Skip to main content

Browse the archive

swh:1:snp:3c665ee4f67729f27f2e40193ab88e7298cf0fef
sort by:
Revision Author Date Message Commit Date
3d7b365 Linus Torvalds 26 February 2016, 02:54:53 UTC Merge branch 'libnvdimm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm Pull libnvdimm fixes from Dan Williams: - Two fixes for compatibility with the ACPI 6.1 specification. Without these fixes multi-interface DIMMs will fail to be probed, and address range scrub commands to find memory errors will give results that the kernel will mis-interpret. For multi-interface DIMMs Linux will accept either the original 6.0 implementation or 6.1. For address range scrub we'll only support 6.1 since ACPI formalized this DSM differently than the original example [1] implemented in v4.2. The expectation is that production systems will only ever ship the ACPI 6.1 address range scrub command definition. - The wider async address range scrub work targeting 4.6 discovered that the original synchronous implementation in 4.5 is not sizing its return buffer correctly. - Arnd caught that my recent fix to the size of the pfn_t flags missed updating the flags variable used in the pmem driver. - Toshi found that we mishandle the memremap() return value in devm_memremap(). * 'libnvdimm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm: nvdimm: use 'u64' for pfn flags devm_memremap: Fix error value when memremap failed nfit: update address range scrub commands to the acpi 6.1 format libnvdimm, tools/testing/nvdimm: fix 'ars_status' output buffer sizing nfit: fix multi-interface dimm handling, acpi6.1 compatibility 26 February 2016, 02:54:53 UTC
1ebe383 Linus Torvalds 26 February 2016, 02:42:08 UTC Merge tag 'for-v4.5-rc' of git://git.kernel.org/pub/scm/linux/kernel/git/sre/linux-power-supply Pull power supply fixes from Sebastian Reichel: "Add a regression fix for changed sysfs path of bq27xxx_battery and update MAINTAINERS file" * tag 'for-v4.5-rc' of git://git.kernel.org/pub/scm/linux/kernel/git/sre/linux-power-supply: power: bq27xxx_battery: Restore device name MAINTAINERS: update bq27xxx driver 26 February 2016, 02:42:08 UTC
6dc390a Linus Torvalds 24 February 2016, 22:06:17 UTC Merge tag 'arc-4.5-rc6-fixes-upd' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc Pull ARC fixes from Vineet Gupta: - Fix for csd deadlock due to missing self IPI - Accompanying IPI cleanups / optimization - Brown paper bag bug in one of the cleanups above - Boot reporting updates for new hardware features - Don't force DEVTMPFS if INITRAMFS * tag 'arc-4.5-rc6-fixes-upd' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc: arc: SMP: CONFIG_ARC_IPI_DBG cleanup ARC: SMP: No need for CONFIG_ARC_IPI_DBG ARCv2: Elide sending new cross core intr if receiver didn't ack prev ARCv2: SMP: Push IPI_IRQ into IPI provider ARC: [intc-compact] Remove IPI setup from ARCompact port ARCv2: SMP: Emulate IPI to self using software triggered interrupt arc: get rid of DEVTMPFS dependency on INITRAMFS_SOURCE ARCv2: boot report CCMs (Closely Coupled Memories) ARCv2: boot print Low Latency Memory ARC: Assume multiplier is always present 24 February 2016, 22:06:17 UTC
aa263c4 Linus Torvalds 24 February 2016, 22:00:26 UTC Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs Pull vfs fixes from Al Viro: "Assorted fixes - xattr one from this cycle, the rest - stable fodder" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: fs/pnode.c: treat zero mnt_group_id-s as unequal affs_do_readpage_ofs(): just use kmap_atomic() around memcpy() xattr handlers: plug a lock leak in simple_xattr_list fs: allow no_seek_end_llseek to actually seek 24 February 2016, 22:00:26 UTC
2ac015e Kirill A. Shutemov 24 February 2016, 15:58:03 UTC thp: call pmdp_invalidate() with correct virtual address Sebastian Ott and Gerald Schaefer reported random crashes on s390. It was bisected to my THP refcounting patchset. The problem is that pmdp_invalidated() called with wrong virtual address. It got offset up by HPAGE_PMD_SIZE by loop over ptes. The solution is to introduce new variable to be used in loop and don't touch 'haddr'. Signed-off-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com> Reported-and-tested-by: Gerald Schaefer <gerald.schaefer@de.ibm.com> Reported-and-tested-by Sebastian Ott <sebott@linux.vnet.ibm.com> Reviewed-by: Will Deacon <will.deacon@arm.com> Cc: Christian Borntraeger <borntraeger@de.ibm.com> Cc: Martin Schwidefsky <schwidefsky@de.ibm.com> Cc: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com> Cc: Andrea Arcangeli <aarcange@redhat.com> Cc: Sasha Levin <sasha.levin@oracle.com> Cc: Jerome Marchand <jmarchan@redhat.com> Cc: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 24 February 2016, 18:46:30 UTC
9ef2d8b Valentin Rothberg 24 February 2016, 08:40:22 UTC arc: SMP: CONFIG_ARC_IPI_DBG cleanup Previous Commit ("ARC: SMP: No need for CONFIG_ARC_IPI_DBG") removed the Kconfig option ARC_IPI_DBG. Remove the last reference on this option. Signed-off-by: Valentin Rothberg <valentinrothberg@gmail.com> Signed-off-by: Vineet Gupta <vgupta@synopsys.com> 24 February 2016, 08:45:39 UTC
d73b73f Vineet Gupta 19 February 2016, 02:48:11 UTC ARC: SMP: No need for CONFIG_ARC_IPI_DBG This was more relevant during SMP bringup. The warning for bogus msg better be visible always. Signed-off-by: Vineet Gupta <vgupta@synopsys.com> 24 February 2016, 05:37:32 UTC
3dea30c Vineet Gupta 19 February 2016, 02:27:41 UTC ARCv2: Elide sending new cross core intr if receiver didn't ack prev ARConnect/MCIP IPI sending has a retry-wait loop in case caller had not seen a previous such interrupt. Turns out that it is not needed at all. Linux cross core calling allows coalescing multiple IPIs to same receiver - it is fine as long as there is one. This logic is built into upper layer already, at a higher level of abstraction. ipi_send_msg_one() sets the actual msg payload, but it only calls MCIP IPI sending if msg holder was empty (using atomic-set-new-and-get-old construct). Thus it is unlikely that the retry-wait looping was ever getting exercised at all. Cc: Chuck Jordan <cjordan@synopsys.com> Cc: Peter Zijlstra <peterz@infradead.org> Signed-off-by: Vineet Gupta <vgupta@synopsys.com> 24 February 2016, 05:37:31 UTC
9681787 Vineet Gupta 23 February 2016, 08:05:12 UTC ARCv2: SMP: Push IPI_IRQ into IPI provider Signed-off-by: Vineet Gupta <vgupta@synopsys.com> 24 February 2016, 05:37:31 UTC
dbcbc7e Vineet Gupta 28 January 2016, 07:18:05 UTC ARC: [intc-compact] Remove IPI setup from ARCompact port There is no real ARC700 based SMP SoC so remove IPI definition. EZChip's SMP ARC700 is going to use a different intc and IPI provider anyways. Signed-off-by: Vineet Gupta <vgupta@synopsys.com> 24 February 2016, 05:37:31 UTC
bb143f8 Vineet Gupta 23 February 2016, 06:25:16 UTC ARCv2: SMP: Emulate IPI to self using software triggered interrupt ARConnect/MCIP Inter-Core-Interrupt module can't send interrupt to local core. So use core intc capability to trigger software interrupt to self, using an unsued IRQ #21. This showed up as csd deadlock with LTP trace_sched on a dual core system. This test acts as scheduler fuzzer, triggering all sorts of schedulting activity. Trouble starts with IPI to self, which doesn't get delivered (effectively lost due to H/w capability), but the msg intended to be sent remain enqueued in per-cpu @ipi_data. All subsequent IPIs to this core from other cores get elided due to the IPI coalescing optimization in ipi_send_msg_one() where a pending msg implies an IPI already sent and assumes other core is yet to ack it. After the elided IPI, other core simply goes into csd_lock_wait() but never comes out as this core never sees the interrupt. Fixes STAR 9001008624 Cc: Peter Zijlstra <peterz@infradead.org> Cc: <stable@vger.kernel.org> [4.2] Signed-off-by: Vineet Gupta <vgupta@synopsys.com> 24 February 2016, 05:37:28 UTC
84e54c4 Linus Torvalds 24 February 2016, 03:03:43 UTC Merge tag 'dm-4.5-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm Pull device mapper fix from Mike Snitzer: "Fix a 112 byte leak for each IO request that is requeued while DM multipath is handling faults due to path failures. This leak does not happen if blk-mq DM multipath is used. It only occurs if .request_fn DM multipath is stacked ontop of blk-mq paths (e.g. scsi-mq devices)" * tag 'dm-4.5-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm: dm: fix dm_rq_target_io leak on faults with .request_fn DM w/ blk-mq paths 24 February 2016, 03:03:43 UTC
0ecdcd3 Linus Torvalds 24 February 2016, 02:54:58 UTC Merge tag 'mmc-v4.5-rc4' of git://git.linaro.org/people/ulf.hansson/mmc Pull MMC fix from Ulf Hansson: "Here's an mmc fix intended for v4.5 rc6. MMC host: - omap_hsmmc: Fix PM regression for deferred probe" * tag 'mmc-v4.5-rc4' of git://git.linaro.org/people/ulf.hansson/mmc: mmc: omap_hsmmc: Fix PM regression with deferred probe for pm_runtime_reinit 24 February 2016, 02:54:58 UTC
c454420 Arnd Bergmann 22 February 2016, 21:58:34 UTC nvdimm: use 'u64' for pfn flags A recent bugfix changed pfn_t to always be 64-bit wide, but did not change the code in pmem.c, which is now broken on 32-bit architectures as reported by gcc: In file included from ../drivers/nvdimm/pmem.c:28:0: drivers/nvdimm/pmem.c: In function 'pmem_alloc': include/linux/pfn_t.h:15:17: error: large integer implicitly truncated to unsigned type [-Werror=overflow] #define PFN_DEV (1ULL << (BITS_PER_LONG_LONG - 3)) This changes the intermediate pfn_flags in struct pmem_device to be 64 bit wide as well, so they can store the flags correctly. Signed-off-by: Arnd Bergmann <arnd@arndb.de> Fixes: db78c22230d0 ("mm: fix pfn_t vs highmem") Signed-off-by: Dan Williams <dan.j.williams@intel.com> 24 February 2016, 01:17:20 UTC
93f834d Toshi Kani 20 February 2016, 22:32:24 UTC devm_memremap: Fix error value when memremap failed devm_memremap() returns an ERR_PTR() value in case of error. However, it returns NULL when memremap() failed. This causes the caller, such as the pmem driver, to proceed and oops later. Change devm_memremap() to return ERR_PTR(-ENXIO) when memremap() failed. Signed-off-by: Toshi Kani <toshi.kani@hpe.com> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: <stable@vger.kernel.org> Reviewed-by: Ross Zwisler <ross.zwisler@linux.intel.com> Signed-off-by: Dan Williams <dan.j.williams@intel.com> 24 February 2016, 01:17:20 UTC
4577b06 Dan Williams 17 February 2016, 21:08:58 UTC nfit: update address range scrub commands to the acpi 6.1 format The original format of these commands from the "NVDIMM DSM Interface Example" [1] are superseded by the ACPI 6.1 definition of the "NVDIMM Root Device _DSMs" [2]. [1]: http://pmem.io/documents/NVDIMM_DSM_Interface_Example.pdf [2]: http://www.uefi.org/sites/default/files/resources/ACPI_6_1.pdf "9.20.7 NVDIMM Root Device _DSMs" Changes include: 1/ New 'restart' fields in ars_status, unfortunately these are implemented in the middle of the existing definition so this change is not backwards compatible. The expectation is that shipping platforms will only ever support the ACPI 6.1 definition. 2/ New status values for ars_start ('busy') and ars_status ('overflow'). Cc: Vishal Verma <vishal.l.verma@intel.com> Cc: Linda Knippers <linda.knippers@hpe.com> Cc: <stable@vger.kernel.org> Signed-off-by: Dan Williams <dan.j.williams@intel.com> 24 February 2016, 01:17:20 UTC
420eb6d Linus Torvalds 24 February 2016, 00:39:21 UTC Merge tag 'nfs-for-4.5-4' of git://git.linux-nfs.org/projects/trondmy/linux-nfs Pull NFS client bugfixes from Trond Myklebust: "Stable bugfixes: - Fix nfs_size_to_loff_t - NFSv4: Fix a dentry leak on alias use Other bugfixes: - Don't schedule a layoutreturn if the layout segment can be freed immediately. - Always set NFS_LAYOUT_RETURN_REQUESTED with lo->plh_return_iomode - rpcrdma_bc_receive_call() should init rq_private_buf.len - fix stateid handling for the NFS v4.2 operations - pnfs/blocklayout: fix a memeory leak when using,vmalloc_to_page - fix panic in gss_pipe_downcall() in fips mode - Fix a race between layoutget and pnfs_destroy_layout - Fix a race between layoutget and bulk recalls" * tag 'nfs-for-4.5-4' of git://git.linux-nfs.org/projects/trondmy/linux-nfs: NFSv4.x/pnfs: Fix a race between layoutget and bulk recalls NFSv4.x/pnfs: Fix a race between layoutget and pnfs_destroy_layout auth_gss: fix panic in gss_pipe_downcall() in fips mode pnfs/blocklayout: fix a memeory leak when using,vmalloc_to_page nfs4: fix stateid handling for the NFS v4.2 operations NFSv4: Fix a dentry leak on alias use xprtrdma: rpcrdma_bc_receive_call() should init rq_private_buf.len pNFS: Always set NFS_LAYOUT_RETURN_REQUESTED with lo->plh_return_iomode pNFS: Fix pnfs_mark_matching_lsegs_return() nfs: fix nfs_size_to_loff_t 24 February 2016, 00:39:21 UTC
de9e478 Linus Torvalds 23 February 2016, 22:58:52 UTC x86: fix SMAP in 32-bit environments In commit 11f1a4b9755f ("x86: reorganize SMAP handling in user space accesses") I changed how the stac/clac instructions were generated around the user space accesses, which then made it possible to do batched accesses efficiently for user string copies etc. However, in doing so, I completely spaced out, and didn't even think about the 32-bit case. And nobody really even seemed to notice, because SMAP doesn't even exist until modern Skylake processors, and you'd have to be crazy to run 32-bit kernels on a modern CPU. Which brings us to Andy Lutomirski. He actually tested the 32-bit kernel on new hardware, and noticed that it doesn't work. My bad. The trivial fix is to add the required uaccess begin/end markers around the raw accesses in <asm/uaccess_32.h>. I feel a bit bad about this patch, just because that header file really should be cleaned up to avoid all the duplicated code in it, and this commit just expands on the problem. But this just fixes the bug without any bigger cleanup surgery. Reported-and-tested-by: Andy Lutomirski <luto@kernel.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 24 February 2016, 00:25:20 UTC
3e5177c Alexey Brodkin 20 February 2016, 13:04:26 UTC arc: get rid of DEVTMPFS dependency on INITRAMFS_SOURCE Even though DEVTMPFS is required when our pre-built initramfs is used it is not the case in general. It is perfectly possible to use initramfs with device nodes already populated or there could be other usages, see discussion below for more detials: http://thread.gmane.org/gmane.comp.embedded.openwrt.devel/37819/focus=37821 This change removes mentioned dependency from arch/arc/Kconfig updating instead those defconfigs that are usually used with this kind of pre-build initramfs. And while at it all touched defconfigs were regenerated via savedefconfig and some options were removed: * USB is selected by other options implicitly * VGA_CONSOLE is disableb for ARC since 031e29b5877f31676739dc2f847d04c2c0732034 * EXT3_FS automatically selects EXT4_FS * MTDxxx and JFFS2_FS make no sense for AXS because AXS NAND controller is not upstreamed * NET_OSCI_LAN is not in upstream as well * ARCPGU_xxx options make no sense because ARC PGU is not yet in upstream and when it gets there all config options would be taken from devicetree Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com> Signed-off-by: Vineet Gupta <vgupta@synopsys.com> 23 February 2016, 07:01:04 UTC
9fd4b9f Trond Myklebust 22 February 2016, 22:46:34 UTC NFSv4.x/pnfs: Fix a race between layoutget and bulk recalls Replace another case where the layout 'plh_block_lgets' can trigger infinite loops in send_layoutget(). Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com> 22 February 2016, 22:46:34 UTC
2454dfe Trond Myklebust 22 February 2016, 22:34:59 UTC NFSv4.x/pnfs: Fix a race between layoutget and pnfs_destroy_layout If the server reboots while there is a layoutget outstanding, then the call to pnfs_choose_layoutget_stateid() will fail with an EAGAIN error, which causes an infinite loop in send_layoutget(). The reason why we never break out of the loop is that the layout 'plh_block_lgets' field is never cleared. Fix is to replace plh_block_lgets with NFS_LAYOUT_INVALID_STID, which can be reset after a new layoutget. Fixes: ab7d763e477c5 ("pNFS: Ensure nfs4_layoutget_prepare returns...") Signed-off-by: Trond Myklebust <trond.myklebust@primarydata.com> 22 February 2016, 22:34:59 UTC
4de8ebe Linus Torvalds 22 February 2016, 22:09:18 UTC Merge tag 'trace-fixes-v4.5-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace Pull tracing fixes from Steven Rostedt: "Two more small fixes. One is by Yang Shi who added a READ_ONCE_NOCHECK() to the scan of the stack made by the stack tracer. As the stack tracer scans the entire kernel stack, KASAN triggers seeing it as a "stack out of bounds" error. As the scan is looking at the contents of the stack from parent functions. The NOCHECK() tells KASAN that this is done on purpose, and is not some kind of stack overflow. The second fix is to the ftrace selftests, to retrieve the PID of executed commands from the shell with '$!' and not by parsing 'jobs'" * tag 'trace-fixes-v4.5-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace: tracing, kasan: Silence Kasan warning in check_stack of stack_tracer ftracetest: Fix instance test to use proper shell command for pids 22 February 2016, 22:09:18 UTC
692b8c6 Linus Torvalds 22 February 2016, 21:57:01 UTC Merge tag 'for-linus-4.5-rc5-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip Pull xen bug fixes from David Vrabel: - Two scsiback fixes (resource leak and spurious warning). - Fix DMA mapping of compound pages on arm/arm64. - Fix some pciback regressions in MSI-X handling. - Fix a pcifront crash due to some uninitialize state. * tag 'for-linus-4.5-rc5-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip: xen/pcifront: Fix mysterious crashes when NUMA locality information was extracted. xen/pcifront: Report the errors better. xen/pciback: Save the number of MSI-X entries to be copied later. xen/pciback: Check PF instead of VF for PCI_COMMAND_MEMORY xen: fix potential integer overflow in queue_reply xen/arm: correctly handle DMA mapping of compound pages xen/scsiback: avoid warnings when adding multiple LUNs to a domain xen/scsiback: correct frontend counting 22 February 2016, 21:57:01 UTC
dea08e6 Linus Torvalds 22 February 2016, 20:18:07 UTC Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net Pull networking fixes from David Miller: "Looks like a lot, but mostly driver fixes scattered all over as usual. Of note: 1) Add conditional sched in nf conntrack in cleanup to avoid NMI watchdogs. From Florian Westphal. 2) Fix deadlock in nfnetlink cttimeout, also from Floarian. 3) Fix handling of slaves in bonding ARP monitor validation, from Jay Vosburgh. 4) Callers of ip_cmsg_send() are responsible for freeing IP options, some were not doing so. Fix from Eric Dumazet. 5) Fix per-cpu bugs in mvneta driver, from Gregory CLEMENT. 6) Fix vlan handling in mv88e6xxx DSA driver, from Vivien Didelot. 7) bcm7xxx PHY driver bug fixes from Florian Fainelli. 8) Avoid unaligned accesses to protocol headers wrt. GRE, from Alexander Duyck. 9) SKB leaks and other problems in arc_emac driver, from Alexander Kochetkov. 10) tcp_v4_inbound_md5_hash() releases listener socket instead of request socket on error path, oops. Fix from Eric Dumazet. 11) Missing socket release in pppoe_rcv_core() that seems to have existed basically forever. From Guillaume Nault. 12) Missing slave_dev unregister in dsa_slave_create() error path, from Florian Fainelli. 13) crypto_alloc_hash() never returns NULL, fix return value check in __tcp_alloc_md5sig_pool. From Insu Yun. 14) Properly expire exception route entries in ipv4, from Xin Long. 15) Fix races in tcp/dccp listener socket dismantle, from Eric Dumazet. 16) Don't set IFF_TX_SKB_SHARING in vxlan, geneve, or GRE, it's not legal. These drivers modify the SKB on transmit. From Jiri Benc. 17) Fix regression in the initialziation of netdev->tx_queue_len. From Phil Sutter. 18) Missing unlock in tipc_nl_add_bc_link() error path, from Insu Yun. 19) SCTP port hash sizing does not properly ensure that table is a power of two in size. From Neil Horman. 20) Fix initializing of software copy of MAC address in fmvj18x_cs driver, from Ken Kawasaki" * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (129 commits) bnx2x: Fix 84833 phy command handler bnx2x: Fix led setting for 84858 phy. bnx2x: Correct 84858 PHY fw version bnx2x: Fix 84833 RX CRC bnx2x: Fix link-forcing for KR2 net: ethernet: davicom: fix devicetree irq resource fmvj18x_cs: fix incorrect indexing of dev->dev_addr[] when copying the MAC address Driver: Vmxnet3: Update Rx ring 2 max size net: netcp: rework the code for get/set sw_data in dma desc soc: ti: knav_dma: rename pad in struct knav_dma_desc to sw_data net: ti: netcp: restore get/set_pad_info() functionality MAINTAINERS: Drop myself as xen netback maintainer sctp: Fix port hash table size computation can: ems_usb: Fix possible tx overflow Bluetooth: hci_core: Avoid mixing up req_complete and req_complete_skb net: bcmgenet: Fix internal PHY link state af_unix: Don't use continue to re-execute unix_stream_read_generic loop unix_diag: fix incorrect sign extension in unix_lookup_by_ino bnxt_en: Failure to update PHY is not fatal condition. bnxt_en: Remove unnecessary call to update PHY settings. ... 22 February 2016, 20:18:07 UTC
5c102d0 Linus Torvalds 22 February 2016, 20:12:46 UTC Merge tag 'hwmon-for-linus-v4.5-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging Pull hwmon fixes from Guenter Roeck: "Two fixes headed for stable: - Remove an unnecessary speed_index lookup for thermal hook in the gpio-fan driver. The unnecessary speed lookup can hog the system. - Handle negative conversion values correctly in the ads1015 driver" * tag 'hwmon-for-linus-v4.5-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging: hwmon: (gpio-fan) Remove un-necessary speed_index lookup for thermal hook hwmon: (ads1015) Handle negative conversion values correctly 22 February 2016, 20:12:46 UTC
a16152c Linus Torvalds 22 February 2016, 20:04:11 UTC Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma Pull rdma fixes from Doug Ledford: "One ocrdma fix: - The new CQ API support was added to ocrdma, but they got the arming logic wrong, so without this, transfers eventually fail when they fail to arm the interrupt properly under load Two related fixes for mlx4: - When we added the 64bit extended counters support to the core IB code, they forgot to update the RoCE side of the mlx4 driver (the IB side they properly updated). I debated whether or not to include these patches as they could be considered feature enablement patches, but the existing code will blindy copy the 32bit counters, whether any counters were requested at all (a bug). These two patches make it (a) check to see that counters were requested and (b) copy the right counters (the 64bit support is new, the 32bit is not). For that reason I went ahead and took them" * tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma: IB/mlx4: Add support for the port info class for RoCE ports IB/mlx4: Add support for extended counters over RoCE ports RDMA/ocrdma: Fix arm logic to align with new cq API 22 February 2016, 20:04:11 UTC
7ee302f Linus Torvalds 22 February 2016, 19:55:18 UTC Merge branch 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux Pull i2c fixes from Wolfram Sang: "Some bugfixes from I2C for you: A fix for a RuntimePM regression with OMAP, a fix to enable TCO for Lewisburg platforms, and a typo fix while we are here" * 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux: i2c: i801: Adding Intel Lewisburg support for iTCO i2c: uniphier: fix typos in error messages i2c: omap: Fix PM regression with deferred probe for pm_runtime_reinit 22 February 2016, 19:55:18 UTC
d856626 David S. Miller 22 February 2016, 03:51:55 UTC Merge tag 'linux-can-fixes-for-4.5-20160221' of git://git.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can Marc Kleine-Budde says: ==================== pull-request: can 2016-02-21 this is a pull reqeust of one patch for net/master. The patch is by Gerhard Uttenthaler and fixes a potential tx overflow in the ems_usb driver. ==================== Signed-off-by: David S. Miller <davem@davemloft.net> 22 February 2016, 03:51:55 UTC
dd78dac David S. Miller 22 February 2016, 03:50:55 UTC Merge branch 'bnx2x-848xx-phy-fixes' Yuval Mintz says: ==================== bnx2x: Fix 848xx phys This series contains link-related fixes, mostly for the 848xx phys [2 patches are for 84833, and 2 patches are for 84858]. ==================== Signed-off-by: David S. Miller <davem@davemloft.net> 22 February 2016, 03:50:55 UTC
4ec0b6d Yuval Mintz 21 February 2016, 13:07:29 UTC bnx2x: Fix 84833 phy command handler Current initialization sequence is lacking, causing some configurations to fail. Signed-off-by: Yuval Mintz <Yuval.Mintz@qlogic.com> Signed-off-by: David S. Miller <davem@davemloft.net> 22 February 2016, 03:50:55 UTC
bb1187a Yuval Mintz 21 February 2016, 13:07:28 UTC bnx2x: Fix led setting for 84858 phy. Signed-off-by: Yuval Mintz <Yuval.Mintz@qlogic.com> Signed-off-by: David S. Miller <davem@davemloft.net> 22 February 2016, 03:50:55 UTC
27ba2d2 Yuval Mintz 21 February 2016, 13:07:27 UTC bnx2x: Correct 84858 PHY fw version The phy's firmware version isn't being parsed properly as it's currently parsed like the rest of the 848xx phys. Signed-off-by: Yuval Mintz <Yuval.Mintz@qlogic.com> Signed-off-by: David S. Miller <davem@davemloft.net> 22 February 2016, 03:50:54 UTC
512ab9a Yuval Mintz 21 February 2016, 13:07:26 UTC bnx2x: Fix 84833 RX CRC There's a problem in current 84833 phy configuration - in case 1Gb link is configured and jumbo-sized packets are being used, device will experience RX crc errors. Signed-off-by: Yuval Mintz <Yuval.Mintz@qlogic.com> Signed-off-by: David S. Miller <davem@davemloft.net> 22 February 2016, 03:50:54 UTC
1e411f0 Yuval Mintz 21 February 2016, 13:07:25 UTC bnx2x: Fix link-forcing for KR2 Currently, when link is using KR2 it cannot be forced to any speed other than 20g. Signed-off-by: Yuval Mintz <Yuval.Mintz@qlogic.om> Signed-off-by: David S. Miller <davem@davemloft.net> 22 February 2016, 03:50:54 UTC
9ca69b7 David S. Miller 22 February 2016, 03:46:26 UTC Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth Johan Hedberg says: ==================== pull request: bluetooth 2016-02-20 Here's an important patch for 4.5 which fixes potential invalid pointer access when processing completed Bluetooth HCI commands. Please let me know if there are any issues pulling. Thanks. ==================== Signed-off-by: David S. Miller <davem@davemloft.net> 22 February 2016, 03:46:26 UTC
b5a099c Robert Jarzmik 20 February 2016, 20:45:26 UTC net: ethernet: davicom: fix devicetree irq resource The dm9000 driver doesn't work in at least one device-tree configuration, spitting an error message on irq resource : [    1.062495] dm9000 8000000.ethernet: insufficient resources [    1.068439] dm9000 8000000.ethernet: not found (-2). [    1.073451] dm9000: probe of 8000000.ethernet failed with error -2 The reason behind is that the interrupt might be provided by a gpio controller, not probed when dm9000 is probed, and needing the probe deferral mechanism to apply. Currently, the interrupt is directly taken from resources. This patch changes this to use the more generic platform_get_irq(), which handles the deferral. Moreover, since commit Fixes: 7085a7401ba5 ("drivers: platform: parse IRQ flags from resources"), the interrupt trigger flags are honored in platform_get_irq(), so remove the needless code in dm9000. Signed-off-by: Robert Jarzmik <robert.jarzmik@free.fr> Acked-by: Marcel Ziswiler <marcel@ziswiler.com> Cc: Sergei Shtylyov <sergei.shtylyov@cogentembedded.com> Tested-by: Sergei Ianovich <ynvich@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> 22 February 2016, 03:40:49 UTC
1ad5466 Ken Kawasaki 20 February 2016, 10:14:36 UTC fmvj18x_cs: fix incorrect indexing of dev->dev_addr[] when copying the MAC address fix incorrect indexing of dev->dev_addr[] when copying the MAC address of FMV-J182 at buf[5]. Signed-off-by: Ken Kawasaki <ken_kawasaki@nifty.com> Signed-off-by: David S. Miller <davem@davemloft.net> 22 February 2016, 03:08:43 UTC
14112ca Shrikrishna Khare 19 February 2016, 19:19:52 UTC Driver: Vmxnet3: Update Rx ring 2 max size Device emulation supports max size of 4096. Signed-off-by: Shrikrishna Khare <skhare@vmware.com> Signed-off-by: Bhavesh Davda <bhavesh@vmware.com> Signed-off-by: David S. Miller <davem@davemloft.net> 22 February 2016, 03:04:15 UTC
d3e1718 David S. Miller 22 February 2016, 03:03:21 UTC Merge branch 'netcp-fixes' Murali Karicheri says: ==================== net: ti: netcp: restore get/set_pad_info() functionality This series fixes a regression and add some improvements for the ease of maintainance. Incorporated comments against v1. Changelogs: v2 : combined 2-3 into one patch as this involves a header change fixed a parse warning in 3/4 per comment from Arnd. Removed Sign-off from Arnd against 1/4 added comments in 3/3 to alert on the usage of sw data per review comments v1 : added 2-4 to accomodate feedback received from review v0 : initial version to fix the regression (From Grygorii) ==================== Signed-off-by: David S. Miller <davem@davemloft.net> 22 February 2016, 03:03:21 UTC
0632448 Karicheri, Muralidharan 19 February 2016, 17:58:44 UTC net: netcp: rework the code for get/set sw_data in dma desc SW data field in descriptor can be used by software to hold private data for the driver. As there are 4 words available for this purpose, use separate macros to place it or retrieve the same to/from descriptors. Also do type cast of data types accordingly. Cc: Wingman Kwok <w-kwok2@ti.com> Cc: Mugunthan V N <mugunthanvnm@ti.com> CC: Arnd Bergmann <arnd@arndb.de> CC: Grygorii Strashko <grygorii.strashko@ti.com> CC: David Laight <David.Laight@ACULAB.COM> Signed-off-by: Murali Karicheri <m-karicheri2@ti.com> Acked-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: David S. Miller <davem@davemloft.net> 22 February 2016, 03:03:15 UTC
b1cb86a Karicheri, Muralidharan 19 February 2016, 17:58:43 UTC soc: ti: knav_dma: rename pad in struct knav_dma_desc to sw_data Rename the pad to sw_data as per description of this field in the hardware spec(refer sprugr9 from www.ti.com). Latest version of the document is at http://www.ti.com/lit/ug/sprugr9h/sprugr9h.pdf and section 3.1 Host Packet Descriptor describes this field. Define and use a constant for the size of sw_data field similar to other fields in the struct for desc and document the sw_data field in the header. As the sw_data is not touched by hw, it's type can be changed to u32. Rename the helpers to match with the updated dma desc field sw_data. Cc: Wingman Kwok <w-kwok2@ti.com> Cc: Mugunthan V N <mugunthanvnm@ti.com> CC: Arnd Bergmann <arnd@arndb.de> CC: Grygorii Strashko <grygorii.strashko@ti.com> CC: David Laight <David.Laight@ACULAB.COM> Signed-off-by: Murali Karicheri <m-karicheri2@ti.com> Acked-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: David S. Miller <davem@davemloft.net> 22 February 2016, 03:03:15 UTC
9ecfe87 Karicheri, Muralidharan 19 February 2016, 17:58:42 UTC net: ti: netcp: restore get/set_pad_info() functionality The commit 899077791403 ("netcp: try to reduce type confusion in descriptors") introduces a regression in Kernel 4.5-rc1 and it breaks get/set_pad_info() functionality. The TI NETCP driver uses pad0 and pad1 fields of knav_dma_desc to store DMA/MEM buffer pointer and buffer size respectively. And in both cases for Keystone 2 the pointer type size is 32 bit regardless of LAPE enabled or not, because CONFIG_ARCH_DMA_ADDR_T_64BIT originally is not expected to be defined. Unfortunately, above commit changed buffer's pointers save/restore code (get/set_pad_info()) and added intermediate conversation to u64 which works incorrectly on 32bit Keystone 2 and causes TI NETCP driver crash in RX/TX path due to "Unable to handle kernel NULL pointer" exception. This issue was reported and discussed in [1]. Hence, fix it by partially reverting above commit and restoring get/set_pad_info() functionality as it was before. [1] https://www.mail-archive.com/netdev@vger.kernel.org/msg95361.html Cc: Wingman Kwok <w-kwok2@ti.com> Cc: Mugunthan V N <mugunthanvnm@ti.com> CC: David Laight <David.Laight@ACULAB.COM> CC: Arnd Bergmann <arnd@arndb.de> Reported-by: Franklin S Cooper Jr <fcooper@ti.com> Signed-off-by: Grygorii Strashko <grygorii.strashko@ti.com> Signed-off-by: Murali Karicheri <m-karicheri2@ti.com> Acked-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: David S. Miller <davem@davemloft.net> 22 February 2016, 03:03:15 UTC
3301be3 Ian Campbell 19 February 2016, 11:44:51 UTC MAINTAINERS: Drop myself as xen netback maintainer Wei has been picking this up for quite a while now. Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Cc: Wei Liu <wei.liu2@citrix.com> Acked-by: Wei Liu <wei.liu2@citrix.com> Signed-off-by: David S. Miller <davem@davemloft.net> 22 February 2016, 02:55:17 UTC
d9749fb Neil Horman 18 February 2016, 21:10:57 UTC sctp: Fix port hash table size computation Dmitry Vyukov noted recently that the sctp_port_hashtable had an error in its size computation, observing that the current method never guaranteed that the hashsize (measured in number of entries) would be a power of two, which the input hash function for that table requires. The root cause of the problem is that two values need to be computed (one, the allocation order of the storage requries, as passed to __get_free_pages, and two the number of entries for the hash table). Both need to be ^2, but for different reasons, and the existing code is simply computing one order value, and using it as the basis for both, which is wrong (i.e. it assumes that ((1<<order)*PAGE_SIZE)/sizeof(bucket) is still ^2 when its not). To fix this, we change the logic slightly. We start by computing a goal allocation order (which is limited by the maximum size hash table we want to support. Then we attempt to allocate that size table, decreasing the order until a successful allocation is made. Then, with the resultant successful order we compute the number of buckets that hash table supports, which we then round down to the nearest power of two, giving us the number of entries the table actually supports. I've tested this locally here, using non-debug and spinlock-debug kernels, and the number of entries in the hashtable consistently work out to be powers of two in all cases. Signed-off-by: Neil Horman <nhorman@tuxdriver.com> Reported-by: Dmitry Vyukov <dvyukov@google.com> CC: Dmitry Vyukov <dvyukov@google.com> CC: Vladislav Yasevich <vyasevich@gmail.com> CC: "David S. Miller" <davem@davemloft.net> Signed-off-by: David S. Miller <davem@davemloft.net> 22 February 2016, 02:52:51 UTC
4328daa Mike Snitzer 22 February 2016, 00:09:22 UTC dm: fix dm_rq_target_io leak on faults with .request_fn DM w/ blk-mq paths Using request-based DM mpath configured with the following stacking (.request_fn DM mpath ontop of scsi-mq paths): echo Y > /sys/module/scsi_mod/parameters/use_blk_mq echo N > /sys/module/dm_mod/parameters/use_blk_mq 'struct dm_rq_target_io' would leak if a request is requeued before a blk-mq clone is allocated (or fails to allocate). free_rq_tio() wasn't being called. kmemleak reported: unreferenced object 0xffff8800b90b98c0 (size 112): comm "kworker/7:1H", pid 5692, jiffies 4295056109 (age 78.589s) hex dump (first 32 bytes): 00 d0 5c 2c 03 88 ff ff 40 00 bf 01 00 c9 ff ff ..\,....@....... e0 d9 b1 34 00 88 ff ff 00 00 00 00 00 00 00 00 ...4............ backtrace: [<ffffffff81672b6e>] kmemleak_alloc+0x4e/0xb0 [<ffffffff811dbb63>] kmem_cache_alloc+0xc3/0x1e0 [<ffffffff8117eae5>] mempool_alloc_slab+0x15/0x20 [<ffffffff8117ec1e>] mempool_alloc+0x6e/0x170 [<ffffffffa00029ac>] dm_old_prep_fn+0x3c/0x180 [dm_mod] [<ffffffff812fbd78>] blk_peek_request+0x168/0x290 [<ffffffffa0003e62>] dm_request_fn+0xb2/0x1b0 [dm_mod] [<ffffffff812f66e3>] __blk_run_queue+0x33/0x40 [<ffffffff812f9585>] blk_delay_work+0x25/0x40 [<ffffffff81096fff>] process_one_work+0x14f/0x3d0 [<ffffffff81097715>] worker_thread+0x125/0x4b0 [<ffffffff8109ce88>] kthread+0xd8/0xf0 [<ffffffff8167cb8f>] ret_from_fork+0x3f/0x70 [<ffffffffffffffff>] 0xffffffffffffffff crash> struct -o dm_rq_target_io struct dm_rq_target_io { ... } SIZE: 112 Fixes: e5863d9ad7 ("dm: allocate requests in target when stacking on blk-mq devices") Cc: stable@vger.kernel.org # 4.0+ Signed-off-by: Mike Snitzer <snitzer@redhat.com> 22 February 2016, 01:27:50 UTC
9aafabc Ivaylo Dimitrov 02 February 2016, 12:47:37 UTC power: bq27xxx_battery: Restore device name Patch <703df6c09795> ("power: bq27xxx_battery: Reorganize I2C into a module") has removed the device name numbering from bq27xxx_battery_i2c_probe. Fix that by restoring the code. Fixes: 703df6c097956d17a818e63961c82e8e9eef9fef Signed-off-by: Ivaylo Dimitrov <ivo.g.dimitrov.75@gmail.com> Reviewed-by: Pali Rohár <pali.rohar@gmail.com> Tested-by: Pali Rohár <pali.rohar@gmail.com> Signed-off-by: Sebastian Reichel <sre@kernel.org> 21 February 2016, 19:49:34 UTC
e35a49b Sebastian Reichel 17 January 2016, 20:36:03 UTC MAINTAINERS: update bq27xxx driver Update reviewers for bq27xxx, so that Pali and Andrew are reviewers with status and maintainer inherited from the power supply subsystem entry. Signed-off-by: Sebastian Reichel <sre@kernel.org> Acked-by: Pali Rohár <pali.rohar@gmail.com> Acked-by: Andrew F. Davis <afd@ti.com> 21 February 2016, 19:49:24 UTC
90cfde4 Gerhard Uttenthaler 22 December 2015, 16:29:16 UTC can: ems_usb: Fix possible tx overflow This patch fixes the problem that more CAN messages could be sent to the interface as could be send on the CAN bus. This was more likely for slow baud rates. The sleeping _start_xmit was woken up in the _write_bulk_callback. Under heavy TX load this produced another bulk transfer without checking the free_slots variable and hence caused the overflow in the interface. Signed-off-by: Gerhard Uttenthaler <uttenthaler@ems-wuensche.com> Cc: linux-stable <stable@vger.kernel.org> Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de> 21 February 2016, 14:09:12 UTC
81f70ba Linus Torvalds 20 February 2016, 21:39:35 UTC Linux 4.5-rc5 20 February 2016, 21:39:35 UTC
0389075 Linus Torvalds 20 February 2016, 17:32:40 UTC Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 fixes from Ingo Molnar: "This is unusually large, partly due to the EFI fixes that prevent accidental deletion of EFI variables through efivarfs that may brick machines. These fixes are somewhat involved to maintain compatibility with existing install methods and other usage modes, while trying to turn off the 'rm -rf' bricking vector. Other fixes are for large page ioremap()s and for non-temporal user-memcpy()s" * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/mm: Fix vmalloc_fault() to handle large pages properly hpet: Drop stale URLs x86/uaccess/64: Handle the caching of 4-byte nocache copies properly in __copy_user_nocache() x86/uaccess/64: Make the __copy_user_nocache() assembly code more readable lib/ucs2_string: Correct ucs2 -> utf8 conversion efi: Add pstore variables to the deletion whitelist efi: Make efivarfs entries immutable by default efi: Make our variable validation list include the guid efi: Do variable name validation tests in utf8 efi: Use ucs2_as_utf8 in efivarfs instead of open coding a bad version lib/ucs2_string: Add ucs2 -> utf8 helper functions 20 February 2016, 17:32:40 UTC
06b74c6 Linus Torvalds 20 February 2016, 17:30:42 UTC Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull perf fixes from Ingo Molnar: "A handful of CPU hotplug related fixes" * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: perf/core: Plug potential memory leak in CPU_UP_PREPARE perf/core: Remove the bogus and dangerous CPU_DOWN_FAILED hotplug state perf/core: Remove bogus UP_CANCELED hotplug state perf/x86/amd/uncore: Plug reference leak 20 February 2016, 17:30:42 UTC
e6a1c1e Linus Torvalds 20 February 2016, 17:22:11 UTC Merge tag 'powerpc-4.5-3' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux Pull powerpc fixes from Michael Ellerman: - Fix build error on 32-bit with checkpoint restart from Aneesh Kumar - Fix dedotify for binutils >= 2.26 from Andreas Schwab - Don't trace hcalls on offline CPUs from Denis Kirjanov - eeh: Fix stale cached primary bus from Gavin Shan - eeh: Fix stale PE primary bus from Gavin Shan - mm: Fix Multi hit ERAT cause by recent THP update from Aneesh Kumar K.V - ioda: Set "read" permission when "write" is set from Alexey Kardashevskiy * tag 'powerpc-4.5-3' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux: powerpc/ioda: Set "read" permission when "write" is set powerpc/mm: Fix Multi hit ERAT cause by recent THP update powerpc/powernv: Fix stale PE primary bus powerpc/eeh: Fix stale cached primary bus powerpc/pseries: Don't trace hcalls on offline CPUs powerpc: Fix dedotify for binutils >= 2.26 powerpc/book3s_32: Fix build error with checkpoint restart 20 February 2016, 17:22:11 UTC
da6b736 Linus Torvalds 20 February 2016, 17:19:56 UTC Merge tag 'dmaengine-fix-4.5-rc5' of git://git.infradead.org/users/vkoul/slave-dma Pull dmaengine fixes from Vinod Koul: "A few fixes for drivers, nothing major here. Fixes are: iotdma fix to restart channels, new ID for wildcat PCH, residue fix for edma, disable irq for non-cyclic in dw" * tag 'dmaengine-fix-4.5-rc5' of git://git.infradead.org/users/vkoul/slave-dma: dmaengine: dw: disable BLOCK IRQs for non-cyclic xfer dmaengine: edma: fix residue race for cyclic dmaengine: dw: pci: add ID for WildcatPoint PCH dmaengine: IOATDMA: fix timer code that continues to restart channels during idle 20 February 2016, 17:19:56 UTC
37aa4da Linus Torvalds 20 February 2016, 17:16:51 UTC Merge tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux Pull clk driver fixes from Stephen Boyd: "An assortment of vendor specific clk drivers fixes, most notably fallout from adding Tegra210 and rockchip rk3036/rk3368 drivers this cycle. There's also the random smattering of sparse/checker fixes, a build "fix" to get the Tango clk driver to compile because the Kconfig symbol was renamed after the fact, and a clk gpio fix for a patch mismerge" * tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux: (28 commits) clk: gpio: Really allow an optional clock= DT property Revert "clk: qcom: Specify LE device endianness" clk: versatile: mask VCO bits before writing clk: tegra: super: Fix sparse warnings for functions not declared as static clk: tegra: Fix sparse warnings for functions not declared as static clk: tegra: Fix sparse warning for pll_m clk: tegra: Use definition for pll_u override bit clk: tegra: Fix warning caused by pll_u failing to lock clk: tegra: Fix clock sources for Tegra210 EMC clk: tegra: Add the APB2APE audio clock on Tegra210 clk: tegra: Add missing of_node_put() clk: tegra: Fix PLLE SS coefficients clk: tegra: Fix typos around clearing PLLE bits during enable clk: tegra: Do not disable PLLE when under hardware control clk: tegra: Fix pllx dyn step calculation clk: tegra: pll: Fix potential sleeping-while-atomic clk: tegra: Fix the misnaming of nvenc from msenc clk: tegra: Fix naming of MISC registers clk: tango4: rename ARCH_TANGOX to ARCH_TANGO clk: scpi: Fix checking return value of platform_device_register_simple() ... 20 February 2016, 17:16:51 UTC
a703f42 Linus Torvalds 20 February 2016, 17:13:18 UTC Merge branch 'drm-fixes' of git://people.freedesktop.org/~airlied/linux Pull more drm fixes from Dave Airlie: "Some more fixes trickled in: A bunch of VC4 ones since it's a pretty new driver not much chance of regressions, and it fixes GPU resets. Also one atomic fix, one set of fixes for a common bug in TTM cleanup, and one i915 hotplug fix" * 'drm-fixes' of git://people.freedesktop.org/~airlied/linux: drm/nouveau: use post-decrement in error handling drm/atomic: Allow for holes in connector state, v2. drm/i915: Fix hpd live status bits for g4x drm/vc4: Use runtime PM to power cycle the device when the GPU hangs. drm/vc4: Enable runtime PM. drm/vc4: Fix spurious GPU resets due to BO reuse. drm/vc4: Drop error message on seqno wait timeouts. drm/vc4: Fix -ERESTARTSYS error return from BO waits. drm/vc4: Return an ERR_PTR from BO creation instead of NULL. drm/vc4: Fix the clear color for the first tile rendered. drm/vc4: Validate that WAIT_BO padding is cleared. drm/radeon: use post-decrement in error handling drm/amdgpu: use post-decrement in error handling 20 February 2016, 17:13:18 UTC
59ceeaa Simon Guinot 09 September 2015, 22:15:18 UTC kernel/resource.c: fix muxed resource handling in __request_region() In __request_region, if a conflict with a BUSY and MUXED resource is detected, then the caller goes to sleep and waits for the resource to be released. A pointer on the conflicting resource is kept. At wake-up this pointer is used as a parent to retry to request the region. A first problem is that this pointer might well be invalid (if for example the conflicting resource have already been freed). Another problem is that the next call to __request_region() fails to detect a remaining conflict. The previously conflicting resource is passed as a parameter and __request_region() will look for a conflict among the children of this resource and not at the resource itself. It is likely to succeed anyway, even if there is still a conflict. Instead, the parent of the conflicting resource should be passed to __request_region(). As a fix, this patch doesn't update the parent resource pointer in the case we have to wait for a muxed region right after. Reported-and-tested-by: Vincent Pelletier <plr.vincent@gmail.com> Signed-off-by: Simon Guinot <simon.guinot@sequanux.org> Tested-by: Vincent Donnefort <vdonnefort@gmail.com> Cc: stable@kernel.org Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 20 February 2016, 16:57:52 UTC
3bd7594 Douglas Anderson 19 February 2016, 22:25:21 UTC Bluetooth: hci_core: Avoid mixing up req_complete and req_complete_skb In commit 44d271377479 ("Bluetooth: Compress the size of struct hci_ctrl") we squashed down the size of the structure by using a union with the assumption that all users would use the flag to determine whether we had a req_complete or a req_complete_skb. Unfortunately we had a case in hci_req_cmd_complete() where we weren't looking at the flag. This can result in a situation where we might be storing a hci_req_complete_skb_t in a hci_req_complete_t variable, or vice versa. During some testing I found at least one case where the function hci_req_sync_complete() was called improperly because the kernel thought that it didn't require an SKB. Looking through the stack in kgdb I found that it was called by hci_event_packet() and that hci_event_packet() had both of its locals "req_complete" and "req_complete_skb" pointing to the same place: both to hci_req_sync_complete(). Let's make sure we always check the flag. For more details on debugging done, see <http://crbug.com/588288>. Fixes: 44d271377479 ("Bluetooth: Compress the size of struct hci_ctrl") Signed-off-by: Douglas Anderson <dianders@chromium.org> Acked-by: Johan Hedberg <johan.hedberg@intel.com> Signed-off-by: Marcel Holtmann <marcel@holtmann.org> 20 February 2016, 07:52:28 UTC
7ae8fd0 Maxim Patlasov 16 February 2016, 19:45:33 UTC fs/pnode.c: treat zero mnt_group_id-s as unequal propagate_one(m) calculates "type" argument for copy_tree() like this: > if (m->mnt_group_id == last_dest->mnt_group_id) { > type = CL_MAKE_SHARED; > } else { > type = CL_SLAVE; > if (IS_MNT_SHARED(m)) > type |= CL_MAKE_SHARED; > } The "type" argument then governs clone_mnt() behavior with respect to flags and mnt_master of new mount. When we iterate through a slave group, it is possible that both current "m" and "last_dest" are not shared (although, both are slaves, i.e. have non-NULL mnt_master-s). Then the comparison above erroneously makes new mount shared and sets its mnt_master to last_source->mnt_master. The patch fixes the problem by handling zero mnt_group_id-s as though they are unequal. The similar problem exists in the implementation of "else" clause above when we have to ascend upward in the master/slave tree by calling: > last_source = last_source->mnt_master; > last_dest = last_source->mnt_parent; proper number of times. The last step is governed by "n->mnt_group_id != last_dest->mnt_group_id" condition that may lie if both are zero. The patch fixes this case in the same way as the former one. [AV: don't open-code an obvious helper...] Signed-off-by: Maxim Patlasov <mpatlasov@virtuozzo.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 20 February 2016, 05:15:52 UTC
0bacbe5 Al Viro 02 February 2016, 02:28:05 UTC affs_do_readpage_ofs(): just use kmap_atomic() around memcpy() It forgets kunmap() on a failure exit, but there's really no point keeping the page kmapped at all - after all, what we are doing is a bunch of memcpy() into the parts of page, so kmap_atomic()/kunmap_atomic() just around those memcpy() is enough. Spotted-by: Insu Yun <wuninsu@gmail.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 20 February 2016, 05:15:51 UTC
0e9a7da Mateusz Guzik 04 February 2016, 01:56:30 UTC xattr handlers: plug a lock leak in simple_xattr_list The code could leak xattrs->lock on error. Problem introduced with 786534b92f3ce68f4 "tmpfs: listxattr should include POSIX ACL xattrs". Signed-off-by: Mateusz Guzik <mguzik@redhat.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 20 February 2016, 05:15:51 UTC
2feb55f Wouter van Kesteren 16 February 2016, 21:20:59 UTC fs: allow no_seek_end_llseek to actually seek The user-visible impact of the issue is for example that without this patch sensors-detect breaks when trying to seek in /dev/cpu/0/cpuid. '~0ULL' is a 'unsigned long long' that when converted to a loff_t, which is signed, gets turned into -1. later in vfs_setpos we have 'if (offset > maxsize)', which makes it always return EINVAL. Fixes: b25472f9b961 ("new helpers: no_seek_end_llseek{,_size}()") Signed-off-by: Wouter van Kesteren <woutershep@gmail.com> Reviewed-by: Andreas Dilger <adilger@dilger.ca> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> 20 February 2016, 05:15:50 UTC
d07c027 Jaedon Shin 19 February 2016, 04:48:50 UTC net: bcmgenet: Fix internal PHY link state The PHY link state is not chaged in GENETv2 caused by the previous commit 49f7a471e4d1 ("net: bcmgenet: Properly configure PHY to ignore interrupt") was set to PHY_IGNORE_INTERRUPT in bcmgenet_mii_probe(). The internal PHY should use phy_mac_interrupt() when not in use PHY_POLL. The statement for phy_mac_interrupt() has two conditions. The first condition to check GENET_HAS_MDIO_INTR is not related PHY link state, so this patch removes it. Fixes: 49f7a471e4d1 ("net: bcmgenet: Properly configure PHY to ignore interrupt") Signed-off-by: Jaedon Shin <jaedon.shin@gmail.com> Acked-by: Florian Fainelli <f.fainelli@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> 20 February 2016, 04:51:40 UTC
18eceb8 Rainer Weikusat 18 February 2016, 12:39:46 UTC af_unix: Don't use continue to re-execute unix_stream_read_generic loop The unix_stream_read_generic function tries to use a continue statement to restart the receive loop after waiting for a message. This may not work as intended as the caller might use a recvmsg call to peek at control messages without specifying a message buffer. If this was the case, the continue will cause the function to return without an error and without the credential information if the function had to wait for a message while it had returned with the credentials otherwise. Change to using goto to restart the loop without checking the condition first in this case so that credentials are returned either way. Signed-off-by: Rainer Weikusat <rweikusat@mobileactivedefense.com> Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by: David S. Miller <davem@davemloft.net> 20 February 2016, 04:50:31 UTC
b5f0549 Dmitry V. Levin 19 February 2016, 01:27:48 UTC unix_diag: fix incorrect sign extension in unix_lookup_by_ino The value passed by unix_diag_get_exact to unix_lookup_by_ino has type __u32, but unix_lookup_by_ino's argument ino has type int, which is not a problem yet. However, when ino is compared with sock_i_ino return value of type unsigned long, ino is sign extended to signed long, and this results to incorrect comparison on 64-bit architectures for inode numbers greater than INT_MAX. This bug was found by strace test suite. Fixes: 5d3cae8bc39d ("unix_diag: Dumping exact socket core") Signed-off-by: Dmitry V. Levin <ldv@altlinux.org> Acked-by: Cong Wang <xiyou.wangcong@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> 20 February 2016, 04:49:23 UTC
5a0e2f2 David S. Miller 20 February 2016, 04:39:32 UTC Merge branch 'bnxt_en-fixes' Michael Chan says: ==================== bnxt_en: Phy related fixes. 3 small patches to fix PHY related code. ==================== Signed-off-by: David S. Miller <davem@davemloft.net> 20 February 2016, 04:39:32 UTC
ba41d46 Michael Chan 20 February 2016, 00:43:21 UTC bnxt_en: Failure to update PHY is not fatal condition. If we fail to update the PHY, we should print a warning and continue. The current code to exit is buggy as it has not freed up the NIC resources yet. Signed-off-by: Michael Chan <michael.chan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net> 20 February 2016, 04:39:32 UTC
de73018 Michael Chan 20 February 2016, 00:43:20 UTC bnxt_en: Remove unnecessary call to update PHY settings. Fix bnxt_update_phy_setting() to check the correct parameters when determining whether to update the PHY. Requested line speed/duplex should only be checked for forced speed mode. This avoids unnecessary link interruptions when loading the driver. Signed-off-by: Michael Chan <michael.chan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net> 20 February 2016, 04:39:32 UTC
035a153 Michael Chan 20 February 2016, 00:43:19 UTC bnxt_en: Poll link at the end of __bnxt_open_nic(). When shutting down the NIC, we shutdown async event processing before freeing all the rings. If there is a link change event during reset, the driver may miss it and the link state may be incorrect after the NIC is re-opened. Poll the link at the end of __bnxt_open_nic() to get the correct link status. Signed-off-by Michael Chan <michael.chan@broadcom.com> Signed-off-by: David S. Miller <davem@davemloft.net> 20 February 2016, 04:39:32 UTC
000e094 Nishanth Menon 20 February 2016, 00:09:51 UTC hwmon: (gpio-fan) Remove un-necessary speed_index lookup for thermal hook Thermal hook gpio_fan_get_cur_state is only interested in knowing the current speed index that was setup in the system, this is already available as part of fan_data->speed_index which is always set by set_fan_speed. Using get_fan_speed_index is useful when we have no idea about the fan speed configuration (for example during fan_ctrl_init). When thermal framework invokes gpio_fan_get_cur_state=>get_fan_speed_index via gpio_fan_get_cur_state especially in a polled configuration for thermal governor, we basically hog the i2c interface to the extent that other functions fail to get any traffic out :(. Instead, just provide the last state set in the driver - since the gpio fan driver is responsible for the fan state immaterial of override, the fan_data->speed_index should accurately reflect the state. Fixes: b5cf88e46bad ("(gpio-fan): Add thermal control hooks") Reported-by: Tony Lindgren <tony@atomide.com> Cc: Guenter Roeck <linux@roeck-us.net> Cc: Eduardo Valentin <edubezval@gmail.com> Signed-off-by: Nishanth Menon <nm@ti.com> Cc: stable@vger.kernel.org Signed-off-by: Guenter Roeck <linux@roeck-us.net> 20 February 2016, 01:14:25 UTC
747ffe1 Dan Williams 19 February 2016, 23:21:14 UTC libnvdimm, tools/testing/nvdimm: fix 'ars_status' output buffer sizing Use the output length specified in the command to size the receive buffer rather than the arbitrary 4K limit. This bug was hiding the fact that the ndctl implementation of ndctl_bus_cmd_new_ars_status() was not specifying an output buffer size. Cc: <stable@vger.kernel.org> Cc: Vishal Verma <vishal.l.verma@intel.com> Signed-off-by: Dan Williams <dan.j.williams@intel.com> 19 February 2016, 23:21:52 UTC
020ecbb Linus Torvalds 19 February 2016, 21:44:12 UTC Merge tag 'ext4_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4 Pull ext4 bugfixes from Ted Ts'o: "Miscellaneous ext4 bug fixes for v4.5" * tag 'ext4_for_linus_stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4: ext4: fix crashes in dioread_nolock mode ext4: fix bh->b_state corruption ext4: fix memleak in ext4_readdir() ext4: remove unused parameter "newblock" in convert_initialized_extent() ext4: don't read blocks from disk after extents being swapped ext4: fix potential integer overflow ext4: add a line break for proc mb_groups display ext4: ioctl: fix erroneous return value ext4: fix scheduling in atomic on group checksum failure ext4 crypto: move context consistency check to ext4_file_open() ext4 crypto: revalidate dentry after adding or removing the key 19 February 2016, 21:44:12 UTC
ce6b714 Linus Torvalds 19 February 2016, 21:40:42 UTC Merge branch 'for-linus-4.5' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs Pull btrfs fix from Chris Mason: "My for-linus-4.5 branch has a btrfs DIO error passing fix. I know how much you love DIO, so I'm going to suggest against reading it. We'll follow up with a patch to drop the error arg from dio_end_io in the next merge window." * 'for-linus-4.5' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs: Btrfs: fix direct IO requests not reporting IO error to user space 19 February 2016, 21:40:42 UTC
87d9ac7 Linus Torvalds 19 February 2016, 21:36:00 UTC Merge branch 'akpm' (patches from Andrew) Merge fixes from Andrew Morton: "10 fixes" * emailed patches from Andrew Morton <akpm@linux-foundation.org>: mm: slab: free kmem_cache_node after destroy sysfs file ipc/shm: handle removed segments gracefully in shm_mmap() MAINTAINERS: update Kselftest Framework mailing list devm_memremap_release(): fix memremap'd addr handling mm/hugetlb.c: fix incorrect proc nr_hugepages value mm, x86: fix pte_page() crash in gup_pte_range() fsnotify: turn fsnotify reaper thread into a workqueue job Revert "fsnotify: destroy marks with call_srcu instead of dedicated thread" mm: fix regression in remap_file_pages() emulation thp, dax: do not try to withdraw pgtable from non-anon VMA 19 February 2016, 21:36:00 UTC
8d2c3ab Paul Bolle 18 February 2016, 20:29:08 UTC ser_gigaset: use container_of() instead of detour The purpose of gigaset_device_release() is to kfree() the struct ser_cardstate that contains our struct device. This is done via a bit of a detour. First we make our struct device's driver_data point to the container of our struct ser_cardstate (which is a struct cardstate). In gigaset_device_release() we then retrieve that driver_data again. And after that we finally kfree() the struct ser_cardstate that was saved in the struct cardstate. All of this can be achieved much easier by using container_of() to get from our struct device to its container, struct ser_cardstate. Do so. Note that at the time the detour was implemented commit b8b2c7d845d5 ("base/platform: assert that dev_pm_domain callbacks are called unconditionally") had just entered the tree. That commit disconnected our platform_device and our platform_driver. These were reconnected again in v4.5-rc2 through commit 25cad69f21f5 ("base/platform: Fix platform drivers with no probe callback"). And one of the consequences of that fix was that it broke the detour via driver_data. That's because it made __device_release_driver() stop being a NOP for our struct device and actually do stuff again. One of the things it now does, is setting our driver_data to NULL. That, in turn, makes it impossible for gigaset_device_release() to get to our struct cardstate. Which has the net effect of leaking a struct ser_cardstate at every call of this driver's tty close() operation. So using container_of() has the additional benefit of actually working. Reported-by: Dmitry Vyukov <dvyukov@google.com> Tested-by: Dmitry Vyukov <dvyukov@google.com> Signed-off-by: Paul Bolle <pebolle@tiscali.nl> Acked-by: Tilman Schmidt <tilman@imap.cc> Signed-off-by: David S. Miller <davem@davemloft.net> 19 February 2016, 20:52:41 UTC
0b7662c David S. Miller 19 February 2016, 20:51:18 UTC Merge tag 'wireless-drivers-for-davem-2016-02-18' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers Kalle Valo says: ==================== rtlwifi * fix broken VHT (802.11ac) support, reported by Linus wlcore * fix firmware initialisation regression on wl1271 iwlwifi * fix a race that users reported when we try to load the firmware and the hardware rfkill interrupt triggers at the same time * fix a very visible bug in scheduled scan: the firmware doesn't support scheduled scan with no profile configured and the supplicant sometimes requests such scheduled scans * build system fix to be able to link iwlwifi statically into kernel * firmware name update for 8265 * typo fix in return value ==================== Signed-off-by: David S. Miller <davem@davemloft.net> 19 February 2016, 20:51:18 UTC
1003e19 Steve Wise 18 February 2016, 14:34:24 UTC cxgb3: fix up vpd strings for kstrto*() The vpd strings are left justified, in a fixed length array, with possible trailing white space and no NUL. So fix them up before calling kstrto*(). This is a recent regression which causes cxgb3 to fail to load. Fixes: e72c932 ("cxgb3: Convert simple_strtoul to kstrtox") Signed-off-by: Steve Wise <swise@opengridcomputing.com> Signed-off-by: David S. Miller <davem@davemloft.net> 19 February 2016, 20:49:31 UTC
c868ee7 Paolo Abeni 17 February 2016, 18:30:01 UTC lwt: fix rx checksum setting for lwt devices tunneling over ipv6 the commit 35e2d1152b22 ("tunnels: Allow IPv6 UDP checksums to be correctly controlled.") changed the default xmit checksum setting for lwt vxlan/geneve ipv6 tunnels, so that now the checksum is not set into external UDP header. This commit changes the rx checksum setting for both lwt vxlan/geneve devices created by openvswitch accordingly, so that lwt over ipv6 tunnel pairs are again able to communicate with default values. Signed-off-by: Paolo Abeni <pabeni@redhat.com> Acked-by: Jiri Benc <jbenc@redhat.com> Acked-by: Jesse Gross <jesse@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net> 19 February 2016, 20:39:30 UTC
b53ce3e Insu Yun 17 February 2016, 16:47:35 UTC tipc: unlock in error path tipc_bcast_unlock need to be unlocked in error path. Signed-off-by: Insu Yun <wuninsu@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> 19 February 2016, 20:38:44 UTC
29d1441 David S. Miller 19 February 2016, 20:35:29 UTC Merge tag 'batman-adv-fix-for-davem' of git://git.open-mesh.org/linux-merge Antonio Quartulli says: ==================== Two of the fixes included in this patchset prevent wrong memory access - it was triggered when removing an object from a list after it was already free'd due to bad reference counting. This misbehaviour existed for both the gw_node and the orig_node_vlan object and has been fixed by Sven Eckelmann. The last patch fixes our interface feasibility check and prevents it from looping indefinitely when two net_device objects reference each other via iflink index (i.e. veth pair), by Andrew Lunn ==================== Signed-off-by: David S. Miller <davem@davemloft.net> 19 February 2016, 20:35:29 UTC
a97eb33 Anton Protopopov 17 February 2016, 02:43:16 UTC rtnl: RTM_GETNETCONF: fix wrong return value An error response from a RTM_GETNETCONF request can return the positive error value EINVAL in the struct nlmsgerr that can mislead userspace. Signed-off-by: Anton Protopopov <a.s.protopopov@gmail.com> Acked-by: Cong Wang <xiyou.wangcong@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> 19 February 2016, 20:33:46 UTC
cfdd28b Nikolay Aleksandrov 17 February 2016, 17:00:31 UTC net: make netdev_for_each_lower_dev safe for device removal When I used netdev_for_each_lower_dev in commit bad531623253 ("vrf: remove slave queue and private slave struct") I thought that it acts like netdev_for_each_lower_private and can be used to remove the current device from the list while walking, but unfortunately it acts more like netdev_for_each_lower_private_rcu and doesn't allow it. The difference is where the "iter" points to, right now it points to the current element and that makes it impossible to remove it. Change the logic to be similar to netdev_for_each_lower_private and make it point to the "next" element so we can safely delete the current one. VRF is the only such user right now, there's no change for the read-only users. Here's what can happen now: [98423.249858] general protection fault: 0000 [#1] SMP [98423.250175] Modules linked in: vrf bridge(O) stp llc nfsd auth_rpcgss oid_registry nfs_acl nfs lockd grace sunrpc crct10dif_pclmul crc32_pclmul crc32c_intel ghash_clmulni_intel jitterentropy_rng sha256_generic hmac drbg ppdev aesni_intel aes_x86_64 glue_helper lrw gf128mul ablk_helper cryptd evdev serio_raw pcspkr virtio_balloon parport_pc parport i2c_piix4 i2c_core virtio_console acpi_cpufreq button 9pnet_virtio 9p 9pnet fscache ipv6 autofs4 ext4 crc16 mbcache jbd2 sg virtio_blk virtio_net sr_mod cdrom e1000 ata_generic ehci_pci uhci_hcd ehci_hcd usbcore usb_common virtio_pci ata_piix libata floppy virtio_ring virtio scsi_mod [last unloaded: bridge] [98423.255040] CPU: 1 PID: 14173 Comm: ip Tainted: G O 4.5.0-rc2+ #81 [98423.255386] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.8.1-20150318_183358- 04/01/2014 [98423.255777] task: ffff8800547f5540 ti: ffff88003428c000 task.ti: ffff88003428c000 [98423.256123] RIP: 0010:[<ffffffff81514f3e>] [<ffffffff81514f3e>] netdev_lower_get_next+0x1e/0x30 [98423.256534] RSP: 0018:ffff88003428f940 EFLAGS: 00010207 [98423.256766] RAX: 0002000100000004 RBX: ffff880054ff9000 RCX: 0000000000000000 [98423.257039] RDX: ffff88003428f8b8 RSI: ffff88003428f950 RDI: ffff880054ff90c0 [98423.257287] RBP: ffff88003428f940 R08: 0000000000000000 R09: 0000000000000000 [98423.257537] R10: 0000000000000001 R11: 0000000000000000 R12: ffff88003428f9e0 [98423.257802] R13: ffff880054a5fd00 R14: ffff88003428f970 R15: 0000000000000001 [98423.258055] FS: 00007f3d76881700(0000) GS:ffff88005d000000(0000) knlGS:0000000000000000 [98423.258418] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [98423.258650] CR2: 00007ffe5951ffa8 CR3: 0000000052077000 CR4: 00000000000406e0 [98423.258902] Stack: [98423.259075] ffff88003428f960 ffffffffa0442636 0002000100000004 ffff880054ff9000 [98423.259647] ffff88003428f9b0 ffffffff81518205 ffff880054ff9000 ffff88003428f978 [98423.260208] ffff88003428f978 ffff88003428f9e0 ffff88003428f9e0 ffff880035b35f00 [98423.260739] Call Trace: [98423.260920] [<ffffffffa0442636>] vrf_dev_uninit+0x76/0xa0 [vrf] [98423.261156] [<ffffffff81518205>] rollback_registered_many+0x205/0x390 [98423.261401] [<ffffffff815183ec>] unregister_netdevice_many+0x1c/0x70 [98423.261641] [<ffffffff8153223c>] rtnl_delete_link+0x3c/0x50 [98423.271557] [<ffffffff815335bb>] rtnl_dellink+0xcb/0x1d0 [98423.271800] [<ffffffff811cd7da>] ? __inc_zone_state+0x4a/0x90 [98423.272049] [<ffffffff815337b4>] rtnetlink_rcv_msg+0x84/0x200 [98423.272279] [<ffffffff810cfe7d>] ? trace_hardirqs_on+0xd/0x10 [98423.272513] [<ffffffff8153370b>] ? rtnetlink_rcv+0x1b/0x40 [98423.272755] [<ffffffff81533730>] ? rtnetlink_rcv+0x40/0x40 [98423.272983] [<ffffffff8155d6e7>] netlink_rcv_skb+0x97/0xb0 [98423.273209] [<ffffffff8153371a>] rtnetlink_rcv+0x2a/0x40 [98423.273476] [<ffffffff8155ce8b>] netlink_unicast+0x11b/0x1a0 [98423.273710] [<ffffffff8155d2f1>] netlink_sendmsg+0x3e1/0x610 [98423.273947] [<ffffffff814fbc98>] sock_sendmsg+0x38/0x70 [98423.274175] [<ffffffff814fc253>] ___sys_sendmsg+0x2e3/0x2f0 [98423.274416] [<ffffffff810d841e>] ? do_raw_spin_unlock+0xbe/0x140 [98423.274658] [<ffffffff811e1bec>] ? handle_mm_fault+0x26c/0x2210 [98423.274894] [<ffffffff811e19cd>] ? handle_mm_fault+0x4d/0x2210 [98423.275130] [<ffffffff81269611>] ? __fget_light+0x91/0xb0 [98423.275365] [<ffffffff814fcd42>] __sys_sendmsg+0x42/0x80 [98423.275595] [<ffffffff814fcd92>] SyS_sendmsg+0x12/0x20 [98423.275827] [<ffffffff81611bb6>] entry_SYSCALL_64_fastpath+0x16/0x7a [98423.276073] Code: c3 31 c0 5d c3 0f 1f 84 00 00 00 00 00 66 66 66 66 90 48 8b 06 55 48 81 c7 c0 00 00 00 48 89 e5 48 8b 00 48 39 f8 74 09 48 89 06 <48> 8b 40 e8 5d c3 31 c0 5d c3 0f 1f 84 00 00 00 00 00 66 66 66 [98423.279639] RIP [<ffffffff81514f3e>] netdev_lower_get_next+0x1e/0x30 [98423.279920] RSP <ffff88003428f940> CC: David Ahern <dsa@cumulusnetworks.com> CC: David S. Miller <davem@davemloft.net> CC: Roopa Prabhu <roopa@cumulusnetworks.com> CC: Vlad Yasevich <vyasevic@redhat.com> Fixes: bad531623253 ("vrf: remove slave queue and private slave struct") Signed-off-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com> Reviewed-by: David Ahern <dsa@cumulusnetworks.com> Tested-by: David Ahern <dsa@cumulusnetworks.com> Signed-off-by: David S. Miller <davem@davemloft.net> 19 February 2016, 20:29:26 UTC
6697b2c Dan Williams 05 February 2016, 00:51:00 UTC nfit: fix multi-interface dimm handling, acpi6.1 compatibility ACPI 6.1 clarified that multi-interface dimms require multiple control region entries (DCRs) per dimm. Previously we were assuming that a control region is only present when block-data-windows are present. This implementation was done with an eye to be compatibility with the looser ACPI 6.0 interpretation of this table. 1/ When coalescing the memory device (MEMDEV) tables for a single dimm, coalesce on device_handle rather than control region index. 2/ Whenever we disocver a control region with non-zero block windows re-scan for block-data-window (BDW) entries. We may need to revisit this if a DIMM ever implements a format interface outside of blk or pmem, but that is not on the foreseeable horizon. Cc: <stable@vger.kernel.org> Signed-off-by: Dan Williams <dan.j.williams@intel.com> 19 February 2016, 19:47:26 UTC
6e22c83 Yang Shi 12 February 2016, 20:46:00 UTC tracing, kasan: Silence Kasan warning in check_stack of stack_tracer When enabling stack trace via "echo 1 > /proc/sys/kernel/stack_tracer_enabled", the below KASAN warning is triggered: BUG: KASAN: stack-out-of-bounds in check_stack+0x344/0x848 at addr ffffffc0689ebab8 Read of size 8 by task ksoftirqd/4/29 page:ffffffbdc3a27ac0 count:0 mapcount:0 mapping: (null) index:0x0 flags: 0x0() page dumped because: kasan: bad access detected CPU: 4 PID: 29 Comm: ksoftirqd/4 Not tainted 4.5.0-rc1 #129 Hardware name: Freescale Layerscape 2085a RDB Board (DT) Call trace: [<ffffffc000091300>] dump_backtrace+0x0/0x3a0 [<ffffffc0000916c4>] show_stack+0x24/0x30 [<ffffffc0009bbd78>] dump_stack+0xd8/0x168 [<ffffffc000420bb0>] kasan_report_error+0x6a0/0x920 [<ffffffc000421688>] kasan_report+0x70/0xb8 [<ffffffc00041f7f0>] __asan_load8+0x60/0x78 [<ffffffc0002e05c4>] check_stack+0x344/0x848 [<ffffffc0002e0c8c>] stack_trace_call+0x1c4/0x370 [<ffffffc0002af558>] ftrace_ops_no_ops+0x2c0/0x590 [<ffffffc00009f25c>] ftrace_graph_call+0x0/0x14 [<ffffffc0000881bc>] fpsimd_thread_switch+0x24/0x1e8 [<ffffffc000089864>] __switch_to+0x34/0x218 [<ffffffc0011e089c>] __schedule+0x3ac/0x15b8 [<ffffffc0011e1f6c>] schedule+0x5c/0x178 [<ffffffc0001632a8>] smpboot_thread_fn+0x350/0x960 [<ffffffc00015b518>] kthread+0x1d8/0x2b0 [<ffffffc0000874d0>] ret_from_fork+0x10/0x40 Memory state around the buggy address: ffffffc0689eb980: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 f4 f4 f4 ffffffc0689eba00: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 >ffffffc0689eba80: 00 00 f1 f1 f1 f1 00 f4 f4 f4 f3 f3 f3 f3 00 00 ^ ffffffc0689ebb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffffc0689ebb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 The stacker tracer traverses the whole kernel stack when saving the max stack trace. It may touch the stack red zones to cause the warning. So, just disable the instrumentation to silence the warning. Link: http://lkml.kernel.org/r/1455309960-18930-1-git-send-email-yang.shi@linaro.org Signed-off-by: Yang Shi <yang.shi@linaro.org> Signed-off-by: Steven Rostedt <rostedt@goodmis.org> 19 February 2016, 17:36:44 UTC
9a154c8 Steven Rostedt 11 December 2015, 19:36:17 UTC ftracetest: Fix instance test to use proper shell command for pids The ftracetest instance test used parsing of the "jobs" output to find the pid of the subshell that is executed previously. But this is not portable to all major shells that may run these tests. The proper way to get the pid of the subshell is the shell command "$!". This will return the pid of the previously executed command. Use that instead, otherwise the test does not work in all environments. Link: http://lkml.kernel.org/r/20151211143617.65f4d7a1@gandalf.local.home Reported-by: Michael Ellerman <mpe@ellerman.id.au> Signed-off-by: Steven Rostedt <rostedt@goodmis.org> 19 February 2016, 17:11:21 UTC
23300f6 Linus Torvalds 19 February 2016, 16:40:05 UTC Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux Pull arm64 fixes from Will Deacon: "Here are some more arm64 fixes for 4.5. This has mostly come from Yang Shi, who saw some issues under -rt that also affect mainline. The rest of it is pretty small, but still worth having. We've got an old issue outstanding with valid_user_regs which will likely wait until 4.6 (since it would really benefit from some time in -next) and another issue with kasan and idle which should be fixed next week. Apart from that, pretty quiet here (and still no sign of the THP issue reported on s390...) Summary: - Allow EFI stub to use strnlen(), which is required by recent libfdt - Avoid smp_processor_id() in preempt context during unwinding - Avoid false Kasan warnings during unwinding - Ensure early devices are picked up by the IOMMU DMA ops - Avoid rebuilding the kernel for the 'install' target - Run fixup handlers for alignment faults on userspace access" * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux: arm64: mm: allow the kernel to handle alignment faults on user accesses arm64: kbuild: make "make install" not depend on vmlinux arm64: dma-mapping: fix handling of devices registered before arch_initcall arm64/efi: Make strnlen() available to the EFI namespace arm/arm64: crypto: assure that ECB modes don't require an IV arm64: make irq_stack_ptr more robust arm64: debug: re-enable irqs before sending breakpoint SIGTRAP arm64: disable kasan when accessing frame->fp in unwind_frame 19 February 2016, 16:40:05 UTC
ff5f168 Linus Torvalds 19 February 2016, 16:33:12 UTC Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux Pull s390 fixes from Martin Schwidefsky: "Several bug fixes: - There are four different stack tracers, and three of them have bugs. For 4.5 the bugs are fixed and we prepare a cleanup patch for the next merge window. - Three bug fixes for the dasd driver in regard to parallel access volumes and the new max_dev_sectors block device queue limit - The irq restore optimization needs a fixup for memcpy_real - The diagnose trace code has a conflict with lockdep" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux: s390/dasd: fix performance drop s390/maccess: reduce stnsm instructions s390/diag: avoid lockdep recursion s390/dasd: fix refcount for PAV reassignment s390/dasd: prevent incorrect length error under z/VM after PAV changes s390: fix DAT off memory access, e.g. on kdump s390/oprofile: fix address range for asynchronous stack s390/perf_event: fix address range for asynchronous stack s390/stacktrace: add save_stack_trace_regs() s390/stacktrace: save full stack traces s390/stacktrace: add missing end marker s390/stacktrace: fix address ranges for asynchronous and panic stack s390/stacktrace: fix save_stack_trace_tsk() for current task 19 February 2016, 16:33:12 UTC
409ee13 Linus Torvalds 19 February 2016, 16:25:40 UTC Merge tag 'pinctrl-v4.5-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl Pull Pin control fixes from Linus Walleij: "Pin control fixes for the v4.5 series, all are individual driver fixes: - Fix the PXA2xx driver to export its init function so we do not break modular compiles. - Hide unused functions in the Nomadik driver. - Fix up direction control in the Mediatek driver. - Toggle the sunxi GPIO lines to input when you read them on the H3 GPIO controller, lest you only get garbage. - Fix up the number of settings in the MVEBU driver. - Fix a serious SMP race condition in the Samsung driver" * tag 'pinctrl-v4.5-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl: pinctrl: samsung: fix SMP race condition pinctrl: mvebu: fix num_settings in mpp group assignment pinctrl: sunxi: H3 requires irq_read_needs_mux pinctrl: mediatek: fix direction control issue pinctrl: nomadik: hide unused functions pinctrl: pxa: export pxa2xx_pinctrl_init() 19 February 2016, 16:25:40 UTC
9001b8e Linus Torvalds 19 February 2016, 16:01:41 UTC Merge tag 'sound-4.5-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound Pull sound fixes from Takashi Iwai: "This update contains again a few more fixes for ALSA core stuff although it's no longer high flux: two race fixes in sequencer and one PCM race fix for non-atomic PCM ops. In addition, HD-audio gained a similar fix for race at reloading the driver" * tag 'sound-4.5-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: ALSA: pcm: Fix rwsem deadlock for non-atomic PCM stream ALSA: seq: Fix double port list deletion ALSA: hda - Cancel probe work instead of flush at remove ALSA: seq: Fix leak of pool buffer at concurrent writes 19 February 2016, 16:01:41 UTC
52d7523 EunTaik Lee 16 February 2016, 04:44:35 UTC arm64: mm: allow the kernel to handle alignment faults on user accesses Although we don't expect to take alignment faults on access to normal memory, misbehaving (i.e. buggy) user code can pass MMIO pointers into system calls, leading to things like get_user accessing device memory. Rather than OOPS the kernel, allow any exception fixups to run and return something like -EFAULT back to userspace. This makes the behaviour more consistent with userspace, even though applications with access to device mappings can easily cause other issues if they try hard enough. Acked-by: Catalin Marinas <catalin.marinas@arm.com> Signed-off-by: Eun Taik Lee <eun.taik.lee@samsung.com> [will: dropped __kprobes annotation and rewrote commit mesage] Signed-off-by: Will Deacon <will.deacon@arm.com> 19 February 2016, 12:20:37 UTC
8684fa3 Masahiro Yamada 19 February 2016, 06:05:50 UTC arm64: kbuild: make "make install" not depend on vmlinux For the same reason as commit 19514fc665ff ("arm, kbuild: make "make install" not depend on vmlinux"), the install targets should never trigger the rebuild of the kernel. Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com> Signed-off-by: Will Deacon <will.deacon@arm.com> 19 February 2016, 10:33:35 UTC
74dae42 Jan Kara 19 February 2016, 05:33:21 UTC ext4: fix crashes in dioread_nolock mode Competing overwrite DIO in dioread_nolock mode will just overwrite pointer to io_end in the inode. This may result in data corruption or extent conversion happening from IO completion interrupt because we don't properly set buffer_defer_completion() when unlocked DIO races with locked DIO to unwritten extent. Since unlocked DIO doesn't need io_end for anything, just avoid allocating it and corrupting pointer from inode for locked DIO. A cleaner fix would be to avoid these games with io_end pointer from the inode but that requires more intrusive changes so we leave that for later. Cc: stable@vger.kernel.org Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: Theodore Ts'o <tytso@mit.edu> 19 February 2016, 05:33:21 UTC
ed8ad83 Jan Kara 19 February 2016, 05:18:25 UTC ext4: fix bh->b_state corruption ext4 can update bh->b_state non-atomically in _ext4_get_block() and ext4_da_get_block_prep(). Usually this is fine since bh is just a temporary storage for mapping information on stack but in some cases it can be fully living bh attached to a page. In such case non-atomic update of bh->b_state can race with an atomic update which then gets lost. Usually when we are mapping bh and thus updating bh->b_state non-atomically, nobody else touches the bh and so things work out fine but there is one case to especially worry about: ext4_finish_bio() uses BH_Uptodate_Lock on the first bh in the page to synchronize handling of PageWriteback state. So when blocksize < pagesize, we can be atomically modifying bh->b_state of a buffer that actually isn't under IO and thus can race e.g. with delalloc trying to map that buffer. The result is that we can mistakenly set / clear BH_Uptodate_Lock bit resulting in the corruption of PageWriteback state or missed unlock of BH_Uptodate_Lock. Fix the problem by always updating bh->b_state bits atomically. CC: stable@vger.kernel.org Reported-by: Nikolay Borisov <kernel@kyup.com> Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: Theodore Ts'o <tytso@mit.edu> 19 February 2016, 05:18:25 UTC
4fbbed4 Rasmus Villemoes 15 February 2016, 18:41:46 UTC drm/nouveau: use post-decrement in error handling We need to use post-decrement to get the dma_map_page undone also for i==0, and to avoid some very unpleasant behaviour if dma_map_page failed already at i==0. Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk> Reviewed-by: Ben Skeggs <bskeggs@redhat.com> Signed-off-by: Dave Airlie <airlied@redhat.com> 19 February 2016, 03:36:05 UTC
5fff80b Maarten Lankhorst 17 February 2016, 07:32:05 UTC drm/atomic: Allow for holes in connector state, v2. Because we record connector_mask using 1 << drm_connector_index now the connector_mask should stay the same even when other connectors are removed. This was not the case with MST, in that case when removing a connector all other connectors may change their index. This is fixed by waiting until the first get_connector_state to allocate connector_state, and force reallocation when state is too small. As a side effect connector arrays no longer have to be preallocated, and can be allocated on first use which means a less allocations in the page flip only path. Changes since v1: - Whitespace. (Ville) - Call ida_remove when destroying the connector. (Ville) - u32 alloc -> int. (Ville) Fixes: 14de6c44d149 ("drm/atomic: Remove drm_atomic_connectors_for_crtc.") Signed-off-by: Maarten Lankhorst <maarten.lankhorst@linux.intel.com> Cc: Ville Syrjälä <ville.syrjala@linux.intel.com> Reviewed-by: Lyude <cpaul@redhat.com> Reviewed-by: Ville Syrjälä <ville.syrjala@linux.intel.com> Signed-off-by: Dave Airlie <airlied@redhat.com> 19 February 2016, 03:24:03 UTC
acc1469 Peter Rosin 18 February 2016, 13:07:52 UTC hwmon: (ads1015) Handle negative conversion values correctly Make the divisor signed as DIV_ROUND_CLOSEST is undefined for negative dividends when the divisor is unsigned. Signed-off-by: Peter Rosin <peda@axentia.se> Cc: stable@vger.kernel.org Signed-off-by: Guenter Roeck <linux@roeck-us.net> 19 February 2016, 03:14:04 UTC
4462b4b Stephen Boyd 19 February 2016, 03:07:44 UTC clk: gpio: Really allow an optional clock= DT property We mis-merged the original patch from Russell here and so the patch went almost all the way, except that we still failed to probe when there wasn't a clocks property in the DT node. Allow that case by making a negative value from of_clk_get_parent_count() into "no parents", like the original patch did. Fixes: 7ed88aa2efa5 ("clk: fix clk-gpio.c with optional clock= DT property") Cc: Russell King <rmk+kernel@arm.linux.org.uk> Cc: Michael Turquette <mturquette@baylibre.com> Signed-off-by: Stephen Boyd <sboyd@codeaurora.org> 19 February 2016, 03:10:22 UTC
5441ea1 Dave Airlie 19 February 2016, 02:50:00 UTC Merge tag 'drm-vc4-fixes-2016-02-17' of github.com:anholt/linux into drm-fixes This pull request fixes GPU reset (which was disabled shortly after V3D integration due to build breakage) and waits for idle in the presence of signals (which X likes to do a lot). * tag 'drm-vc4-fixes-2016-02-17' of github.com:anholt/linux: drm/vc4: Use runtime PM to power cycle the device when the GPU hangs. drm/vc4: Enable runtime PM. drm/vc4: Fix spurious GPU resets due to BO reuse. drm/vc4: Drop error message on seqno wait timeouts. drm/vc4: Fix -ERESTARTSYS error return from BO waits. drm/vc4: Return an ERR_PTR from BO creation instead of NULL. drm/vc4: Fix the clear color for the first tile rendered. drm/vc4: Validate that WAIT_BO padding is cleared. 19 February 2016, 02:50:00 UTC
aaa7dd2 Dave Airlie 19 February 2016, 02:49:03 UTC Merge branch 'drm-fixes-4.5' of git://people.freedesktop.org/~agd5f/linux into drm-fixes Just two small fixes in the ttm_tt_populate error handling; one for radeon, one for amdgpu. * 'drm-fixes-4.5' of git://people.freedesktop.org/~agd5f/linux: drm/radeon: use post-decrement in error handling drm/amdgpu: use post-decrement in error handling 19 February 2016, 02:49:03 UTC
42412b1 Dave Airlie 19 February 2016, 02:43:03 UTC Merge tag 'drm-intel-fixes-2016-02-18' of git://anongit.freedesktop.org/drm-intel into drm-fixes single g4x hpd fix. * tag 'drm-intel-fixes-2016-02-18' of git://anongit.freedesktop.org/drm-intel: drm/i915: Fix hpd live status bits for g4x 19 February 2016, 02:43:03 UTC
d07fbb8 Trond Myklebust 19 February 2016, 01:22:03 UTC Merge tag 'nfs-rdma-4.5-1' of git://git.linux-nfs.org/projects/anna/nfs-rdma NFS: NFSoRDMA Client Bugfix This patch fixes a bug where NFS v4.1 callbacks were returning RPC_GARBAGE_ARGS to the server. Signed-off-by: Anna Schumaker <Anna@OcarinaProject.net> 19 February 2016, 01:22:03 UTC
back to top