee86bb589
Cc: stable@vger.kernel.org
Signed-off-by: Andrey Ulanov <andreyu@google.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
v9fs may be used as lower layer of overlayfs and accessing f_path.dentry
can lead to a crash. In this case it's a NULL pointer dereference in
p9_fid_create().
Fix by replacing direct access of file->f_path.dentry with the
file_dentry() accessor, which will always return a native object.
Reported-by: Alessio Igor Bogani <alessioigorbogani@gmail.com>
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Tested-by: Alessio Igor Bogani <alessioigorbogani@gmail.com>
Fixes: 4bacc9c923 ("overlayfs: Make f_path always point to the overlay and f_inode to the underlay")
Cc: <stable@vger.kernel.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Logan Gunthorpe reports that hibernation stopped working reliably for
him after commit ab76f7b4ab (x86/mm: Set NX on gap between __ex_table
and rodata).
That turns out to be a consequence of a long-standing issue with the
64-bit image restoration code on x86, which is that the temporary
page tables set up by it to avoid page tables corruption when the
last bits of the image kernel's memory contents are copied into
their original page frames re-use the boot kernel's text mapping,
but that mapping may very well get corrupted just like any other
part of the page tables. Of course, if that happens, the final
jump to the image kernel's entry point will go to nowhere.
The exact reason why commit ab76f7b4ab matters here is that it
sometimes causes a PMD of a large page to be split into PTEs
that are allocated dynamically and get corrupted during image
restoration as described above.
To fix that issue note that the code copying the last bits of the
image kernel's memory contents to the page frames occupied by them
previoulsy doesn't use the kernel text mapping, because it runs from
a special page covered by the identity mapping set up for that code
from scratch. Hence, the kernel text mapping is only needed before
that code starts to run and then it will only be used just for the
final jump to the image kernel's entry point.
Accordingly, the temporary page tables set up in swsusp_arch_resume()
on x86-64 need to contain the kernel text mapping too. That mapping
is only going to be used for the final jump to the image kernel, so
it only needs to cover the image kernel's entry point, because the
first thing the image kernel does after getting control back is to
switch over to its own original page tables. Moreover, the virtual
address of the image kernel's entry point in that mapping has to be
the same as the one mapped by the image kernel's page tables.
With that in mind, modify the x86-64's arch_hibernation_header_save()
and arch_hibernation_header_restore() routines to pass the physical
address of the image kernel's entry point (in addition to its virtual
address) to the boot kernel (a small piece of assembly code involved
in passing the entry point's virtual address to the image kernel is
not necessary any more after that, so drop it). Update RESTORE_MAGIC
too to reflect the image header format change.
Next, in set_up_temporary_mappings(), use the physical and virtual
addresses of the image kernel's entry point passed in the image
header to set up a minimum kernel text mapping (using memory pages
that won't be overwritten by the image kernel's memory contents) that
will map those addresses to each other as appropriate.
This makes the concern about the possible corruption of the original
boot kernel text mapping go away and if the the minimum kernel text
mapping used for the final jump marks the image kernel's entry point
memory as executable, the jump to it is guaraneed to succeed.
Fixes: ab76f7b4ab (x86/mm: Set NX on gap between __ex_table and rodata)
Link: http://marc.info/?l=linux-pm&m=146372852823760&w=2
Reported-by: Logan Gunthorpe <logang@deltatee.com>
Reported-and-tested-by: Borislav Petkov <bp@suse.de>
Tested-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
If the lockd service fails to start up then we need to be sure that the
notifier blocks are not registered, otherwise a subsequent start of the
service could cause the same notifier to be registered twice, leading to
soft lockups.
Signed-off-by: Scott Mayhew <smayhew@redhat.com>
Cc: stable@vger.kernel.org
Fixes: 0751ddf77b "lockd: Register callbacks on the inetaddr_chain..."
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
So far, we were missing to send the vblank event when disabling the CRTC,
making us never report the last vblank event.
This was causing a time out on the page flip, which should be solved now.
Signed-off-by: Maxime Ripard <maxime.ripard@free-electrons.com>
The sun4i display engine doesn't have any vblank counter. Use the proper
helper for that.
Signed-off-by: Maxime Ripard <maxime.ripard@free-electrons.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQEcBAABAgAGBQJXdTiMAAoJEL/70l94x66D070H/ifn+e3nWddEeBTCjyELQiu+
a0h81Vk+QYMbtzZ76lr7gn31LTWbiI/yUBC/kAJCaiN3X44PTqJUhSLPiP/93/2S
A+/LZPtyjT5Qq8t0M4zByveOcT3AXI2akln/7b1rdHN4gyPqFJfGk2y0O5qttfi/
fhHqceKsUWfi2jMw3n6JtbshykhBbUMacq2suQLsX3vDPaC3dn64GAyDVYKfHaCl
7YzUmRJeXceQ4IQBXVoSnj/Bf5JDdUNglJl7zOeZlIcZnxhmCx5Uh3qRm3kdh4K0
yi76iwTAIbDI6DuFB09Sbr8lCxZCTTc2HsII1n8FrqlBZB6rDQlvfuRUR5DgbK0=
=b7zY
-----END PGP SIGNATURE-----
Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm
Pull KVM fixes from Paolo Bonzini:
"ARM and x86 fixes"
* tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm:
KVM: nVMX: VMX instructions: fix segment checks when L1 is in long mode.
KVM: LAPIC: cap __delay at lapic_timer_advance_ns
KVM: x86: move nsec_to_cycles from x86.c to x86.h
pvclock: Get rid of __pvclock_read_cycles in function pvclock_read_flags
pvclock: Cleanup to remove function pvclock_get_nsec_offset
pvclock: Add CPU barriers to get correct version value
KVM: arm/arm64: Stop leaking vcpu pid references
arm64: KVM: fix build with CONFIG_ARM_PMU disabled
- Reinstate dwarf unwinder/loadable-modules with new gnu tools
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJXdOGlAAoJEGnX8d3iisJeedkQAJVTEsIwivG3XWRxOChqJY1+
jByDRXc2e1Zaow2eSMOTvr8YnbNYpWlg8YmtLDSPsVfoqjEOFhdyOILH51rHjTgg
rgNuiCf9wzTTlWY4XSQPtYnSp6lHIshdcH0nR1Cb3DdJu/SYUDW9XZZkXvQrO8Li
oMsr6WzQxRe1Svf5IaoirDYK1UUnnXS0fF/BCiKhb/TGbRbuQ3LejqjX3iPHNZff
zGqPyEPUAT1u4x1k91yvfuOMX83QqGjmtpJhdD84lDmuoRVqun6l5wZpVZVTpq2F
9GcUwv/fpOX17JwesvFNWqza0t3SkU3VWrmejn1tNHSwbOuSAAvhhE2xZvRSI4TD
oDA53EQ2bBewSAksQG63RUgRo3ltAhvtOh66N5OX0YP3EMOnS56M1DCkHgboKCuf
kOvF7Kc7b2jXwUpfhUBQv9rz/BKySqkK2m/P72x1QnHWr3huWV6ZmVd8DrhCTXVr
hP6pQ8tQd+FTr5/TK+IrfGV4uR9M06UP/0H/e5bw1Td46wncKD7XH9s+zHb6uxnp
EBiPotKBaGxHe/noxXMSBPrNPUec4FkI6FjAo18I7aXc+FLxZrDjkkc5WZGJaCds
YkgDzajFIjECZi3lW/tlwXB2aEd9egtmP1lqp2zwgg1aChWJMest6DRVDhzLDiPf
UsbFoLjOx8J1V+KFaoSX
=ABub
-----END PGP SIGNATURE-----
Merge tag 'arc-4.7-rc6-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc
Pull ARC fix from Vineet Gupta:
"Reinstate dwarf unwinder/loadable-modules with new gnu tools"
* tag 'arc-4.7-rc6-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc:
arc: unwind: warn only once if DW2_UNWIND is disabled
ARC: unwind: ensure that .debug_frame is generated (vs. .eh_frame)
One more fix for some fallout observed after the introduction of the
atomic API.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAABCAAGBQJXdODRAAoJEN0jrNd/PrOhGF0P/Ay5Vmf5oypPjY/2L/SE5gX4
RWDt1/UA4HqhuWU56DmJbYQVPl8f0rrZF2Dnp/xrNudm4H6ivYHUXQ2HxYykmTQJ
DU1ciqj5oeTpXfe+fqEC4jnrti3w3rjIGmiOtFT3iDrlqsPyNlk/ljoPCx3PIZ7C
J3Ip9uhe4dRR1uFrM6UN/dqBT7ipyOA2L1TM0DJoDMc0BC1i+mIiLyHagOoR6C6k
DuIuJvZIH/bGF3xd/U2bNxDHcXdiMhCRwnpot9XOUgh1yEwkuwJyTFS24ElYn8Ce
AcWkZUAbRI8MZxEGtW6EV9Pni9ueB8QUFdkttuuRrzkfzi/wYSG7YSetgwYSfWE9
InVbWtmb2MIEjoAcgk8hRtNeCTLchvBVZRywf5H15a5KcPW0kblm0H87tOcbdy5v
qncu+DNu7cj4aTLF670toczJRzA09yHHusQDJzwcLAmL8Yj1ktiXJLwLcgOveNDf
522uuS2DtEm0XLkvQ7L7dc1xD0dmM+exelFmwxrh6jrGHzQCqjj2MDpvENffFFYw
+pVYpbUXQhtwd1T+IeIDazpelhmELT2d17KiaCgFuUi5OzOo/bhHG0vrs7+0qs8x
gyfYY++rdvRq8OTYplminUohsCHasJthO/0UTW/a/vYwf1JxbJkAaISYAMbcAOe+
PHuI115cjKJr59iuPRyg
=cXTI
-----END PGP SIGNATURE-----
Merge tag 'pwm/for-4.7-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/thierry.reding/linux-pwm
Pull pwm fixes from Thierry Reding:
"One more fix for some fallout observed after the introduction of the
atomic API"
* tag 'pwm/for-4.7-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/thierry.reding/linux-pwm:
pwm: Fix pwm_apply_args()
- Use new reset_*_get_shared() variant to prevent reset line obtainment failure
- Fixes: 0b52297 ("reset: Add support for shared reset controls")
- Fix unintentional switch() fall-through into error path
- Fix uninitialised variable compiler warning
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAABCAAGBQJXdMAeAAoJEFGvii+H/Hdh2JsQAJ5ez/+WlfVY5enmZTCPTfjv
YAZOhGuKyK1RcNKVmhRTXKDDlEQtbzX01AG73UOsMuR6Gjfq4q+lsK88ybE6Y3MS
YuIBa0TXicyywbLhAh4bCqbImFQZ2MhU07mJWn5n6qX1LwrxncKN5MdRj2DKzldv
s9AG1EKUKf/83k6kuODaP8dXutvWPEGKYKXnq9MQPBliU2j7DT7mfEp3jLGlJvXy
UkW2uq1RAhu27fe7TKVefatXLIyqo74fi3fuHVZpWfPsoUTFlQd3RzeFL7Q/orWH
JqiUk55xAbsmtkEeKNbpph1gPyR1pzKKHiNvSfRt/yIjsxOVPGZQZA2y4OpIcOKV
mbxPUrurhcdI+sK2+7JpcbjKYJpCsGgCXtwbLubLcgler+RatmFWOB8+ayH32eVC
DELYFtc80YBaDS+2KrgY4la1Mk1agbfDpyhq4Vp5uiRZFhQyldd1XrPPQssMJNc+
Zme+LRu+EQiullbHDRb6cb0dnV2Tcek4IjI1CsNA6UMAMLcVb8IZ1gX39vWr+BNt
ZWxxoBOcskPJ/t3h4ddPbuMzSA0ctBkJct9bdjg+bpZeA0aJ46lTQCJk4fZfjViu
YcDgO8/ZVaDLz5f4f44xJ+Hwnzxr2fezBUirD3UtPvs57BSVnFbHMBXUdy0NCBHk
mZi1lFOjy7eKuW1+kbrx
=mo7m
-----END PGP SIGNATURE-----
Merge tag 'mfd-fixes-4.7' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/mfd
Pull MFD fixes from Lee Jones:
"Contained are some standard fixes and unusually an extension to the
Reset API. Some of those changes are required to fix a bug introduced
in -rc1, which introduces extra 'reset line checks' i.e. whether the
line is shared or not. If a line is shared and the new *_shared() API
is not used, the request fails with an error. This breaks USB in v4.7
for ST's platforms.
Admittedly, there are some patches contained in our (MFD/Reset)
immutable branch which are not true -fixes, but there isn't anything I
can do about that. Rest assured though, there aren't any API
'changes'. Everything is the same from the consumer's perspective.
- Use new reset_*_get_shared() variant to prevent reset line
obtainment failure (Fixes commit 0b52297f22: "reset: Add support
for shared reset controls")
- Fix unintentional switch() fall-through into error path
- Fix uninitialised variable compiler warning"
* tag 'mfd-fixes-4.7' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/mfd:
mfd: da9053: Fix compiler warning message for uninitialised variable
mfd: max77620: Fix FPS switch statements
phy: phy-stih407-usb: Inform the reset framework that our reset line may be shared
usb: dwc3: st: Inform the reset framework that our reset line may be shared
usb: host: ehci-st: Inform the reset framework that our reset line may be shared
usb: host: ohci-st: Inform the reset framework that our reset line may be shared
reset: TRIVIAL: Add line break at same place for similar APIs
reset: Supply *_shared variant calls when using *_optional APIs
reset: Supply *_shared variant calls when using of_* API
reset: Ensure drivers are explicit when requesting reset lines
reset: Reorder inline reset_control_get*() wrappers
Fixes a build issue without CONFIG_ARM_PMU and plugs pid leak on arm/arm64.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAABAgAGBQJXdSB4AAoJEEtpOizt6ddyg10H/1lQnxqF8K+NOIahMMvDs26N
efujHsGlwHjCQTjThb+BC4qfA2tvcbZ+0UIV0mgvk750llVlrAz83aw83Wvgll9L
hDIwE55yePR9zFeOtTnwLOSIhYyeozSC58RB1OR8oQ1IzHIuokFx/3Iylbk7UjY0
y5LAxdNRWUK7IsFrnC2u8kfYaT+6xxV40KFE23NlCy8drHesrbEPOzDwRpX51u2z
o/68icxpU6TakmTZQwM5RvpgoTn1uEGneSgLSYbVlnHtkA1tr97+fOTFlzmFJyQj
oM7Mk7d9hRSr77dkXKwsDIGVcd0kRvzax2taGHmrrcPgDpkl0PHAfkseWKbb3LI=
=yPs9
-----END PGP SIGNATURE-----
Merge tag 'kvm-arm-for-v4.7-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm into kvm-master
KVM/ARM Fixes for v4.7-rc6:
Fixes a build issue without CONFIG_ARM_PMU and plugs pid leak on arm/arm64.
The omitted parenthesis prevents the addition operation when
acpi_penalize_isa_irq function is called.
Fixes: 103544d869 (ACPI,PCI,IRQ: reduce resource requirements)
Signed-off-by: Sinan Kaya <okaya@codeaurora.org>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
When MTU is changed unlink_urbs() flushes RX Q but mean while usbnet_bh()
can fill up the Q at the same time.
Depends on which HCD is down there unlink takes long time then the flush
never ends.
Signed-off-by: Soohoon Lee <soohoon.lee@f5.com>
Reviewed-by: Kimball Murray <kmurray@f5.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
ip_skb_dst_mtu uses skb->sk, assuming it is an AF_INET socket (e.g. it
calls ip_sk_use_pmtu which casts sk as an inet_sk).
However, in the case of UDP tunneling, the skb->sk is not necessarily an
inet socket (could be AF_PACKET socket, or AF_UNSPEC if arriving from
tun/tap).
OTOH, the sk passed as an argument throughout IP stack's output path is
the one which is of PMTU interest:
- In case of local sockets, sk is same as skb->sk;
- In case of a udp tunnel, sk is the tunneling socket.
Fix, by passing ip_finish_output's sk to ip_skb_dst_mtu.
This augments 7026b1ddb6 'netfilter: Pass socket pointer down through okfn().'
Signed-off-by: Shmulik Ladkani <shmulik.ladkani@gmail.com>
Reviewed-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Jeff Kirsher says:
====================
Intel Wired LAN Driver Updates 2016-06-29
This series contains fixes to e1000e and ixgbevf.
Jarod Wilson's fix for e1000e was a follow-on patch to his previous fix to
keep the hardware VLAN CTAG's for receive and transmit in sync, which
in turn resolves the original issue, so revert a portion of the original
fix.
Xin Long noticed that the ret_val needed to be initialized to IXGBE_ERR_MBX,
instead of -IXGBE_ERR_MBX.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Negotiate with userspace filesystems whether they support parallel readdir
and lookup. Disable parallelism by default for fear of breaking fuse
filesystems.
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Fixes: 9902af79c0 ("parallel lookups: actual switch to rwsem")
Fixes: d9b3dbdcfd ("fuse: switch to ->iterate_shared()")
Add the missing unlock before return from function i915_ppgtt_info()
in the error handling case.
Fixes: 1d2ac403ae3b(drm: Protect dev->filelist with its own mutex)
Signed-off-by: Wei Yongjun <yongjun_wei@trendmicro.com.cn>
Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>
Link: http://patchwork.freedesktop.org/patch/msgid/1465861320-26221-1-git-send-email-weiyj_lk@163.com
(cherry picked from commit b021248690)
Signed-off-by: Jani Nikula <jani.nikula@intel.com>
The simple_write_to_buffer() already increments the @ppos on success,
see fs/libfs.c simple_write_to_buffer() comment:
"
On success, the number of bytes written is returned and the offset @ppos
advanced by this number, or negative value is returned on error.
"
If the configfs_write_bin_file() is invoked with @count smaller than the
total length of the written binary file, it will be invoked multiple times.
Since configfs_write_bin_file() increments @ppos on success, after calling
simple_write_to_buffer(), the @ppos is incremented twice.
Subsequent invocation of configfs_write_bin_file() will result in the next
piece of data being written to the offset twice as long as the length of
the previous write, thus creating buffer with "holes" in it.
The simple testcase using DTO follows:
$ mkdir /sys/kernel/config/device-tree/overlays/1
$ dd bs=1 if=foo.dtbo of=/sys/kernel/config/device-tree/overlays/1/dtbo
Without this patch, the testcase will result in twice as big buffer in the
kernel, which is then passed to the cfs_overlay_item_dtbo_write() .
Signed-off-by: Marek Vasut <marex@denx.de>
Cc: Geert Uytterhoeven <geert+renesas@glider.be>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Pantelis Antoniou <pantelis.antoniou@konsulko.com>
Commit d6a9996e84 ("powerpc/mm: vmalloc abstraction in preparation for
radix") turned kernel memory and IO addresses from #defined constants to
variables initialised at runtime.
On PA6T (pasemi) systems the setup_arch() machine call initialises the
onboard PCI-e root-ports, and uses pci_io_base to do this, which is now
before its value has been set, resulting in a panic early in boot before
console IO is initialised.
Move the pci_io_base initialisation to the same place as vmalloc ranges
are set (hash__early_init_mmu()/radix__early_init_mmu()) - this is the
earliest possible place we can initialise it.
Fixes: d6a9996e84 ("powerpc/mm: vmalloc abstraction in preparation for radix")
Reported-by: Christian Zigotzky <chzigotzky@xenosoft.de>
Signed-off-by: Darren Stevens <darren@stevens-zone.net>
Reviewed-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
[mpe: Add #ifdef CONFIG_PCI, massage change log slightly]
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Fix compiler warning caused by an uninitialised variable inside
da9052_group_write() function. Defaulting the value to zero covers
the trivial case.
Signed-off-by: Steve Twiss <stwiss.opensource@diasemi.com>
Reported-by: Geert Uytterhoeven <geert@linux-m68k.org>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
When configuring FPS during probe, assuming a DT node is present for
FPS, the code can run into a problem with the switch statements in
max77620_config_fps() and max77620_get_fps_period_reg_value(). Namely,
in the case of chip->chip_id == MAX77620, it will set
fps_[mix|max]_period but then fall through to the default switch case
and return -EINVAL. Returning this from max77620_config_fps() will
cause probe to fail.
Signed-off-by: Rhyland Klein <rklein@nvidia.com>
Reviewed-by: Laxman Dewangan <ldewangan@nvidia.com>
Reviewed-by: Thierry Reding <treding@nvidia.com>
Tested-by: Thierry Reding <treding@nvidia.com>
Tested-by: Alexandre Courbot <acourbot@nvidia.com>
Signed-off-by: Lee Jones <lee.jones@linaro.org>
On the STiH410 B2120 development board the ports on the Generic PHY
share their reset lines with each other. New functionality in the
reset subsystems forces consumers to be explicit when requesting
shared/exclusive reset lines.
Signed-off-by: Lee Jones <lee.jones@linaro.org>
