commit c470abd4fde40ea6a0846a2beab642a578c0b8cd Author: Linus Torvalds Date: Sun Feb 19 14:34:00 2017 -0800 Linux 4.10 Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 137d01df511b3afe1f05499aea05f3bafc0fb221 Author: Al Viro Date: Sun Feb 19 07:15:27 2017 +0000 Fix missing sanity check in /dev/sg What happens is that a write to /dev/sg is given a request with non-zero ->iovec_count combined with zero ->dxfer_len. Or with ->dxferp pointing to an array full of empty iovecs. Having write permission to /dev/sg shouldn't be equivalent to the ability to trigger BUG_ON() while holding spinlocks... Found by Dmitry Vyukov and syzkaller. [ The BUG_ON() got changed to a WARN_ON_ONCE(), but this fixes the underlying issue. - Linus ] Signed-off-by: Al Viro Reported-by: Dmitry Vyukov Reviewed-by: Christoph Hellwig Cc: stable@vger.kernel.org Signed-off-by: Linus Torvalds drivers/scsi/sg.c | 4 ++++ 1 file changed, 4 insertions(+) commit fd3fc0b4d7305fa7246622dcc0dec69c42443f45 Author: Johannes Thumshirn Date: Tue Jan 31 10:16:00 2017 +0100 scsi: don't BUG_ON() empty DMA transfers Don't crash the machine just because of an empty transfer. Use WARN_ON() combined with returning an error. Found by Dmitry Vyukov and syzkaller. [ Changed to "WARN_ON_ONCE()". Al has a patch that should fix the root cause, but a BUG_ON() is not acceptable in any case, and a WARN_ON() might still be a cause of excessive log spamming. NOTE! If this warning ever triggers, we may end up leaking resources, since this doesn't bother to try to clean the command up. So this WARN_ON_ONCE() triggering does imply real problems. But BUG_ON() is much worse. People really need to stop using BUG_ON() for "this shouldn't ever happen". It makes pretty much any bug worse. - Linus ] Signed-off-by: Johannes Thumshirn Reported-by: Dmitry Vyukov Cc: James Bottomley Cc: Al Viro Cc: stable@kernel.org Signed-off-by: Linus Torvalds drivers/scsi/scsi_lib.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 00ea1ceebe0d9f2dc1cc2b7bd575a00100c27869 Author: Willem de Bruijn Date: Sat Feb 18 19:00:45 2017 -0500 ipv6: release dst on error in ip6_dst_lookup_tail If ip6_dst_lookup_tail has acquired a dst and fails the IPv4-mapped check, release the dst before returning an error. Fixes: ec5e3b0a1d41 ("ipv6: Inhibit IPv4-mapped src address on the wire.") Signed-off-by: Willem de Bruijn Acked-by: Eric Dumazet Signed-off-by: David S. Miller net/ipv6/ip6_output.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit 2763f92f858f7c4c3198335c0542726eaed07ba3 Merge: b92ce30 69e0517 Author: Linus Torvalds Date: Sat Feb 18 17:38:09 2017 -0800 Merge tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc Pull ARM SoC fixes from Arnd Bergmann: "Two more bugfixes that came in during this week: - a defconfig change to enable a vital driver used on some Qualcomm based phones. This was already queued for 4.11, but the maintainer asked to have it in 4.10 after all. - a regression fix for the reset controller framework, this got broken by a typo in the 4.10 merge window" * tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: ARM: multi_v7_defconfig: enable Qualcomm RPMCC reset: fix shared reset triggered_count decrement on error commit b92ce305fcbc8d85d1732fecf17c823c760868bd Merge: 17a984b 9e34404 Author: Linus Torvalds Date: Sat Feb 18 17:36:15 2017 -0800 Merge branch 'fixes' of git://git.armlinux.org.uk/~rmk/linux-arm Pull ARM fixes from Russell King: "A couple of fixes from Kees concerning problems he spotted with our user access support" * 'fixes' of git://git.armlinux.org.uk/~rmk/linux-arm: ARM: 8658/1: uaccess: fix zeroing of 64-bit get_user() ARM: 8657/1: uaccess: consistently check object sizes commit 17a984bccde4c9ea34d78de1535760a25ad87993 Merge: 244ff16 3ba5b5e Author: Linus Torvalds Date: Sat Feb 18 17:34:56 2017 -0800 Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 fix from Thomas Gleixner: "Make the build clean by working around yet another GCC stupidity" * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/vm86: Fix unused variable warning if THP is disabled commit 244ff16fb4717708491fa1b3b2a68f9074742d71 Merge: e602e70 25f71d1 Author: Linus Torvalds Date: Sat Feb 18 17:33:17 2017 -0800 Merge branch 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull locking fix from Thomas Gleixner: "Move the futex init function to core initcall so user mode helper does not run into an uninitialized futex syscall" * 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: futex: Move futex_init() to core_initcall commit e602e700842104096e96a7deee453183e4ed278a Merge: 3dd9c12 f222449 Author: Linus Torvalds Date: Sat Feb 18 17:30:36 2017 -0800 Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull timer fixes from Thomas Gleixner: "Two small fixes:: - Prevent deadlock on the tick broadcast lock. Found and fixed by Mike. - Stop using printk() in the timekeeping debug code to prevent a deadlock against the scheduler" * 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: timekeeping: Use deferred printk() in debug code tick/broadcast: Prevent deadlock on tick_broadcast_lock commit 3dd9c12726ffd1d548ad5264731dfe7a785768ed Merge: fc98c3c 4c03b86 Author: Linus Torvalds Date: Sat Feb 18 17:29:00 2017 -0800 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net Pull networking fixes from David Miller: 1) Fix leak in dpaa_eth error paths, from Dan Carpenter. 2) Use after free when using IPV6_RECVPKTINFO, from Andrey Konovalov. 3) fanout_release() cannot be invoked from atomic contexts, from Anoob Soman. 4) Fix bogus attempt at lockdep annotation in IRDA. 5) dev_fill_metadata_dst() can OOP on a NULL dst cache pointer, from Paolo Abeni. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: irda: Fix lockdep annotations in hashbin_delete(). vxlan: fix oops in dev_fill_metadata_dst dccp: fix freeing skb too early for IPV6_RECVPKTINFO dpaa_eth: small leak on error packet: Do not call fanout_release from atomic contexts commit fc98c3c8c9dcafd67adcce69e6ce3191d5306c9c Author: Sergey Senozhatsky Date: Sat Feb 18 03:42:54 2017 -0800 printk: use rcuidle console tracepoint Use rcuidle console tracepoint because, apparently, it may be issued from an idle CPU: hw-breakpoint: Failed to enable monitor mode on CPU 0. hw-breakpoint: CPU 0 failed to disable vector catch =============================== [ ERR: suspicious RCU usage. ] 4.10.0-rc8-next-20170215+ #119 Not tainted ------------------------------- ./include/trace/events/printk.h:32 suspicious rcu_dereference_check() usage! other info that might help us debug this: RCU used illegally from idle CPU! rcu_scheduler_active = 2, debug_locks = 0 RCU used illegally from extended quiescent state! 2 locks held by swapper/0/0: #0: (cpu_pm_notifier_lock){......}, at: [] cpu_pm_exit+0x10/0x54 #1: (console_lock){+.+.+.}, at: [] vprintk_emit+0x264/0x474 stack backtrace: CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.10.0-rc8-next-20170215+ #119 Hardware name: Generic OMAP4 (Flattened Device Tree) console_unlock vprintk_emit vprintk_default printk reset_ctrl_regs dbg_cpu_pm_notify notifier_call_chain cpu_pm_exit omap_enter_idle_coupled cpuidle_enter_state cpuidle_enter_state_coupled do_idle cpu_startup_entry start_kernel This RCU warning, however, is suppressed by lockdep_off() in printk(). lockdep_off() increments the ->lockdep_recursion counter and thus disables RCU_LOCKDEP_WARN() and debug_lockdep_rcu_enabled(), which want lockdep to be enabled "current->lockdep_recursion == 0". Link: http://lkml.kernel.org/r/20170217015932.11898-1-sergey.senozhatsky@gmail.com Signed-off-by: Sergey Senozhatsky Reported-by: Tony Lindgren Tested-by: Tony Lindgren Acked-by: Paul E. McKenney Acked-by: Steven Rostedt (VMware) Cc: Petr Mladek Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: Tony Lindgren Cc: Russell King Cc: [3.4+] Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds kernel/printk/printk.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 69e05170ef0d0c00e1098dd6a625b44f39903a6a Author: Andy Gross Date: Mon Jan 2 14:35:05 2017 -0600 ARM: multi_v7_defconfig: enable Qualcomm RPMCC This patch enables the Qualcomm RPM based Clock Controller present on A-family boards. Signed-off-by: Andy Gross Acked-by: Bjorn Andersson Signed-off-by: Olof Johansson Signed-off-by: Arnd Bergmann arch/arm/configs/multi_v7_defconfig | 1 + 1 file changed, 1 insertion(+) commit 4c03b862b12f980456f9de92db6d508a4999b788 Author: David S. Miller Date: Fri Feb 17 16:19:39 2017 -0500 irda: Fix lockdep annotations in hashbin_delete(). A nested lock depth was added to the hasbin_delete() code but it doesn't actually work some well and results in tons of lockdep splats. Fix the code instead to properly drop the lock around the operation and just keep peeking the head of the hashbin queue. Reported-by: Dmitry Vyukov Tested-by: Dmitry Vyukov Signed-off-by: David S. Miller net/irda/irqueue.c | 34 ++++++++++++++++------------------ 1 file changed, 16 insertions(+), 18 deletions(-) commit 6dc39c50e4aeb769c8ae06edf2b1a732f3490913 Merge: 2fe1e8a 5d7f5ce Author: Linus Torvalds Date: Fri Feb 17 13:01:58 2017 -0800 Merge branch 'for-linus' of git://git.kernel.dk/linux-block Pull block layer fix from Jens Axboe: "A single fix for a lockdep splat reported by Thomas and Gabriel" * 'for-linus' of git://git.kernel.dk/linux-block: cfq-iosched: don't call wbt_disable_default() with IRQs disabled commit 22f0708a718daea5e79de2d29b4829de016a4ff4 Author: Paolo Abeni Date: Fri Feb 17 19:14:27 2017 +0100 vxlan: fix oops in dev_fill_metadata_dst Since the commit 0c1d70af924b ("net: use dst_cache for vxlan device") vxlan_fill_metadata_dst() calls vxlan_get_route() passing a NULL dst_cache pointer, so the latter should explicitly check for valid dst_cache ptr. Unfortunately the commit d71785ffc7e7 ("net: add dst_cache to ovs vxlan lwtunnel") removed said check. As a result is possible to trigger a null pointer access calling vxlan_fill_metadata_dst(), e.g. with: ovs-vsctl add-br ovs-br0 ovs-vsctl add-port ovs-br0 vxlan0 -- set interface vxlan0 \ type=vxlan options:remote_ip=192.168.1.1 \ options:key=1234 options:dst_port=4789 ofport_request=10 ip address add dev ovs-br0 172.16.1.2/24 ovs-vsctl set Bridge ovs-br0 ipfix=@i -- --id=@i create IPFIX \ targets=\"172.16.1.1:1234\" sampling=1 iperf -c 172.16.1.1 -u -l 1000 -b 10M -t 1 -p 1234 This commit addresses the issue passing to vxlan_get_route() the dst_cache already available into the lwt info processed by vxlan_fill_metadata_dst(). Fixes: d71785ffc7e7 ("net: add dst_cache to ovs vxlan lwtunnel") Signed-off-by: Paolo Abeni Acked-by: Jiri Benc Signed-off-by: David S. Miller drivers/net/vxlan.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit 5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4 Author: Andrey Konovalov Date: Thu Feb 16 17:22:46 2017 +0100 dccp: fix freeing skb too early for IPV6_RECVPKTINFO In the current DCCP implementation an skb for a DCCP_PKT_REQUEST packet is forcibly freed via __kfree_skb in dccp_rcv_state_process if dccp_v6_conn_request successfully returns. However, if IPV6_RECVPKTINFO is set on a socket, the address of the skb is saved to ireq->pktopts and the ref count for skb is incremented in dccp_v6_conn_request, so skb is still in use. Nevertheless, it gets freed in dccp_rcv_state_process. Fix by calling consume_skb instead of doing goto discard and therefore calling __kfree_skb. Similar fixes for TCP: fb7e2399ec17f1004c0e0ccfd17439f8759ede01 [TCP]: skb is unexpectedly freed. 0aea76d35c9651d55bbaf746e7914e5f9ae5a25d tcp: SYN packets are now simply consumed Signed-off-by: Andrey Konovalov Acked-by: Eric Dumazet Signed-off-by: David S. Miller net/dccp/input.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 2fe1e8a7b2f4dcac3fcb07ff06b0ae7396201fd6 Merge: a0d5ef4 3f91a89 Author: Linus Torvalds Date: Fri Feb 17 09:58:32 2017 -0800 Merge tag 'powerpc-4.10-5' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux Pull powerpc fix from Michael Ellerman: "One fix from Paul: we can not use the radix MMU under a hypervisor for now. Although the code checked if the processor supports radix, that is not sufficient" * tag 'powerpc-4.10-5' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux: powerpc/64: Disable use of radix under a hypervisor commit a0d5ef457393a240869d837cda1ccb22bbbe3dc2 Merge: 444a034 722c5ac Author: Linus Torvalds Date: Fri Feb 17 09:56:34 2017 -0800 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input Pull input fix from Dmitry Torokhov: "Just a single change to Elan touchpad driver to recognize a new ACPI ID" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input: Input: elan_i2c - add ELAN0605 to the ACPI table commit 444a034d390da1b636bb2c5f02ebaa08cdbe8de1 Merge: 6adfd6a 12688dc Author: Linus Torvalds Date: Fri Feb 17 09:53:59 2017 -0800 Merge branch 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux Pull i2c fix from Wolfram Sang: "I2C has a revert to fix a regression" * 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux: Revert "i2c: designware: detect when dynamic tar update is possible" commit 6adfd6aceba0b315406b56a48733610aa24c70f8 Merge: 7ed1b12 3d4ef32 Author: Linus Torvalds Date: Fri Feb 17 09:52:33 2017 -0800 Merge tag 'mmc-v4.10-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc Pull MMC fix from Ulf Hansson: "Fix multi-bit bus width without high-speed mode for MMC" * tag 'mmc-v4.10-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc: mmc: core: fix multi-bit bus width without high-speed mode commit 7ed1b1255919ac46c4b2aab87d1220ec3bd4cbae Merge: 0722f57bf 939ada5 Author: Linus Torvalds Date: Fri Feb 17 09:51:05 2017 -0800 Merge tag 'ntb-4.10-bugfixes' of git://github.com/jonmason/ntb Pull NTB bugfixes frfom Jon Mason: "NTB bug fixes to address a crash when unloading the ntb module, a DMA engine unmap leak, allowing the proper queue choice, and clearing the SKX irq bit" * tag 'ntb-4.10-bugfixes' of git://github.com/jonmason/ntb: ntb: ntb_hw_intel: link_poll isn't clearing the pending status properly ntb_transport: Pick an unused queue ntb: ntb_perf missing dmaengine_unmap_put NTB: ntb_transport: fix debugfs_remove_recursive commit 785f35775d968e0f45231b754e945fcb3ed6bded Author: Dan Carpenter Date: Thu Feb 16 12:56:10 2017 +0300 dpaa_eth: small leak on error This should be >= instead of > here. It means that we don't increment the free count enough so it becomes off by one. Fixes: 9ad1a3749333 ("dpaa_eth: add support for DPAA Ethernet") Signed-off-by: Dan Carpenter Signed-off-by: David S. Miller drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 6fe1bfc46cad54a4ef337f9935f764a90865236b Merge: 7089db8 e5a1dad Author: Arnd Bergmann Date: Fri Feb 17 17:25:15 2017 +0100 Merge tag 'reset-for-4.10-fixes' of https://git.pengutronix.de/git/pza/linux into fixes Pull "Reset controller fixes for v4.10" from Philipp Zabel: - Remove erroneous negation of the error check of the reset function to decrement trigger_count in the error case, not on success. This fixes shared resets to actually only trigger once, as intended. * tag 'reset-for-4.10-fixes' of https://git.pengutronix.de/git/pza/linux: reset: fix shared reset triggered_count decrement on error commit 2bd624b4611ffee36422782d16e1c944d1351e98 Author: Anoob Soman Date: Wed Feb 15 20:25:39 2017 +0000 packet: Do not call fanout_release from atomic contexts Commit 6664498280cf ("packet: call fanout_release, while UNREGISTERING a netdev"), unfortunately, introduced the following issues. 1. calling mutex_lock(&fanout_mutex) (fanout_release()) from inside rcu_read-side critical section. rcu_read_lock disables preemption, most often, which prohibits calling sleeping functions. [ ] include/linux/rcupdate.h:560 Illegal context switch in RCU read-side critical section! [ ] [ ] rcu_scheduler_active = 1, debug_locks = 0 [ ] 4 locks held by ovs-vswitchd/1969: [ ] #0: (cb_lock){++++++}, at: [] genl_rcv+0x19/0x40 [ ] #1: (ovs_mutex){+.+.+.}, at: [] ovs_vport_cmd_del+0x4a/0x100 [openvswitch] [ ] #2: (rtnl_mutex){+.+.+.}, at: [] rtnl_lock+0x17/0x20 [ ] #3: (rcu_read_lock){......}, at: [] packet_notifier+0x5/0x3f0 [ ] [ ] Call Trace: [ ] [] dump_stack+0x85/0xc4 [ ] [] lockdep_rcu_suspicious+0x107/0x110 [ ] [] ___might_sleep+0x57/0x210 [ ] [] __might_sleep+0x70/0x90 [ ] [] mutex_lock_nested+0x3c/0x3a0 [ ] [] ? vprintk_default+0x1f/0x30 [ ] [] ? printk+0x4d/0x4f [ ] [] fanout_release+0x1d/0xe0 [ ] [] packet_notifier+0x2f9/0x3f0 2. calling mutex_lock(&fanout_mutex) inside spin_lock(&po->bind_lock). "sleeping function called from invalid context" [ ] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:620 [ ] in_atomic(): 1, irqs_disabled(): 0, pid: 1969, name: ovs-vswitchd [ ] INFO: lockdep is turned off. [ ] Call Trace: [ ] [] dump_stack+0x85/0xc4 [ ] [] ___might_sleep+0x202/0x210 [ ] [] __might_sleep+0x70/0x90 [ ] [] mutex_lock_nested+0x3c/0x3a0 [ ] [] fanout_release+0x1d/0xe0 [ ] [] packet_notifier+0x2f9/0x3f0 3. calling dev_remove_pack(&fanout->prot_hook), from inside spin_lock(&po->bind_lock) or rcu_read-side critical-section. dev_remove_pack() -> synchronize_net(), which might sleep. [ ] BUG: scheduling while atomic: ovs-vswitchd/1969/0x00000002 [ ] INFO: lockdep is turned off. [ ] Call Trace: [ ] [] dump_stack+0x85/0xc4 [ ] [] __schedule_bug+0x64/0x73 [ ] [] __schedule+0x6b/0xd10 [ ] [] schedule+0x6b/0x80 [ ] [] schedule_timeout+0x38d/0x410 [ ] [] synchronize_sched_expedited+0x53d/0x810 [ ] [] synchronize_rcu_expedited+0xe/0x10 [ ] [] synchronize_net+0x35/0x50 [ ] [] dev_remove_pack+0x13/0x20 [ ] [] fanout_release+0xbe/0xe0 [ ] [] packet_notifier+0x2f9/0x3f0 4. fanout_release() races with calls from different CPU. To fix the above problems, remove the call to fanout_release() under rcu_read_lock(). Instead, call __dev_remove_pack(&fanout->prot_hook) and netdev_run_todo will be happy that &dev->ptype_specific list is empty. In order to achieve this, I moved dev_{add,remove}_pack() out of fanout_{add,release} to __fanout_{link,unlink}. So, call to {,__}unregister_prot_hook() will make sure fanout->prot_hook is removed as well. Fixes: 6664498280cf ("packet: call fanout_release, while UNREGISTERING a netdev") Reported-by: Eric Dumazet Signed-off-by: Anoob Soman Acked-by: Eric Dumazet Signed-off-by: David S. Miller net/packet/af_packet.c | 31 ++++++++++++++++++++++--------- 1 file changed, 22 insertions(+), 9 deletions(-) commit e5a1dadec3648019a838b85357b67f241fbb02e8 Author: Jerome Brunet Date: Wed Feb 15 19:15:51 2017 +0100 reset: fix shared reset triggered_count decrement on error For a shared reset, when the reset is successful, the triggered_count is incremented when trying to call the reset callback, so that another device sharing the same reset line won't trigger it again. If the reset has not been triggered successfully, the trigger_count should be decremented. The code does the opposite, and decrements the trigger_count on success. As a consequence, another device sharing the reset will be able to trigger it again. Fixed be removing negation in from of the error code of the reset function. Fixes: 7da33a37b48f ("reset: allow using reset_control_reset with shared reset") Signed-off-by: Jerome Brunet Acked-by: Martin Blumenstingl Signed-off-by: Philipp Zabel drivers/reset/core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 939ada5fb587840ae4db47846087be4162477b13 Author: Dave Jiang Date: Thu Feb 16 16:22:36 2017 -0700 ntb: ntb_hw_intel: link_poll isn't clearing the pending status properly On Skylake hardware, the link_poll isn't clearing the pending interrupt bit. Adding a new function for SKX that handles clearing of status bit the right way. Signed-off-by: Dave Jiang Fixes: 783dfa6c ("ntb: Adding Skylake Xeon NTB support") Signed-off-by: Jon Mason drivers/ntb/hw/intel/ntb_hw_intel.c | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) commit 8fcd0950c021d7be8493280541332b924b9de962 Author: Thomas VanSelus Date: Mon Feb 13 16:46:26 2017 -0600 ntb_transport: Pick an unused queue Fix typo causing ntb_transport_create_queue to select the first queue every time, instead of using the next free queue. Signed-off-by: Thomas VanSelus Signed-off-by: Aaron Sierra Acked-by: Allen Hubbe Fixes: fce8a7bb5 ("PCI-Express Non-Transparent Bridge Support") Signed-off-by: Jon Mason drivers/ntb/ntb_transport.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 9644347c5240d0ee3ba7472ef332aaa4ff4db398 Author: Dave Jiang Date: Mon Jan 30 14:21:17 2017 -0700 ntb: ntb_perf missing dmaengine_unmap_put In the normal I/O execution path, ntb_perf is missing a call to dmaengine_unmap_put() after submission. That causes us to leak unmap objects. Signed-off-by: Dave Jiang Fixes: 8a7b6a77 ("ntb: ntb perf tool") Signed-off-by: Jon Mason drivers/ntb/test/ntb_perf.c | 2 ++ 1 file changed, 2 insertions(+) commit dd62245e73de9138333cb0e7a42c8bc1215c3ce6 Author: Allen Hubbe Date: Tue Dec 27 17:57:04 2016 -0500 NTB: ntb_transport: fix debugfs_remove_recursive The call to debugfs_remove_recursive(qp->debugfs_dir) of the sub-level directory must not be later than debugfs_remove_recursive(nt_debugfs_dir) of the top-level directory. Otherwise, the sub-level directory will not exist, and it would be invalid (panic) to attempt to remove it. This removes the top-level directory last, after sub-level directories have been cleaned up. Signed-off-by: Allen Hubbe Fixes: e26a5843f ("NTB: Split ntb_hw_intel and ntb_transport drivers") Signed-off-by: Jon Mason drivers/ntb/ntb_transport.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 0722f57bfae9abbc673b9dbe495c7da2f64676ea Merge: 558e8e2 18a0de8 Author: Linus Torvalds Date: Thu Feb 16 18:44:38 2017 -0800 Merge tag 'drm-fixes-for-v4.10-final' of git://people.freedesktop.org/~airlied/linux Pull drm fixes from Dave Airlie: "Just two last minute fixes, one for DP MST oopses and one for a radeon regression" * tag 'drm-fixes-for-v4.10-final' of git://people.freedesktop.org/~airlied/linux: drm/radeon: Use mode h/vdisplay fields to hide out of bounds HW cursor drm/dp/mst: fix kernel oops when turning off secondary monitor commit 18a0de8816766a0da7537ef82156b5418ba5cd6e Merge: b7a2699 d74c67d Author: Dave Airlie Date: Fri Feb 17 11:13:17 2017 +1000 Merge branch 'drm-fixes-4.10' of git://people.freedesktop.org/~agd5f/linux into drm-fixes One regression fix for interlaced modes on radeon * 'drm-fixes-4.10' of git://people.freedesktop.org/~agd5f/linux: drm/radeon: Use mode h/vdisplay fields to hide out of bounds HW cursor commit 558e8e27e73f53f8a512485be538b07115fe5f3c Author: Linus Torvalds Date: Thu Feb 16 12:19:18 2017 -0800 Revert "nohz: Fix collision between tick and other hrtimers" This reverts commit 24b91e360ef521a2808771633d76ebc68bd5604b and commit 7bdb59f1ad47 ("tick/nohz: Fix possible missing clock reprog after tick soft restart") that depends on it, Pavel reports that it causes occasional boot hangs for him that seem to depend on just how the machine was booted. In particular, his machine hangs at around the PCI fixups of the EHCI USB host controller, but only hangs from cold boot, not from a warm boot. Thomas Gleixner suspecs it's a CPU hotplug interaction, particularly since Pavel also saw suspend/resume issues that seem to be related. We're reverting for now while trying to figure out the root cause. Reported-bisected-and-tested-by: Pavel Machek Acked-by: Frederic Weisbecker Cc: Wanpeng Li Cc: Peter Zijlstra Cc: Rik van Riel Cc: Thomas Gleixner Cc: stable@kernel.org # reverted commits were marked for stable Signed-off-by: Linus Torvalds kernel/time/tick-sched.c | 14 ++------------ kernel/time/tick-sched.h | 2 -- 2 files changed, 2 insertions(+), 14 deletions(-) commit 4695daefba8df8a11fa0b0edd595eedae9ea59ae Merge: 5a81e6a f9c85ee Author: Linus Torvalds Date: Thu Feb 16 10:22:41 2017 -0800 Merge tag 'media/v4.10-5' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media Pull media fix from Mauro Carvalho Chehab: "A regression fix that makes the Siano driver to work again after the CONFIG_VMAP_STACK change" * tag 'media/v4.10-5' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media: [media] siano: make it work again with CONFIG_VMAP_STACK commit 5a81e6a171cdbd1fa8bc1fdd80c23d3d71816fac Author: Miklos Szeredi Date: Thu Feb 16 17:49:02 2017 +0100 vfs: fix uninitialized flags in splice_to_pipe() Flags (PIPE_BUF_FLAG_PACKET, PIPE_BUF_FLAG_GIFT) could remain on the unused part of the pipe ring buffer. Previously splice_to_pipe() left the flags value alone, which could result in incorrect behavior. Uninitialized flags appears to have been there from the introduction of the splice syscall. Signed-off-by: Miklos Szeredi Cc: # 2.6.17+ Signed-off-by: Linus Torvalds fs/splice.c | 1 + 1 file changed, 1 insertion(+) commit 58f6eaee7bef8faa1259784d72ee2f51bacead4d Merge: aa6fba55 84588a9 Author: Linus Torvalds Date: Thu Feb 16 09:05:34 2017 -0800 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse Pull fuse fixes from Miklos Szeredi: "Fix a use after free bug introduced in 4.2 and using an uninitialized value introduced in 4.9" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse: fuse: fix uninitialized flags in pipe_buffer fuse: fix use after free issue in fuse_dev_do_read() commit aa6fba55cc5fac205768f6c7b94276390ee74052 Merge: 3c7a9f3 afe3e4d1 Author: Linus Torvalds Date: Thu Feb 16 09:03:37 2017 -0800 Merge tag 'pci-v4.10-fixes-4' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci Pull PCI fix from Bjorn Helgaas: "Add back pcie_pme_remove() so we free the IRQ when removing PCIe port devices; previously the leaked IRQ caused an MSI BUG_ON" * tag 'pci-v4.10-fixes-4' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci: PCI/PME: Restore pcie_pme_driver.remove commit 3c7a9f32f9392c9dfce24f33bdc6799852903e27 Merge: 747ae0a bf3f14d Author: Linus Torvalds Date: Thu Feb 16 08:37:18 2017 -0800 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net Pull networking fixes from David Miller: 1) In order to avoid problems in the future, make cgroup bpf overriding explicit using BPF_F_ALLOW_OVERRIDE. From Alexei Staovoitov. 2) LLC sets skb->sk without proper skb->destructor and this explodes, fix from Eric Dumazet. 3) Make sure when we have an ipv4 mapped source address, the destination is either also an ipv4 mapped address or ipv6_addr_any(). Fix from Jonathan T. Leighton. 4) Avoid packet loss in fec driver by programming the multicast filter more intelligently. From Rui Sousa. 5) Handle multiple threads invoking fanout_add(), fix from Eric Dumazet. 6) Since we can invoke the TCP input path in process context, without BH being disabled, we have to accomodate that in the locking of the TCP probe. Also from Eric Dumazet. 7) Fix erroneous emission of NETEVENT_DELAY_PROBE_TIME_UPDATE when we aren't even updating that sysctl value. From Marcus Huewe. 8) Fix endian bugs in ibmvnic driver, from Thomas Falcon. [ This is the second version of the pull that reverts the nested rhashtable changes that looked a bit too scary for this late in the release - Linus ] * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (27 commits) rhashtable: Revert nested table changes. ibmvnic: Fix endian errors in error reporting output ibmvnic: Fix endian error when requesting device capabilities net: neigh: Fix netevent NETEVENT_DELAY_PROBE_TIME_UPDATE notification net: xilinx_emaclite: fix freezes due to unordered I/O net: xilinx_emaclite: fix receive buffer overflow bpf: kernel header files need to be copied into the tools directory tcp: tcp_probe: use spin_lock_bh() uapi: fix linux/if_pppol2tp.h userspace compilation errors packet: fix races in fanout_add() ibmvnic: Fix initial MTU settings net: ethernet: ti: cpsw: fix cpsw assignment in resume kcm: fix a null pointer dereference in kcm_sendmsg() net: fec: fix multicast filtering hardware setup ipv6: Handle IPv4-mapped src to in6addr_any dst. ipv6: Inhibit IPv4-mapped src address on the wire. net/mlx5e: Disable preemption when doing TC statistics upcall rhashtable: Add nested tables tipc: Fix tipc_sk_reinit race conditions gfs2: Use rhashtable walk interface in glock_hash_walk ... commit d74c67dd7800fc7aae381f272875c337f268806c Author: Michel Dänzer Date: Wed Feb 15 11:28:45 2017 +0900 drm/radeon: Use mode h/vdisplay fields to hide out of bounds HW cursor The crtc_h/vdisplay fields may not match the CRTC viewport dimensions with special modes such as interlaced ones. Fixes the HW cursor disappearing in the bottom half of the screen with interlaced modes. Fixes: 6b16cf7785a4 ("drm/radeon: Hide the HW cursor while it's out of bounds") Cc: stable@vger.kernel.org Reported-by: Ashutosh Kumar Tested-by: Sonny Jiang Reviewed-by: Alex Deucher Signed-off-by: Michel Dänzer Signed-off-by: Alex Deucher drivers/gpu/drm/radeon/radeon_cursor.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 9e3440481845b2ec22508f60837ee2cab2b6054f Author: Kees Cook Date: Thu Feb 16 01:44:37 2017 +0100 ARM: 8658/1: uaccess: fix zeroing of 64-bit get_user() The 64-bit get_user() wasn't clearing the high word due to a typo in the error handler. The exception handler entry was already correct, though. Noticed during recent usercopy test additions in lib/test_user_copy.c. Signed-off-by: Kees Cook Cc: stable@vger.kernel.org Signed-off-by: Russell King arch/arm/lib/getuser.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 32b143637e8180f5d5cea54320c769210dea4f19 Author: Kees Cook Date: Thu Feb 16 01:43:58 2017 +0100 ARM: 8657/1: uaccess: consistently check object sizes In commit 76624175dcae ("arm64: uaccess: consistently check object sizes"), the object size checks are moved outside the access_ok() so that bad destinations are detected before hitting the "memset(dest, 0, size)" in the copy_from_user() failure path. This makes the same change for arm, with attention given to possibly extracting the uaccess routines into a common header file for all architectures in the future. Suggested-by: Mark Rutland Signed-off-by: Kees Cook Signed-off-by: Russell King arch/arm/include/asm/uaccess.h | 44 ++++++++++++++++++++++++++++++------------ 1 file changed, 32 insertions(+), 12 deletions(-) commit 5d7f5ce15156af205e175e8fa5c669ba40bf0c5e Author: Jens Axboe Date: Thu Feb 16 07:57:33 2017 -0700 cfq-iosched: don't call wbt_disable_default() with IRQs disabled wbt_disable_default() calls del_timer_sync() to wait for the wbt timer to finish before disabling throttling. We can't do this with IRQs disable. This fixes a lockdep splat on boot, if non-root cgroups are used. Reported-by: Gabriel C Fixes: 87760e5eef35 ("block: hook up writeback throttling") Signed-off-by: Jens Axboe block/cfq-iosched.c | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) commit 84588a93d097bace24b9233930f82511d4f34210 Author: Miklos Szeredi Date: Thu Feb 16 15:08:20 2017 +0100 fuse: fix uninitialized flags in pipe_buffer Signed-off-by: Miklos Szeredi Fixes: d82718e348fe ("fuse_dev_splice_read(): switch to add_to_pipe()") Cc: # 4.9+ fs/fuse/dev.c | 1 + 1 file changed, 1 insertion(+) commit bf3f14d6342cfb37eab8f0cddd0e4d4063fd9fc9 Author: David S. Miller Date: Wed Feb 15 22:29:51 2017 -0500 rhashtable: Revert nested table changes. This reverts commits: 6a25478077d987edc5e2f880590a2bc5fcab4441 9dbbfb0ab6680c6a85609041011484e6658e7d3c 40137906c5f55c252194ef5834130383e639536f It's too risky to put in this late in the release cycle. We'll put these changes into the next merge window instead. Signed-off-by: David S. Miller fs/gfs2/glock.c | 28 ++--- include/linux/rhashtable.h | 78 ++++--------- lib/rhashtable.c | 270 +++++++++------------------------------------ net/tipc/net.c | 4 - net/tipc/socket.c | 30 ++--- 5 files changed, 94 insertions(+), 316 deletions(-) commit b7a26998590c5efb371562fb8a84bc93094009f5 Merge: 7089db8 bb08c04 Author: Dave Airlie Date: Thu Feb 16 13:26:41 2017 +1000 Merge tag 'drm-misc-fixes-2017-02-15' of git://anongit.freedesktop.org/git/drm-misc into drm-fixes dp/mst oops fix for v4.10 * tag 'drm-misc-fixes-2017-02-15' of git://anongit.freedesktop.org/git/drm-misc: drm/dp/mst: fix kernel oops when turning off secondary monitor commit 3f91a89d424a79f8082525db5a375e438887bb3e Author: Paul Mackerras Date: Thu Feb 16 13:49:21 2017 +1100 powerpc/64: Disable use of radix under a hypervisor Currently, if the kernel is running on a POWER9 processor under a hypervisor, it may try to use the radix MMU even though it doesn't have the necessary code to do so (it doesn't negotiate use of radix, and it doesn't do the H_REGISTER_PROC_TBL hcall). If the hypervisor supports both radix and HPT, then it will set up the guest to use HPT (since the guest doesn't request radix in the CAS call), but if the radix feature bit is set in the ibm,pa-features property (which is valid, since ibm,pa-features is defined to represent the capabilities of the processor) the guest will try to use radix, resulting in a crash when it turns the MMU on. This makes the minimal fix for the current code, which is to disable radix unless we are running in hypervisor mode. Fixes: 2bfd65e45e87 ("powerpc/mm/radix: Add radix callbacks for early init routines") Cc: stable@vger.kernel.org # v4.7+ Signed-off-by: Paul Mackerras Signed-off-by: Michael Ellerman arch/powerpc/mm/init_64.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 75224c93fa985f4a6fb983f53208f5c5aa555fbf Author: Thomas Falcon Date: Wed Feb 15 10:33:33 2017 -0600 ibmvnic: Fix endian errors in error reporting output Error reports received from firmware were not being converted from big endian values, leading to bogus error codes reported on little endian systems. Signed-off-by: Thomas Falcon Signed-off-by: David S. Miller drivers/net/ethernet/ibm/ibmvnic.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 28f4d16570dcf440e54a4d72666d5be452f27d0e Author: Thomas Falcon Date: Wed Feb 15 10:32:11 2017 -0600 ibmvnic: Fix endian error when requesting device capabilities When a vNIC client driver requests a faulty device setting, the server returns an acceptable value for the client to request. This 64 bit value was incorrectly being swapped as a 32 bit value, resulting in loss of data. This patch corrects that by using the 64 bit swap function. Signed-off-by: Thomas Falcon Signed-off-by: David S. Miller drivers/net/ethernet/ibm/ibmvnic.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 7627ae6030f56a9a91a5b3867b21f35d79c16e64 Author: Marcus Huewe Date: Wed Feb 15 01:00:36 2017 +0100 net: neigh: Fix netevent NETEVENT_DELAY_PROBE_TIME_UPDATE notification When setting a neigh related sysctl parameter, we always send a NETEVENT_DELAY_PROBE_TIME_UPDATE netevent. For instance, when executing sysctl net.ipv6.neigh.wlp3s0.retrans_time_ms=2000 a NETEVENT_DELAY_PROBE_TIME_UPDATE netevent is generated. This is caused by commit 2a4501ae18b5 ("neigh: Send a notification when DELAY_PROBE_TIME changes"). According to the commit's description, it was intended to generate such an event when setting the "delay_first_probe_time" sysctl parameter. In order to fix this, only generate this event when actually setting the "delay_first_probe_time" sysctl parameter. This fix should not have any unintended side-effects, because all but one registered netevent callbacks check for other netevent event types (the registered callbacks were obtained by grepping for "register_netevent_notifier"). The only callback that uses the NETEVENT_DELAY_PROBE_TIME_UPDATE event is mlxsw_sp_router_netevent_event() (in drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c): in case of this event, it only accesses the DELAY_PROBE_TIME of the passed neigh_parms. Fixes: 2a4501ae18b5 ("neigh: Send a notification when DELAY_PROBE_TIME changes") Signed-off-by: Marcus Huewe Reviewed-by: Ido Schimmel Signed-off-by: David S. Miller net/core/neighbour.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit acf138f1b00bdd1b7cd9894562ed0c2a1670888e Author: Anssi Hannula Date: Tue Feb 14 19:11:45 2017 +0200 net: xilinx_emaclite: fix freezes due to unordered I/O The xilinx_emaclite uses __raw_writel and __raw_readl for register accesses. Those functions do not imply any kind of memory barriers and they may be reordered. The driver does not seem to take that into account, though, and the driver does not satisfy the ordering requirements of the hardware. For clear examples, see xemaclite_mdio_write() and xemaclite_mdio_read() which try to set MDIO address before initiating the transaction. I'm seeing system freezes with the driver with GCC 5.4 and current Linux kernels on Zynq-7000 SoC immediately when trying to use the interface. In commit 123c1407af87 ("net: emaclite: Do not use microblaze and ppc IO functions") the driver was switched from non-generic in_be32/out_be32 (memory barriers, big endian) to __raw_readl/__raw_writel (no memory barriers, native endian), so apparently the device follows system endianness and the driver was originally written with the assumption of memory barriers. Rather than try to hunt for each case of missing barrier, just switch the driver to use iowrite32/ioread32/iowrite32be/ioread32be depending on endianness instead. Tested on little-endian Zynq-7000 ARM SoC FPGA. Signed-off-by: Anssi Hannula Fixes: 123c1407af87 ("net: emaclite: Do not use microblaze and ppc IO functions") Signed-off-by: David S. Miller drivers/net/ethernet/xilinx/xilinx_emaclite.c | 116 ++++++++++++++------------ 1 file changed, 62 insertions(+), 54 deletions(-) commit cd224553641848dd17800fe559e4ff5d208553e8 Author: Anssi Hannula Date: Tue Feb 14 19:11:44 2017 +0200 net: xilinx_emaclite: fix receive buffer overflow xilinx_emaclite looks at the received data to try to determine the Ethernet packet length but does not properly clamp it if proto_type == ETH_P_IP or 1500 < proto_type <= 1518, causing a buffer overflow and a panic via skb_panic() as the length exceeds the allocated skb size. Fix those cases. Also add an additional unconditional check with WARN_ON() at the end. Signed-off-by: Anssi Hannula Fixes: bb81b2ddfa19 ("net: add Xilinx emac lite device driver") Signed-off-by: David S. Miller drivers/net/ethernet/xilinx/xilinx_emaclite.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) commit afe3e4d11bdf50a4c3965eb6465ba6bebbcf5dcf Author: Yinghai Lu Date: Tue Feb 14 21:17:48 2017 -0800 PCI/PME: Restore pcie_pme_driver.remove In addition to making PME non-modular, d7def2040077 ("PCI/PME: Make explicitly non-modular") removed the pcie_pme_driver .remove() method, pcie_pme_remove(). pcie_pme_remove() freed the PME IRQ that was requested in pci_pme_probe(). The fact that we don't free the IRQ after d7def2040077 causes the following crash when removing a PCIe port device via /sys: ------------[ cut here ]------------ kernel BUG at drivers/pci/msi.c:370! invalid opcode: 0000 [#1] SMP Modules linked in: CPU: 1 PID: 14509 Comm: sh Tainted: G W 4.8.0-rc1-yh-00012-gd29438d RIP: 0010:[] free_msi_irqs+0x65/0x190 ... Call Trace: [] pci_disable_msi+0x34/0x40 [] cleanup_service_irqs+0x27/0x30 [] pcie_port_device_remove+0x2a/0x40 [] pcie_portdrv_remove+0x40/0x50 [] pci_device_remove+0x4b/0xc0 [] __device_release_driver+0xb6/0x150 [] device_release_driver+0x25/0x40 [] pci_stop_bus_device+0x74/0xa0 [] pci_stop_and_remove_bus_device_locked+0x1a/0x30 [] remove_store+0x50/0x70 [] dev_attr_store+0x18/0x30 [] sysfs_kf_write+0x44/0x60 [] kernfs_fop_write+0x10e/0x190 [] __vfs_write+0x28/0x110 [] ? percpu_down_read+0x44/0x80 [] ? __sb_start_write+0xa7/0xe0 [] ? __sb_start_write+0xa7/0xe0 [] vfs_write+0xc4/0x180 [] SyS_write+0x49/0xa0 [] do_syscall_64+0xa6/0x1b0 [] entry_SYSCALL64_slow_path+0x25/0x25 ... RIP [] free_msi_irqs+0x65/0x190 RSP ---[ end trace f4505e1dac5b95d3 ]--- Segmentation fault Restore pcie_pme_remove(). [bhelgaas: changelog] Fixes: d7def2040077 ("PCI/PME: Make explicitly non-modular") Signed-off-by: Yinghai Lu Signed-off-by: Bjorn Helgaas Acked-by: Rafael J. Wysocki CC: stable@vger.kernel.org # v4.9+ drivers/pci/pcie/pme.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) commit f222449c9dfad7c9bb8cb53e64c5c407b172ebbc Author: Sergey Senozhatsky Date: Wed Feb 15 13:43:32 2017 +0900 timekeeping: Use deferred printk() in debug code We cannot do printk() from tk_debug_account_sleep_time(), because tk_debug_account_sleep_time() is called under tk_core seq lock. The reason why printk() is unsafe there is that console_sem may invoke scheduler (up()->wake_up_process()->activate_task()), which, in turn, can return back to timekeeping code, for instance, via get_time()->ktime_get(), deadlocking the system on tk_core seq lock. [ 48.950592] ====================================================== [ 48.950622] [ INFO: possible circular locking dependency detected ] [ 48.950622] 4.10.0-rc7-next-20170213+ #101 Not tainted [ 48.950622] ------------------------------------------------------- [ 48.950622] kworker/0:0/3 is trying to acquire lock: [ 48.950653] (tk_core){----..}, at: [] retrigger_next_event+0x4c/0x90 [ 48.950683] but task is already holding lock: [ 48.950683] (hrtimer_bases.lock){-.-...}, at: [] retrigger_next_event+0x38/0x90 [ 48.950714] which lock already depends on the new lock. [ 48.950714] the existing dependency chain (in reverse order) is: [ 48.950714] -> #5 (hrtimer_bases.lock){-.-...}: [ 48.950744] _raw_spin_lock_irqsave+0x50/0x64 [ 48.950775] lock_hrtimer_base+0x28/0x58 [ 48.950775] hrtimer_start_range_ns+0x20/0x5c8 [ 48.950775] __enqueue_rt_entity+0x320/0x360 [ 48.950805] enqueue_rt_entity+0x2c/0x44 [ 48.950805] enqueue_task_rt+0x24/0x94 [ 48.950836] ttwu_do_activate+0x54/0xc0 [ 48.950836] try_to_wake_up+0x248/0x5c8 [ 48.950836] __setup_irq+0x420/0x5f0 [ 48.950836] request_threaded_irq+0xdc/0x184 [ 48.950866] devm_request_threaded_irq+0x58/0xa4 [ 48.950866] omap_i2c_probe+0x530/0x6a0 [ 48.950897] platform_drv_probe+0x50/0xb0 [ 48.950897] driver_probe_device+0x1f8/0x2cc [ 48.950897] __driver_attach+0xc0/0xc4 [ 48.950927] bus_for_each_dev+0x6c/0xa0 [ 48.950927] bus_add_driver+0x100/0x210 [ 48.950927] driver_register+0x78/0xf4 [ 48.950958] do_one_initcall+0x3c/0x16c [ 48.950958] kernel_init_freeable+0x20c/0x2d8 [ 48.950958] kernel_init+0x8/0x110 [ 48.950988] ret_from_fork+0x14/0x24 [ 48.950988] -> #4 (&rt_b->rt_runtime_lock){-.-...}: [ 48.951019] _raw_spin_lock+0x40/0x50 [ 48.951019] rq_offline_rt+0x9c/0x2bc [ 48.951019] set_rq_offline.part.2+0x2c/0x58 [ 48.951049] rq_attach_root+0x134/0x144 [ 48.951049] cpu_attach_domain+0x18c/0x6f4 [ 48.951049] build_sched_domains+0xba4/0xd80 [ 48.951080] sched_init_smp+0x68/0x10c [ 48.951080] kernel_init_freeable+0x160/0x2d8 [ 48.951080] kernel_init+0x8/0x110 [ 48.951080] ret_from_fork+0x14/0x24 [ 48.951110] -> #3 (&rq->lock){-.-.-.}: [ 48.951110] _raw_spin_lock+0x40/0x50 [ 48.951141] task_fork_fair+0x30/0x124 [ 48.951141] sched_fork+0x194/0x2e0 [ 48.951141] copy_process.part.5+0x448/0x1a20 [ 48.951171] _do_fork+0x98/0x7e8 [ 48.951171] kernel_thread+0x2c/0x34 [ 48.951171] rest_init+0x1c/0x18c [ 48.951202] start_kernel+0x35c/0x3d4 [ 48.951202] 0x8000807c [ 48.951202] -> #2 (&p->pi_lock){-.-.-.}: [ 48.951232] _raw_spin_lock_irqsave+0x50/0x64 [ 48.951232] try_to_wake_up+0x30/0x5c8 [ 48.951232] up+0x4c/0x60 [ 48.951263] __up_console_sem+0x2c/0x58 [ 48.951263] console_unlock+0x3b4/0x650 [ 48.951263] vprintk_emit+0x270/0x474 [ 48.951293] vprintk_default+0x20/0x28 [ 48.951293] printk+0x20/0x30 [ 48.951324] kauditd_hold_skb+0x94/0xb8 [ 48.951324] kauditd_thread+0x1a4/0x56c [ 48.951324] kthread+0x104/0x148 [ 48.951354] ret_from_fork+0x14/0x24 [ 48.951354] -> #1 ((console_sem).lock){-.....}: [ 48.951385] _raw_spin_lock_irqsave+0x50/0x64 [ 48.951385] down_trylock+0xc/0x2c [ 48.951385] __down_trylock_console_sem+0x24/0x80 [ 48.951385] console_trylock+0x10/0x8c [ 48.951416] vprintk_emit+0x264/0x474 [ 48.951416] vprintk_default+0x20/0x28 [ 48.951416] printk+0x20/0x30 [ 48.951446] tk_debug_account_sleep_time+0x5c/0x70 [ 48.951446] __timekeeping_inject_sleeptime.constprop.3+0x170/0x1a0 [ 48.951446] timekeeping_resume+0x218/0x23c [ 48.951477] syscore_resume+0x94/0x42c [ 48.951477] suspend_enter+0x554/0x9b4 [ 48.951477] suspend_devices_and_enter+0xd8/0x4b4 [ 48.951507] enter_state+0x934/0xbd4 [ 48.951507] pm_suspend+0x14/0x70 [ 48.951507] state_store+0x68/0xc8 [ 48.951538] kernfs_fop_write+0xf4/0x1f8 [ 48.951538] __vfs_write+0x1c/0x114 [ 48.951538] vfs_write+0xa0/0x168 [ 48.951568] SyS_write+0x3c/0x90 [ 48.951568] __sys_trace_return+0x0/0x10 [ 48.951568] -> #0 (tk_core){----..}: [ 48.951599] lock_acquire+0xe0/0x294 [ 48.951599] ktime_get_update_offsets_now+0x5c/0x1d4 [ 48.951629] retrigger_next_event+0x4c/0x90 [ 48.951629] on_each_cpu+0x40/0x7c [ 48.951629] clock_was_set_work+0x14/0x20 [ 48.951660] process_one_work+0x2b4/0x808 [ 48.951660] worker_thread+0x3c/0x550 [ 48.951660] kthread+0x104/0x148 [ 48.951690] ret_from_fork+0x14/0x24 [ 48.951690] other info that might help us debug this: [ 48.951690] Chain exists of: tk_core --> &rt_b->rt_runtime_lock --> hrtimer_bases.lock [ 48.951721] Possible unsafe locking scenario: [ 48.951721] CPU0 CPU1 [ 48.951721] ---- ---- [ 48.951721] lock(hrtimer_bases.lock); [ 48.951751] lock(&rt_b->rt_runtime_lock); [ 48.951751] lock(hrtimer_bases.lock); [ 48.951751] lock(tk_core); [ 48.951782] *** DEADLOCK *** [ 48.951782] 3 locks held by kworker/0:0/3: [ 48.951782] #0: ("events"){.+.+.+}, at: [] process_one_work+0x1f8/0x808 [ 48.951812] #1: (hrtimer_work){+.+...}, at: [] process_one_work+0x1f8/0x808 [ 48.951843] #2: (hrtimer_bases.lock){-.-...}, at: [] retrigger_next_event+0x38/0x90 [ 48.951843] stack backtrace: [ 48.951873] CPU: 0 PID: 3 Comm: kworker/0:0 Not tainted 4.10.0-rc7-next-20170213+ [ 48.951904] Workqueue: events clock_was_set_work [ 48.951904] [] (unwind_backtrace) from [] (show_stack+0x10/0x14) [ 48.951934] [] (show_stack) from [] (dump_stack+0xac/0xe0) [ 48.951934] [] (dump_stack) from [] (print_circular_bug+0x1d0/0x308) [ 48.951965] [] (print_circular_bug) from [] (validate_chain+0xf50/0x1324) [ 48.951965] [] (validate_chain) from [] (__lock_acquire+0x468/0x7e8) [ 48.951995] [] (__lock_acquire) from [] (lock_acquire+0xe0/0x294) [ 48.951995] [] (lock_acquire) from [] (ktime_get_update_offsets_now+0x5c/0x1d4) [ 48.952026] [] (ktime_get_update_offsets_now) from [] (retrigger_next_event+0x4c/0x90) [ 48.952026] [] (retrigger_next_event) from [] (on_each_cpu+0x40/0x7c) [ 48.952056] [] (on_each_cpu) from [] (clock_was_set_work+0x14/0x20) [ 48.952056] [] (clock_was_set_work) from [] (process_one_work+0x2b4/0x808) [ 48.952087] [] (process_one_work) from [] (worker_thread+0x3c/0x550) [ 48.952087] [] (worker_thread) from [] (kthread+0x104/0x148) [ 48.952087] [] (kthread) from [] (ret_from_fork+0x14/0x24) Replace printk() with printk_deferred(), which does not call into the scheduler. Fixes: 0bf43f15db85 ("timekeeping: Prints the amounts of time spent during suspend") Reported-and-tested-by: Tony Lindgren Signed-off-by: Sergey Senozhatsky Cc: Petr Mladek Cc: Sergey Senozhatsky Cc: Peter Zijlstra Cc: "Rafael J . Wysocki" Cc: Steven Rostedt Cc: John Stultz Cc: "[4.9+]" Link: http://lkml.kernel.org/r/20170215044332.30449-1-sergey.senozhatsky@gmail.com Signed-off-by: Thomas Gleixner kernel/time/timekeeping_debug.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit bb08c04dc867b5f392caec635c097d5d5fcd8c9f Author: Pierre-Louis Bossart Date: Tue Feb 14 14:49:21 2017 +0200 drm/dp/mst: fix kernel oops when turning off secondary monitor 100% reproducible issue found on SKL SkullCanyon NUC with two external DP daisy-chained monitors in DP/MST mode. When turning off or changing the input of the second monitor the machine stops with a kernel oops. This issue happened with 4.8.8 as well as drm/drm-intel-nightly. This issue is traced to an inconsistent control flow in drm_dp_update_payload_part1(): the 'port' pointer is set to NULL at the same time as 'req_payload.num_slots' is set to zero, but the pointer is dereferenced even when req_payload.num_slot is zero. The problematic dereference was introduced in commit dfda0df34 ("drm/mst: rework payload table allocation to conform better") and may impact all versions since v3.18 The fix suggested by Chris Wilson removes the kernel oops and was found to work well after 10mn of monkey-testing with the second monitor power and input buttons Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=98990 Fixes: dfda0df34264 ("drm/mst: rework payload table allocation to conform better.") Cc: Dave Airlie Cc: Chris Wilson Cc: Nathan D Ciobanu Cc: Dhinakaran Pandiyan Cc: Sean Paul Cc: # v3.18+ Tested-by: Nathan D Ciobanu Reviewed-by: Dhinakaran Pandiyan Signed-off-by: Pierre-Louis Bossart Signed-off-by: Jani Nikula Link: http://patchwork.freedesktop.org/patch/msgid/1487076561-2169-1-git-send-email-jani.nikula@intel.com drivers/gpu/drm/drm_dp_mst_topology.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 6ba4d2722d06960102c981322035239cd66f7316 Author: Sahitya Tummala Date: Wed Feb 8 20:30:56 2017 +0530 fuse: fix use after free issue in fuse_dev_do_read() There is a potential race between fuse_dev_do_write() and request_wait_answer() contexts as shown below: TASK 1: __fuse_request_send(): |--spin_lock(&fiq->waitq.lock); |--queue_request(); |--spin_unlock(&fiq->waitq.lock); |--request_wait_answer(): |--if (test_bit(FR_SENT, &req->flags)) TASK 2: fuse_dev_do_write(): |--clears bit FR_SENT, |--request_end(): |--sets bit FR_FINISHED |--spin_lock(&fiq->waitq.lock); |--list_del_init(&req->intr_entry); |--spin_unlock(&fiq->waitq.lock); |--fuse_put_request(); |--queue_interrupt(); |--wake_up_locked(&fiq->waitq); |--wait_event_freezable(); Now, the next fuse_dev_do_read(), see interrupts list is not empty and then calls fuse_read_interrupt() which tries to access the request which is already free'd and gets the below crash: [11432.401266] Unable to handle kernel paging request at virtual address 6b6b6b6b6b6b6b6b ... [11432.418518] Kernel BUG at ffffff80083720e0 [11432.456168] PC is at __list_del_entry+0x6c/0xc4 [11432.463573] LR is at fuse_dev_do_read+0x1ac/0x474 ... [11432.679999] [] __list_del_entry+0x6c/0xc4 [11432.687794] [] fuse_dev_do_read+0x1ac/0x474 [11432.693180] [] fuse_dev_read+0x6c/0x78 [11432.699082] [] __vfs_read+0xc0/0xe8 [11432.704459] [] vfs_read+0x90/0x108 [11432.709406] [] SyS_read+0x58/0x94 As FR_FINISHED bit is set before deleting the intr_entry with input queue lock in request completion path, do the testing of this flag and queueing atomically with the same lock in queue_interrupt(). Signed-off-by: Sahitya Tummala Signed-off-by: Miklos Szeredi Fixes: fd22d62ed0c3 ("fuse: no fc->lock for iqueue parts") Cc: # 4.2+ fs/fuse/dev.c | 4 ++++ 1 file changed, 4 insertions(+) commit 5463b3d043826ff8ef487edbd1ef1bfffb677437 Author: Stephen Rothwell Date: Tue Feb 14 08:22:20 2017 +1100 bpf: kernel header files need to be copied into the tools directory Signed-off-by: Stephen Rothwell Acked-by: Alexei Starovoitov Signed-off-by: David S. Miller tools/include/uapi/linux/bpf.h | 7 +++++++ 1 file changed, 7 insertions(+) commit e70ac171658679ecf6bea4bbd9e9325cd6079d2b Author: Eric Dumazet Date: Tue Feb 14 17:11:14 2017 -0800 tcp: tcp_probe: use spin_lock_bh() tcp_rcv_established() can now run in process context. We need to disable BH while acquiring tcp probe spinlock, or risk a deadlock. Fixes: 5413d1babe8f ("net: do not block BH while processing socket backlog") Signed-off-by: Eric Dumazet Reported-by: Ricardo Nabinger Sanchez Signed-off-by: David S. Miller net/ipv4/tcp_probe.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit a725eb15db80643a160310ed6bcfd6c5a6c907f2 Author: Dmitry V. Levin Date: Wed Feb 15 05:23:26 2017 +0300 uapi: fix linux/if_pppol2tp.h userspace compilation errors Because of interface limitations, provided by libc cannot be included after , therefore any header that includes cannot be included after . Change uapi/linux/l2tp.h, the last uapi header that includes , to include and instead of and use __SOCK_SIZE__ instead of sizeof(struct sockaddr) the same way as uapi/linux/in.h does, to fix linux/if_pppol2tp.h userspace compilation errors like this: In file included from /usr/include/linux/l2tp.h:12:0, from /usr/include/linux/if_pppol2tp.h:21, /usr/include/netinet/in.h:31:8: error: redefinition of 'struct in_addr' Fixes: 47c3e7783be4 ("net: l2tp: deprecate PPPOL2TP_MSG_* in favour of L2TP_MSG_*") Signed-off-by: Dmitry V. Levin Signed-off-by: David S. Miller include/uapi/linux/l2tp.h | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) commit 12688dc21f71f4dcc9e2b8b5556b0c6cc8df1491 Author: Jarkko Nikula Date: Mon Feb 13 11:18:19 2017 +0200 Revert "i2c: designware: detect when dynamic tar update is possible" This reverts commit 63d0f0a6952a1a02bc4f116b7da7c7887e46efa3. It caused a regression on platforms where I2C controller is synthesized with dynamic TAR update disabled. Detection code is testing is bit DW_IC_CON_10BITADDR_MASTER in register DW_IC_CON read-only but fails to restore original value in case bit is read-write. Instead of fixing this we revert the commit since it was preparation for the commit 0317e6c0f1dc ("i2c: designware: do not disable adapter after transfer") which was also reverted. Reported-by: Shah Nehal-Bakulchandra Reported-by: Suravee Suthikulpanit Acked-By: Lucas De Marchi Cc: # v4.9+ Fixes: 63d0f0a6952a ("i2c: designware: detect when dynamic tar update is possible") Signed-off-by: Jarkko Nikula Signed-off-by: Wolfram Sang drivers/i2c/busses/i2c-designware-core.c | 45 ++++++++------------------------ drivers/i2c/busses/i2c-designware-core.h | 1 - 2 files changed, 11 insertions(+), 35 deletions(-) commit f9c85ee67164b37f9296eab3b754e543e4e96a1c Author: Mauro Carvalho Chehab Date: Tue Feb 14 17:47:57 2017 -0200 [media] siano: make it work again with CONFIG_VMAP_STACK Reported as a Kaffeine bug: https://bugs.kde.org/show_bug.cgi?id=375811 The USB control messages require DMA to work. We cannot pass a stack-allocated buffer, as it is not warranted that the stack would be into a DMA enabled area. On Kernel 4.9, the default is to not accept DMA on stack anymore on x86 architecture. On other architectures, this has been a requirement since Kernel 2.2. So, after this patch, this driver should likely work fine on all archs. Tested with USB ID 2040:5510: Hauppauge Windham Cc: stable@vger.kernel.org Signed-off-by: Mauro Carvalho Chehab drivers/media/usb/siano/smsusb.c | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) commit d199fab63c11998a602205f7ee7ff7c05c97164b Author: Eric Dumazet Date: Tue Feb 14 09:03:51 2017 -0800 packet: fix races in fanout_add() Multiple threads can call fanout_add() at the same time. We need to grab fanout_mutex earlier to avoid races that could lead to one thread freeing po->rollover that was set by another thread. Do the same in fanout_release(), for peace of mind, and to help us finding lockdep issues earlier. Fixes: dc99f600698d ("packet: Add fanout support.") Fixes: 0648ab70afe6 ("packet: rollover prepare: per-socket state") Signed-off-by: Eric Dumazet Cc: Willem de Bruijn Signed-off-by: David S. Miller net/packet/af_packet.c | 55 +++++++++++++++++++++++++++----------------------- 1 file changed, 30 insertions(+), 25 deletions(-) commit f39f0d1e1e93145a0e91d9a7a639c42fd037ecc3 Author: Thomas Falcon Date: Tue Feb 14 10:22:59 2017 -0600 ibmvnic: Fix initial MTU settings In the current driver, the MTU is set to the maximum value capable for the backing device. This decision turned out to be a mistake as it led to confusion among users. The expected initial MTU value used for other IBM vNIC capable operating systems is 1500, with the maximum value (9000) reserved for when Jumbo frames are enabled. This patch sets the MTU to the default value for a net device. It also corrects a discrepancy between MTU values received from firmware, which includes the ethernet header length, and net device MTU values. Finally, it removes redundant min/max MTU assignments after device initialization. Signed-off-by: Thomas Falcon Signed-off-by: David S. Miller drivers/net/ethernet/ibm/ibmvnic.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) commit a60ced990e309666915d21445e95347d12406694 Author: Ivan Khoronzhuk Date: Tue Feb 14 14:42:15 2017 +0200 net: ethernet: ti: cpsw: fix cpsw assignment in resume There is a copy-paste error, which hides breaking of resume for CPSW driver: there was replaced netdev_priv() to ndev_to_cpsw(ndev) in suspend, but left it unchanged in resume. Fixes: 606f39939595a4d4540406bfc11f265b2036af6d (ti: cpsw: move platform data and slaves info to cpsw_common) Reported-by: Alexey Starikovskiy Signed-off-by: Ivan Khoronzhuk Signed-off-by: David S. Miller drivers/net/ethernet/ti/cpsw.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit cd27b96bc13841ee7af25837a6ae86fee87273d6 Author: WANG Cong Date: Mon Feb 13 11:13:16 2017 -0800 kcm: fix a null pointer dereference in kcm_sendmsg() In commit 98e3862ca2b1 ("kcm: fix 0-length case for kcm_sendmsg()") I tried to avoid skb allocation for 0-length case, but missed a check for NULL pointer in the non EOR case. Fixes: 98e3862ca2b1 ("kcm: fix 0-length case for kcm_sendmsg()") Reported-by: Dmitry Vyukov Cc: Tom Herbert Signed-off-by: Cong Wang Acked-by: Tom Herbert Signed-off-by: David S. Miller net/kcm/kcmsock.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit 01f8902bcf3ff124d0aeb88a774180ebcec20ace Author: Rui Sousa Date: Mon Feb 13 10:01:25 2017 +0800 net: fec: fix multicast filtering hardware setup Fix hardware setup of multicast address hash: - Never clear the hardware hash (to avoid packet loss) - Construct the hash register values in software and then write once to hardware Signed-off-by: Rui Sousa Signed-off-by: Fugang Duan Signed-off-by: David S. Miller drivers/net/ethernet/freescale/fec_main.c | 23 +++++++++-------------- 1 file changed, 9 insertions(+), 14 deletions(-) commit 144adc655fac089d485ee66354d402b319cff6d2 Merge: fed06ee 052d236 Author: David S. Miller Date: Tue Feb 14 12:13:52 2017 -0500 Merge branch 'ipv6-v4mapped' Jonathan T. Leighton says: ==================== IPv4-mapped on wire, :: dst address issue Under some circumstances IPv6 datagrams are sent with IPv4-mapped IPv6 addresses as the source. Given an IPv6 socket bound to an IPv4-mapped IPv6 address, and an IPv6 destination address, both TCP and UDP will will send packets using the IPv4-mapped IPv6 address as the source. Per RFC 6890 (Table 20), IPv4-mapped IPv6 source addresses are not allowed in an IP datagram. The problem can be observed by attempting to connect() either a TCP or UDP socket, or by using sendmsg() with a UDP socket. The patch is intended to correct this issue for all socket types. linux follows the BSD convention that an IPv6 destination address specified as in6addr_any is converted to the loopback address. Currently, neither TCP nor UDP consider the possibility that the source address is an IPv4-mapped IPv6 address, and assume that the appropriate loopback address is ::1. The patch adds a check on whether or not the source address is an IPv4-mapped IPv6 address and then sets the destination address to either ::ffff:127.0.0.1 or ::1, as appropriate. ==================== Signed-off-by: David S. Miller commit 052d2369d1b479cdbbe020fdd6d057d3c342db74 Author: Jonathan T. Leighton Date: Sun Feb 12 17:26:07 2017 -0500 ipv6: Handle IPv4-mapped src to in6addr_any dst. This patch adds a check on the type of the source address for the case where the destination address is in6addr_any. If the source is an IPv4-mapped IPv6 source address, the destination is changed to ::ffff:127.0.0.1, and otherwise the destination is changed to ::1. This is done in three locations to handle UDP calls to either connect() or sendmsg() and TCP calls to connect(). Note that udpv6_sendmsg() delays handling an in6addr_any destination until very late, so the patch only needs to handle the case where the source is an IPv4-mapped IPv6 address. Signed-off-by: Jonathan T. Leighton Signed-off-by: David S. Miller net/ipv6/datagram.c | 14 +++++++++----- net/ipv6/tcp_ipv6.c | 11 ++++++++--- net/ipv6/udp.c | 4 ++++ 3 files changed, 21 insertions(+), 8 deletions(-) commit ec5e3b0a1d41fbda0cc33a45bc9e54e91d9d12c7 Author: Jonathan T. Leighton Date: Sun Feb 12 17:26:06 2017 -0500 ipv6: Inhibit IPv4-mapped src address on the wire. This patch adds a check for the problematic case of an IPv4-mapped IPv6 source address and a destination address that is neither an IPv4-mapped IPv6 address nor in6addr_any, and returns an appropriate error. The check in done before returning from looking up the route. Signed-off-by: Jonathan T. Leighton Signed-off-by: David S. Miller net/ipv6/ip6_output.c | 3 +++ 1 file changed, 3 insertions(+) commit fed06ee89b78d3af32e235e0e89ad0d946fcb95d Author: Or Gerlitz Date: Sun Feb 12 11:21:31 2017 +0200 net/mlx5e: Disable preemption when doing TC statistics upcall When called by HW offloading drivers, the TC action (e.g net/sched/act_mirred.c) code uses this_cpu logic, e.g _bstats_cpu_update(this_cpu_ptr(a->cpu_bstats), bytes, packets) per the kernel documention, preemption should be disabled, add that. Before the fix, when running with CONFIG_PREEMPT set, we get a BUG: using smp_processor_id() in preemptible [00000000] code: tc/3793 asserion from the TC action (mirred) stats_update callback. Fixes: aad7e08d39bd ('net/mlx5e: Hardware offloaded flower filter statistics support') Signed-off-by: Or Gerlitz Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 4 ++++ 1 file changed, 4 insertions(+) commit 747ae0a96f1a78b35c5a3d93ad37a16655e16340 Merge: 7089db8 42980da Author: Linus Torvalds Date: Tue Feb 14 06:29:21 2017 -0800 Merge tag 'media/v4.10-4' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media Pull media fixes from Mauro Carvalho Chehab: "A colorspace regression fix in V4L2 core and a CEC core bug that makes it discard valid messages" * tag 'media/v4.10-4' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media: [media] cec: initiator should be the same as the destination for, poll [media] videodev2.h: go back to limited range Y'CbCr for SRGB and, ADOBERGB commit 3d4ef329757cfd5e0b23cce97cdeca7e2df89c99 Author: Anssi Hannula Date: Mon Feb 13 13:46:41 2017 +0200 mmc: core: fix multi-bit bus width without high-speed mode Commit 577fb13199b1 ("mmc: rework selection of bus speed mode") refactored bus width selection code to mmc_select_bus_width(). However, it also altered the behavior to not call the selection code in non-high-speed modes anymore. This causes 1-bit mode to always be used when the high-speed mode is not enabled, even though 4-bit and 8-bit bus are valid bus widths in the backwards-compatibility (legacy) mode as well (see e.g. 5.3.2 Bus Speed Modes in JEDEC 84-B50). This results in a significant regression in transfer speeds. Fix the code to allow 4-bit and 8-bit widths even without high-speed mode, as before. Tested with a Zynq-7000 PicoZed 7020 board. Fixes: 577fb13199b1 ("mmc: rework selection of bus speed mode") Signed-off-by: Anssi Hannula Cc: Signed-off-by: Ulf Hansson drivers/mmc/core/mmc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 0c8ef291d976221319f70753c62e18b48d892590 Merge: 4872e57 4013790 Author: David S. Miller Date: Mon Feb 13 22:17:06 2017 -0500 Merge branch 'rhashtable-allocation-failure-during-insertion' Herbert Xu says: ==================== rhashtable: Handle table allocation failure during insertion v2 - Added Ack to patch 2. Fixed RCU annotation in code path executed by rehasher by using rht_dereference_bucket. v1 - This series tackles the problem of table allocation failures during insertion. The issue is that we cannot vmalloc during insertion. This series deals with this by introducing nested tables. The first two patches removes manual hash table walks which cannot work on a nested table. The final patch introduces nested tables. I've tested this with test_rhashtable and it appears to work. ==================== Signed-off-by: David S. Miller commit 40137906c5f55c252194ef5834130383e639536f Author: Herbert Xu Date: Sat Feb 11 19:26:47 2017 +0800 rhashtable: Add nested tables This patch adds code that handles GFP_ATOMIC kmalloc failure on insertion. As we cannot use vmalloc, we solve it by making our hash table nested. That is, we allocate single pages at each level and reach our desired table size by nesting them. When a nested table is created, only a single page is allocated at the top-level. Lower levels are allocated on demand during insertion. Therefore for each insertion to succeed, only two (non-consecutive) pages are needed. After a nested table is created, a rehash will be scheduled in order to switch to a vmalloced table as soon as possible. Also, the rehash code will never rehash into a nested table. If we detect a nested table during a rehash, the rehash will be aborted and a new rehash will be scheduled. Signed-off-by: Herbert Xu Signed-off-by: David S. Miller include/linux/rhashtable.h | 78 +++++++++---- lib/rhashtable.c | 270 ++++++++++++++++++++++++++++++++++++--------- 2 files changed, 276 insertions(+), 72 deletions(-) commit 9dbbfb0ab6680c6a85609041011484e6658e7d3c Author: Herbert Xu Date: Sat Feb 11 19:26:46 2017 +0800 tipc: Fix tipc_sk_reinit race conditions There are two problems with the function tipc_sk_reinit. Firstly it's doing a manual walk over an rhashtable. This is broken as an rhashtable can be resized and if you manually walk over it during a resize then you may miss entries. Secondly it's missing memory barriers as previously the code used spinlocks which provide the barriers implicitly. This patch fixes both problems. Fixes: 07f6c4bc048a ("tipc: convert tipc reference table to...") Signed-off-by: Herbert Xu Acked-by: Ying Xue Signed-off-by: David S. Miller net/tipc/net.c | 4 ++++ net/tipc/socket.c | 30 +++++++++++++++++++----------- 2 files changed, 23 insertions(+), 11 deletions(-) commit 6a25478077d987edc5e2f880590a2bc5fcab4441 Author: Herbert Xu Date: Sat Feb 11 19:26:45 2017 +0800 gfs2: Use rhashtable walk interface in glock_hash_walk The function glock_hash_walk walks the rhashtable by hand. This is broken because if it catches the hash table in the middle of a rehash, then it will miss entries. This patch replaces the manual walk by using the rhashtable walk interface. Fixes: 88ffbf3e037e ("GFS2: Use resizable hash table for glocks") Signed-off-by: Herbert Xu Signed-off-by: David S. Miller fs/gfs2/glock.c | 28 +++++++++++++++++----------- 1 file changed, 17 insertions(+), 11 deletions(-) commit 4872e57c812dd312bf8193b5933fa60585cda42f Author: Ralf Baechle Date: Sat Feb 11 00:38:57 2017 +0100 NET: Fix /proc/net/arp for AX.25 When sending ARP requests over AX.25 links the hwaddress in the neighbour cache are not getting initialized. For such an incomplete arp entry ax2asc2 will generate an empty string resulting in /proc/net/arp output like the following: $ cat /proc/net/arp IP address HW type Flags HW address Mask Device 192.168.122.1 0x1 0x2 52:54:00:00:5d:5f * ens3 172.20.1.99 0x3 0x0 * bpq0 The missing field will confuse the procfs parsing of arp(8) resulting in incorrect output for the device such as the following: $ arp Address HWtype HWaddress Flags Mask Iface gateway ether 52:54:00:00:5d:5f C ens3 172.20.1.99 (incomplete) ens3 This changes the content of /proc/net/arp to: $ cat /proc/net/arp IP address HW type Flags HW address Mask Device 172.20.1.99 0x3 0x0 * * bpq0 192.168.122.1 0x1 0x2 52:54:00:00:5d:5f * ens3 To do so it change ax2asc to put the string "*" in buf for a NULL address argument. Finally the HW address field is left aligned in a 17 character field (the length of an ethernet HW address in the usual hex notation) for readability. Signed-off-by: Ralf Baechle Signed-off-by: David S. Miller net/ipv4/arp.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) commit ebf692f85ff78092cd238166d8d7ec51419f9c02 Author: Mart van Santen Date: Fri Feb 10 12:02:18 2017 +0000 xen-netback: vif counters from int/long to u64 This patch fixes an issue where the type of counters in the queue(s) and interface are not in sync (queue counters are int, interface counters are long), causing incorrect reporting of tx/rx values of the vif interface and unclear counter overflows. This patch sets both counters to the u64 type. Signed-off-by: Mart van Santen Reviewed-by: Paul Durrant Signed-off-by: David S. Miller drivers/net/xen-netback/common.h | 8 ++++---- drivers/net/xen-netback/interface.c | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) commit 3ba5b5ea7dc3a10ef50819b43a9f8de2705f4eec Author: Kirill A. Shutemov Date: Mon Feb 13 15:52:28 2017 +0300 x86/vm86: Fix unused variable warning if THP is disabled GCC complains about unused variable 'vma' in mark_screen_rdonly() if THP is disabled: arch/x86/kernel/vm86_32.c: In function ‘mark_screen_rdonly’: arch/x86/kernel/vm86_32.c:180:26: warning: unused variable ‘vma’ [-Wunused-variable] struct vm_area_struct *vma = find_vma(mm, 0xA0000); That's silly. pmd_trans_huge() resolves to 0 when THP is disabled, so the whole block should be eliminated. Moving the variable declaration outside the if() block shuts GCC up. Reported-by: Jérémy Lefaure Signed-off-by: Kirill A. Shutemov Tested-by: Borislav Petkov Cc: Carlos O'Donell Link: http://lkml.kernel.org/r/20170213125228.63645-1-kirill.shutemov@linux.intel.com Signed-off-by: Thomas Gleixner arch/x86/kernel/vm86_32.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 0c59d28121b96d826c188280f367e754b5d83350 Author: Arnaldo Carvalho de Melo Date: Mon Feb 13 14:15:44 2017 -0300 MAINTAINERS: Remove old e-mail address The ghostprotocols.net domain is not working, remove it from CREDITS and MAINTAINERS, and change the status to "Odd fixes", and since I haven't been maintaining those, remove my address from there. Signed-off-by: Arnaldo Carvalho de Melo Signed-off-by: David S. Miller CREDITS | 5 ++--- MAINTAINERS | 15 ++++++--------- 2 files changed, 8 insertions(+), 12 deletions(-) commit 42980da2eb7eb9695d8efc0c0ef145cbbb993b2c Author: Hans Verkuil Date: Sat Feb 11 09:24:46 2017 -0200 [media] cec: initiator should be the same as the destination for, poll Poll messages that are used to allocate a logical address should use the same initiator as the destination. Instead, it expected that the initiator was 0xf which is not according to the standard. This also had consequences for the message checks in cec_transmit_msg_fh that incorrectly rejected poll messages with the same initiator and destination. Signed-off-by: Hans Verkuil Signed-off-by: Mauro Carvalho Chehab drivers/media/cec/cec-adap.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) commit 35879ee4769099905fa3bda0b21e73d434e2df6a Author: Hans Verkuil Date: Fri Feb 10 07:18:36 2017 -0200 [media] videodev2.h: go back to limited range Y'CbCr for SRGB and, ADOBERGB This reverts 'commit 7e0739cd9c40 ("[media] videodev2.h: fix sYCC/AdobeYCC default quantization range"). The problem is that many drivers can convert R'G'B' content (often from sensors) to Y'CbCr, but they all produce limited range Y'CbCr. To stay backwards compatible the default quantization range for sRGB and AdobeRGB Y'CbCr encoding should be limited range, not full range, even though the corresponding standards specify full range. Update the V4L2_MAP_QUANTIZATION_DEFAULT define accordingly and also update the documentation. Fixes: 7e0739cd9c40 ("[media] videodev2.h: fix sYCC/AdobeYCC default quantization range") Signed-off-by: Hans Verkuil Cc: # for v4.9 and up Signed-off-by: Mauro Carvalho Chehab Documentation/media/uapi/v4l/pixfmt-007.rst | 23 +++++++++++++++++------ include/uapi/linux/videodev2.h | 7 +++---- 2 files changed, 20 insertions(+), 10 deletions(-) commit 25f71d1c3e98ef0e52371746220d66458eac75bc Author: Yang Yang Date: Fri Dec 30 16:17:55 2016 +0800 futex: Move futex_init() to core_initcall The UEVENT user mode helper is enabled before the initcalls are executed and is available when the root filesystem has been mounted. The user mode helper is triggered by device init calls and the executable might use the futex syscall. futex_init() is marked __initcall which maps to device_initcall, but there is no guarantee that futex_init() is invoked _before_ the first device init call which triggers the UEVENT user mode helper. If the user mode helper uses the futex syscall before futex_init() then the syscall crashes with a NULL pointer dereference because the futex subsystem has not been initialized yet. Move futex_init() to core_initcall so futexes are initialized before the root filesystem is mounted and the usermode helper becomes available. [ tglx: Rewrote changelog ] Signed-off-by: Yang Yang Cc: jiang.biao2@zte.com.cn Cc: jiang.zhengxiong@zte.com.cn Cc: zhong.weidong@zte.com.cn Cc: deng.huali@zte.com.cn Cc: Peter Zijlstra Cc: stable@vger.kernel.org Link: http://lkml.kernel.org/r/1483085875-6130-1-git-send-email-yang.yang29@zte.com.cn Signed-off-by: Thomas Gleixner kernel/futex.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 202461e2f3c15dbfb05825d29ace0d20cdf55fa4 Author: Mike Galbraith Date: Mon Feb 13 03:31:55 2017 +0100 tick/broadcast: Prevent deadlock on tick_broadcast_lock tick_broadcast_lock is taken from interrupt context, but the following call chain takes the lock without disabling interrupts: [ 12.703736] _raw_spin_lock+0x3b/0x50 [ 12.703738] tick_broadcast_control+0x5a/0x1a0 [ 12.703742] intel_idle_cpu_online+0x22/0x100 [ 12.703744] cpuhp_invoke_callback+0x245/0x9d0 [ 12.703752] cpuhp_thread_fun+0x52/0x110 [ 12.703754] smpboot_thread_fn+0x276/0x320 So the following deadlock can happen: lock(tick_broadcast_lock); lock(tick_broadcast_lock); intel_idle_cpu_online() is the only place which violates the calling convention of tick_broadcast_control(). This was caused by the removal of the smp function call in course of the cpu hotplug rework. Instead of slapping local_irq_disable/enable() at the call site, we can relax the calling convention and handle it in the core code, which makes the whole machinery more robust. Fixes: 29d7bbada98e ("intel_idle: Remove superfluous SMP fuction call") Reported-by: Gabriel C Signed-off-by: Mike Galbraith Cc: Ruslan Ruslichenko Cc: Jiri Slaby Cc: Greg KH Cc: Borislav Petkov Cc: lwn@lwn.net Cc: Andrew Morton Cc: Linus Torvalds Cc: Anna-Maria Gleixner Cc: Sebastian Siewior Cc: stable Link: http://lkml.kernel.org/r/1486953115.5912.4.camel@gmx.de Signed-off-by: Thomas Gleixner kernel/time/tick-broadcast.c | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) commit 8b74d439e1697110c5e5c600643e823eb1dd0762 Author: Eric Dumazet Date: Sun Feb 12 14:03:52 2017 -0800 net/llc: avoid BUG_ON() in skb_orphan() It seems nobody used LLC since linux-3.12. Fortunately fuzzers like syzkaller still know how to run this code, otherwise it would be no fun. Setting skb->sk without skb->destructor leads to all kinds of bugs, we now prefer to be very strict about it. Ideally here we would use skb_set_owner() but this helper does not exist yet, only CAN seems to have a private helper for that. Fixes: 376c7311bdb6 ("net: add a temporary sanity check in skb_orphan()") Signed-off-by: Eric Dumazet Reported-by: Andrey Konovalov Signed-off-by: David S. Miller net/llc/llc_conn.c | 3 +++ net/llc/llc_sap.c | 3 +++ 2 files changed, 6 insertions(+) commit 7f677633379b4abb3281cdbe7e7006f049305c03 Author: Alexei Starovoitov Date: Fri Feb 10 20:28:24 2017 -0800 bpf: introduce BPF_F_ALLOW_OVERRIDE flag If BPF_F_ALLOW_OVERRIDE flag is used in BPF_PROG_ATTACH command to the given cgroup the descendent cgroup will be able to override effective bpf program that was inherited from this cgroup. By default it's not passed, therefore override is disallowed. Examples: 1. prog X attached to /A with default prog Y fails to attach to /A/B and /A/B/C Everything under /A runs prog X 2. prog X attached to /A with allow_override. prog Y fails to attach to /A/B with default (non-override) prog M attached to /A/B with allow_override. Everything under /A/B runs prog M only. 3. prog X attached to /A with allow_override. prog Y fails to attach to /A with default. The user has to detach first to switch the mode. In the future this behavior may be extended with a chain of non-overridable programs. Also fix the bug where detach from cgroup where nothing is attached was not throwing error. Return ENOENT in such case. Add several testcases and adjust libbpf. Fixes: 3007098494be ("cgroup: add support for eBPF programs") Signed-off-by: Alexei Starovoitov Acked-by: Daniel Borkmann Acked-by: Tejun Heo Acked-by: Daniel Mack Signed-off-by: David S. Miller include/linux/bpf-cgroup.h | 13 ++++---- include/uapi/linux/bpf.h | 7 +++++ kernel/bpf/cgroup.c | 59 +++++++++++++++++++++++++++------- kernel/bpf/syscall.c | 20 ++++++++---- kernel/cgroup.c | 9 +++--- samples/bpf/test_cgrp2_attach.c | 2 +- samples/bpf/test_cgrp2_attach2.c | 68 +++++++++++++++++++++++++++++++++++++--- samples/bpf/test_cgrp2_sock.c | 2 +- samples/bpf/test_cgrp2_sock2.c | 2 +- tools/lib/bpf/bpf.c | 4 ++- tools/lib/bpf/bpf.h | 3 +- 11 files changed, 151 insertions(+), 38 deletions(-) commit 722c5ac708b4f5c1fcfad5fed4c95234c8b06590 Author: IHARA Hiroka Date: Sun Feb 12 18:34:53 2017 -0800 Input: elan_i2c - add ELAN0605 to the ACPI table ELAN0605 has been confirmed to be a variant of ELAN0600, which is blacklisted in the hid-core to be managed by elan_i2c. This device can be found in Lenovo ideapad 310s (80U4000). Signed-off-by: Hiroka IHARA Cc: stable@vger.kernel.org Signed-off-by: Dmitry Torokhov drivers/input/mouse/elan_i2c_core.c | 1 + 1 file changed, 1 insertion(+) commit 7089db84e356562f8ba737c29e472cc42d530dbc Author: Linus Torvalds Date: Sun Feb 12 13:03:20 2017 -0800 Linux 4.10-rc8 Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit e722af6391949e8851310441bb0cec157d25611d Author: Nathan Fontenot Date: Fri Feb 10 13:29:06 2017 -0500 ibmvnic: Call napi_disable instead of napi_enable in failure path The failure path in ibmvnic_open() mistakenly makes a second call to napi_enable instead of calling napi_disable. This can result in a BUG_ON for any queues that were enabled in the previous call to napi_enable. Signed-off-by: Nathan Fontenot Signed-off-by: David S. Miller drivers/net/ethernet/ibm/ibmvnic.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit db5d0b597bc27bbddf40f2f8359a73be4eb77104 Author: Nathan Fontenot Date: Fri Feb 10 13:45:05 2017 -0500 ibmvnic: Initialize completion variables before starting work Initialize condition variables prior to invoking any work that can mark them complete. This resolves a race in the ibmvnic driver where the driver faults trying to complete an uninitialized condition variable. Signed-off-by: Nathan Fontenot Signed-off-by: David S. Miller drivers/net/ethernet/ibm/ibmvnic.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) commit 1ce42845f987e92eabfc6e026d44d826c25c74a5 Merge: fdb0ee7 146fbb7 Author: Linus Torvalds Date: Sat Feb 11 10:31:46 2017 -0800 Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 fixes from Ingo Molnar: "Last minute x86 fixes: - Fix a softlockup detector warning and long delays if using ptdump with KASAN enabled. - Two more TSC-adjust fixes for interesting firmware interactions. - Two commits to fix an AMD CPU topology enumeration bug that caused a measurable gaming performance regression" * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/mm/ptdump: Fix soft lockup in page table walker x86/tsc: Make the TSC ADJUST sanitizing work for tsc_reliable x86/tsc: Avoid the large time jump when sanitizing TSC ADJUST x86/CPU/AMD: Fix Zen SMT topology x86/CPU/AMD: Bring back Compute Unit ID commit fdb0ee7c65781464168e2943a3fd6f1e66a397c9 Merge: d5b76be 7bdb59f Author: Linus Torvalds Date: Sat Feb 11 10:24:16 2017 -0800 Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull timer fix from Ingo Molnar: "Fix a sporadic missed timer hw reprogramming bug that can result in random delays" * 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: tick/nohz: Fix possible missing clock reprog after tick soft restart commit d5b76bef01047843cc65bd018046c76182b1fc81 Merge: 4e4f74a 451d24d Author: Linus Torvalds Date: Sat Feb 11 10:20:06 2017 -0800 Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull perf fixes from Ingo Molnar: "A kernel crash fix plus three tooling fixes" * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: perf/core: Fix crash in perf_event_read() perf callchain: Reference count maps perf diff: Fix -o/--order option behavior (again) perf diff: Fix segfault on 'perf diff -o N' option commit 4e4f74a7eebbc52eaa1dc3c0be6b3c68c0875b09 Merge: 21a7061 bfeda41 Author: Linus Torvalds Date: Sat Feb 11 10:16:05 2017 -0800 Merge branch 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull lockdep fix from Ingo Molnar: "This fixes an ugly lockdep stack trace output regression. (But also affects other stacktrace users such as kmemleak, KASAN, etc)" * 'locking-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: stacktrace, lockdep: Fix address, newline ugliness commit 21a7061c5ec300a8a12a0d6468eb7094e9c54a32 Merge: 2b95550 d128dfb Author: Linus Torvalds Date: Sat Feb 11 10:14:24 2017 -0800 Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull irq fixes from Ingo Molnar: "Two last minute ARM irqchip driver fixes" * 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: irqchip/mxs: Enable SKIP_SET_WAKE and MASK_ON_SUSPEND irqchip/keystone: Fix "scheduling while atomic" on rt commit 2b95550a4323e501e133dac1c9c9cad6ff17f4c1 Merge: 13ebfd0 6e78b3f Author: Linus Torvalds Date: Sat Feb 11 09:15:58 2017 -0800 Merge branch 'for-linus-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs Pull btrfs fixes from Chris Mason: "This has two last minute fixes. The highest priority here is a regression fix for the decompression code, but we also fixed up a problem with the 32-bit compat ioctls. The decompression bug could hand back the wrong data on big reads when zlib was used. I have a larger cleanup to make the math here less error prone, but at this stage in the release Omar's patch is the best choice" * 'for-linus-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs: btrfs: fix btrfs_decompress_buf2page() btrfs: fix btrfs_compat_ioctl failures on non-compat ioctls commit 13ebfd0601228fbbd92707ce4944ab1a09a4d821 Merge: 1ee1832 ed6de45 Author: Linus Torvalds Date: Sat Feb 11 09:01:03 2017 -0800 Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi Pull SCSI fixes from James Bottomley: "Six fairly small fixes. None is a real show stopper, two automation detected problems: one memory leak, one use after free and four others each of which fixes something that has been a significant source of annoyance to someone" * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: scsi: zfcp: fix use-after-free by not tracing WKA port open/close on failed send scsi: aacraid: Fix INTx/MSI-x issue with older controllers scsi: mpt3sas: disable ASPM for MPI2 controllers scsi: mpt3sas: Force request partial completion alignment scsi: qla2xxx: Avoid that issuing a LIP triggers a kernel crash scsi: qla2xxx: Fix a recently introduced memory leak commit 6e78b3f7a193546b1c00a6d084596e774f147169 Author: Omar Sandoval Date: Fri Feb 10 15:03:35 2017 -0800 Btrfs: fix btrfs_decompress_buf2page() If btrfs_decompress_buf2page() is handed a bio with its page in the middle of the working buffer, then we adjust the offset into the working buffer. After we copy into the bio, we advance the iterator by the number of bytes we copied. Then, we have some logic to handle the case of discontiguous pages and adjust the offset into the working buffer again. However, if we didn't advance the bio to a new page, we may enter this case in error, essentially repeating the adjustment that we already made when we entered the function. The end result is bogus data in the bio. Previously, we only checked for this case when we advanced to a new page, but the conversion to bio iterators changed that. This restores the old, correct behavior. A case I saw when testing with zlib was: buf_start = 42769 total_out = 46865 working_bytes = total_out - buf_start = 4096 start_byte = 45056 The condition (total_out > start_byte && buf_start < start_byte) is true, so we adjust the offset: buf_offset = start_byte - buf_start = 2287 working_bytes -= buf_offset = 1809 current_buf_start = buf_start = 42769 Then, we copy bytes = min(bvec.bv_len, PAGE_SIZE - buf_offset, working_bytes) = 1809 buf_offset += bytes = 4096 working_bytes -= bytes = 0 current_buf_start += bytes = 44578 After bio_advance(), we are still in the same page, so start_byte is the same. Then, we check (total_out > start_byte && current_buf_start < start_byte), which is true! So, we adjust the values again: buf_offset = start_byte - buf_start = 2287 working_bytes = total_out - start_byte = 1809 current_buf_start = buf_start + buf_offset = 45056 But note that working_bytes was already zero before this, so we should have stopped copying. Fixes: 974b1adc3b10 ("btrfs: use bio iterators for the decompression handlers") Reported-by: Pat Erley Reviewed-by: Chris Mason Signed-off-by: Omar Sandoval Signed-off-by: Chris Mason Reviewed-by: Liu Bo Tested-by: Liu Bo fs/btrfs/compression.c | 39 ++++++++++++++++++++++++--------------- 1 file changed, 24 insertions(+), 15 deletions(-) commit 1ee18329fae936089c6c599250ae92482ff2b81f Merge: a9dbf5c 72fb96e7 Author: Linus Torvalds Date: Fri Feb 10 14:44:49 2017 -0800 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net Pull networking fixes from David Miller: 1) If the timing is wrong we can indefinitely stop generating new ipv6 temporary addresses, from Marcus Huewe. 2) Don't double free per-cpu stats in ipv6 SIT tunnel driver, from Cong Wang. 3) Put protections in place so that AF_PACKET is not able to submit packets which don't even have a link level header to drivers. From Willem de Bruijn. 4) Fix memory leaks in ipv4 and ipv6 multicast code, from Hangbin Liu. 5) Don't use udp_ioctl() in l2tp code, UDP version expects a UDP socket and that doesn't go over very well when it is passed an L2TP one. Fix from Eric Dumazet. 6) Don't crash on NULL pointer in phy_attach_direct(), from Florian Fainelli. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: l2tp: do not use udp_ioctl() xen-netfront: Delete rx_refill_timer in xennet_disconnect_backend() NET: mkiss: Fix panic net: hns: Fix the device being used for dma mapping during TX net: phy: Initialize mdio clock at probe function igmp, mld: Fix memory leak in igmpv3/mld_del_delrec() xen-netfront: Improve error handling during initialization sierra_net: Skip validating irrelevant fields for IDLE LSIs sierra_net: Add support for IPv6 and Dual-Stack Link Sense Indications kcm: fix 0-length case for kcm_sendmsg() xen-netfront: Rework the fix for Rx stall during OOM and network stress net: phy: Fix PHY module checks and NULL deref in phy_attach_direct() net: thunderx: Fix PHY autoneg for SGMII QLM mode net: dsa: Do not destroy invalid network devices ping: fix a null pointer dereference packet: round up linear to header len net: introduce device min_header_len sit: fix a double free on error path lwtunnel: valid encap attr check should return 0 when lwtunnel is disabled ipv6: addrconf: fix generation of new temporary addresses commit a9dbf5c8d4c90f54777f89daf0e34d390808b672 Merge: aca9fa0 646ebd4 Author: Linus Torvalds Date: Fri Feb 10 14:41:16 2017 -0800 Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma Pull rdma fixes from Doug Ledford: "Third round of -rc fixes for 4.10 kernel: - two security related issues in the rxe driver - one compile issue in the RDMA uapi header" * tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma: RDMA: Don't reference kernel private header from UAPI header IB/rxe: Fix mem_check_range integer overflow IB/rxe: Fix resid update commit aca9fa0c8d225b1446dbed798b1d2f20e37e52cf Merge: fc6f41b bbb27fc Author: Linus Torvalds Date: Fri Feb 10 14:39:08 2017 -0800 Merge branch 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux Pull i2c bugfixes from Wolfram Sang: "Two bugfixes (proper IO mapping and use of mutex) for a driver feature we introduced in this cycle" * 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux: i2c: piix4: Request the SMBUS semaphore inside the mutex i2c: piix4: Fix request_region size commit fc6f41ba8b2e705f91324db158c3cc28209a15b1 Merge: 1f369d1 5cad24d Author: Linus Torvalds Date: Fri Feb 10 14:35:22 2017 -0800 Merge tag 'mmc-v4.10-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc Pull MMC host fix from Ulf Hansson: "mmci: Fix hang while waiting for busy-end interrupt" * tag 'mmc-v4.10-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc: mmc: mmci: avoid clearing ST Micro busy end interrupt mistakenly commit 1f369d1655c1de415a186c6ce9004e40ca790989 Merge: 7fe654d af67716 Author: Linus Torvalds Date: Fri Feb 10 14:29:30 2017 -0800 Merge tag 'sound-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound Pull sound fixes from Takashi Iwai: "Here are some last-minute fixes: two fixes for races in ALSA sequencer queue spotted by syzkaller, a revert for a regression of LINE6 driver (since 4.9), and a trivial new codec ID addition for Nvidia HDMI" * tag 'sound-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: ALSA: hda - adding a new NV HDMI/DP codec ID in the driver ALSA: seq: Fix race at creating a queue Revert "ALSA: line6: Only determine control port properties if needed" ALSA: seq: Don't handle loop timeout at snd_seq_pool_done() commit 7fe654dca20892f37226c31bdd2d5b932f8d843a Merge: 3ebc703 0839ffb Author: Linus Torvalds Date: Fri Feb 10 14:23:45 2017 -0800 Merge tag 'nfsd-4.10-3' of git://linux-nfs.org/~bfields/linux Pull nfsd revert from Bruce Fields: "This patch turned out to have a couple problems. The problems are fixable, but at least one of the fixes is a little ugly. The original bug has always been there, so we can wait another week or two to get this right" * tag 'nfsd-4.10-3' of git://linux-nfs.org/~bfields/linux: nfsd: Revert "nfsd: special case truncates some more" commit 3ebc7033168d43d12e4941f48a6f257d3f1ea1b5 Merge: 3d88460 f83e686 Author: Linus Torvalds Date: Fri Feb 10 14:10:35 2017 -0800 Merge tag 'powerpc-4.10-4' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux Pull powerpc fixes friom Michael Ellerman: "Apologies for the late pull request, but Ben has been busy finding bugs. - Userspace was semi-randomly segfaulting on radix due to us incorrectly handling a fault triggered by autonuma, caused by a patch we merged earlier in v4.10 to prevent the kernel executing userspace. - We weren't marking host IPIs properly for KVM in the OPAL ICP backend. - The ERAT flushing on radix was missing an isync and was incorrectly marked as DD1 only. - The powernv CPU hotplug code was missing a wakeup type and failing to flush the interrupt correctly when using OPAL ICP Thanks to Benjamin Herrenschmidt" * tag 'powerpc-4.10-4' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux: powerpc/powernv: Properly set "host-ipi" on IPIs powerpc/powernv: Fix CPU hotplug to handle waking on HVI powerpc/mm/radix: Update ERAT flushes when invalidating TLB powerpc/mm: Fix spurrious segfaults on radix with autonuma commit 72fb96e7bdbbdd4421b0726992496531060f3636 Author: Eric Dumazet Date: Thu Feb 9 16:15:52 2017 -0800 l2tp: do not use udp_ioctl() udp_ioctl(), as its name suggests, is used by UDP protocols, but is also used by L2TP :( L2TP should use its own handler, because it really does not look the same. SIOCINQ for instance should not assume UDP checksum or headers. Thanks to Andrey and syzkaller team for providing the report and a nice reproducer. While crashes only happen on recent kernels (after commit 7c13f97ffde6 ("udp: do fwd memory scheduling on dequeue")), this probably needs to be backported to older kernels. Fixes: 7c13f97ffde6 ("udp: do fwd memory scheduling on dequeue") Fixes: 85584672012e ("udp: Fix udp_poll() and ioctl()") Signed-off-by: Eric Dumazet Reported-by: Andrey Konovalov Acked-by: Paolo Abeni Signed-off-by: David S. Miller net/l2tp/l2tp_core.h | 1 + net/l2tp/l2tp_ip.c | 27 ++++++++++++++++++++++++++- net/l2tp/l2tp_ip6.c | 2 +- 3 files changed, 28 insertions(+), 2 deletions(-) commit f3c7bfbda7ce03c603b4292efddc944228dccc55 Merge: 57b59ed 2a36224 Author: Chris Mason Date: Fri Feb 10 12:53:18 2017 -0800 Merge branch 'for-chris' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux into for-linus-4.10 commit 74470954857c264168d2b5a113904cf0cfd27d18 Author: Boris Ostrovsky Date: Mon Jan 30 12:45:46 2017 -0500 xen-netfront: Delete rx_refill_timer in xennet_disconnect_backend() rx_refill_timer should be deleted as soon as we disconnect from the backend since otherwise it is possible for the timer to go off before we get to xennet_destroy_queues(). If this happens we may dereference queue->rx.sring which is set to NULL in xennet_disconnect_backend(). Signed-off-by: Boris Ostrovsky CC: stable@vger.kernel.org Reviewed-by: Juergen Gross Signed-off-by: David S. Miller drivers/net/xen-netfront.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 7ba1b689038726d34e3244c1ac9e2e18c2ea4787 Author: Ralf Baechle Date: Thu Feb 9 14:12:11 2017 +0100 NET: mkiss: Fix panic If a USB-to-serial adapter is unplugged, the driver re-initializes, with dev->hard_header_len and dev->addr_len set to zero, instead of the correct values. If then a packet is sent through the half-dead interface, the kernel will panic due to running out of headroom in the skb when pushing for the AX.25 headers resulting in this panic: [] (skb_panic) from [] (skb_push+0x4c/0x50) [] (skb_push) from [] (ax25_hard_header+0x34/0xf4 [ax25]) [] (ax25_hard_header [ax25]) from [] (ax_header+0x38/0x40 [mkiss]) [] (ax_header [mkiss]) from [] (neigh_compat_output+0x8c/0xd8) [] (neigh_compat_output) from [] (ip_finish_output+0x2a0/0x914) [] (ip_finish_output) from [] (ip_output+0xd8/0xf0) [] (ip_output) from [] (ip_local_out_sk+0x44/0x48) This patch makes mkiss behave like the 6pack driver. 6pack does not panic. In 6pack.c sp_setup() (same function name here) the values for dev->hard_header_len and dev->addr_len are set to the same values as in my mkiss patch. [ralf@linux-mips.org: Massages original submission to conform to the usual standards for patch submissions.] Signed-off-by: Thomas Osterried Signed-off-by: Ralf Baechle Signed-off-by: David S. Miller drivers/net/hamradio/mkiss.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit b85ea006b6bebb692628f11882af41c3e12e1e09 Author: Kejian Yan Date: Thu Feb 9 11:46:15 2017 +0000 net: hns: Fix the device being used for dma mapping during TX This patch fixes the device being used to DMA map skb->data. Erroneous device assignment causes the crash when SMMU is enabled. This happens during TX since buffer gets DMA mapped with device correspondign to net_device and gets unmapped using the device related to DSAF. Signed-off-by: Kejian Yan Reviewed-by: Yisen Zhuang Signed-off-by: Salil Mehta Signed-off-by: David S. Miller drivers/net/ethernet/hisilicon/hns/hns_enet.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d128dfb514f55af040c38a6b3b131d72b6f115d0 Merge: 3d88460 88e20c7 Author: Thomas Gleixner Date: Fri Feb 10 14:44:01 2017 +0100 Merge tag 'irqchip-fixes-4.10' of git://git.infradead.org/users/jcooper/linux into irq/urgent Pull irqchip fixes for v4.10 from Jason Cooper - keystone: Fix scheduling while atomic for realtime - mxs: Enable SKIP_SET_WAKE and MASK_ON_SUSPEND commit 146fbb766934dc003fcbf755b519acef683576bf Author: Andrey Ryabinin Date: Fri Feb 10 12:54:05 2017 +0300 x86/mm/ptdump: Fix soft lockup in page table walker CONFIG_KASAN=y needs a lot of virtual memory mapped for its shadow. In that case ptdump_walk_pgd_level_core() takes a lot of time to walk across all page tables and doing this without a rescheduling causes soft lockups: NMI watchdog: BUG: soft lockup - CPU#3 stuck for 23s! [swapper/0:1] ... Call Trace: ptdump_walk_pgd_level_core+0x40c/0x550 ptdump_walk_pgd_level_checkwx+0x17/0x20 mark_rodata_ro+0x13b/0x150 kernel_init+0x2f/0x120 ret_from_fork+0x2c/0x40 I guess that this issue might arise even without KASAN on huge machines with several terabytes of RAM. Stick cond_resched() in pgd loop to fix this. Reported-by: Tobias Regnery Signed-off-by: Andrey Ryabinin Cc: kasan-dev@googlegroups.com Cc: Alexander Potapenko Cc: "Paul E . McKenney" Cc: Dmitry Vyukov Cc: stable@vger.kernel.org Link: http://lkml.kernel.org/r/20170210095405.31802-1-aryabinin@virtuozzo.com Signed-off-by: Thomas Gleixner arch/x86/mm/dump_pagetables.c | 2 ++ 1 file changed, 2 insertions(+) commit 5f2e71e71410ecb858cfec184ba092adaca61626 Author: Thomas Gleixner Date: Thu Feb 9 16:08:42 2017 +0100 x86/tsc: Make the TSC ADJUST sanitizing work for tsc_reliable When the TSC is marked reliable then the synchronization check is skipped, but that also skips the TSC ADJUST sanitizing code. So on a machine with a wreckaged BIOS the TSC deviation between CPUs might go unnoticed. Let the TSC adjust sanitizing code run unconditionally and just skip the expensive synchronization checks when TSC is marked reliable. Signed-off-by: Thomas Gleixner Cc: Peter Zijlstra Cc: Olof Johansson Link: http://lkml.kernel.org/r/20170209151231.491189912@linutronix.de Signed-off-by: Thomas Gleixner arch/x86/kernel/tsc_sync.c | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) commit f2e04214ef7f7e49d1e06109ad1b2718155dab25 Author: Thomas Gleixner Date: Thu Feb 9 16:08:41 2017 +0100 x86/tsc: Avoid the large time jump when sanitizing TSC ADJUST Olof reported that on a machine which has a BIOS wreckaged TSC the timestamps in dmesg are making a large jump because the TSC value is jumping forward after resetting the TSC ADJUST register to a sane value. This can be avoided by calling the TSC ADJUST saniziting function before initializing the per cpu sched clock machinery. That takes the offset into account and avoid the time jump. What cannot be avoided is that the 'Firmware Bug' warnings on the secondary CPUs are printed with the large time offsets because it would be too much effort and ugly hackery to print those warnings into a buffer and emit them after the adjustemt on the starting CPUs. It's a firmware bug and should be fixed in firmware. The weird timestamps are collateral damage and just illustrate the sillyness of the BIOS folks: [ 0.397445] smp: Bringing up secondary CPUs ... [ 0.402100] x86: Booting SMP configuration: [ 0.406343] .... node #0, CPUs: #1 [1265776479.930667] [Firmware Bug]: TSC ADJUST differs: Reference CPU0: -2978888639075328 CPU1: -2978888639183101 [1265776479.944664] TSC ADJUST synchronize: Reference CPU0: 0 CPU1: -2978888639183101 [ 0.508119] #2 [1265776480.032346] [Firmware Bug]: TSC ADJUST differs: Reference CPU0: -2978888639075328 CPU2: -2978888639183677 [1265776480.044192] TSC ADJUST synchronize: Reference CPU0: 0 CPU2: -2978888639183677 [ 0.607643] #3 [1265776480.131874] [Firmware Bug]: TSC ADJUST differs: Reference CPU0: -2978888639075328 CPU3: -2978888639184530 [1265776480.143720] TSC ADJUST synchronize: Reference CPU0: 0 CPU3: -2978888639184530 [ 0.707108] smp: Brought up 1 node, 4 CPUs [ 0.711271] smpboot: Total of 4 processors activated (21698.88 BogoMIPS) Reported-by: Olof Johansson Signed-off-by: Thomas Gleixner Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/20170209151231.411460506@linutronix.de Signed-off-by: Thomas Gleixner arch/x86/kernel/tsc.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 7bdb59f1ad474bd7161adc8f923cdef10f2638d1 Author: Frederic Weisbecker Date: Tue Feb 7 17:44:54 2017 +0100 tick/nohz: Fix possible missing clock reprog after tick soft restart ts->next_tick keeps track of the next tick deadline in order to optimize clock programmation on irq exit and avoid redundant clock device writes. Now if ts->next_tick missed an update, we may spuriously miss a clock reprog later as the nohz code is fooled by an obsolete next_tick value. This is what happens here on a specific path: when we observe an expired timer from the nohz update code on irq exit, we perform a soft tick restart which simply fires the closest possible tick without actually exiting the nohz mode and restoring a periodic state. But we forget to update ts->next_tick accordingly. As a result, after the next tick resulting from such soft tick restart, the nohz code sees a stale value on ts->next_tick which doesn't match the clock deadline that just expired. If that obsolete ts->next_tick value happens to collide with the actual next tick deadline to be scheduled, we may spuriously bypass the clock reprogramming. In the worst case, the tick may never fire again. Fix this with a ts->next_tick reset on soft tick restart. Signed-off-by: Frederic Weisbecker Reviewed: Wanpeng Li Acked-by: Rik van Riel Cc: Peter Zijlstra Cc: stable@vger.kernel.org Link: http://lkml.kernel.org/r/1486485894-29173-1-git-send-email-fweisbec@gmail.com Signed-off-by: Thomas Gleixner kernel/time/tick-sched.c | 5 +++++ 1 file changed, 5 insertions(+) commit 451d24d1e5f40bad000fa9abe36ddb16fc9928cb Author: Peter Zijlstra Date: Tue Jan 31 11:27:10 2017 +0100 perf/core: Fix crash in perf_event_read() Alexei had his box explode because doing read() on a package (rapl/uncore) event that isn't currently scheduled in ends up doing an out-of-bounds load. Rework the code to more explicitly deal with event->oncpu being -1. Reported-by: Alexei Starovoitov Tested-by: Alexei Starovoitov Tested-by: David Carrillo-Cisneros Signed-off-by: Peter Zijlstra (Intel) Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: eranian@google.com Fixes: d6a2f9035bfc ("perf/core: Introduce PMU_EV_CAP_READ_ACTIVE_PKG") Link: http://lkml.kernel.org/r/20170131102710.GL6515@twins.programming.kicks-ass.net Signed-off-by: Ingo Molnar kernel/events/core.c | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) commit ed6de4560ad2f7578be3a9ca1364e268c641f3a7 Merge: ad3efdb 2dfa668 Author: James Bottomley Date: Thu Feb 9 21:00:46 2017 -0800 Merge remote-tracking branch 'mkp-scsi/4.10/scsi-fixes' into fixes commit 0839ffb83e44e5ff1843e932592525fc2bff23ff Author: J. Bruce Fields Date: Thu Feb 9 14:20:42 2017 -0500 nfsd: Revert "nfsd: special case truncates some more" This patch incorrectly attempted nested mnt_want_write, and incorrectly disabled nfsd's owner override for truncate. We'll fix those problems and make another attempt soon, for the moment I think the safest is to revert. Signed-off-by: J. Bruce Fields fs/nfsd/vfs.c | 97 ++++++++++++++++++++++++++++++++++++----------------------- 1 file changed, 60 insertions(+), 37 deletions(-) commit 3d88460dbd285e7f32437b530d5bb7cb916142fa Merge: 55aac6e 697d3a2 Author: Linus Torvalds Date: Thu Feb 9 17:46:30 2017 -0800 Merge tag 'drm-fixes-for-v4.10-rc8' of git://people.freedesktop.org/~airlied/linux Pull drm fixes from Dave Airlie: "This should be the final set of drm fixes for 4.10: one vmwgfx boot fix, one vc4 fix, and a few i915 fixes: * tag 'drm-fixes-for-v4.10-rc8' of git://people.freedesktop.org/~airlied/linux: drm: vc4: adapt to new behaviour of drm_crtc.c drm/i915: Always convert incoming exec offsets to non-canonical drm/i915: Remove overzealous fence warn on runtime suspend drm/i915/bxt: Add MST support when do DPLL calculation drm/i915: don't warn about Skylake CPU - KabyPoint PCH combo drm/i915: fix i915 running as dom0 under Xen drm/i915: Flush untouched framebuffers before display on !llc drm/i915: fix use-after-free in page_flip_completed() drm/vmwgfx: Fix depth input into drm_mode_legacy_fb_format commit 2dfa6688aafdc3f74efeb1cf05fb871465d67f79 Author: Steffen Maier Date: Wed Feb 8 15:34:22 2017 +0100 scsi: zfcp: fix use-after-free by not tracing WKA port open/close on failed send Dan Carpenter kindly reported: The patch d27a7cb91960: "zfcp: trace on request for open and close of WKA port" from Aug 10, 2016, leads to the following static checker warning: drivers/s390/scsi/zfcp_fsf.c:1615 zfcp_fsf_open_wka_port() warn: 'req' was already freed. drivers/s390/scsi/zfcp_fsf.c 1609 zfcp_fsf_start_timer(req, ZFCP_FSF_REQUEST_TIMEOUT); 1610 retval = zfcp_fsf_req_send(req); 1611 if (retval) 1612 zfcp_fsf_req_free(req); ^^^ Freed. 1613 out: 1614 spin_unlock_irq(&qdio->req_q_lock); 1615 if (req && !IS_ERR(req)) 1616 zfcp_dbf_rec_run_wka("fsowp_1", wka_port, req->req_id); ^^^^^^^^^^^ Use after free. 1617 return retval; 1618 } Same thing for zfcp_fsf_close_wka_port() as well. Rather than relying on req being NULL (or ERR_PTR) for all cases where we don't want to trace or should not trace, simply check retval which is unconditionally initialized with -EIO != 0 and it can only become 0 on successful retval = zfcp_fsf_req_send(req). With that we can also remove the then again unnecessary unconditional initialization of req which was introduced with that earlier commit. Reported-by: Dan Carpenter Suggested-by: Benjamin Block Signed-off-by: Steffen Maier Fixes: d27a7cb91960 ("zfcp: trace on request for open and close of WKA port") Cc: #2.6.38+ Reviewed-by: Benjamin Block Reviewed-by: Jens Remus Signed-off-by: Martin K. Petersen drivers/s390/scsi/zfcp_fsf.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 8af8e1c22f9994bb1849c01d66c24fe23f9bc9a0 Author: Dave Carroll Date: Thu Feb 9 11:04:47 2017 -0700 scsi: aacraid: Fix INTx/MSI-x issue with older controllers commit 78cbccd3bd68 ("aacraid: Fix for KDUMP driver hang") caused a problem on older controllers which do not support MSI-x (namely ASR3405,ASR3805). This patch conditionalizes the previous patch to controllers which support MSI-x Cc: # v4.7+ Fixes: 78cbccd3bd68 ("aacraid: Fix for KDUMP driver hang") Reported-by: Arkadiusz Miskiewicz Signed-off-by: Dave Carroll Reviewed-by: Raghava Aditya Renukunta Signed-off-by: Martin K. Petersen drivers/scsi/aacraid/comminit.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) commit 697d3a21615672b2bf7724a65755799260325dda Merge: 811b40c 6e7eb178 Author: Dave Airlie Date: Fri Feb 10 10:14:24 2017 +1000 Merge tag 'drm-intel-fixes-2017-02-09' of git://anongit.freedesktop.org/git/drm-intel into drm-fixes Hopefully final fixes for v4.10, about half of them stable material. * tag 'drm-intel-fixes-2017-02-09' of git://anongit.freedesktop.org/git/drm-intel: drm/i915: Always convert incoming exec offsets to non-canonical drm/i915: Remove overzealous fence warn on runtime suspend drm/i915/bxt: Add MST support when do DPLL calculation drm/i915: don't warn about Skylake CPU - KabyPoint PCH combo drm/i915: fix i915 running as dom0 under Xen drm/i915: Flush untouched framebuffers before display on !llc drm/i915: fix use-after-free in page_flip_completed() commit 811b40c83db047ba22a0c5b638186ed2b8c9810c Merge: 5d18a61 49d29a0 Author: Dave Airlie Date: Fri Feb 10 10:14:01 2017 +1000 Merge tag 'drm-misc-fixes-2017-02-09' of git://anongit.freedesktop.org/git/drm-misc into drm-fixes Last-minute vc4 fix for 4.10. * tag 'drm-misc-fixes-2017-02-09' of git://anongit.freedesktop.org/git/drm-misc: drm: vc4: adapt to new behaviour of drm_crtc.c commit ffdadd68af5a397b8a52289ab39d62e1acb39e63 Author: ojab Date: Wed Dec 28 11:05:24 2016 +0000 scsi: mpt3sas: disable ASPM for MPI2 controllers MPI2 controllers sometimes got lost (i.e. disappear from /sys/bus/pci/devices) if ASMP is enabled. Signed-off-by: Slava Kardakov Fixes: https://bugzilla.kernel.org/show_bug.cgi?id=60644 Cc: Acked-by: Sreekanth Reddy Signed-off-by: Martin K. Petersen drivers/scsi/mpt3sas/mpt3sas_scsih.c | 3 +++ 1 file changed, 3 insertions(+) commit bb1a619735b4660f21bce3e728b937640024b4ad Author: Yendapally Reddy Dhananjaya Reddy Date: Wed Feb 8 17:14:26 2017 -0500 net: phy: Initialize mdio clock at probe function USB PHYs need the MDIO clock divisor enabled earlier to work. Initialize mdio clock divisor in probe function. The ext bus bit available in the same register will be used by mdio mux to enable external mdio. Signed-off-by: Yendapally Reddy Dhananjaya Reddy Fixes: ddc24ae1 ("net: phy: Broadcom iProc MDIO bus driver") Reviewed-by: Florian Fainelli Signed-off-by: Jon Mason Signed-off-by: David S. Miller drivers/net/phy/mdio-bcm-iproc.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) commit 9c8bb163ae784be4f79ae504e78c862806087c54 Author: Hangbin Liu Date: Wed Feb 8 21:16:45 2017 +0800 igmp, mld: Fix memory leak in igmpv3/mld_del_delrec() In function igmpv3/mld_add_delrec() we allocate pmc and put it in idev->mc_tomb, so we should free it when we don't need it in del_delrec(). But I removed kfree(pmc) incorrectly in latest two patches. Now fix it. Fixes: 24803f38a5c0 ("igmp: do not remove igmp souce list info when ...") Fixes: 1666d49e1d41 ("mld: do not remove mld souce list info when ...") Reported-by: Daniel Borkmann Signed-off-by: Hangbin Liu Signed-off-by: David S. Miller net/ipv4/igmp.c | 1 + net/ipv6/mcast.c | 1 + 2 files changed, 2 insertions(+) commit e2e004acc7cbe3c531e752a270a74e95cde3ea48 Author: Ross Lagerwall Date: Wed Feb 8 10:57:37 2017 +0000 xen-netfront: Improve error handling during initialization This fixes a crash when running out of grant refs when creating many queues across many netdevs. * If creating queues fails (i.e. there are no grant refs available), call xenbus_dev_fatal() to ensure that the xenbus device is set to the closed state. * If no queues are created, don't call xennet_disconnect_backend as netdev->real_num_tx_queues will not have been set correctly. * If setup_netfront() fails, ensure that all the queues created are cleaned up, not just those that have been set up. * If any queues were set up and an error occurs, call xennet_destroy_queues() to clean up the napi context. * If any fatal error occurs, unregister and destroy the netdev to avoid leaving around a half setup network device. Signed-off-by: Ross Lagerwall Reviewed-by: Boris Ostrovsky Signed-off-by: David S. Miller drivers/net/xen-netfront.c | 29 +++++++++++------------------ 1 file changed, 11 insertions(+), 18 deletions(-) commit 1b5805c29c7fffc569b749c760b2bafce925df87 Merge: 98e3862c 764895d Author: David S. Miller Date: Thu Feb 9 16:41:43 2017 -0500 Merge branch 'sierra_net-fixes' Stefan Brüns says: ==================== Fixes for sierra_net driver When trying to initiate a dual-stack (ipv4v6) connection, a MC7710, FW version SWI9200X_03.05.24.00ap answers with an unsupported LSI. Add support for this LSI. Also the link_type should be ignored when going idle, otherwise the modem is stuck in a bad link state. Tested on MC7710, T-Mobile DE, APN internet.telekom, IPv4v6 PDP type. Both IPv4 and IPv6 connections work. v2: Do not overwrite protocol field in rx_fixup v3: Remove leftover struct ethhdr *eth declaration ==================== Signed-off-by: David S. Miller commit 764895d3039e903dac3a70f219949efe43d036a0 Author: Stefan Brüns Date: Wed Feb 8 02:46:33 2017 +0100 sierra_net: Skip validating irrelevant fields for IDLE LSIs When the context is deactivated, the link_type is set to 0xff, which triggers a warning message, and results in a wrong link status, as the LSI is ignored. Signed-off-by: Stefan Brüns Signed-off-by: David S. Miller drivers/net/usb/sierra_net.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) commit 5a70348e1187c5bf1cbd0ec51843f36befed1c2d Author: Stefan Brüns Date: Wed Feb 8 02:46:32 2017 +0100 sierra_net: Add support for IPv6 and Dual-Stack Link Sense Indications If a context is configured as dualstack ("IPv4v6"), the modem indicates the context activation with a slightly different indication message. The dual-stack indication omits the link_type (IPv4/v6) and adds additional address fields. IPv6 LSIs are identical to IPv4 LSIs, but have a different link type. Signed-off-by: Stefan Brüns Reviewed-by: Bjørn Mork Signed-off-by: David S. Miller drivers/net/usb/sierra_net.c | 101 ++++++++++++++++++++++++++++--------------- 1 file changed, 66 insertions(+), 35 deletions(-) commit 98e3862ca2b1ae595a13805dcab4c3a6d7718f4d Author: WANG Cong Date: Tue Feb 7 12:59:47 2017 -0800 kcm: fix 0-length case for kcm_sendmsg() Dmitry reported a kernel warning: WARNING: CPU: 3 PID: 2936 at net/kcm/kcmsock.c:627 kcm_write_msgs+0x12e3/0x1b90 net/kcm/kcmsock.c:627 CPU: 3 PID: 2936 Comm: a.out Not tainted 4.10.0-rc6+ #209 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:15 [inline] dump_stack+0x2ee/0x3ef lib/dump_stack.c:51 panic+0x1fb/0x412 kernel/panic.c:179 __warn+0x1c4/0x1e0 kernel/panic.c:539 warn_slowpath_null+0x2c/0x40 kernel/panic.c:582 kcm_write_msgs+0x12e3/0x1b90 net/kcm/kcmsock.c:627 kcm_sendmsg+0x163a/0x2200 net/kcm/kcmsock.c:1029 sock_sendmsg_nosec net/socket.c:635 [inline] sock_sendmsg+0xca/0x110 net/socket.c:645 sock_write_iter+0x326/0x600 net/socket.c:848 new_sync_write fs/read_write.c:499 [inline] __vfs_write+0x483/0x740 fs/read_write.c:512 vfs_write+0x187/0x530 fs/read_write.c:560 SYSC_write fs/read_write.c:607 [inline] SyS_write+0xfb/0x230 fs/read_write.c:599 entry_SYSCALL_64_fastpath+0x1f/0xc2 when calling syscall(__NR_write, sock2, 0x208aaf27ul, 0x0ul) on a KCM seqpacket socket. It appears that kcm_sendmsg() does not handle len==0 case correctly, which causes an empty skb is allocated and queued. Fix this by skipping the skb allocation for len==0 case. Reported-by: Dmitry Vyukov Cc: Tom Herbert Signed-off-by: Cong Wang Signed-off-by: David S. Miller net/kcm/kcmsock.c | 40 ++++++++++++++++++++++------------------ 1 file changed, 22 insertions(+), 18 deletions(-) commit 538d92912d3190a1dd809233a0d57277459f37b2 Author: Vineeth Remanan Pillai Date: Tue Feb 7 18:59:01 2017 +0000 xen-netfront: Rework the fix for Rx stall during OOM and network stress The commit 90c311b0eeea ("xen-netfront: Fix Rx stall during network stress and OOM") caused the refill timer to be triggerred almost on all invocations of xennet_alloc_rx_buffers for certain workloads. This reworks the fix by reverting to the old behaviour and taking into consideration the skb allocation failure. Refill timer is now triggered on insufficient requests or skb allocation failure. Signed-off-by: Vineeth Remanan Pillai Fixes: 90c311b0eeea (xen-netfront: Fix Rx stall during network stress and OOM) Reported-by: Boris Ostrovsky Reviewed-by: Boris Ostrovsky Signed-off-by: David S. Miller drivers/net/xen-netfront.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) commit 55aac6ef53e114c28170ee3f79065cfa8ca9cf3f Merge: 2b36947 b22bc27 Author: Linus Torvalds Date: Thu Feb 9 13:22:54 2017 -0800 Merge git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending Pull SCSI target fixes from Nicholas Bellinger: "This target series for v4.10 contains fixes which address a few long-standing bugs that DATERA's QA + automation teams have uncovered while putting v4.1.y target code into production usage. We've been running the top three in our nightly automated regression runs for the last two months, and the COMPARE_AND_WRITE fix Mr. Gary Guo has been manually verifying against a four node ESX cluster this past week. Note all of them have CC' stable tags. Summary: - Fix a bug with ESX EXTENDED_COPY + SAM_STAT_RESERVATION_CONFLICT status, where target_core_xcopy.c logic was incorrectly returning SAM_STAT_CHECK_CONDITION for all non SAM_STAT_GOOD cases (Nixon Vincent) - Fix a TMR LUN_RESET hung task bug while other in-flight TMRs are being aborted, before the new one had been dispatched into tmr_wq (Rob Millner) - Fix a long standing double free OOPs, where a dynamically generated 'demo-mode' NodeACL has multiple sessions associated with it, and the /sys/kernel/config/target/$FABRIC/$WWN/ subsequently disables demo-mode, but never converts the dynamic ACL into a explicit ACL (Rob Millner) - Fix a long standing reference leak with ESX VAAI COMPARE_AND_WRITE when the second phase WRITE COMMIT command fails, resulting in CHECK_CONDITION response never being sent and se_cmd->cmd_kref never reaching zero (Gary Guo) Beyond these items on v4.1.y we've reproduced, fixed, and run through our regression test suite using iscsi-target exports, there are two additional outstanding list items: - Remove a >= v4.2 RCU conversion BUG_ON that would trigger when dynamic node NodeACLs where being converted to explicit NodeACLs. The patch drops the BUG_ON to follow how pre RCU conversion worked for this special case (Benjamin Estrabaud) - Add ibmvscsis target_core_fabric_ops->max_data_sg_nent assignment to match what IBM's Virtual SCSI hypervisor is already enforcing at transport layer. (Bryant Ly + Steven Royer)" * git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending: ibmvscsis: Add SGL limit target: Fix COMPARE_AND_WRITE ref leak for non GOOD status target: Fix multi-session dynamic se_node_acl double free OOPs target: Fix early transport_generic_handle_tmr abort scenario target: Use correct SCSI status during EXTENDED_COPY exception target: Don't BUG_ON during NodeACL dynamic -> explicit conversion commit 6d9f66ac7fec2a6ccd649e5909806dfe36f1fc25 Author: Florian Fainelli Date: Wed Feb 8 19:05:26 2017 -0800 net: phy: Fix PHY module checks and NULL deref in phy_attach_direct() The Generic PHY drivers gets assigned after we checked that the current PHY driver is NULL, so we need to check a few things before we can safely dereference d->driver. This would be causing a NULL deference to occur when a system binds to the Generic PHY driver. Update phy_attach_direct() to do the following: - grab the driver module reference after we have assigned the Generic PHY drivers accordingly, and remember we came from the generic PHY path - update the error path to clean up the module reference in case the Generic PHY probe function fails - split the error path involving phy_detacht() to avoid double free/put since phy_detach() does all the clean up - finally, have phy_detach() drop the module reference count before we call device_release_driver() for the Generic PHY driver case Fixes: cafe8df8b9bc ("net: phy: Fix lack of reference count on PHY driver") Signed-off-by: Florian Fainelli Signed-off-by: David S. Miller drivers/net/phy/phy_device.c | 28 ++++++++++++++++++++-------- 1 file changed, 20 insertions(+), 8 deletions(-) commit 2b369478e1856e3809f439495567474725931585 Merge: 99378fd 8672aed Author: Linus Torvalds Date: Thu Feb 9 12:25:42 2017 -0800 Merge tag 'pstore-v4.10-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux Pull pstore fix from Kees Cook: "Fix pstore regression (boot Oops) when ftrace disabled, from Brian Norris" * tag 'pstore-v4.10-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: pstore: don't OOPS when there are no ftrace zones commit 99378fd26803328cbab64ae60fa98e1394d07a6d Merge: 189addc 413d373 Author: Linus Torvalds Date: Thu Feb 9 11:58:05 2017 -0800 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input Pull input fixes from Dmitry Torokhov: "A fix for a crash in uinput, and a fix for build errors when HID-RMI is built-in but SERIO is a module" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input: Input: synaptics-rmi4 - select 'SERIO' when needed Input: uinput - fix crash when mixing old and new init style commit 8672aed7bd865774257efd40929702759a869329 Author: Brian Norris Date: Wed Feb 8 22:44:44 2017 -0800 pstore: don't OOPS when there are no ftrace zones We'll OOPS in ramoops_get_next_prz() if the platform didn't ask for any ftrace zones (i.e., cxt->fprzs will be NULL). Let's just skip this entire FTRACE section if there's no 'fprzs'. Regression seen on a coreboot/depthcharge-based Chromebook. Fixes: 2fbea82bbb89 ("pstore: Merge per-CPU ftrace records into one") Cc: Joel Fernandes Cc: Kees Cook Signed-off-by: Brian Norris Signed-off-by: Kees Cook fs/pstore/ram.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 189addce85330208bea50ea7f1483b58822e93cf Merge: 59e8f10 930a42d Author: Linus Torvalds Date: Thu Feb 9 11:34:15 2017 -0800 Merge tag 'vfio-v4.10-final' of git://github.com/awilliam/linux-vfio Pull VFIO fix from Alex Williamson: "Fix regression in attaching groups to existing container for SPAPR IOMMU backend (Alexey Kardashevskiy)" * tag 'vfio-v4.10-final' of git://github.com/awilliam/linux-vfio: vfio/spapr_tce: Set window when adding additional groups to container commit 59e8f10ac16186c226ef81937994534b28b976f4 Merge: d966564 228dbbfb Author: Linus Torvalds Date: Thu Feb 9 11:30:56 2017 -0800 Merge branch 'fixes' of git://git.armlinux.org.uk/~rmk/linux-arm Pull ARM fixes from Russell King: "A couple more fixes for 4.10: - fix addressing the short regset write issue (Dave Martin) - fix for LPAE systems which leave a pending imprecise data abort before entering the kernel (Alexander Sverdlin)" * 'fixes' of git://git.armlinux.org.uk/~rmk/linux-arm: ARM: 8643/3: arm/ptrace: Preserve previous registers for short regset write ARM: 8642/1: LPAE: catch pending imprecise abort on unmask commit bbb27fc33d44e7b8d96369810654df4ee1837566 Author: Ricardo Ribalda Date: Thu Feb 2 20:15:16 2017 +0100 i2c: piix4: Request the SMBUS semaphore inside the mutex SMBSLVCNT must be protected with the piix4_mutex_sb800 in order to avoid multiple buses accessing to the semaphore at the same time. Fixes: 701dc207bf55 ("i2c: piix4: Avoid race conditions with IMC") Reported-by: Jean Delvare Signed-off-by: Ricardo Ribalda Delgado Signed-off-by: Jean Delvare Signed-off-by: Wolfram Sang drivers/i2c/busses/i2c-piix4.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) commit f43128c75202f29ee71aa83e6c320a911137c189 Author: Ricardo Ribalda Date: Fri Jan 27 15:59:30 2017 +0100 i2c: piix4: Fix request_region size Since '701dc207bf55 ("i2c: piix4: Avoid race conditions with IMC")' we are using the SMBSLVCNT register at offset 0x8. We need to request it. Fixes: 701dc207bf55 ("i2c: piix4: Avoid race conditions with IMC") Signed-off-by: Ricardo Ribalda Delgado Signed-off-by: Jean Delvare Signed-off-by: Wolfram Sang drivers/i2c/busses/i2c-piix4.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit af677166cf63c179dc2485053166e02c4aea01eb Author: Hui Wang Date: Thu Feb 9 09:20:54 2017 +0800 ALSA: hda - adding a new NV HDMI/DP codec ID in the driver Without this change, the HDMI/DP codec will be recognised as a generic codec, and there is no sound when playing through this codec. As suggested by NVidia side, after adding the new ID in the driver, the sound playing works well. Cc: Signed-off-by: Hui Wang Signed-off-by: Takashi Iwai sound/pci/hda/patch_hdmi.c | 1 + 1 file changed, 1 insertion(+) commit f83e6862047e1e371bdc5d512dd6cabe8a3965b8 Author: Benjamin Herrenschmidt Date: Tue Feb 7 11:35:36 2017 +1100 powerpc/powernv: Properly set "host-ipi" on IPIs Otherwise KVM will fail to pass them through to the host Signed-off-by: Benjamin Herrenschmidt Signed-off-by: Michael Ellerman arch/powerpc/sysdev/xics/icp-opal.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit 9b256714979fad61ae11d90b53cf67dd5e6484eb Author: Benjamin Herrenschmidt Date: Tue Feb 7 11:35:31 2017 +1100 powerpc/powernv: Fix CPU hotplug to handle waking on HVI The IPIs come in as HVI not EE, so we need to test the appropriate SRR1 bits. The encoding is such that it won't have false positives on P7 and P8 so we can just test it like that. We also need to handle the icp-opal variant of the flush. Fixes: d74361881f0d ("powerpc/xics: Add ICP OPAL backend") Cc: stable@vger.kernel.org # v4.8+ Signed-off-by: Benjamin Herrenschmidt Signed-off-by: Michael Ellerman arch/powerpc/include/asm/reg.h | 3 ++- arch/powerpc/include/asm/xics.h | 1 + arch/powerpc/platforms/powernv/smp.c | 12 ++++++++++-- arch/powerpc/sysdev/xics/icp-opal.c | 29 +++++++++++++++++++++++++++++ 4 files changed, 42 insertions(+), 3 deletions(-) commit 90c1e3c2fafec57fcb55b5d69bcf293b1a5fc8b3 Author: Benjamin Herrenschmidt Date: Mon Feb 6 13:05:16 2017 +1100 powerpc/mm/radix: Update ERAT flushes when invalidating TLB Three tiny changes to the ERAT flushing logic: First don't make it depend on DD1. It hasn't been decided yet but we might run DD2 in a mode that also requires explicit flushes for performance reasons so make it unconditional. We also add a missing isync, and finally remove the flush from _tlbiel_va as it is only necessary for congruence-class invalidations (PID, LPID and full TLB), not targetted invalidations. Fixes: 96ed1fe511a8 ("powerpc/mm/radix: Invalidate ERAT on tlbiel for POWER9 DD1") Cc: stable@vger.kernel.org # v4.9+ Signed-off-by: Benjamin Herrenschmidt Signed-off-by: Michael Ellerman arch/powerpc/mm/tlb-radix.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) commit d966564fcdc19e13eb6ba1fbe6b8101070339c3d Author: Linus Torvalds Date: Wed Feb 8 18:08:29 2017 -0800 Revert "x86/ioapic: Restore IO-APIC irq_chip retrigger callback" This reverts commit 020eb3daaba2857b32c4cf4c82f503d6a00a67de. Gabriel C reports that it causes his machine to not boot, and we haven't tracked down the reason for it yet. Since the bug it fixes has been around for a longish time, we're better off reverting the fix for now. Gabriel says: "It hangs early and freezes with a lot RCU warnings. I bisected it down to : > Ruslan Ruslichenko (1): > x86/ioapic: Restore IO-APIC irq_chip retrigger callback Reverting this one fixes the problem for me.. The box is a PRIMERGY TX200 S5 , 2 socket , 2 x E5520 CPU(s) installed" and Ruslan and Thomas are currently stumped. Reported-and-bisected-by: Gabriel C Cc: Ruslan Ruslichenko Cc: Thomas Gleixner Cc: stable@kernel.org # for the backport of the original commit Signed-off-by: Linus Torvalds arch/x86/kernel/apic/io_apic.c | 2 -- 1 file changed, 2 deletions(-) commit 3b802c9455f973fa786eafb4d5bd4634a7dd5130 Author: David Daney Date: Tue Feb 7 16:23:31 2017 -0800 Revert "hwrng: core - zeroize buffers with random data" This reverts commit 2cc751545854d7bd7eedf4d7e377bb52e176cd07. With this commit in place I get on a Cavium ThunderX (arm64) system: $ if=/dev/hwrng bs=256 count=1 | od -t x1 -A x -v > rng-bad.txt 1+0 records in 1+0 records out 256 bytes (256 B) copied, 9.1171e-05 s, 2.8 MB/s $ dd if=/dev/hwrng bs=256 count=1 | od -t x1 -A x -v >> rng-bad.txt 1+0 records in 1+0 records out 256 bytes (256 B) copied, 9.6141e-05 s, 2.7 MB/s $ cat rng-bad.txt 000000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 000040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 000050 00 00 00 00 37 20 46 ae d0 fc 1c 55 25 6e b0 b8 000060 7c 7e d7 d4 00 0f 6f b2 91 1e 30 a8 fa 3e 52 0e 000070 06 2d 53 30 be a1 20 0f aa 56 6e 0e 44 6e f4 35 000080 b7 6a fe d2 52 70 7e 58 56 02 41 ea d1 9c 6a 6a 000090 d1 bd d8 4c da 35 45 ef 89 55 fc 59 d5 cd 57 ba 0000a0 4e 3e 02 1c 12 76 43 37 23 e1 9f 7a 9f 9e 99 24 0000b0 47 b2 de e3 79 85 f6 55 7e ad 76 13 4f a0 b5 41 0000c0 c6 92 42 01 d9 12 de 8f b4 7b 6e ae d7 24 fc 65 0000d0 4d af 0a aa 36 d9 17 8d 0e 8b 7a 3b b6 5f 96 47 0000e0 46 f7 d8 ce 0b e8 3e c6 13 a6 2c b6 d6 cc 17 26 0000f0 e3 c3 17 8e 9e 45 56 1e 41 ef 29 1a a8 65 c8 3a 000100 000000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 000030 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 000040 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 000050 00 00 00 00 f4 90 65 aa 8b f2 5e 31 01 53 b4 d4 000060 06 c0 23 a2 99 3d 01 e4 b0 c1 b1 55 0f 80 63 cf 000070 33 24 d8 3a 1d 5e cd 2c ba c0 d0 18 6f bc 97 46 000080 1e 19 51 b1 90 15 af 80 5e d1 08 0d eb b0 6c ab 000090 6a b4 fe 62 37 c5 e1 ee 93 c3 58 78 91 2a d5 23 0000a0 63 50 eb 1f 3b 84 35 18 cf b2 a4 b8 46 69 9e cf 0000b0 0c 95 af 03 51 45 a8 42 f1 64 c9 55 fc 69 76 63 0000c0 98 9d 82 fa 76 85 24 da 80 07 29 fe 4e 76 0c 61 0000d0 ff 23 94 4f c8 5c ce 0b 50 e8 31 bc 9d ce f4 ca 0000e0 be ca 28 da e6 fa cc 64 1c ec a8 41 db fe 42 bd 0000f0 a0 e2 4b 32 b4 52 ba 03 70 8e c1 8e d0 50 3a c6 000100 To my untrained mental entropy detector, the first several bytes of each read from /dev/hwrng seem to not be very random (i.e. all zero). When I revert the patch (apply this patch), I get back to what we have in v4.9, which looks like (much more random appearing): $ dd if=/dev/hwrng bs=256 count=1 | od -t x1 -A x -v > rng-good.txt 1+0 records in 1+0 records out 256 bytes (256 B) copied, 0.000252233 s, 1.0 MB/s $ dd if=/dev/hwrng bs=256 count=1 | od -t x1 -A x -v >> rng-good.txt 1+0 records in 1+0 records out 256 bytes (256 B) copied, 0.000113571 s, 2.3 MB/s $ cat rng-good.txt 000000 75 d1 2d 19 68 1f d2 26 a1 49 22 61 66 e8 09 e5 000010 e0 4e 10 d0 1a 2c 45 5d 59 04 79 8e e2 b7 2c 2e 000020 e8 ad da 34 d5 56 51 3d 58 29 c7 7a 8e ed 22 67 000030 f9 25 b9 fb c6 b7 9c 35 1f 84 21 35 c1 1d 48 34 000040 45 7c f6 f1 57 63 1a 88 38 e8 81 f0 a9 63 ad 0e 000050 be 5d 3e 74 2e 4e cb 36 c2 01 a8 14 e1 38 e1 bb 000060 23 79 09 56 77 19 ff 98 e8 44 f3 27 eb 6e 0a cb 000070 c9 36 e3 2a 96 13 07 a0 90 3f 3b bd 1d 04 1d 67 000080 be 33 14 f8 02 c2 a4 02 ab 8b 5b 74 86 17 f0 5e 000090 a1 d7 aa ef a6 21 7b 93 d1 85 86 eb 4e 8c d0 4c 0000a0 56 ac e4 45 27 44 84 9f 71 db 36 b9 f7 47 d7 b3 0000b0 f2 9c 62 41 a3 46 2b 5b e3 80 63 a4 35 b5 3c f4 0000c0 bc 1e 3a ad e4 59 4a 98 6c e8 8d ff 1b 16 f8 52 0000d0 05 5c 2f 52 2a 0f 45 5b 51 fb 93 97 a4 49 4f 06 0000e0 f3 a0 d1 1e ba 3d ed a7 60 8f bb 84 2c 21 94 2d 0000f0 b3 66 a6 61 1e 58 30 24 85 f8 c8 18 c3 77 00 22 000100 000000 73 ca cc a1 d9 bb 21 8d c3 5c f3 ab 43 6d a7 a4 000010 4a fd c5 f4 9c ba 4a 0f b1 2e 19 15 4e 84 26 e0 000020 67 c9 f2 52 4d 65 1f 81 b7 8b 6d 2b 56 7b 99 75 000030 2e cd d0 db 08 0c 4b df f3 83 c6 83 00 2e 2b b8 000040 0f af 61 1d f2 02 35 74 b5 a4 6f 28 f3 a1 09 12 000050 f2 53 b5 d2 da 45 01 e5 12 d6 46 f8 0b db ed 51 000060 7b f4 0d 54 e0 63 ea 22 e2 1d d0 d6 d0 e7 7e e0 000070 93 91 fb 87 95 43 41 28 de 3d 8b a3 a8 8f c4 9e 000080 30 95 12 7a b2 27 28 ff 37 04 2e 09 7c dd 7c 12 000090 e1 50 60 fb 6d 5f a8 65 14 40 89 e3 4c d2 87 8f 0000a0 34 76 7e 66 7a 8e 6b a3 fc cf 38 52 2e f9 26 f0 0000b0 98 63 15 06 34 99 b2 88 4f aa d8 14 88 71 f1 81 0000c0 be 51 11 2b f4 7e a0 1e 12 b2 44 2e f6 8d 84 ea 0000d0 63 82 2b 66 b3 9a fd 08 73 5a c2 cc ab 5a af b1 0000e0 88 e3 a6 80 4b fc db ed 71 e0 ae c0 0a a4 8c 35 0000f0 eb 89 f9 8a 4b 52 59 6f 09 7c 01 3f 56 e7 c7 bf 000100 Signed-off-by: David Daney Acked-by: Herbert Xu Signed-off-by: Linus Torvalds drivers/char/hw_random/core.c | 3 --- 1 file changed, 3 deletions(-) commit 507053d23b886fdedc8336ca2233883fe4c82aa2 Merge: be11f43 a810007 Author: Linus Torvalds Date: Wed Feb 8 16:06:10 2017 -0800 Merge branch 'akpm' (patches from Andrew) Merge fixes from Andrew Morton: "4 fixes" * emailed patches from Andrew Morton : mm/slub.c: fix random_seq offset destruction cpumask: use nr_cpumask_bits for parsing functions mm: avoid returning VM_FAULT_RETRY from ->page_mkwrite handlers kernel/ucount.c: mark user_header with kmemleak_ignore() commit a810007afe239d59c1115fcaa06eb5b480f876e9 Author: Sean Rees Date: Wed Feb 8 14:30:59 2017 -0800 mm/slub.c: fix random_seq offset destruction Commit 210e7a43fa90 ("mm: SLUB freelist randomization") broke USB hub initialisation as described in https://bugzilla.kernel.org/show_bug.cgi?id=177551. Bail out early from init_cache_random_seq if s->random_seq is already initialised. This prevents destroying the previously computed random_seq offsets later in the function. If the offsets are destroyed, then shuffle_freelist will truncate page->freelist to just the first object (orphaning the rest). Fixes: 210e7a43fa90 ("mm: SLUB freelist randomization") Link: http://lkml.kernel.org/r/20170207140707.20824-1-sean@erifax.org Signed-off-by: Sean Rees Reported-by: Cc: Christoph Lameter Cc: Pekka Enberg Cc: David Rientjes Cc: Joonsoo Kim Cc: Thomas Garnier Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/slub.c | 4 ++++ 1 file changed, 4 insertions(+) commit 4d59b6ccf000862beed6fc0765d3209f98a8d8a2 Author: Tejun Heo Date: Wed Feb 8 14:30:56 2017 -0800 cpumask: use nr_cpumask_bits for parsing functions Commit 513e3d2d11c9 ("cpumask: always use nr_cpu_ids in formatting and parsing functions") converted both cpumask printing and parsing functions to use nr_cpu_ids instead of nr_cpumask_bits. While this was okay for the printing functions as it just picked one of the two output formats that we were alternating between depending on a kernel config, doing the same for parsing wasn't okay. nr_cpumask_bits can be either nr_cpu_ids or NR_CPUS. We can always use nr_cpu_ids but that is a variable while NR_CPUS is a constant, so it can be more efficient to use NR_CPUS when we can get away with it. Converting the printing functions to nr_cpu_ids makes sense because it affects how the masks get presented to userspace and doesn't break anything; however, using nr_cpu_ids for parsing functions can incorrectly leave the higher bits uninitialized while reading in these masks from userland. As all testing and comparison functions use nr_cpumask_bits which can be larger than nr_cpu_ids, the parsed cpumasks can erroneously yield false negative results. This made the taskstats interface incorrectly return -EINVAL even when the inputs were correct. Fix it by restoring the parse functions to use nr_cpumask_bits instead of nr_cpu_ids. Link: http://lkml.kernel.org/r/20170206182442.GB31078@htj.duckdns.org Fixes: 513e3d2d11c9 ("cpumask: always use nr_cpu_ids in formatting and parsing functions") Signed-off-by: Tejun Heo Reported-by: Martin Steigerwald Debugged-by: Ben Hutchings Cc: [4.0+] Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/cpumask.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 0911d0041c22922228ca52a977d7b0b0159fee4b Author: Jan Kara Date: Wed Feb 8 14:30:53 2017 -0800 mm: avoid returning VM_FAULT_RETRY from ->page_mkwrite handlers Some ->page_mkwrite handlers may return VM_FAULT_RETRY as its return code (GFS2 or Lustre can definitely do this). However VM_FAULT_RETRY from ->page_mkwrite is completely unhandled by the mm code and results in locking and writeably mapping the page which definitely is not what the caller wanted. Fix Lustre and block_page_mkwrite_ret() used by other filesystems (notably GFS2) to return VM_FAULT_NOPAGE instead which results in bailing out from the fault code, the CPU then retries the access, and we fault again effectively doing what the handler wanted. Link: http://lkml.kernel.org/r/20170203150729.15863-1-jack@suse.cz Signed-off-by: Jan Kara Reported-by: Al Viro Reviewed-by: Jinshan Xiong Cc: Matthew Wilcox Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds drivers/staging/lustre/lustre/llite/llite_mmap.c | 4 +--- include/linux/buffer_head.h | 4 +--- 2 files changed, 2 insertions(+), 6 deletions(-) commit ed5bd7dc88edf4a4a9c67130742b1b59aa017a5f Author: Luis R. Rodriguez Date: Wed Feb 8 14:30:50 2017 -0800 kernel/ucount.c: mark user_header with kmemleak_ignore() The user_header gets caught by kmemleak with the following splat as missing a free: unreferenced object 0xffff99667a733d80 (size 96): comm "swapper/0", pid 1, jiffies 4294892317 (age 62191.468s) hex dump (first 32 bytes): a0 b6 92 b4 ff ff ff ff 00 00 00 00 01 00 00 00 ................ 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: kmemleak_alloc+0x4a/0xa0 __kmalloc+0x144/0x260 __register_sysctl_table+0x54/0x5e0 register_sysctl+0x1b/0x20 user_namespace_sysctl_init+0x17/0x34 do_one_initcall+0x52/0x1a0 kernel_init_freeable+0x173/0x200 kernel_init+0xe/0x100 ret_from_fork+0x2c/0x40 The BUG_ON()s are intended to crash so no need to clean up after ourselves on error there. This is also a kernel/ subsys_init() we don't need a respective exit call here as this is never modular, so just white list it. Link: http://lkml.kernel.org/r/20170203211404.31458-1-mcgrof@kernel.org Signed-off-by: Luis R. Rodriguez Cc: Eric W. Biederman Cc: Kees Cook Cc: Nikolay Borisov Cc: Serge Hallyn Cc: Jan Kara Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds kernel/ucount.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 49d29a077af8d2ee3b291ccd8d053541bebe09d7 Author: Andrzej Pietrasiewicz Date: Wed Feb 1 10:35:08 2017 +0100 drm: vc4: adapt to new behaviour of drm_crtc.c When drm_crtc_init_with_planes() was orignally added (in drm_crtc.c, e13161af80c185ecd8dc4641d0f5df58f9e3e0af drm: Add drm_crtc_init_with_planes() (v2)), it only checked for "primary" being non-null. If that was the case, it modified primary->possible_crtcs. Then, when support for cursor planes was added (fc1d3e44ef7c1db93384150fdbf8948dcf949f15 drm: Allow drivers to register cursor planes with crtc), the same behaviour was implemented for cursor planes. vc4_plane_init() since its inception has passed 0xff as "possible_crtcs" parameter to drm_universal_plane_init(). With a change in drm_crtc.c (7abc7d47510c75dd984380ebf819616e574c9604 drm: don't override possible_crtcs for primary/cursor planes) passing 0xff results in primary's possible_crtcs set to 0xff (cursor was updated manually by vc4_crtc.c). Consequently, it would be allowed to use the primary plane from CRTC 1 (for example) on CRTC 0, which would result in the overlay and cursors being buried. Signed-off-by: Andrzej Pietrasiewicz Reviewed-by: Eric Anholt Link: http://patchwork.freedesktop.org/patch/msgid/1485941708-27892-1-git-send-email-andrzej.p@samsung.com Fixes: 7abc7d47510c ("drm: don't override possible_crtcs for primary/cursor planes") drivers/gpu/drm/vc4/vc4_plane.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 075ad765ef7541b2860de8408c165a92b78aefa3 Author: Thanneeru Srinivasulu Date: Wed Feb 8 18:09:00 2017 +0530 net: thunderx: Fix PHY autoneg for SGMII QLM mode This patch fixes the case where there is no phydev attached to a LMAC in DT due to non-existance of a PHY driver or due to usage of non-stanadard PHY which doesn't support autoneg. Changes dependeds on firmware to send correct info w.r.t PHY and autoneg capability. This patch also covers a case where a 10G/40G interface is used as a 1G with convertors with Cortina PHY in between. Signed-off-by: Thanneeru Srinivasulu Signed-off-by: Sunil Goutham Signed-off-by: David S. Miller drivers/net/ethernet/cavium/thunder/thunder_bgx.c | 108 +++++++++++++++++++--- drivers/net/ethernet/cavium/thunder/thunder_bgx.h | 5 + 2 files changed, 101 insertions(+), 12 deletions(-) commit be11f436a80b19cb5ef4cdfba7371a5178bd43cd Merge: 472ff5b d98e092 Author: Linus Torvalds Date: Wed Feb 8 12:23:49 2017 -0800 Merge tag 'pci-v4.10-fixes-3' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci Pull PCI fixes from Bjorn Helgaas: - check MSI affinity vs. number of vectors to avoid memory corruption - drop runtime power management for PCIe hotplug ports for now to avoid regressing hotplug via sysfs * tag 'pci-v4.10-fixes-3' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci: Revert "PCI: pciehp: Add runtime PM support for PCIe hotplug ports" PCI/MSI: Don't apply affinity if there aren't enough vectors left commit 382e1eea2d983cd2343482c6a638f497bb44a636 Author: Florian Fainelli Date: Tue Feb 7 23:10:13 2017 -0800 net: dsa: Do not destroy invalid network devices dsa_slave_create() can fail, and dsa_user_port_unapply() will properly check for the network device not being NULL before attempting to destroy it. We were not setting the slave network device as NULL if dsa_slave_create() failed, so we would later on be calling dsa_slave_destroy() on a now free'd and unitialized network device, causing crashes in dsa_slave_destroy(). Fixes: 83c0afaec7b7 ("net: dsa: Add new binding implementation") Signed-off-by: Florian Fainelli Signed-off-by: David S. Miller net/dsa/dsa2.c | 1 + 1 file changed, 1 insertion(+) commit 73d2c6678e6c3af7e7a42b1e78cd0211782ade32 Author: WANG Cong Date: Tue Feb 7 12:59:46 2017 -0800 ping: fix a null pointer dereference Andrey reported a kernel crash: general protection fault: 0000 [#1] SMP KASAN Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 2 PID: 3880 Comm: syz-executor1 Not tainted 4.10.0-rc6+ #124 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 task: ffff880060048040 task.stack: ffff880069be8000 RIP: 0010:ping_v4_push_pending_frames net/ipv4/ping.c:647 [inline] RIP: 0010:ping_v4_sendmsg+0x1acd/0x23f0 net/ipv4/ping.c:837 RSP: 0018:ffff880069bef8b8 EFLAGS: 00010206 RAX: dffffc0000000000 RBX: ffff880069befb90 RCX: 0000000000000000 RDX: 0000000000000018 RSI: ffff880069befa30 RDI: 00000000000000c2 RBP: ffff880069befbb8 R08: 0000000000000008 R09: 0000000000000000 R10: 0000000000000002 R11: 0000000000000000 R12: ffff880069befab0 R13: ffff88006c624a80 R14: ffff880069befa70 R15: 0000000000000000 FS: 00007f6f7c716700(0000) GS:ffff88006de00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000004a6f28 CR3: 000000003a134000 CR4: 00000000000006e0 Call Trace: inet_sendmsg+0x164/0x5b0 net/ipv4/af_inet.c:744 sock_sendmsg_nosec net/socket.c:635 [inline] sock_sendmsg+0xca/0x110 net/socket.c:645 SYSC_sendto+0x660/0x810 net/socket.c:1687 SyS_sendto+0x40/0x50 net/socket.c:1655 entry_SYSCALL_64_fastpath+0x1f/0xc2 This is because we miss a check for NULL pointer for skb_peek() when the queue is empty. Other places already have the same check. Fixes: c319b4d76b9e ("net: ipv4: add IPPROTO_ICMP socket kind") Reported-by: Andrey Konovalov Tested-by: Andrey Konovalov Signed-off-by: Cong Wang Signed-off-by: David S. Miller net/ipv4/ping.c | 2 ++ 1 file changed, 2 insertions(+) commit 9538132a9f3cb8ed1590bec2b32650f4d30dd688 Merge: d7426c6 57031eb Author: David S. Miller Date: Wed Feb 8 13:56:38 2017 -0500 Merge branch 'net-header-length-truncation' Willem de Bruijn says: ==================== net: Fixes for header length truncation Packets should not enter the stack with truncated link layer headers and link layer headers should always be stored in the skb linear segment. Patch 1 ensures the first for PF_PACKET sockets Patch 2 ensures the second for PF_PACKET GSO sockets without tx_ring ==================== Signed-off-by: David S. Miller commit 57031eb794906eea4e1c7b31dc1e2429c0af0c66 Author: Willem de Bruijn Date: Tue Feb 7 15:57:21 2017 -0500 packet: round up linear to header len Link layer protocols may unconditionally pull headers, as Ethernet does in eth_type_trans. Ensure that the entire link layer header always lies in the skb linear segment. tpacket_snd has such a check. Extend this to packet_snd. Variable length link layer headers complicate the computation somewhat. Here skb->len may be smaller than dev->hard_header_len. Round up the linear length to be at least as long as the smallest of the two. Reported-by: Dmitry Vyukov Signed-off-by: Willem de Bruijn Acked-by: Eric Dumazet Signed-off-by: David S. Miller net/packet/af_packet.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) commit 217e6fa24ce28ec87fca8da93c9016cb78028612 Author: Willem de Bruijn Date: Tue Feb 7 15:57:20 2017 -0500 net: introduce device min_header_len The stack must not pass packets to device drivers that are shorter than the minimum link layer header length. Previously, packet sockets would drop packets smaller than or equal to dev->hard_header_len, but this has false positives. Zero length payload is used over Ethernet. Other link layer protocols support variable length headers. Support for validation of these protocols removed the min length check for all protocols. Introduce an explicit dev->min_header_len parameter and drop all packets below this value. Initially, set it to non-zero only for Ethernet and loopback. Other protocols can follow in a patch to net-next. Fixes: 9ed988cd5915 ("packet: validate variable length ll headers") Reported-by: Sowmini Varadhan Signed-off-by: Willem de Bruijn Acked-by: Eric Dumazet Acked-by: Sowmini Varadhan Signed-off-by: David S. Miller drivers/net/loopback.c | 1 + include/linux/netdevice.h | 4 ++++ net/ethernet/eth.c | 1 + 3 files changed, 6 insertions(+) commit b22bc27868e8c11fe3f00937a341b44f80b50364 Author: Bryant G. Ly Date: Mon Feb 6 10:04:28 2017 -0600 ibmvscsis: Add SGL limit This patch adds internal LIO sgl limit since the driver already sets a max transfer limit on transport layer of 1MB to the client. Cc: stable@vger.kernel.org Tested-by: Steven Royer Signed-off-by: Bryant G. Ly Signed-off-by: Nicholas Bellinger drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c | 1 + 1 file changed, 1 insertion(+) commit d7426c69a1942b2b9b709bf66b944ff09f561484 Author: WANG Cong Date: Wed Feb 8 10:02:13 2017 -0800 sit: fix a double free on error path Dmitry reported a double free in sit_init_net(): kernel BUG at mm/percpu.c:689! invalid opcode: 0000 [#1] SMP KASAN Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 0 PID: 15692 Comm: syz-executor1 Not tainted 4.10.0-rc6-next-20170206 #1 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 task: ffff8801c9cc27c0 task.stack: ffff88017d1d8000 RIP: 0010:pcpu_free_area+0x68b/0x810 mm/percpu.c:689 RSP: 0018:ffff88017d1df488 EFLAGS: 00010046 RAX: 0000000000010000 RBX: 00000000000007c0 RCX: ffffc90002829000 RDX: 0000000000010000 RSI: ffffffff81940efb RDI: ffff8801db841d94 RBP: ffff88017d1df590 R08: dffffc0000000000 R09: 1ffffffff0bb3bdd R10: dffffc0000000000 R11: 00000000000135dd R12: ffff8801db841d80 R13: 0000000000038e40 R14: 00000000000007c0 R15: 00000000000007c0 FS: 00007f6ea608f700(0000) GS:ffff8801dbe00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000002000aff8 CR3: 00000001c8d44000 CR4: 00000000001426f0 DR0: 0000000020000000 DR1: 0000000020000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600 Call Trace: free_percpu+0x212/0x520 mm/percpu.c:1264 ipip6_dev_free+0x43/0x60 net/ipv6/sit.c:1335 sit_init_net+0x3cb/0xa10 net/ipv6/sit.c:1831 ops_init+0x10a/0x530 net/core/net_namespace.c:115 setup_net+0x2ed/0x690 net/core/net_namespace.c:291 copy_net_ns+0x26c/0x530 net/core/net_namespace.c:396 create_new_namespaces+0x409/0x860 kernel/nsproxy.c:106 unshare_nsproxy_namespaces+0xae/0x1e0 kernel/nsproxy.c:205 SYSC_unshare kernel/fork.c:2281 [inline] SyS_unshare+0x64e/0xfc0 kernel/fork.c:2231 entry_SYSCALL_64_fastpath+0x1f/0xc2 This is because when tunnel->dst_cache init fails, we free dev->tstats once in ipip6_tunnel_init() and twice in sit_init_net(). This looks redundant but its ndo_uinit() does not seem enough to clean up everything here. So avoid this by setting dev->tstats to NULL after the first free, at least for -net. Reported-by: Dmitry Vyukov Signed-off-by: Cong Wang Signed-off-by: David S. Miller net/ipv6/sit.c | 1 + 1 file changed, 1 insertion(+) commit 472ff5be61f9593ee2d3ebbd716768e14de4659d Merge: d3498fb 5aff1d2 Author: Linus Torvalds Date: Wed Feb 8 10:01:39 2017 -0800 Merge tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc Pull ARM SoC fixes from Arnd Bergmann: - A relatively large patch restores booting on i.MX platforms that failed to boot after a cleanup was merged for v4.10. - A quirk for USB needs to be enabled on the STi platform - On the Meson platform, we saw memory corruption with part of the memory used by the secure monitor, so we have to stay out of that area. - The same platform also has a problem with ethernet under load, which is fixed by disabling EEE negotiation. - imx6dl has an incorrect pin configuration, which prevents SPI from working. - Two maintainers have lost their access to their email addresses, so we should update the MAINTAINERS file before the release - Renaming one of the orion5x linkstation models to help simplify the debian install. - A couple of fixes for build warnings that were introduced during v4.10-rc. * tag 'fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: ARM: defconfigs: make NF_CT_PROTO_SCTP and NF_CT_PROTO_UDPLITE built-in MAINTAINERS: socfpga: update email for Dinh Nguyen ARM: orion5x: fix Makefile for linkstation-lschl.dtb ARM: dts: orion5x-lschl: More consistent naming on linkstation series ARM: dts: orion5x-lschl: Fix model name MAINTAINERS: change email address from atmel to microchip MAINTAINERS: at91: change email address ARM64: dts: meson-gx: Add firmware reserved memory zones ARM64: dts: meson-gxbb-odroidc2: fix GbE tx link breakage ARM: dts: STiH407-family: set snps,dis_u3_susphy_quirk ARM: dts: imx: Pass 'chosen' and 'memory' nodes ARM: dts: imx6dl: fix GPIO4 range ARM: imx: hide unused variable in #ifdef commit d3498fbaf386f9d540cdde7211ebb2d502b2b365 Merge: 23fbe2c 0c461cb Author: Linus Torvalds Date: Wed Feb 8 09:59:45 2017 -0800 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security Pull selinux fix from James Morris: "Fix off-by-one in setprocattr" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: selinux: fix off-by-one in setprocattr commit 23fbe2cdc1de80120cf9ccd478ac57c3a3a0764b Merge: 926af627 eeeefd4 Author: Linus Torvalds Date: Wed Feb 8 09:56:15 2017 -0800 Merge branch 'for-linus' of git://git.kernel.dk/linux-block Pull block fix from Jens Axboe: "A single fix that should go into 4.10, fixing a regression on some devices with the WRITE_SAME command" * 'for-linus' of git://git.kernel.dk/linux-block: block: don't try Write Same from __blkdev_issue_zeroout commit 2bd137de531367fb573d90150d1872cb2a2095f7 Author: David Ahern Date: Wed Feb 8 09:29:00 2017 -0800 lwtunnel: valid encap attr check should return 0 when lwtunnel is disabled An error was reported upgrading to 4.9.8: root@Typhoon:~# ip route add default table 210 nexthop dev eth0 via 10.68.64.1 weight 1 nexthop dev eth0 via 10.68.64.2 weight 1 RTNETLINK answers: Operation not supported The problem occurs when CONFIG_LWTUNNEL is not enabled and a multipath route is submitted. The point of lwtunnel_valid_encap_type_attr is catch modules that need to be loaded before any references are taken with rntl held. With CONFIG_LWTUNNEL disabled, there will be no modules to load so the lwtunnel_valid_encap_type_attr stub should just return 0. Fixes: 9ed59592e3e3 ("lwtunnel: fix autoload of lwt modules") Reported-by: pupilla@libero.it Signed-off-by: David Ahern Signed-off-by: David S. Miller include/net/lwtunnel.h | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit 646ebd4166ca00bdf682a36bd2e1c9a74d848ac6 Author: Leon Romanovsky Date: Wed Feb 8 17:04:09 2017 +0200 RDMA: Don't reference kernel private header from UAPI header Remove references to private kernel header and defines from exported ib_user_verb.h file. The code snippet below is used to reproduce the issue: #include #include int main(void) { printf("IB_USER_VERBS_ABI_VERSION = %d\n", IB_USER_VERBS_ABI_VERSION); return 0; } It fails during compilation phase with an error: ➜ /tmp gcc main.c main.c:2:31: fatal error: rdma/ib_user_verb.h: No such file or directory #include ^ compilation terminated. Fixes: 189aba99e700 ("IB/uverbs: Extend modify_qp and support packet pacing") CC: Bodong Wang CC: Matan Barak CC: Christoph Hellwig Tested-by: Slava Shwartsman Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford include/uapi/rdma/ib_user_verbs.h | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) commit 647bf3d8a8e5777319da92af672289b2a6c4dc66 Author: Eyal Itkin Date: Tue Feb 7 16:45:19 2017 +0300 IB/rxe: Fix mem_check_range integer overflow Update the range check to avoid integer-overflow in edge case. Resolves CVE 2016-8636. Signed-off-by: Eyal Itkin Signed-off-by: Dan Carpenter Reviewed-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/sw/rxe/rxe_mr.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) commit 628f07d33c1f2e7bf31e0a4a988bb07914bd5e73 Author: Eyal Itkin Date: Tue Feb 7 16:43:05 2017 +0300 IB/rxe: Fix resid update Update the response's resid field when larger than MTU, instead of only updating the local resid variable. Fixes: 8700e3e7c485 ("Soft RoCE driver") Signed-off-by: Eyal Itkin Signed-off-by: Dan Carpenter Reviewed-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/sw/rxe/rxe_resp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit a11a7f71cac209c7c9cca66eb506e1ebb033a3b3 Author: Marcus Huewe Date: Mon Feb 6 18:34:56 2017 +0100 ipv6: addrconf: fix generation of new temporary addresses Under some circumstances it is possible that no new temporary addresses will be generated. For instance, addrconf_prefix_rcv_add_addr() indirectly calls ipv6_create_tempaddr(), which creates a tentative temporary address and starts dad. Next, addrconf_prefix_rcv_add_addr() indirectly calls addrconf_verify_rtnl(). Now, assume that the previously created temporary address has the least preferred lifetime among all existing addresses and is still tentative (that is, dad is still running). Hence, the next run of addrconf_verify_rtnl() is performed when the preferred lifetime of the temporary address ends. If dad succeeds before the next run, the temporary address becomes deprecated during the next run, but no new temporary address is generated. In order to fix this, schedule the next addrconf_verify_rtnl() run slightly before the temporary address becomes deprecated, if dad succeeded. Signed-off-by: Marcus Huewe Signed-off-by: David S. Miller net/ipv6/addrconf.c | 6 ++++++ 1 file changed, 6 insertions(+) commit 2a362249187a8d0f6d942d6e1d763d150a296f47 Author: Jeff Mahoney Date: Mon Feb 6 19:39:09 2017 -0500 btrfs: fix btrfs_compat_ioctl failures on non-compat ioctls Commit 4c63c2454ef incorrectly assumed that returning -ENOIOCTLCMD would cause the native ioctl to be called. The ->compat_ioctl callback is expected to handle all ioctls, not just compat variants. As a result, when using 32-bit userspace on 64-bit kernels, everything except those three ioctls would return -ENOTTY. Fixes: 4c63c2454ef ("btrfs: bugfix: handle FS_IOC32_{GETFLAGS,SETFLAGS,GETVERSION} in btrfs_ioctl") Cc: stable@vger.kernel.org Signed-off-by: Jeff Mahoney Reviewed-by: David Sterba Signed-off-by: David Sterba fs/btrfs/ioctl.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit 9b2792c3da1e80f2d460167d319302a24c9ca2b7 Author: Nicholas Bellinger Date: Mon Feb 6 14:28:09 2017 -0800 target: Fix COMPARE_AND_WRITE ref leak for non GOOD status This patch addresses a long standing bug where the commit phase of COMPARE_AND_WRITE would result in a se_cmd->cmd_kref reference leak if se_cmd->scsi_status returned non SAM_STAT_GOOD. This would manifest first as a lost SCSI response, and eventual hung task during fabric driver logout or re-login, as existing shutdown logic waited for the COMPARE_AND_WRITE se_cmd->cmd_kref to reach zero. To address this bug, compare_and_write_post() has been changed to drop the incorrect !cmd->scsi_status conditional that was preventing *post_ret = 1 for being set during non SAM_STAT_GOOD status. This patch has been tested with SAM_STAT_CHECK_CONDITION status from normal target_complete_cmd() callback path, as well as the incoming __target_execute_cmd() submission failure path when se_cmd->execute_cmd() returns non zero status. Reported-by: Donald White Cc: Donald White Tested-by: Gary Guo Cc: Gary Guo Reviewed-by: Christoph Hellwig Cc: # v3.12+ Signed-off-by: Nicholas Bellinger drivers/target/target_core_sbc.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) commit 01d4d673558985d9a118e1e05026633c3e2ade9b Author: Nicholas Bellinger Date: Wed Dec 7 12:55:54 2016 -0800 target: Fix multi-session dynamic se_node_acl double free OOPs This patch addresses a long-standing bug with multi-session (eg: iscsi-target + iser-target) se_node_acl dynamic free withini transport_deregister_session(). This bug is caused when a storage endpoint is configured with demo-mode (generate_node_acls = 1 + cache_dynamic_acls = 1) initiators, and initiator login creates a new dynamic node acl and attaches two sessions to it. After that, demo-mode for the storage instance is disabled via configfs (generate_node_acls = 0 + cache_dynamic_acls = 0) and the existing dynamic acl is never converted to an explicit ACL. The end result is dynamic acl resources are released twice when the sessions are shutdown in transport_deregister_session(). If the storage instance is not changed to disable demo-mode, or the dynamic acl is converted to an explict ACL, or there is only a single session associated with the dynamic ACL, the bug is not triggered. To address this big, move the release of dynamic se_node_acl memory into target_complete_nacl() so it's only freed once when se_node_acl->acl_kref reaches zero. (Drop unnecessary list_del_init usage - HCH) Reported-by: Rob Millner Tested-by: Rob Millner Cc: Rob Millner Cc: stable@vger.kernel.org # 4.1+ Signed-off-by: Nicholas Bellinger drivers/target/target_core_transport.c | 69 +++++++++++++++++++++------------- include/target/target_core_base.h | 1 + 2 files changed, 44 insertions(+), 26 deletions(-) commit c54eeffbe9338fa982dc853d816fda9202a13b5a Author: Nicholas Bellinger Date: Tue Dec 6 22:45:46 2016 -0800 target: Fix early transport_generic_handle_tmr abort scenario This patch fixes a bug where incoming task management requests can be explicitly aborted during an active LUN_RESET, but who's struct work_struct are canceled in-flight before execution. This occurs when core_tmr_drain_tmr_list() invokes cancel_work_sync() for the incoming se_tmr_req->task_cmd->work, resulting in cmd->work for target_tmr_work() never getting invoked and the aborted TMR waiting indefinately within transport_wait_for_tasks(). To address this case, perform a CMD_T_ABORTED check early in transport_generic_handle_tmr(), and invoke the normal path via transport_cmd_check_stop_to_fabric() to complete any TMR kthreads blocked waiting for CMD_T_STOP in transport_wait_for_tasks(). Also, move the TRANSPORT_ISTATE_PROCESSING assignment earlier into transport_generic_handle_tmr() so the existing check in core_tmr_drain_tmr_list() avoids attempting abort the incoming se_tmr_req->task_cmd->work if it has already been queued into se_device->tmr_wq. Reported-by: Rob Millner Tested-by: Rob Millner Cc: Rob Millner Reviewed-by: Christoph Hellwig Cc: stable@vger.kernel.org # 3.14+ Signed-off-by: Nicholas Bellinger drivers/target/target_core_transport.c | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) commit 0583c261e6325f392c1f7a1b9112e31298e1a4bd Author: Nicholas Bellinger Date: Mon Oct 31 00:54:40 2016 -0700 target: Use correct SCSI status during EXTENDED_COPY exception This patch adds the missing target_complete_cmd() SCSI status parameter change in target_xcopy_do_work(), that was originally missing in commit 926317de33. It correctly propigates up the correct SCSI status during EXTENDED_COPY exception cases, instead of always using the hardcoded SAM_STAT_CHECK_CONDITION from original code. This is required for ESX host environments that expect to hit SAM_STAT_RESERVATION_CONFLICT for certain scenarios, and SAM_STAT_CHECK_CONDITION results in non-retriable status for these cases. Reported-by: Nixon Vincent Tested-by: Nixon Vincent Cc: Nixon Vincent Reviewed-by: Christoph Hellwig Cc: stable@vger.kernel.org # 3.14+ Signed-off-by: Nicholas Bellinger drivers/target/target_core_xcopy.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 391e2a6de9781e4906dd7e0b1cc097050bf43e11 Author: Nicholas Bellinger Date: Sun Oct 23 14:28:15 2016 -0700 target: Don't BUG_ON during NodeACL dynamic -> explicit conversion After the v4.2+ RCU conversion to se_node_acl->lun_entry_hlist, a BUG_ON() was added in core_enable_device_list_for_node() to detect when the located orig->se_lun_acl contains an existing se_lun_acl pointer reference. However, this scenario can happen when a dynamically generated NodeACL is being converted to an explicit NodeACL, when the explicit NodeACL contains a different LUN mapping than the default provided by the WWN endpoint. So instead of triggering BUG_ON(), go ahead and fail instead following the original pre RCU conversion logic. Reported-by: Benjamin ESTRABAUD Cc: Benjamin ESTRABAUD Reviewed-by: Christoph Hellwig Cc: stable@vger.kernel.org # 4.2+ Signed-off-by: Nicholas Bellinger drivers/target/target_core_device.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) commit d7df2443cd5f67fc6ee7c05a88e4996e8177f91b Author: Benjamin Herrenschmidt Date: Fri Feb 3 17:10:28 2017 +1100 powerpc/mm: Fix spurrious segfaults on radix with autonuma When autonuma (Automatic NUMA balancing) marks a PTE inaccessible it clears all the protection bits but leave the PTE valid. With the Radix MMU, an attempt at executing from such a PTE will take a fault with bit 35 of SRR1 set "SRR1_ISI_N_OR_G". It is thus incorrect to treat all such faults as errors. We should pass them to handle_mm_fault() for autonuma to deal with. The case of pages that are really not executable is handled by the existing test for VM_EXEC further down. That leaves us with catching the kernel attempts at executing user pages. We can catch that earlier, even before we do find_vma. It is never valid on powerpc for the kernel to take an exec fault to begin with. So fold that test with the existing test for the kernel faulting on kernel addresses to bail out early. Fixes: 1d18ad026844 ("powerpc/mm: Detect instruction fetch denied and report") Signed-off-by: Benjamin Herrenschmidt Reviewed-by: Aneesh Kumar K.V Acked-by: Balbir Singh Signed-off-by: Michael Ellerman arch/powerpc/mm/fault.c | 21 +++++---------------- 1 file changed, 5 insertions(+), 16 deletions(-) commit 4842e98f26dd80be3623c4714a244ba52ea096a8 Author: Takashi Iwai Date: Wed Feb 8 12:35:39 2017 +0100 ALSA: seq: Fix race at creating a queue When a sequencer queue is created in snd_seq_queue_alloc(),it adds the new queue element to the public list before referencing it. Thus the queue might be deleted before the call of snd_seq_queue_use(), and it results in the use-after-free error, as spotted by syzkaller. The fix is to reference the queue object at the right time. Reported-by: Dmitry Vyukov Cc: Signed-off-by: Takashi Iwai sound/core/seq/seq_queue.c | 33 ++++++++++++++++++++------------- 1 file changed, 20 insertions(+), 13 deletions(-) commit 6e7eb1783be7f19eb071c96ddda0bbf22279ff46 Author: Michał Winiarski Date: Tue Feb 7 20:55:59 2017 +0100 drm/i915: Always convert incoming exec offsets to non-canonical We're using non-canonical addresses in drm_mm, and we're making sure that userspace is using canonical addressing - both in case of softpin (verifying incoming offset) and when relocating (converting to canonical when updating offset returned to userspace). Unfortunately when considering the need for relocations, we're comparing offset from userspace (in canonical form) with drm_mm node (in non-canonical form), and as a result, we end up always relocating if our offsets are in the "problematic" range. Let's always convert the offsets to avoid the performance impact of relocations. Fixes: a5f0edf63bdf ("drm/i915: Avoid writing relocs with addresses in non-canonical form") Cc: Chris Wilson Cc: Michel Thierry Reported-by: Michał Pyrzowski Signed-off-by: Michał Winiarski Link: http://patchwork.freedesktop.org/patch/msgid/20170207195559.18798-1-michal.winiarski@intel.com Reviewed-by: Chris Wilson Signed-off-by: Chris Wilson (cherry picked from commit 038c95a313e4ca954ee5ab8a0c7559a646b0f462) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/i915_gem_execbuffer.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) commit 83bf6d55c132d5c4f773e5a04149c05f4aa0c2ad Author: Chris Wilson Date: Fri Feb 3 12:57:17 2017 +0000 drm/i915: Remove overzealous fence warn on runtime suspend The goal of the WARN was to catch when we are still actively using the fence as we go into the runtime suspend. However, the reg->pin_count is too coarse as it does not distinguish between exclusive ownership of the fence register from activity. I've not improved on the WARN, nor have we captured this WARN in an exact igt, but it is showing up regularly in the wild: [ 1915.935332] WARNING: CPU: 1 PID: 10861 at drivers/gpu/drm/i915/i915_gem.c:2022 i915_gem_runtime_suspend+0x116/0x130 [i915] [ 1915.935383] WARN_ON(reg->pin_count)[ 1915.935399] Modules linked in: snd_hda_intel i915 drm_kms_helper vgem netconsole scsi_transport_iscsi fuse vfat fat x86_pkg_temp_thermal coretemp intel_cstate intel_uncore snd_hda_codec_hdmi snd_hda_codec_generic snd_hda_codec snd_hwdep snd_hda_core snd_pcm snd_timer snd mei_me mei serio_raw intel_rapl_perf intel_pch_thermal soundcore wmi acpi_pad i2c_algo_bit syscopyarea sysfillrect sysimgblt fb_sys_fops drm r8169 mii video [last unloaded: drm_kms_helper] [ 1915.935785] CPU: 1 PID: 10861 Comm: kworker/1:0 Tainted: G U W 4.9.0-rc5+ #170 [ 1915.935799] Hardware name: LENOVO 80MX/Lenovo E31-80, BIOS DCCN34WW(V2.03) 12/01/2015 [ 1915.935822] Workqueue: pm pm_runtime_work [ 1915.935845] ffffc900044fbbf0 ffffffffac3220bc ffffc900044fbc40 0000000000000000 [ 1915.935890] ffffc900044fbc30 ffffffffac059bcb 000007e6044fbc60 ffff8801626e3198 [ 1915.935937] ffff8801626e0000 0000000000000002 ffffffffc05e5d4e 0000000000000000 [ 1915.935985] Call Trace: [ 1915.936013] [] dump_stack+0x4f/0x73 [ 1915.936038] [] __warn+0xcb/0xf0 [ 1915.936060] [] warn_slowpath_fmt+0x5f/0x80 [ 1915.936158] [] i915_gem_runtime_suspend+0x116/0x130 [i915] [ 1915.936251] [] intel_runtime_suspend+0x64/0x280 [i915] [ 1915.936277] [] ? dequeue_entity+0x241/0xbc0 [ 1915.936298] [] pci_pm_runtime_suspend+0x55/0x180 [ 1915.936317] [] ? pci_pm_runtime_resume+0xa0/0xa0 [ 1915.936339] [] __rpm_callback+0x32/0x70 [ 1915.936356] [] rpm_callback+0x24/0x80 [ 1915.936375] [] ? pci_pm_runtime_resume+0xa0/0xa0 [ 1915.936392] [] rpm_suspend+0x12d/0x680 [ 1915.936415] [] ? _raw_spin_unlock_irq+0x17/0x30 [ 1915.936435] [] ? finish_task_switch+0x88/0x220 [ 1915.936455] [] pm_runtime_work+0x6f/0xb0 [ 1915.936477] [] process_one_work+0x1f3/0x4d0 [ 1915.936501] [] worker_thread+0x48/0x4e0 [ 1915.936523] [] ? process_one_work+0x4d0/0x4d0 [ 1915.936542] [] ? process_one_work+0x4d0/0x4d0 [ 1915.936559] [] kthread+0xd9/0xf0 [ 1915.936580] [] ? kthread_park+0x60/0x60 [ 1915.936600] [] ret_from_fork+0x22/0x30 In the case the register is pinned, it should be present and we will need to invalidate them to be restored upon resume as we cannot expect the owner of the pin to call get_fence prior to use after resume. Fixes: 7c108fd8feac ("drm/i915: Move fence cancellation to runtime suspend") Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=98804 Reported-by: Lionel Landwerlin Signed-off-by: Chris Wilson Cc: Daniel Vetter Cc: Imre Deak Cc: Jani Nikula Cc: # v4.10-rc1+ Link: http://patchwork.freedesktop.org/patch/msgid/20170203125717.8431-1-chris@chris-wilson.co.uk Reviewed-by: Joonas Lahtinen (cherry picked from commit e0ec3ec698851a6c97a12d696407b3ff77700c23) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/i915_drv.c | 1 + drivers/gpu/drm/i915/i915_gem.c | 12 ++++++++++-- 2 files changed, 11 insertions(+), 2 deletions(-) commit 789ea12500e5ce3911d0a6a822277c3133451927 Author: Lee, Shawn C Date: Fri Feb 3 12:32:09 2017 +0800 drm/i915/bxt: Add MST support when do DPLL calculation Add the missing INTEL_OUTPUT_DP_MST case in bxt_get_dpll() to correctly initialize the crtc_state and port plls when link training a DP MST monitor on BXT/APL devices. Fixes: a277ca7dc01d ("drm/i915: Split bxt_ddi_pll_select()") Bugs: https://bugs.freedesktop.org/show_bug.cgi?id=99572 Reviewed-by: Cooper Chiou Reviewed-by: Gary C Wang Reviewed-by: Ciobanu, Nathan D Reviewed-by: Herbert, Marc Reviewed-by: Bride, Jim Reviewed-by: Navare, Manasi D Cc: Jani Nikula Cc: # v4.9+ Signed-off-by: Lee, Shawn C Signed-off-by: Jani Nikula Link: http://patchwork.freedesktop.org/patch/msgid/1486096329-6255-1-git-send-email-shawn.c.lee@intel.com (cherry picked from commit 0aab2c721d81590012a5021a516f00666646741f) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_dpll_mgr.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 5cad24d835772f9f709971a8d6fcf12afe53b2a7 Author: Jean-Nicolas Graux Date: Tue Feb 7 12:12:41 2017 +0100 mmc: mmci: avoid clearing ST Micro busy end interrupt mistakenly This fixes a race condition that may occur whenever ST micro busy end interrupt is raised just after being unmasked but before leaving mmci interrupt context. A dead-lock has been found if connecting mmci ST Micro variant whose amba id is 0x10480180 to some new eMMC that supports internal caches. Whenever mmci driver enables cache control by programming eMMC's EXT_CSD register, block driver may request to flush the eMMC internal caches causing mmci driver to send a MMC_SWITCH command to the card with FLUSH_CACHE operation. And because busy end interrupt may be mistakenly cleared while not yet processed, this mmc request may never complete. As a result, mmcqd task may be stuck forever. Here is an instance caught by lockup detector which shows that mmcqd task was hung while waiting for mmc_flush_cache command to complete: .. [ 240.251595] INFO: task mmcqd/1:52 blocked for more than 120 seconds. [ 240.257973] Not tainted 4.1.13-00510-g9d91424 #2 [ 240.263109] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 240.270955] mmcqd/1 D c047504c 0 52 2 0x00000000 [ 240.277359] [] (__schedule) from [] (schedule+0x40/0x98) [ 240.284418] [] (schedule) from [] (schedule_timeout+0x148/0x188) [ 240.292191] [] (schedule_timeout) from [] (wait_for_common+0xa4/0x170) [ 240.300491] [] (wait_for_common) from [] (mmc_wait_for_req_done+0x4c/0x13c) [ 240.309224] [] (mmc_wait_for_req_done) from [] (mmc_wait_for_cmd+0x64/0x84) [ 240.317953] [] (mmc_wait_for_cmd) from [] (__mmc_switch+0xa4/0x2a8) [ 240.325964] [] (__mmc_switch) from [] (mmc_switch+0x28/0x30) [ 240.333389] [] (mmc_switch) from [] (mmc_flush_cache+0x54/0x80) [ 240.341073] [] (mmc_flush_cache) from [] (mmc_blk_issue_rq+0x114/0x4e8) [ 240.349459] [] (mmc_blk_issue_rq) from [] (mmc_queue_thread+0xc0/0x180) [ 240.357844] [] (mmc_queue_thread) from [] (kthread+0xdc/0xf4) [ 240.365339] [] (kthread) from [] (ret_from_fork+0x14/0x2c) .. .. [ 240.664311] INFO: task partprobe:564 blocked for more than 120 seconds. [ 240.670943] Not tainted 4.1.13-00510-g9d91424 #2 [ 240.676078] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 240.683922] partprobe D c047504c 0 564 486 0x00000000 [ 240.690318] [] (__schedule) from [] (schedule+0x40/0x98) [ 240.697396] [] (schedule) from [] (schedule_timeout+0x148/0x188) [ 240.705149] [] (schedule_timeout) from [] (wait_for_common+0xa4/0x170) [ 240.713446] [] (wait_for_common) from [] (submit_bio_wait+0x58/0x64) [ 240.721571] [] (submit_bio_wait) from [] (blkdev_issue_flush+0x60/0x88) [ 240.729957] [] (blkdev_issue_flush) from [] (blkdev_fsync+0x34/0x44) [ 240.738083] [] (blkdev_fsync) from [] (do_fsync+0x3c/0x64) [ 240.745319] [] (do_fsync) from [] (ret_fast_syscall+0x0/0x3c) .. Here is the detailed sequence showing when this issue may happen: 1) At probe time, mmci device is initialized and card busy detection based on DAT[0] monitoring is enabled. 2) Later during run time, since card reported to support internal caches, a MMCI_SWITCH command is sent to eMMC device with FLUSH_CACHE operation. On receiving this command, eMMC may enter busy state (for a relatively short time in the case of the dead-lock). 3) Then mmci interrupt is raised and mmci_irq() is called: MMCISTATUS register is read and is equal to 0x01000440. So the following status bits are set: - MCI_CMDRESPEND (= 6) - MCI_DATABLOCKEND (= 10) - MCI_ST_CARDBUSY (= 24) Since MMCIMASK0 register is 0x3FF, status variable is set to 0x00000040 and BIT MCI_CMDRESPEND is cleared by writing MMCICLEAR register. Then mmci_cmd_irq() is called. Considering the following conditions: - host->busy_status is 0, - this is a "busy response", - reading again MMCISTATUS register gives 0x1000400, MMCIMASK0 is updated to unmask MCI_ST_BUSYEND bit. Thus, MMCIMASK0 is set to 0x010003FF and host->busy_status is set to wait for busy end completion. Back again in status loop of mmci_irq(), we quickly go through mmci_data_irq() as there are no data in that case. And we finally go through following test at the end of while(status) loop: /* * Don't poll for busy completion in irq context. */ if (host->variant->busy_detect && host->busy_status) status &= ~host->variant->busy_detect_flag; Because status variable is not yet null (is equal to 0x40), we do not leave interrupt context yet but we loop again into while(status) loop. So we run across following steps: a) MMCISTATUS register is read again and this time is equal to 0x01000400. So that following bits are set: - MCI_DATABLOCKEND (= 10) - MCI_ST_CARDBUSY (= 24) Since MMCIMASK0 register is equal to 0x010003FF: b) status variable is set to 0x01000000. c) MCI_ST_CARDBUSY bit is cleared by writing MMCICLEAR register. Then, mmci_cmd_irq() is called one more time. Since host->busy_status is set and that MCI_ST_CARDBUSY is set in status variable, we just return from this function. Back again in mmci_irq(), status variable is set to 0 and we finally leave the while(status) loop. As a result we leave interrupt context, waiting for busy end interrupt event. Now, consider that busy end completion is raised IN BETWEEN steps 3.a) and 3.c). In such a case, we may mistakenly clear busy end interrupt at step 3.c) while it has not yet been processed. This will result in mmc command to wait forever for a busy end completion that will never happen. To fix the problem, this patch implements the following changes: Considering that the mmci seems to be triggering the IRQ on both edges while monitoring DAT0 for busy completion and that same status bit is used to monitor start and end of busy detection, special care must be taken to make sure that both start and end interrupts are always cleared one after the other. 1) Clearing of card busy bit is moved in mmc_cmd_irq() function where unmasking of busy end bit is effectively handled. 2) Just before unmasking busy end event, busy start event is cleared by writing card busy bit in MMCICLEAR register. 3) Finally, once we are no more busy with a command, busy end event is cleared writing again card busy bit in MMCICLEAR register. This patch has been tested with the ST Accordo5 machine, not yet supported upstream but relies on the mmci driver. Signed-off-by: Sarang Mairal Signed-off-by: Jean-Nicolas Graux Reviewed-by: Linus Walleij Tested-by: Ulf Hansson Signed-off-by: Ulf Hansson drivers/mmc/host/mmci.c | 32 +++++++++++++++++++++++++------- 1 file changed, 25 insertions(+), 7 deletions(-) commit 853277481178fdf14d1a4e9e6ac7174d6046176f Author: Jani Nikula Date: Wed Feb 1 15:46:09 2017 +0200 drm/i915: don't warn about Skylake CPU - KabyPoint PCH combo Apparently there are machines out there with Skylake CPU and KabyPoint PCH. Judging from our driver code, there doesn't seem to be any code paths that would do anything different between SunrisePoint and KabyPoint PCHs, so it would seem okay to accept the combo without warnings. Fixes: 22dea0be50b2 ("drm/i915: Introduce Kabypoint PCH for Kabylake H/DT.") References: https://lists.freedesktop.org/archives/intel-gfx/2017-February/118611.html Reported-by: Rainer Koenig Cc: Rainer Koenig Cc: Rodrigo Vivi Cc: # v4.8+ Reviewed-by: Rodrigo Vivi Signed-off-by: Jani Nikula Link: http://patchwork.freedesktop.org/patch/msgid/1485956769-26015-1-git-send-email-jani.nikula@intel.com (cherry picked from commit 3aac4acb89710fe782c9e78e7b1febf76e112c6c) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/i915_drv.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 7152187159193056f30ad5726741bb25028672bf Author: Juergen Gross Date: Thu Feb 2 10:47:11 2017 +0100 drm/i915: fix i915 running as dom0 under Xen Commit 920cf4194954ec ("drm/i915: Introduce an internal allocator for disposable private objects") introduced a regression for the kernel running as Xen dom0: when switching to graphics mode a GPU HANG occurred. Reason seems to be a missing adaption similar to that done in commit 7453c549f5f648 ("swiotlb: Export swiotlb_max_segment to users") to i915_gem_object_get_pages_internal(). So limit the maximum page order to be used according to the maximum swiotlb segment size instead to the complete swiotlb size. Fixes: 920cf4194954 ("drm/i915: Introduce an internal allocator for disposable private objects") Signed-off-by: Juergen Gross Link: http://patchwork.freedesktop.org/patch/msgid/20170202094711.939-1-jgross@suse.com Cc: Chris Wilson Cc: Tvrtko Ursulin Cc: Daniel Vetter Cc: Jani Nikula Cc: intel-gfx@lists.freedesktop.org Cc: # v4.10-rc1+ Reviewed-by: Tvrtko Ursulin Signed-off-by: Chris Wilson (cherry picked from commit 5584f1b1d73e9cc95092734c316e467c6c4468f9) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/i915_gem_internal.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) commit e3818697e1d9140d0b990fecf4429d40c41ca0b5 Author: Chris Wilson Date: Mon Jan 9 11:19:32 2017 +0000 drm/i915: Flush untouched framebuffers before display on !llc On a non-llc system, the objects are created with .cache_level = CACHE_NONE and so the transition to uncached for scanout is a no-op. However, if the object was never written to, it will still be in the CPU domain (having been zeroed out by shmemfs). Those cachelines need to be flushed prior to display. Reported-and-tested-by: Vito Caputo Fixes: a6a7cc4b7db6 ("drm/i915: Always flush the dirty CPU cache when pinning the scanout") Signed-off-by: Chris Wilson Cc: # v4.10-rc1+ Link: http://patchwork.freedesktop.org/patch/msgid/20170109111932.6342-1-chris@chris-wilson.co.uk Reviewed-by: Daniel Vetter (cherry picked from commit 69aeafeae9b30d797c439a30d1a4ccc8dc5b0eb0) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/i915_gem.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 5351fbb1bf1413f6024892093528280769ca852f Author: Andrey Ryabinin Date: Thu Jan 26 17:32:11 2017 +0300 drm/i915: fix use-after-free in page_flip_completed() page_flip_completed() dereferences 'work' variable after executing queue_work(). This is not safe as the 'work' item might be already freed by queued work: BUG: KASAN: use-after-free in page_flip_completed+0x3ff/0x490 at addr ffff8803dc010f90 Call Trace: __asan_report_load8_noabort+0x59/0x80 page_flip_completed+0x3ff/0x490 intel_finish_page_flip_mmio+0xe3/0x130 intel_pipe_handle_vblank+0x2d/0x40 gen8_irq_handler+0x4a7/0xed0 __handle_irq_event_percpu+0xf6/0x860 handle_irq_event_percpu+0x6b/0x160 handle_irq_event+0xc7/0x1b0 handle_edge_irq+0x1f4/0xa50 handle_irq+0x41/0x70 do_IRQ+0x9a/0x200 common_interrupt+0x89/0x89 Freed: kfree+0x113/0x4d0 intel_unpin_work_fn+0x29a/0x3b0 process_one_work+0x79e/0x1b70 worker_thread+0x611/0x1460 kthread+0x241/0x3a0 ret_from_fork+0x27/0x40 Move queue_work() after trace_i915_flip_complete() to fix this. Fixes: e5510fac98a7 ("drm/i915: add tracepoints for flip requests & completions") Signed-off-by: Andrey Ryabinin Cc: # v2.6.36+ Reviewed-by: Chris Wilson Signed-off-by: Daniel Vetter Link: http://patchwork.freedesktop.org/patch/msgid/20170126143211.24013-1-aryabinin@virtuozzo.com (cherry picked from commit 05c41f926fcc7ef838c80a6a99d84f67b4e0b824) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_display.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 0c461cb727d146c9ef2d3e86214f498b78b7d125 Author: Stephen Smalley Date: Tue Jan 31 11:54:04 2017 -0500 selinux: fix off-by-one in setprocattr SELinux tries to support setting/clearing of /proc/pid/attr attributes from the shell by ignoring terminating newlines and treating an attribute value that begins with a NUL or newline as an attempt to clear the attribute. However, the test for clearing attributes has always been wrong; it has an off-by-one error, and this could further lead to reading past the end of the allocated buffer since commit bb646cdb12e75d82258c2f2e7746d5952d3e321a ("proc_pid_attr_write(): switch to memdup_user()"). Fix the off-by-one error. Even with this fix, setting and clearing /proc/pid/attr attributes from the shell is not straightforward since the interface does not support multiple write() calls (so shells that write the value and newline separately will set and then immediately clear the attribute, requiring use of echo -n to set the attribute), whereas trying to use echo -n "" to clear the attribute causes the shell to skip the write() call altogether since POSIX says that a zero-length write causes no side effects. Thus, one must use echo -n to set and echo without -n to clear, as in the following example: $ echo -n unconfined_u:object_r:user_home_t:s0 > /proc/$$/attr/fscreate $ cat /proc/$$/attr/fscreate unconfined_u:object_r:user_home_t:s0 $ echo "" > /proc/$$/attr/fscreate $ cat /proc/$$/attr/fscreate Note the use of /proc/$$ rather than /proc/self, as otherwise the cat command will read its own attribute value, not that of the shell. There are no users of this facility to my knowledge; possibly we should just get rid of it. UPDATE: Upon further investigation it appears that a local process with the process:setfscreate permission can cause a kernel panic as a result of this bug. This patch fixes CVE-2017-2618. Signed-off-by: Stephen Smalley [PM: added the update about CVE-2017-2618 to the commit description] Cc: stable@vger.kernel.org # 3.5: d6ea83ec6864e Signed-off-by: Paul Moore Signed-off-by: James Morris security/selinux/hooks.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit bfeda41d06d85ad9d52f2413cfc2b77be5022f75 Author: Omar Sandoval Date: Tue Feb 7 15:33:20 2017 -0800 stacktrace, lockdep: Fix address, newline ugliness Since KERN_CONT became meaningful again, lockdep stack traces have had annoying extra newlines, like this: [ 5.561122] -> #1 (B){+.+...}: [ 5.561528] [ 5.561532] [] lock_acquire+0xc3/0x210 [ 5.562178] [ 5.562181] [] mutex_lock_nested+0x74/0x6d0 [ 5.562861] [ 5.562880] [] init_btrfs_fs+0x21/0x196 [btrfs] [ 5.563717] [ 5.563721] [] do_one_initcall+0x52/0x1b0 [ 5.564554] [ 5.564559] [] do_init_module+0x5f/0x209 [ 5.565357] [ 5.565361] [] load_module+0x218d/0x2b80 [ 5.566020] [ 5.566021] [] SyS_finit_module+0xeb/0x120 [ 5.566694] [ 5.566696] [] entry_SYSCALL_64_fastpath+0x1f/0xc2 That's happening because each printk() call now gets printed on its own line, and we do a separate call to print the spaces before the symbol. Fix it by doing the printk() directly instead of using the print_ip_sym() helper. Additionally, the symbol address isn't very helpful, so let's get rid of that, too. The final result looks like this: [ 5.194518] -> #1 (B){+.+...}: [ 5.195002] lock_acquire+0xc3/0x210 [ 5.195439] mutex_lock_nested+0x74/0x6d0 [ 5.196491] do_one_initcall+0x52/0x1b0 [ 5.196939] do_init_module+0x5f/0x209 [ 5.197355] load_module+0x218d/0x2b80 [ 5.197792] SyS_finit_module+0xeb/0x120 [ 5.198251] entry_SYSCALL_64_fastpath+0x1f/0xc2 Suggested-by: Linus Torvalds Signed-off-by: Omar Sandoval Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: kernel-team@fb.com Fixes: 4bcc595ccd80 ("printk: reinstate KERN_CONT for printing continuation lines") Link: http://lkml.kernel.org/r/43b4e114724b2bdb0308fa86cb33aa07d3d67fad.1486510315.git.osandov@fb.com Signed-off-by: Ingo Molnar kernel/stacktrace.c | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) commit 5d18a619976944dc3114bbe1525880c431196c7a Merge: d5adbfc 242ef5d Author: Dave Airlie Date: Wed Feb 8 12:05:02 2017 +1000 Merge branch 'drm-vmwgfx-fixes-4_10' of git://people.freedesktop.org/~syeh/repos_linux into drm-fixes Single vmwgfx boot crasher fix. * 'drm-vmwgfx-fixes-4_10' of git://people.freedesktop.org/~syeh/repos_linux: drm/vmwgfx: Fix depth input into drm_mode_legacy_fb_format commit 413d37326700aaf708730b940b04192c36e13ef4 Author: Arnd Bergmann Date: Tue Feb 7 09:59:21 2017 -0800 Input: synaptics-rmi4 - select 'SERIO' when needed With CONFIG_SERIO=m, we get a build error for the rmi4-f03 driver, added in linux-4.10: warning: (HID_RMI) selects RMI4_F03 which has unmet direct dependencies (!UML && INPUT && RMI4_CORE && (SERIO=y || RMI4_CORE=SERIO)) drivers/input/built-in.o: In function `rmi_f03_attention': rmi_f03.c:(.text+0xcfe0): undefined reference to `serio_interrupt' rmi_f03.c:(.text+0xd055): undefined reference to `serio_interrupt' drivers/input/built-in.o: In function `rmi_f03_remove': rmi_f03.c:(.text+0xd115): undefined reference to `serio_unregister_port' drivers/input/built-in.o: In function `rmi_f03_probe': rmi_f03.c:(.text+0xd209): undefined reference to `__serio_register_port' An earlier patch tried to fix this, but missed the HID_RMI driver that does a 'select' on the F03 backend. This adds a hidden Kconfig symbol that enforces 'serio' to be enabled when RMI4-F03 is, which covers all cases. Fixes: d7ddad0acc4a ("Input: synaptics-rmi4 - fix F03 build error when serio is module") Fixes: c5e8848fc98e ("Input: synaptics-rmi4 - add support for F03") Signed-off-by: Arnd Bergmann Signed-off-by: Dmitry Torokhov drivers/input/rmi4/Kconfig | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) commit 926af6273fc683cd98cd0ce7bf0d04a02eed6742 Merge: b678912 912964e Author: Linus Torvalds Date: Tue Feb 7 12:10:57 2017 -0800 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net Pull networking fixes from David Miller: 1) Load correct firmware in rtl8192ce wireless driver, from Jurij Smakov. 2) Fix leak of tx_ring and tx_cq due to overwriting in mlx4 driver, from Martin KaFai Lau. 3) Need to reference count PHY driver module when it is attached, from Mao Wenan. 4) Don't do zero length vzalloc() in ethtool register dump, from Stanislaw Gruszka. 5) Defer net_disable_timestamp() to a workqueue to get out of locking issues, from Eric Dumazet. 6) We cannot drop the SKB dst when IP options refer to them, fix also from Eric Dumazet. 7) Incorrect packet header offset calculations in ip6_gre, again from Eric Dumazet. 8) Missing tcp_v6_restore_cb() causes use-after-free, from Eric too. 9) tcp_splice_read() can get into an infinite loop with URG, and hey it's from Eric once more. 10) vnet_hdr_sz can change asynchronously, so read it once during decision making in macvtap and tun, from Willem de Bruijn. 11) Can't use kernel stack for DMA transfers in USB networking drivers, from Ben Hutchings. 12) Handle csum errors properly in UDP by calling the proper destructor, from Eric Dumazet. 13) For non-deterministic softirq run when scheduling NAPI from a workqueue in mlx4, from Benjamin Poirier. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (28 commits) sctp: check af before verify address in sctp_addr_id2transport sctp: avoid BUG_ON on sctp_wait_for_sndbuf mlx4: Invoke softirqs after napi_reschedule udp: properly cope with csum errors catc: Use heap buffer for memory size test catc: Combine failure cleanup code in catc_probe() rtl8150: Use heap buffers for all register access pegasus: Use heap buffers for all register access macvtap: read vnet_hdr_size once tun: read vnet_hdr_sz once tcp: avoid infinite loop in tcp_splice_read() hns: avoid stack overflow with CONFIG_KASAN ipv6: Fix IPv6 packet loss in scenarios involving roaming + snooping switches ipv6: tcp: add a missing tcp_v6_restore_cb() nl80211: Fix mesh HT operation check mac80211: Fix adding of mesh vendor IEs mac80211: Allocate a sync skcipher explicitly for FILS AEAD mac80211: Fix FILS AEAD protection in Association Request frame ip6_gre: fix ip6gre_err() invalid reads netlabel: out of bound access in cipso_v4_validate() ... commit b6789123bccba8b5feb9901ed2e8c3c39181979d Author: Hugh Dickins Date: Tue Feb 7 11:11:16 2017 -0800 mm: fix KPF_SWAPCACHE in /proc/kpageflags Commit 6326fec1122c ("mm: Use owner_priv bit for PageSwapCache, valid when PageSwapBacked") aliased PG_swapcache to PG_owner_priv_1 (and depending on PageSwapBacked being true). As a result, the KPF_SWAPCACHE bit in '/proc/kpageflags' should now be synthesized, instead of being shown on unrelated pages which just happen to have PG_owner_priv_1 set. Signed-off-by: Hugh Dickins Cc: Andrew Morton Cc: Nicholas Piggin Cc: Wu Fengguang Signed-off-by: Linus Torvalds fs/proc/page.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 912964eacb111551db73429719eb5fadcab0ff8a Author: Xin Long Date: Tue Feb 7 20:56:08 2017 +0800 sctp: check af before verify address in sctp_addr_id2transport Commit 6f29a1306131 ("sctp: sctp_addr_id2transport should verify the addr before looking up assoc") invoked sctp_verify_addr to verify the addr. But it didn't check af variable beforehand, once users pass an address with family = 0 through sockopt, sctp_get_af_specific will return NULL and NULL pointer dereference will be caused by af->sockaddr_len. This patch is to fix it by returning NULL if af variable is NULL. Fixes: 6f29a1306131 ("sctp: sctp_addr_id2transport should verify the addr before looking up assoc") Signed-off-by: Xin Long Acked-by: Marcelo Ricardo Leitner Signed-off-by: David S. Miller net/sctp/socket.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 930a42ded3fede7ca3acafc9153f4f2d0f56a92c Author: Alexey Kardashevskiy Date: Tue Feb 7 17:26:57 2017 +1100 vfio/spapr_tce: Set window when adding additional groups to container If a container already has a group attached, attaching a new group should just program already created IOMMU tables to the hardware via the iommu_table_group_ops::set_window() callback. However commit 6f01cc692a16 ("vfio/spapr: Add a helper to create default DMA window") did not just simplify the code but also removed the set_window() calls in the case of attaching groups to a container which already has tables so it broke VFIO PCI hotplug. This reverts set_window() bits in tce_iommu_take_ownership_ddw(). Fixes: 6f01cc692a16 ("vfio/spapr: Add a helper to create default DMA window") Signed-off-by: Alexey Kardashevskiy Reviewed-by: David Gibson Signed-off-by: Alex Williamson drivers/vfio/vfio_iommu_spapr_tce.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) commit a524c218bc94c705886a0e0fedeee45d1931da32 Author: Vineet Gupta Date: Tue Feb 7 09:44:58 2017 -0800 ARC: [arcompact] brown paper bag bug in unaligned access delay slot fixup Reported-by: Jo-Philipp Wich Fixes: 9aed02feae57bf7 ("ARC: [arcompact] handle unaligned access delay slot") Cc: linux-kernel@vger.kernel.org Cc: linux-snps-arc@lists.infradead.org Cc: stable@vger.kernel.org Signed-off-by: Vineet Gupta Signed-off-by: Linus Torvalds arch/arc/kernel/unaligned.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 2dcab598484185dea7ec22219c76dcdd59e3cb90 Author: Marcelo Ricardo Leitner Date: Mon Feb 6 18:10:31 2017 -0200 sctp: avoid BUG_ON on sctp_wait_for_sndbuf Alexander Popov reported that an application may trigger a BUG_ON in sctp_wait_for_sndbuf if the socket tx buffer is full, a thread is waiting on it to queue more data and meanwhile another thread peels off the association being used by the first thread. This patch replaces the BUG_ON call with a proper error handling. It will return -EPIPE to the original sendmsg call, similarly to what would have been done if the association wasn't found in the first place. Acked-by: Alexander Popov Signed-off-by: Marcelo Ricardo Leitner Reviewed-by: Xin Long Signed-off-by: David S. Miller net/sctp/socket.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit bd4ce941c8d5b862b2f83364be5dbe8fc8ab48f8 Author: Benjamin Poirier Date: Mon Feb 6 10:14:31 2017 -0800 mlx4: Invoke softirqs after napi_reschedule mlx4 may schedule napi from a workqueue. Afterwards, softirqs are not run in a deterministic time frame and the following message may be logged: NOHZ: local_softirq_pending 08 The problem is the same as what was described in commit ec13ee80145c ("virtio_net: invoke softirqs after __napi_schedule") and this patch applies the same fix to mlx4. Fixes: 07841f9d94c1 ("net/mlx4_en: Schedule napi when RX buffers allocation fails") Cc: Eric Dumazet Signed-off-by: Benjamin Poirier Acked-by: Eric Dumazet Reviewed-by: Tariq Toukan Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx4/en_rx.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit 69629464e0b587f3711739b3aa2bcdaf2e075276 Author: Eric Dumazet Date: Sun Feb 5 09:25:24 2017 -0800 udp: properly cope with csum errors Dmitry reported that UDP sockets being destroyed would trigger the WARN_ON(atomic_read(&sk->sk_rmem_alloc)); in inet_sock_destruct() It turns out we do not properly destroy skb(s) that have wrong UDP checksum. Thanks again to syzkaller team. Fixes : 7c13f97ffde6 ("udp: do fwd memory scheduling on dequeue") Reported-by: Dmitry Vyukov Signed-off-by: Eric Dumazet Cc: Paolo Abeni Cc: Hannes Frederic Sowa Acked-by: Paolo Abeni Signed-off-by: David S. Miller include/net/sock.h | 4 +++- net/core/datagram.c | 8 ++++++-- net/ipv4/udp.c | 2 +- net/ipv6/udp.c | 2 +- 4 files changed, 11 insertions(+), 5 deletions(-) commit 6a413e269b170d6d3bd32a71de4d5dcf987d6843 Merge: 432d4f8 2d6a0e9 Author: David S. Miller Date: Tue Feb 7 10:07:03 2017 -0500 Merge branch 'net-Fix-on-stack-USB-buffers' Ben Hutchings says: ==================== net: Fix on-stack USB buffers Allocating USB buffers on the stack is not portable, and no longer works on x86_64 (with VMAP_STACK enabled as per default). This series fixes all the instances I could find where USB networking drivers do that. ==================== Signed-off-by: David S. Miller commit 2d6a0e9de03ee658a9adc3bfb2f0ca55dff1e478 Author: Ben Hutchings Date: Sat Feb 4 16:57:04 2017 +0000 catc: Use heap buffer for memory size test Allocating USB buffers on the stack is not portable, and no longer works on x86_64 (with VMAP_STACK enabled as per default). Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Ben Hutchings Signed-off-by: David S. Miller drivers/net/usb/catc.c | 25 ++++++++++++++++++------- 1 file changed, 18 insertions(+), 7 deletions(-) commit d41149145f98fe26dcd0bfd1d6cc095e6e041418 Author: Ben Hutchings Date: Sat Feb 4 16:56:56 2017 +0000 catc: Combine failure cleanup code in catc_probe() Signed-off-by: Ben Hutchings Signed-off-by: David S. Miller drivers/net/usb/catc.c | 33 +++++++++++++++++---------------- 1 file changed, 17 insertions(+), 16 deletions(-) commit 7926aff5c57b577ab0f43364ff0c59d968f6a414 Author: Ben Hutchings Date: Sat Feb 4 16:56:32 2017 +0000 rtl8150: Use heap buffers for all register access Allocating USB buffers on the stack is not portable, and no longer works on x86_64 (with VMAP_STACK enabled as per default). Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Ben Hutchings Signed-off-by: David S. Miller drivers/net/usb/rtl8150.c | 34 +++++++++++++++++++++++++++------- 1 file changed, 27 insertions(+), 7 deletions(-) commit 5593523f968bc86d42a035c6df47d5e0979b5ace Author: Ben Hutchings Date: Sat Feb 4 16:56:03 2017 +0000 pegasus: Use heap buffers for all register access Allocating USB buffers on the stack is not portable, and no longer works on x86_64 (with VMAP_STACK enabled as per default). Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") References: https://bugs.debian.org/852556 Reported-by: Lisandro Damián Nicanor Pérez Meyer Tested-by: Lisandro Damián Nicanor Pérez Meyer Signed-off-by: Ben Hutchings Signed-off-by: David S. Miller drivers/net/usb/pegasus.c | 29 +++++++++++++++++++++++++---- 1 file changed, 25 insertions(+), 4 deletions(-) commit f3d83317a69e7d658e7c83e24f8b31ac533c39e3 Author: Takashi Iwai Date: Tue Feb 7 09:32:30 2017 +0100 Revert "ALSA: line6: Only determine control port properties if needed" This reverts commit f6a0dd107ad0c8b59d1c9735eea4b8cb9f460949. The commit caused a regression on LINE6 Transport that has no control caps. Although reverting the commit may result back in a spurious error message for some device again, it's the simplest regression fix, hence it's taken as is at first. The further code fix will follow later. Fixes: f6a0dd107ad0 ("ALSA: line6: Only determine control port properties if needed") Reported-by: Igor Zinovev Cc: Signed-off-by: Takashi Iwai sound/usb/line6/driver.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 432d4f8ab03527958294ad5e539acaebfc4625e3 Merge: ccf7abb 837585a Author: David S. Miller Date: Mon Feb 6 22:41:27 2017 -0500 Merge branch 'read-vnet_hdr_sz-once' Willem de Bruijn says: ==================== read vnet_hdr_sz once Tuntap devices allow concurrent use and update of field vnet_hdr_sz. Read the field once to avoid TOCTOU. ==================== Signed-off-by: David S. Miller commit 837585a5375c38d40361cfe64e6fd11e1addb936 Author: Willem de Bruijn Date: Fri Feb 3 18:20:49 2017 -0500 macvtap: read vnet_hdr_size once When IFF_VNET_HDR is enabled, a virtio_net header must precede data. Data length is verified to be greater than or equal to expected header length tun->vnet_hdr_sz before copying. Macvtap functions read the value once, but unless READ_ONCE is used, the compiler may ignore this and read multiple times. Enforce a single read and locally cached value to avoid updates between test and use. Signed-off-by: Willem de Bruijn Suggested-by: Eric Dumazet Acked-by: Eric Dumazet Signed-off-by: David S. Miller drivers/net/macvtap.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit e1edab87faf6ca30cd137e0795bc73aa9a9a22ec Author: Willem de Bruijn Date: Fri Feb 3 18:20:48 2017 -0500 tun: read vnet_hdr_sz once When IFF_VNET_HDR is enabled, a virtio_net header must precede data. Data length is verified to be greater than or equal to expected header length tun->vnet_hdr_sz before copying. Read this value once and cache locally, as it can be updated between the test and use (TOCTOU). Signed-off-by: Willem de Bruijn Reported-by: Dmitry Vyukov CC: Eric Dumazet Acked-by: Eric Dumazet Signed-off-by: David S. Miller drivers/net/tun.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) commit ccf7abb93af09ad0868ae9033d1ca8108bdaec82 Author: Eric Dumazet Date: Fri Feb 3 14:59:38 2017 -0800 tcp: avoid infinite loop in tcp_splice_read() Splicing from TCP socket is vulnerable when a packet with URG flag is received and stored into receive queue. __tcp_splice_read() returns 0, and sk_wait_data() immediately returns since there is the problematic skb in queue. This is a nice way to burn cpu (aka infinite loop) and trigger soft lockups. Again, this gem was found by syzkaller tool. Fixes: 9c55e01c0cc8 ("[TCP]: Splice receive support.") Signed-off-by: Eric Dumazet Reported-by: Dmitry Vyukov Cc: Willy Tarreau Signed-off-by: David S. Miller net/ipv4/tcp.c | 6 ++++++ 1 file changed, 6 insertions(+) commit 8b1b41ee74f9712c355d66dc105bbea663ae0afd Merge: f7d6040 bfb3452 Author: Linus Torvalds Date: Mon Feb 6 19:36:04 2017 -0800 Merge branch 'libnvdimm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm Pull libnvdimm fixes from Dan Williams: "None of these are showstoppers for 4.10 and could wait for 4.11 merge window, but they are low enough risk for this late in the cycle and the fixes have waiting users . They have received a build success notification from the 0day robot, pass the latest ndctl unit tests, and appeared in next: - Fix a crash that can result when SIGINT is sent to a process that is awaiting completion of an address range scrub command. We were not properly cleaning up the workqueue after wait_event_interruptible(). - Fix a memory hotplug failure condition that results from not reserving enough space out of persistent memory for the memmap. By default we align to 2M allocations that the memory hotplug code assumes, but if the administrator specifies a non-default 4K-alignment then we can fail to correctly size the reservation. - A one line fix to improve the predictability of libnvdimm block device names. A common operation is to reconfigure /dev/pmem0 into a different mode. For example, a reconfiguration might set a new mode that reserves some of the capacity for a struct page memmap array. It surprises users if the device name changes to "/dev/pmem0.1" after the mode change and then back to /dev/pmem0 after a reboot. - Add 'const' to some function pointer tables" * 'libnvdimm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm: libnvdimm, pfn: fix memmap reservation size versus 4K alignment acpi, nfit: fix acpi_nfit_flush_probe() crash libnvdimm, namespace: do not delete namespace-id 0 nvdimm: constify device_type structures commit f7d6040aa45df6ffd9e891114125dc919f18b96b Merge: 50dcb6c cbf304e Author: Linus Torvalds Date: Mon Feb 6 15:11:04 2017 -0800 Merge tag 'pm-4.10-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull power management fixes from Rafael Wysocki: "These add a quirk to intel_pstate to work around a firmware setting that leads to frequency scaling issues (discovered recently) on some Intel Kaby Lake processors, fix up the recently added brcmstb-avs cpufreq driver and avoid false-positive warnings from the runtime PM framework triggered by recent changes in i915. Specifics: - Add an intel_pstate driver quirk to work around a firmware setting that leads to frequency scaling issues on desktop Intel Kaby Lake processors in some configurations if the hardware-managed P-states (HWP) feature is in use (Srinivas Pandruvada) - Fix up the recently added brcmstb-avs cpufreq driver: fix a bug related to system suspend and change the sysfs interface to match the user space expectations (Markus Mayer) - Modify the runtime PM framework to avoid false-positive warnings from the might_sleep_if() assertions in it (Rafael Wysocki)" * tag 'pm-4.10-rc8' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: PM / runtime: Avoid false-positive warnings from might_sleep_if() cpufreq: intel_pstate: Disable energy efficiency optimization cpufreq: brcmstb-avs-cpufreq: properly retrieve P-state upon suspend cpufreq: brcmstb-avs-cpufreq: extend sysfs entry brcm_avs_pmap commit 50dcb6cdb70281d76b28d1564f8e076bb08f2c60 Merge: 72df5eb f5b0cba Author: Linus Torvalds Date: Mon Feb 6 14:42:34 2017 -0800 Merge tag 'dm-4.10-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm Pull device mapper fixes from Mike Snitzer: - a fix for a race in .request_fn request-based DM request handling vs DM device destruction - an RCU fix for dm-crypt's kernel keyring support that was included in 4.10-rc1 - a -Wbool-operation warning fix for DM multipath * tag 'dm-4.10-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm: dm crypt: replace RCU read-side section with rwsem dm rq: cope with DM device destruction while in dm_old_request_fn() dm mpath: cleanup -Wbool-operation warning in choose_pgpath() commit 72df5eba704252e54b5b19395cb938f8bb55cab8 Merge: 396bf4cd f9f96fc Author: Linus Torvalds Date: Mon Feb 6 14:37:55 2017 -0800 Merge tag 'media/v4.10-3' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media Pull media fixes from Mauro Carvalho Chehab: "A few documentation fixes at CEC (with got promoted from staging for 4.10), and one fix on its core." * tag 'media/v4.10-3' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media: [media] cec: fix wrong last_la determination [media] cec-intro.rst: mention the v4l-utils package and CEC utilities [media] cec rst: remove "This API is not yet finalized" notice commit 396bf4cd835e62d70fad4a03a8963e61f19021f2 Merge: d5adbfc 7c2cf1c Author: Linus Torvalds Date: Mon Feb 6 14:16:23 2017 -0800 Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 Pull crypto fixes from Herbert Xu: - use-after-free in algif_aead - modular aesni regression when pcbc is modular but absent - bug causing IO page faults in ccp - double list add in ccp - NULL pointer dereference in qat (two patches) - panic in chcr - NULL pointer dereference in chcr - out-of-bound access in chcr * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: crypto: chcr - Fix key length for RFC4106 crypto: algif_aead - Fix kernel panic on list_del crypto: aesni - Fix failure when pcbc module is absent crypto: ccp - Fix double add when creating new DMA command crypto: ccp - Fix DMA operations when IOMMU is enabled crypto: chcr - Check device is allocated before use crypto: chcr - Fix panic on dma_unmap_sg crypto: qat - zero esram only for DH85x devices crypto: qat - fix bar discovery for c62x commit b3f2d07f4649adcf6905953a10d217b5683e4077 Author: Arnd Bergmann Date: Fri Feb 3 17:35:46 2017 +0100 hns: avoid stack overflow with CONFIG_KASAN The use of ACCESS_ONCE() looks like a micro-optimization to force gcc to use an indexed load for the register address, but it has an absolutely detrimental effect on builds with gcc-5 and CONFIG_KASAN=y, leading to a very likely kernel stack overflow aside from very complex object code: hisilicon/hns/hns_dsaf_gmac.c: In function 'hns_gmac_update_stats': hisilicon/hns/hns_dsaf_gmac.c:419:1: error: the frame size of 2912 bytes is larger than 1024 bytes [-Werror=frame-larger-than=] hisilicon/hns/hns_dsaf_ppe.c: In function 'hns_ppe_reset_common': hisilicon/hns/hns_dsaf_ppe.c:390:1: error: the frame size of 1184 bytes is larger than 1024 bytes [-Werror=frame-larger-than=] hisilicon/hns/hns_dsaf_ppe.c: In function 'hns_ppe_get_regs': hisilicon/hns/hns_dsaf_ppe.c:621:1: error: the frame size of 3632 bytes is larger than 1024 bytes [-Werror=frame-larger-than=] hisilicon/hns/hns_dsaf_rcb.c: In function 'hns_rcb_get_common_regs': hisilicon/hns/hns_dsaf_rcb.c:970:1: error: the frame size of 2784 bytes is larger than 1024 bytes [-Werror=frame-larger-than=] hisilicon/hns/hns_dsaf_gmac.c: In function 'hns_gmac_get_regs': hisilicon/hns/hns_dsaf_gmac.c:641:1: error: the frame size of 5728 bytes is larger than 1024 bytes [-Werror=frame-larger-than=] hisilicon/hns/hns_dsaf_rcb.c: In function 'hns_rcb_get_ring_regs': hisilicon/hns/hns_dsaf_rcb.c:1021:1: error: the frame size of 2208 bytes is larger than 1024 bytes [-Werror=frame-larger-than=] hisilicon/hns/hns_dsaf_main.c: In function 'hns_dsaf_comm_init': hisilicon/hns/hns_dsaf_main.c:1209:1: error: the frame size of 1904 bytes is larger than 1024 bytes [-Werror=frame-larger-than=] hisilicon/hns/hns_dsaf_xgmac.c: In function 'hns_xgmac_get_regs': hisilicon/hns/hns_dsaf_xgmac.c:748:1: error: the frame size of 4704 bytes is larger than 1024 bytes [-Werror=frame-larger-than=] hisilicon/hns/hns_dsaf_main.c: In function 'hns_dsaf_update_stats': hisilicon/hns/hns_dsaf_main.c:2420:1: error: the frame size of 1088 bytes is larger than 1024 bytes [-Werror=frame-larger-than=] hisilicon/hns/hns_dsaf_main.c: In function 'hns_dsaf_get_regs': hisilicon/hns/hns_dsaf_main.c:2753:1: error: the frame size of 10768 bytes is larger than 1024 bytes [-Werror=frame-larger-than=] This does not seem to happen any more with gcc-7, but removing the ACCESS_ONCE seems safe anyway and it avoids a serious issue for some people. I have verified that with gcc-5.3.1, the object code we get is better in the new version both with and without CONFIG_KASAN, as we no longer allocate a 1344 byte stack frame for hns_dsaf_get_regs() but otherwise have practically identical object code. With gcc-7.0.0, removing ACCESS_ONCE has no effect, the object code is already good either way. This patch is probably not urgent to get into 4.11 as only KASAN=y builds with certain compilers are affected, but I still think it makes sense to backport into older kernels. Cc: stable@vger.kernel.org Fixes: 511e6bc ("net: add Hisilicon Network Subsystem DSAF support") Signed-off-by: Arnd Bergmann Signed-off-by: David S. Miller drivers/net/ethernet/hisilicon/hns/hns_dsaf_reg.h | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) commit a088d1d73a4bcfd7bc482f8d08375b9b665dc3e5 Author: Linus Lüssing Date: Fri Feb 3 08:11:03 2017 +0100 ipv6: Fix IPv6 packet loss in scenarios involving roaming + snooping switches When for instance a mobile Linux device roams from one access point to another with both APs sharing the same broadcast domain and a multicast snooping switch in between: 1) (c) <~~~> (AP1) <--[SSW]--> (AP2) 2) (AP1) <--[SSW]--> (AP2) <~~~> (c) Then currently IPv6 multicast packets will get lost for (c) until an MLD Querier sends its next query message. The packet loss occurs because upon roaming the Linux host so far stayed silent regarding MLD and the snooping switch will therefore be unaware of the multicast topology change for a while. This patch fixes this by always resending MLD reports when an interface change happens, for instance from NO-CARRIER to CARRIER state. Signed-off-by: Linus Lüssing Signed-off-by: David S. Miller net/ipv6/addrconf.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) commit 5aff1d245e8cc1ab5c4517d916edaed9e3f7f973 Author: Arnd Bergmann Date: Fri Feb 3 09:58:24 2017 +0100 ARM: defconfigs: make NF_CT_PROTO_SCTP and NF_CT_PROTO_UDPLITE built-in The symbols can no longer be used as loadable modules, leading to a harmless Kconfig warning: arch/arm/configs/imote2_defconfig:60:warning: symbol value 'm' invalid for NF_CT_PROTO_UDPLITE arch/arm/configs/imote2_defconfig:59:warning: symbol value 'm' invalid for NF_CT_PROTO_SCTP arch/arm/configs/ezx_defconfig:68:warning: symbol value 'm' invalid for NF_CT_PROTO_UDPLITE arch/arm/configs/ezx_defconfig:67:warning: symbol value 'm' invalid for NF_CT_PROTO_SCTP Let's make them built-in. Signed-off-by: Arnd Bergmann arch/arm/configs/ezx_defconfig | 4 ++-- arch/arm/configs/imote2_defconfig | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) commit eeeefd41843218c55a8782a6920f044d9bf6207a Author: Christoph Hellwig Date: Sun Feb 5 18:10:35 2017 +0100 block: don't try Write Same from __blkdev_issue_zeroout Write Same can return an error asynchronously if it turns out the underlying SCSI device does not support Write Same, which makes a proper fallback to other methods in __blkdev_issue_zeroout impossible. Thus only issue a Write Same from blkdev_issue_zeroout an don't try it at all from __blkdev_issue_zeroout as a non-invasive workaround. Signed-off-by: Christoph Hellwig Reported-by: Junichi Nomura Fixes: e73c23ff ("block: add async variant of blkdev_issue_zeroout") Tested-by: Junichi Nomura Signed-off-by: Jens Axboe block/blk-lib.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) commit a47b3fca62a34e5956fc9b61065083e9c055d50f Merge: 08b3b33 1a902f6 Author: Arnd Bergmann Date: Mon Feb 6 17:33:51 2017 +0100 Merge tag 'mvebu-fixes-4.10-1' of git://git.infradead.org/linux-mvebu into fixes Pull "mvebu fixes for 4.10 (part 1)" from Gregory CLEMENT: More consistent naming for some orion5x based boards helping the switch to device tree for debian users. * tag 'mvebu-fixes-4.10-1' of git://git.infradead.org/linux-mvebu: ARM: orion5x: fix Makefile for linkstation-lschl.dtb ARM: dts: orion5x-lschl: More consistent naming on linkstation series ARM: dts: orion5x-lschl: Fix model name commit 08b3b33f3e4dc0016ad878c1a48f094a74956277 Author: Dinh Nguyen Date: Fri Feb 3 09:29:07 2017 -0600 MAINTAINERS: socfpga: update email for Dinh Nguyen My opensource.altera.com email will be going away soon. Signed-off-by: Dinh Nguyen Signed-off-by: Arnd Bergmann MAINTAINERS | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 62f01db9cf830957931f811d4da5f2bc34ce92f4 Merge: 89389b4 52f5631 Author: David S. Miller Date: Mon Feb 6 11:20:48 2017 -0500 Merge tag 'wireless-drivers-for-davem-2017-02-06' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers Kalle Valo says: ==================== wireless-drivers fixes for 4.10 Only one important fix for rtlwifi which fixes a regression introduced in 4.9 and which caused problems for many users. ==================== Signed-off-by: David S. Miller commit 89389b4d5524350e74974cf711fe4a18206c09d3 Merge: ebf6c9c fd551ba Author: David S. Miller Date: Mon Feb 6 10:55:08 2017 -0500 Merge tag 'mac80211-for-davem-2017-02-06' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211 Johannes Berg says: ==================== A few simple fixes: * fix FILS AEAD cipher usage to use the correct AAD vectors and to use synchronous algorithms * fix using mesh HT operation data from userspace * fix adding mesh vendor elements to beacons & plink frames ==================== Signed-off-by: David S. Miller commit ebf6c9cb23d7e56eec8575a88071dec97ad5c6e2 Author: Eric Dumazet Date: Sun Feb 5 20:23:22 2017 -0800 ipv6: tcp: add a missing tcp_v6_restore_cb() Dmitry reported use-after-free in ip6_datagram_recv_specific_ctl() A similar bug was fixed in commit 8ce48623f0cf ("ipv6: tcp: restore IP6CB for pktoptions skbs"), but I missed another spot. tcp_v6_syn_recv_sock() can indeed set np->pktoptions from ireq->pktopts Fixes: 971f10eca186 ("tcp: better TCP_SKB_CB layout to reduce cache line misses") Signed-off-by: Eric Dumazet Reported-by: Dmitry Vyukov Signed-off-by: David S. Miller net/ipv6/tcp_ipv6.c | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) commit 37a7ea4a9b81f6a864c10a7cb0b96458df5310a3 Author: Takashi Iwai Date: Mon Feb 6 15:09:48 2017 +0100 ALSA: seq: Don't handle loop timeout at snd_seq_pool_done() snd_seq_pool_done() syncs with closing of all opened threads, but it aborts the wait loop with a timeout, and proceeds to the release resource even if not all threads have been closed. The timeout was 5 seconds, and if you run a crazy stuff, it can exceed easily, and may result in the access of the invalid memory address -- this is what syzkaller detected in a bug report. As a fix, let the code graduate from naiveness, simply remove the loop timeout. BugLink: http://lkml.kernel.org/r/CACT4Y+YdhDV2H5LLzDTJDVF-qiYHUHhtRaW4rbb4gUhTCQB81w@mail.gmail.com Reported-by: Dmitry Vyukov Cc: Signed-off-by: Takashi Iwai sound/core/seq/seq_memory.c | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) commit cbf304e420da96992eae50bb6d51035681340ab8 Merge: d5adbfc a9306a6 6e978b2 Author: Rafael J. Wysocki Date: Mon Feb 6 14:52:10 2017 +0100 Merge branches 'pm-core-fixes' and 'pm-cpufreq-fixes' * pm-core-fixes: PM / runtime: Avoid false-positive warnings from might_sleep_if() * pm-cpufreq-fixes: cpufreq: intel_pstate: Disable energy efficiency optimization cpufreq: brcmstb-avs-cpufreq: properly retrieve P-state upon suspend cpufreq: brcmstb-avs-cpufreq: extend sysfs entry brcm_avs_pmap commit fd551bac4795854adaa87bad7e5136083719802b Author: Masashi Honma Date: Thu Jan 26 08:56:13 2017 +0900 nl80211: Fix mesh HT operation check A previous change to fix checks for NL80211_MESHCONF_HT_OPMODE missed setting the flag when replacing FILL_IN_MESH_PARAM_IF_SET with checking codes. This results in dropping the received HT operation value when called by nl80211_update_mesh_config(). Fix this by setting the flag properly. Fixes: 9757235f451c ("nl80211: correct checks for NL80211_MESHCONF_HT_OPMODE value") Signed-off-by: Masashi Honma [rewrite commit message to use Fixes: line] Signed-off-by: Johannes Berg net/wireless/nl80211.c | 1 + 1 file changed, 1 insertion(+) commit da7061c82e4a1bc6a5e134ef362c86261906c860 Author: Thorsten Horstmann Date: Fri Feb 3 14:38:29 2017 +0100 mac80211: Fix adding of mesh vendor IEs The function ieee80211_ie_split_vendor doesn't return 0 on errors. Instead it returns any offset < ielen when WLAN_EID_VENDOR_SPECIFIC is found. The return value in mesh_add_vendor_ies must therefore be checked against ifmsh->ie_len and not 0. Otherwise all ifmsh->ie starting with WLAN_EID_VENDOR_SPECIFIC will be rejected. Fixes: 082ebb0c258d ("mac80211: fix mesh beacon format") Signed-off-by: Thorsten Horstmann Signed-off-by: Mathias Kretschmer Signed-off-by: Simon Wunderlich [sven@narfation.org: Add commit message] Signed-off-by: Sven Eckelmann Signed-off-by: Johannes Berg net/mac80211/mesh.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 01fba20b5976e445676febbdf6dc78d71c6d7b62 Author: Jouni Malinen Date: Sat Feb 4 18:08:42 2017 +0200 mac80211: Allocate a sync skcipher explicitly for FILS AEAD The skcipher could have been of the async variant which may return from skcipher_encrypt() with -EINPROGRESS after having queued the request. The FILS AEAD implementation here does not have code for dealing with that possibility, so allocate a sync cipher explicitly to avoid potential issues with hardware accelerators. This is based on the patch sent out by Ard. Fixes: 39404feee691 ("mac80211: FILS AEAD protection for station mode association frames") Reported-by: Ard Biesheuvel Signed-off-by: Jouni Malinen Signed-off-by: Johannes Berg net/mac80211/fils_aead.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit e479ab651f071dbd1518ce8fb121c7f42f2bb97d Author: Jouni Malinen Date: Sat Feb 4 13:59:22 2017 +0200 mac80211: Fix FILS AEAD protection in Association Request frame Incorrect num_elem parameter value (1 vs. 5) was used in the aes_siv_encrypt() call. This resulted in only the first one of the five AAD vectors to SIV getting included in calculation. This does not protect all the contents correctly and would not interoperate with a standard compliant implementation. Fix this by using the correct number. A matching fix is needed in the AP side (hostapd) to get FILS authentication working properly. Fixes: 39404feee691 ("mac80211: FILS AEAD protection for station mode association frames") Reported-by: Ard Biesheuvel Signed-off-by: Jouni Malinen Signed-off-by: Johannes Berg net/mac80211/fils_aead.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d5adbfcd5f7bcc6fa58a41c5c5ada0e5c826ce2c Author: Linus Torvalds Date: Sun Feb 5 15:10:58 2017 -0800 Linux 4.10-rc7 Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 7892032cfe67f4bde6fc2ee967e45a8fbaf33756 Author: Eric Dumazet Date: Sat Feb 4 23:18:55 2017 -0800 ip6_gre: fix ip6gre_err() invalid reads Andrey Konovalov reported out of bound accesses in ip6gre_err() If GRE flags contains GRE_KEY, the following expression *(((__be32 *)p) + (grehlen / 4) - 1) accesses data ~40 bytes after the expected point, since grehlen includes the size of IPv6 headers. Let's use a "struct gre_base_hdr *greh" pointer to make this code more readable. p[1] becomes greh->protocol. grhlen is the GRE header length. Fixes: c12b395a4664 ("gre: Support GRE over IPv6") Signed-off-by: Eric Dumazet Reported-by: Andrey Konovalov Signed-off-by: David S. Miller net/ipv6/ip6_gre.c | 40 +++++++++++++++++++++------------------- 1 file changed, 21 insertions(+), 19 deletions(-) commit 08b259631b5a1d912af4832847b5642f377d9101 Author: Yazen Ghannam Date: Sun Feb 5 11:50:22 2017 +0100 x86/CPU/AMD: Fix Zen SMT topology After: a33d331761bc ("x86/CPU/AMD: Fix Bulldozer topology") our SMT scheduling topology for Fam17h systems is broken, because the ThreadId is included in the ApicId when SMT is enabled. So, without further decoding cpu_core_id is unique for each thread rather than the same for threads on the same core. This didn't affect systems with SMT disabled. Make cpu_core_id be what it is defined to be. Signed-off-by: Yazen Ghannam Signed-off-by: Borislav Petkov Cc: # 4.9 Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20170205105022.8705-2-bp@alien8.de Signed-off-by: Ingo Molnar arch/x86/kernel/cpu/amd.c | 7 +++++++ 1 file changed, 7 insertions(+) commit 79a8b9aa388b0620cc1d525d7c0f0d9a8a85e08e Author: Borislav Petkov Date: Sun Feb 5 11:50:21 2017 +0100 x86/CPU/AMD: Bring back Compute Unit ID Commit: a33d331761bc ("x86/CPU/AMD: Fix Bulldozer topology") restored the initial approach we had with the Fam15h topology of enumerating CU (Compute Unit) threads as cores. And this is still correct - they're beefier than HT threads but still have some shared functionality. Our current approach has a problem with the Mad Max Steam game, for example. Yves Dionne reported a certain "choppiness" while playing on v4.9.5. That problem stems most likely from the fact that the CU threads share resources within one CU and when we schedule to a thread of a different compute unit, this incurs latency due to migrating the working set to a different CU through the caches. When the thread siblings mask mirrors that aspect of the CUs and threads, the scheduler pays attention to it and tries to schedule within one CU first. Which takes care of the latency, of course. Reported-by: Yves Dionne Signed-off-by: Borislav Petkov Cc: # 4.9 Cc: Brice Goglin Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: Yazen Ghannam Link: http://lkml.kernel.org/r/20170205105022.8705-1-bp@alien8.de Signed-off-by: Ingo Molnar arch/x86/include/asm/processor.h | 1 + arch/x86/kernel/cpu/amd.c | 9 ++++++++- arch/x86/kernel/cpu/common.c | 1 + arch/x86/kernel/smpboot.c | 12 +++++++++--- 4 files changed, 19 insertions(+), 4 deletions(-) commit d71b7896886345c53ef1d84bda2bc758554f5d61 Author: Eric Dumazet Date: Fri Feb 3 00:03:26 2017 -0800 netlabel: out of bound access in cipso_v4_validate() syzkaller found another out of bound access in ip_options_compile(), or more exactly in cipso_v4_validate() Fixes: 20e2a8648596 ("cipso: handle CIPSO options correctly when NetLabel is disabled") Fixes: 446fda4f2682 ("[NetLabel]: CIPSOv4 engine") Signed-off-by: Eric Dumazet Reported-by: Dmitry Vyukov Cc: Paul Moore Acked-by: Paul Moore Signed-off-by: David S. Miller include/net/cipso_ipv4.h | 4 ++++ net/ipv4/cipso_ipv4.c | 4 ++++ 2 files changed, 8 insertions(+) commit 34b2cef20f19c87999fff3da4071e66937db9644 Author: Eric Dumazet Date: Sat Feb 4 11:16:52 2017 -0800 ipv4: keep skb->dst around in presence of IP options Andrey Konovalov got crashes in __ip_options_echo() when a NULL skb->dst is accessed. ipv4_pktinfo_prepare() should not drop the dst if (evil) IP options are present. We could refine the test to the presence of ts_needtime or srr, but IP options are not often used, so let's be conservative. Thanks to syzkaller team for finding this bug. Fixes: d826eb14ecef ("ipv4: PKTINFO doesnt need dst reference") Signed-off-by: Eric Dumazet Reported-by: Andrey Konovalov Signed-off-by: David S. Miller net/ipv4/ip_sockglue.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) commit bfb34527a32a1a576d9bfb7026d3ab0369a6cd60 Author: Dan Williams Date: Sat Feb 4 14:47:31 2017 -0800 libnvdimm, pfn: fix memmap reservation size versus 4K alignment When vmemmap_populate() allocates space for the memmap it does so in 2MB sized chunks. The libnvdimm-pfn driver incorrectly accounts for this when the alignment of the device is set to 4K. When this happens we trigger memory allocation failures in altmap_alloc_block_buf() and trigger warnings of the form: WARNING: CPU: 0 PID: 3376 at arch/x86/mm/init_64.c:656 arch_add_memory+0xe4/0xf0 [..] Call Trace: dump_stack+0x86/0xc3 __warn+0xcb/0xf0 warn_slowpath_null+0x1d/0x20 arch_add_memory+0xe4/0xf0 devm_memremap_pages+0x29b/0x4e0 Fixes: 315c562536c4 ("libnvdimm, pfn: add 'align' attribute, default to HPAGE_SIZE") Cc: Signed-off-by: Dan Williams drivers/nvdimm/pfn_devs.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) commit a572a1b999489efb591287632279c6c9eca3e4ed Merge: 24bc5fe aaaec6f Author: Linus Torvalds Date: Sat Feb 4 12:18:01 2017 -0800 Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull irq fixes from Thomas Gleixner: - Prevent double activation of interrupt lines, which causes problems on certain interrupt controllers - Handle the fallout of the above because x86 (ab)uses the activation function to reconfigure interrupts under the hood. * 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/irq: Make irq activate operations symmetric irqdomain: Avoid activating interrupts more than once commit 24bc5fe716855e5e608c515340b3ceacfb143bcc Merge: 412e6d3 00c87e9 Author: Linus Torvalds Date: Sat Feb 4 12:07:54 2017 -0800 Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm Pull KVM fix from Radim Krčmář: "Fix a regression that prevented migration between hosts with different XSAVE features even if the missing features were not used by the guest (for stable)" * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: KVM: x86: do not save guest-unsupported XSAVE state commit 412e6d3fec247b2bc83106514b0fb3b17e2eb7fe Merge: 252bf9f 433e19c Author: Linus Torvalds Date: Sat Feb 4 10:44:15 2017 -0800 Merge tag 'char-misc-4.10-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc Pull char/misc driver fixes from Greg KH: "Here are two bugfixes that resolve some reported issues. One in the firmware loader, that should fix the much-reported problem of crashes with it. The other is a hyperv fix for a reported regression. Both have been in linux-next for a week or so with no reported issues" * tag 'char-misc-4.10-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: Drivers: hv: vmbus: finally fix hv_need_to_signal_on_read() firmware: fix NULL pointer dereference in __fw_load_abort() commit 252bf9f4c43fd58f96587a97866cb7cc980e7544 Merge: 8fcdcc4 b17c1bb Author: Linus Torvalds Date: Sat Feb 4 10:38:09 2017 -0800 Merge tag 'staging-4.10-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging Pull staging/IIO fixes from Greg KH: "Here are a few small IIO and one staging driver fix for 4.10-rc7. They fix some reported issues with the drivers. All of them have been in linux-next for a week or so with no reported issues" * tag 'staging-4.10-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging: staging: greybus: timesync: validate platform state callback iio: dht11: Use usleep_range instead of msleep for start signal iio: adc: palmas_gpadc: retrieve a valid iio_dev in suspend/resume iio: health: max30100: fixed parenthesis around FIFO count check iio: health: afe4404: retrieve a valid iio_dev in suspend/resume iio: health: afe4403: retrieve a valid iio_dev in suspend/resume commit 8fcdcc42a5268f298ac91962a5e816294435006f Merge: a0a2864 4244149 Author: Linus Torvalds Date: Sat Feb 4 10:35:55 2017 -0800 Merge tag 'usb-4.10-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb Pull USB fixes from Greg KH: "Here are some small USB fixes for some reported issues, and the usual number of new device ids for 4.10-rc7. All of these, except the last new device id, have been in linux-next for a while with no reported issues" * tag 'usb-4.10-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: USB: serial: pl2303: add ATEN device ID usb: gadget: f_fs: Assorted buffer overflow checks. USB: Add quirk for WORLDE easykey.25 MIDI keyboard usb: musb: Fix external abort on non-linefetch for musb_irq_work() usb: musb: Fix host mode error -71 regression USB: serial: option: add device ID for HP lt2523 (Novatel E371) USB: serial: qcserial: add Dell DW5570 QDL commit a0a28644c1cf191e514dd64bf438e69c178b8440 Merge: a49e6f5 6f3e71c0 Author: Linus Torvalds Date: Fri Feb 3 16:18:51 2017 -0800 Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi Pull SCSI fix from James Bottomley: "A single fix this time: a fix for a virtqueue removal bug which only appears to affect S390, but which results in the queue hanging forever thus causing the machine to fail shutdown" * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: scsi: virtio_scsi: Reject commands when virtqueue is broken commit a9306a63631493afc75893a4ac405d4e1cbae6aa Author: Rafael J. Wysocki Date: Sat Feb 4 00:44:36 2017 +0100 PM / runtime: Avoid false-positive warnings from might_sleep_if() The might_sleep_if() assertions in __pm_runtime_idle(), __pm_runtime_suspend() and __pm_runtime_resume() may generate false-positive warnings in some situations. For example, that happens if a nested pm_runtime_get_sync()/pm_runtime_put() pair is executed with disabled interrupts within an outer pm_runtime_get_sync()/pm_runtime_put() section for the same device. [Generally, pm_runtime_get_sync() may sleep, so it should not be called with disabled interrupts, but in this particular case the previous pm_runtime_get_sync() guarantees that the device will not be suspended, so the inner pm_runtime_get_sync() will return immediately after incrementing the device's usage counter.] That started to happen in the i915 driver in 4.10-rc, leading to the following splat: BUG: sleeping function called from invalid context at drivers/base/power/runtime.c:1032 in_atomic(): 1, irqs_disabled(): 0, pid: 1500, name: Xorg 1 lock held by Xorg/1500: #0: (&dev->struct_mutex){+.+.+.}, at: [] i915_mutex_lock_interruptible+0x43/0x140 [i915] CPU: 0 PID: 1500 Comm: Xorg Not tainted Call Trace: dump_stack+0x85/0xc2 ___might_sleep+0x196/0x260 __might_sleep+0x53/0xb0 __pm_runtime_resume+0x7a/0x90 intel_runtime_pm_get+0x25/0x90 [i915] aliasing_gtt_bind_vma+0xaa/0xf0 [i915] i915_vma_bind+0xaf/0x1e0 [i915] i915_gem_execbuffer_relocate_entry+0x513/0x6f0 [i915] i915_gem_execbuffer_relocate_vma.isra.34+0x188/0x250 [i915] ? trace_hardirqs_on+0xd/0x10 ? i915_gem_execbuffer_reserve_vma.isra.31+0x152/0x1f0 [i915] ? i915_gem_execbuffer_reserve.isra.32+0x372/0x3a0 [i915] i915_gem_do_execbuffer.isra.38+0xa70/0x1a40 [i915] ? __might_fault+0x4e/0xb0 i915_gem_execbuffer2+0xc5/0x260 [i915] ? __might_fault+0x4e/0xb0 drm_ioctl+0x206/0x450 [drm] ? i915_gem_execbuffer+0x340/0x340 [i915] ? __fget+0x5/0x200 do_vfs_ioctl+0x91/0x6f0 ? __fget+0x111/0x200 ? __fget+0x5/0x200 SyS_ioctl+0x79/0x90 entry_SYSCALL_64_fastpath+0x23/0xc6 even though the code triggering it is correct. Unfortunately, the might_sleep_if() assertions in question are too coarse-grained to cover such cases correctly, so make them a bit less sensitive in order to avoid the false-positives. Reported-and-tested-by: Sedat Dilek Signed-off-by: Rafael J. Wysocki drivers/base/power/runtime.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) commit a49e6f584e29785f9e5eb8dd31435746818dd5c4 Merge: e9f7f17 79134d1 Author: Linus Torvalds Date: Fri Feb 3 15:43:30 2017 -0800 Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost Pull virtio/vhost fixes from Michael S. Tsirkin: "Last minute fixes: - ARM DMA fix revert - vhost endian-ness fix - MAINTAINERS: email address change for Amit" * tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost: MAINTAINERS: update email address for Amit Shah vhost: fix initialization for vq->is_le Revert "vring: Force use of DMA API for ARM-based systems with legacy devices" commit e9f7f17d53003ee46ccbaf057f7820bfb6e76b9d Merge: 7a92cc6 2da64d2 Author: Linus Torvalds Date: Fri Feb 3 15:38:53 2017 -0800 Merge tag 'vfio-v4.10-rc7' of git://github.com/awilliam/linux-vfio Pull VFIO fix from Alex Williamson: "Fix an error path in SPAPR IOMMU backend (Alexey Kardashevskiy)" * tag 'vfio-v4.10-rc7' of git://github.com/awilliam/linux-vfio: vfio/spapr: Fix missing mutex unlock when creating a window commit 6e978b22efa1db9f6e71b24440b5f1d93e968ee3 Author: Srinivas Pandruvada Date: Fri Feb 3 14:18:39 2017 -0800 cpufreq: intel_pstate: Disable energy efficiency optimization Some Kabylake desktop processors may not reach max turbo when running in HWP mode, even if running under sustained 100% utilization. This occurs when the HWP.EPP (Energy Performance Preference) is set to "balance_power" (0x80) -- the default on most systems. It occurs because the platform BIOS may erroneously enable an energy-efficiency setting -- MSR_IA32_POWER_CTL BIT-EE, which is not recommended to be enabled on this SKU. On the failing systems, this BIOS issue was not discovered when the desktop motherboard was tested with Windows, because the BIOS also neglects to provide the ACPI/CPPC table, that Windows requires to enable HWP, and so Windows runs in legacy P-state mode, where this setting has no effect. Linux' intel_pstate driver does not require ACPI/CPPC to enable HWP, and so it runs in HWP mode, exposing this incorrect BIOS configuration. There are several ways to address this problem. First, Linux can also run in legacy P-state mode on this system. As intel_pstate is how Linux enables HWP, booting with "intel_pstate=disable" will run in acpi-cpufreq/ondemand legacy p-state mode. Or second, the "performance" governor can be used with intel_pstate, which will modify HWP.EPP to 0. Or third, starting in 4.10, the /sys/devices/system/cpu/cpufreq/policy*/energy_performance_preference attribute in can be updated from "balance_power" to "performance". Or fourth, apply this patch, which fixes the erroneous setting of MSR_IA32_POWER_CTL BIT_EE on this model, allowing the default configuration to function as designed. Signed-off-by: Srinivas Pandruvada Reviewed-by: Len Brown Cc: 4.6+ # 4.6+ Signed-off-by: Rafael J. Wysocki drivers/cpufreq/intel_pstate.c | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) commit 7a92cc6bcbc90bf72e57eff2dc29900a636c2d0d Merge: 3f67790 5abf186 Author: Linus Torvalds Date: Fri Feb 3 14:50:42 2017 -0800 Merge branch 'akpm' (patches from Andrew) Merge fixes from Andrew Morton: "8 fixes" * emailed patches from Andrew Morton : mm, fs: check for fatal signals in do_generic_file_read() fs: break out of iomap_file_buffered_write on fatal signals base/memory, hotplug: fix a kernel oops in show_valid_zones() mm/memory_hotplug.c: check start_pfn in test_pages_in_a_zone() jump label: pass kbuild_cflags when checking for asm goto support shmem: fix sleeping from atomic context kasan: respect /proc/sys/kernel/traceoff_on_warning zswap: disable changing params if init fails commit 5abf186a30a89d5b9c18a6bf93a2c192c9fd52f6 Author: Michal Hocko Date: Fri Feb 3 13:13:29 2017 -0800 mm, fs: check for fatal signals in do_generic_file_read() do_generic_file_read() can be told to perform a large request from userspace. If the system is under OOM and the reading task is the OOM victim then it has an access to memory reserves and finishing the full request can lead to the full memory depletion which is dangerous. Make sure we rather go with a short read and allow the killed task to terminate. Link: http://lkml.kernel.org/r/20170201092706.9966-3-mhocko@kernel.org Signed-off-by: Michal Hocko Reviewed-by: Christoph Hellwig Cc: Tetsuo Handa Cc: Al Viro Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/filemap.c | 5 +++++ 1 file changed, 5 insertions(+) commit d1908f52557b3230fbd63c0429f3b4b748bf2b6d Author: Michal Hocko Date: Fri Feb 3 13:13:26 2017 -0800 fs: break out of iomap_file_buffered_write on fatal signals Tetsuo has noticed that an OOM stress test which performs large write requests can cause the full memory reserves depletion. He has tracked this down to the following path __alloc_pages_nodemask+0x436/0x4d0 alloc_pages_current+0x97/0x1b0 __page_cache_alloc+0x15d/0x1a0 mm/filemap.c:728 pagecache_get_page+0x5a/0x2b0 mm/filemap.c:1331 grab_cache_page_write_begin+0x23/0x40 mm/filemap.c:2773 iomap_write_begin+0x50/0xd0 fs/iomap.c:118 iomap_write_actor+0xb5/0x1a0 fs/iomap.c:190 ? iomap_write_end+0x80/0x80 fs/iomap.c:150 iomap_apply+0xb3/0x130 fs/iomap.c:79 iomap_file_buffered_write+0x68/0xa0 fs/iomap.c:243 ? iomap_write_end+0x80/0x80 xfs_file_buffered_aio_write+0x132/0x390 [xfs] ? remove_wait_queue+0x59/0x60 xfs_file_write_iter+0x90/0x130 [xfs] __vfs_write+0xe5/0x140 vfs_write+0xc7/0x1f0 ? syscall_trace_enter+0x1d0/0x380 SyS_write+0x58/0xc0 do_syscall_64+0x6c/0x200 entry_SYSCALL64_slow_path+0x25/0x25 the oom victim has access to all memory reserves to make a forward progress to exit easier. But iomap_file_buffered_write and other callers of iomap_apply loop to complete the full request. We need to check for fatal signals and back off with a short write instead. As the iomap_apply delegates all the work down to the actor we have to hook into those. All callers that work with the page cache are calling iomap_write_begin so we will check for signals there. dax_iomap_actor has to handle the situation explicitly because it copies data to the userspace directly. Other callers like iomap_page_mkwrite work on a single page or iomap_fiemap_actor do not allocate memory based on the given len. Fixes: 68a9f5e7007c ("xfs: implement iomap based buffered write path") Link: http://lkml.kernel.org/r/20170201092706.9966-2-mhocko@kernel.org Signed-off-by: Michal Hocko Reported-by: Tetsuo Handa Reviewed-by: Christoph Hellwig Cc: Al Viro Cc: [4.8+] Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/dax.c | 5 +++++ fs/iomap.c | 3 +++ 2 files changed, 8 insertions(+) commit a96dfddbcc04336bbed50dc2b24823e45e09e80c Author: Toshi Kani Date: Fri Feb 3 13:13:23 2017 -0800 base/memory, hotplug: fix a kernel oops in show_valid_zones() Reading a sysfs "memoryN/valid_zones" file leads to the following oops when the first page of a range is not backed by struct page. show_valid_zones() assumes that 'start_pfn' is always valid for page_zone(). BUG: unable to handle kernel paging request at ffffea017a000000 IP: show_valid_zones+0x6f/0x160 This issue may happen on x86-64 systems with 64GiB or more memory since their memory block size is bumped up to 2GiB. [1] An example of such systems is desribed below. 0x3240000000 is only aligned by 1GiB and this memory block starts from 0x3200000000, which is not backed by struct page. BIOS-e820: [mem 0x0000003240000000-0x000000603fffffff] usable Since test_pages_in_a_zone() already checks holes, fix this issue by extending this function to return 'valid_start' and 'valid_end' for a given range. show_valid_zones() then proceeds with the valid range. [1] 'Commit bdee237c0343 ("x86: mm: Use 2GB memory block size on large-memory x86-64 systems")' Link: http://lkml.kernel.org/r/20170127222149.30893-3-toshi.kani@hpe.com Signed-off-by: Toshi Kani Cc: Greg Kroah-Hartman Cc: Zhang Zhen Cc: Reza Arbab Cc: David Rientjes Cc: Dan Williams Cc: [4.4+] Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds drivers/base/memory.c | 12 ++++++------ include/linux/memory_hotplug.h | 3 ++- mm/memory_hotplug.c | 20 +++++++++++++++----- 3 files changed, 23 insertions(+), 12 deletions(-) commit deb88a2a19e85842d79ba96b05031739ec327ff4 Author: Toshi Kani Date: Fri Feb 3 13:13:20 2017 -0800 mm/memory_hotplug.c: check start_pfn in test_pages_in_a_zone() Patch series "fix a kernel oops when reading sysfs valid_zones", v2. A sysfs memory file is created for each 2GiB memory block on x86-64 when the system has 64GiB or more memory. [1] When the start address of a memory block is not backed by struct page, i.e. a memory range is not aligned by 2GiB, reading its 'valid_zones' attribute file leads to a kernel oops. This issue was observed on multiple x86-64 systems with more than 64GiB of memory. This patch-set fixes this issue. Patch 1 first fixes an issue in test_pages_in_a_zone(), which does not test the start section. Patch 2 then fixes the kernel oops by extending test_pages_in_a_zone() to return valid [start, end). Note for stable kernels: The memory block size change was made by commit bdee237c0343 ("x86: mm: Use 2GB memory block size on large-memory x86-64 systems"), which was accepted to 3.9. However, this patch-set depends on (and fixes) the change to test_pages_in_a_zone() made by commit 5f0f2887f4de ("mm/memory_hotplug.c: check for missing sections in test_pages_in_a_zone()"), which was accepted to 4.4. So, I recommend that we backport it up to 4.4. [1] 'Commit bdee237c0343 ("x86: mm: Use 2GB memory block size on large-memory x86-64 systems")' This patch (of 2): test_pages_in_a_zone() does not check 'start_pfn' when it is aligned by section since 'sec_end_pfn' is set equal to 'pfn'. Since this function is called for testing the range of a sysfs memory file, 'start_pfn' is always aligned by section. Fix it by properly setting 'sec_end_pfn' to the next section pfn. Also make sure that this function returns 1 only when the range belongs to a zone. Link: http://lkml.kernel.org/r/20170127222149.30893-2-toshi.kani@hpe.com Signed-off-by: Toshi Kani Cc: Andrew Banman Cc: Reza Arbab Cc: Greg KH Cc: [4.4+] Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/memory_hotplug.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) commit 35f860f9ba6aac56cc38e8b18916d833a83f1157 Author: David Lin Date: Fri Feb 3 13:13:18 2017 -0800 jump label: pass kbuild_cflags when checking for asm goto support Some versions of ARM GCC compiler such as Android toolchain throws in a '-fpic' flag by default. This causes the gcc-goto check script to fail although some config would have '-fno-pic' flag in the KBUILD_CFLAGS. This patch passes the KBUILD_CFLAGS to the check script so that the script does not rely on the default config from different compilers. Link: http://lkml.kernel.org/r/20170120234329.78868-1-dtwlin@google.com Signed-off-by: David Lin Acked-by: Steven Rostedt Cc: Michal Marek Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 253fd0f02040a19c6fe80e4171659fa3482a422d Author: Kirill A. Shutemov Date: Fri Feb 3 13:13:15 2017 -0800 shmem: fix sleeping from atomic context Syzkaller fuzzer managed to trigger this: BUG: sleeping function called from invalid context at mm/shmem.c:852 in_atomic(): 1, irqs_disabled(): 0, pid: 529, name: khugepaged 3 locks held by khugepaged/529: #0: (shrinker_rwsem){++++..}, at: [] shrink_slab.part.59+0x121/0xd30 mm/vmscan.c:451 #1: (&type->s_umount_key#29){++++..}, at: [] trylock_super+0x20/0x100 fs/super.c:392 #2: (&(&sbinfo->shrinklist_lock)->rlock){+.+.-.}, at: [] spin_lock include/linux/spinlock.h:302 [inline] #2: (&(&sbinfo->shrinklist_lock)->rlock){+.+.-.}, at: [] shmem_unused_huge_shrink+0x28e/0x1490 mm/shmem.c:427 CPU: 2 PID: 529 Comm: khugepaged Not tainted 4.10.0-rc5+ #201 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 Call Trace: shmem_undo_range+0xb20/0x2710 mm/shmem.c:852 shmem_truncate_range+0x27/0xa0 mm/shmem.c:939 shmem_evict_inode+0x35f/0xca0 mm/shmem.c:1030 evict+0x46e/0x980 fs/inode.c:553 iput_final fs/inode.c:1515 [inline] iput+0x589/0xb20 fs/inode.c:1542 shmem_unused_huge_shrink+0xbad/0x1490 mm/shmem.c:446 shmem_unused_huge_scan+0x10c/0x170 mm/shmem.c:512 super_cache_scan+0x376/0x450 fs/super.c:106 do_shrink_slab mm/vmscan.c:378 [inline] shrink_slab.part.59+0x543/0xd30 mm/vmscan.c:481 shrink_slab mm/vmscan.c:2592 [inline] shrink_node+0x2c7/0x870 mm/vmscan.c:2592 shrink_zones mm/vmscan.c:2734 [inline] do_try_to_free_pages+0x369/0xc80 mm/vmscan.c:2776 try_to_free_pages+0x3c6/0x900 mm/vmscan.c:2982 __perform_reclaim mm/page_alloc.c:3301 [inline] __alloc_pages_direct_reclaim mm/page_alloc.c:3322 [inline] __alloc_pages_slowpath+0xa24/0x1c30 mm/page_alloc.c:3683 __alloc_pages_nodemask+0x544/0xae0 mm/page_alloc.c:3848 __alloc_pages include/linux/gfp.h:426 [inline] __alloc_pages_node include/linux/gfp.h:439 [inline] khugepaged_alloc_page+0xc2/0x1b0 mm/khugepaged.c:750 collapse_huge_page+0x182/0x1fe0 mm/khugepaged.c:955 khugepaged_scan_pmd+0xfdf/0x12a0 mm/khugepaged.c:1208 khugepaged_scan_mm_slot mm/khugepaged.c:1727 [inline] khugepaged_do_scan mm/khugepaged.c:1808 [inline] khugepaged+0xe9b/0x1590 mm/khugepaged.c:1853 kthread+0x326/0x3f0 kernel/kthread.c:227 ret_from_fork+0x31/0x40 arch/x86/entry/entry_64.S:430 The iput() from atomic context was a bad idea: if after igrab() somebody else calls iput() and we left with the last inode reference, our iput() would lead to inode eviction and therefore sleeping. This patch should fix the situation. Link: http://lkml.kernel.org/r/20170131093141.GA15899@node.shutemov.name Signed-off-by: Kirill A. Shutemov Reported-by: Dmitry Vyukov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/shmem.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) commit 4f40c6e5627ea73b4e7c615c59631f38cc880885 Author: Peter Zijlstra Date: Fri Feb 3 13:13:12 2017 -0800 kasan: respect /proc/sys/kernel/traceoff_on_warning After much waiting I finally reproduced a KASAN issue, only to find my trace-buffer empty of useful information because it got spooled out :/ Make kasan_report honour the /proc/sys/kernel/traceoff_on_warning interface. Link: http://lkml.kernel.org/r/20170125164106.3514-1-aryabinin@virtuozzo.com Signed-off-by: Peter Zijlstra (Intel) Signed-off-by: Andrey Ryabinin Acked-by: Alexander Potapenko Cc: Dmitry Vyukov Cc: Steven Rostedt Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/kasan/report.c | 3 +++ 1 file changed, 3 insertions(+) commit d7b028f56a971a2e4d8d7887540a144eeefcd4ab Author: Dan Streetman Date: Fri Feb 3 13:13:09 2017 -0800 zswap: disable changing params if init fails Add zswap_init_failed bool that prevents changing any of the module params, if init_zswap() fails, and set zswap_enabled to false. Change 'enabled' param to a callback, and check zswap_init_failed before allowing any change to 'enabled', 'zpool', or 'compressor' params. Any driver that is built-in to the kernel will not be unloaded if its init function returns error, and its module params remain accessible for users to change via sysfs. Since zswap uses param callbacks, which assume that zswap has been initialized, changing the zswap params after a failed initialization will result in WARNING due to the param callbacks expecting a pool to already exist. This prevents that by immediately exiting any of the param callbacks if initialization failed. This was reported here: https://marc.info/?l=linux-mm&m=147004228125528&w=4 And fixes this WARNING: [ 429.723476] WARNING: CPU: 0 PID: 5140 at mm/zswap.c:503 __zswap_pool_current+0x56/0x60 The warning is just noise, and not serious. However, when init fails, zswap frees all its percpu dstmem pages and its kmem cache. The kmem cache might be serious, if kmem_cache_alloc(NULL, gfp) has problems; but the percpu dstmem pages are definitely a problem, as they're used as temporary buffer for compressed pages before copying into place in the zpool. If the user does get zswap enabled after an init failure, then zswap will likely Oops on the first page it tries to compress (or worse, start corrupting memory). Fixes: 90b0fc26d5db ("zswap: change zpool/compressor at runtime") Link: http://lkml.kernel.org/r/20170124200259.16191-2-ddstreet@ieee.org Signed-off-by: Dan Streetman Reported-by: Marcin Miroslaw Cc: Seth Jennings Cc: Michal Hocko Cc: Sergey Senozhatsky Cc: Minchan Kim Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/zswap.c | 30 +++++++++++++++++++++++++++++- 1 file changed, 29 insertions(+), 1 deletion(-) commit 3f67790d2b7e322bcf363ec717085dd78c3ea7cd Merge: cd44691 206c472 Author: Linus Torvalds Date: Fri Feb 3 13:46:38 2017 -0800 Merge tag 'regulator-fix-v4.10-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator Pull regulator fixes from Mark Brown: "Three changes here: two run of the mill driver specific fixes and a change from Mark Rutland which reverts some new device specific ACPI binding code which was added during the merge window as there are concerns about this sending the wrong signal about usage of regulators in ACPI systems" * tag 'regulator-fix-v4.10-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator: regulator: fixed: Revert support for ACPI interface regulator: axp20x: AXP806: Fix dcdcb being set instead of dcdce regulator: twl6030: fix range comparison, allowing vsel = 59 commit 79134d11d030b886106bf45a5638c1ccb1f0856c Author: Amit Shah Date: Fri Feb 3 16:48:14 2017 +0530 MAINTAINERS: update email address for Amit Shah I'm leaving my job at Red Hat, this email address will stop working next week. Update it to one that I will have access to later. Signed-off-by: Amit Shah Signed-off-by: Michael S. Tsirkin MAINTAINERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit cda8bba0f99d25d2061c531113c14fa41effc3ae Author: Halil Pasic Date: Mon Jan 30 11:09:36 2017 +0100 vhost: fix initialization for vq->is_le Currently, under certain circumstances vhost_init_is_le does just a part of the initialization job, and depends on vhost_reset_is_le being called too. For this reason vhost_vq_init_access used to call vhost_reset_is_le when vq->private_data is NULL. This is not only counter intuitive, but also real a problem because it breaks vhost_net. The bug was introduced to vhost_net with commit 2751c9882b94 ("vhost: cross-endian support for legacy devices"). The symptom is corruption of the vq's used.idx field (virtio) after VHOST_NET_SET_BACKEND was issued as a part of the vhost shutdown on a vq with pending descriptors. Let us make sure the outcome of vhost_init_is_le never depend on the state it is actually supposed to initialize, and fix virtio_net by removing the reset from vhost_vq_init_access. With the above, there is no reason for vhost_reset_is_le to do just half of the job. Let us make vhost_reset_is_le reinitialize is_le. Signed-off-by: Halil Pasic Reported-by: Michael A. Tebolt Reported-by: Dr. David Alan Gilbert Fixes: commit 2751c9882b94 ("vhost: cross-endian support for legacy devices") Cc: Signed-off-by: Michael S. Tsirkin Reviewed-by: Greg Kurz Tested-by: Michael A. Tebolt drivers/vhost/vhost.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) commit 0d5415b489f68b58e1983a53793d25d53098ed4b Author: Michael S. Tsirkin Date: Fri Feb 3 05:43:52 2017 +0200 Revert "vring: Force use of DMA API for ARM-based systems with legacy devices" This reverts commit c7070619f3408d9a0dffbed9149e6f00479cf43b. This has been shown to regress on some ARM systems: by forcing on DMA API usage for ARM systems, we have inadvertently kicked open a hornets' nest in terms of cache-coherency. Namely that unless the virtio device is explicitly described as capable of coherent DMA by firmware, the DMA APIs on ARM and other DT-based platforms will assume it is non-coherent. This turns out to cause a big problem for the likes of QEMU and kvmtool, which generate virtio-mmio devices in their guest DTs but neglect to add the often-overlooked "dma-coherent" property; as a result, we end up with the guest making non-cacheable accesses to the vring, the host doing so cacheably, both talking past each other and things going horribly wrong. We are working on a safer work-around. Fixes: c7070619f340 ("vring: Force use of DMA API for ARM-based systems with legacy devices") Reported-by: Robin Murphy Cc: Signed-off-by: Will Deacon Signed-off-by: Michael S. Tsirkin Acked-by: Marc Zyngier drivers/virtio/virtio_ring.c | 7 ------- 1 file changed, 7 deletions(-) commit 424414947da3dd5cb0d60e4f299f7c51e472ae77 Merge: a3683e0 d07830d Author: Greg Kroah-Hartman Date: Fri Feb 3 22:19:15 2017 +0100 Merge tag 'usb-serial-4.10-rc7' of git://git.kernel.org/pub/scm/linux/kernel/git/johan/usb-serial into usb-linus Johan writes: USB-serial fixes for v4.10-rc7 One more device ID for pl2303. Signed-off-by: Johan Hovold commit ad3efdb72cd921ec52ac94e82595a5d2e7a7b054 Merge: 6f3e71c0 f2e767b Author: James Bottomley Date: Fri Feb 3 13:18:03 2017 -0800 Merge remote-tracking branch 'mkp-scsi/4.10/scsi-fixes' into fixes commit 5fa8bbda38c668e56b0c6cdecced2eac2fe36dec Author: Eric Dumazet Date: Thu Feb 2 10:31:35 2017 -0800 net: use a work queue to defer net_disable_timestamp() work Dmitry reported a warning [1] showing that we were calling net_disable_timestamp() -> static_key_slow_dec() from a non process context. Grabbing a mutex while holding a spinlock or rcu_read_lock() is not allowed. As Cong suggested, we now use a work queue. It is possible netstamp_clear() exits while netstamp_needed_deferred is not zero, but it is probably not worth trying to do better than that. netstamp_needed_deferred atomic tracks the exact number of deferred decrements. [1] [ INFO: suspicious RCU usage. ] 4.10.0-rc5+ #192 Not tainted ------------------------------- ./include/linux/rcupdate.h:561 Illegal context switch in RCU read-side critical section! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 0 2 locks held by syz-executor14/23111: #0: (sk_lock-AF_INET6){+.+.+.}, at: [] lock_sock include/net/sock.h:1454 [inline] #0: (sk_lock-AF_INET6){+.+.+.}, at: [] rawv6_sendmsg+0x1e65/0x3ec0 net/ipv6/raw.c:919 #1: (rcu_read_lock){......}, at: [] nf_hook include/linux/netfilter.h:201 [inline] #1: (rcu_read_lock){......}, at: [] __ip6_local_out+0x258/0x840 net/ipv6/output_core.c:160 stack backtrace: CPU: 2 PID: 23111 Comm: syz-executor14 Not tainted 4.10.0-rc5+ #192 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:15 [inline] dump_stack+0x2ee/0x3ef lib/dump_stack.c:51 lockdep_rcu_suspicious+0x139/0x180 kernel/locking/lockdep.c:4452 rcu_preempt_sleep_check include/linux/rcupdate.h:560 [inline] ___might_sleep+0x560/0x650 kernel/sched/core.c:7748 __might_sleep+0x95/0x1a0 kernel/sched/core.c:7739 mutex_lock_nested+0x24f/0x1730 kernel/locking/mutex.c:752 atomic_dec_and_mutex_lock+0x119/0x160 kernel/locking/mutex.c:1060 __static_key_slow_dec+0x7a/0x1e0 kernel/jump_label.c:149 static_key_slow_dec+0x51/0x90 kernel/jump_label.c:174 net_disable_timestamp+0x3b/0x50 net/core/dev.c:1728 sock_disable_timestamp+0x98/0xc0 net/core/sock.c:403 __sk_destruct+0x27d/0x6b0 net/core/sock.c:1441 sk_destruct+0x47/0x80 net/core/sock.c:1460 __sk_free+0x57/0x230 net/core/sock.c:1468 sock_wfree+0xae/0x120 net/core/sock.c:1645 skb_release_head_state+0xfc/0x200 net/core/skbuff.c:655 skb_release_all+0x15/0x60 net/core/skbuff.c:668 __kfree_skb+0x15/0x20 net/core/skbuff.c:684 kfree_skb+0x16e/0x4c0 net/core/skbuff.c:705 inet_frag_destroy+0x121/0x290 net/ipv4/inet_fragment.c:304 inet_frag_put include/net/inet_frag.h:133 [inline] nf_ct_frag6_gather+0x1106/0x3840 net/ipv6/netfilter/nf_conntrack_reasm.c:617 ipv6_defrag+0x1be/0x2b0 net/ipv6/netfilter/nf_defrag_ipv6_hooks.c:68 nf_hook_entry_hookfn include/linux/netfilter.h:102 [inline] nf_hook_slow+0xc3/0x290 net/netfilter/core.c:310 nf_hook include/linux/netfilter.h:212 [inline] __ip6_local_out+0x489/0x840 net/ipv6/output_core.c:160 ip6_local_out+0x2d/0x170 net/ipv6/output_core.c:170 ip6_send_skb+0xa1/0x340 net/ipv6/ip6_output.c:1722 ip6_push_pending_frames+0xb3/0xe0 net/ipv6/ip6_output.c:1742 rawv6_push_pending_frames net/ipv6/raw.c:613 [inline] rawv6_sendmsg+0x2d1a/0x3ec0 net/ipv6/raw.c:927 inet_sendmsg+0x164/0x5b0 net/ipv4/af_inet.c:744 sock_sendmsg_nosec net/socket.c:635 [inline] sock_sendmsg+0xca/0x110 net/socket.c:645 sock_write_iter+0x326/0x600 net/socket.c:848 do_iter_readv_writev+0x2e3/0x5b0 fs/read_write.c:695 do_readv_writev+0x42c/0x9b0 fs/read_write.c:872 vfs_writev+0x87/0xc0 fs/read_write.c:911 do_writev+0x110/0x2c0 fs/read_write.c:944 SYSC_writev fs/read_write.c:1017 [inline] SyS_writev+0x27/0x30 fs/read_write.c:1014 entry_SYSCALL_64_fastpath+0x1f/0xc2 RIP: 0033:0x445559 RSP: 002b:00007f6f46fceb58 EFLAGS: 00000292 ORIG_RAX: 0000000000000014 RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000445559 RDX: 0000000000000001 RSI: 0000000020f1eff0 RDI: 0000000000000005 RBP: 00000000006e19c0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000700000 R13: 0000000020f59000 R14: 0000000000000015 R15: 0000000000020400 BUG: sleeping function called from invalid context at kernel/locking/mutex.c:752 in_atomic(): 1, irqs_disabled(): 0, pid: 23111, name: syz-executor14 INFO: lockdep is turned off. CPU: 2 PID: 23111 Comm: syz-executor14 Not tainted 4.10.0-rc5+ #192 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:15 [inline] dump_stack+0x2ee/0x3ef lib/dump_stack.c:51 ___might_sleep+0x47e/0x650 kernel/sched/core.c:7780 __might_sleep+0x95/0x1a0 kernel/sched/core.c:7739 mutex_lock_nested+0x24f/0x1730 kernel/locking/mutex.c:752 atomic_dec_and_mutex_lock+0x119/0x160 kernel/locking/mutex.c:1060 __static_key_slow_dec+0x7a/0x1e0 kernel/jump_label.c:149 static_key_slow_dec+0x51/0x90 kernel/jump_label.c:174 net_disable_timestamp+0x3b/0x50 net/core/dev.c:1728 sock_disable_timestamp+0x98/0xc0 net/core/sock.c:403 __sk_destruct+0x27d/0x6b0 net/core/sock.c:1441 sk_destruct+0x47/0x80 net/core/sock.c:1460 __sk_free+0x57/0x230 net/core/sock.c:1468 sock_wfree+0xae/0x120 net/core/sock.c:1645 skb_release_head_state+0xfc/0x200 net/core/skbuff.c:655 skb_release_all+0x15/0x60 net/core/skbuff.c:668 __kfree_skb+0x15/0x20 net/core/skbuff.c:684 kfree_skb+0x16e/0x4c0 net/core/skbuff.c:705 inet_frag_destroy+0x121/0x290 net/ipv4/inet_fragment.c:304 inet_frag_put include/net/inet_frag.h:133 [inline] nf_ct_frag6_gather+0x1106/0x3840 net/ipv6/netfilter/nf_conntrack_reasm.c:617 ipv6_defrag+0x1be/0x2b0 net/ipv6/netfilter/nf_defrag_ipv6_hooks.c:68 nf_hook_entry_hookfn include/linux/netfilter.h:102 [inline] nf_hook_slow+0xc3/0x290 net/netfilter/core.c:310 nf_hook include/linux/netfilter.h:212 [inline] __ip6_local_out+0x489/0x840 net/ipv6/output_core.c:160 ip6_local_out+0x2d/0x170 net/ipv6/output_core.c:170 ip6_send_skb+0xa1/0x340 net/ipv6/ip6_output.c:1722 ip6_push_pending_frames+0xb3/0xe0 net/ipv6/ip6_output.c:1742 rawv6_push_pending_frames net/ipv6/raw.c:613 [inline] rawv6_sendmsg+0x2d1a/0x3ec0 net/ipv6/raw.c:927 inet_sendmsg+0x164/0x5b0 net/ipv4/af_inet.c:744 sock_sendmsg_nosec net/socket.c:635 [inline] sock_sendmsg+0xca/0x110 net/socket.c:645 sock_write_iter+0x326/0x600 net/socket.c:848 do_iter_readv_writev+0x2e3/0x5b0 fs/read_write.c:695 do_readv_writev+0x42c/0x9b0 fs/read_write.c:872 vfs_writev+0x87/0xc0 fs/read_write.c:911 do_writev+0x110/0x2c0 fs/read_write.c:944 SYSC_writev fs/read_write.c:1017 [inline] SyS_writev+0x27/0x30 fs/read_write.c:1014 entry_SYSCALL_64_fastpath+0x1f/0xc2 RIP: 0033:0x445559 Fixes: b90e5794c5bd ("net: dont call jump_label_dec from irq context") Suggested-by: Cong Wang Reported-by: Dmitry Vyukov Signed-off-by: Eric Dumazet Signed-off-by: David S. Miller net/core/dev.c | 31 +++++++++++++------------------ 1 file changed, 13 insertions(+), 18 deletions(-) commit cd44691f7177b2c1e1509d1a17d9b198ebaa34eb Merge: 79c9089 161e6d4 Author: Linus Torvalds Date: Fri Feb 3 12:01:54 2017 -0800 Merge tag 'mmc-v4.10-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc Pull MMC fix from Ulf Hansson: "MMC host: sdhci: Avoid hang when receiving spurious CARD_INT interrupts" * tag 'mmc-v4.10-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc: mmc: sdhci: Ignore unexpected CARD_INT interrupts commit e471486c13b82b1338d49c798f78bb62b1ed0a9e Author: Dan Williams Date: Thu Feb 2 10:31:00 2017 -0800 acpi, nfit: fix acpi_nfit_flush_probe() crash We queue an on-stack work item to 'nfit_wq' and wait for it to complete as part of a 'flush_probe' request. However, if the user cancels the wait we need to make sure the item is flushed from the queue otherwise we are leaving an out-of-scope stack address on the work list. BUG: unable to handle kernel paging request at ffffbcb3c72f7cd0 IP: [] __list_add+0x1b/0xb0 [..] RIP: 0010:[] [] __list_add+0x1b/0xb0 RSP: 0018:ffffbcb3c7ba7c00 EFLAGS: 00010046 [..] Call Trace: [] insert_work+0x3a/0xc0 [] ? seq_open+0x5a/0xa0 [] __queue_work+0x16a/0x460 [] queue_work_on+0x38/0x40 [] acpi_nfit_flush_probe+0x95/0xc0 [nfit] [] ? nfit_visible+0x40/0x40 [nfit] [] wait_probe_show+0x25/0x60 [] dev_attr_show+0x20/0x50 Fixes: 7ae0fa439faf ("nfit, libnvdimm: async region scrub workqueue") Cc: Reviewed-by: Vishal Verma Signed-off-by: Dan Williams drivers/acpi/nfit/core.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) commit 53e74a112ce5c1c9b6a6923bdd6612133625d579 Merge: 34e00ac aa33b9b Author: Ingo Molnar Date: Fri Feb 3 20:42:30 2017 +0100 Merge tag 'perf-urgent-for-mingo-4.10-20170203' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux into perf/urgent Pull perf/urgent fixes from Arnaldo Carvalho de Melo: - Reference count maps in callchains, fixing a SEGFAULT when referencing a map after it is freed (Krister Johansen) - Fix segfault on 'perf diff -o N' option (Namhyung Kim) - Fix 'perf diff -o/--order' option behavior (Namhyung Kim) Signed-off-by: Arnaldo Carvalho de Melo Signed-off-by: Ingo Molnar commit 79c9089f97d37ffac88c3ddb6d359b2cf75058b7 Merge: 57480b9 f63cf46 Author: Linus Torvalds Date: Fri Feb 3 11:32:25 2017 -0800 Merge tag 'drm-fixes-for-v4.10-rc7' of git://people.freedesktop.org/~airlied/linux Pull drm fixes from Dave Airlie: "Another fixes pull for v4.10, it's a bit big due to the backport of the VMA fixes for i915 that should fix the oops on shutdown problems that you've worked around. There are also two drm core connector registration fixes, a bunch of nouveau regression fixes and two AMD fixes" * tag 'drm-fixes-for-v4.10-rc7' of git://people.freedesktop.org/~airlied/linux: drm/radeon: Fix vram_size/visible values in DRM_RADEON_GEM_INFO ioctl drm/amdgpu/si: fix crash on headless asics drm/i915: Track pinned vma in intel_plane_state drm/atomic: Unconditionally call prepare_fb. drm/atomic: Fix double free in drm_atomic_state_default_clear drm/nouveau/kms/nv50: request vblank events for commits that send completion events drm/nouveau/nv1a,nv1f/disp: fix memory clock rate retrieval drm/nouveau/disp/gt215: Fix HDA ELD handling (thus, HDMI audio) on gt215 drm/nouveau/nouveau/led: prevent compiling the led-code if nouveau=y and leds=m drm/nouveau/disp/mcp7x: disable dptmds workaround drm/nouveau: prevent userspace from deleting client object drm/nouveau/fence/g84-: protect against concurrent access to semaphore buffers drm: Don't race connector registration drm: prevent double-(un)registration for connectors commit 57480b98af696795ab0daff0a6ed572172060a0f Merge: 2d47b8a a0615a1 Author: Linus Torvalds Date: Fri Feb 3 11:10:06 2017 -0800 Merge tag 'powerpc-4.10-3' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux Pull powerpc fixes from Michael Ellerman: "The main change is we're reverting the initial stack protector support we merged this cycle. It turns out to not work on toolchains built with libc support, and fixing it will be need to wait for another release. And the rest are all fairly minor: - Some pasemi machines were not booting due to a missing error check in prom_find_boot_cpu() - In EEH we were checking a pointer rather than the bool it pointed to - The clang build was broken by a BUILD_BUG_ON() we added. - The radix (Power9 only) version of map_kernel_page() was broken if our memory size was a multiple of 2MB, which it generally isn't Thanks to: Darren Stevens, Gavin Shan, Reza Arbab" * tag 'powerpc-4.10-3' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux: powerpc/mm: Use the correct pointer when setting a 2MB pte powerpc: Fix build failure with clang due to BUILD_BUG_ON() powerpc: Revert the initial stack protector support powerpc/eeh: Fix wrong flag passed to eeh_unfreeze_pe() powerpc: Add missing error check to prom_find_boot_cpu() commit 2d47b8aac7ba697ffe05f839a3b4c3c628b4e430 Merge: 2cb54ce 26a346f Author: Linus Torvalds Date: Fri Feb 3 11:06:59 2017 -0800 Merge tag 'trace-v4.10-rc2-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace Pull tracing fix from Steven Rostedt: "Simple fix of s/static struct __init/static __init struct/" * tag 'trace-v4.10-rc2-2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace: tracing/kprobes: Fix __init annotation commit 2cb54ce9ee92ae627bc1cef8bea236905910a86d Merge: 29905b5 4b9eee9 Author: Linus Torvalds Date: Fri Feb 3 10:30:27 2017 -0800 Merge branch 'modversions' (modversions fixes for powerpc from Ard) Merge kcrctab entry fixes from Ard Biesheuvel: "This is a followup to [0] 'modversions: redefine kcrctab entries as relative CRC pointers', but since relative CRC pointers do not work in modules, and are actually only needed by powerpc with CONFIG_RELOCATABLE=y, I have made it a Kconfig selectable feature instead. First it introduces the MODULE_REL_CRCS Kconfig symbol, and adds the kbuild handling of it, i.e., modpost, genksyms and kallsyms. Then it switches all architectures to 32-bit CRC entries in kcrctab, where all architectures except powerpc with CONFIG_RELOCATABLE=y use absolute ELF symbol references as before" [0] http://marc.info/?l=linux-arch&m=148493613415294&w=2 * emailed patches from Ard Biesheuvel: module: unify absolute krctab definitions for 32-bit and 64-bit modversions: treat symbol CRCs as 32 bit quantities kbuild: modversions: add infrastructure for emitting relative CRCs commit 29905b52fad0854351f57bab867647e4982285bf Author: Ard Biesheuvel Date: Thu Feb 2 18:05:26 2017 +0000 log2: make order_base_2() behave correctly on const input value zero The function order_base_2() is defined (according to the comment block) as returning zero on input zero, but subsequently passes the input into roundup_pow_of_two(), which is explicitly undefined for input zero. This has gone unnoticed until now, but optimization passes in GCC 7 may produce constant folded function instances where a constant value of zero is passed into order_base_2(), resulting in link errors against the deliberately undefined '____ilog2_NaN'. So update order_base_2() to adhere to its own documented interface. [ See http://marc.info/?l=linux-kernel&m=147672952517795&w=2 and follow-up discussion for more background. The gcc "optimization pass" is really just broken, but now the GCC trunk problem seems to have escaped out of just specially built daily images, so we need to work around it in mainline. - Linus ] Signed-off-by: Ard Biesheuvel Signed-off-by: Linus Torvalds include/linux/log2.h | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) commit 00c87e9a70a17b355b81c36adedf05e84f54e10d Author: Radim Krčmář Date: Wed Feb 1 14:19:53 2017 +0100 KVM: x86: do not save guest-unsupported XSAVE state Saving unsupported state prevents migration when the new host does not support a XSAVE feature of the original host, even if the feature is not exposed to the guest. We've masked host features with guest-visible features before, with 4344ee981e21 ("KVM: x86: only copy XSAVE state for the supported features") and dropped it when implementing XSAVES. Do it again. Fixes: df1daba7d1cb ("KVM: x86: support XSAVES usage in the host") Cc: stable@vger.kernel.org Reviewed-by: Paolo Bonzini Signed-off-by: Radim Krčmář arch/x86/kvm/x86.c | 1 + 1 file changed, 1 insertion(+) commit 4b9eee96fcb361a5e16a8d2619825e8a048f81f7 Author: Ard Biesheuvel Date: Fri Feb 3 09:54:07 2017 +0000 module: unify absolute krctab definitions for 32-bit and 64-bit The previous patch introduced a separate inline asm version of the krcrctab declaration template for use with 64-bit architectures, which cannot refer to ELF symbols using 32-bit quantities. This declaration should be equivalent to the C one for 32-bit architectures, but just in case - unify them in a separate patch, which can simply be dropped if it turns out to break anything. Signed-off-by: Ard Biesheuvel Signed-off-by: Linus Torvalds include/linux/export.h | 7 ------- 1 file changed, 7 deletions(-) commit 71810db27c1c853b335675bee335d893bc3d324b Author: Ard Biesheuvel Date: Fri Feb 3 09:54:06 2017 +0000 modversions: treat symbol CRCs as 32 bit quantities The modversion symbol CRCs are emitted as ELF symbols, which allows us to easily populate the kcrctab sections by relying on the linker to associate each kcrctab slot with the correct value. This has a couple of downsides: - Given that the CRCs are treated as memory addresses, we waste 4 bytes for each CRC on 64 bit architectures, - On architectures that support runtime relocation, a R__RELATIVE relocation entry is emitted for each CRC value, which identifies it as a quantity that requires fixing up based on the actual runtime load offset of the kernel. This results in corrupted CRCs unless we explicitly undo the fixup (and this is currently being handled in the core module code) - Such runtime relocation entries take up 24 bytes of __init space each, resulting in a x8 overhead in [uncompressed] kernel size for CRCs. Switching to explicit 32 bit values on 64 bit architectures fixes most of these issues, given that 32 bit values are not treated as quantities that require fixing up based on the actual runtime load offset. Note that on some ELF64 architectures [such as PPC64], these 32-bit values are still emitted as [absolute] runtime relocatable quantities, even if the value resolves to a build time constant. Since relative relocations are always resolved at build time, this patch enables MODULE_REL_CRCS on powerpc when CONFIG_RELOCATABLE=y, which turns the absolute CRC references into relative references into .rodata where the actual CRC value is stored. So redefine all CRC fields and variables as u32, and redefine the __CRC_SYMBOL() macro for 64 bit builds to emit the CRC reference using inline assembler (which is necessary since 64-bit C code cannot use 32-bit types to hold memory addresses, even if they are ultimately resolved using values that do not exceed 0xffffffff). To avoid potential problems with legacy 32-bit architectures using legacy toolchains, the equivalent C definition of the kcrctab entry is retained for 32-bit architectures. Note that this mostly reverts commit d4703aefdbc8 ("module: handle ppc64 relocating kcrctabs when CONFIG_RELOCATABLE=y") Acked-by: Rusty Russell Signed-off-by: Ard Biesheuvel Signed-off-by: Linus Torvalds arch/powerpc/Kconfig | 1 + arch/powerpc/include/asm/module.h | 4 --- arch/powerpc/kernel/module_64.c | 8 ------ include/asm-generic/export.h | 11 ++++---- include/linux/export.h | 14 +++++++++++ include/linux/module.h | 14 +++++------ kernel/module.c | 53 ++++++++++++++++++--------------------- 7 files changed, 53 insertions(+), 52 deletions(-) commit 56067812d5b0e737ac2063e94a50f76b810d6ca3 Author: Ard Biesheuvel Date: Fri Feb 3 09:54:05 2017 +0000 kbuild: modversions: add infrastructure for emitting relative CRCs This add the kbuild infrastructure that will allow architectures to emit vmlinux symbol CRCs as 32-bit offsets to another location in the kernel where the actual value is stored. This works around problems with CRCs being mistaken for relocatable symbols on kernels that self relocate at runtime (i.e., powerpc with CONFIG_RELOCATABLE=y) For the kbuild side of things, this comes down to the following: - introducing a Kconfig symbol MODULE_REL_CRCS - adding a -R switch to genksyms to instruct it to emit the CRC symbols as references into the .rodata section - making modpost distinguish such references from absolute CRC symbols by the section index (SHN_ABS) - making kallsyms disregard non-absolute symbols with a __crc_ prefix Signed-off-by: Ard Biesheuvel Signed-off-by: Linus Torvalds init/Kconfig | 4 ++++ scripts/Makefile.build | 2 ++ scripts/genksyms/genksyms.c | 19 ++++++++++++++----- scripts/kallsyms.c | 12 ++++++++++++ scripts/mod/modpost.c | 10 ++++++++++ 5 files changed, 42 insertions(+), 5 deletions(-) commit 3808d34838184fd29088d6b3a364ba2f1c018fb6 Author: Stanislaw Gruszka Date: Thu Feb 2 13:32:10 2017 +0100 ethtool: do not vzalloc(0) on registers dump If ->get_regs_len() callback return 0, we allocate 0 bytes of memory, what print ugly warning in dmesg, which can be found further below. This happen on mac80211 devices where ieee80211_get_regs_len() just return 0 and driver only fills ethtool_regs structure and actually do not provide any dump. However I assume this can happen on other drivers i.e. when for some devices driver provide regs dump and for others do not. Hence preventing to to print warning in ethtool code seems to be reasonable. ethtool: vmalloc: allocation failure: 0 bytes, mode:0x24080c2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO) Call Trace: [] dump_stack+0x63/0x8c [] warn_alloc+0x13f/0x170 [] __vmalloc_node_range+0x1e6/0x2c0 [] vzalloc+0x54/0x60 [] dev_ethtool+0xb4c/0x1b30 [] dev_ioctl+0x181/0x520 [] sock_do_ioctl+0x42/0x50 Mem-Info: active_anon:435809 inactive_anon:173951 isolated_anon:0 active_file:835822 inactive_file:196932 isolated_file:0 unevictable:0 dirty:8 writeback:0 unstable:0 slab_reclaimable:157732 slab_unreclaimable:10022 mapped:83042 shmem:306356 pagetables:9507 bounce:0 free:130041 free_pcp:1080 free_cma:0 Node 0 active_anon:1743236kB inactive_anon:695804kB active_file:3343288kB inactive_file:787728kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:332168kB dirty:32kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 1225424kB writeback_tmp:0kB unstable:0kB pages_scanned:0 all_unreclaimable? no Node 0 DMA free:15900kB min:136kB low:168kB high:200kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15984kB managed:15900kB mlocked:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 3187 7643 7643 Node 0 DMA32 free:419732kB min:28124kB low:35152kB high:42180kB active_anon:541180kB inactive_anon:248988kB active_file:1466388kB inactive_file:389632kB unevictable:0kB writepending:0kB present:3370280kB managed:3290932kB mlocked:0kB slab_reclaimable:217184kB slab_unreclaimable:4180kB kernel_stack:160kB pagetables:984kB bounce:0kB free_pcp:2236kB local_pcp:660kB free_cma:0kB lowmem_reserve[]: 0 0 4456 4456 Signed-off-by: Stanislaw Gruszka Signed-off-by: David S. Miller net/core/ethtool.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) commit 013e8167899d389075160412a8c0c5e0581e1f13 Author: David Lebrun Date: Thu Feb 2 11:29:38 2017 +0100 ipv6: sr: remove cleanup flag and fix HMAC computation In the latest version of the IPv6 Segment Routing IETF draft [1] the cleanup flag is removed and the flags field length is shrunk from 16 bits to 8 bits. As a consequence, the input of the HMAC computation is modified in a non-backward compatible way by covering the whole octet of flags instead of only the cleanup bit. As such, if an implementation compatible with the latest draft computes the HMAC of an SRH who has other flags set to 1, then the HMAC result would differ from the current implementation. This patch carries those modifications to prevent conflict with other implementations of IPv6 SR. [1] https://tools.ietf.org/html/draft-ietf-6man-segment-routing-header-05 Signed-off-by: David Lebrun Signed-off-by: David S. Miller include/uapi/linux/seg6.h | 9 +++------ net/ipv6/exthdrs.c | 31 +++---------------------------- net/ipv6/seg6_hmac.c | 8 ++++---- 3 files changed, 10 insertions(+), 38 deletions(-) commit f5b0cba8f23915e92932f11eb063e37d70556a89 Author: Ondrej Kozina Date: Tue Jan 31 15:47:11 2017 +0100 dm crypt: replace RCU read-side section with rwsem The lockdep splat below hints at a bug in RCU usage in dm-crypt that was introduced with commit c538f6ec9f56 ("dm crypt: add ability to use keys from the kernel key retention service"). The kernel keyring function user_key_payload() is in fact a wrapper for rcu_dereference_protected() which must not be called with only rcu_read_lock() section mark. Unfortunately the kernel keyring subsystem doesn't currently provide an interface that allows the use of an RCU read-side section. So for now we must drop RCU in favour of rwsem until a proper function is made available in the kernel keyring subsystem. =============================== [ INFO: suspicious RCU usage. ] 4.10.0-rc5 #2 Not tainted ------------------------------- ./include/keys/user-type.h:53 suspicious rcu_dereference_protected() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 2 locks held by cryptsetup/6464: #0: (&md->type_lock){+.+.+.}, at: [] dm_lock_md_type+0x12/0x20 [dm_mod] #1: (rcu_read_lock){......}, at: [] crypt_set_key+0x1d8/0x4b0 [dm_crypt] stack backtrace: CPU: 1 PID: 6464 Comm: cryptsetup Not tainted 4.10.0-rc5 #2 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.9.1-1.fc24 04/01/2014 Call Trace: dump_stack+0x67/0x92 lockdep_rcu_suspicious+0xc5/0x100 crypt_set_key+0x351/0x4b0 [dm_crypt] ? crypt_set_key+0x1d8/0x4b0 [dm_crypt] crypt_ctr+0x341/0xa53 [dm_crypt] dm_table_add_target+0x147/0x330 [dm_mod] table_load+0x111/0x350 [dm_mod] ? retrieve_status+0x1c0/0x1c0 [dm_mod] ctl_ioctl+0x1f5/0x510 [dm_mod] dm_ctl_ioctl+0xe/0x20 [dm_mod] do_vfs_ioctl+0x8e/0x690 ? ____fput+0x9/0x10 ? task_work_run+0x7e/0xa0 ? trace_hardirqs_on_caller+0x122/0x1b0 SyS_ioctl+0x3c/0x70 entry_SYSCALL_64_fastpath+0x18/0xad RIP: 0033:0x7f392c9a4ec7 RSP: 002b:00007ffef6383378 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007ffef63830a0 RCX: 00007f392c9a4ec7 RDX: 000000000124fcc0 RSI: 00000000c138fd09 RDI: 0000000000000005 RBP: 00007ffef6383090 R08: 00000000ffffffff R09: 00000000012482b0 R10: 2a28205d34383336 R11: 0000000000000246 R12: 00007f392d803a08 R13: 00007ffef63831e0 R14: 0000000000000000 R15: 00007f392d803a0b Fixes: c538f6ec9f56 ("dm crypt: add ability to use keys from the kernel key retention service") Reported-by: Milan Broz Signed-off-by: Ondrej Kozina Reviewed-by: Mikulas Patocka Signed-off-by: Mike Snitzer drivers/md/dm-crypt.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 4087a1fffe38106e10646606a27f10d40451862d Author: Mike Snitzer Date: Wed Jan 25 16:24:52 2017 +0100 dm rq: cope with DM device destruction while in dm_old_request_fn() Fixes a crash in dm_table_find_target() due to a NULL struct dm_table being passed from dm_old_request_fn() that races with DM device destruction. Reported-by: artem@flashgrid.io Signed-off-by: Mike Snitzer Cc: stable@vger.kernel.org drivers/md/dm-rq.c | 4 ++++ 1 file changed, 4 insertions(+) commit d19a55ccad15a486ffe03030570744e5d5bd9f8e Author: Mike Snitzer Date: Fri Jan 6 15:33:14 2017 -0500 dm mpath: cleanup -Wbool-operation warning in choose_pgpath() Reported-by: David Binderman Signed-off-by: Mike Snitzer drivers/md/dm-mpath.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit d98e0929071e7ef63d35c1838b0ad0805ae366dd Author: Bjorn Helgaas Date: Fri Feb 3 08:53:51 2017 -0600 Revert "PCI: pciehp: Add runtime PM support for PCIe hotplug ports" This reverts commit 68db9bc814362e7f24371c27d12a4f34477d9356. Yinghai reported that the following manual hotplug sequence: # echo 0 > /sys/bus/pci/slots/8/power # echo 1 > /sys/bus/pci/slots/8/power worked in v4.9, but fails in v4.10-rc1, and that reverting 68db9bc81436 ("PCI: pciehp: Add runtime PM support for PCIe hotplug ports") makes it work again. Fixes: 68db9bc81436 ("PCI: pciehp: Add runtime PM support for PCIe hotplug ports") Link: https://lkml.kernel.org/r/CAE9FiQVCMCa7iVyuwp9z6VrY0cE7V_xghuXip28Ft52=8QmTWw@mail.gmail.com Link: https://bugzilla.kernel.org/show_bug.cgi?id=193951 Reported-by: Yinghai Lu Signed-off-by: Bjorn Helgaas drivers/pci/hotplug/pciehp_ctrl.c | 6 ------ drivers/pci/pci.c | 12 ++++++------ 2 files changed, 6 insertions(+), 12 deletions(-) commit 206c4720092d2a24bfefc041b377e889a220ffbf Merge: d0e287a 1372cef b98acbf Author: Mark Brown Date: Fri Feb 3 12:39:46 2017 +0100 Merge remote-tracking branches 'regulator/fix/fixed' and 'regulator/fix/twl6040' into regulator-linus commit 7c2cf1c4615cc2f576d0604406cdf0065f00b83b Author: Harsh Jain Date: Fri Jan 27 16:09:06 2017 +0530 crypto: chcr - Fix key length for RFC4106 Check keylen before copying salt to avoid wrap around of Integer. Signed-off-by: Harsh Jain Signed-off-by: Herbert Xu drivers/crypto/chelsio/chcr_algo.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 0b529f143e8baad441a5aac9ad55ec2434d8fb46 Author: Harsh Jain Date: Wed Feb 1 21:10:28 2017 +0530 crypto: algif_aead - Fix kernel panic on list_del Kernel panics when userspace program try to access AEAD interface. Remove node from Linked List before freeing its memory. Cc: Signed-off-by: Harsh Jain Reviewed-by: Stephan Müller Signed-off-by: Herbert Xu crypto/algif_aead.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit c26819900036f5b91608051a0fc7c76f6b4ffc7b Author: Herbert Xu Date: Wed Feb 1 22:17:39 2017 +0800 crypto: aesni - Fix failure when pcbc module is absent When aesni is built as a module together with pcbc, the pcbc module must be present for aesni to load. However, the pcbc module may not be present for reasons such as its absence on initramfs. This patch allows the aesni to function even if the pcbc module is enabled but not present. Reported-by: Arkadiusz Miśkiewicz Signed-off-by: Herbert Xu arch/x86/crypto/aesni-intel_glue.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit e5da5c5667381d2772374ee6a2967b3576c9483d Author: Gary R Hook Date: Fri Jan 27 17:09:04 2017 -0600 crypto: ccp - Fix double add when creating new DMA command Eliminate a double-add by creating a new list to manage command descriptors when created; move the descriptor to the pending list when the command is submitted. Cc: Signed-off-by: Gary R Hook Signed-off-by: Herbert Xu drivers/crypto/ccp/ccp-dev.h | 1 + drivers/crypto/ccp/ccp-dmaengine.c | 6 +++++- 2 files changed, 6 insertions(+), 1 deletion(-) commit 500c0106e638e08c2c661c305ed57d6b67e10908 Author: Gary R Hook Date: Fri Jan 27 15:28:45 2017 -0600 crypto: ccp - Fix DMA operations when IOMMU is enabled An I/O page fault occurs when the IOMMU is enabled on a system that supports the v5 CCP. DMA operations use a Request ID value that does not match what is expected by the IOMMU, resulting in the I/O page fault. Setting the Request ID value to 0 corrects this issue. Cc: Signed-off-by: Gary R Hook Signed-off-by: Herbert Xu drivers/crypto/ccp/ccp-dev-v5.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit f5f7bebc91ab378dea5aad5277c4d283e46472d9 Author: Harsh Jain Date: Tue Jan 24 10:34:33 2017 +0530 crypto: chcr - Check device is allocated before use Ensure dev is allocated for crypto uld context before using the device for crypto operations. Cc: Signed-off-by: Atul Gupta Signed-off-by: Herbert Xu drivers/crypto/chelsio/chcr_core.c | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) commit 94e1dab1c94715e18bb0bada503de3f3d7593076 Author: Harsh Jain Date: Tue Jan 24 10:34:32 2017 +0530 crypto: chcr - Fix panic on dma_unmap_sg Save DMA mapped sg list addresses to request context buffer. Signed-off-by: Atul Gupta Signed-off-by: Herbert Xu drivers/crypto/chelsio/chcr_algo.c | 49 +++++++++++++++++++----------------- drivers/crypto/chelsio/chcr_crypto.h | 3 +++ 2 files changed, 29 insertions(+), 23 deletions(-) commit cafe8df8b9bc9aa3dffa827c1a6757c6cd36f657 Author: Mao Wenan Date: Tue Jan 31 18:46:43 2017 -0800 net: phy: Fix lack of reference count on PHY driver There is currently no reference count being held on the PHY driver, which makes it possible to remove the PHY driver module while the PHY state machine is running and polling the PHY. This could cause crashes similar to this one to show up: [ 43.361162] BUG: unable to handle kernel NULL pointer dereference at 0000000000000140 [ 43.361162] IP: phy_state_machine+0x32/0x490 [ 43.361162] PGD 59dc067 [ 43.361162] PUD 0 [ 43.361162] [ 43.361162] Oops: 0000 [#1] SMP [ 43.361162] Modules linked in: dsa_loop [last unloaded: broadcom] [ 43.361162] CPU: 0 PID: 1299 Comm: kworker/0:3 Not tainted 4.10.0-rc5+ #415 [ 43.361162] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu2 04/01/2014 [ 43.361162] Workqueue: events_power_efficient phy_state_machine [ 43.361162] task: ffff880006782b80 task.stack: ffffc90000184000 [ 43.361162] RIP: 0010:phy_state_machine+0x32/0x490 [ 43.361162] RSP: 0018:ffffc90000187e18 EFLAGS: 00000246 [ 43.361162] RAX: 0000000000000000 RBX: ffff8800059e53c0 RCX: ffff880006a15c60 [ 43.361162] RDX: ffff880006782b80 RSI: 0000000000000000 RDI: ffff8800059e5428 [ 43.361162] RBP: ffffc90000187e48 R08: ffff880006a15c40 R09: 0000000000000000 [ 43.361162] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8800059e5428 [ 43.361162] R13: ffff8800059e5000 R14: 0000000000000000 R15: ffff880006a15c40 [ 43.361162] FS: 0000000000000000(0000) GS:ffff880006a00000(0000) knlGS:0000000000000000 [ 43.361162] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 43.361162] CR2: 0000000000000140 CR3: 0000000005979000 CR4: 00000000000006f0 [ 43.361162] Call Trace: [ 43.361162] process_one_work+0x1b4/0x3e0 [ 43.361162] worker_thread+0x43/0x4d0 [ 43.361162] ? __schedule+0x17f/0x4e0 [ 43.361162] kthread+0xf7/0x130 [ 43.361162] ? process_one_work+0x3e0/0x3e0 [ 43.361162] ? kthread_create_on_node+0x40/0x40 [ 43.361162] ret_from_fork+0x29/0x40 [ 43.361162] Code: 56 41 55 41 54 4c 8d 67 68 53 4c 8d af 40 fc ff ff 48 89 fb 4c 89 e7 48 83 ec 08 e8 c9 9d 27 00 48 8b 83 60 ff ff ff 44 8b 73 98 <48> 8b 90 40 01 00 00 44 89 f0 48 85 d2 74 08 4c 89 ef ff d2 8b Keep references on the PHY driver module right before we are going to utilize it in phy_attach_direct(), and conversely when we don't use it anymore in phy_detach(). Signed-off-by: Mao Wenan [florian: rebase, rework commit message] Signed-off-by: Florian Fainelli Signed-off-by: David S. Miller drivers/net/phy/phy_device.c | 7 +++++++ 1 file changed, 7 insertions(+) commit 2372bcda5e681bc85d57a3604265155e1a4c040b Merge: 6d04dfc 770f822 Author: David S. Miller Date: Thu Feb 2 21:27:05 2017 -0500 Merge branch 'mlx4-queue-reinit' Martin KaFai Lau says: ==================== mlx4: Misc bug fixes after reinitializing queues This patchset fixes misc bugs after reinitializing queues (e.g. by ethtool -L). v2: * Add another fix to mem leak in tx_ring[t] and tx_cq[t] * In mlx4_en_try_alloc_resources(), move all xdp_prog logic after calling mlx4_en_alloc_resources() ==================== Signed-off-by: David S. Miller commit 770f82253dbd7e6892a88018f2f6cd395f48d214 Author: Martin KaFai Lau Date: Tue Jan 31 22:35:33 2017 -0800 mlx4: xdp_prog becomes inactive after ethtool '-L' or '-G' After calling mlx4_en_try_alloc_resources (e.g. by changing the number of rx-queues with ethtool -L), the existing xdp_prog becomes inactive. The bug is that the xdp_prog ptr has not been carried over from the old rx-queues to the new rx-queues Fixes: 47a38e155037 ("net/mlx4_en: add support for fast rx drop bpf program") Cc: Brenden Blanco Cc: Saeed Mahameed Cc: Tariq Toukan Signed-off-by: Martin KaFai Lau Reviewed-by: Tariq Toukan Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx4/en_ethtool.c | 4 ++-- drivers/net/ethernet/mellanox/mlx4/en_netdev.c | 27 +++++++++++++++++++++---- drivers/net/ethernet/mellanox/mlx4/mlx4_en.h | 3 ++- 3 files changed, 27 insertions(+), 7 deletions(-) commit f32b20e89e82c9ff1825fc5c5d69753ff5558ccd Author: Martin KaFai Lau Date: Tue Jan 31 22:35:32 2017 -0800 mlx4: Fix memory leak after mlx4_en_update_priv() In mlx4_en_update_priv(), dst->tx_ring[t] and dst->tx_cq[t] are over-written by src->tx_ring[t] and src->tx_cq[t] without first calling kfree. One of the reproducible code paths is by doing 'ethtool -L'. The fix is to do the kfree in mlx4_en_free_resources(). Here is the kmemleak report: unreferenced object 0xffff880841211800 (size 2048): comm "ethtool", pid 3096, jiffies 4294716940 (age 528.353s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [] kmemleak_alloc+0x28/0x50 [] kmem_cache_alloc_trace+0x103/0x260 [] mlx4_en_try_alloc_resources+0x118/0x1a0 [] mlx4_en_set_ringparam+0x169/0x210 [] dev_ethtool+0xae5/0x2190 [] dev_ioctl+0x168/0x6f0 [] sock_do_ioctl+0x42/0x50 [] sock_ioctl+0x21b/0x2d0 [] do_vfs_ioctl+0x93/0x6a0 [] SyS_ioctl+0x79/0x90 [] entry_SYSCALL_64_fastpath+0x18/0xad [] 0xffffffffffffffff unreferenced object 0xffff880841213000 (size 2048): comm "ethtool", pid 3096, jiffies 4294716940 (age 528.353s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [] kmemleak_alloc+0x28/0x50 [] kmem_cache_alloc_trace+0x103/0x260 [] mlx4_en_try_alloc_resources+0x13b/0x1a0 [] mlx4_en_set_ringparam+0x169/0x210 [] dev_ethtool+0xae5/0x2190 [] dev_ioctl+0x168/0x6f0 [] sock_do_ioctl+0x42/0x50 [] sock_ioctl+0x21b/0x2d0 [] do_vfs_ioctl+0x93/0x6a0 [] SyS_ioctl+0x79/0x90 [] entry_SYSCALL_64_fastpath+0x18/0xad [] 0xffffffffffffffff (gdb) list *mlx4_en_try_alloc_resources+0x118 0xffffffff8170e0a8 is in mlx4_en_try_alloc_resources (drivers/net/ethernet/mellanox/mlx4/en_netdev.c:2145). 2140 if (!dst->tx_ring_num[t]) 2141 continue; 2142 2143 dst->tx_ring[t] = kzalloc(sizeof(struct mlx4_en_tx_ring *) * 2144 MAX_TX_RINGS, GFP_KERNEL); 2145 if (!dst->tx_ring[t]) 2146 goto err_free_tx; 2147 2148 dst->tx_cq[t] = kzalloc(sizeof(struct mlx4_en_cq *) * 2149 MAX_TX_RINGS, GFP_KERNEL); (gdb) list *mlx4_en_try_alloc_resources+0x13b 0xffffffff8170e0cb is in mlx4_en_try_alloc_resources (drivers/net/ethernet/mellanox/mlx4/en_netdev.c:2150). 2145 if (!dst->tx_ring[t]) 2146 goto err_free_tx; 2147 2148 dst->tx_cq[t] = kzalloc(sizeof(struct mlx4_en_cq *) * 2149 MAX_TX_RINGS, GFP_KERNEL); 2150 if (!dst->tx_cq[t]) { 2151 kfree(dst->tx_ring[t]); 2152 goto err_free_tx; 2153 } 2154 } Fixes: ec25bc04ed8e ("net/mlx4_en: Add resilience in low memory systems") Cc: Eugenia Emantayev Cc: Saeed Mahameed Cc: Tariq Toukan Signed-off-by: Martin KaFai Lau Reviewed-by: Tariq Toukan Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx4/en_netdev.c | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) commit f63cf464fc379382a271f94ddef36e8c5a0628eb Merge: a20def9 51964e9 Author: Dave Airlie Date: Fri Feb 3 09:10:08 2017 +1000 Merge branch 'drm-fixes-4.10' of git://people.freedesktop.org/~agd5f/linux into drm-fixes two amd fixes. * 'drm-fixes-4.10' of git://people.freedesktop.org/~agd5f/linux: drm/radeon: Fix vram_size/visible values in DRM_RADEON_GEM_INFO ioctl drm/amdgpu/si: fix crash on headless asics commit a20def95401112358bcc90242f252a96084a2d47 Merge: 52b679f e8fe4f4 Author: Dave Airlie Date: Fri Feb 3 09:09:36 2017 +1000 Merge tag 'topic/vma-fix-for-4.10-2017-02-02' of git://anongit.freedesktop.org/git/drm-intel into drm-fixes here's Maarten's backport of the vma fixes for v4.10. * tag 'topic/vma-fix-for-4.10-2017-02-02' of git://anongit.freedesktop.org/git/drm-intel: drm/i915: Track pinned vma in intel_plane_state drm/atomic: Unconditionally call prepare_fb. commit 34e00accf612bc5448ae709245c2b408edf39f46 Merge: 891aa1e 0becc0a Author: Linus Torvalds Date: Thu Feb 2 14:08:58 2017 -0800 Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 fixes from Ingo Molnar: "Misc fixes: - two microcode loader fixes - two FPU xstate handling fixes - an MCE timer handling related crash fix" * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/mce: Make timer handling more robust x86/microcode: Do not access the initrd after it has been freed x86/fpu/xstate: Fix xcomp_bv in XSAVES header x86/fpu: Set the xcomp_bv when we fake up a XSAVES area x86/microcode/intel: Drop stashed AP patch pointer optimization commit 891aa1e0f13c3aaa756c69b343d6ab6f3357009b Merge: c67b42f fff4b87 Author: Linus Torvalds Date: Thu Feb 2 13:30:19 2017 -0800 Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull perf fixes from Ingo Molnar: "Five kernel fixes: - an mmap tracing ABI fix for certain mappings - a use-after-free fix, found via KASAN - three CPU hotplug related x86 PMU driver fixes" * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: perf/x86/intel/uncore: Make package handling more robust perf/x86/intel/uncore: Clean up hotplug conversion fallout perf/x86/intel/rapl: Make package handling more robust perf/core: Fix PERF_RECORD_MMAP2 prot/flags for anonymous memory perf/core: Fix use-after-free bug commit c67b42f3a3f03e68bf915f32c8f7be0b726fec1a Merge: 027eb72 c8f325a Author: Linus Torvalds Date: Thu Feb 2 13:20:23 2017 -0800 Merge branch 'efi-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull EFI fixes from Ingo Molnar: "Two EFI boot fixes, one for arm64 and one for x86 systems with certain firmware versions" * 'efi-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: efi/fdt: Avoid FDT manipulation after ExitBootServices() x86/efi: Always map the first physical page into the EFI pagetables commit 027eb72cbcf81561867a764074964e2ce9828398 Merge: 1fc576b b5b46c4 Author: Linus Torvalds Date: Thu Feb 2 12:54:45 2017 -0800 Merge branch 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull objtool fix from Ingo Molnar: "A fix for a bad opcode in objtool's instruction decoder" * 'core-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: objtool: Fix IRET's opcode commit 1fc576b82b96d9bb033ff0098e1c0bf68de282b2 Merge: e4178c7 034dd34 Author: Linus Torvalds Date: Thu Feb 2 12:49:58 2017 -0800 Merge tag 'nfsd-4.10-2' of git://linux-nfs.org/~bfields/linux Pull nfsd fixes from Bruce Fields: "Three more miscellaneous nfsd bugfixes" * tag 'nfsd-4.10-2' of git://linux-nfs.org/~bfields/linux: svcrpc: fix oops in absence of krb5 module nfsd: special case truncates some more NFSD: Fix a null reference case in find_or_create_lock_stateid() commit e4178c75049c581114998a850ecdfa5a2811cde6 Merge: f255777 4b3e6f2 Author: Linus Torvalds Date: Thu Feb 2 12:39:10 2017 -0800 Merge tag 'xtensa-20170202' of git://github.com/jcmvbkbc/linux-xtensa Pull Xtensa fix from Max Filippov: "A for an Xtensa build error introduced in reset code refactoring series in v4.9: - fix noMMU build on cores with MMU" * tag 'xtensa-20170202' of git://github.com/jcmvbkbc/linux-xtensa: xtensa: fix noMMU build on cores with MMU commit f2557779e1a9cfbf69c99b74da26cc1b2b10e752 Merge: 6d04dfc 030305d Author: Linus Torvalds Date: Thu Feb 2 12:34:27 2017 -0800 Merge tag 'pci-v4.10-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci Pull PCI fix from Bjorn Helgaas: "Configure ASPM on the link from a PCI-to-PCIe bridge (avoids a NULL pointer dereference on topologies including these bridges)" * tag 'pci-v4.10-fixes-2' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci: PCI/ASPM: Handle PCI-to-PCIe bridges as roots of PCIe hierarchies commit 1a902f6b70c55171ca2419d946b85274e35c9757 Author: Arnd Bergmann Date: Thu Feb 2 12:38:33 2017 +0100 ARM: orion5x: fix Makefile for linkstation-lschl.dtb The rename of orion5x-lschl.dts needs to be reflected in the Makefile: make[3]: *** No rule to make target 'arch/arm/boot/dts/orion5x-lschl.dtb', needed by '__build'. Fixes: 6cfd3cd8d836 ("ARM: dts: orion5x-lschl: More consistent naming on linkstation series") Signed-off-by: Arnd Bergmann Signed-off-by: Gregory CLEMENT arch/arm/boot/dts/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit dfef358bd1beb4e7b5c94eca944be9cd23dfc752 Author: Christoph Hellwig Date: Mon Jan 30 13:15:41 2017 +0100 PCI/MSI: Don't apply affinity if there aren't enough vectors left Bart reported a problem wіth an out of bounds access in the low-level IRQ affinity code, which we root caused to the qla2xxx driver assigning all its MSI-X vectors to the pre and post vectors, and not having any left for the actually spread IRQs. Fix this issue by not asking for affinity assignment when there are no vectors to assign left. Fixes: 402723ad5c62 ("PCI/MSI: Provide pci_alloc_irq_vectors_affinity()") Link: https://lkml.kernel.org/r/1485359225.3093.3.camel@sandisk.com Reported-by: Bart Van Assche Tested-by: Bart Van Assche Signed-off-by: Christoph Hellwig Signed-off-by: Bjorn Helgaas drivers/pci/msi.c | 10 ++++++++++ 1 file changed, 10 insertions(+) commit 51964e9e12d0a054002a1a0d1dec4f661c7aaf28 Author: Michel Dänzer Date: Mon Jan 30 12:06:35 2017 +0900 drm/radeon: Fix vram_size/visible values in DRM_RADEON_GEM_INFO ioctl vram_size is supposed to be the total amount of VRAM that can be used by userspace, which corresponds to the TTM VRAM manager size (which is normally the full amount of VRAM, but can be just the visible VRAM when DMA can't be used for BO migration for some reason). The above was incorrectly used for vram_visible before, resulting in generally too large values being reported. Reviewed-by: Christian König Reviewed-by: Nicolai Hähnle Reviewed-by: Alex Deucher Signed-off-by: Michel Dänzer Signed-off-by: Alex Deucher drivers/gpu/drm/radeon/radeon_drv.c | 3 ++- drivers/gpu/drm/radeon/radeon_gem.c | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) commit 57bcd0a6364cd4eaa362d7ff1777e88ddf501602 Author: Alex Deucher Date: Fri Jan 27 10:31:52 2017 -0500 drm/amdgpu/si: fix crash on headless asics Missing check for crtcs present. Fixes: https://bugzilla.kernel.org/show_bug.cgi?id=193341 https://bugs.freedesktop.org/show_bug.cgi?id=99387 Reviewed-by: Christian König Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/gmc_v6_0.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 26a346f23c5291d1d9521e72763103daf2c6f0d1 Author: Arnd Bergmann Date: Wed Feb 1 17:57:56 2017 +0100 tracing/kprobes: Fix __init annotation clang complains about "__init" being attached to a struct name: kernel/trace/trace_kprobe.c:1375:15: error: '__section__' attribute only applies to functions and global variables The intention must have been to mark the function as __init instead of the type, so move the attribute there. Link: http://lkml.kernel.org/r/20170201165826.2625888-1-arnd@arndb.de Fixes: f18f97ac43d7 ("tracing/kprobes: Add a helper method to return number of probe hits") Signed-off-by: Arnd Bergmann Signed-off-by: Steven Rostedt (VMware) kernel/trace/trace_kprobe.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit aa33b9b9a2ebb00d33c83a5312d4fbf2d5aeba36 Author: Krister Johansen Date: Thu Jan 5 22:23:31 2017 -0800 perf callchain: Reference count maps If dso__load_kcore frees all of the existing maps, but one has already been attached to a callchain cursor node, then we can get a SIGSEGV in any function that happens to try to use this invalid cursor. Use the existing map refcount mechanism to forestall cleanup of a map until the cursor iterates past the node. Signed-off-by: Krister Johansen Tested-by: Arnaldo Carvalho de Melo Cc: Frederic Weisbecker Cc: Masami Hiramatsu Cc: Namhyung Kim Cc: stable@kernel.org Fixes: 84c2cafa2889 ("perf tools: Reference count struct map") Link: http://lkml.kernel.org/r/20170106062331.GB2707@templeofstupid.com Signed-off-by: Arnaldo Carvalho de Melo tools/perf/util/callchain.c | 11 +++++++++-- tools/perf/util/callchain.h | 6 ++++++ tools/perf/util/hist.c | 7 +++++++ 3 files changed, 22 insertions(+), 2 deletions(-) commit a1c9f97f0b64e6337d9cfcc08c134450934fdd90 Author: Namhyung Kim Date: Wed Jan 18 14:14:57 2017 +0900 perf diff: Fix -o/--order option behavior (again) Commit 21e6d8428664 ("perf diff: Use perf_hpp__register_sort_field interface") changed list_add() to perf_hpp__register_sort_field(). This resulted in a behavior change since the field was added to the tail instead of the head. So the -o option is mostly ignored due to its order in the list. This patch fixes it by adding perf_hpp__prepend_sort_field(). Signed-off-by: Namhyung Kim Acked-by: Jiri Olsa Cc: Peter Zijlstra Fixes: 21e6d8428664 ("perf diff: Use perf_hpp__register_sort_field interface") Link: http://lkml.kernel.org/r/20170118051457.30946-2-namhyung@kernel.org Signed-off-by: Arnaldo Carvalho de Melo tools/perf/builtin-diff.c | 2 +- tools/perf/ui/hist.c | 6 ++++++ tools/perf/util/hist.h | 7 +++++++ 3 files changed, 14 insertions(+), 1 deletion(-) commit 8381cdd0e32dd748bd34ca3ace476949948bd793 Author: Namhyung Kim Date: Wed Jan 18 14:14:56 2017 +0900 perf diff: Fix segfault on 'perf diff -o N' option The -o/--order option is to select column number to sort a diff result. It does the job by adding a hpp field at the beginning of the sort list. But it should not be added to the output field list as it has no callbacks required by a output field. During the setup_sorting(), the perf_hpp__setup_output_field() appends the given sort keys to the output field if it's not there already. Originally it was checked by fmt->list being non-empty. But commit 3f931f2c4274 ("perf hists: Make hpp setup function generic") changed it to check the ->equal callback. Anyways, we don't need to add the pseudo hpp field to the output field list since it won't be used for output. So just skip fields if they have no ->color or ->entry callbacks. Signed-off-by: Namhyung Kim Acked-by: Jiri Olsa Cc: Peter Zijlstra Fixes: 3f931f2c4274 ("perf hists: Make hpp setup function generic") Link: http://lkml.kernel.org/r/20170118051457.30946-1-namhyung@kernel.org Signed-off-by: Arnaldo Carvalho de Melo tools/perf/ui/hist.c | 4 ++++ 1 file changed, 4 insertions(+) commit 685ce0626840e2673fe64ea8807684f7324fec5f Author: Giovanni Cabiddu Date: Thu Dec 22 15:00:24 2016 +0000 crypto: qat - zero esram only for DH85x devices Zero embedded ram in DH85x devices. This is not needed for newer generations as it is done by HW. Cc: Signed-off-by: Giovanni Cabiddu Signed-off-by: Herbert Xu drivers/crypto/qat/qat_common/qat_hal.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 3484ecbe0e9deb94afb0b9b6172d77e98eb72b94 Author: Giovanni Cabiddu Date: Thu Dec 22 15:00:12 2016 +0000 crypto: qat - fix bar discovery for c62x Some accelerators of the c62x series have only two bars. This patch skips BAR0 if the accelerator does not have it. Cc: Signed-off-by: Giovanni Cabiddu Signed-off-by: Herbert Xu drivers/crypto/qat/qat_c62x/adf_drv.c | 2 +- drivers/crypto/qat/qat_common/adf_accel_devices.h | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) commit c8f325a59cfc718d13a50fbc746ed9b415c25e92 Author: Ard Biesheuvel Date: Wed Feb 1 17:45:02 2017 +0000 efi/fdt: Avoid FDT manipulation after ExitBootServices() Some AArch64 UEFI implementations disable the MMU in ExitBootServices(), after which unaligned accesses to RAM are no longer supported. Commit: abfb7b686a3e ("efi/libstub/arm*: Pass latest memory map to the kernel") fixed an issue in the memory map handling of the stub FDT code, but inadvertently created an issue with such firmware, by moving some of the FDT manipulation to after the invocation of ExitBootServices(). Given that the stub's libfdt implementation uses the ordinary, accelerated string functions, which rely on hardware handling of unaligned accesses, manipulating the FDT with the MMU off may result in alignment faults. So fix the situation by moving the update_fdt_memmap() call into the callback function invoked by efi_exit_boot_services() right before it calls the ExitBootServices() UEFI service (which is arguably a better place for it anyway) Note that disabling the MMU in ExitBootServices() is not compliant with the UEFI spec, and carries great risk due to the fact that switching from cached to uncached memory accesses halfway through compiler generated code (i.e., involving a stack) can never be done in a way that is architecturally safe. Fixes: abfb7b686a3e ("efi/libstub/arm*: Pass latest memory map to the kernel") Signed-off-by: Ard Biesheuvel Tested-by: Riku Voipio Cc: Cc: mark.rutland@arm.com Cc: linux-efi@vger.kernel.org Cc: matt@codeblueprint.co.uk Cc: leif.lindholm@linaro.org Cc: linux-arm-kernel@lists.infradead.org Link: http://lkml.kernel.org/r/1485971102-23330-2-git-send-email-ard.biesheuvel@linaro.org Signed-off-by: Ingo Molnar drivers/firmware/efi/libstub/fdt.c | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-) commit 6d04dfc8966019b8b0977b2cb942351f13d2b178 Merge: 2883aae 06425c3 Author: Linus Torvalds Date: Wed Feb 1 11:52:27 2017 -0800 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net Pull networking fixes from David Miller: 1) Fix handling of interrupt status in stmmac driver. Just because we have masked the event from generating interrupts, doesn't mean the bit won't still be set in the interrupt status register. From Alexey Brodkin. 2) Fix DMA API debugging splats in gianfar driver, from Arseny Solokha. 3) Fix off-by-one error in __ip6_append_data(), from Vlad Yasevich. 4) cls_flow does not match on icmpv6 codes properly, from Simon Horman. 5) Initial MAC address can be set incorrectly in some scenerios, from Ivan Vecera. 6) Packet header pointer arithmetic fix in ip6_tnl_parse_tlv_end_lim(), from Dan Carpenter. 7) Fix divide by zero in __tcp_select_window(), from Eric Dumazet. 8) Fix crash in iwlwifi when unregistering thermal zone, from Jens Axboe. 9) Check for DMA mapping errors in starfire driver, from Alexey Khoroshilov. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (31 commits) tcp: fix 0 divide in __tcp_select_window() ipv6: pointer math error in ip6_tnl_parse_tlv_enc_lim() net: fix ndo_features_check/ndo_fix_features comment ordering net/sched: matchall: Fix configuration race be2net: fix initial MAC setting ipv6: fix flow labels when the traffic class is non-0 net: thunderx: avoid dereferencing xcv when NULL net/sched: cls_flower: Correct matching on ICMPv6 code ipv6: Paritially checksum full MTU frames net/mlx4_core: Avoid command timeouts during VF driver device shutdown gianfar: synchronize DMA API usage by free_skb_rx_queue w/ gfar_new_page net: ethtool: add support for 2500BaseT and 5000BaseT link modes can: bcm: fix hrtimer/tasklet termination in bcm op removal net: adaptec: starfire: add checks for dma mapping errors net: phy: micrel: KSZ8795 do not set SUPPORTED_[Asym_]Pause can: Fix kernel panic at security_sock_rcv_skb net: macb: Fix 64 bit addressing support for GEM stmmac: Discard masked flags in interrupt status register net/mlx5e: Check ets capability before ets query FW command net/mlx5e: Fix update of hash function/key via ethtool ... commit 601bbbe0517303c9f8eb3d75e11d64efed1293c9 Author: Dmitry Torokhov Date: Tue Jan 31 14:56:43 2017 -0800 Input: uinput - fix crash when mixing old and new init style If user tries to initialize uinput device mixing old and new style initialization (i.e. using old UI_SET_ABSBIT instead of UI_ABS_SETUP, we forget to allocate input->absinfo and will crash when trying to send absolute events: ioctl(ui, UI_DEV_SETUP, &us); ioctl(ui, UI_SET_PHYS, "Test"); ioctl(ui, UI_SET_EVBIT, EV_ABS); ioctl(ui, UI_SET_ABSBIT, ABS_X); ioctl(ui, UI_SET_ABSBIT, ABS_Y); ioctl(ui, UI_DEV_CREATE, 0); Reported-by: Rodrigo Rivas Costa Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=191811 Fixes: fbae10db0940 ("Input: uinput - rework ABS validation") Reviewed-by: Benjamin Tissoires Cc: stable@vger.kernel.org Signed-off-by: Dmitry Torokhov drivers/input/misc/uinput.c | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) commit 2883aaea363f7a897ff06d2e6c73ae7aae285bcb Merge: e387dc1 e26bfeb Author: Linus Torvalds Date: Wed Feb 1 10:30:56 2017 -0800 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs Pull fscache fixes from Al Viro. * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: fscache: Fix dead object requeue fscache: Clear outstanding writes when disabling a cookie FS-Cache: Initialise stores_lock in netfs cookie commit 06425c308b92eaf60767bc71d359f4cbc7a561f8 Author: Eric Dumazet Date: Wed Feb 1 08:33:53 2017 -0800 tcp: fix 0 divide in __tcp_select_window() syszkaller fuzzer was able to trigger a divide by zero, when TCP window scaling is not enabled. SO_RCVBUF can be used not only to increase sk_rcvbuf, also to decrease it below current receive buffers utilization. If mss is negative or 0, just return a zero TCP window. Signed-off-by: Eric Dumazet Reported-by: Dmitry Vyukov Acked-by: Neal Cardwell Signed-off-by: David S. Miller net/ipv4/tcp_output.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit 63117f09c768be05a0bf465911297dc76394f686 Author: Dan Carpenter Date: Wed Feb 1 11:46:32 2017 +0300 ipv6: pointer math error in ip6_tnl_parse_tlv_enc_lim() Casting is a high precedence operation but "off" and "i" are in terms of bytes so we need to have some parenthesis here. Fixes: fbfa743a9d2a ("ipv6: fix ip6_tnl_parse_tlv_enc_lim()") Signed-off-by: Dan Carpenter Acked-by: Eric Dumazet Signed-off-by: David S. Miller net/ipv6/ip6_tunnel.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit e387dc122fc7c70c2a5df2567f4e2d1114f5a5da Merge: 3560950 11e3b72 Author: Linus Torvalds Date: Wed Feb 1 09:24:00 2017 -0800 Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 Pull crypto fixes from Herbert Xu: "This fixes a bug in CBC/CTR on ARM64 that breaks chaining as well as a bug in the core API that causes registration failures when a driver unloads and then reloads an algorithm" * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: crypto: arm64/aes-blk - honour iv_out requirement in CBC and CTR modes crypto: api - Clear CRYPTO_ALG_DEAD bit before registering an alg commit 35609502ac5dea2b149ec0368791d9c0e246bd65 Merge: c325b35 91539eb1 Author: Linus Torvalds Date: Wed Feb 1 09:22:08 2017 -0800 Merge tag 'dmaengine-fix-4.10-rc7' of git://git.infradead.org/users/vkoul/slave-dma Pull dmaengine fixes from Vinod Koul: "A couple of fixes showed up late in the cycle so sending them up and sending early in the week and not on Friday :). They fix a double lock in pl330 driver and runtime pm fixes for cppi driver" * tag 'dmaengine-fix-4.10-rc7' of git://git.infradead.org/users/vkoul/slave-dma: dmaengine: pl330: fix double lock dmaengine: cppi41: Clean up pointless warnings dmaengine: cppi41: Fix oops in cppi41_runtime_resume dmaengine: cppi41: Fix runtime PM timeouts with USB mass storage commit 1a2a14444d32b89b28116daea86f63ced1716668 Author: Dimitris Michailidis Date: Tue Jan 31 16:03:13 2017 -0800 net: fix ndo_features_check/ndo_fix_features comment ordering Commit cdba756f5803a2 ("net: move ndo_features_check() close to ndo_start_xmit()") inadvertently moved the doc comment for .ndo_fix_features instead of .ndo_features_check. Fix the comment ordering. Fixes: cdba756f5803a2 ("net: move ndo_features_check() close to ndo_start_xmit()") Signed-off-by: Dimitris Michailidis Acked-by: Eric Dumazet Signed-off-by: David S. Miller include/linux/netdevice.h | 29 +++++++++++++++-------------- 1 file changed, 15 insertions(+), 14 deletions(-) commit fd62d9f5c575f0792f150109f1fd24a0d4b3f854 Author: Yotam Gigi Date: Tue Jan 31 15:14:29 2017 +0200 net/sched: matchall: Fix configuration race In the current version, the matchall internal state is split into two structs: cls_matchall_head and cls_matchall_filter. This makes little sense, as matchall instance supports only one filter, and there is no situation where one exists and the other does not. In addition, that led to some races when filter was deleted while packet was processed. Unify that two structs into one, thus simplifying the process of matchall creation and deletion. As a result, the new, delete and get callbacks have a dummy implementation where all the work is done in destroy and change callbacks, as was done in cls_cgroup. Fixes: bf3994d2ed31 ("net/sched: introduce Match-all classifier") Reported-by: Daniel Borkmann Signed-off-by: Yotam Gigi Acked-by: Jiri Pirko Signed-off-by: David S. Miller net/sched/cls_matchall.c | 127 +++++++++++++++++------------------------------ 1 file changed, 45 insertions(+), 82 deletions(-) commit 2da64d20a0b20046d688e44f4033efd09157e29d Author: Alexey Kardashevskiy Date: Wed Feb 1 14:26:16 2017 +1100 vfio/spapr: Fix missing mutex unlock when creating a window Commit d9c728949ddc ("vfio/spapr: Postpone default window creation") added an additional exit to the VFIO_IOMMU_SPAPR_TCE_CREATE case and made it possible to return from tce_iommu_ioctl() without unlocking container->lock; this fixes the issue. Fixes: d9c728949ddc ("vfio/spapr: Postpone default window creation") Signed-off-by: Alexey Kardashevskiy Reviewed-by: David Gibson Signed-off-by: Alex Williamson drivers/vfio/vfio_iommu_spapr_tce.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) commit c325b3533730016ca5cdaf902d62550b4243fe43 Merge: a2ca3d6 cdca06e Author: Linus Torvalds Date: Wed Feb 1 08:34:13 2017 -0800 Merge tag 'pinctrl-v4.10-4' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl Pull pin control fixes from Linus Walleij: "Another week, another set of pin control fixes. The subsystem has seen high patch-spot activity recently. The majority of the patches are for Intel, I vaguely think it mostly concern phones, tablets and maybe chromebooks and even laptops with this Intel Atom family chips. Driver fixes only: - one fix to the Berlin driver making the SD card work fully again. - one fix to the Allwinner/sunxi bias function: one premature change needs to be partially reverted. - the remaining four patches are to Intel embedded SoCs: baytrail (three patches) and merrifield (one patch): register access debounce fixes and a missing spinlock" * tag 'pinctrl-v4.10-4' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl: pinctrl: baytrail: Add missing spinlock usage in byt_gpio_irq_handler pinctrl: baytrail: Debounce register is one per community pinctrl: baytrail: Rectify debounce support (part 2) pinctrl: intel: merrifield: Add missed check in mrfld_config_set() pinctrl: sunxi: Don't enforce bias disable (for now) pinctrl: berlin-bg4ct: fix the value for "sd1a" of pin SCRD0_CRD_PRES commit 4993b39ab04b083ff6ee1147e7e7f120feb6bf7f Author: Ivan Vecera Date: Tue Jan 31 20:01:31 2017 +0100 be2net: fix initial MAC setting Recent commit 34393529163a ("be2net: fix MAC addr setting on privileged BE3 VFs") allows privileged BE3 VFs to set its MAC address during initialization. Although the initial MAC for such VFs is already programmed by parent PF the subsequent setting performed by VF is OK, but in certain cases (after fresh boot) this command in VF can fail. The MAC should be initialized only when: 1) no MAC is programmed (always except BE3 VFs during first init) 2) programmed MAC is different from requested (e.g. MAC is set when interface is down). In this case the initial MAC programmed by PF needs to be deleted. The adapter->dev_mac contains MAC address currently programmed in HW so it should be zeroed when the MAC is deleted from HW and should not be filled when MAC is set when interface is down in be_mac_addr_set() as no programming is performed in this case. Example of failure without the fix (immediately after fresh boot): # ip link set eth0 up <- eth0 is BE3 PF be2net 0000:01:00.0 eth0: Link is Up # echo 1 > /sys/class/net/eth0/device/sriov_numvfs <- Create 1 VF ... be2net 0000:01:04.0: Emulex OneConnect(be3): VF port 0 # ip link set eth8 up <- eth8 is created privileged VF be2net 0000:01:04.0: opcode 59-1 failed:status 1-76 RTNETLINK answers: Input/output error # echo 0 > /sys/class/net/eth0/device/sriov_numvfs <- Delete VF iommu: Removing device 0000:01:04.0 from group 33 ... # echo 1 > /sys/class/net/eth0/device/sriov_numvfs <- Create it again iommu: Removing device 0000:01:04.0 from group 33 ... # ip link set eth8 up be2net 0000:01:04.0 eth8: Link is Up Initialization is now OK. v2 - Corrected the comment and condition check suggested by Suresh & Harsha Fixes: 34393529163a ("be2net: fix MAC addr setting on privileged BE3 VFs") Cc: Sathya Perla Cc: Ajit Khaparde Cc: Sriharsha Basavapatna Cc: Somnath Kotur Signed-off-by: Ivan Vecera Acked-by: Sriharsha Basavapatna Signed-off-by: David S. Miller drivers/net/ethernet/emulex/benet/be_main.c | 33 ++++++++++++++++++++++++----- 1 file changed, 28 insertions(+), 5 deletions(-) commit e8fe4f4b2b7b93048729538321c681c0cff33b39 Author: Chris Wilson Date: Tue Jan 31 10:21:31 2017 +0100 drm/i915: Track pinned vma in intel_plane_state With atomic plane states we are able to track an allocation right from preparation, during use and through to the final free after being swapped out for a new plane. We can couple the VMA we pin for the framebuffer (and its rotation) to this lifetime and avoid all the clumsy lookups in between. v2: Remove residual vma on plane cleanup (Chris) v3: Add a description for the vma destruction in intel_plane_destroy_state (Maarten) References: https://bugs.freedesktop.org/show_bug.cgi?id=98829 Signed-off-by: Chris Wilson Signed-off-by: Maarten Lankhorst Link: http://patchwork.freedesktop.org/patch/msgid/20170116152131.18089-1-chris@chris-wilson.co.uk Acked-by: Joonas Lahtinen (cherry picked from commit be1e341513ca23b0668b7b0f26fa6e2ffc46ba20) Signed-off-by: Jani Nikula Link: http://patchwork.freedesktop.org/patch/msgid/1485854491-27389-3-git-send-email-maarten.lankhorst@linux.intel.com drivers/gpu/drm/i915/i915_drv.h | 16 +--- drivers/gpu/drm/i915/intel_atomic_plane.c | 20 +++++ drivers/gpu/drm/i915/intel_display.c | 125 ++++++++++-------------------- drivers/gpu/drm/i915/intel_drv.h | 9 ++- drivers/gpu/drm/i915/intel_fbc.c | 52 +++++-------- drivers/gpu/drm/i915/intel_fbdev.c | 4 +- drivers/gpu/drm/i915/intel_sprite.c | 8 +- 7 files changed, 99 insertions(+), 135 deletions(-) commit eeee74a4f6625b77c3e8db0693c2d4546507ba0d Author: Maarten Lankhorst Date: Tue Jan 31 10:21:30 2017 +0100 drm/atomic: Unconditionally call prepare_fb. Atomic drivers may set properties like rotation on the same fb, which may require a call to prepare_fb even when framebuffer stays identical. Instead of handling all the special cases in the core, let the driver decide when prepare_fb and cleanup_fb are noops. This is a revert of: commit fcc60b413d14dd06ddbd79ec50e83c4fb2a097ba Author: Keith Packard Date: Sat Jun 4 01:16:22 2016 -0700 drm: Don't prepare or cleanup unchanging frame buffers [v3] The original commit mentions that this prevents waiting in i915 on all previous rendering during cursor updates, but there are better ways to fix this. Signed-off-by: Maarten Lankhorst Acked-by: Laurent Pinchart Signed-off-by: Daniel Vetter Link: http://patchwork.freedesktop.org/patch/msgid/6d82f9b6-9d16-91d1-d176-4a37b09afc44@linux.intel.com (cherry picked from commit 0532be078a207d7dd6ad26ebd0834e258acc4ee7) Signed-off-by: Jani Nikula Link: http://patchwork.freedesktop.org/patch/msgid/1485854491-27389-2-git-send-email-maarten.lankhorst@linux.intel.com drivers/gpu/drm/drm_atomic_helper.c | 9 --------- 1 file changed, 9 deletions(-) commit fff4b87e594ad3d2e4f51e8d3d86a6f9d3d8b654 Author: Thomas Gleixner Date: Tue Jan 31 23:58:40 2017 +0100 perf/x86/intel/uncore: Make package handling more robust The package management code in uncore relies on package mapping being available before a CPU is started. This changed with: 9d85eb9119f4 ("x86/smpboot: Make logical package management more robust") because the ACPI/BIOS information turned out to be unreliable, but that left uncore in broken state. This was not noticed because on a regular boot all CPUs are online before uncore is initialized. Move the allocation to the CPU online callback and simplify the hotplug handling. At this point the package mapping is established and correct. Signed-off-by: Thomas Gleixner Cc: Alexander Shishkin Cc: Arnaldo Carvalho de Melo Cc: Jiri Olsa Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Sebastian Siewior Cc: Stephane Eranian Cc: Vince Weaver Cc: Yasuaki Ishimatsu Fixes: 9d85eb9119f4 ("x86/smpboot: Make logical package management more robust") Link: http://lkml.kernel.org/r/20170131230141.377156255@linutronix.de Signed-off-by: Ingo Molnar arch/x86/events/intel/uncore.c | 196 +++++++++++++++++++---------------------- include/linux/cpuhotplug.h | 2 - 2 files changed, 91 insertions(+), 107 deletions(-) commit 1aa6cfd33df492939b0be15ebdbcff1f8ae5ddb6 Author: Thomas Gleixner Date: Tue Jan 31 23:58:39 2017 +0100 perf/x86/intel/uncore: Clean up hotplug conversion fallout The recent conversion to the hotplug state machine kept two mechanisms from the original code: 1) The first_init logic which adds the number of online CPUs in a package to the refcount. That's wrong because the callbacks are executed for all online CPUs. Remove it so the refcounting is correct. 2) The on_each_cpu() call to undo box->init() in the error handling path. That's bogus because when the prepare callback fails no box has been initialized yet. Remove it. Signed-off-by: Thomas Gleixner Cc: Alexander Shishkin Cc: Arnaldo Carvalho de Melo Cc: Jiri Olsa Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Sebastian Siewior Cc: Stephane Eranian Cc: Vince Weaver Cc: Yasuaki Ishimatsu Fixes: 1a246b9f58c6 ("perf/x86/intel/uncore: Convert to hotplug state machine") Link: http://lkml.kernel.org/r/20170131230141.298032324@linutronix.de Signed-off-by: Ingo Molnar arch/x86/events/intel/uncore.c | 44 ++++-------------------------------------- 1 file changed, 4 insertions(+), 40 deletions(-) commit dd86e373e09fb16b83e8adf5c48c421a4ca76468 Author: Thomas Gleixner Date: Tue Jan 31 23:58:38 2017 +0100 perf/x86/intel/rapl: Make package handling more robust The package management code in RAPL relies on package mapping being available before a CPU is started. This changed with: 9d85eb9119f4 ("x86/smpboot: Make logical package management more robust") because the ACPI/BIOS information turned out to be unreliable, but that left RAPL in broken state. This was not noticed because on a regular boot all CPUs are online before RAPL is initialized. A possible fix would be to reintroduce the mess which allocates a package data structure in CPU prepare and when it turns out to already exist in starting throw it away later in the CPU online callback. But that's a horrible hack and not required at all because RAPL becomes functional for perf only in the CPU online callback. That's correct because user space is not yet informed about the CPU being onlined, so nothing caan rely on RAPL being available on that particular CPU. Move the allocation to the CPU online callback and simplify the hotplug handling. At this point the package mapping is established and correct. This also adds a missing check for available package data in the event_init() function. Reported-by: Yasuaki Ishimatsu Signed-off-by: Thomas Gleixner Cc: Alexander Shishkin Cc: Arnaldo Carvalho de Melo Cc: Jiri Olsa Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Sebastian Siewior Cc: Stephane Eranian Cc: Vince Weaver Fixes: 9d85eb9119f4 ("x86/smpboot: Make logical package management more robust") Link: http://lkml.kernel.org/r/20170131230141.212593966@linutronix.de Signed-off-by: Ingo Molnar arch/x86/events/intel/rapl.c | 60 +++++++++++++++++++------------------------- include/linux/cpuhotplug.h | 1 - 2 files changed, 26 insertions(+), 35 deletions(-) commit f2e767bb5d6ee0d988cb7d4e54b0b21175802b6b Author: Ram Pai Date: Thu Jan 26 16:37:01 2017 -0200 scsi: mpt3sas: Force request partial completion alignment The firmware or device, possibly under a heavy I/O load, can return on a partial unaligned boundary. Scsi-ml expects these requests to be completed on an alignment boundary. Scsi-ml blindly requeues the I/O without checking the alignment boundary of the I/O request for the remaining bytes. This leads to errors, since devices cannot perform non-aligned read/write operations. This patch fixes the issue in the driver. It aligns unaligned completions of FS requests, by truncating them to the nearest alignment boundary. [mkp: simplified if statement] Reported-by: Mauricio Faria De Oliveira Signed-off-by: Guilherme G. Piccoli Signed-off-by: Ram Pai Acked-by: Sreekanth Reddy Signed-off-by: Martin K. Petersen drivers/scsi/mpt3sas/mpt3sas_scsih.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) commit 2780f3c8f0233de90b6b47a23fc422b7780c5436 Author: Mauricio Faria de Oliveira Date: Wed Jan 25 22:07:06 2017 -0200 scsi: qla2xxx: Avoid that issuing a LIP triggers a kernel crash Avoid that issuing a LIP as follows: find /sys -name 'issue_lip'|while read f; do echo 1 > $f; done triggers the following: BUG: unable to handle kernel NULL pointer dereference at (null) Call Trace: qla2x00_abort_all_cmds+0xed/0x140 [qla2xxx] qla2x00_abort_isp_cleanup+0x1e3/0x280 [qla2xxx] qla2x00_abort_isp+0xef/0x690 [qla2xxx] qla2x00_do_dpc+0x36c/0x880 [qla2xxx] kthread+0x10c/0x140 [mkp: consolidated Mauricio's and Bart's fixes] Signed-off-by: Mauricio Faria de Oliveira Reported-by: Bart Van Assche Fixes: 1535aa75a3d8 ("qla2xxx: fix invalid DMA access after command aborts in PCI device remove") Cc: Himanshu Madhani Cc: Signed-off-by: Martin K. Petersen drivers/scsi/qla2xxx/qla_os.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 4b3e6f2ef3722f1a6a97b6034ed492c1a21fd4ae Author: Max Filippov Date: Tue Jan 31 18:35:37 2017 -0800 xtensa: fix noMMU build on cores with MMU Commit bf15f86b343ed8 ("xtensa: initialize MMU before jumping to reset vector") calls MMU management functions even when CONFIG_MMU is not selected. That breaks noMMU build on cores with MMU. Don't manage MMU when CONFIG_MMU is not selected. Cc: stable@vger.kernel.org Signed-off-by: Max Filippov arch/xtensa/kernel/setup.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 9d032f4201d39e5cf43a8709a047e481f5723fdc Author: Dan Williams Date: Wed Jan 25 00:54:07 2017 +0530 libnvdimm, namespace: do not delete namespace-id 0 Given that the naming of pmem devices changes from the pmemX form to the pmemX.Y form when namespace id is greater than 0, arrange for namespaces with id-0 to be exempt from deletion. Otherwise a simple reconfiguration of an existing namespace to a new mode results in a name change of the resulting block device: # ndctl list --namespace=namespace1.0 { "dev":"namespace1.0", "mode":"raw", "size":2147483648, "uuid":"3dadf3dc-89b9-4b24-b20e-abc8a4707ce3", "blockdev":"pmem1" } # ndctl create-namespace --reconfig=namespace1.0 --mode=memory --force { "dev":"namespace1.1", "mode":"memory", "size":2111832064, "uuid":"7b4a6341-7318-4219-a02c-fb57c0bbf613", "blockdev":"pmem1.1" } This change does require tooling changes to explicitly look for namespaceX.0 if the seed has already advanced to another namespace. Cc: Fixes: 98a29c39dc68 ("libnvdimm, namespace: allow creation of multiple pmem-namespaces per region") Reviewed-by: Johannes Thumshirn Signed-off-by: Dan Williams drivers/nvdimm/namespace_devs.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) commit 970d14e3989160ee9e97c7d75ecbc893fd29dab9 Author: Bhumika Goyal Date: Wed Jan 25 00:54:07 2017 +0530 nvdimm: constify device_type structures Declare device_type structure as const as it is only stored in the type field of a device structure. This field is of type const, so add const to declaration of device_type structure. File size before: text data bss dec hex filename 19278 3199 16 22493 57dd nvdimm/namespace_devs.o File size after: text data bss dec hex filename 19929 3160 16 23105 5a41 nvdimm/namespace_devs.o Signed-off-by: Bhumika Goyal Signed-off-by: Dan Williams drivers/nvdimm/namespace_devs.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit a2ca3d617944417e9dd5f09fc8a4549cda115f4f Merge: 283725a 79c6f44 Author: Linus Torvalds Date: Tue Jan 31 16:32:40 2017 -0800 Merge tag 'trace-4.10-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace Pull tracing fix from Steven Rostedt: "It was reported to me that the thread created by the hwlat tracer does not migrate after the first instance. I found that there was as small bug in the logic, and fixed it. It's minor, but should be fixed regardless. There's not much impact outside the hwlat tracer" * tag 'trace-4.10-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace: tracing: Fix hwlat kthread migration commit 52b679f60e2a68af88411f12318675a2424a0e14 Merge: edc6741 92c715f Author: Dave Airlie Date: Wed Feb 1 08:45:27 2017 +1000 Merge tag 'drm-misc-fixes-2017-01-31' of git://anongit.freedesktop.org/git/drm-misc into drm-fixes 2 patches to fix the oops Dave Hanse reported, plus a double kfree fix Maarten discovered while backporting the fix for Linus. For Linus' vma tracking oops the plan is to send you a dedicated pull with the 2 patches we need, but since it's tricky we're letting CI beat on it a bit more. * tag 'drm-misc-fixes-2017-01-31' of git://anongit.freedesktop.org/git/drm-misc: drm/atomic: Fix double free in drm_atomic_state_default_clear drm: Don't race connector registration drm: prevent double-(un)registration for connectors commit 283725af0bd2a4a8600bbe5edeb9d7c72780d3a2 Merge: f1774f4 05e0be7 Author: Linus Torvalds Date: Tue Jan 31 13:59:10 2017 -0800 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input Pull input subsystem fixes from Dmitry Torokhov: "A fix for a crash in the wm97xx driver and synaptics-rmi4 will stop throwing erroneous warnings." * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input: Input: synaptics-rmi4 - fix reversed conditions in enable/disable_irq_wake Input: wm97xx - make missing platform data non-fatal commit f1774f46d49f806614d81854321ee9e5138135e5 Merge: 298a2d8 07cd129 Author: Linus Torvalds Date: Tue Jan 31 13:54:41 2017 -0800 Merge branch 'for-4.10-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup Pull cgroup fix from Tejun Heo: "The cgroup creation path was getting the order of operations wrong and exposing cgroups which don't have their names set yet to controllers which can lead to NULL derefs. This contains the fix for the bug" * 'for-4.10-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup: cgroup: don't online subsystems before cgroup_name/path() are operational commit 298a2d87518ec01bb36070fafe31da7746556db0 Merge: 52e02f2 966d2b0 Author: Linus Torvalds Date: Tue Jan 31 13:10:59 2017 -0800 Merge branch 'for-4.10-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/percpu Pull percpu fix from Tejun Heo: "Douglas found and fixed a ref leak bug in percpu_ref_tryget[_live](). The bug is caused by storing the return value of atomic_long_inc_not_zero() into an int temp variable before returning it as a bool. The interim cast to int loses the upper bits and can lead to false negatives. As percpu_ref uses a high bit to mark a draining counter, this can happen relatively easily. Fixed by using bool for the temp variable" * 'for-4.10-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/percpu: percpu-refcount: fix reference leak during percpu-atomic transition commit 52e02f2797cf44e00da987a7736cc0f5192132f7 Merge: c9194b9 064c3db Author: Linus Torvalds Date: Tue Jan 31 13:07:04 2017 -0800 Merge branch 'for-4.10-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata Pull libata fixes from Tejun Heo: "Three libata fixes: an error handling fix, blacklist addition for another fallout from upping the default max sectors, and fix for a sense data reporting bug which affects new harddrives which can report sense data" * 'for-4.10-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata: ata: sata_mv:- Handle return value of devm_ioremap. libata: Fix ATA request sense libata: apply MAX_SEC_1024 to all CX1-JB*-HP devices commit c9194b99ae1825bdbafc701965442a47739ff0ad Merge: 415f9b7 8e9faa1 Author: Linus Torvalds Date: Tue Jan 31 13:05:15 2017 -0800 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid Pull HID fixes from Jiri Kosina: - regression fix (sleeping while atomic) for cp2112, from Johan Hovold - regression fix for proximity handling under certain circumstances in Wacom driver, from Jason Gerecke - functional fix for Logitech Rumblepad 2, from Ardinartsev Nikita * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid: HID: cp2112: fix gpio-callback error handling HID: cp2112: fix sleep-while-atomic HID: hid-lg: Fix immediate disconnection of Logitech Rumblepad 2 HID: usbhid: Quirk a AMI virtual mouse and keyboard with ALWAYS_POLL HID: wacom: Fix poor prox handling in 'wacom_pl_irq' commit 0becc0ae5b42828785b589f686725ff5bc3b9b25 Author: Thomas Gleixner Date: Tue Jan 31 09:37:34 2017 +0100 x86/mce: Make timer handling more robust Erik reported that on a preproduction hardware a CMCI storm triggers the BUG_ON in add_timer_on(). The reason is that the per CPU MCE timer is started by the CMCI logic before the MCE CPU hotplug callback starts the timer with add_timer_on(). So the timer is already queued which triggers the BUG. Using add_timer_on() is pretty pointless in this code because the timer is strictlty per CPU, initialized as pinned and all operations which arm the timer happen on the CPU to which the timer belongs. Simplify the whole machinery by using mod_timer() instead of add_timer_on() which avoids the problem because mod_timer() can handle already queued timers. Use __start_timer() everywhere so the earliest armed expiry time is preserved. Reported-by: Erik Veijola Tested-by: Borislav Petkov Signed-off-by: Thomas Gleixner Reviewed-by: Borislav Petkov Cc: Tony Luck Link: http://lkml.kernel.org/r/alpine.DEB.2.20.1701310936080.3457@nanos Signed-off-by: Thomas Gleixner arch/x86/kernel/cpu/mcheck/mce.c | 31 ++++++++++++------------------- 1 file changed, 12 insertions(+), 19 deletions(-) commit 415f9b71d17d294c2f2075b3fc7717d72e5e48f9 Merge: f9a42e0 81ddd8c Author: Linus Torvalds Date: Tue Jan 31 12:36:39 2017 -0800 Merge branch 'for-next' of git://git.samba.org/sfrench/cifs-2.6 Pull cifs fix from Steve French: "A small cifs fix for stable" * 'for-next' of git://git.samba.org/sfrench/cifs-2.6: cifs: initialize file_info_lock commit edc67410449c668434b183bb0f770b7bf456c750 Merge: 566cf87 2b50789 Author: Dave Airlie Date: Wed Feb 1 05:28:14 2017 +1000 Merge branch 'linux-4.10' of git://github.com/skeggsb/linux into drm-fixes Just a couple of minor race/regression fixes, nothing exciting, but somewhat important * 'linux-4.10' of git://github.com/skeggsb/linux: drm/nouveau/kms/nv50: request vblank events for commits that send completion events drm/nouveau/nv1a,nv1f/disp: fix memory clock rate retrieval drm/nouveau/disp/gt215: Fix HDA ELD handling (thus, HDMI audio) on gt215 drm/nouveau/nouveau/led: prevent compiling the led-code if nouveau=y and leds=m drm/nouveau/disp/mcp7x: disable dptmds workaround drm/nouveau: prevent userspace from deleting client object drm/nouveau/fence/g84-: protect against concurrent access to semaphore buffers commit aaaec6fc755447a1d056765b11b24d8ff2b81366 Author: Thomas Gleixner Date: Tue Jan 31 19:03:21 2017 +0100 x86/irq: Make irq activate operations symmetric The recent commit which prevents double activation of interrupts unearthed interesting code in x86. The code (ab)uses irq_domain_activate_irq() to reconfigure an already activated interrupt. That trips over the prevention code now. Fix it by deactivating the interrupt before activating the new configuration. Fixes: 08d85f3ea99f1 "irqdomain: Avoid activating interrupts more than once" Reported-and-tested-by: Mike Galbraith Reported-and-tested-by: Borislav Petkov Signed-off-by: Thomas Gleixner Cc: Andrey Ryabinin Cc: Marc Zyngier Cc: stable@vger.kernel.org Link: http://lkml.kernel.org/r/alpine.DEB.2.20.1701311901580.3457@nanos arch/x86/kernel/apic/io_apic.c | 2 ++ arch/x86/kernel/hpet.c | 1 + 2 files changed, 3 insertions(+) commit e26bfebdfc0d212d366de9990a096665d5c0209a Author: David Howells Date: Tue Jan 31 09:45:28 2017 +0000 fscache: Fix dead object requeue Under some circumstances, an fscache object can become queued such that it fscache_object_work_func() can be called once the object is in the OBJECT_DEAD state. This results in the kernel oopsing when it tries to invoke the handler for the state (which is hard coded to 0x2). The way this comes about is something like the following: (1) The object dispatcher is processing a work state for an object. This is done in workqueue context. (2) An out-of-band event comes in that isn't masked, causing the object to be queued, say EV_KILL. (3) The object dispatcher finishes processing the current work state on that object and then sees there's another event to process, so, without returning to the workqueue core, it processes that event too. It then follows the chain of events that initiates until we reach OBJECT_DEAD without going through a wait state (such as WAIT_FOR_CLEARANCE). At this point, object->events may be 0, object->event_mask will be 0 and oob_event_mask will be 0. (4) The object dispatcher returns to the workqueue processor, and in due course, this sees that the object's work item is still queued and invokes it again. (5) The current state is a work state (OBJECT_DEAD), so the dispatcher jumps to it - resulting in an OOPS. When I'm seeing this, the work state in (1) appears to have been either LOOK_UP_OBJECT or CREATE_OBJECT (object->oob_table is fscache_osm_lookup_oob). The window for (2) is very small: (A) object->event_mask is cleared whilst the event dispatch process is underway - though there's no memory barrier to force this to the top of the function. The window, therefore is from the time the object was selected by the workqueue processor and made requeueable to the time the mask was cleared. (B) fscache_raise_event() will only queue the object if it manages to set the event bit and the corresponding event_mask bit was set. The enqueuement is then deferred slightly whilst we get a ref on the object and get the per-CPU variable for workqueue congestion. This slight deferral slightly increases the probability by allowing extra time for the workqueue to make the item requeueable. Handle this by giving the dead state a processor function and checking the for the dead state address rather than seeing if the processor function is address 0x2. The dead state processor function can then set a flag to indicate that it's occurred and give a warning if it occurs more than once per object. If this race occurs, an oops similar to the following is seen (note the RIP value): BUG: unable to handle kernel NULL pointer dereference at 0000000000000002 IP: [<0000000000000002>] 0x1 PGD 0 Oops: 0010 [#1] SMP Modules linked in: ... CPU: 17 PID: 16077 Comm: kworker/u48:9 Not tainted 3.10.0-327.18.2.el7.x86_64 #1 Hardware name: HP ProLiant DL380 Gen9/ProLiant DL380 Gen9, BIOS P89 12/27/2015 Workqueue: fscache_object fscache_object_work_func [fscache] task: ffff880302b63980 ti: ffff880717544000 task.ti: ffff880717544000 RIP: 0010:[<0000000000000002>] [<0000000000000002>] 0x1 RSP: 0018:ffff880717547df8 EFLAGS: 00010202 RAX: ffffffffa0368640 RBX: ffff880edf7a4480 RCX: dead000000200200 RDX: 0000000000000002 RSI: 00000000ffffffff RDI: ffff880edf7a4480 RBP: ffff880717547e18 R08: 0000000000000000 R09: dfc40a25cb3a4510 R10: dfc40a25cb3a4510 R11: 0000000000000400 R12: 0000000000000000 R13: ffff880edf7a4510 R14: ffff8817f6153400 R15: 0000000000000600 FS: 0000000000000000(0000) GS:ffff88181f420000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000002 CR3: 000000000194a000 CR4: 00000000001407e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 Stack: ffffffffa0363695 ffff880edf7a4510 ffff88093f16f900 ffff8817faa4ec00 ffff880717547e60 ffffffff8109d5db 00000000faa4ec18 0000000000000000 ffff8817faa4ec18 ffff88093f16f930 ffff880302b63980 ffff88093f16f900 Call Trace: [] ? fscache_object_work_func+0xa5/0x200 [fscache] [] process_one_work+0x17b/0x470 [] worker_thread+0x21c/0x400 [] ? rescuer_thread+0x400/0x400 [] kthread+0xcf/0xe0 [] ? kthread_create_on_node+0x140/0x140 [] ret_from_fork+0x58/0x90 [] ? kthread_create_on_node+0x140/0x140 Signed-off-by: David Howells Acked-by: Jeremy McNicoll Tested-by: Frank Sorenson Tested-by: Benjamin Coddington Reviewed-by: Benjamin Coddington Signed-off-by: Al Viro fs/fscache/object.c | 26 ++++++++++++++++++++++++-- include/linux/fscache-cache.h | 1 + 2 files changed, 25 insertions(+), 2 deletions(-) commit 6bdded59c8933940ac7e5b416448276ac89d1144 Author: David Howells Date: Wed Jan 18 14:29:25 2017 +0000 fscache: Clear outstanding writes when disabling a cookie fscache_disable_cookie() needs to clear the outstanding writes on the cookie it's disabling because they cannot be completed after. Without this, fscache_nfs_open_file() gets stuck because it disables the cookie when the file is opened for writing but can't uncache the pages till afterwards - otherwise there's a race between the open routine and anyone who already has it open R/O and is still reading from it. Looking in /proc/pid/stack of the offending process shows: [] __fscache_wait_on_page_write+0x82/0x9b [fscache] [] __fscache_uncache_all_inode_pages+0x91/0xe1 [fscache] [] nfs_fscache_open_file+0x59/0x9e [nfs] [] nfs4_file_open+0x17f/0x1b8 [nfsv4] [] do_dentry_open+0x16d/0x2b7 [] vfs_open+0x5c/0x65 [] path_openat+0x785/0x8fb [] do_filp_open+0x48/0x9e [] do_sys_open+0x13b/0x1cb [] SyS_open+0x19/0x1b [] do_syscall_64+0x80/0x17a [] return_from_SYSCALL_64+0x0/0x7a [] 0xffffffffffffffff Reported-by: Jianhong Yin Signed-off-by: David Howells Acked-by: Jeff Layton Acked-by: Steve Dickson Signed-off-by: Al Viro fs/fscache/cookie.c | 5 +++++ fs/fscache/object.c | 6 ++++++ 2 files changed, 11 insertions(+) commit 62deb8187d116581c88c69a2dd9b5c16588545d4 Author: David Howells Date: Wed Jan 18 14:29:17 2017 +0000 FS-Cache: Initialise stores_lock in netfs cookie Initialise the stores_lock in fscache netfs cookies. Technically, it shouldn't be necessary, since the netfs cookie is an index and stores no data, but initialising it anyway adds insignificant overhead. Signed-off-by: David Howells Reviewed-by: Jeff Layton Acked-by: Steve Dickson Signed-off-by: Al Viro fs/fscache/netfs.c | 1 + 1 file changed, 1 insertion(+) commit 90427ef5d2a4b9a24079889bf16afdcdaebc4240 Author: Dimitris Michailidis Date: Mon Jan 30 14:09:42 2017 -0800 ipv6: fix flow labels when the traffic class is non-0 ip6_make_flowlabel() determines the flow label for IPv6 packets. It's supposed to be passed a flow label, which it returns as is if non-0 and in some other cases, otherwise it calculates a new value. The problem is callers often pass a flowi6.flowlabel, which may also contain traffic class bits. If the traffic class is non-0 ip6_make_flowlabel() mistakes the non-0 it gets as a flow label and returns the whole thing. Thus it can return a 'flow label' longer than 20b and the low 20b of that is typically 0 resulting in packets with 0 label. Moreover, different packets of a flow may be labeled differently. For a TCP flow with ECN non-payload and payload packets get different labels as exemplified by this pair of consecutive packets: (pure ACK) Internet Protocol Version 6, Src: 2002:af5:11a3::, Dst: 2002:af5:11a2:: 0110 .... = Version: 6 .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT) .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0) .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0) .... .... .... 0001 1100 1110 0100 1001 = Flow Label: 0x1ce49 Payload Length: 32 Next Header: TCP (6) (payload) Internet Protocol Version 6, Src: 2002:af5:11a3::, Dst: 2002:af5:11a2:: 0110 .... = Version: 6 .... 0000 0010 .... .... .... .... .... = Traffic Class: 0x02 (DSCP: CS0, ECN: ECT(0)) .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0) .... .... ..10 .... .... .... .... .... = Explicit Congestion Notification: ECN-Capable Transport codepoint '10' (2) .... .... .... 0000 0000 0000 0000 0000 = Flow Label: 0x00000 Payload Length: 688 Next Header: TCP (6) This patch allows ip6_make_flowlabel() to be passed more than just a flow label and has it extract the part it really wants. This was simpler than modifying the callers. With this patch packets like the above become Internet Protocol Version 6, Src: 2002:af5:11a3::, Dst: 2002:af5:11a2:: 0110 .... = Version: 6 .... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT) .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0) .... .... ..00 .... .... .... .... .... = Explicit Congestion Notification: Not ECN-Capable Transport (0) .... .... .... 1010 1111 1010 0101 1110 = Flow Label: 0xafa5e Payload Length: 32 Next Header: TCP (6) Internet Protocol Version 6, Src: 2002:af5:11a3::, Dst: 2002:af5:11a2:: 0110 .... = Version: 6 .... 0000 0010 .... .... .... .... .... = Traffic Class: 0x02 (DSCP: CS0, ECN: ECT(0)) .... 0000 00.. .... .... .... .... .... = Differentiated Services Codepoint: Default (0) .... .... ..10 .... .... .... .... .... = Explicit Congestion Notification: ECN-Capable Transport codepoint '10' (2) .... .... .... 1010 1111 1010 0101 1110 = Flow Label: 0xafa5e Payload Length: 688 Next Header: TCP (6) Signed-off-by: Dimitris Michailidis Acked-by: Eric Dumazet Signed-off-by: David S. Miller include/net/ipv6.h | 5 +++++ 1 file changed, 5 insertions(+) commit c73e44269369e936165f0f9b61f1f09a11dae01c Author: Vincent Date: Mon Jan 30 15:06:43 2017 +0100 net: thunderx: avoid dereferencing xcv when NULL This fixes the following smatch and coccinelle warnings: drivers/net/ethernet/cavium/thunder/thunder_xcv.c:119 xcv_setup_link() error: we previously assumed 'xcv' could be null (see line 118) [smatch] drivers/net/ethernet/cavium/thunder/thunder_xcv.c:119:16-20: ERROR: xcv is NULL but dereferenced. [coccinelle] Fixes: 6465859aba1e66a5 ("net: thunderx: Add RGMII interface type support") Signed-off-by: Vincent Stehlé Cc: Sunil Goutham Signed-off-by: David S. Miller drivers/net/ethernet/cavium/thunder/thunder_xcv.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 034dd34ff4916ec1f8f74e39ca3efb04eab2f791 Author: J. Bruce Fields Date: Tue Jan 31 11:37:50 2017 -0500 svcrpc: fix oops in absence of krb5 module Olga Kornievskaia says: "I ran into this oops in the nfsd (below) (4.10-rc3 kernel). To trigger this I had a client (unsuccessfully) try to mount the server with krb5 where the server doesn't have the rpcsec_gss_krb5 module built." The problem is that rsci.cred is copied from a svc_cred structure that gss_proxy didn't properly initialize. Fix that. [120408.542387] general protection fault: 0000 [#1] SMP ... [120408.565724] CPU: 0 PID: 3601 Comm: nfsd Not tainted 4.10.0-rc3+ #16 [120408.567037] Hardware name: VMware, Inc. VMware Virtual = Platform/440BX Desktop Reference Platform, BIOS 6.00 07/02/2015 [120408.569225] task: ffff8800776f95c0 task.stack: ffffc90003d58000 [120408.570483] RIP: 0010:gss_mech_put+0xb/0x20 [auth_rpcgss] ... [120408.584946] ? rsc_free+0x55/0x90 [auth_rpcgss] [120408.585901] gss_proxy_save_rsc+0xb2/0x2a0 [auth_rpcgss] [120408.587017] svcauth_gss_proxy_init+0x3cc/0x520 [auth_rpcgss] [120408.588257] ? __enqueue_entity+0x6c/0x70 [120408.589101] svcauth_gss_accept+0x391/0xb90 [auth_rpcgss] [120408.590212] ? try_to_wake_up+0x4a/0x360 [120408.591036] ? wake_up_process+0x15/0x20 [120408.592093] ? svc_xprt_do_enqueue+0x12e/0x2d0 [sunrpc] [120408.593177] svc_authenticate+0xe1/0x100 [sunrpc] [120408.594168] svc_process_common+0x203/0x710 [sunrpc] [120408.595220] svc_process+0x105/0x1c0 [sunrpc] [120408.596278] nfsd+0xe9/0x160 [nfsd] [120408.597060] kthread+0x101/0x140 [120408.597734] ? nfsd_destroy+0x60/0x60 [nfsd] [120408.598626] ? kthread_park+0x90/0x90 [120408.599448] ret_from_fork+0x22/0x30 Fixes: 1d658336b05f "SUNRPC: Add RPC based upcall mechanism for RPCGSS auth" Cc: stable@vger.kernel.org Cc: Simo Sorce Reported-by: Olga Kornievskaia Tested-by: Olga Kornievskaia Signed-off-by: J. Bruce Fields net/sunrpc/auth_gss/gss_rpc_xdr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 41f53350a0f36a7b8e31bec0d0ca907e028ab4cd Author: Christoph Hellwig Date: Tue Jan 24 09:22:41 2017 +0100 nfsd: special case truncates some more Both the NFS protocols and the Linux VFS use a setattr operation with a bitmap of attributs to set to set various file attributes including the file size and the uid/gid. The Linux syscalls never mixes size updates with unrelated updates like the uid/gid, and some file systems like XFS and GFS2 rely on the fact that truncates might not update random other attributes, and many other file systems handle the case but do not update the different attributes in the same transaction. NFSD on the other hand passes the attributes it gets on the wire more or less directly through to the VFS, leading to updates the file systems don't expect. XFS at least has an assert on the allowed attributes, which caught an unusual NFS client setting the size and group at the same time. To handle this issue properly this switches nfsd to call vfs_truncate for size changes, and then handle all other attributes through notify_change. As a side effect this also means less boilerplace code around the size change as we can now reuse the VFS code. Signed-off-by: Christoph Hellwig Signed-off-by: J. Bruce Fields fs/nfsd/vfs.c | 97 +++++++++++++++++++++++------------------------------------ 1 file changed, 37 insertions(+), 60 deletions(-) commit d19fb70dd68c4e960e2ac09b0b9c79dfdeefa726 Author: Kinglong Mee Date: Wed Jan 18 19:04:42 2017 +0800 NFSD: Fix a null reference case in find_or_create_lock_stateid() nfsd assigns the nfs4_free_lock_stateid to .sc_free in init_lock_stateid(). If nfsd doesn't go through init_lock_stateid() and put stateid at end, there is a NULL reference to .sc_free when calling nfs4_put_stid(ns). This patch let the nfs4_stid.sc_free assignment to nfs4_alloc_stid(). Cc: stable@vger.kernel.org Fixes: 356a95ece7aa "nfsd: clean up races in lock stateid searching..." Signed-off-by: Kinglong Mee Reviewed-by: Jeff Layton Signed-off-by: J. Bruce Fields fs/nfsd/nfs4layouts.c | 5 +++-- fs/nfsd/nfs4state.c | 19 ++++++++----------- fs/nfsd/state.h | 4 ++-- 3 files changed, 13 insertions(+), 15 deletions(-) commit d07830db1bdb254e4b50d366010b219286b8c937 Author: Marcel J.E. Mol Date: Mon Jan 30 19:26:40 2017 +0100 USB: serial: pl2303: add ATEN device ID Seems that ATEN serial-to-usb devices using pl2303 exist with different device ids. This patch adds a missing device ID so it is recognised by the driver. Signed-off-by: Marcel J.E. Mol Cc: stable Signed-off-by: Johan Hovold drivers/usb/serial/pl2303.c | 1 + drivers/usb/serial/pl2303.h | 1 + 2 files changed, 2 insertions(+) commit 79c6f448c8b79c321e4a1f31f98194e4f6b6cae7 Author: Steven Rostedt (VMware) Date: Mon Jan 30 19:27:10 2017 -0500 tracing: Fix hwlat kthread migration The hwlat tracer creates a kernel thread at start of the tracer. It is pinned to a single CPU and will move to the next CPU after each period of running. If the user modifies the migration thread's affinity, it will not change after that happens. The original code created the thread at the first instance it was called, but later was changed to destroy the thread after the tracer was finished, and would not be created until the next instance of the tracer was established. The code that initialized the affinity was only called on the initial instantiation of the tracer. After that, it was not initialized, and the previous affinity did not match the current newly created one, making it appear that the user modified the thread's affinity when it did not, and the thread failed to migrate again. Cc: stable@vger.kernel.org Fixes: 0330f7aa8ee6 ("tracing: Have hwlat trace migrate across tracing_cpumask CPUs") Signed-off-by: Steven Rostedt (VMware) kernel/trace/trace_hwlat.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) commit 92c715fca907686f5298220ece53423e38ba3aed Author: Maarten Lankhorst Date: Tue Jan 31 10:25:25 2017 +0100 drm/atomic: Fix double free in drm_atomic_state_default_clear drm_atomic_helper_page_flip and drm_atomic_ioctl set their own events in crtc_state->event. But when it's set the event is freed in 2 places. Solve this by only freeing the event in the atomic ioctl when it allocated its own event. This has been broken twice. The first time when the code was introduced, but only in the corner case when an event is allocated, but more crtc's were included by atomic check and then failing. This can mostly happen when you do an atomic modeset in i915 and the display clock is changed, which forces all crtc's to be included to the state. This has been broken worse by adding in-fences support, which caused the double free to be done unconditionally. [IGT] kms_rotation_crc: starting subtest primary-rotation-180 ============================================================================= BUG kmalloc-128 (Tainted: G U ): Object already free ----------------------------------------------------------------------------- Disabling lock debugging due to kernel taint INFO: Allocated in drm_atomic_helper_setup_commit+0x285/0x2f0 [drm_kms_helper] age=0 cpu=3 pid=1529 ___slab_alloc+0x308/0x3b0 __slab_alloc+0xd/0x20 kmem_cache_alloc_trace+0x92/0x1c0 drm_atomic_helper_setup_commit+0x285/0x2f0 [drm_kms_helper] intel_atomic_commit+0x35/0x4f0 [i915] drm_atomic_commit+0x46/0x50 [drm] drm_mode_atomic_ioctl+0x7d4/0xab0 [drm] drm_ioctl+0x2b3/0x490 [drm] do_vfs_ioctl+0x69c/0x700 SyS_ioctl+0x4e/0x80 entry_SYSCALL_64_fastpath+0x13/0x94 INFO: Freed in drm_event_cancel_free+0xa3/0xb0 [drm] age=0 cpu=3 pid=1529 __slab_free+0x48/0x2e0 kfree+0x159/0x1a0 drm_event_cancel_free+0xa3/0xb0 [drm] drm_mode_atomic_ioctl+0x86d/0xab0 [drm] drm_ioctl+0x2b3/0x490 [drm] do_vfs_ioctl+0x69c/0x700 SyS_ioctl+0x4e/0x80 entry_SYSCALL_64_fastpath+0x13/0x94 INFO: Slab 0xffffde1f0997b080 objects=17 used=2 fp=0xffff92fb65ec2578 flags=0x200000000008101 INFO: Object 0xffff92fb65ec2578 @offset=1400 fp=0xffff92fb65ec2ae8 Redzone ffff92fb65ec2570: bb bb bb bb bb bb bb bb ........ Object ffff92fb65ec2578: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object ffff92fb65ec2588: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object ffff92fb65ec2598: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object ffff92fb65ec25a8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object ffff92fb65ec25b8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object ffff92fb65ec25c8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object ffff92fb65ec25d8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object ffff92fb65ec25e8: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b a5 kkkkkkkkkkkkkkk. Redzone ffff92fb65ec25f8: bb bb bb bb bb bb bb bb ........ Padding ffff92fb65ec2738: 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZ CPU: 3 PID: 180 Comm: kworker/3:2 Tainted: G BU 4.10.0-rc6-patser+ #5039 Hardware name: /NUC5PPYB, BIOS PYBSWCEL.86A.0031.2015.0601.1712 06/01/2015 Workqueue: events intel_atomic_helper_free_state [i915] Call Trace: dump_stack+0x4d/0x6d print_trailer+0x20c/0x220 free_debug_processing+0x1c6/0x330 ? drm_atomic_state_default_clear+0xf7/0x1c0 [drm] __slab_free+0x48/0x2e0 ? drm_atomic_state_default_clear+0xf7/0x1c0 [drm] kfree+0x159/0x1a0 drm_atomic_state_default_clear+0xf7/0x1c0 [drm] ? drm_atomic_state_clear+0x30/0x30 [drm] intel_atomic_state_clear+0xd/0x20 [i915] drm_atomic_state_clear+0x1a/0x30 [drm] __drm_atomic_state_free+0x13/0x60 [drm] intel_atomic_helper_free_state+0x5d/0x70 [i915] process_one_work+0x260/0x4a0 worker_thread+0x2d1/0x4f0 kthread+0x127/0x130 ? process_one_work+0x4a0/0x4a0 ? kthread_stop+0x120/0x120 ret_from_fork+0x29/0x40 FIX kmalloc-128: Object at 0xffff92fb65ec2578 not freed Fixes: 3b24f7d67581 ("drm/atomic: Add struct drm_crtc_commit to track async updates") Fixes: 9626014258a5 ("drm/fence: add in-fences support") Cc: # v4.8+ Cc: Daniel Vetter Signed-off-by: Maarten Lankhorst Reviewed-by: Daniel Vetter Reviewed-by: Gustavo Padovan Signed-off-by: Daniel Vetter Link: http://patchwork.freedesktop.org/patch/msgid/1485854725-27640-1-git-send-email-maarten.lankhorst@linux.intel.com drivers/gpu/drm/drm_atomic.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) commit 8e9faa15469ed7c7467423db4c62aeed3ff4cae3 Author: Johan Hovold Date: Mon Jan 30 11:26:39 2017 +0100 HID: cp2112: fix gpio-callback error handling In case of a zero-length report, the gpio direction_input callback would currently return success instead of an errno. Fixes: 1ffb3c40ffb5 ("HID: cp2112: make transfer buffers DMA capable") Cc: stable # 4.9 Signed-off-by: Johan Hovold Reviewed-by: Benjamin Tissoires Signed-off-by: Jiri Kosina drivers/hid/hid-cp2112.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 7a7b5df84b6b4e5d599c7289526eed96541a0654 Author: Johan Hovold Date: Mon Jan 30 11:26:38 2017 +0100 HID: cp2112: fix sleep-while-atomic A recent commit fixing DMA-buffers on stack added a shared transfer buffer protected by a spinlock. This is broken as the USB HID request callbacks can sleep. Fix this up by replacing the spinlock with a mutex. Fixes: 1ffb3c40ffb5 ("HID: cp2112: make transfer buffers DMA capable") Cc: stable # 4.9 Signed-off-by: Johan Hovold Reviewed-by: Benjamin Tissoires Signed-off-by: Jiri Kosina drivers/hid/hid-cp2112.c | 26 +++++++++++--------------- 1 file changed, 11 insertions(+), 15 deletions(-) commit 6cfd3cd8d8365cf78db1d25cd276d3d900eb8541 Author: Roger Shimizu Date: Mon Jan 30 20:07:30 2017 +0900 ARM: dts: orion5x-lschl: More consistent naming on linkstation series DTS files, which includes orion5x-linkstation.dtsi, are named: orion5x-linkstation-*.dts So we rename the file below: arch/arm/boot/dts/orion5x-lschl.dts to the new name: arch/arm/boot/dts/orion5x-linkstation-lschl.dts Because DTS conversion of this device was just introduced in 4.9, Debian is still using legacy device support, other distros are the same, so here we won't expect any impact actually. Fixes: f94f268979a2 ("ARM: dts: orion5x: convert ls-chl to FDT") Cc: Ashley Hughes Signed-off-by: Roger Shimizu Signed-off-by: Gregory CLEMENT arch/arm/boot/dts/orion5x-linkstation-lschl.dts | 171 ++++++++++++++++++++++++ arch/arm/boot/dts/orion5x-lschl.dts | 171 ------------------------ 2 files changed, 171 insertions(+), 171 deletions(-) commit 81917bad86a66f2bdcb12b4c10ab1bf333ed25ec Author: Roger Shimizu Date: Mon Jan 30 20:07:29 2017 +0900 ARM: dts: orion5x-lschl: Fix model name Model name should be consistent with legacy device file, so that user can migrate their system from legacy device support to device-tree safely. Legacy device file is currently removed, but it can be found on 4.8 or previous version of linux: arch/arm/mach-orion5x/ls-chl-setup.c Fixes: f94f268979a2 ("ARM: dts: orion5x: convert ls-chl to FDT") Cc: Ashley Hughes Signed-off-by: Roger Shimizu Signed-off-by: Gregory CLEMENT arch/arm/boot/dts/orion5x-lschl.dts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 161e6d44a5e2d3f85365cb717d60e363171b39e6 Author: Gabriel Krisman Bertazi Date: Mon Jan 16 12:23:42 2017 -0200 mmc: sdhci: Ignore unexpected CARD_INT interrupts One of our kernelCI boxes hanged at boot because a faulty eSDHC device was triggering spurious CARD_INT interrupts for SD cards, causing CMD52 reads, which are not allowed for SD devices. This adds a sanity check to the interruption path, preventing that illegal command from getting sent if the CARD_INT interruption should be disabled. This quirk allows that particular machine to resume boot despite the faulty hardware, instead of getting hung dealing with thousands of mishandled interrupts. Suggested-by: Adrian Hunter Signed-off-by: Gabriel Krisman Bertazi Acked-by: Adrian Hunter Signed-off-by: Ulf Hansson Cc: drivers/mmc/host/sdhci.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 2b5078937355c0d662ecef54b7d4d04f48da4fa9 Author: Ben Skeggs Date: Tue Jan 24 09:32:26 2017 +1000 drm/nouveau/kms/nv50: request vblank events for commits that send completion events This somehow fixes an issue where sync-to-vblank longer works correctly after resume from suspend. From a HW perspective, we don't need the IRQs turned on to be able to detect flip completion, so it's assumed that this is required for the voodoo in the core DRM vblank core. Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/nv50_display.c | 6 ++++++ 1 file changed, 6 insertions(+) commit 24bf7ae359b8cca165bb30742d2b1c03a1eb23af Author: Ilia Mirkin Date: Thu Jan 19 22:56:30 2017 -0500 drm/nouveau/nv1a,nv1f/disp: fix memory clock rate retrieval Based on the xf86-video-nv code, NFORCE (NV1A) and NFORCE2 (NV1F) have a different way of retrieving clocks. See the nv_hw.c:nForceUpdateArbitrationSettings function in the original code for how these clocks were accessed. Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=54587 Cc: stable@vger.kernel.org Signed-off-by: Ilia Mirkin Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/dispnv04/hw.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit d347583a39e2df609a9e40c835f72d3614665b53 Author: Alastair Bridgewater Date: Wed Jan 11 15:47:18 2017 -0500 drm/nouveau/disp/gt215: Fix HDA ELD handling (thus, HDMI audio) on gt215 Store the ELD correctly, not just enough copies of the first byte to pad out the given ELD size. Signed-off-by: Alastair Bridgewater Fixes: 120b0c39c756 ("drm/nv50-/disp: audit and version SOR_HDA_ELD method") Cc: stable@vger.kernel.org # v3.17+ Reviewed-by: Ilia Mirkin Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/nvkm/engine/disp/hdagt215.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d72498ca2cbcf15e5038b184a95f061bca21e820 Author: Martin Peres Date: Wed Dec 7 06:30:15 2016 +0200 drm/nouveau/nouveau/led: prevent compiling the led-code if nouveau=y and leds=m The proper fix would have been to select LEDS_CLASS but this can lead to a circular dependency, as found out by Arnd. This patch implements Arnd's suggestion instead, at the cost of some auto-magic for a fringe feature. Reported-by: Arnd Bergmann Reported-by: Intel's 0-DAY Fixes: 8d021d71b324 ("drm/nouveau/drm/nouveau: add a LED driver for the NVIDIA logo") Signed-off-by: Martin Peres Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/nouveau_led.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 7dfee6827780d4228148263545af936d0cae8930 Author: Ben Skeggs Date: Mon Jan 9 10:22:15 2017 +1000 drm/nouveau/disp/mcp7x: disable dptmds workaround The workaround appears to cause regressions on these boards, and from inspection of RM traces, NVIDIA don't appear to do it on them either. Signed-off-by: Ben Skeggs Tested-by: Roy Spliet drivers/gpu/drm/nouveau/nvkm/engine/disp/nv50.c | 2 -- 1 file changed, 2 deletions(-) commit c966b6279f610a24ac1d42dcbe30e10fa61220b2 Author: Ben Skeggs Date: Wed May 25 17:11:40 2016 +1000 drm/nouveau: prevent userspace from deleting client object Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/nouveau_usif.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 96692b097ba76d0c637ae8af47b29c73da33c9d0 Author: Ben Skeggs Date: Wed Dec 14 09:52:39 2016 +1000 drm/nouveau/fence/g84-: protect against concurrent access to semaphore buffers Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/nouveau_fence.h | 1 + drivers/gpu/drm/nouveau/nv84_fence.c | 6 ++++++ 2 files changed, 7 insertions(+) commit 433e19cf33d34bb6751c874a9c00980552fe508c Author: Dexuan Cui Date: Sat Jan 28 11:46:02 2017 -0700 Drivers: hv: vmbus: finally fix hv_need_to_signal_on_read() Commit a389fcfd2cb5 ("Drivers: hv: vmbus: Fix signaling logic in hv_need_to_signal_on_read()") added the proper mb(), but removed the test "prev_write_sz < pending_sz" when making the signal decision. As a result, the guest can signal the host unnecessarily, and then the host can throttle the guest because the host thinks the guest is buggy or malicious; finally the user running stress test can perceive intermittent freeze of the guest. This patch brings back the test, and properly handles the in-place consumption APIs used by NetVSC (see get_next_pkt_raw(), put_pkt_raw() and commit_rd_index()). Fixes: a389fcfd2cb5 ("Drivers: hv: vmbus: Fix signaling logic in hv_need_to_signal_on_read()") Signed-off-by: Dexuan Cui Reported-by: Rolf Neugebauer Tested-by: Rolf Neugebauer Cc: "K. Y. Srinivasan" Cc: Haiyang Zhang Cc: Stephen Hemminger Cc: Signed-off-by: K. Y. Srinivasan Signed-off-by: Greg Kroah-Hartman drivers/hv/ring_buffer.c | 1 + drivers/net/hyperv/netvsc.c | 6 ++++++ include/linux/hyperv.h | 32 ++++++++++++++++++++++++++++++-- 3 files changed, 37 insertions(+), 2 deletions(-) commit 05e0be7c900797e9164976a6014d534ce3035909 Author: Christophe JAILLET Date: Tue Jan 31 00:47:30 2017 -0800 Input: synaptics-rmi4 - fix reversed conditions in enable/disable_irq_wake These tests are reversed. A warning should be displayed if an error is returned, not on success. Signed-off-by: Christophe JAILLET Reviewed-by: Benjamin Tissoires Signed-off-by: Dmitry Torokhov drivers/input/rmi4/rmi_driver.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 52f5631a4c056ad01682393be56d2be237e81610 Author: Jurij Smakov Date: Mon Jan 30 15:41:36 2017 -0600 rtlwifi: rtl8192ce: Fix loading of incorrect firmware In commit cf4747d7535a ("rtlwifi: Fix regression caused by commit d86e64768859, an error in the edit results in the wrong firmware being loaded for some models of the RTL8188/8192CE. In this condition, the connection suffered from high ping latency, slow transfer rates, and required higher signal strengths to work at all See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853073, https://bugzilla.opensuse.org/show_bug.cgi?id=1017471, and https://github.com/lwfinger/rtlwifi_new/issues/203 for descriptions of the problems. This patch fixes all of those problems. Fixes: cf4747d7535a ("rtlwifi: Fix regression caused by commit d86e64768859") Signed-off-by: Jurij Smakov Signed-off-by: Larry Finger Cc: Stable # 4.9+ Signed-off-by: Kalle Valo drivers/net/wireless/realtek/rtlwifi/rtl8192ce/sw.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) commit 36e854c3b8e17db0e9ace2c603d492b71d53b5cd Merge: 0a019a2 420a387 Author: Olof Johansson Date: Mon Jan 30 21:22:37 2017 -0800 Merge tag 'at91-ab-4.10-soc' of git://git.kernel.org/pub/scm/linux/kernel/git/abelloni/linux into fixes AT91 SoC fixes for 4.10: - change email addresses for Nicolas and Ludovic following the Microchip-Atmel merger * tag 'at91-ab-4.10-soc' of git://git.kernel.org/pub/scm/linux/kernel/git/abelloni/linux: MAINTAINERS: change email address from atmel to microchip MAINTAINERS: at91: change email address Signed-off-by: Olof Johansson commit f9a42e0d58cf0fe3d902e63d4582f2ea4cd2bb8b Merge: 751321b 54791b2 Author: Linus Torvalds Date: Mon Jan 30 15:47:19 2017 -0800 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc Pull sparc fixes from David Miller: "Several small bug fixes and tidies, along with a fix for non-resumable memory errors triggered by userspace" * git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc: sparc64: Handle PIO & MEM non-resumable errors. sparc64: Zero pages on allocation for mondo and error queues. sparc: Fixed typo in sstate.c. Replaced panicing with panicking sparc: use symbolic names for tsb indexing commit 54791b276b4000b307339f269d3bf7db877d536f Merge: 5d0e770 0474872 Author: David S. Miller Date: Mon Jan 30 14:28:22 2017 -0800 Merge branch 'sparc64-non-resumable-user-error-recovery' Liam R. Howlett says: ==================== sparc64: Recover from userspace non-resumable PIO & MEM errors A non-resumable error from userspace is able to cause a kernel panic or trap loop due to the setup and handling of the queued traps once in the kernel. This patch series addresses both of these issues. The queues are fixed by simply zeroing the memory before use. PIO errors from userspace will result in a SIGBUS being sent to the user process. The MEM errors form userspace will result in a SIGKILL and also cause the offending pages to be claimed so they are no longer used in future tasks. SIGKILL is used to ensure that the process does not try to coredump and result in an attempt to read the memory again from within kernel space. Although there is a HV call to scrub the memory (mem_scrub), there is no easy way to guarantee that the real memory address(es) are not used by other tasks. Clearing the error with mem_scrub would zero the memory and cause the other processes to proceed with bad data. The handling of other non-resumable errors remain unchanged and will cause a panic. ==================== Signed-off-by: David S. Miller commit 047487241ff59374fded8c477f21453681f5995c Author: Liam R. Howlett Date: Tue Jan 17 10:59:03 2017 -0500 sparc64: Handle PIO & MEM non-resumable errors. User processes trying to access an invalid memory address via PIO will receive a SIGBUS signal instead of causing a panic. Memory errors will receive a SIGKILL since a SIGBUS may result in a coredump which may attempt to repeat the faulting access. Signed-off-by: Liam R. Howlett Signed-off-by: David S. Miller arch/sparc/kernel/traps_64.c | 73 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 73 insertions(+) commit 7a7dc961a28b965a0d0303c2e989df17b411708b Author: Liam R. Howlett Date: Tue Jan 17 10:59:02 2017 -0500 sparc64: Zero pages on allocation for mondo and error queues. Error queues use a non-zero first word to detect if the queues are full. Using pages that have not been zeroed may result in false positive overflow events. These queues are set up once during boot so zeroing all mondo and error queue pages is safe. Note that the false positive overflow does not always occur because the page allocation for these queues is so early in the boot cycle that higher number CPUs get fresh pages. It is only when traps are serviced with lower number CPUs who were given already used pages that this issue is exposed. Signed-off-by: Liam R. Howlett Signed-off-by: David S. Miller arch/sparc/kernel/irq_64.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 040587af31228d82c52267f717c9fcdb65f36335 Author: Simon Horman Date: Mon Jan 30 16:19:02 2017 +0100 net/sched: cls_flower: Correct matching on ICMPv6 code When matching on the ICMPv6 code ICMPV6_CODE rather than ICMPV4_CODE attributes should be used. This corrects what appears to be a typo. Sample usage: tc qdisc add dev eth0 ingress tc filter add dev eth0 protocol ipv6 parent ffff: flower \ indev eth0 ip_proto icmpv6 type 128 code 0 action drop Without this change the code parameter above is effectively ignored. Fixes: 7b684884fbfa ("net/sched: cls_flower: Support matching on ICMP type and code") Signed-off-by: Simon Horman Signed-off-by: David S. Miller net/sched/cls_flower.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 0d29ed28da63dd893395c343c7e78b078de93ceb Merge: 2b89ed6 a06393ed0 Author: David S. Miller Date: Mon Jan 30 16:38:39 2017 -0500 Merge tag 'linux-can-fixes-for-4.10-20170130' of git://git.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can Marc Kleine-Budde says: ==================== pull-request: can 2017-01-30 this is a pull request of one patch. The patch is by Oliver Hartkopp and fixes the hrtimer/tasklet termination in bcm op removal. ==================== Signed-off-by: David S. Miller commit 751321b3dd5040dc5be19bd23f985e80c914621a Merge: 566cf87 586655d Author: Linus Torvalds Date: Mon Jan 30 13:18:12 2017 -0800 Merge tag 'rtc-4.10-2' of git://git.kernel.org/pub/scm/linux/kernel/git/abelloni/linux Pull RTC fix from Alexandre Belloni: "A single fix for this cycle. It is worth taking it for 4.10 so that distributions will not have CONFIG_RTC_DRV_JZ4740 switching from m to y in their config. Summary: - Allow jz4740 to build as a module again by using kernel_halt()" * tag 'rtc-4.10-2' of git://git.kernel.org/pub/scm/linux/kernel/git/abelloni/linux: rtc: jz4740: make the driver buildable as a module again commit 420a3879d694e5c3e734fb92151d19b2ec503e46 Author: Ludovic Desroches Date: Fri Jan 27 14:33:44 2017 +0100 MAINTAINERS: change email address from atmel to microchip Use microchip email address instead of old atmel one. Signed-off-by: Ludovic Desroches Signed-off-by: Alexandre Belloni MAINTAINERS | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) commit e085b9d8fcbd7c8a3175268a16437cf359c0d052 Author: Nicolas Ferre Date: Fri Jan 27 15:43:42 2017 +0100 MAINTAINERS: at91: change email address Following the Microchip / Atmel merger and the unification of internal IT, it's more convenient for me to swith to the microchip.com address. Change all my entries to reflect this. Signed-off-by: Nicolas Ferre Signed-off-by: Alexandre Belloni MAINTAINERS | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) commit 2b89ed65a6f201a6a4f0450ad289aa4bf491608c Author: Vlad Yasevich Date: Sun Jan 29 22:52:53 2017 -0500 ipv6: Paritially checksum full MTU frames IPv6 will mark data that is smaller that mtu - headersize as CHECKSUM_PARTIAL, but if the data will completely fill the mtu, the packet checksum will be computed in software instead. Extend the conditional to include the data that fills the mtu as well. Signed-off-by: Vladislav Yasevich Signed-off-by: David S. Miller net/ipv6/ip6_output.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d585df1c5ccf995fcee910705ad7a9cdd11d4152 Author: Jack Morgenstein Date: Mon Jan 30 15:11:45 2017 +0200 net/mlx4_core: Avoid command timeouts during VF driver device shutdown Some Hypervisors detach VFs from VMs by instantly causing an FLR event to be generated for a VF. In the mlx4 case, this will cause that VF's comm channel to be disabled before the VM has an opportunity to invoke the VF device's "shutdown" method. The result is that the VF driver on the VM will experience a command timeout during the shutdown process when the Hypervisor does not deliver a command-completion event to the VM. To avoid FW command timeouts on the VM when the driver's shutdown method is invoked, we detect the absence of the VF's comm channel at the very start of the shutdown process. If the comm-channel has already been disabled, we cause all FW commands during the device shutdown process to immediately return success (and thus avoid all command timeouts). Signed-off-by: Jack Morgenstein Signed-off-by: Tariq Toukan Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx4/catas.c | 2 +- drivers/net/ethernet/mellanox/mlx4/intf.c | 12 ++++++++++++ drivers/net/ethernet/mellanox/mlx4/mlx4.h | 1 + 3 files changed, 14 insertions(+), 1 deletion(-) commit 6415aa5039bd40022e0377afb8ce53f8637080e7 Merge: 051a2e0 d15118a Author: David S. Miller Date: Mon Jan 30 15:44:05 2017 -0500 Merge tag 'mlx5-fixes-2017-01-27' of git://git.kernel.org/pub/scm/linux/kernel/git/saeed/linux Saeed Mahameed says: ==================== mlx5-fixes-2017-01-27 A couple of mlx5 core and ethernet driver fixes. From Or, A couple of error return values and error handling fixes. From Hadar, Support TC encapsulation offloads even when the mlx5e uplink device is stacked under an upper device. From Gal, Two patches to fix RSS hash modifications via ethtool. From Moshe, Added a needed ets capability check. ==================== Signed-off-by: David S. Miller commit 051a2e0860cd1554fda6beba36487b23252fd3c6 Merge: 4af0e5b 2b1d530 Author: David S. Miller Date: Mon Jan 30 15:19:23 2017 -0500 Merge tag 'wireless-drivers-for-davem-2017-01-29' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers Kalle Valo says: ==================== wireless-drivers fixes for 4.10 Most important here are fixes to two iwlwifi crashes, but there's also a firmware naming fix for iwlwifi and a revert of an older bcma patch. ==================== Signed-off-by: David S. Miller commit 4af0e5bb95ee3ba5ea4bd7dbb94e1648a5279cc9 Author: Arseny Solokha Date: Sun Jan 29 19:52:20 2017 +0700 gianfar: synchronize DMA API usage by free_skb_rx_queue w/ gfar_new_page In spite of switching to paged allocation of Rx buffers, the driver still called dma_unmap_single() in the Rx queues tear-down path. The DMA region unmapping code in free_skb_rx_queue() basically predates the introduction of paged allocation to the driver. While being refactored, it apparently hasn't reflected the change in the DMA API usage by its counterpart gfar_new_page(). As a result, setting an interface to the DOWN state now yields the following: # ip link set eth2 down fsl-gianfar ffe24000.ethernet: DMA-API: device driver frees DMA memory with wrong function [device address=0x000000001ecd0000] [size=40] ------------[ cut here ]------------ WARNING: CPU: 1 PID: 189 at lib/dma-debug.c:1123 check_unmap+0x8e0/0xa28 CPU: 1 PID: 189 Comm: ip Tainted: G O 4.9.5 #1 task: dee73400 task.stack: dede2000 NIP: c02101e8 LR: c02101e8 CTR: c0260d74 REGS: dede3bb0 TRAP: 0700 Tainted: G O (4.9.5) MSR: 00021000 CR: 28002222 XER: 00000000 GPR00: c02101e8 dede3c60 dee73400 000000b6 dfbd033c dfbd36c4 1f622000 dede2000 GPR08: 00000007 c05b1634 1f622000 00000000 22002484 100a9904 00000000 00000000 GPR16: 00000000 db4c849c 00000002 db4c8480 00000001 df142240 db4c84bc 00000000 GPR24: c0706148 c0700000 00029000 c07552e8 c07323b4 dede3cb8 c07605e0 db535540 NIP [c02101e8] check_unmap+0x8e0/0xa28 LR [c02101e8] check_unmap+0x8e0/0xa28 Call Trace: [dede3c60] [c02101e8] check_unmap+0x8e0/0xa28 (unreliable) [dede3cb0] [c02103b8] debug_dma_unmap_page+0x88/0x9c [dede3d30] [c02dffbc] free_skb_resources+0x2c4/0x404 [dede3d80] [c02e39b4] gfar_close+0x24/0xc8 [dede3da0] [c0361550] __dev_close_many+0xa0/0xf8 [dede3dd0] [c03616f0] __dev_close+0x2c/0x4c [dede3df0] [c036b1b8] __dev_change_flags+0xa0/0x174 [dede3e10] [c036b2ac] dev_change_flags+0x20/0x60 [dede3e30] [c03e130c] devinet_ioctl+0x540/0x824 [dede3e90] [c0347dcc] sock_ioctl+0x134/0x298 [dede3eb0] [c0111814] do_vfs_ioctl+0xac/0x854 [dede3f20] [c0111ffc] SyS_ioctl+0x40/0x74 [dede3f40] [c000f290] ret_from_syscall+0x0/0x3c --- interrupt: c01 at 0xff45da0 LR = 0xff45cd0 Instruction dump: 811d001c 7c66482e 813d0020 9061000c 807f000c 5463103a 7cc6182e 3c60c052 386309ac 90c10008 4cc63182 4826b845 <0fe00000> 4bfffa60 3c80c052 388402c4 ---[ end trace 695ae6d7ac1d0c47 ]--- Mapped at: [] gfar_alloc_rx_buffs+0x178/0x248 [] startup_gfar+0x368/0x570 [] __dev_open+0xdc/0x150 [] __dev_change_flags+0xa0/0x174 [] dev_change_flags+0x20/0x60 Even though the issue was discovered in 4.9 kernel, the code in question is identical in the current net and net-next trees. Fixes: 75354148ce69 ("gianfar: Add paged allocation and Rx S/G") Signed-off-by: Arseny Solokha Acked-by: Claudiu Manoil Signed-off-by: David S. Miller drivers/net/ethernet/freescale/gianfar.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 94842b4fc4d6b1691cfc86c6f5251f299d27f4ba Author: Pavel Belous Date: Sat Jan 28 22:53:28 2017 +0300 net: ethtool: add support for 2500BaseT and 5000BaseT link modes This patch introduce support for 2500BaseT and 5000BaseT link modes. These modes are included in the new IEEE 802.3bz standard. Signed-off-by: Pavel Belous Signed-off-by: David S. Miller include/uapi/linux/ethtool.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit cdca06e4e85974d8a3503ab15709dbbaf90d3dd1 Author: Alexander Stein Date: Mon Jan 30 12:35:28 2017 +0100 pinctrl: baytrail: Add missing spinlock usage in byt_gpio_irq_handler According to VLI64 Intel Atom E3800 Specification Update (#329901) concurrent read accesses may result in returning 0xffffffff and write accesses may be dropped silently. To workaround all accesses must be protected by locks. Cc: stable@vger.kernel.org Signed-off-by: Alexander Stein Acked-by: Mika Westerberg Signed-off-by: Linus Walleij drivers/pinctrl/intel/pinctrl-baytrail.c | 2 ++ 1 file changed, 2 insertions(+) commit 1b89970d81bbd52720fc64a3fe9572ee33588363 Author: Andy Shevchenko Date: Thu Jan 26 19:24:08 2017 +0200 pinctrl: baytrail: Debounce register is one per community Debounce value is set globally per community. Otherwise user will easily get a kernel crash when they start using the feature: BUG: unable to handle kernel paging request at ffffc900003be000 IP: byt_gpio_dbg_show+0xa9/0x430 Make it clear in byt_gpio_reg(). Note that this fix just prevents kernel to crash, but doesn't make any difference to the existing logic. It means the last caller will win the trade and debounce value will be configured accordingly. The actual logic fix needs to be thought about and it's not as important as crash fix. That's why the latter goes separately and right now. Fixes: 658b476c742f ("pinctrl: baytrail: Add debounce configuration") Cc: Cristina Ciocan Signed-off-by: Andy Shevchenko Reviewed-by: Jean Delvare Acked-by: Mika Westerberg Signed-off-by: Linus Walleij drivers/pinctrl/intel/pinctrl-baytrail.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) commit 827e1579e1d5cb66e340e7be1944b825b542bbdf Author: Andy Shevchenko Date: Thu Jan 26 19:24:07 2017 +0200 pinctrl: baytrail: Rectify debounce support (part 2) The commit 04ff5a095d66 ("pinctrl: baytrail: Rectify debounce support") almost fixes the logic of debuonce but missed couple of things, i.e. typo in mask when disabling debounce and lack of enabling it back. This patch addresses above issues. Reported-by: Jean Delvare Fixes: 04ff5a095d66 ("pinctrl: baytrail: Rectify debounce support") Signed-off-by: Andy Shevchenko Reviewed-by: Jean Delvare Acked-by: Mika Westerberg Signed-off-by: Linus Walleij drivers/pinctrl/intel/pinctrl-baytrail.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) commit 08d85f3ea99f1eeafc4e8507936190e86a16ee8c Author: Marc Zyngier Date: Tue Jan 17 16:00:48 2017 +0000 irqdomain: Avoid activating interrupts more than once Since commit f3b0946d629c ("genirq/msi: Make sure PCI MSIs are activated early"), we can end-up activating a PCI/MSI twice (once at allocation time, and once at startup time). This is normally of no consequences, except that there is some HW out there that may misbehave if activate is used more than once (the GICv3 ITS, for example, uses the activate callback to issue the MAPVI command, and the architecture spec says that "If there is an existing mapping for the EventID-DeviceID combination, behavior is UNPREDICTABLE"). While this could be worked around in each individual driver, it may make more sense to tackle the issue at the core level. In order to avoid getting in that situation, let's have a per-interrupt flag to remember if we have already activated that interrupt or not. Fixes: f3b0946d629c ("genirq/msi: Make sure PCI MSIs are activated early") Reported-and-tested-by: Andre Przywara Signed-off-by: Marc Zyngier Cc: stable@vger.kernel.org Link: http://lkml.kernel.org/r/1484668848-24361-1-git-send-email-marc.zyngier@arm.com Signed-off-by: Thomas Gleixner include/linux/irq.h | 17 +++++++++++++++++ kernel/irq/irqdomain.c | 44 ++++++++++++++++++++++++++++++-------------- 2 files changed, 47 insertions(+), 14 deletions(-) commit f9f96fc10c09ca16e336854c08bc1563eed97985 Author: Hans Verkuil Date: Tue Jan 10 09:44:54 2017 -0200 [media] cec: fix wrong last_la determination Due to an incorrect condition the last_la used for the initial attempt at claiming a logical address could be wrong. The last_la wasn't converted to a mask when ANDing with type2mask, so that test was broken. Signed-off-by: Hans Verkuil Signed-off-by: Mauro Carvalho Chehab drivers/media/cec/cec-adap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 8015d6b83cadc8f9f94c7bc8430255090ddf43d4 Author: Hans Verkuil Date: Mon Jan 2 09:54:24 2017 -0200 [media] cec-intro.rst: mention the v4l-utils package and CEC utilities Mention where to find the CEC utilities. Signed-off-by: Hans Verkuil Signed-off-by: Mauro Carvalho Chehab Documentation/media/uapi/cec/cec-intro.rst | 12 ++++++++++++ 1 file changed, 12 insertions(+) commit ed72b81bb7a49e8bfaa8dd6ab0b0e103ff0771ae Author: Hans Verkuil Date: Mon Jan 2 09:41:40 2017 -0200 [media] cec rst: remove "This API is not yet finalized" notice The API is now finalized, so this notice should be dropped. Signed-off-by: Hans Verkuil Signed-off-by: Mauro Carvalho Chehab Documentation/media/uapi/cec/cec-func-close.rst | 5 ----- Documentation/media/uapi/cec/cec-func-ioctl.rst | 5 ----- Documentation/media/uapi/cec/cec-func-open.rst | 5 ----- Documentation/media/uapi/cec/cec-func-poll.rst | 5 ----- Documentation/media/uapi/cec/cec-intro.rst | 5 ----- Documentation/media/uapi/cec/cec-ioc-adap-g-caps.rst | 5 ----- Documentation/media/uapi/cec/cec-ioc-adap-g-log-addrs.rst | 5 ----- Documentation/media/uapi/cec/cec-ioc-adap-g-phys-addr.rst | 5 ----- Documentation/media/uapi/cec/cec-ioc-dqevent.rst | 5 ----- Documentation/media/uapi/cec/cec-ioc-g-mode.rst | 5 ----- Documentation/media/uapi/cec/cec-ioc-receive.rst | 5 ----- 11 files changed, 55 deletions(-) commit 228dbbfb5d77f8e047b2a1d78da14b7158433027 Author: Dave Martin Date: Wed Jan 18 17:11:56 2017 +0100 ARM: 8643/3: arm/ptrace: Preserve previous registers for short regset write Ensure that if userspace supplies insufficient data to PTRACE_SETREGSET to fill all the registers, the thread's old registers are preserved. Cc: # 3.0.x- Fixes: 5be6f62b0059 ("ARM: 6883/1: ptrace: Migrate to regsets framework") Signed-off-by: Dave Martin Acked-by: Russell King Signed-off-by: Russell King arch/arm/kernel/ptrace.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 97a98ae5b8acf08d07d972c087b2def060bc9b73 Author: Alexander Sverdlin Date: Tue Jan 17 21:10:11 2017 +0100 ARM: 8642/1: LPAE: catch pending imprecise abort on unmask Asynchronous external abort is coded differently in DFSR with LPAE enabled. Fixes: 9254970c "ARM: 8447/1: catch pending imprecise abort on unmask". Signed-off-by: Alexander Sverdlin Cc: Russell King Cc: Andrew Morton Cc: linux-arm-kernel@lists.infradead.org Signed-off-by: Russell King arch/arm/mm/fault.c | 4 ++-- arch/arm/mm/fault.h | 4 ++++ 2 files changed, 6 insertions(+), 2 deletions(-) commit 0b3589be9b98994ce3d5aeca52445d1f5627c4ba Author: Peter Zijlstra Date: Thu Jan 26 23:15:08 2017 +0100 perf/core: Fix PERF_RECORD_MMAP2 prot/flags for anonymous memory Andres reported that MMAP2 records for anonymous memory always have their protection field 0. Turns out, someone daft put the prot/flags generation code in the file branch, leaving them unset for anonymous memory. Reported-by: Andres Freund Signed-off-by: Peter Zijlstra (Intel) Cc: Alexander Shishkin Cc: Arnaldo Carvalho de Melo Cc: Don Zickus Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Stephane Eranian Cc: Stephane Eranian Cc: Thomas Gleixner Cc: acme@kernel.org Cc: anton@ozlabs.org Cc: namhyung@kernel.org Cc: stable@vger.kernel.org # v3.16+ Fixes: f972eb63b100 ("perf: Pass protection and flags bits through mmap2 interface") Link: http://lkml.kernel.org/r/20170126221508.GF6536@twins.programming.kicks-ass.net Signed-off-by: Ingo Molnar kernel/events/core.c | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) commit a76a82a3e38c8d3fb6499e3dfaeb0949241ab588 Author: Peter Zijlstra Date: Thu Jan 26 16:39:55 2017 +0100 perf/core: Fix use-after-free bug Dmitry reported a KASAN use-after-free on event->group_leader. It turns out there's a hole in perf_remove_from_context() due to event_function_call() not calling its function when the task associated with the event is already dead. In this case the event will have been detached from the task, but the grouping will have been retained, such that group operations might still work properly while there are live child events etc. This does however mean that we can miss a perf_group_detach() call when the group decomposes, this in turn can then lead to use-after-free. Fix it by explicitly doing the group detach if its still required. Reported-by: Dmitry Vyukov Tested-by: Dmitry Vyukov Signed-off-by: Peter Zijlstra (Intel) Cc: Alexander Shishkin Cc: Arnaldo Carvalho de Melo Cc: Arnaldo Carvalho de Melo Cc: Jiri Olsa Cc: Linus Torvalds Cc: Mathieu Desnoyers Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: stable@vger.kernel.org # v4.5+ Cc: syzkaller Fixes: 63b6da39bb38 ("perf: Fix perf_event_exit_task() race") Link: http://lkml.kernel.org/r/20170126153955.GD6515@twins.programming.kicks-ass.net Signed-off-by: Ingo Molnar kernel/events/core.c | 27 +++++++++++++++++++++++++-- 1 file changed, 25 insertions(+), 2 deletions(-) commit a06393ed03167771246c4c43192d9c264bc48412 Author: Oliver Hartkopp Date: Wed Jan 18 21:30:51 2017 +0100 can: bcm: fix hrtimer/tasklet termination in bcm op removal When removing a bcm tx operation either a hrtimer or a tasklet might run. As the hrtimer triggers its associated tasklet and vice versa we need to take care to mutually terminate both handlers. Reported-by: Michael Josenhans Signed-off-by: Oliver Hartkopp Tested-by: Michael Josenhans Cc: linux-stable Signed-off-by: Marc Kleine-Budde net/can/bcm.c | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) commit e6e7b48b295afa5a5ab440de0a94d9ad8b3ce2d0 Author: Daniel Vetter Date: Thu Jan 12 17:15:56 2017 +0100 drm: Don't race connector registration I was under the misconception that the sysfs dev stuff can be fully set up, and then registered all in one step with device_add. That's true for properties and property groups, but not for parents and child devices. Those must be fully registered before you can register a child. Add a bit of tracking to make sure that asynchronous mst connector hotplugging gets this right. For consistency we rely upon the implicit barriers of the connector->mutex, which is taken anyway, to ensure that at least either the connector or device registration call will work out. Mildly tested since I can't reliably reproduce this on my mst box here. Reported-by: Dave Hansen Cc: Dave Hansen Acked-by: Chris Wilson Cc: Chris Wilson Signed-off-by: Daniel Vetter Link: http://patchwork.freedesktop.org/patch/msgid/1484237756-2720-1-git-send-email-daniel.vetter@ffwll.ch drivers/gpu/drm/drm_connector.c | 3 +++ drivers/gpu/drm/drm_drv.c | 4 ++++ include/drm/drmP.h | 1 + 3 files changed, 8 insertions(+) commit 4e5b54f127426c82dc2816340c26d951a5bb3429 Author: Daniel Vetter Date: Sun Dec 18 14:35:45 2016 +0100 drm: prevent double-(un)registration for connectors If we're unlucky then the registration from a hotplugged connector might race with the final registration step on driver load. And since MST topology discover is asynchronous that's even somewhat likely. v2: Also update the kerneldoc for @registered! v3: Review from Chris: - Improve kerneldoc for late_register/early_unregister callbacks. - Use mutex_destroy. Reviewed-by: Chris Wilson Cc: Chris Wilson Reviewed-by: Sean Paul Reported-by: Chris Wilson Signed-off-by: Daniel Vetter Link: http://patchwork.freedesktop.org/patch/msgid/20161218133545.2106-1-daniel.vetter@ffwll.ch (cherry picked from commit e73ab00e9a0f1731f34d0620a9c55f5c30c4ad4e) drivers/gpu/drm/drm_connector.c | 20 +++++++++++++++----- include/drm/drm_connector.h | 16 +++++++++++++++- 2 files changed, 30 insertions(+), 6 deletions(-) commit 24c2503255d35c269b67162c397a1a1c1e02f6ce Author: Borislav Petkov Date: Wed Jan 25 21:00:48 2017 +0100 x86/microcode: Do not access the initrd after it has been freed When we look for microcode blobs, we first try builtin and if that doesn't succeed, we fallback to the initrd supplied to the kernel. However, at some point doing boot, that initrd gets jettisoned and we shouldn't access it anymore. But we do, as the below KASAN report shows. That's because find_microcode_in_initrd() doesn't check whether the initrd is still valid or not. So do that. ================================================================== BUG: KASAN: use-after-free in find_cpio_data Read of size 1 by task swapper/1/0 page:ffffea0000db9d40 count:0 mapcount:0 mapping: (null) index:0x1 flags: 0x100000000000000() raw: 0100000000000000 0000000000000000 0000000000000001 00000000ffffffff raw: dead000000000100 dead000000000200 0000000000000000 0000000000000000 page dumped because: kasan: bad access detected CPU: 1 PID: 0 Comm: swapper/1 Tainted: G W 4.10.0-rc5-debug-00075-g2dbde22 #3 Hardware name: Dell Inc. XPS 13 9360/0839Y6, BIOS 1.2.3 12/01/2016 Call Trace: dump_stack ? _atomic_dec_and_lock ? __dump_page kasan_report_error ? pointer ? find_cpio_data __asan_report_load1_noabort ? find_cpio_data find_cpio_data ? vsprintf ? dump_stack ? get_ucode_user ? print_usage_bug find_microcode_in_initrd __load_ucode_intel ? collect_cpu_info_early ? debug_check_no_locks_freed load_ucode_intel_ap ? collect_cpu_info ? trace_hardirqs_on ? flat_send_IPI_mask_allbutself load_ucode_ap ? get_builtin_firmware ? flush_tlb_func ? do_raw_spin_trylock ? cpumask_weight cpu_init ? trace_hardirqs_off ? play_dead_common ? native_play_dead ? hlt_play_dead ? syscall_init ? arch_cpu_idle_dead ? do_idle start_secondary start_cpu Memory state around the buggy address: ffff880036e74f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff880036e74f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff >ffff880036e75000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ^ ffff880036e75080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ffff880036e75100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ================================================================== Reported-by: Andrey Ryabinin Tested-by: Andrey Ryabinin Signed-off-by: Borislav Petkov Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20170126165833.evjemhbqzaepirxo@pd.tnic Signed-off-by: Ingo Molnar arch/x86/include/asm/microcode.h | 1 + arch/x86/kernel/cpu/microcode/amd.c | 5 +++-- arch/x86/kernel/cpu/microcode/core.c | 22 +++++++++++++++++----- 3 files changed, 21 insertions(+), 7 deletions(-) commit 19b26d92dfb70f56440c187a20c49102ab648b97 Author: Andy Shevchenko Date: Tue Jan 24 17:28:22 2017 +0200 pinctrl: intel: merrifield: Add missed check in mrfld_config_set() Not every pin can be configured. Add missed check to prevent access violation. Fixes: 4e80c8f50574 ("pinctrl: intel: Add Intel Merrifield pin controller support") Acked-by: Mika Westerberg Signed-off-by: Andy Shevchenko Signed-off-by: Linus Walleij drivers/pinctrl/intel/pinctrl-merrifield.c | 3 +++ 1 file changed, 3 insertions(+) commit 2154d94b40ea2a5de05245521371d0461bb0d669 Author: Maxime Ripard Date: Mon Jan 23 09:21:30 2017 +0100 pinctrl: sunxi: Don't enforce bias disable (for now) Commit 07fe64ba213f ("pinctrl: sunxi: Handle bias disable") actually enforced enforced the disabling of the pull up/down resistors instead of ignoring it like it was done before. This was part of a wider rework to switch to the generic pinconf bindings, and was meant to be merged together with DT patches that were switching to it, and removing what was considered default values by both the binding and the boards. This included no bias on a pin. However, those DT patches were delayed to 4.11, which would be fine only for a significant number boards having the bias setup wrong, which in turns break the MMC on those boards (and possibly other devices too). In order to avoid conflicts as much as possible, bring back the old behaviour for 4.10, and we'll revert that commit once all the DT bits will have landed. Tested-by: Priit Laes Signed-off-by: Maxime Ripard Acked-by: Chen-Yu Tsai Signed-off-by: Linus Walleij drivers/pinctrl/sunxi/pinctrl-sunxi.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit e82d02580af45663fad6d3596e4344c606e81e10 Author: Jisheng Zhang Date: Mon Jan 23 15:15:32 2017 +0800 pinctrl: berlin-bg4ct: fix the value for "sd1a" of pin SCRD0_CRD_PRES This should be a typo. Signed-off-by: Jisheng Zhang Signed-off-by: Linus Walleij drivers/pinctrl/berlin/berlin-bg4ct.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 0a019a28e0ca0af7dc2691d1a9527960b07ad2bb Merge: ec026b5 8413299 Author: Olof Johansson Date: Sun Jan 29 21:00:48 2017 -0800 Merge tag 'sti-dt-for-v4.10-rc' of git://git.kernel.org/pub/scm/linux/kernel/git/pchotard/sti into fixes STi DT fix: Since v4.10-rc1, xhci is complaining in loop with : [ 801.953836] usb usb6-port1: Cannot enable. Maybe the USB cable is bad? [ 801.960455] xhci-hcd xhci-hcd.0.auto: Cannot set link state. [ 801.966611] usb usb6-port1: cannot disable (err = -32) set property "snps,dis_u3_susphy_quirk" in DT fix it. * tag 'sti-dt-for-v4.10-rc' of git://git.kernel.org/pub/scm/linux/kernel/git/pchotard/sti: ARM: dts: STiH407-family: set snps,dis_u3_susphy_quirk Signed-off-by: Olof Johansson commit a0615a16f7d0ceb5804d295203c302d496d8ee91 Author: Reza Arbab Date: Wed Jan 25 09:54:33 2017 -0600 powerpc/mm: Use the correct pointer when setting a 2MB pte When setting a 2MB pte, radix__map_kernel_page() is using the address ptep = (pte_t *)pudp; Fix this conversion to use pmdp instead. Use pmdp_ptep() to do this instead of casting the pointer. Fixes: 2bfd65e45e87 ("powerpc/mm/radix: Add radix callbacks for early init routines") Cc: stable@vger.kernel.org # v4.7+ Reviewed-by: Aneesh Kumar K.V Signed-off-by: Reza Arbab Signed-off-by: Michael Ellerman arch/powerpc/mm/pgtable-radix.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit d1156b489fa734d1af763d6a07b1637c01bb0aed Author: Alexey Khoroshilov Date: Sat Jan 28 01:07:30 2017 +0300 net: adaptec: starfire: add checks for dma mapping errors init_ring(), refill_rx_ring() and start_tx() don't check if mapping dma memory succeed. The patch adds the checks and failure handling. Found by Linux Driver Verification project (linuxtesting.org). Signed-off-by: Alexey Khoroshilov Signed-off-by: David S. Miller drivers/net/ethernet/adaptec/starfire.c | 45 +++++++++++++++++++++++++++++++-- 1 file changed, 43 insertions(+), 2 deletions(-) commit cf626c3b252b2c9d131be0dd66096ec3bf729e54 Author: Sean Nyekjaer Date: Fri Jan 27 21:39:03 2017 +0100 net: phy: micrel: KSZ8795 do not set SUPPORTED_[Asym_]Pause As pr commit "net: phy: phy drivers should not set SUPPORTED_[Asym_]Pause" this phy driver should not set these feature bits. Signed-off-by: Sean Nyekjaer Fixes: 9d162ed69f51 ("net: phy: micrel: add support for KSZ8795") Reviewed-by: Florian Fainelli Signed-off-by: David S. Miller drivers/net/phy/micrel.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit f1712c73714088a7252d276a57126d56c7d37e64 Author: Eric Dumazet Date: Fri Jan 27 08:11:44 2017 -0800 can: Fix kernel panic at security_sock_rcv_skb Zhang Yanmin reported crashes [1] and provided a patch adding a synchronize_rcu() call in can_rx_unregister() The main problem seems that the sockets themselves are not RCU protected. If CAN uses RCU for delivery, then sockets should be freed only after one RCU grace period. Recent kernels could use sock_set_flag(sk, SOCK_RCU_FREE), but let's ease stable backports with the following fix instead. [1] BUG: unable to handle kernel NULL pointer dereference at (null) IP: [] selinux_socket_sock_rcv_skb+0x65/0x2a0 Call Trace: [] security_sock_rcv_skb+0x4c/0x60 [] sk_filter+0x41/0x210 [] sock_queue_rcv_skb+0x53/0x3a0 [] raw_rcv+0x2a3/0x3c0 [] can_rcv_filter+0x12b/0x370 [] can_receive+0xd9/0x120 [] can_rcv+0xab/0x100 [] __netif_receive_skb_core+0xd8c/0x11f0 [] __netif_receive_skb+0x24/0xb0 [] process_backlog+0x127/0x280 [] net_rx_action+0x33b/0x4f0 [] __do_softirq+0x184/0x440 [] do_softirq_own_stack+0x1c/0x30 [] do_softirq.part.18+0x3b/0x40 [] do_softirq+0x1d/0x20 [] netif_rx_ni+0xe5/0x110 [] slcan_receive_buf+0x507/0x520 [] flush_to_ldisc+0x21c/0x230 [] process_one_work+0x24f/0x670 [] worker_thread+0x9d/0x6f0 [] ? rescuer_thread+0x480/0x480 [] kthread+0x12c/0x150 [] ret_from_fork+0x3f/0x70 Reported-by: Zhang Yanmin Signed-off-by: Eric Dumazet Acked-by: Oliver Hartkopp Signed-off-by: David S. Miller include/linux/can/core.h | 7 +++---- net/can/af_can.c | 12 ++++++++++-- net/can/af_can.h | 3 ++- net/can/bcm.c | 4 ++-- net/can/gw.c | 2 +- net/can/raw.c | 4 ++-- 6 files changed, 20 insertions(+), 12 deletions(-) commit dc97a89e726c4e1830320d1db8215ef77ecebae0 Author: Rafal Ozieblo Date: Fri Jan 27 15:08:20 2017 +0000 net: macb: Fix 64 bit addressing support for GEM This patch adds support for 32 bit GEM in 64 bit system. It checks capability at runtime and uses appropriate buffer descriptor. Signed-off-by: Rafal Ozieblo Signed-off-by: David S. Miller drivers/net/ethernet/cadence/macb.c | 188 +++++++++++++++++++++++++----------- drivers/net/ethernet/cadence/macb.h | 20 +++- 2 files changed, 147 insertions(+), 61 deletions(-) commit 0a764db103376cf69d04449b10688f3516cc0b88 Author: Alexey Brodkin Date: Fri Jan 27 15:24:43 2017 +0300 stmmac: Discard masked flags in interrupt status register DW GMAC databook says the following about bits in "Register 15 (Interrupt Mask Register)": --------------------------->8------------------------- When set, this bit __disables_the_assertion_of_the_interrupt_signal__ because of the setting of XXX bit in Register 14 (Interrupt Status Register). --------------------------->8------------------------- In fact even if we mask one bit in the mask register it doesn't prevent corresponding bit to appear in the status register, it only disables interrupt generation for corresponding event. But currently we expect a bit different behavior: status bits to be in sync with their masks, i.e. if mask for bit A is set in the mask register then bit A won't appear in the interrupt status register. This was proven to be incorrect assumption, see discussion here [1]. That misunderstanding causes unexpected behaviour of the GMAC, for example we were happy enough to just see bogus messages about link state changes. So from now on we'll be only checking bits that really may trigger an interrupt. [1] https://lkml.org/lkml/2016/11/3/413 Signed-off-by: Alexey Brodkin Cc: Giuseppe Cavallaro Cc: Fabrice Gasnier Cc: Joachim Eastwood Cc: Phil Reid Cc: David Miller Cc: Alexandre Torgue Cc: Vineet Gupta Signed-off-by: David S. Miller drivers/net/ethernet/stmicro/stmmac/dwmac1000_core.c | 4 ++++ 1 file changed, 4 insertions(+) commit 566cf877a1fcb6d6dc0126b076aad062054c2637 Author: Linus Torvalds Date: Sun Jan 29 14:25:17 2017 -0800 Linux 4.10-rc6 Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 39cb2c9a316e77f6dfba96c543e55b6672d5a37e Author: Linus Torvalds Date: Sun Jan 29 13:50:06 2017 -0800 drm/i915: Check for NULL i915_vma in intel_unpin_fb_obj() I've seen this trigger twice now, where the i915_gem_object_to_ggtt() call in intel_unpin_fb_obj() returns NULL, resulting in an oops immediately afterwards as the (inlined) call to i915_vma_unpin_fence() tries to dereference it. It seems to be some race condition where the object is going away at shutdown time, since both times happened when shutting down the X server. The call chains were different: - VT ioctl(KDSETMODE, KD_TEXT): intel_cleanup_plane_fb+0x5b/0xa0 [i915] drm_atomic_helper_cleanup_planes+0x6f/0x90 [drm_kms_helper] intel_atomic_commit_tail+0x749/0xfe0 [i915] intel_atomic_commit+0x3cb/0x4f0 [i915] drm_atomic_commit+0x4b/0x50 [drm] restore_fbdev_mode+0x14c/0x2a0 [drm_kms_helper] drm_fb_helper_restore_fbdev_mode_unlocked+0x34/0x80 [drm_kms_helper] drm_fb_helper_set_par+0x2d/0x60 [drm_kms_helper] intel_fbdev_set_par+0x18/0x70 [i915] fb_set_var+0x236/0x460 fbcon_blank+0x30f/0x350 do_unblank_screen+0xd2/0x1a0 vt_ioctl+0x507/0x12a0 tty_ioctl+0x355/0xc30 do_vfs_ioctl+0xa3/0x5e0 SyS_ioctl+0x79/0x90 entry_SYSCALL_64_fastpath+0x13/0x94 - i915 unpin_work workqueue: intel_unpin_work_fn+0x58/0x140 [i915] process_one_work+0x1f1/0x480 worker_thread+0x48/0x4d0 kthread+0x101/0x140 and this patch purely papers over the issue by adding a NULL pointer check and a WARN_ON_ONCE() to avoid the oops that would then generally make the machine unresponsive. Other callers of i915_gem_object_to_ggtt() seem to also check for the returned pointer being NULL and warn about it, so this clearly has happened before in other places. [ Reported it originally to the i915 developers on Jan 8, applying the ugly workaround on my own now after triggering the problem for the second time with no feedback. This is likely to be the same bug reported as https://bugs.freedesktop.org/show_bug.cgi?id=98829 https://bugs.freedesktop.org/show_bug.cgi?id=99134 which has a patch for the underlying problem, but it hasn't gotten to me, so I'm applying the workaround. ] Cc: Daniel Vetter Cc: Jani Nikula Cc: Ville Syrjälä Cc: Chris Wilson Cc: Maarten Lankhorst Cc: Tvrtko Ursulin Cc: Imre Deak Signed-off-by: Linus Torvalds drivers/gpu/drm/i915/intel_display.c | 3 +++ 1 file changed, 3 insertions(+) commit d15118af268324ecfc968dd90396e966f4f9b3ff Author: Moshe Shemesh Date: Thu Jan 19 14:53:07 2017 +0200 net/mlx5e: Check ets capability before ets query FW command On dcbnl callback getpgtccfgtx, the driver should check the ets capability before ets query command is sent to firmware. It is valid to return from this void function without changing in/out parameters, as these parameters are initialized to DCB_ATTR_VALUE_UNDEFINED. Fixes: 3a6a931dfb8e ("net/mlx5e: Support DCBX CEE API") Signed-off-by: Moshe Shemesh Signed-off-by: Saeed Mahameed drivers/net/ethernet/mellanox/mlx5/core/en_dcbnl.c | 5 +++++ 1 file changed, 5 insertions(+) commit a100ff3eef193d2d79daf98dcd97a54776ffeb78 Author: Gal Pressman Date: Thu Jan 12 16:25:46 2017 +0200 net/mlx5e: Fix update of hash function/key via ethtool Modifying TIR hash should change selected fields bitmask in addition to the function and key. Formerly, Only on ethool mlx5e_set_rxfh "ethtoo -X" we would not set this field resulting in zeroing of its value, which means no packet fields are used for RX RSS hash calculation thus causing all traffic to arrive in RQ[0]. On driver load out of the box we don't have this issue, since the TIR hash is fully created from scratch. Tested: ethtool -X ethX hkey ethtool -X ethX hfunc ethtool -X ethX equal All cases are verified with TCP Multi-Stream traffic over IPv4 & IPv6. Fixes: bdfc028de1b3 ("net/mlx5e: Fix ethtool RX hash func configuration change") Signed-off-by: Gal Pressman Signed-off-by: Saeed Mahameed drivers/net/ethernet/mellanox/mlx5/core/en.h | 3 +- .../net/ethernet/mellanox/mlx5/core/en_ethtool.c | 13 +- drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 198 ++++++++++----------- 3 files changed, 109 insertions(+), 105 deletions(-) commit 1d3398facd08a7fd4202f269317a95668eb880b9 Author: Gal Pressman Date: Wed Jan 11 14:32:26 2017 +0200 net/mlx5e: Modify TIRs hash only when it's needed We don't need to modify our TIRs unless the user requested a change in the hash function/key, for example when changing indirection only. Tested: # Modify TIRs hash is needed ethtool -X ethX hkey ethtool -X ethX hfunc # Modify TIRs hash is not needed ethtool -X ethX equal All cases are verified with TCP Multi-Stream traffic over IPv4 & IPv6. Fixes: bdfc028de1b3 ("net/mlx5e: Fix ethtool RX hash func configuration change") Signed-off-by: Gal Pressman Signed-off-by: Saeed Mahameed drivers/net/ethernet/mellanox/mlx5/core/en_ethtool.c | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) commit 3e621b19b0bb1f5bea34f1fbc5fb5629191eda2b Author: Hadar Hen Zion Date: Thu Jan 12 11:07:40 2017 +0200 net/mlx5e: Support TC encapsulation offloads with upper devices When tunneling is used, some virtualizations systems set the (mlx5e) uplink device to be stacked under upper devices such as bridge or ovs internal port, where the VTEP IP address used for the encapsulation is set on that upper device. In order to support such use-cases, we also deal with a setup where the egress mirred device isn't representing a port on the HW e-switch to where the ingress device belongs. We use eswitch service function which returns the uplink and set it as the egress device of the tc encap rule. Fixes: a54e20b4fcae ("net/mlx5e: Add basic TC tunnel set action for SRIOV offloads") Signed-off-by: Hadar Hen Zion Reviewed-by: Or Gerlitz Signed-off-by: Saeed Mahameed drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) commit 5bae8c031053c69b4aa74b7f1ba15d4ec8426208 Author: Or Gerlitz Date: Sun Jan 15 19:05:38 2017 +0200 net/mlx5: E-Switch, Re-enable RoCE on mode change only after FDB destroy We must re-enable RoCE on the e-switch management port (PF) only after destroying the FDB in its switchdev/offloaded mode. Otherwise, when encapsulation is supported, this re-enablement will fail. Also, it's more natural and symmetric to disable RoCE on the PF before we create the FDB under switchdev mode, so do that as well and revert if getting into error during the mode change later. Fixes: 9da34cd34e85 ('net/mlx5: Disable RoCE on the e-switch management [..]') Signed-off-by: Or Gerlitz Reviewed-by: Hadar Hen Zion Signed-off-by: Saeed Mahameed .../ethernet/mellanox/mlx5/core/eswitch_offloads.c | 29 ++++++++++++++-------- 1 file changed, 18 insertions(+), 11 deletions(-) commit 5403dc703ff277f8a2a12a83ac820750485f13b3 Author: Or Gerlitz Date: Wed Jan 11 19:39:42 2017 +0200 net/mlx5: E-Switch, Err when retrieving steering name-space fails Make sure to return error when we failed retrieving the FDB steering name space. Also, while around, correctly print the error when mode change revert fails in the warning message. Signed-off-by: Or Gerlitz Reported-by: Leon Romanovsky Reviewed-by: Roi Dayan Signed-off-by: Saeed Mahameed drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit eff596da48784316ccb83bef82bc1213b512d5e0 Author: Or Gerlitz Date: Thu Jan 12 13:04:01 2017 +0200 net/mlx5: Return EOPNOTSUPP when failing to get steering name-space When we fail to retrieve a hardware steering name-space, the returned error code should say that this operation is not supported. Align the various places in the driver where this call is made to this convention. Also, make sure to warn when we fail to retrieve a SW (ANCHOR) name-space. Signed-off-by: Or Gerlitz Reviewed-by: Matan Barak Signed-off-by: Saeed Mahameed drivers/net/ethernet/mellanox/mlx5/core/en_fs.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 6 +++--- drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) commit 9eb7892351a3a3b403d879b41c4e6efb2c96516f Author: Or Gerlitz Date: Wed Jan 11 19:35:41 2017 +0200 net/mlx5: Change ENOTSUPP to EOPNOTSUPP As ENOTSUPP is specific to NFS, change the return error value to EOPNOTSUPP in various places in the mlx5 driver. Signed-off-by: Or Gerlitz Suggested-by: Yotam Gigi Reviewed-by: Matan Barak Signed-off-by: Saeed Mahameed drivers/net/ethernet/mellanox/mlx5/core/cmd.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/en.h | 4 ++-- drivers/net/ethernet/mellanox/mlx5/core/en_dcbnl.c | 6 +++--- drivers/net/ethernet/mellanox/mlx5/core/en_ethtool.c | 10 +++++----- drivers/net/ethernet/mellanox/mlx5/core/en_fs_ethtool.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 4 ++-- drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 4 ++-- drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/fs_cmd.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/main.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/port.c | 4 ++-- drivers/net/ethernet/mellanox/mlx5/core/vport.c | 2 +- 12 files changed, 22 insertions(+), 22 deletions(-) commit 2c5d9555d6d937966d79d4c6529a5f7b9206e405 Merge: 53cd1ad 2ad5d52 Author: Linus Torvalds Date: Sun Jan 29 10:56:56 2017 -0800 Merge branch 'parisc-4.10-3' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux Pull two parisc fixes from Helge Deller: "One fix to avoid usage of BITS_PER_LONG in user-space exported swab.h header which breaks compiling qemu, and one trivial fix for printk continuation in the parisc parport driver" * 'parisc-4.10-3' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux: parisc: Don't use BITS_PER_LONG in userspace-exported swab.h header parisc, parport_gsc: Fixes for printk continuation lines commit 53cd1ad1a68fd10f677445e04ed63aa9ce39b36b Merge: d56a5ca e13fe92 Author: Linus Torvalds Date: Sat Jan 28 15:09:23 2017 -0800 Merge branch 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux Pull i2c fixes from Wolfram Sang: "Two I2C driver bugfixes. The 'VLLS mode support' patch should have been entitled 'reconfigure pinctrl after suspend' to make the bugfix more clear. Sorry, I missed that, yet didn't want to rebase" * 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux: i2c: imx-lpi2c: add VLLS mode support i2c: i2c-cadence: Initialize configuration before probing devices commit 2ad5d52d42810bed95100a3d912679d8864421ec Author: Helge Deller Date: Sat Jan 28 11:52:02 2017 +0100 parisc: Don't use BITS_PER_LONG in userspace-exported swab.h header In swab.h the "#if BITS_PER_LONG > 32" breaks compiling userspace programs if BITS_PER_LONG is #defined by userspace with the sizeof() compiler builtin. Solve this problem by using __BITS_PER_LONG instead. Since we now #include asm/bitsperlong.h avoid further potential userspace pollution by moving the #define of SHIFT_PER_LONG to bitops.h which is not exported to userspace. This patch unbreaks compiling qemu on hppa/parisc. Signed-off-by: Helge Deller Cc: arch/parisc/include/asm/bitops.h | 8 +++++++- arch/parisc/include/uapi/asm/bitsperlong.h | 2 -- arch/parisc/include/uapi/asm/swab.h | 5 +++-- 3 files changed, 10 insertions(+), 5 deletions(-) commit 83b5d1e3d3013dbf90645a5d07179d018c8243fa Author: Helge Deller Date: Tue Jan 3 22:55:50 2017 +0100 parisc, parport_gsc: Fixes for printk continuation lines Signed-off-by: Helge Deller drivers/parport/parport_gsc.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit d56a5ca366e785f463b4782f65daac883612a2b2 Merge: dd55396 ee6625a Author: Linus Torvalds Date: Sat Jan 28 11:50:17 2017 -0800 Merge tag 'nfs-for-4.10-4' of git://git.linux-nfs.org/projects/trondmy/linux-nfs Pull NFS client bugfixes from Trond Myklebust: "Stable patches: - NFSv4.1: Fix a deadlock in layoutget - NFSv4 must not bump sequence ids on NFS4ERR_MOVED errors - NFSv4 Fix a regression with OPEN EXCLUSIVE4 mode - Fix a memory leak when removing the SUNRPC module Bugfixes: - Fix a reference leak in _pnfs_return_layout" * tag 'nfs-for-4.10-4' of git://git.linux-nfs.org/projects/trondmy/linux-nfs: pNFS: Fix a reference leak in _pnfs_return_layout nfs: Fix "Don't increment lock sequence ID after NFS4ERR_MOVED" SUNRPC: cleanup ida information when removing sunrpc module NFSv4.0: always send mode in SETATTR after EXCLUSIVE4 nfs: Don't increment lock sequence ID after NFS4ERR_MOVED NFSv4.1: Fix a deadlock in layoutget commit dd553962675ab5747e887f89aea1ece90e6a802e Merge: 64a172d 2e38a37 Author: Linus Torvalds Date: Sat Jan 28 11:09:04 2017 -0800 Merge tag 'md/4.10-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/shli/md Pull MD fixes from Shaohua Li: "This fixes several corner cases for raid5 cache, which is merged into this cycle" * tag 'md/4.10-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/shli/md: md/r5cache: disable write back for degraded array md/r5cache: shift complex rmw from read path to write path md/r5cache: flush data only stripes in r5l_recovery_log() md/raid5: move comment of fetch_block to right location md/r5cache: read data into orig_page for prexor of cached data md/raid5-cache: delete meaningless code commit 64a172d265643b345007ddaafcc523f6e5373b69 Merge: ef1dce9 606f422 Author: Linus Torvalds Date: Sat Jan 28 11:06:42 2017 -0800 Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux Pull arm64 fix from Catalin Marinas: "Fix kernel panic on ACPI-based systems where CPU capacity description is not currently handled" * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux: arm64: skip register_cpufreq_notifier on ACPI-based systems commit ef1dce990b06a3f5bf4f71100891686b5d3f7c7e Merge: 1b1bc42 9aed02f Author: Linus Torvalds Date: Sat Jan 28 11:00:08 2017 -0800 Merge tag 'arc-4.10-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc Pull ARC fixes from Vineet Gupta: "Hopefully last set of changes for ARC for 4.10: - fix for unaligned access emulation corner case - fix for udelay loop inline asm regression - fix irq affinity finally for AXS103 board [Yuriy] - final fixes for setting IO-coherency sanely in SMP" * tag 'arc-4.10-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc: ARC: [arcompact] handle unaligned access delay slot corner case ARCv2: smp-boot: wake_flag polling by non-Masters needs to be uncached ARC: smp-boot: Decouple Non masters waiting API from jump to entry point ARCv2: MCIP: update the BCR per current changes ARC: udelay: fix inline assembler by adding LP_COUNT to clobber list ARCv2: MCIP: Deprecate setting of affinity in Device Tree commit 966d2b04e070bc040319aaebfec09e0144dc3341 Author: Douglas Miller Date: Sat Jan 28 06:42:20 2017 -0600 percpu-refcount: fix reference leak during percpu-atomic transition percpu_ref_tryget() and percpu_ref_tryget_live() should return "true" IFF they acquire a reference. But the return value from atomic_long_inc_not_zero() is a long and may have high bits set, e.g. PERCPU_COUNT_BIAS, and the return value of the tryget routines is bool so the reference may actually be acquired but the routines return "false" which results in a reference leak since the caller assumes it does not need to do a corresponding percpu_ref_put(). This was seen when performing CPU hotplug during I/O, as hangs in blk_mq_freeze_queue_wait where percpu_ref_kill (blk_mq_freeze_queue_start) raced with percpu_ref_tryget (blk_mq_timeout_work). Sample stack trace: __switch_to+0x2c0/0x450 __schedule+0x2f8/0x970 schedule+0x48/0xc0 blk_mq_freeze_queue_wait+0x94/0x120 blk_mq_queue_reinit_work+0xb8/0x180 blk_mq_queue_reinit_prepare+0x84/0xa0 cpuhp_invoke_callback+0x17c/0x600 cpuhp_up_callbacks+0x58/0x150 _cpu_up+0xf0/0x1c0 do_cpu_up+0x120/0x150 cpu_subsys_online+0x64/0xe0 device_online+0xb4/0x120 online_store+0xb4/0xc0 dev_attr_store+0x68/0xa0 sysfs_kf_write+0x80/0xb0 kernfs_fop_write+0x17c/0x250 __vfs_write+0x6c/0x1e0 vfs_write+0xd0/0x270 SyS_write+0x6c/0x110 system_call+0x38/0xe0 Examination of the queue showed a single reference (no PERCPU_COUNT_BIAS, and __PERCPU_REF_DEAD, __PERCPU_REF_ATOMIC set) and no requests. However, conditions at the time of the race are count of PERCPU_COUNT_BIAS + 0 and __PERCPU_REF_DEAD and __PERCPU_REF_ATOMIC set. The fix is to make the tryget routines use an actual boolean internally instead of the atomic long result truncated to a int. Fixes: e625305b3907 percpu-refcount: make percpu_ref based on longs instead of ints Link: https://bugzilla.kernel.org/show_bug.cgi?id=190751 Signed-off-by: Douglas Miller Reviewed-by: Jens Axboe Signed-off-by: Tejun Heo Fixes: e625305b3907 ("percpu-refcount: make percpu_ref based on longs instead of ints") Cc: stable@vger.kernel.org # v3.18+ include/linux/percpu-refcount.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit bf29bddf0417a4783da3b24e8c9e017ac649326f Author: Jiri Kosina Date: Fri Jan 27 22:25:52 2017 +0000 x86/efi: Always map the first physical page into the EFI pagetables Commit: 129766708 ("x86/efi: Only map RAM into EFI page tables if in mixed-mode") stopped creating 1:1 mappings for all RAM, when running in native 64-bit mode. It turns out though that there are 64-bit EFI implementations in the wild (this particular problem has been reported on a Lenovo Yoga 710-11IKB), which still make use of the first physical page for their own private use, even though they explicitly mark it EFI_CONVENTIONAL_MEMORY in the memory map. In case there is no mapping for this particular frame in the EFI pagetables, as soon as firmware tries to make use of it, a triple fault occurs and the system reboots (in case of the Yoga 710-11IKB this is very early during bootup). Fix that by always mapping the first page of physical memory into the EFI pagetables. We're free to hand this page to the BIOS, as trim_bios_range() will reserve the first page and isolate it away from memory allocators anyway. Note that just reverting 129766708 alone is not enough on v4.9-rc1+ to fix the regression on affected hardware, as this commit: ab72a27da ("x86/efi: Consolidate region mapping logic") later made the first physical frame not to be mapped anyway. Reported-by: Hanka Pavlikova Signed-off-by: Jiri Kosina Signed-off-by: Matt Fleming Cc: Ard Biesheuvel Cc: Borislav Petkov Cc: Borislav Petkov Cc: Laura Abbott Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: Vojtech Pavlik Cc: Waiman Long Cc: linux-efi@vger.kernel.org Cc: stable@kernel.org # v4.8+ Fixes: 129766708 ("x86/efi: Only map RAM into EFI page tables if in mixed-mode") Link: http://lkml.kernel.org/r/20170127222552.22336-1-matt@codeblueprint.co.uk [ Tidied up the changelog and the comment. ] Signed-off-by: Ingo Molnar arch/x86/platform/efi/efi_64.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) commit 2b1d530cb3157f828fcaadd259613f59db3c6d1c Author: Kalle Valo Date: Fri Jan 27 14:19:25 2017 +0200 MAINTAINERS: ath9k-devel is closed ath9k-devel list is now closed, only linux-wireless should be used. Reported-by: Michael Renzmann Signed-off-by: Kalle Valo MAINTAINERS | 1 - 1 file changed, 1 deletion(-) commit 6f3e71c0c3f2479e05682e2e563b75decab36591 Merge: 9208b75 773c722 Author: James Bottomley Date: Fri Jan 27 17:15:31 2017 -0800 Merge remote-tracking branch 'mkp-scsi/4.10/scsi-fixes' into fixes commit 030305d69fc6963c16003f50d7e8d74b02d0a143 Author: Bjorn Helgaas Date: Fri Jan 27 15:00:45 2017 -0600 PCI/ASPM: Handle PCI-to-PCIe bridges as roots of PCIe hierarchies In a struct pcie_link_state, link->root points to the pcie_link_state of the root of the PCIe hierarchy. For the topmost link, this points to itself (link->root = link). For others, we copy the pointer from the parent (link->root = link->parent->root). Previously we recognized that Root Ports originated PCIe hierarchies, but we treated PCI/PCI-X to PCIe Bridges as being in the middle of the hierarchy, and when we tried to copy the pointer from link->parent->root, there was no parent, and we dereferenced a NULL pointer: BUG: unable to handle kernel NULL pointer dereference at 0000000000000090 IP: [] pcie_aspm_init_link_state+0x170/0x820 Recognize that PCI/PCI-X to PCIe Bridges originate PCIe hierarchies just like Root Ports do, so link->root for these devices should also point to itself. Fixes: 51ebfc92b72b ("PCI: Enumerate switches below PCI-to-PCIe bridges") Link: https://bugzilla.kernel.org/show_bug.cgi?id=193411 Link: https://bugzilla.opensuse.org/show_bug.cgi?id=1022181 Tested-by: lists@ssl-mail.com Tested-by: Jayachandran C. Signed-off-by: Bjorn Helgaas CC: stable@vger.kernel.org # v4.2+ drivers/pci/pcie/aspm.c | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) commit 1b1bc42c1692e9b62756323c675a44cb1a1f9dbd Merge: 3365135 950eabb Author: Linus Torvalds Date: Fri Jan 27 12:54:16 2017 -0800 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net Pull networking fixes from David Miller: 1) GTP fixes from Andreas Schultz (missing genl module alias, clear IP DF on transmit). 2) Netfilter needs to reflect the fwmark when sending resets, from Pau Espin Pedrol. 3) nftable dump OOPS fix from Liping Zhang. 4) Fix erroneous setting of VIRTIO_NET_HDR_F_DATA_VALID on transmit, from Rolf Neugebauer. 5) Fix build error of ipt_CLUSTERIP when procfs is disabled, from Arnd Bergmann. 6) Fix regression in handling of NETIF_F_SG in harmonize_features(), from Eric Dumazet. 7) Fix RTNL deadlock wrt. lwtunnel module loading, from David Ahern. 8) tcp_fastopen_create_child() needs to setup tp->max_window, from Alexey Kodanev. 9) Missing kmemdup() failure check in ipv6 segment routing code, from Eric Dumazet. 10) Don't execute unix_bind() under the bindlock, otherwise we deadlock with splice. From WANG Cong. 11) ip6_tnl_parse_tlv_enc_lim() potentially reallocates the skb buffer, therefore callers must reload cached header pointers into that skb. Fix from Eric Dumazet. 12) Fix various bugs in legacy IRQ fallback handling in alx driver, from Tobias Regnery. 13) Do not allow lwtunnel drivers to be unloaded while they are referenced by active instances, from Robert Shearman. 14) Fix truncated PHY LED trigger names, from Geert Uytterhoeven. 15) Fix a few regressions from virtio_net XDP support, from John Fastabend and Jakub Kicinski. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (102 commits) ISDN: eicon: silence misleading array-bounds warning net: phy: micrel: add support for KSZ8795 gtp: fix cross netns recv on gtp socket gtp: clear DF bit on GTP packet tx gtp: add genl family modules alias tcp: don't annotate mark on control socket from tcp_v6_send_response() ravb: unmap descriptors when freeing rings virtio_net: reject XDP programs using header adjustment virtio_net: use dev_kfree_skb for small buffer XDP receive r8152: check rx after napi is enabled r8152: re-schedule napi for tx r8152: avoid start_xmit to schedule napi when napi is disabled r8152: avoid start_xmit to call napi_schedule during autosuspend net: dsa: Bring back device detaching in dsa_slave_suspend() net: phy: leds: Fix truncated LED trigger names net: phy: leds: Break dependency of phy.h on phy_led_triggers.h net: phy: leds: Clear phy_num_led_triggers on failure to avoid crash net-next: ethernet: mediatek: change the compatible string Documentation: devicetree: change the mediatek ethernet compatible string bnxt_en: Fix RTNL lock usage on bnxt_get_port_module_status(). ... commit 3365135d43f861003555c963b309672d053a2228 Merge: 5906374 e0d76fa Author: Linus Torvalds Date: Fri Jan 27 12:44:32 2017 -0800 Merge tag 'xfs-for-linus-4.10-rc6-5' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux Pull xfs uodates from Darrick Wong: "I have some more fixes this week: better input validation, corruption avoidance, build fixes, memory leak fixes, and a couple from Christoph to avoid an ENOSPC failure. Summary: - Fix race conditions in the CoW code - Fix some incorrect input validation checks - Avoid crashing fs by running out of space when freeing inodes - Fix toctou race wrt whether or not an inode has an attr - Fix build error on arm - Fix page refcount corruption when readahead fails - Don't corrupt userspace in the bmap ioctl" * tag 'xfs-for-linus-4.10-rc6-5' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux: xfs: prevent quotacheck from overloading inode lru xfs: fix bmv_count confusion w/ shared extents xfs: clear _XBF_PAGES from buffers when readahead page xfs: extsize hints are not unlikely in xfs_bmap_btalloc xfs: remove racy hasattr check from attr ops xfs: use per-AG reservations for the finobt xfs: only update mount/resv fields on success in __xfs_ag_resv_init xfs: verify dirblocklog correctly xfs: fix COW writeback race commit 5906374446386fd16fe562b042429d905d231ec3 Merge: 2fb78e8 57b59ed Author: Linus Torvalds Date: Fri Jan 27 12:41:46 2017 -0800 Merge branch 'for-linus-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs Pull btrfs updates from Chris Mason: "Some fixes that we've collected from the list. We still have one more pending to nail down a regression in lzo compression, but I wanted to get this batch out the door" * 'for-linus-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs: Btrfs: remove ->{get, set}_acl() from btrfs_dir_ro_inode_operations Btrfs: disable xattr operations on subvolume directories Btrfs: remove old tree_root case in btrfs_read_locked_inode() Btrfs: fix truncate down when no_holes feature is enabled Btrfs: Fix deadlock between direct IO and fast fsync btrfs: fix false enospc error when truncating heavily reflinked file commit 2fb78e89405f4321b86274a0c24b30896dd50529 Merge: dd3b9f2 c14024d Author: Linus Torvalds Date: Fri Jan 27 12:36:39 2017 -0800 Merge branch 'for-linus' of git://git.kernel.dk/linux-block Pull block fixes from Jens Axboe: "A set of fixes for this series. This contains: - Set of fixes for the nvme target code - A revert of patch from this merge window, causing a regression with WRITE_SAME on iSCSI targets at least. - A fix for a use-after-free in the new O_DIRECT bdev code. - Two fixes for the xen-blkfront driver" * 'for-linus' of git://git.kernel.dk/linux-block: Revert "sd: remove __data_len hack for WRITE SAME" nvme-fc: use blk_rq_nr_phys_segments nvmet-rdma: Fix missing dma sync to nvme data structures nvmet: Call fatal_error from keep-alive timout expiration nvmet: cancel fatal error and flush async work before free controller nvmet: delete controllers deletion upon subsystem release nvmet_fc: correct logic in disconnect queue LS handling block: fix use after free in __blkdev_direct_IO xen-blkfront: correct maximum segment accounting xen-blkfront: feature flags handling adjustments commit dd3b9f25c867cb2507a45e436d6ede8eb08e7b05 Merge: 69978aa b4cfe39 Author: Linus Torvalds Date: Fri Jan 27 12:29:30 2017 -0800 Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma Pull rdma fixes from Doug Ledford: "Second round of -rc fixes for 4.10. This -rc cycle has been slow for the rdma subsystem. I had already sent you the first batch before the Holiday break. After that, we kept only getting a few here or there. Up until this week, when I got a drop of 13 to one driver (qedr). So, here's the -rc patches I have. I currently have none held in reserve, so unless something new comes in, this is it until the next merge window opens. Summary: - series of iw_cxgb4 fixes to make it work with the drain cq API - one or two patches each to: srp, iser, cxgb3, vmw_pvrdma, umem, rxe, and ipoib - one big series (13 patches) for the new qedr driver" * tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma: (27 commits) RDMA/cma: Fix unknown symbol when CONFIG_IPV6 is not enabled IB/rxe: Prevent from completer to operate on non valid QP IB/rxe: Fix rxe dev insertion to rxe_dev_list IB/umem: Release pid in error and ODP flow RDMA/qedr: Dispatch port active event from qedr_add RDMA/qedr: Fix and simplify memory leak in PD alloc RDMA/qedr: Fix RDMA CM loopback RDMA/qedr: Fix formatting RDMA/qedr: Mark three functions as static RDMA/qedr: Don't reset QP when queues aren't flushed RDMA/qedr: Don't spam dmesg if QP is in error state RDMA/qedr: Remove CQ spinlock from CM completion handlers RDMA/qedr: Return max inline data in QP query result RDMA/qedr: Return success when not changing QP state RDMA/qedr: Add uapi header qedr-abi.h RDMA/qedr: Fix MTU returned from QP query RDMA/core: Add the function ib_mtu_int_to_enum IB/vmw_pvrdma: Fix incorrect cleanup on pvrdma_pci_probe error path IB/vmw_pvrdma: Don't leak info from alloc_ucontext IB/cxgb3: fix misspelling in header guard ... commit 69978aa0f21f43529e11f924504dadb6ce2f229a Merge: 2b43215 0d6da87 Author: Linus Torvalds Date: Fri Jan 27 12:25:26 2017 -0800 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux Pull s390 fixes from Martin Schwidefsky: "Another two bug fixes: - ptrace partial write information leak - a guest page hinting regression introduced with v4.6" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux: s390/mm: Fix cmma unused transfer from pgste into pte s390/ptrace: Preserve previous registers for short regset write commit 2b4321503e62523e701405163a034875e92d68cf Merge: 3aebae0 f1225ee Author: Linus Torvalds Date: Fri Jan 27 12:17:07 2017 -0800 Merge branch 'stable/for-linus-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/swiotlb Pull swiotlb fix from Konrad Rzeszutek Wilk: "An ARM fix in the Xen SWIOTLB - mainly the translation of physical to bus addresses was done just a tad too late" * 'stable/for-linus-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/swiotlb: swiotlb-xen: update dev_addr after swapping pages commit 3aebae061cea6f6627ab882a73de7b0b21af3127 Merge: 9d1d166 bd00fdf Author: Linus Torvalds Date: Fri Jan 27 12:10:58 2017 -0800 Merge tag 'vfio-v4.10-rc6' of git://github.com/awilliam/linux-vfio Pull VFIO fix from Alex Williamson: "mdev IOMMU groups are not yet compatible with the powerpc SPAPR IOMMU backend, detect and fail group attach (Greg Kurz)" * tag 'vfio-v4.10-rc6' of git://github.com/awilliam/linux-vfio: vfio/spapr: fail tce_iommu_attach_group() when iommu_data is null commit b4cfe3971f6eab542dd7ecc398bfa1aeec889934 Author: Jack Morgenstein Date: Sun Jan 15 20:15:00 2017 +0200 RDMA/cma: Fix unknown symbol when CONFIG_IPV6 is not enabled If IPV6 has not been enabled in the underlying kernel, we must avoid calling IPV6 procedures in rdma_cm.ko. This requires using "IS_ENABLED(CONFIG_IPV6)" in "if" statements surrounding any code which calls external IPV6 procedures. In the instance fixed here, procedure cma_bind_addr() called ipv6_addr_type() -- which resulted in calling external procedure __ipv6_addr_type(). Fixes: 6c26a77124ff ("RDMA/cma: fix IPv6 address resolution") Cc: # v4.2+ Cc: Spencer Baugh Signed-off-by: Jack Morgenstein Reviewed-by: Moni Shoua Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/core/cma.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit c14024dbb156c8392908aaa822097d27c6af8ec8 Merge: 08965c2 3b4f188 Author: Jens Axboe Date: Fri Jan 27 11:56:06 2017 -0700 Merge branch 'stable/for-jens-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen into for-linus Konrad writes: Please pull in your 'for-linus' branch two little fixes for Xen block front: One fix is for handling the XEN_PAGE_SIZE != PAGE_SIZE (4KB vs 64KB on ARM for example) mishandling while the other is fixing the accounting for the configuration changes. commit 9aed02feae57bf7a40cb04ea0e3017cb7a998db4 Author: Vineet Gupta Date: Fri Jan 27 10:45:27 2017 -0800 ARC: [arcompact] handle unaligned access delay slot corner case After emulating an unaligned access in delay slot of a branch, we pretend as the delay slot never happened - so return back to actual branch target (or next PC if branch was not taken). Curently we did this by handling STATUS32.DE, we also need to clear the BTA.T bit, which is disregarded when returning from original misaligned exception, but could cause weirdness if it took the interrupt return path (in case interrupt was acive too) One ARC700 customer ran into this when enabling unaligned access fixup for kernel mode accesses as well Cc: stable@vger.kernel.org Signed-off-by: Vineet Gupta arch/arc/kernel/unaligned.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 9d1d166f18f8f0f332573b8d2e28e5b3291f09c5 Merge: b84f027 0e0694f Author: Linus Torvalds Date: Fri Jan 27 10:29:33 2017 -0800 Merge tag 'media/v4.10-2' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media Pull media fixes from Mauro Carvalho Chehab: - fix a regression on tvp5150 causing failures at input selection and image glitches - CEC was moved out of staging for v4.10. Fix some bugs on it while not too late - fix a regression on pctv452e caused by VM stack changes - fix suspend issued with smiapp - fix a regression on cobalt driver - fix some warnings and Kconfig issues with some random configs. * tag 'media/v4.10-2' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media: [media] s5k4ecgx: select CRC32 helper [media] dvb: avoid warning in dvb_net [media] v4l: tvp5150: Don't override output pinmuxing at stream on/off time [media] v4l: tvp5150: Fix comment regarding output pin muxing [media] v4l: tvp5150: Reset device at probe time, not in get/set format handlers [media] pctv452e: move buffer to heap, no mutex [media] media/cobalt: use pci_irq_allocate_vectors [media] cec: fix race between configuring and unconfiguring [media] cec: move cec_report_phys_addr into cec_config_thread_func [media] cec: replace cec_report_features by cec_fill_msg_report_features [media] cec: update log_addr[] before finishing configuration [media] cec: CEC_MSG_GIVE_FEATURES should abort for CEC version < 2 [media] cec: when canceling a message, don't overwrite old status info [media] cec: fix report_current_latency [media] smiapp: Make suspend and resume functions __maybe_unused [media] smiapp: Implement power-on and power-off sequences without runtime PM commit b84f02795e3bcf197ae13a7e3ac6cc9d66d2feaa Merge: ed4d50c e9748e0 Author: Linus Torvalds Date: Fri Jan 27 10:25:31 2017 -0800 Merge tag 'mmc-v4.10-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc Pull MMC fix from Ulf Hansson: "MMC host: fix runtime PM resume path in dw_mmc" * tag 'mmc-v4.10-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc: mmc: dw_mmc: force setup bus if active slots exist commit ed4d50c42d67769138b49de7dc672b76c88ee1c8 Merge: fd694aa 3feb479 Author: Linus Torvalds Date: Fri Jan 27 10:22:00 2017 -0800 Merge branch 'for-rc' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux Pull thermal management fix from Zhang Rui: "A single revert from a recently introduced problem. Specifics: Commit 7611fb68062f ("thermal: thermal_hwmon: Convert to hwmon_device_register_with_info()"), which was introduced in 4.10-rc5, uses new hwmon API. But this breaks some soc thermal driver because the new hwmon API has a strict rule for the hwmon device name. Revert the offending commit as a quick solution for 4.10" * 'for-rc' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux: Revert "thermal: thermal_hwmon: Convert to hwmon_device_register_with_info()" commit e0d76fa4475ef2cf4b52d18588b8ce95153d021b Author: Brian Foster Date: Thu Jan 26 13:18:09 2017 -0800 xfs: prevent quotacheck from overloading inode lru Quotacheck runs at mount time in situations where quota accounting must be recalculated. In doing so, it uses bulkstat to visit every inode in the filesystem. Historically, every inode processed during quotacheck was released and immediately tagged for reclaim because quotacheck runs before the superblock is marked active by the VFS. In other words, the final iput() lead to an immediate ->destroy_inode() call, which allowed the XFS background reclaim worker to start reclaiming inodes. Commit 17c12bcd3 ("xfs: when replaying bmap operations, don't let unlinked inodes get reaped") marks the XFS superblock active sooner as part of the mount process to support caching inodes processed during log recovery. This occurs before quotacheck and thus means all inodes processed by quotacheck are inserted to the LRU on release. The s_umount lock is held until the mount has completed and thus prevents the shrinkers from operating on the sb. This means that quotacheck can excessively populate the inode LRU and lead to OOM conditions on systems without sufficient RAM. Update the quotacheck bulkstat handler to set XFS_IGET_DONTCACHE on inodes processed by quotacheck. This causes ->drop_inode() to return 1 and in turn causes iput_final() to evict the inode. This preserves the original quotacheck behavior and prevents it from overloading the LRU and running out of memory. CC: stable@vger.kernel.org # v4.9 Reported-by: Martin Svec Signed-off-by: Brian Foster Reviewed-by: Eric Sandeen Reviewed-by: Darrick J. Wong Signed-off-by: Darrick J. Wong fs/xfs/xfs_qm.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 950eabbd6ddedc1b08350b9169a6a51b130ebaaf Author: Arnd Bergmann Date: Fri Jan 27 13:32:14 2017 +0100 ISDN: eicon: silence misleading array-bounds warning With some gcc versions, we get a warning about the eicon driver, and that currently shows up as the only remaining warning in one of the build bots: In file included from ../drivers/isdn/hardware/eicon/message.c:30:0: eicon/message.c: In function 'mixer_notify_update': eicon/platform.h:333:18: warning: array subscript is above array bounds [-Warray-bounds] The code is easily changed to open-code the unusual PUT_WORD() line causing this to avoid the warning. Cc: stable@vger.kernel.org Link: http://arm-soc.lixom.net/buildlogs/stable-rc/v4.4.45/ Signed-off-by: Arnd Bergmann Signed-off-by: David S. Miller drivers/isdn/hardware/eicon/message.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 9d162ed69f51cbd9ee5a0c7e82aba7acc96362ff Author: Sean Nyekjaer Date: Fri Jan 27 08:46:23 2017 +0100 net: phy: micrel: add support for KSZ8795 This is adds support for the PHYs in the KSZ8795 5port managed switch. It will allow to detect the link between the switch and the soc and uses the same read_status functions as the KSZ8873MLL switch. Signed-off-by: Sean Nyekjaer Signed-off-by: David S. Miller drivers/net/phy/micrel.c | 14 ++++++++++++++ include/linux/micrel_phy.h | 2 ++ 2 files changed, 16 insertions(+) commit ec026b5020688a8bde5fae9a69ae3c59b66ba3ae Merge: bba8e3f a971c55 Author: Arnd Bergmann Date: Fri Jan 27 16:46:51 2017 +0100 Merge tag 'imx-fixes-4.10-3' of git://git.kernel.org/pub/scm/linux/kernel/git/shawnguo/linux into HEAD Pull "i.MX fixes for 4.10, 3rd round" from Shawn Guo: - Fix a 'defined but not used' warning in MMDC driver when CONFIG_PERF_EVENTS is disabled. - Fix i.MX6DL device tree GPIO4_11 range setting. - A bandaid fix for boot failure found on a couple of platforms due to missing 'chosen' and 'memory' node. * tag 'imx-fixes-4.10-3' of git://git.kernel.org/pub/scm/linux/kernel/git/shawnguo/linux: ARM: dts: imx: Pass 'chosen' and 'memory' nodes ARM: dts: imx6dl: fix GPIO4 range ARM: imx: hide unused variable in #ifdef commit bba8e3f42736cf7f974968a818e53b128286ad1d Author: Neil Armstrong Date: Fri Jan 20 08:20:25 2017 -0800 ARM64: dts: meson-gx: Add firmware reserved memory zones The Amlogic Meson GXBB/GXL/GXM secure monitor uses part of the memory space, this patch adds these reserved zones. Without such reserved memory zones, running the following stress command : $ stress-ng --vm 16 --vm-bytes 128M --timeout 10s multiple times: Could lead to the following kernel crashes : [ 46.937975] Bad mode in Error handler detected on CPU1, code 0xbf000000 -- SError ... [ 47.058536] Internal error: Attempting to execute userspace memory: 8600000f [#3] PREEMPT SMP ... Instead of the OOM killer. Fixes: 4f24eda8401f ("ARM64: dts: Prepare configs for Amlogic Meson GXBaby") Signed-off-by: Neil Armstrong Reviewed-by: Andreas Färber [khilman: added Fixes tag, added _reserved and unit addresses] Signed-off-by: Kevin Hilman Signed-off-by: Arnd Bergmann arch/arm64/boot/dts/amlogic/meson-gx.dtsi | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) commit feb3cbea0946c67060e2d5bcb7499b0a6f6700fe Author: Jerome Brunet Date: Fri Jan 20 08:20:24 2017 -0800 ARM64: dts: meson-gxbb-odroidc2: fix GbE tx link breakage OdroidC2 GbE link breaks under heavy tx transfer. This happens even if the MAC does not enable Energy Efficient Ethernet (No Low Power state Idle on the Tx path). The problem seems to come from the phy Rx path, entering the LPI state. Disabling EEE advertisement on the phy prevent this feature to be negociated with the link partner and solve the issue. Signed-off-by: Jerome Brunet Signed-off-by: Kevin Hilman Signed-off-by: Arnd Bergmann arch/arm64/boot/dts/amlogic/meson-gxbb-odroidc2.dts | 12 ++++++++++++ 1 file changed, 12 insertions(+) commit 95120ebf647180fbcfba3172677f18116f9231d5 Merge: 92e55f4 3ab1b46 Author: David S. Miller Date: Fri Jan 27 10:39:10 2017 -0500 Merge branch 'gtp-fixes' Andreas Schultz says: ==================== various gtp fixes I'm sorry for the compile error mess up in the last version. It's no excuse for not test compiling, but the hunks got lost in a rebase. This is the part of the previous "simple gtp improvements" series that Pablo indicated should go into net. The addition of the module alias fixes genl family autoloading, clearing the DF bit fixes a protocol violation in regard to the specification and the netns comparison fixes a corner case of cross netns recv. v2->v3: fix compiler error introduced in rebase ==================== Signed-off-by: David S. Miller commit 3ab1b469e847ba425af3c5ad5068cc94b55b38d0 Author: Andreas Schultz Date: Fri Jan 27 10:40:58 2017 +0100 gtp: fix cross netns recv on gtp socket The use of the passed through netlink src_net to check for a cross netns operation was wrong. Using the GTP socket and the GTP netdevice is always correct (even if the netdev has been moved to new netns after link creation). Remove the now obsolete net field from gtp_dev. Signed-off-by: Andreas Schultz Acked-by: Pablo Neira Ayuso Signed-off-by: David S. Miller drivers/net/gtp.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) commit c6ce1d08eede4c2968ed08aafa3165e8e183c5a1 Author: Andreas Schultz Date: Fri Jan 27 10:40:57 2017 +0100 gtp: clear DF bit on GTP packet tx 3GPP TS 29.281 and 3GPP TS 29.060 imply that GTP-U packets should be sent with the DF bit cleared. For example 3GPP TS 29.060, Release 8, Section 13.2.2: > Backbone router: Any router in the backbone may fragment the GTP > packet if needed, according to IPv4. Signed-off-by: Andreas Schultz Acked-by: Harald Welte Acked-by: Pablo Neira Ayuso Signed-off-by: David S. Miller drivers/net/gtp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit ab729823ec16aef384f09fd2cffe0b3d3f6e6cba Author: Andreas Schultz Date: Fri Jan 27 10:40:56 2017 +0100 gtp: add genl family modules alias Auto-load the module when userspace asks for the gtp netlink family. Signed-off-by: Andreas Schultz Acked-by: Harald Welte Acked-by: Pablo Neira Ayuso Signed-off-by: David S. Miller drivers/net/gtp.c | 1 + 1 file changed, 1 insertion(+) commit 92e55f412cffd016cc245a74278cb4d7b89bb3bc Author: Pablo Neira Date: Thu Jan 26 22:56:21 2017 +0100 tcp: don't annotate mark on control socket from tcp_v6_send_response() Unlike ipv4, this control socket is shared by all cpus so we cannot use it as scratchpad area to annotate the mark that we pass to ip6_xmit(). Add a new parameter to ip6_xmit() to indicate the mark. The SCTP socket family caches the flowi6 structure in the sctp_transport structure, so we cannot use to carry the mark unless we later on reset it back, which I discarded since it looks ugly to me. Fixes: bf99b4ded5f8 ("tcp: fix mark propagation with fwmark_reflect enabled") Suggested-by: Eric Dumazet Signed-off-by: Pablo Neira Ayuso Signed-off-by: David S. Miller include/net/ipv6.h | 2 +- net/dccp/ipv6.c | 4 ++-- net/ipv6/inet6_connection_sock.c | 2 +- net/ipv6/ip6_output.c | 4 ++-- net/ipv6/tcp_ipv6.c | 5 ++--- net/sctp/ipv6.c | 3 ++- 6 files changed, 10 insertions(+), 10 deletions(-) commit 8413299cb3933dade6186bbee8363f190032107e Author: Patrice Chotard Date: Fri Jan 27 15:45:11 2017 +0100 ARM: dts: STiH407-family: set snps,dis_u3_susphy_quirk Since v4.10-rc1, the following logs appears in loop : [ 801.953836] usb usb6-port1: Cannot enable. Maybe the USB cable is bad? [ 801.960455] xhci-hcd xhci-hcd.0.auto: Cannot set link state. [ 801.966611] usb usb6-port1: cannot disable (err = -32) [ 806.083772] usb usb6-port1: Cannot enable. Maybe the USB cable is bad? [ 806.090370] xhci-hcd xhci-hcd.0.auto: Cannot set link state. [ 806.096494] usb usb6-port1: cannot disable (err = -32) After analysis, xhci try to set link in U3 and returns an error. Using snps,dis_u3_susphy_quirk fix this issue. Signed-off-by: Patrice Chotard arch/arm/boot/dts/stih407-family.dtsi | 1 + 1 file changed, 1 insertion(+) commit a3683e0c1410c5c8136a7a93b0336ce88d3b893a Merge: 83e526f 5d03a2f Author: Greg Kroah-Hartman Date: Fri Jan 27 16:01:52 2017 +0100 Merge tag 'usb-serial-4.10-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/johan/usb-serial into usb-linus Johan writes: USB-serial fixes for v4.10-rc6 Just a couple of new device ids. Signed-off-by: Johan Hovold commit 606f42265d384b9149bfb953c5dfc6d4710fef4c Author: Prashanth Prakash Date: Thu Jan 26 11:08:32 2017 -0700 arm64: skip register_cpufreq_notifier on ACPI-based systems On ACPI based systems where the topology is setup using the API store_cpu_topology, at the moment we do not have necessary code to parse cpu capacity and handle cpufreq notifier, thus resulting in a kernel panic. Stack: init_cpu_capacity_callback+0xb4/0x1c8 notifier_call_chain+0x5c/0xa0 __blocking_notifier_call_chain+0x58/0xa0 blocking_notifier_call_chain+0x3c/0x50 cpufreq_set_policy+0xe4/0x328 cpufreq_init_policy+0x80/0x100 cpufreq_online+0x418/0x710 cpufreq_add_dev+0x118/0x180 subsys_interface_register+0xa4/0xf8 cpufreq_register_driver+0x1c0/0x298 cppc_cpufreq_init+0xdc/0x1000 [cppc_cpufreq] do_one_initcall+0x5c/0x168 do_init_module+0x64/0x1e4 load_module+0x130c/0x14d0 SyS_finit_module+0x108/0x120 el0_svc_naked+0x24/0x28 Fixes: 7202bde8b7ae ("arm64: parse cpu capacity-dmips-mhz from DT") Acked-by: Will Deacon Signed-off-by: Prashanth Prakash Signed-off-by: Catalin Marinas arch/arm64/kernel/topology.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) commit 3c223c19aea85d3dda1416c187915f4a30b04b1f Author: Markus Mayer Date: Mon Dec 19 12:10:28 2016 -0800 cpufreq: brcmstb-avs-cpufreq: properly retrieve P-state upon suspend The AVS GET_PMAP command does return a P-state along with the P-map information. However, that P-state is the initial P-state when the P-map was first downloaded to AVS. It is *not* the current P-state. Therefore, we explicitly retrieve the P-state using the GET_PSTATE command. Signed-off-by: Markus Mayer Acked-by: Viresh Kumar Signed-off-by: Rafael J. Wysocki drivers/cpufreq/brcmstb-avs-cpufreq.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) commit 9b02c54bc951fca884ba5719f42a27e8240965bf Author: Markus Mayer Date: Mon Dec 19 12:10:27 2016 -0800 cpufreq: brcmstb-avs-cpufreq: extend sysfs entry brcm_avs_pmap We extend the brcm_avs_pmap sysfs entry (which issues the GET_PMAP command to AVS) to include all fields from struct pmap. This means adding mode (AVS, DVS, DVFS) and state (the P-state) to the output. Signed-off-by: Markus Mayer Acked-by: Viresh Kumar Signed-off-by: Rafael J. Wysocki drivers/cpufreq/brcmstb-avs-cpufreq.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 191e885a2e130e639bb0c8ee350d7047294f2ce6 Author: Luis R. Rodriguez Date: Wed Jan 25 10:31:52 2017 -0800 firmware: fix NULL pointer dereference in __fw_load_abort() Since commit 5d47ec02c37ea6 ("firmware: Correct handling of fw_state_wait() return value") fw_load_abort() could be called twice and lead us to a kernel crash. This happens only when the firmware fallback mechanism (regular or custom) is used. The fallback mechanism exposes a sysfs interface for userspace to upload a file and notify the kernel when the file is loaded and ready, or to cancel an upload by echo'ing -1 into on the loading file: echo -n "-1" > /sys/$DEVPATH/loading This will call fw_load_abort(). Some distributions actually have a udev rule in place to *always* immediately cancel all firmware fallback mechanism requests (Debian), they have: $ cat /lib/udev/rules.d/50-firmware.rules # stub for immediately telling the kernel that userspace firmware loading # failed; necessary to avoid long timeouts with CONFIG_FW_LOADER_USER_HELPER=y SUBSYSTEM=="firmware", ACTION=="add", ATTR{loading}="-1 Distributions with this udev rule would run into this crash only if the fallback mechanism is used. Since most distributions disable by default using the fallback mechanism (CONFIG_FW_LOADER_USER_HELPER_FALLBACK), this would typicaly mean only 2 drivers which *require* the fallback mechanism could typically incur a crash: drivers/firmware/dell_rbu.c and the drivers/leds/leds-lp55xx-common.c driver. Distributions enabling CONFIG_FW_LOADER_USER_HELPER_FALLBACK by default are obviously more exposed to this crash. The crash happens because after commit 5b029624948d ("firmware: do not use fw_lock for fw_state protection") and subsequent fix commit 5d47ec02c37ea6 ("firmware: Correct handling of fw_state_wait() return value") a race can happen between this cancelation and the firmware fw_state_wait_timeout() being woken up after a state change with which fw_load_abort() as that calls swake_up(). Upon error fw_state_wait_timeout() will also again call fw_load_abort() and trigger a null reference. At first glance we could just fix this with a !buf check on fw_load_abort() before accessing buf->fw_st, however there is a logical issue in having a state machine used for the fallback mechanism and preventing access from it once we abort as its inside the buf (buf->fw_st). The firmware_class.c code is setting the buf to NULL to annotate an abort has occurred. Replace this mechanism by simply using the state check instead. All the other code in place already uses similar checks for aborting as well so no further changes are needed. An oops can be reproduced with the new fw_fallback.sh fallback mechanism cancellation test. Either cancelling the fallback mechanism or the custom fallback mechanism triggers a crash. mcgrof@piggy ~/linux-next/tools/testing/selftests/firmware (git::20170111-fw-fixes)$ sudo ./fw_fallback.sh ./fw_fallback.sh: timeout works ./fw_fallback.sh: firmware comparison works ./fw_fallback.sh: fallback mechanism works [ this then sits here when it is trying the cancellation test ] Kernel log: test_firmware: loading 'nope-test-firmware.bin' misc test_firmware: Direct firmware load for nope-test-firmware.bin failed with error -2 misc test_firmware: Falling back to user helper BUG: unable to handle kernel NULL pointer dereference at 0000000000000038 IP: _request_firmware+0xa27/0xad0 PGD 0 Oops: 0000 [#1] SMP Modules linked in: test_firmware(E) ... etc ... CPU: 1 PID: 1396 Comm: fw_fallback.sh Tainted: G W E 4.10.0-rc3-next-20170111+ #30 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.10.1-0-g8891697-prebuilt.qemu-project.org 04/01/2014 task: ffff9740b27f4340 task.stack: ffffbb15c0bc8000 RIP: 0010:_request_firmware+0xa27/0xad0 RSP: 0018:ffffbb15c0bcbd10 EFLAGS: 00010246 RAX: 00000000fffffffe RBX: ffff9740afe5aa80 RCX: 0000000000000000 RDX: ffff9740b27f4340 RSI: 0000000000000283 RDI: 0000000000000000 RBP: ffffbb15c0bcbd90 R08: ffffbb15c0bcbcd8 R09: 0000000000000000 R10: 0000000894a0d4b1 R11: 000000000000008c R12: ffffffffc0312480 R13: 0000000000000005 R14: ffff9740b1c32400 R15: 00000000000003e8 FS: 00007f8604422700(0000) GS:ffff9740bfc80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000038 CR3: 000000012164c000 CR4: 00000000000006e0 Call Trace: request_firmware+0x37/0x50 trigger_request_store+0x79/0xd0 [test_firmware] dev_attr_store+0x18/0x30 sysfs_kf_write+0x37/0x40 kernfs_fop_write+0x110/0x1a0 __vfs_write+0x37/0x160 ? _cond_resched+0x1a/0x50 vfs_write+0xb5/0x1a0 SyS_write+0x55/0xc0 ? trace_do_page_fault+0x37/0xd0 entry_SYSCALL_64_fastpath+0x1e/0xad RIP: 0033:0x7f8603f49620 RSP: 002b:00007fff6287b788 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 000055c307b110a0 RCX: 00007f8603f49620 RDX: 0000000000000016 RSI: 000055c3084d8a90 RDI: 0000000000000001 RBP: 0000000000000016 R08: 000000000000c0ff R09: 000055c3084d6336 R10: 000055c307b108b0 R11: 0000000000000246 R12: 000055c307b13c80 R13: 000055c3084d6320 R14: 0000000000000000 R15: 00007fff6287b950 Code: 9f 64 84 e8 9c 61 fe ff b8 f4 ff ff ff e9 6b f9 ff ff 48 c7 c7 40 6b 8d 84 89 45 a8 e8 43 84 18 00 49 8b be 00 03 00 00 8b 45 a8 <83> 7f 38 02 74 08 e8 6e ec ff ff 8b 45 a8 49 c7 86 00 03 00 00 RIP: _request_firmware+0xa27/0xad0 RSP: ffffbb15c0bcbd10 CR2: 0000000000000038 ---[ end trace 6d94ac339c133e6f ]--- Fixes: 5d47ec02c37e ("firmware: Correct handling of fw_state_wait() return value") Reported-and-Tested-by: Jakub Kicinski Reported-and-Tested-by: Patrick Bruenn Reported-by: Chris Wilson CC: [3.10+] Signed-off-by: Luis R. Rodriguez Signed-off-by: Greg Kroah-Hartman drivers/base/firmware_class.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) commit 242ef5d483594a2bed6b8a2685849c83e7810d17 Author: Sinclair Yeh Date: Wed Jan 18 14:14:01 2017 -0800 drm/vmwgfx: Fix depth input into drm_mode_legacy_fb_format Currently the pitch is passed in as depth. This causes drm_mode_legacy_fb_format() to return the wrong pixel format. The wrong pixel format will be rejected by vmw_kms_new_framebuffer(), thus leaving par->set_fb to NULL. This eventually causes a crash in vmw_fb_setcolreg() when the code tries to dereference par->set_fb. Signed-off-by: Sinclair Yeh Reviewed-by: Thomas Hellstrom drivers/gpu/drm/vmwgfx/vmwgfx_fb.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit fd694aaa46c7ed811b72eb47d5eb11ce7ab3f7f1 Merge: 2287a24 736a149 Author: Linus Torvalds Date: Thu Jan 26 18:04:56 2017 -0800 Merge tag 'drm-fixes-for-v4.10-rc6-part-two' of git://people.freedesktop.org/~airlied/linux Pull drm fixes from Dave Airlie: "This is the main request for rc6, since really the one earlier was the rc5 one :-) The main thing are the nouveau specific race fixes for the connector locking bug we fixed in -next and reverted here as it has quite large prereqs. These two fixes should solve the problem at that level and we can fix it properly in 4.11 Otherwise i915 has a bunch of changes, one ABI change for GVT related stuff, some VC4 leak fixes, one core fence fix and some AMD changes, oh and one ast hang avoidance fix. Hoping it calms down around now" * tag 'drm-fixes-for-v4.10-rc6-part-two' of git://people.freedesktop.org/~airlied/linux: (25 commits) drm/nouveau: Handle fbcon suspend/resume in seperate worker drm/nouveau: Don't enabling polling twice on runtime resume drm/ast: Fixed system hanged if disable P2A Revert "drm/radeon: always apply pci shutdown callbacks" drm/i915: reinstate call to trace_i915_vma_bind drm/i915: Move atomic state free from out of fence release drm/i915: Check for NULL atomic state in intel_crtc_disable_noatomic() drm/i915: Fix calculation of rotated x and y offsets for planar formats drm/i915: Don't init hpd polling for vlv and chv from runtime_suspend() drm/i915: Don't leak edid in intel_crt_detect_ddc() drm/i915: Release temporary load-detect state upon switching drm/i915: prevent crash with .disable_display parameter drm/i915: Avoid drm_atomic_state_put(NULL) in intel_display_resume MAINTAINERS: update new mail list for intel gvt driver drm/i915/gvt: Fix kmem_cache_create() name drm/i915/gvt/kvmgt: mdev ABI is available_instances, not available_instance drm/amdgpu: fix unload driver issue for virtual display drm/amdgpu: check ring being ready before using drm/vc4: Return -EINVAL on the overflow checks failing. drm/vc4: Fix an integer overflow in temporary allocation layout. ... commit 736a1494e27a0e0f2e09d0b218c1475771807f8f Merge: 15266ae 45d9f43 Author: Dave Airlie Date: Fri Jan 27 11:29:44 2017 +1000 Merge tag 'drm-intel-fixes-2017-01-26' of git://anongit.freedesktop.org/git/drm-intel into drm-fixes More fixes than I'd like at this stage, but I think the holidays and conferences have delayed finding and fixing the stuff a bit. Almost all of them have Fixes: tags, so it's not just random fixes, we can point fingers at the commits that broke stuff. There's an ABI fix to GVT from Alex, before we go on an release a kernel with the wrong attribute name. * tag 'drm-intel-fixes-2017-01-26' of git://anongit.freedesktop.org/git/drm-intel: drm/i915: reinstate call to trace_i915_vma_bind drm/i915: Move atomic state free from out of fence release drm/i915: Check for NULL atomic state in intel_crtc_disable_noatomic() drm/i915: Fix calculation of rotated x and y offsets for planar formats drm/i915: Don't init hpd polling for vlv and chv from runtime_suspend() drm/i915: Don't leak edid in intel_crt_detect_ddc() drm/i915: Release temporary load-detect state upon switching drm/i915: prevent crash with .disable_display parameter drm/i915: Avoid drm_atomic_state_put(NULL) in intel_display_resume MAINTAINERS: update new mail list for intel gvt driver drm/i915/gvt: Fix kmem_cache_create() name drm/i915/gvt/kvmgt: mdev ABI is available_instances, not available_instance drm/i915/gvt: Fix relocation of shadow bb drm/i915/gvt: Enable the shadow batch buffer commit 2287a240a6b1c39fd06f94e57b8c0189c497efe5 Merge: 7d3a0fa 0389227 Author: Linus Torvalds Date: Thu Jan 26 17:27:00 2017 -0800 Merge tag 'acpi-4.10-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull ACPI fixes from Rafael Wysocki: "These fix two regressions introduced recently, one by reverting the problematic commit and one by fixing up locking in the ACPICA core. Specifics: - Revert a recent change that added an ACPI video blacklist entry for HP Pavilion dv6 as it turned to introduce backlight handling regressions on some systems (Hans de Goede). - Fix locking in the ACPICA core to avoid deadlocks related to table loading that were exposed by a recent change in that area (Lv Zheng)" * tag 'acpi-4.10-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: Revert "ACPI / video: Add force_native quirk for HP Pavilion dv6" ACPICA: Tables: Fix hidden logic related to acpi_tb_install_standard_table() commit 7d3a0fa52e4d9fa2cfe04a5f6e21d1d78169edb5 Merge: ff9f8a7 ff7e593 Author: Linus Torvalds Date: Thu Jan 26 17:14:17 2017 -0800 Merge tag 'pm-4.10-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull power management fixes from Rafael Wysocki: "These fix two regressions introduced recently, one by reverting the problematic commit and one by fixing up the behavior in an overlooked case. Specifics: - Revert the recent change that caused suspend-to-idle to be used as the default suspend method on systems where it is indicated to be efficient by the ACPI tables, as that turned out to be premature and introduced suspend regressions on some systems with missing power management support in device drivers (Rafael Wysocki). - Fix up the intel_pstate driver to take changes of the global limits via sysfs correctly when the performance policy is used which has been broken by a recent change in it (Srinivas Pandruvada)" * tag 'pm-4.10-rc6' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: cpufreq: intel_pstate: Fix sysfs limits enforcement for performance policy Revert "PM / sleep / ACPI: Use the ACPI_FADT_LOW_POWER_S0 flag" commit 15266ae38fe09dae07bd8812cb7a7717b1e1d992 Author: Lyude Paul Date: Wed Jan 11 21:25:24 2017 -0500 drm/nouveau: Handle fbcon suspend/resume in seperate worker Resuming from RPM can happen while already holding dev->mode_config.mutex. This means we can't actually handle fbcon in any RPM resume workers, since restoring fbcon requires grabbing dev->mode_config.mutex again. So move the fbcon suspend/resume code into it's own worker, and rely on that instead to avoid deadlocking. This fixes more deadlocks for runtime suspending the GPU on the ThinkPad W541. Reproduction recipe: - Get a machine with both optimus and a nvidia card with connectors attached to it - Wait for the nvidia GPU to suspend - Attempt to manually reprobe any of the connectors on the nvidia GPU using sysfs - *deadlock* [airlied: use READ_ONCE to address Hans's comment] Signed-off-by: Lyude Cc: Hans de Goede Cc: Kilian Singer Cc: Lukas Wunner Cc: David Airlie Signed-off-by: Dave Airlie drivers/gpu/drm/nouveau/nouveau_drv.h | 2 ++ drivers/gpu/drm/nouveau/nouveau_fbcon.c | 43 ++++++++++++++++++++++++++------- 2 files changed, 36 insertions(+), 9 deletions(-) commit cae9ff036eea577856d5b12860b4c79c5e71db4a Author: Lyude Paul Date: Wed Jan 11 21:25:23 2017 -0500 drm/nouveau: Don't enabling polling twice on runtime resume As it turns out, on cards that actually have CRTCs on them we're already calling drm_kms_helper_poll_enable(drm_dev) from nouveau_display_resume() before we call it in nouveau_pmops_runtime_resume(). This leads us to accidentally trying to enable polling twice, which results in a potential deadlock between the RPM locks and drm_dev->mode_config.mutex if we end up trying to enable polling the second time while output_poll_execute is running and holding the mode_config lock. As such, make sure we only enable polling in nouveau_pmops_runtime_resume() if we need to. This fixes hangs observed on the ThinkPad W541 Signed-off-by: Lyude Cc: Hans de Goede Cc: Kilian Singer Cc: Lukas Wunner Cc: David Airlie Signed-off-by: Dave Airlie drivers/gpu/drm/nouveau/nouveau_display.c | 3 ++- drivers/gpu/drm/nouveau/nouveau_drm.c | 5 ++++- 2 files changed, 6 insertions(+), 2 deletions(-) commit 6c971c09f38704513c426ba6515f22fb3d6c87d5 Author: Y.C. Chen Date: Thu Jan 26 09:45:40 2017 +0800 drm/ast: Fixed system hanged if disable P2A The original ast driver will access some BMC configuration through P2A bridge that can be disabled since AST2300 and after. It will cause system hanged if P2A bridge is disabled. Here is the update to fix it. Signed-off-by: Y.C. Chen Signed-off-by: Dave Airlie drivers/gpu/drm/ast/ast_drv.h | 1 + drivers/gpu/drm/ast/ast_main.c | 157 ++++++++++++++++++++++------------------- drivers/gpu/drm/ast/ast_post.c | 18 +++-- 3 files changed, 97 insertions(+), 79 deletions(-) commit e996598b282d2ebafe705d297d3fee9044286dc6 Merge: 1fb2d35 6b8ac63 Author: Dave Airlie Date: Fri Jan 27 10:33:39 2017 +1000 Merge tag 'drm-vc4-fixes-2017-01-23' of https://github.com/anholt/linux into drm-fixes This pull request brings in a few little error checking fixes and one slow memory leak fix. * tag 'drm-vc4-fixes-2017-01-23' of https://github.com/anholt/linux: drm/vc4: Return -EINVAL on the overflow checks failing. drm/vc4: Fix an integer overflow in temporary allocation layout. drm/vc4: fix a bounds check drm/vc4: Fix memory leak of the CRTC state. commit 1fb2d35411364a329557e4c02fbb42a6adbfa567 Merge: 99f300c b9b487e Author: Dave Airlie Date: Fri Jan 27 10:17:43 2017 +1000 Merge branch 'drm-fixes-4.10' of git://people.freedesktop.org/~agd5f/linux into drm-fixes Just a few small fixes. * 'drm-fixes-4.10' of git://people.freedesktop.org/~agd5f/linux: Revert "drm/radeon: always apply pci shutdown callbacks" drm/amdgpu: fix unload driver issue for virtual display drm/amdgpu: check ring being ready before using commit 99f300cf1f3877ad8ea923127de817a460b787bd Merge: ff9f8a7 7e9081c Author: Dave Airlie Date: Fri Jan 27 10:16:56 2017 +1000 Merge tag 'drm-misc-fixes-2017-01-23' of git://anongit.freedesktop.org/git/drm-misc into drm-fixes Single fence fix. * tag 'drm-misc-fixes-2017-01-23' of git://anongit.freedesktop.org/git/drm-misc: drm/fence: fix memory overwrite when setting out_fence fd commit 57b59ed2e5b91e958843609c7884794e29e6c4cb Author: Omar Sandoval Date: Wed Jan 25 17:06:40 2017 -0800 Btrfs: remove ->{get, set}_acl() from btrfs_dir_ro_inode_operations Subvolume directory inodes can't have ACLs. Cc: # 4.9.x Signed-off-by: Omar Sandoval Reviewed-by: David Sterba Signed-off-by: Chris Mason fs/btrfs/inode.c | 2 -- 1 file changed, 2 deletions(-) commit 1fdf41941b8010691679638f8d0c8d08cfee7726 Author: Omar Sandoval Date: Wed Jan 25 17:06:39 2017 -0800 Btrfs: disable xattr operations on subvolume directories When you snapshot a subvolume containing a subvolume, you get a placeholder directory where the subvolume would be. These directory inodes have ->i_ops set to btrfs_dir_ro_inode_operations. Previously, these i_ops didn't include the xattr operation callbacks. The conversion to xattr_handlers missed this case, leading to bogus attempts to set xattrs on these inodes. This manifested itself as failures when running delayed inodes. To fix this, clear IOP_XATTR in ->i_opflags on these inodes. Fixes: 6c6ef9f26e59 ("xattr: Stop calling {get,set,remove}xattr inode operations") Cc: Andreas Gruenbacher Reported-by: Chris Murphy Tested-by: Chris Murphy Cc: # 4.9.x Signed-off-by: Omar Sandoval Reviewed-by: David Sterba Signed-off-by: Chris Mason fs/btrfs/inode.c | 1 + 1 file changed, 1 insertion(+) commit 67ade058ef2c65a3e56878af9c293ec76722a2e5 Author: Omar Sandoval Date: Wed Jan 25 17:06:38 2017 -0800 Btrfs: remove old tree_root case in btrfs_read_locked_inode() As Jeff explained in c2951f32d36c ("btrfs: remove old tree_root dirent processing in btrfs_real_readdir()"), supporting this old format is no longer necessary since the Btrfs magic number has been updated since we changed to the current format. There are other places where we still handle this old format, but since this is part of a fix that is going to stable, I'm only removing this one for now. Cc: # 4.9.x Signed-off-by: Omar Sandoval Reviewed-by: David Sterba Signed-off-by: Chris Mason fs/btrfs/inode.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) commit a47b70ea86bdeb3091341f5ae3ef580f1a1ad822 Author: Kazuya Mizuguchi Date: Thu Jan 26 14:29:27 2017 +0100 ravb: unmap descriptors when freeing rings "swiotlb buffer is full" errors occur after repeated initialisation of a device - f.e. suspend/resume or ip link set up/down. This is because memory mapped using dma_map_single() in ravb_ring_format() and ravb_start_xmit() is not released. Resolve this problem by unmapping descriptors when freeing rings. Fixes: c156633f1353 ("Renesas Ethernet AVB driver proper") Signed-off-by: Kazuya Mizuguchi [simon: reworked] Signed-off-by: Simon Horman Acked-by: Sergei Shtylyov Signed-off-by: David S. Miller drivers/net/ethernet/renesas/ravb_main.c | 112 ++++++++++++++++++------------- 1 file changed, 64 insertions(+), 48 deletions(-) commit 0389227dde3abae442521948caf5c173e696cdca Merge: 7a308bb 7a37052 fd25ea2 Author: Rafael J. Wysocki Date: Fri Jan 27 00:39:02 2017 +0100 Merge branches 'acpica' and 'acpi-video' * acpica: ACPICA: Tables: Fix hidden logic related to acpi_tb_install_standard_table() * acpi-video: Revert "ACPI / video: Add force_native quirk for HP Pavilion dv6" commit ff7e593c9cf3ccceaab7ac600cbd52cb9ff4c57a Merge: 7a308bb e326ce0 1443ebb Author: Rafael J. Wysocki Date: Fri Jan 27 00:08:59 2017 +0100 Merge branches 'pm-sleep' and 'pm-cpufreq' * pm-sleep: Revert "PM / sleep / ACPI: Use the ACPI_FADT_LOW_POWER_S0 flag" * pm-cpufreq: cpufreq: intel_pstate: Fix sysfs limits enforcement for performance policy commit 586655d278ba08af7b198b93217746f9a506ee8a Author: Alexandre Belloni Date: Wed Jan 25 00:44:16 2017 +0100 rtc: jz4740: make the driver buildable as a module again By using kernel_halt() instead of machine_halt(), we can make the driver build as a module. However, jz4740 platforms not loading this module will not be able to power off. Suggested-by: Geert Uytterhoeven Signed-off-by: Alexandre Belloni Revert "rtc: jz4740: make the driver builtin only" This reverts commit b9168c539c0b2de756aaffd380384dbde8adbe07. drivers/rtc/Kconfig | 5 ++++- drivers/rtc/rtc-jz4740.c | 12 ++++++++++-- 2 files changed, 14 insertions(+), 3 deletions(-) commit 07cd12945551b63ecb1a349d50a6d69d1d6feb4a Author: Tejun Heo Date: Thu Jan 26 16:47:28 2017 -0500 cgroup: don't online subsystems before cgroup_name/path() are operational While refactoring cgroup creation, a5bca2152036 ("cgroup: factor out cgroup_create() out of cgroup_mkdir()") incorrectly onlined subsystems before the new cgroup is associated with it kernfs_node. This is fine for cgroup proper but cgroup_name/path() depend on the associated kernfs_node and if a subsystem makes the new cgroup_subsys_state visible, which they're allowed to after onlining, it can lead to NULL dereference. The current code performs cgroup creation and subsystem onlining in cgroup_create() and cgroup_mkdir() makes the cgroup and subsystems visible afterwards. There's no reason to online the subsystems early and we can simply drop cgroup_apply_control_enable() call from cgroup_create() so that the subsystems are onlined and made visible at the same time. Signed-off-by: Tejun Heo Reported-by: Konstantin Khlebnikov Fixes: a5bca2152036 ("cgroup: factor out cgroup_create() out of cgroup_mkdir()") Cc: stable@vger.kernel.org # v4.6+ kernel/cgroup.c | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) commit 877a021e08ccb6434718c0cc781fdf943c884cc0 Author: Ardinartsev Nikita Date: Thu Jan 26 16:54:42 2017 +0300 HID: hid-lg: Fix immediate disconnection of Logitech Rumblepad 2 With NOGET quirk Logitech F510 is now fully workable in dinput mode including rumble effects (according to fftest). Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=117091 [jkosina@suse.cz: fix patch format] Signed-off-by: Ardinartsev Nikita Acked-by: Benjamin Tissoires Signed-off-by: Jiri Kosina drivers/hid/hid-lg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit ed9ab4287f96e66340e0390e2c583f2f9110cba0 Author: Colin Ian King Date: Thu Jan 26 17:34:40 2017 +0000 HID: usbhid: Quirk a AMI virtual mouse and keyboard with ALWAYS_POLL Quirking the following AMI USB device with ALWAYS_POLL fixes an AMI virtual keyboard and mouse from not responding and timing out when it is attached to a ppc64el Power 8 system and when we have some rapid open/closes on the mouse device. usb 1-3: new high-speed USB device number 2 using xhci_hcd usb 1-3: New USB device found, idVendor=046b, idProduct=ff01 usb 1-3: New USB device strings: Mfr=1, Product=2, SerialNumber=3 usb 1-3: Product: Virtual Hub usb 1-3: Manufacturer: American Megatrends Inc. usb 1-3: SerialNumber: serial usb 1-3.3: new high-speed USB device number 3 using xhci_hcd usb 1-3.3: New USB device found, idVendor=046b, idProduct=ff31 usb 1-3.3: New USB device strings: Mfr=1, Product=2, SerialNumber=3 usb 1-3.3: Product: Virtual HardDisk Device usb 1-3.3: Manufacturer: American Megatrends Inc. usb 1-3.4: new low-speed USB device number 4 using xhci_hcd usb 1-3.4: New USB device found, idVendor=046b, idProduct=ff10 usb 1-3.4: New USB device strings: Mfr=1, Product=2, SerialNumber=0 usb 1-3.4: Product: Virtual Keyboard and Mouse usb 1-3.4: Manufacturer: American Megatrends Inc. With the quirk I have not been able to trigger the issue with half an hour of saturation soak testing. Signed-off-by: Colin Ian King Signed-off-by: Jiri Kosina drivers/hid/hid-ids.h | 3 +++ drivers/hid/usbhid/hid-quirks.c | 1 + 2 files changed, 4 insertions(+) commit 282e4637bc1c0b338708bcebd09d31c69abec070 Author: Jason Gerecke Date: Thu Jan 26 09:06:22 2017 -0800 HID: wacom: Fix poor prox handling in 'wacom_pl_irq' Commit 025bcc1 performed cleanup work on the 'wacom_pl_irq' function, making it follow the standards used in the rest of the codebase. The change unintiontionally allowed the function to send input events from reports that are not marked as being in prox. This can cause problems as the report values for X, Y, etc. are not guaranteed to be correct. In particular, occasionally the tablet will send a report with these values set to zero. If such a report is received it can caus an unexpected jump in the XY position. This patch surrounds more of the processing code with a proximity check, preventing these zeroed reports from overwriting the current state. To be safe, only the tool type and ABS_MISC events should be reported when the pen is marked as being out of prox. Fixes: 025bcc1540 ("HID: wacom: Simplify 'wacom_pl_irq'") Signed-off-by: Jason Gerecke Reviewed-by: Ping Cheng Signed-off-by: Jiri Kosina drivers/hid/wacom_wac.c | 28 +++++++++++++++------------- 1 file changed, 15 insertions(+), 13 deletions(-) commit ee6625a948d2e47267ec8fd97307fdd67d0f8a5b Author: Trond Myklebust Date: Thu Jan 26 15:50:41 2017 -0500 pNFS: Fix a reference leak in _pnfs_return_layout IF NFS_LAYOUT_RETURN_REQUESTED is not set, then we currently exit without freeing the list of invalidated layout segments, leading to a reference leak. Reported-by: Olga Kornievskaia Fixes: 24408f5282 ("pNFS: Fix bugs in _pnfs_return_layout") Signed-off-by: Trond Myklebust fs/nfs/pnfs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 406dab8450ec76eca88a1af2fc15d18a2b36ca49 Author: Chuck Lever Date: Thu Jan 26 15:14:52 2017 -0500 nfs: Fix "Don't increment lock sequence ID after NFS4ERR_MOVED" Lock sequence IDs are bumped in decode_lock by calling nfs_increment_seqid(). nfs_increment_sequid() does not use the seqid_mutating_err() function fixed in commit 059aa7348241 ("Don't increment lock sequence ID after NFS4ERR_MOVED"). Fixes: 059aa7348241 ("Don't increment lock sequence ID after ...") Signed-off-by: Chuck Lever Tested-by: Xuan Qi Cc: stable@vger.kernel.org # v3.7+ Signed-off-by: Trond Myklebust fs/nfs/nfs4state.c | 1 + 1 file changed, 1 insertion(+) commit 086cb6a41264b5af33928b82e09ae7f0f8bbc291 Merge: 214767f b2c11e4 Author: David S. Miller Date: Thu Jan 26 12:54:50 2017 -0500 Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf Pablo Neira Ayuso says: ==================== Netfilter fixes for net The following patchset contains a large batch with Netfilter fixes for your net tree, they are: 1) Two patches to solve conntrack garbage collector cpu hogging, one to remove GC_MAX_EVICTS and another to look at the ratio (scanned entries vs. evicted entries) to make a decision on whether to reduce or not the scanning interval. From Florian Westphal. 2) Two patches to fix incorrect set element counting if NLM_F_EXCL is is not set. Moreover, don't decrenent set->nelems from abort patch if -ENFILE which leaks a spare slot in the set. This includes a patch to deconstify the set walk callback to update set->ndeact. 3) Two fixes for the fwmark_reflect sysctl feature: Propagate mark to reply packets both from nf_reject and local stack, from Pau Espin Pedrol. 4) Fix incorrect handling of loopback traffic in rpfilter and nf_tables fib expression, from Liping Zhang. 5) Fix oops on stateful objects netlink dump, when no filter is specified. Also from Liping Zhang. 6) Fix a build error if proc is not available in ipt_CLUSTERIP, related to fix that was applied in the previous batch for net. From Arnd Bergmann. 7) Fix lack of string validation in table, chain, set and stateful object names in nf_tables, from Liping Zhang. Moreover, restrict maximum log prefix length to 127 bytes, otherwise explicitly bail out. 8) Two patches to fix spelling and typos in nf_tables uapi header file and Kconfig, patches from Alexander Alemayhu and William Breathitt Gray. ==================== Signed-off-by: David S. Miller commit c364b6d0b6cda1cd5d9ab689489adda3e82529aa Author: Darrick J. Wong Date: Thu Jan 26 09:50:30 2017 -0800 xfs: fix bmv_count confusion w/ shared extents In a bmapx call, bmv_count is the total size of the array, including the zeroth element that userspace uses to supply the search key. The output array starts at offset 1 so that we can set up the user for the next invocation. Since we now can split an extent into multiple bmap records due to shared/unshared status, we have to be careful that we don't overflow the output array. In the original patch f86f403794b ("xfs: teach get_bmapx about shared extents and the CoW fork") I used cur_ext (the output index) to check for overflows, albeit with an off-by-one error. Since nexleft no longer describes the number of unfilled slots in the output, we can rip all that out and use cur_ext for the overflow check directly. Failure to do this causes heap corruption in bmapx callers such as xfs_io and xfs_scrub. xfs/328 can reproduce this problem. Reviewed-by: Eric Sandeen Signed-off-by: Darrick J. Wong fs/xfs/xfs_bmap_util.c | 28 ++++++++++++++++++---------- 1 file changed, 18 insertions(+), 10 deletions(-) commit ff9f8a7cf935468a94d9927c68b00daae701667e Author: Eric Dumazet Date: Wed Jan 25 18:20:55 2017 -0800 sysctl: fix proc_doulongvec_ms_jiffies_minmax() We perform the conversion between kernel jiffies and ms only when exporting kernel value to user space. We need to do the opposite operation when value is written by user. Only matters when HZ != 1000 Signed-off-by: Eric Dumazet Cc: stable@vger.kernel.org Signed-off-by: Linus Torvalds kernel/sysctl.c | 1 + 1 file changed, 1 insertion(+) commit 928d336a93534df66c0448db61cc4d22705e5b9e Merge: bed7b01 df1539c Author: Linus Torvalds Date: Thu Jan 26 09:08:49 2017 -0800 Merge tag 'pinctrl-v4.10-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl Pull pin control fixes from Linus Walleij: "A bunch of pin control fixes for v4.10 that didn't get sent off until now, sorry for the delay. It's only driver fixes: - A bunch of fixes to the Intel drivers: broxton, baytrail. Bugs related to register offsets, IRQ, debounce functionality. - Fix a conflict amongst UART settings on the meson. - Fix the ethernet setting on the Uniphier. - A compilation warning squelched" * tag 'pinctrl-v4.10-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl: pinctrl: uniphier: fix Ethernet (RMII) pin-mux setting for LD20 pinctrl: meson: fix uart_ao_b for GXBB and GXL/GXM pinctrl: amd: avoid maybe-uninitalized warning pinctrl: baytrail: Do not add all GPIOs to IRQ domain pinctrl: baytrail: Rectify debounce support pinctrl: intel: Set pin direction properly pinctrl: broxton: Use correct PADCFGLOCK offset commit 08965c2eba135bdfb6e86cf25308e01421c7e0ce Author: Bart Van Assche Date: Wed Jan 25 13:43:56 2017 -0800 Revert "sd: remove __data_len hack for WRITE SAME" This patch reverts commit f80de881d8df and avoids that sending a WRITE SAME command to the iSCSI initiator triggers the following: BUG: unable to handle kernel NULL pointer dereference at 0000000000000014 TARGET_CORE[iSCSI]: Expected Transfer Length: 260096 does not match SCSI CDB Length: 512 for SAM Opcode: 0x41 IP: iscsi_tcp_segment_done+0x20b/0x310 [libiscsi_tcp] Oops: 0000 [#1] SMP Modules linked in: target_core_user uio target_core_iblock target_core_file iscsi_target_mod target_core_mod netconsole configfs crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel aes_x86_64 crypto_simd cryptd glue_helper virtio_console virtio_rng virtio_balloon serio_raw i2c_piix4 acpi_cpufreq button iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi ext4 jbd2 mbcache virtio_blk virtio_net psmouse floppy drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops ttm drm virtio_pci CPU: 2 PID: 5 Comm: kworker/u8:0 Not tainted 4.10.0-rc5-debug+ #3 Workqueue: iscsi_q_0 iscsi_xmitworker [libiscsi] RIP: 0010:iscsi_tcp_segment_done+0x20b/0x310 [libiscsi_tcp] Call Trace: iscsi_sw_tcp_xmit_segment+0x84/0x120 [iscsi_tcp] iscsi_sw_tcp_pdu_xmit+0x51/0x180 [iscsi_tcp] iscsi_tcp_task_xmit+0xb3/0x290 [libiscsi_tcp] iscsi_xmit_task+0x4e/0xc0 [libiscsi] iscsi_xmitworker+0x243/0x330 [libiscsi] process_one_work+0x1d8/0x4b0 worker_thread+0x49/0x4a0 kthread+0x102/0x140 Fixes: f80de881d8df ("sd: remove __data_len hack for WRITE SAME") Signed-off-by: Bart Van Assche Cc: Hannes Reinecke Cc: Sagi Grimberg Cc: Jens Axboe Cc: Lee Duncan Cc: Chris Leech Acked-by: Christoph Hellwig Acked-by: Martin K. Petersen Signed-off-by: Jens Axboe drivers/scsi/sd.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) commit 0d4ee015d5ea50febb882d00520d62c6de3f725c Merge: 690e532 19e420b Author: Jens Axboe Date: Thu Jan 26 09:56:15 2017 -0700 Merge branch 'nvme-4.10-fixes' of git://git.infradead.org/nvme into for-linus Pull nvme target fixes from Sagi: Given that its -rc6, I removed anything that is not bug fix. - nvmet-fc discard fix from Christoph - queue disconnect fix from James - nvmet-rdma dma sync fix from Parav - Some more nvmet fixes commit bed7b016091d2f9bdc3f3c28899b33adab7c4786 Merge: 49e555a 54a07c7 Author: Linus Torvalds Date: Thu Jan 26 08:55:33 2017 -0800 Merge tag 'drm-fixes-for-v4.10-rc6-revert-one' of git://people.freedesktop.org/~airlied/linux Pull drm revert from Dave Airlie: "Revert one patch missing some prereqs. One of the connector fixes was missing some prereqs, we have an alternate driver fix that should work that I'll send tomorrow. Today is a holiday here so quickly smashing this out" Daniel Vetter explains: "I pushed a locking change to fix a nouveau rpm issue to -fixes that needed the connector_list rework. And that's only in -next, but I missed that. Dave has the revert in a pull, and he'll follow-up with the hack nouveau patch for 4.10, and then we'll reapply the proper fix again for -next and revert the hacks. A bit a mess, but should be sorted soon" * tag 'drm-fixes-for-v4.10-rc6-revert-one' of git://people.freedesktop.org/~airlied/linux: Revert "drm/probe-helpers: Drop locking from poll_enable" commit 19e420bb4076ace670addc55300e3b8c4a02dfc6 Author: Christoph Hellwig Date: Thu Jan 19 16:55:57 2017 +0100 nvme-fc: use blk_rq_nr_phys_segments Without this deallocate won't work properly due to the mismatch of the bio/request size and the actual payload size. Signed-off-by: Christoph Hellwig Reviewed-by: James Smart Reviewed-by: Johannes Thumshirn Signed-off-by: Sagi Grimberg drivers/nvme/host/fc.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 748ff8408f8e208f279ba221e5c12612fbb4dddb Author: Parav Pandit Date: Thu Jan 19 09:55:08 2017 -0600 nvmet-rdma: Fix missing dma sync to nvme data structures This patch performs dma sync operations on nvme_command and nvme_completion. nvme_command is synced (a) on receiving of the recv queue completion for cpu access. (b) before posting recv wqe back to rdma adapter for device access. nvme_completion is synced (a) on receiving of the recv queue completion of associated nvme_command for cpu access. (b) before posting send wqe to rdma adapter for device access. This patch is generated for git://git.infradead.org/nvme-fabrics.git Branch: nvmf-4.10 Signed-off-by: Parav Pandit Reviewed-by: Max Gurtovoy drivers/nvme/target/rdma.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) commit 23a8ed4a624324dc696c328f09bd502c4a3816f0 Author: Sagi Grimberg Date: Sun Jan 1 13:18:26 2017 +0200 nvmet: Call fatal_error from keep-alive timout expiration We only need to call delete_ctrl once, so given that both keep-alive timeout and any other fatal error can trigger it, just make sure we only call delete_ctrl once. Signed-off-by: Sagi Grimberg Reviewed-by: Christoph Hellwig drivers/nvme/target/core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 06406d81a2d7cfb8abcc4fa6cdfeb8e5897007c5 Author: Sagi Grimberg Date: Sun Jan 1 13:41:56 2017 +0200 nvmet: cancel fatal error and flush async work before free controller Make sure they are not running and we can free the controller safely. Signed-off-by: Roy Shterman Signed-off-by: Sagi Grimberg Reviewed-by: Christoph Hellwig drivers/nvme/target/core.c | 3 +++ 1 file changed, 3 insertions(+) commit 344770b07b7ae70639ebf110010eb6156a6e55e9 Author: Sagi Grimberg Date: Sun Nov 27 22:29:17 2016 +0200 nvmet: delete controllers deletion upon subsystem release No reason for them to be kept around if we are deleting the subsystem, so instead of passively wait for the host to disconnect, actively delete the controllers. Signed-off-by: Sagi Grimberg Reviewed-by: Johannes Thumshirn Reviewed-by: Max Gurtovoy Reviewed-by: Christoph Hellwig drivers/nvme/target/configfs.c | 1 + drivers/nvme/target/core.c | 10 ++++++++++ drivers/nvme/target/nvmet.h | 1 + 3 files changed, 12 insertions(+) commit c81e55e057b6458aac6d96a6429ef021b7f6f62c Author: James Smart Date: Sat Dec 24 09:46:43 2016 -0800 nvmet_fc: correct logic in disconnect queue LS handling Correct logic in disconnect queue LS handling. Rework so that queue searching and error reporting is above the section to send back a ls rjt Signed-off-by: James Smart Signed-off-by: Sagi Grimberg drivers/nvme/target/fc.c | 36 ++++++++++++++++++++++-------------- 1 file changed, 22 insertions(+), 14 deletions(-) commit 2aa6ba7b5ad3189cc27f14540aa2f57f0ed8df4b Author: Darrick J. Wong Date: Wed Jan 25 20:24:57 2017 -0800 xfs: clear _XBF_PAGES from buffers when readahead page If we try to allocate memory pages to back an xfs_buf that we're trying to read, it's possible that we'll be so short on memory that the page allocation fails. For a blocking read we'll just wait, but for readahead we simply dump all the pages we've collected so far. Unfortunately, after dumping the pages we neglect to clear the _XBF_PAGES state, which means that the subsequent call to xfs_buf_free thinks that b_pages still points to pages we own. It then double-frees the b_pages pages. This results in screaming about negative page refcounts from the memory manager, which xfs oughtn't be triggering. To reproduce this case, mount a filesystem where the size of the inodes far outweighs the availalble memory (a ~500M inode filesystem on a VM with 300MB memory did the trick here) and run bulkstat in parallel with other memory eating processes to put a huge load on the system. The "check summary" phase of xfs_scrub also works for this purpose. Signed-off-by: Darrick J. Wong Reviewed-by: Eric Sandeen fs/xfs/xfs_buf.c | 1 + 1 file changed, 1 insertion(+) commit 214767faa2f31285f92754393c036f13b55474a6 Merge: 529ec6a 4ea33ef Author: David S. Miller Date: Wed Jan 25 23:11:13 2017 -0500 Merge tag 'batadv-net-for-davem-20170125' of git://git.open-mesh.org/linux-merge Simon Wunderlich says: ==================== Here is a batman-adv bugfix: - fix reference count handling on fragmentation error, by Sven Eckelmann ==================== Signed-off-by: David S. Miller commit 529ec6ac26656378435eb0396a780f017d51e105 Author: Jakub Kicinski Date: Wed Jan 25 14:56:36 2017 -0800 virtio_net: reject XDP programs using header adjustment commit 17bedab27231 ("bpf: xdp: Allow head adjustment in XDP prog") added a new XDP helper to prepend and remove data from a frame. Make virtio_net reject programs making use of this helper until proper support is added. Signed-off-by: Jakub Kicinski Acked-by: John Fastabend Acked-by: Jason Wang Acked-by: Michael S. Tsirkin Signed-off-by: David S. Miller drivers/net/virtio_net.c | 5 +++++ 1 file changed, 5 insertions(+) commit b68df015609eac67f045c155cb3195e5a1061d66 Author: John Fastabend Date: Wed Jan 25 18:22:48 2017 -0800 virtio_net: use dev_kfree_skb for small buffer XDP receive In the small buffer case during driver unload we currently use put_page instead of dev_kfree_skb. Resolve this by adding a check for virtnet mode when checking XDP queue type. Also name the function so that the code reads correctly to match the additional check. Fixes: bb91accf2733 ("virtio-net: XDP support for small buffers") Signed-off-by: John Fastabend Acked-by: Jason Wang Acked-by: Michael S. Tsirkin Signed-off-by: David S. Miller drivers/net/virtio_net.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) commit 7480888f27e080ad5addb51456b2e03514721c3a Merge: f154be2 7489bda Author: David S. Miller Date: Wed Jan 25 22:47:31 2017 -0500 Merge branch 'r8152-napi-fixes' Hayes Wang says: ==================== r8152: fix scheduling napi v3: simply the argument for patch #3. Replace &tp->napi with napi. v2: Add smp_mb__after_atomic() for patch #1. v1: Scheduling the napi during the following periods would let it be ignored. And the events wouldn't be handled until next napi_schedule() is called. 1. after napi_disable and before napi_enable(). 2. after all actions of napi function is completed and before calling napi_complete(). If no next napi_schedule() is called, tx or rx would stop working. In order to avoid these situations, the followings solutions are applied. 1. prevent start_xmit() from calling napi_schedule() during runtime suspend or after napi_disable(). 2. re-schedule the napi for tx if it is necessary. 3. check if any rx is finished or not after napi_enable(). ==================== Signed-off-by: David S. Miller commit 7489bdadb7d17d3c81e39b85688500f700beb790 Author: hayeswang Date: Thu Jan 26 09:38:34 2017 +0800 r8152: check rx after napi is enabled Schedule the napi after napi_enable() for rx, if it is necessary. If the rx is completed when napi is disabled, the sheduling of napi would be lost. Then, no one handles the rx packet until next napi is scheduled. Signed-off-by: Hayes Wang Signed-off-by: David S. Miller drivers/net/usb/r8152.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) commit 248b213ad908b88db15941202ef7cb7eb137c1a0 Author: hayeswang Date: Thu Jan 26 09:38:33 2017 +0800 r8152: re-schedule napi for tx Re-schedule napi after napi_complete() for tx, if it is necessay. In r8152_poll(), if the tx is completed after tx_bottom() and before napi_complete(), the scheduling of napi would be lost. Then, no one handles the next tx until the next napi_schedule() is called. Signed-off-by: Hayes Wang Signed-off-by: David S. Miller drivers/net/usb/r8152.c | 3 +++ 1 file changed, 3 insertions(+) commit de9bf29dd6e4a8a874cb92f8901aed50a9d0b1d3 Author: hayeswang Date: Thu Jan 26 09:38:32 2017 +0800 r8152: avoid start_xmit to schedule napi when napi is disabled Stop the tx when the napi is disabled to prevent napi_schedule() is called. Signed-off-by: Hayes Wang Signed-off-by: David S. Miller drivers/net/usb/r8152.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) commit 26afec39306926654e9cd320f19bbf3685bb0997 Author: hayeswang Date: Thu Jan 26 09:38:31 2017 +0800 r8152: avoid start_xmit to call napi_schedule during autosuspend Adjust the setting of the flag of SELECTIVE_SUSPEND to prevent start_xmit() from calling napi_schedule() directly during runtime suspend. After calling napi_disable() or clearing the flag of WORK_ENABLE, scheduling the napi is useless. Signed-off-by: Hayes Wang Signed-off-by: David S. Miller drivers/net/usb/r8152.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) commit e13fe92bb58cf9b8f709ec18267ffc9e6ffeb016 Author: Gao Pan Date: Tue Jan 17 18:20:55 2017 +0800 i2c: imx-lpi2c: add VLLS mode support When system enters VLLS mode, module power is turned off. As a result, all registers are reset to HW default value. After exiting VLLS mode, registers are still in default mode. As a result, the pinctrl settings are incorrect, which will affect the module function. The patch recovers the pinctrl setting when exit VLLS mode. Signed-off-by: Gao Pan Reviewed-by: Vladimir Zapolskiy [wsa: added missing include] Signed-off-by: Wolfram Sang drivers/i2c/busses/i2c-imx-lpi2c.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) commit b9b487e494712c8e5905b724e12f5ef17e9ae6f9 Author: Alex Deucher Date: Wed Jan 25 12:00:29 2017 -0500 Revert "drm/radeon: always apply pci shutdown callbacks" This seems to break reboot on some evergreen systems. bugs: https://bugs.freedesktop.org/show_bug.cgi?id=99524 https://bugzilla.kernel.org/show_bug.cgi?id=192271 This reverts commit a481daa88fd4d6b54f25348972bba10b5f6a84d0. Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org drivers/gpu/drm/radeon/radeon_drv.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) commit 0e1929dedea36781e25902118c93edd8d8f09af1 Author: Mike Looijmans Date: Mon Jan 16 15:49:38 2017 +0100 i2c: i2c-cadence: Initialize configuration before probing devices The cadence I2C driver calls cdns_i2c_writereg(..) to setup a workaround in the controller, but did so after calling i2c_add_adapter() which starts probing devices on the bus. Change the order so that the configuration is completely finished before using the adapter. Signed-off-by: Mike Looijmans Signed-off-by: Wolfram Sang drivers/i2c/busses/i2c-cadence.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 1372cef1c697d8aac0cc923f8aa2c37d790ec9ed Author: Mark Rutland Date: Wed Jan 25 19:30:09 2017 +0000 regulator: fixed: Revert support for ACPI interface This reverts commit 13bed58ce874 (regulator: fixed: add support for ACPI interface). While there does appear to be a practical need to manage regulators on ACPI systems, using ad-hoc properties to describe regulators to the kernel presents a number of problems (especially should ACPI gain first class support for such things), and there are ongoing discussions as to how to manage this. Until there is a rough consensus, revert commit 13bed58ce8748d43, which hasn't been in a released kernel yet as discussed in [1] and the surrounding thread. [1] http://lkml.kernel.org/r/20170125184949.x2wkoo7kbaaajkjk@sirena.org.uk Signed-off-by: Mark Rutland Cc: Liam Girdwood Cc: Lorenzo Pieralisi Cc: Lu Baolu Cc: Mark Brown Cc: Rafael J. Wysocki Cc: linux-kernel@vger.kernel.org Signed-off-by: Mark Brown drivers/regulator/fixed.c | 46 ---------------------------------------------- 1 file changed, 46 deletions(-) commit 54a07c7bb0da0343734c78212bbe9f3735394962 Author: Dave Airlie Date: Thu Jan 26 06:44:03 2017 +1000 Revert "drm/probe-helpers: Drop locking from poll_enable" This reverts commit 3846fd9b86001bea171943cc3bb9222cb6da6b42. There were some precursor commits missing for this around connector locking, we should probably merge Lyude's nouveau avoid the problem patch. drivers/gpu/drm/drm_probe_helper.c | 51 ++++++++++++++++++++++-------------- drivers/gpu/drm/i915/intel_hotplug.c | 4 +-- include/drm/drm_crtc_helper.h | 1 + 3 files changed, 34 insertions(+), 22 deletions(-) commit f154be241d22298d2b63c9b613f619fa1086ea75 Author: Florian Fainelli Date: Wed Jan 25 09:10:41 2017 -0800 net: dsa: Bring back device detaching in dsa_slave_suspend() Commit 448b4482c671 ("net: dsa: Add lockdep class to tx queues to avoid lockdep splat") removed the netif_device_detach() call done in dsa_slave_suspend() which is necessary, and paired with a corresponding netif_device_attach(), bring it back. Fixes: 448b4482c671 ("net: dsa: Add lockdep class to tx queues to avoid lockdep splat") Signed-off-by: Florian Fainelli Reviewed-by: Andrew Lunn Signed-off-by: David S. Miller net/dsa/slave.c | 2 ++ 1 file changed, 2 insertions(+) commit d5bdc021ecc8b273259a02ff83ab13b2de9b9717 Merge: 8b901f6 3c880eb Author: David S. Miller Date: Wed Jan 25 14:40:25 2017 -0500 Merge branch 'phy-truncated-led-names' Geert Uytterhoeven says: ==================== net: phy: leds: Fix truncated LED trigger names and crashes I started seeing crashes during s2ram and poweroff on all my ARM boards, like: Unable to handle kernel NULL pointer dereference at virtual address 00000000 ... [] (__list_del_entry_valid) from [] (led_trigger_unregister+0x34/0xcc) [] (led_trigger_unregister) from [] (phy_led_triggers_unregister+0x28/0x34) [] (phy_led_triggers_unregister) from [] (phy_detach+0x30/0x74) [] (phy_detach) from [] (sh_eth_close+0x64/0x9c) [] (sh_eth_close) from [] (dpm_run_callback+0x48/0xc8) or: list_del corruption. prev->next should be dede6540, but was 2e323931 ------------[ cut here ]------------ kernel BUG at lib/list_debug.c:52! ... [] (__list_del_entry_valid) from [] (led_trigger_unregister+0x34/0xcc) [] (led_trigger_unregister) from [] (phy_led_triggers_unregister+0x28/0x34) [] (phy_led_triggers_unregister) from [] (phy_detach+0x30/0x74) [] (phy_detach) from [] (sh_eth_close+0x6c/0xa4) [] (sh_eth_close) from [] (__dev_close_many+0xac/0xd0) As the only clue was a kernel message like sh-eth ee700000.ethernet eth0: No phy led trigger registered for speed(100) I had to bisected this, leading to commit 4567d686f5c6d955 ("phy: increase size of MII_BUS_ID_SIZE and bus_id"). Reverting that commit fixed the issue. More investigation revealed the crashes are due to the combination of two things: - Truncated LED trigger names, leading to duplicate names, and registration failures, - Bad error handling in case of registration failures. Both are fixed by this patch series. Changes compared to v1: - Add Reviewed-by, - New patch "net: phy: leds: Break dependency of phy.h on phy_led_triggers.h", - Drop moving the include of , as no longer includes it, - #include from . ==================== Signed-off-by: David S. Miller commit 3c880eb0205222bb062970085ebedc73ec8dfd14 Author: Geert Uytterhoeven Date: Wed Jan 25 11:39:50 2017 +0100 net: phy: leds: Fix truncated LED trigger names Commit 4567d686f5c6d955 ("phy: increase size of MII_BUS_ID_SIZE and bus_id") increased the size of MII bus IDs, but forgot to update the private definition in . This may cause: 1. Truncation of LED trigger names, 2. Duplicate LED trigger names, 3. Failures registering LED triggers, 4. Crashes due to bad error handling in the LED trigger failure path. To fix this, and prevent the definitions going out of sync again in the future, let the PHY LED trigger code use the existing MII_BUS_ID_SIZE definition. Example: - Before I had triggers "ee700000.etherne:01:100Mbps" and "ee700000.etherne:01:10Mbps", - After the increase of MII_BUS_ID_SIZE, both became "ee700000.ethernet-ffffffff:01:" => FAIL, - Now, the triggers are "ee700000.ethernet-ffffffff:01:100Mbps" and "ee700000.ethernet-ffffffff:01:10Mbps", which are unique again. Fixes: 4567d686f5c6d955 ("phy: increase size of MII_BUS_ID_SIZE and bus_id") Fixes: 2e0bc452f4721520 ("net: phy: leds: add support for led triggers on phy link state change") Signed-off-by: Geert Uytterhoeven Reviewed-by: Andrew Lunn Signed-off-by: David S. Miller include/linux/phy_led_triggers.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit d6f8cfa3dea294eabf8f302e90176dd6381fb66e Author: Geert Uytterhoeven Date: Wed Jan 25 11:39:49 2017 +0100 net: phy: leds: Break dependency of phy.h on phy_led_triggers.h includes , which is not really needed. Drop the include from , and add it to all users that didn't include it explicitly. Suggested-by: Andrew Lunn Signed-off-by: Geert Uytterhoeven Reviewed-by: Andrew Lunn Signed-off-by: David S. Miller drivers/net/phy/phy.c | 1 + drivers/net/phy/phy_led_triggers.c | 1 + include/linux/phy.h | 1 - 3 files changed, 2 insertions(+), 1 deletion(-) commit 8a87fca8dd5879eb05a0903cb7ea4fd2a3876ae0 Author: Geert Uytterhoeven Date: Wed Jan 25 11:39:48 2017 +0100 net: phy: leds: Clear phy_num_led_triggers on failure to avoid crash phy_attach_direct() ignores errors returned by phy_led_triggers_register(). I think that's OK, as LED triggers can be considered a non-critical feature. However, this causes problems later: - phy_led_trigger_change_speed() will access the array phy_device.phy_led_triggers, which has been freed in the error path of phy_led_triggers_register(), which may lead to a crash. - phy_led_triggers_unregister() will access the same array, leading to crashes during s2ram or poweroff, like: Unable to handle kernel NULL pointer dereference at virtual address 00000000 ... [] (__list_del_entry_valid) from [] (led_trigger_unregister+0x34/0xcc) [] (led_trigger_unregister) from [] (phy_led_triggers_unregister+0x28/0x34) [] (phy_led_triggers_unregister) from [] (phy_detach+0x30/0x74) [] (phy_detach) from [] (sh_eth_close+0x64/0x9c) [] (sh_eth_close) from [] (dpm_run_callback+0x48/0xc8) or: list_del corruption. prev->next should be dede6540, but was 2e323931 ------------[ cut here ]------------ kernel BUG at lib/list_debug.c:52! ... [] (__list_del_entry_valid) from [] (led_trigger_unregister+0x34/0xcc) [] (led_trigger_unregister) from [] (phy_led_triggers_unregister+0x28/0x34) [] (phy_led_triggers_unregister) from [] (phy_detach+0x30/0x74) [] (phy_detach) from [] (sh_eth_close+0x6c/0xa4) [] (sh_eth_close) from [] (__dev_close_many+0xac/0xd0) To fix this, clear phy_device.phy_num_led_triggers in the error path of phy_led_triggers_register() fails. Note that the "No phy led trigger registered for speed" message will still be printed on link speed changes, which is a good cue that something went wrong with the LED triggers. Fixes: 2e0bc452f4721520 ("net: phy: leds: add support for led triggers on phy link state change") Signed-off-by: Geert Uytterhoeven Reviewed-by: Florian Fainelli Signed-off-by: David S. Miller drivers/net/phy/phy_led_triggers.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) commit 8b901f6bbcf12a20e43105d161bedde093431e61 Author: John Crispin Date: Wed Jan 25 09:20:55 2017 +0100 net-next: ethernet: mediatek: change the compatible string When the binding was defined, I was not aware that mt2701 was an earlier version of the SoC. For sake of consistency, the ethernet driver should use mt2701 inside the compat string as this is the earliest SoC with the ethernet core. The ethernet driver is currently of no real use until we finish and upstream the DSA driver. There are no users of this binding yet. It should be safe to fix this now before it is too late and we need to provide backward compatibility for the mt7623-eth compat string. Reported-by: Sean Wang Signed-off-by: John Crispin Signed-off-by: David S. Miller drivers/net/ethernet/mediatek/mtk_eth_soc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 61976fff20f92aceecc3670f6168bfc57a79e047 Author: John Crispin Date: Wed Jan 25 09:20:54 2017 +0100 Documentation: devicetree: change the mediatek ethernet compatible string When the binding was defined, I was not aware that mt2701 was an earlier version of the SoC. For sake of consistency, the ethernet driver should use mt2701 inside the compat string as this is the earliest SoC with the ethernet core. The ethernet driver is currently of no real use until we finish and upstream the DSA driver. There are no users of this binding yet. It should be safe to fix this now before it is too late and we need to provide backward compatibility for the mt7623-eth compat string. Reported-by: Sean Wang Signed-off-by: John Crispin Reviewed-by: Matthias Brugger Signed-off-by: David S. Miller Documentation/devicetree/bindings/net/mediatek-net.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit c0d9665f0819837afced95247f230fdc8b041658 Merge: 56d8062 90c694b Author: David S. Miller Date: Wed Jan 25 13:27:14 2017 -0500 Merge branch 'bnxt_en-rtnl-fixes' Michael Chan says: ==================== bnxt_en: Fix RTNL lock usage in bnxt_sp_task(). There are 2 function calls from bnxt_sp_task() that have buggy RTNL usage. These 2 functions take RTNL lock under some conditions, but some callers (such as open, ethtool) have already taken RTNL. These 3 patches fix the issue by making it clear that callers must take RTNL. If the caller is bnxt_sp_task() which does not automatically take RTNL, we add a common scheme for bnxt_sp_task() to call these functions properly under RTNL. ==================== Signed-off-by: David S. Miller commit 90c694bb71819fb5bd3501ac397307d7e41ddeca Author: Michael Chan Date: Wed Jan 25 02:55:09 2017 -0500 bnxt_en: Fix RTNL lock usage on bnxt_get_port_module_status(). bnxt_get_port_module_status() calls bnxt_update_link() which expects RTNL to be held. In bnxt_sp_task() that does not hold RTNL, we need to call it with a prior call to bnxt_rtnl_lock_sp() and the call needs to be moved to the end of bnxt_sp_task(). Signed-off-by: Michael Chan Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/bnxt/bnxt.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) commit 0eaa24b971ae251ae9d3be23f77662a655532063 Author: Michael Chan Date: Wed Jan 25 02:55:08 2017 -0500 bnxt_en: Fix RTNL lock usage on bnxt_update_link(). bnxt_update_link() is called from multiple code paths. Most callers, such as open, ethtool, already hold RTNL. Only the caller bnxt_sp_task() does not. So it is a bug to take RTNL inside bnxt_update_link(). Fix it by removing the RTNL inside bnxt_update_link(). The function now expects the caller to always hold RTNL. In bnxt_sp_task(), call bnxt_rtnl_lock_sp() before calling bnxt_update_link(). We also need to move the call to the end of bnxt_sp_task() since it will be clearing the BNXT_STATE_IN_SP_TASK bit. Signed-off-by: Michael Chan Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/bnxt/bnxt.c | 37 +++++++++++++++---------------- 1 file changed, 18 insertions(+), 19 deletions(-) commit a551ee94ea723b4af9b827c7460f108bc13425ee Author: Michael Chan Date: Wed Jan 25 02:55:07 2017 -0500 bnxt_en: Fix bnxt_reset() in the slow path task. In bnxt_sp_task(), we set a bit BNXT_STATE_IN_SP_TASK so that bnxt_close() will synchronize and wait for bnxt_sp_task() to finish. Some functions in bnxt_sp_task() require us to clear BNXT_STATE_IN_SP_TASK and then acquire rtnl_lock() to prevent race conditions. There are some bugs related to this logic. This patch refactors the code to have common bnxt_rtnl_lock_sp() and bnxt_rtnl_unlock_sp() to handle the RTNL and the clearing/setting of the bit. Multiple functions will need the same logic. We also need to move bnxt_reset() to the end of bnxt_sp_task(). Functions that clear BNXT_STATE_IN_SP_TASK must be the last functions to be called in bnxt_sp_task(). The common scheme will handle the condition properly. Signed-off-by: Michael Chan Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/bnxt/bnxt.c | 38 ++++++++++++++++++++----------- 1 file changed, 25 insertions(+), 13 deletions(-) commit 49e555a932de57611eb27edf2d1ad03d9a267bdd Merge: 883af14 c707061 Author: Linus Torvalds Date: Wed Jan 25 10:25:36 2017 -0800 Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost Pull virtio/vhost fixes from Michael Tsirkin: - ARM DMA fixes - vhost vsock bugfix * tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost: vring: Force use of DMA API for ARM-based systems with legacy devices virtio_mmio: Set DMA masks appropriately vhost/vsock: handle vhost_vq_init_access() error commit 56d806222ace4c3aeae516cd7a855340fb2839d8 Author: Jason Baron Date: Tue Jan 24 21:49:41 2017 -0500 tcp: correct memory barrier usage in tcp_check_space() sock_reset_flag() maps to __clear_bit() not the atomic version clear_bit(). Thus, we need smp_mb(), smp_mb__after_atomic() is not sufficient. Fixes: 3c7151275c0c ("tcp: add memory barriers to write space paths") Cc: Eric Dumazet Cc: Oleg Nesterov Signed-off-by: Jason Baron Acked-by: Eric Dumazet Reported-by: Oleg Nesterov Signed-off-by: David S. Miller net/ipv4/tcp_input.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 5207f3996338e1db71363fe381c81aaf1e54e4e3 Author: Xin Long Date: Tue Jan 24 14:05:16 2017 +0800 sctp: sctp gso should set feature with NETIF_F_SG when calling skb_segment Now sctp gso puts segments into skb's frag_list, then processes these segments in skb_segment. But skb_segment handles them only when gs is enabled, as it's in the same branch with skb's frags. Although almost all the NICs support sg other than some old ones, but since commit 1e16aa3ddf86 ("net: gso: use feature flag argument in all protocol gso handlers"), features &= skb->dev->hw_enc_features, and xfrm_output_gso call skb_segment with features = 0, which means sctp gso would call skb_segment with sg = 0, and skb_segment would not work as expected. This patch is to fix it by setting features param with NETIF_F_SG when calling skb_segment so that it can go the right branch to process the skb's frag_list. Signed-off-by: Xin Long Signed-off-by: David S. Miller net/sctp/offload.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 6f29a130613191d3c6335169febe002cba00edf5 Author: Xin Long Date: Tue Jan 24 14:01:53 2017 +0800 sctp: sctp_addr_id2transport should verify the addr before looking up assoc sctp_addr_id2transport is a function for sockopt to look up assoc by address. As the address is from userspace, it can be a v4-mapped v6 address. But in sctp protocol stack, it always handles a v4-mapped v6 address as a v4 address. So it's necessary to convert it to a v4 address before looking up assoc by address. This patch is to fix it by calling sctp_verify_addr in which it can do this conversion before calling sctp_endpoint_lookup_assoc, just like what sctp_sendmsg and __sctp_connect do for the address from users. Signed-off-by: Xin Long Acked-by: Neil Horman Signed-off-by: David S. Miller net/sctp/socket.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) commit 493611ebd62673f39e2f52c2561182c558a21cb6 Author: Christoph Hellwig Date: Wed Jan 25 08:59:43 2017 -0800 xfs: extsize hints are not unlikely in xfs_bmap_btalloc With COW files they are the hotpath, just like for files with the extent size hint attribute. We really shouldn't micro-manage anything but failure cases with unlikely. Additionally Arnd Bergmann recently reported that one of these two unlikely annotations causes link failures together with an upcoming kernel instrumentation patch, so let's get rid of it ASAP. Signed-off-by: Christoph Hellwig Reported-by: Arnd Bergmann Reviewed-by: Darrick J. Wong Signed-off-by: Darrick J. Wong fs/xfs/libxfs/xfs_bmap.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 5a93790d4e2df73e30c965ec6e49be82fc3ccfce Author: Brian Foster Date: Wed Jan 25 07:53:43 2017 -0800 xfs: remove racy hasattr check from attr ops xfs_attr_[get|remove]() have unlocked attribute fork checks to optimize away a lock cycle in cases where the fork does not exist or is otherwise empty. This check is not safe, however, because an attribute fork short form to extent format conversion includes a transient state that causes the xfs_inode_hasattr() check to fail. Specifically, xfs_attr_shortform_to_leaf() creates an empty extent format attribute fork and then adds the existing shortform attributes to it. This means that lookup of an existing xattr can spuriously return -ENOATTR when racing against a setxattr that causes the associated format conversion. This was originally reproduced by an untar on a particularly configured glusterfs volume, but can also be reproduced on demand with properly crafted xattr requests. The format conversion occurs under the exclusive ilock. xfs_attr_get() and xfs_attr_remove() already have the proper locking and checks further down in the functions to handle this situation correctly. Drop the unlocked checks to avoid the spurious failure and rely on the existing logic. Signed-off-by: Brian Foster Reviewed-by: Christoph Hellwig Reviewed-by: Darrick J. Wong Signed-off-by: Darrick J. Wong fs/xfs/libxfs/xfs_attr.c | 6 ------ 1 file changed, 6 deletions(-) commit 76d771b4cbe33c581bd6ca2710c120be51172440 Author: Christoph Hellwig Date: Wed Jan 25 07:49:35 2017 -0800 xfs: use per-AG reservations for the finobt Currently we try to rely on the global reserved block pool for block allocations for the free inode btree, but I have customer reports (fairly complex workload, need to find an easier reproducer) where that is not enough as the AG where we free an inode that requires a new finobt block is entirely full. This causes us to cancel a dirty transaction and thus a file system shutdown. I think the right way to guard against this is to treat the finot the same way as the refcount btree and have a per-AG reservations for the possible worst case size of it, and the patch below implements that. Note that this could increase mount times with large finobt trees. In an ideal world we would have added a field for the number of finobt fields to the AGI, similar to what we did for the refcount blocks. We should do add it next time we rev the AGI or AGF format by adding new fields. Signed-off-by: Christoph Hellwig Reviewed-by: Darrick J. Wong Signed-off-by: Darrick J. Wong fs/xfs/libxfs/xfs_ag_resv.c | 47 ++++++++++++++++++--- fs/xfs/libxfs/xfs_ialloc_btree.c | 90 ++++++++++++++++++++++++++++++++++++++-- fs/xfs/libxfs/xfs_ialloc_btree.h | 3 ++ fs/xfs/xfs_inode.c | 23 +++++----- fs/xfs/xfs_mount.h | 1 + 5 files changed, 144 insertions(+), 20 deletions(-) commit 4dfa2b84118fd6c95202ae87e62adf5000ccd4d0 Author: Christoph Hellwig Date: Wed Jan 25 07:49:34 2017 -0800 xfs: only update mount/resv fields on success in __xfs_ag_resv_init Try to reserve the blocks first and only then update the fields in or hanging off the mount structure. This way we can call __xfs_ag_resv_init again after a previous failure. Signed-off-by: Christoph Hellwig Reviewed-by: Darrick J. Wong Signed-off-by: Darrick J. Wong fs/xfs/libxfs/xfs_ag_resv.c | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) commit fd25ea29093e275195d0ae8b2573021a1c98959f Author: Hans de Goede Date: Sun Jan 22 13:24:05 2017 +0100 Revert "ACPI / video: Add force_native quirk for HP Pavilion dv6" Revert commit 6276e53fa8c0 (ACPI / video: Add force_native quirk for HP Pavilion dv6). In the commit message for the quirk this revert removes I wrote: "Note that there are quite a few HP Pavilion dv6 variants, some woth ATI and some with NVIDIA hybrid gfx, both seem to need this quirk to have working backlight control. There are also some versions with only Intel integrated gfx, these may not need this quirk, but it should not hurt there." Unfortunately that seems wrong, I've already received 2 reports of this commit causing regressions on some dv6 variants (at least one of which actually has a nvidia GPU). So it seems that HP has made a mess here by using the same model-name both in marketing and in the DMI data for many different variants. Some of which need acpi_backlight=native for functional backlight control (as the quirk this commit reverts was doing), where as others are broken by it. So lets get back to the old sitation so as to avoid regressing on models which used to work without any kernel cmdline arguments before. Fixes: 6276e53fa8c0 (ACPI / video: Add force_native quirk for HP Pavilion dv6) Signed-off-by: Hans de Goede Signed-off-by: Rafael J. Wysocki drivers/acpi/video_detect.c | 11 ----------- 1 file changed, 11 deletions(-) commit 45d9f43911a96c23ebd08efea0ff57af7016eb32 Merge: 2f5db26 ba7addc Author: Jani Nikula Date: Wed Jan 25 13:04:12 2017 +0200 Merge tag 'gvt-fixes-2017-01-25' of https://github.com/01org/gvt-linux into drm-intel-fixes gvt-fixes-2017-01-25 - re-enable shadow batch buffer for security that was falsely turned off. - kvmgt/mdev typo fix for correct ABI - gvt mail list change Signed-off-by: Jani Nikula commit 83e526f2a2fa4b2e82b6bd3ddbb26b70acfa8947 Author: Vincent Pelletier Date: Wed Jan 18 00:57:44 2017 +0000 usb: gadget: f_fs: Assorted buffer overflow checks. OS descriptor head, when flagged as provided, is accessed without checking if it fits in provided buffer. Verify length before access. Also, there are other places where buffer length it checked after accessing offsets which are potentially past the end. Check buffer length before as well to fail cleanly. Signed-off-by: Vincent Pelletier Acked-by: Felipe Balbi Cc: stable Signed-off-by: Greg Kroah-Hartman drivers/usb/gadget/function/f_fs.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) commit 2f5db26c2ecb248bdc319feb2990453cb02fc950 Author: Daniele Ceraolo Spurio Date: Fri Jan 20 13:51:23 2017 -0800 drm/i915: reinstate call to trace_i915_vma_bind The call went away in: commit 3b16525cc4c1a43e9053cfdc414356eea24bdfad Author: Chris Wilson Date: Thu Aug 4 16:32:25 2016 +0100 drm/i915: Split insertion/binding of an object into the VM It is useful to have this trace as it pairs nicely with the vma_unbind one to track vma activity. Added inside the i915_vma_bind function (was outside before) to keep a similar placement as trace_i915_vma_unbind. v2: print bind_flags instead of flags (Chris) Fixes: 3b16525cc4c1 ("drm/i915: Split insertion/binding of an object into the VM") Cc: Chris Wilson Signed-off-by: Daniele Ceraolo Spurio Link: http://patchwork.freedesktop.org/patch/msgid/1484949083-11430-1-git-send-email-daniele.ceraolospurio@intel.com Reviewed-by: Chris Wilson Signed-off-by: Chris Wilson (cherry picked from commit 6146e6da5c961735dacf9b6c0c8b5f1382193ee2) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/i915_vma.c | 1 + 1 file changed, 1 insertion(+) commit 6f0f02dc56f18760b46dc1bf5b3f7386869d4162 Author: Chris Wilson Date: Mon Jan 23 21:29:39 2017 +0000 drm/i915: Move atomic state free from out of fence release Fences are required to support being released from under an atomic context. The drm_atomic_state struct may take a mutex when being released and so we cannot drop a reference to the drm_atomic_state from the fence release path directly, and so we need to defer that unreference to a worker. [ 326.576697] WARNING: CPU: 2 PID: 366 at kernel/sched/core.c:7737 __might_sleep+0x5d/0x80 [ 326.576816] do not call blocking ops when !TASK_RUNNING; state=1 set at [] intel_breadcrumbs_signaler+0x59/0x270 [i915] [ 326.576818] Modules linked in: rfcomm fuse snd_hda_codec_hdmi bnep snd_hda_codec_realtek snd_hda_codec_generic snd_hda_intel snd_hda_codec snd_hwdep snd_hda_core snd_pcm snd_seq_midi snd_seq_midi_event snd_rawmidi snd_seq snd_seq_device snd_timer input_leds led_class snd punit_atom_debug btusb btrtl btbcm btintel intel_rapl bluetooth i915 drm_kms_helper syscopyarea sysfillrect iwlwifi sysimgblt soundcore fb_sys_fops mei_txe cfg80211 drm pwm_lpss_platform pwm_lpss pinctrl_cherryview fjes acpi_pad parport_pc ppdev parport autofs4 [ 326.576899] CPU: 2 PID: 366 Comm: i915/signal:0 Tainted: G U 4.10.0-rc3-patser+ #5030 [ 326.576902] Hardware name: /NUC5PPYB, BIOS PYBSWCEL.86A.0031.2015.0601.1712 06/01/2015 [ 326.576905] Call Trace: [ 326.576920] dump_stack+0x4d/0x6d [ 326.576926] __warn+0xc0/0xe0 [ 326.576931] warn_slowpath_fmt+0x5a/0x80 [ 326.577004] ? intel_breadcrumbs_signaler+0x59/0x270 [i915] [ 326.577075] ? intel_breadcrumbs_signaler+0x59/0x270 [i915] [ 326.577079] __might_sleep+0x5d/0x80 [ 326.577087] mutex_lock+0x1b/0x40 [ 326.577133] drm_property_free_blob+0x1e/0x80 [drm] [ 326.577167] ? drm_property_destroy+0xe0/0xe0 [drm] [ 326.577200] drm_mode_object_unreference+0x5c/0x70 [drm] [ 326.577233] drm_property_unreference_blob+0xe/0x10 [drm] [ 326.577260] __drm_atomic_helper_crtc_destroy_state+0x14/0x40 [drm_kms_helper] [ 326.577278] drm_atomic_helper_crtc_destroy_state+0x10/0x20 [drm_kms_helper] [ 326.577352] intel_crtc_destroy_state+0x9/0x10 [i915] [ 326.577388] drm_atomic_state_default_clear+0xea/0x1d0 [drm] [ 326.577462] intel_atomic_state_clear+0xd/0x20 [i915] [ 326.577497] drm_atomic_state_clear+0x1a/0x30 [drm] [ 326.577532] __drm_atomic_state_free+0x13/0x60 [drm] [ 326.577607] intel_atomic_commit_ready+0x6f/0x78 [i915] [ 326.577670] i915_sw_fence_release+0x3a/0x50 [i915] [ 326.577733] dma_i915_sw_fence_wake+0x39/0x80 [i915] [ 326.577741] dma_fence_signal+0xda/0x120 [ 326.577812] ? intel_breadcrumbs_signaler+0x59/0x270 [i915] [ 326.577884] intel_breadcrumbs_signaler+0xb1/0x270 [i915] [ 326.577889] kthread+0x127/0x130 [ 326.577961] ? intel_engine_remove_wait+0x1a0/0x1a0 [i915] [ 326.577964] ? kthread_stop+0x120/0x120 [ 326.577970] ret_from_fork+0x22/0x30 Fixes: c004a90b7263 ("drm/i915: Restore nonblocking awaits for modesetting") Reported-by: Maarten Lankhorst Signed-off-by: Chris Wilson Cc: Chris Wilson Cc: Joonas Lahtinen Cc: Maarten Lankhorst Cc: Daniel Vetter Link: http://patchwork.freedesktop.org/patch/msgid/20170123212939.30345-1-chris@chris-wilson.co.uk Cc: # v4.10-rc1+ Reviewed-by: Joonas Lahtinen (cherry picked from commit eb955eee27d9dc176871540c43c9070ee4701642) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/i915_drv.h | 5 +++++ drivers/gpu/drm/i915/intel_display.c | 28 ++++++++++++++++++++++++++-- drivers/gpu/drm/i915/intel_drv.h | 2 ++ 3 files changed, 33 insertions(+), 2 deletions(-) commit 6d1d427a4e24c403b4adf928d61994bdaa0ca03a Author: Ander Conselvan de Oliveira Date: Fri Jan 20 16:28:45 2017 +0200 drm/i915: Check for NULL atomic state in intel_crtc_disable_noatomic() In intel_crtc_disable_noatomic(), bail on a failure to allocate an atomic state to avoid a NULL pointer dereference. Fixes: 4a80655827af ("drm/i915: Pass atomic state to crtc enable/disable functions") Cc: Maarten Lankhorst Cc: Daniel Vetter Cc: Daniel Vetter Cc: Jani Nikula Cc: intel-gfx@lists.freedesktop.org Cc: # v4.9+ Signed-off-by: Ander Conselvan de Oliveira Reviewed-by: Ville Syrjälä Link: http://patchwork.freedesktop.org/patch/msgid/1484922525-6131-4-git-send-email-ander.conselvan.de.oliveira@intel.com (cherry picked from commit 31bb2ef97ea9db343348f9b5ccaa9bb6f48fc655) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_display.c | 6 ++++++ 1 file changed, 6 insertions(+) commit 3781bd6e7d64d5f5bea9fdee11ab9460a700c0e4 Author: Ander Conselvan de Oliveira Date: Fri Jan 20 16:28:44 2017 +0200 drm/i915: Fix calculation of rotated x and y offsets for planar formats Parameters tile_size, tile_width and tile_height were passed in the wrong order to _intel_adjust_tile_offset() when calculating the rotated offsets. This doesn't fix any user visible bug, since for packed formats new and old offset are the same and the rotated offsets are within a tile before they are fed to _intel_adjust_tile_offset(). In that case, the offsets are unchanged. That is not true for planar formats, but those are currently not supported. Fixes: 66a2d927cb0e ("drm/i915: Make intel_adjust_tile_offset() work for linear buffers") Cc: Ville Syrjälä Cc: Sivakumar Thulasimani Cc: Daniel Vetter Cc: Jani Nikula Cc: intel-gfx@lists.freedesktop.org Cc: # v4.9+ Signed-off-by: Ander Conselvan de Oliveira Reviewed-by: Ville Syrjälä Link: http://patchwork.freedesktop.org/patch/msgid/1484922525-6131-3-git-send-email-ander.conselvan.de.oliveira@intel.com (cherry picked from commit 46a1bd289507dfcc428fb9daf65421ed6be6af8b) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_display.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 21d6e0bde50713922a6520ef84e5fd245b05d468 Author: Ander Conselvan de Oliveira Date: Fri Jan 20 16:28:43 2017 +0200 drm/i915: Don't init hpd polling for vlv and chv from runtime_suspend() An error in the condition for avoiding the call to intel_hpd_poll_init() for valleyview and cherryview from intel_runtime_suspend() caused it to be called unconditionally. Fix it. Fixes: 19625e85c6ec ("drm/i915: Enable polling when we don't have hpd") Cc: stable@vger.kernel.org Cc: Ville Syrjälä Cc: Daniel Vetter Cc: Lyude Cc: Daniel Vetter Cc: Jani Nikula Cc: intel-gfx@lists.freedesktop.org Cc: # v4.9+ Signed-off-by: Ander Conselvan de Oliveira Reviewed-by: Ville Syrjälä Link: http://patchwork.freedesktop.org/patch/msgid/1484922525-6131-2-git-send-email-ander.conselvan.de.oliveira@intel.com (cherry picked from commit 04313b00b79405f86d815100f85c47a2ee5b8ca0) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/i915_drv.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit c34f078675f505c4437919bb1897b1351f16a050 Author: Ander Conselvan de Oliveira Date: Fri Jan 20 16:28:42 2017 +0200 drm/i915: Don't leak edid in intel_crt_detect_ddc() In the path where intel_crt_detect_ddc() detects a CRT, if would return true without freeing the edid. Fixes: a2bd1f541f19 ("drm/i915: check whether we actually received an edid in detect_ddc") Cc: Chris Wilson Cc: Daniel Vetter Cc: Daniel Vetter Cc: Jani Nikula Cc: intel-gfx@lists.freedesktop.org Cc: # v3.6+ Signed-off-by: Ander Conselvan de Oliveira Reviewed-by: Ville Syrjälä Reviewed-by: Jani Nikula Link: http://patchwork.freedesktop.org/patch/msgid/1484922525-6131-1-git-send-email-ander.conselvan.de.oliveira@intel.com (cherry picked from commit c96b63a6a7ac4bd670ec2e663793a9a31418b790) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_crt.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) commit a38a7bd1766b42ea0ed14b99be23a653922ed5c8 Author: Chris Wilson Date: Thu Jan 19 11:37:49 2017 +0000 drm/i915: Release temporary load-detect state upon switching After we call drm_atomic_commit() on the load-detect state, we can free our local reference. Upon restore, we only apply and free the previous state. Fixes: 0853695c3ba4 ("drm: Add reference counting to drm_atomic_state") Signed-off-by: Chris Wilson Cc: Chris Wilson Cc: Daniel Vetter Cc: # v4.10-rc1+ Link: http://patchwork.freedesktop.org/patch/msgid/20170119113749.2517-1-chris@chris-wilson.co.uk Reviewed-by: Ville Syrjälä (cherry picked from commit 7abbd11f344aa7abe29befb218774a1ea26018ac) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_display.c | 1 + 1 file changed, 1 insertion(+) commit 27892bbdc9233f33bf0f44e08aab8f12e0dec142 Author: Clint Taylor Date: Wed Jan 18 13:38:43 2017 -0800 drm/i915: prevent crash with .disable_display parameter The .disable_display parameter was causing a fatal crash when fbdev was dereferenced during driver init. V1: protection in i915_drv.c V2: Moved protection to intel_fbdev.c Fixes: 43cee314345a ("drm/i915/fbdev: Limit the global async-domain synchronization") Testcase: igt/drv_module_reload/basic-no-display Cc: Chris Wilson Signed-off-by: Clint Taylor Link: http://patchwork.freedesktop.org/patch/msgid/1484775523-29428-1-git-send-email-clinton.a.taylor@intel.com Reviewed-by: Chris Wilson Cc: Lukas Wunner Cc: Daniel Vetter Cc: Jani Nikula Cc: # v4.8+ Signed-off-by: Chris Wilson (cherry picked from commit 5b8cd0755f8a06a851c436a013e7be0823fb155a) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_fbdev.c | 3 +++ 1 file changed, 3 insertions(+) commit b78671591a10218ab18bbea120fd05df7a002e88 Author: Chris Wilson Date: Sun Jan 15 12:58:25 2017 +0000 drm/i915: Avoid drm_atomic_state_put(NULL) in intel_display_resume intel_display_resume() may be called without an atomic state to restore, i.e. dev_priv->modeset_reset_restore state is NULL. One such case is following a lid open/close event and the forced modeset in intel_lid_notify(). Reported-by: Stefan Seyfried Tested-by: Stefan Seyfried Fixes: 0853695c3ba4 ("drm: Add reference counting to drm_atomic_state") Signed-off-by: Chris Wilson Cc: Daniel Vetter Cc: Jani Nikula Cc: # v4.10-rc1+ Link: http://patchwork.freedesktop.org/patch/msgid/20170115125825.18597-1-chris@chris-wilson.co.uk Reviewed-by: Ander Conselvan de Oliveira (cherry picked from commit 3c5e37f169cb67cbd03c6116fbc93e0805815d29) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_display.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit b17c1bba9cec1727451b906d9a0c209774624873 Author: Rui Miguel Silva Date: Mon Jan 23 16:32:57 2017 +0000 staging: greybus: timesync: validate platform state callback When tearingdown timesync, and not in arche platform, the state platform callback is not initialized. That will trigger the following NULL dereferencing. CallTrace: ? gb_timesync_platform_unlock_bus+0x11/0x20 [greybus] gb_timesync_teardown+0x85/0xc0 [greybus] gb_timesync_svc_remove+0xab/0x190 [greybus] gb_svc_del+0x29/0x110 [greybus] gb_hd_del+0x14/0x20 [greybus] ap_disconnect+0x24/0x60 [gb_es2] usb_unbind_interface+0x7a/0x2c0 __device_release_driver+0x96/0x150 device_release_driver+0x1e/0x30 bus_remove_device+0xe7/0x130 device_del+0x116/0x230 usb_disable_device+0x97/0x1f0 usb_disconnect+0x80/0x260 hub_event+0x5ca/0x10e0 process_one_work+0x126/0x3b0 worker_thread+0x55/0x4c0 ? process_one_work+0x3b0/0x3b0 kthread+0xc4/0xe0 ? kthread_park+0xb0/0xb0 ret_from_fork+0x22/0x30 So, fix that by adding checks before use the callback. Fixes: 970dc85bd95d ("greybus: timesync: Add timesync core driver") Cc: # 4.9.x Signed-off-by: Rui Miguel Silva Reviewed-by: Viresh Kumar Reviewed-by: Johan Hovold Signed-off-by: Greg Kroah-Hartman drivers/staging/greybus/timesync_platform.c | 6 ++++++ 1 file changed, 6 insertions(+) commit 91539eb1fda2d530d3b268eef542c5414e54bf1a Author: Iago Abal Date: Wed Jan 11 14:00:21 2017 +0100 dmaengine: pl330: fix double lock The static bug finder EBA (http://www.iagoabal.eu/eba/) reported the following double-lock bug: Double lock: 1. spin_lock_irqsave(pch->lock, flags) at pl330_free_chan_resources:2236; 2. call to function `pl330_release_channel' immediately after; 3. call to function `dma_pl330_rqcb' in line 1753; 4. spin_lock_irqsave(pch->lock, flags) at dma_pl330_rqcb:1505. I have fixed it as suggested by Marek Szyprowski. First, I have replaced `pch->lock' with `pl330->lock' in functions `pl330_alloc_chan_resources' and `pl330_free_chan_resources'. This avoids the double-lock by acquiring a different lock than `dma_pl330_rqcb'. NOTE that, as a result, `pl330_free_chan_resources' executes `list_splice_tail_init' on `pch->work_list' under lock `pl330->lock', whereas in the rest of the code `pch->work_list' is protected by `pch->lock'. I don't know if this may cause race conditions. Similarly `pch->cyclic' is written by `pl330_alloc_chan_resources' under `pl330->lock' but read by `pl330_tx_submit' under `pch->lock'. Second, I have removed locking from `pl330_request_channel' and `pl330_release_channel' functions. Function `pl330_request_channel' is only called from `pl330_alloc_chan_resources', so the lock is already held. Function `pl330_release_channel' is called from `pl330_free_chan_resources', which already holds the lock, and from `pl330_del'. Function `pl330_del' is called in an error path of `pl330_probe' and at the end of `pl330_remove', but I assume that there cannot be concurrent accesses to the protected data at those points. Signed-off-by: Iago Abal Reviewed-by: Marek Szyprowski Signed-off-by: Vinod Koul drivers/dma/pl330.c | 19 ++++++------------- 1 file changed, 6 insertions(+), 13 deletions(-) commit d9b2997e4a0a874e452df7cdd7de5a54502bd0aa Author: Lukáš Lalinský Date: Fri Jan 20 19:46:34 2017 +0100 USB: Add quirk for WORLDE easykey.25 MIDI keyboard Add a quirk for WORLDE easykey.25 MIDI keyboard (idVendor=0218, idProduct=0401). The device reports that it has config string descriptor at index 3, but when the system selects the configuration and tries to get the description, it returns a -EPROTO error, the communication restarts and this keeps repeating over and over again. Not requesting the string descriptor makes the device work correctly. Relevant info from Wireshark: [...] CONFIGURATION DESCRIPTOR bLength: 9 bDescriptorType: 0x02 (CONFIGURATION) wTotalLength: 101 bNumInterfaces: 2 bConfigurationValue: 1 iConfiguration: 3 Configuration bmAttributes: 0xc0 SELF-POWERED NO REMOTE-WAKEUP 1... .... = Must be 1: Must be 1 for USB 1.1 and higher .1.. .... = Self-Powered: This device is SELF-POWERED ..0. .... = Remote Wakeup: This device does NOT support remote wakeup bMaxPower: 50 (100mA) [...] 45 0.369104 host 2.38.0 USB 64 GET DESCRIPTOR Request STRING [...] URB setup bmRequestType: 0x80 1... .... = Direction: Device-to-host .00. .... = Type: Standard (0x00) ...0 0000 = Recipient: Device (0x00) bRequest: GET DESCRIPTOR (6) Descriptor Index: 0x03 bDescriptorType: 0x03 Language Id: English (United States) (0x0409) wLength: 255 46 0.369255 2.38.0 host USB 64 GET DESCRIPTOR Response STRING[Malformed Packet] [...] Frame 46: 64 bytes on wire (512 bits), 64 bytes captured (512 bits) on interface 0 USB URB [Source: 2.38.0] [Destination: host] URB id: 0xffff88021f62d480 URB type: URB_COMPLETE ('C') URB transfer type: URB_CONTROL (0x02) Endpoint: 0x80, Direction: IN Device: 38 URB bus id: 2 Device setup request: not relevant ('-') Data: present (0) URB sec: 1484896277 URB usec: 455031 URB status: Protocol error (-EPROTO) (-71) URB length [bytes]: 0 Data length [bytes]: 0 [Request in: 45] [Time from request: 0.000151000 seconds] Unused Setup Header Interval: 0 Start frame: 0 Copy of Transfer Flags: 0x00000200 Number of ISO descriptors: 0 [Malformed Packet: USB] [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)] [Malformed Packet (Exception occurred)] [Severity level: Error] [Group: Malformed] Signed-off-by: Lukáš Lalinský Cc: stable Signed-off-by: Greg Kroah-Hartman drivers/usb/core/quirks.c | 4 ++++ 1 file changed, 4 insertions(+) commit 3ba7b7795b7e8889af1377904c55c7fae9e0c775 Author: Tony Lindgren Date: Tue Jan 24 09:18:58 2017 -0600 usb: musb: Fix external abort on non-linefetch for musb_irq_work() While testing musb host mode cable plugging on a BeagleBone, I came across this error: Unhandled fault: external abort on non-linefetch (0x1008) at 0xd1dcfc60 ... [] (musb_default_readb [musb_hdrc]) from [] (musb_irq_work+0x1c/0x180 [musb_hdrc]) [] (musb_irq_work [musb_hdrc]) from [] (process_one_work+0x2b4/0x808) [] (process_one_work) from [] (worker_thread+0x3c/0x550) [] (worker_thread) from [] (kthread+0x104/0x148) [] (kthread) from [] (ret_from_fork+0x14/0x24) Signed-off-by: Tony Lindgren Signed-off-by: Bin Liu Signed-off-by: Greg Kroah-Hartman drivers/usb/musb/musb_core.c | 11 +++++++++++ 1 file changed, 11 insertions(+) commit 407788b51db6f6aab499d02420082f436abf3238 Author: Tony Lindgren Date: Tue Jan 24 09:18:57 2017 -0600 usb: musb: Fix host mode error -71 regression Commit 467d5c980709 ("usb: musb: Implement session bit based runtime PM for musb-core") started implementing musb generic runtime PM support by introducing devctl register session bit based state control. This caused a regression where if a USB mass storage device is connected to a USB hub, we can get: usb 1-1: reset high-speed USB device number 2 using musb-hdrc usb 1-1: device descriptor read/64, error -71 usb 1-1.1: new high-speed USB device number 4 using musb-hdrc This is because before the USB storage device is connected, musb is in OTG_STATE_A_SUSPEND. And we currently only set need_finish_resume in musb_stage0_irq() and the related code calling finish_resume_work in musb_resume() and musb_runtime_resume() never gets called. To fix the issue, we can call schedule_delayed_work() directly in musb_stage0_irq() to have finish_resume_work run. And we should no longer never get interrupts when when suspended. We have changed musb to no longer need pm_runtime_irqsafe(). The need_finish_resume flag was added in commit 9298b4aad37e ("usb: musb: fix device hotplug behind hub") and no longer applies as far as I can tell. So let's just remove the earlier code that no longer is needed. Fixes: 467d5c980709 ("usb: musb: Implement session bit based runtime PM for musb-core") Reported-by: Bin Liu Signed-off-by: Tony Lindgren Signed-off-by: Bin Liu Cc: stable Signed-off-by: Greg Kroah-Hartman drivers/usb/musb/musb_core.c | 15 ++------------- drivers/usb/musb/musb_core.h | 1 - 2 files changed, 2 insertions(+), 14 deletions(-) commit 6610d0edf6dc7ee97e46ab3a538a565c79d26199 Author: Tony Lindgren Date: Fri Jan 20 12:07:53 2017 -0800 dmaengine: cppi41: Clean up pointless warnings With patches "dmaengine: cppi41: Fix runtime PM timeouts with USB mass storage", and "dmaengine: cppi41: Fix oops in cppi41_runtime_resume", the pm_runtime_get/put() in cppi41_irq() is no longer needed. We now guarantee that cppi41 is enabled when dma is in use. We can still get pointless error -115 when musb is configured as a usb peripheral. That's because we should now check for the state of is_suspended instead. Let's just remove the now useless code and replace it with a WARN(). Signed-off-by: Tony Lindgren Signed-off-by: Vinod Koul drivers/dma/cppi41.c | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) commit 362f4562466c3b9490e733e06999025638310d4a Author: Tony Lindgren Date: Thu Jan 19 08:49:08 2017 -0800 dmaengine: cppi41: Fix oops in cppi41_runtime_resume Commit fdea2d09b997 ("dmaengine: cppi41: Add basic PM runtime support") together with recent MUSB changes allowed USB and DMA on BeagleBone to idle when no cable is connected. But looks like few corner case issues still remain. Looks like just by re-plugging USB cable about ten or so times on BeagleBone when configured in USB peripheral mode we can get warnings and eventually trigger an oops in cppi41 DMA: WARNING: CPU: 0 PID: 14 at drivers/dma/cppi41.c:1154 cppi41_runtime_suspend+ x28/0x38 [cppi41] ... WARNING: CPU: 0 PID: 14 at drivers/dma/cppi41.c:452 push_desc_queue+0x94/0x9c [cppi41] ... Unable to handle kernel NULL pointer dereference at virtual address 00000104 pgd = c0004000 [00000104] *pgd=00000000 Internal error: Oops: 805 [#1] SMP ARM ... [] (cppi41_runtime_resume [cppi41]) from [] (__rpm_callback+0xc0/0x214) [] (__rpm_callback) from [] (rpm_callback+0x20/0x80) [] (rpm_callback) from [] (rpm_resume+0x504/0x78c) [] (rpm_resume) from [] (pm_runtime_work+0x60/0xa8) [] (pm_runtime_work) from [] (process_one_work+0x2b4/0x808) This is because of a race with runtime PM and cppi41_dma_issue_pending() as reported by Alexandre Bailon in earlier set of patches. Based on mailing list discussions we however came to the conclusion that a different fix from Alexandre's fix is needed in order to guarantee that DMA is really active when we try to use it. To fix the issue, we need to add a driver specific flag as we otherwise can have -EINPROGRESS state set by runtime PM and can't rely on pm_runtime_active() to tell us when we can use the DMA. And we need to make sure the DMA transfers get triggered in the queued order. So let's always queue the transfers, then flush the queue from both cppi41_dma_issue_pending() and cppi41_runtime_resume() as suggested by Grygorii Strashko in an earlier example patch. For reference, this is also documented in Documentation/power/runtime_pm.txt in the example at the end of the file as pointed out by Grygorii Strashko . Based on earlier patches from Alexandre Bailon and Grygorii Strashko modified based on testing and what was discussed on the mailing lists. Fixes: fdea2d09b997 ("dmaengine: cppi41: Add basic PM runtime support") Cc: Andy Shevchenko Cc: Bin Liu Cc: Grygorii Strashko Cc: Kevin Hilman Cc: Patrick Titiano Cc: Sergei Shtylyov Reported-by: Alexandre Bailon Signed-off-by: Tony Lindgren Tested-by: Bin Liu Signed-off-by: Vinod Koul drivers/dma/cppi41.c | 40 +++++++++++++++++++++++++--------------- 1 file changed, 25 insertions(+), 15 deletions(-) commit ae4a3e028bb8b59e7cfeb0cc9ef03d885182ce8b Author: Tony Lindgren Date: Thu Jan 19 08:49:07 2017 -0800 dmaengine: cppi41: Fix runtime PM timeouts with USB mass storage Commit fdea2d09b997 ("dmaengine: cppi41: Add basic PM runtime support") added runtime PM support for cppi41, but had corner case issues. Some of the issues were fixed with commit 098de42ad670 ("dmaengine: cppi41: Fix unpaired pm runtime when only a USB hub is connected"). That fix however caused a new regression where we can get error -115 messages with USB on BeagleBone when connecting a USB mass storage device to a hub. This is because when connecting a USB mass storage device to a hub, the initial DMA transfers can take over 200ms to complete and cppi41 autosuspend delay times out. To fix the issue, we want to implement refcounting for chan_busy array that contains the active dma transfers. Increasing the autosuspend delay won't help as that the delay could be potentially seconds, and it's best to let the USB subsystem to deal with the timeouts on errors. The earlier attempt for runtime PM was buggy as the pm_runtime_get/put() calls could get unpaired easily as they did not follow the state of the chan_busy array as described in commit 098de42ad670 ("dmaengine: cppi41: Fix unpaired pm runtime when only a USB hub is connected". Let's fix the issue by adding pm_runtime_get() to where a new transfer is added to the chan_busy array, and calls to pm_runtime_put() where chan_busy array entry is cleared. This prevents any autosuspend timeouts from happening while dma transfers are active. Fixes: 098de42ad670 ("dmaengine: cppi41: Fix unpaired pm runtime when only a USB hub is connected") Fixes: fdea2d09b997 ("dmaengine: cppi41: Add basic PM runtime support") Cc: Andy Shevchenko Cc: Bin Liu Cc: Grygorii Strashko Cc: Kevin Hilman Cc: Patrick Titiano Cc: Sergei Shtylyov Signed-off-by: Tony Lindgren Tested-by: Bin Liu Signed-off-by: Vinod Koul drivers/dma/cppi41.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) commit b5fa0f7f88edcde37df1807fdf9ff10ec787a60e Author: Michael Ellerman Date: Tue Jan 24 16:36:57 2017 +1100 powerpc: Fix build failure with clang due to BUILD_BUG_ON() Anton says: In commit 4db7327194db ("powerpc: Add option to use jump label for cpu_has_feature()") and commit c12e6f24d413 ("powerpc: Add option to use jump label for mmu_has_feature()") we added: BUILD_BUG_ON(!__builtin_constant_p(feature)) to cpu_has_feature() and mmu_has_feature() in order to catch usage issues (such as cpu_has_feature(cpu_has_feature(X), which has happened once in the past). Unfortunately LLVM isn't smart enough to resolve this, and it errors out. I work around it in my clang/LLVM builds of the kernel, but I have just discovered that it causes a lot of issues for the bcc (eBPF) trace tool (which uses LLVM). For now just #ifdef it away for clang builds. Fixes: 4db7327194db ("powerpc: Add option to use jump label for cpu_has_feature()") Fixes: c12e6f24d413 ("powerpc: Add option to use jump label for mmu_has_feature()") Cc: stable@vger.kernel.org # v4.8+ Reported-by: Anton Blanchard Tested-by: Naveen N. Rao Signed-off-by: Michael Ellerman arch/powerpc/include/asm/cpu_has_feature.h | 2 ++ arch/powerpc/include/asm/mmu.h | 2 ++ 2 files changed, 4 insertions(+) commit ba7addcd805e5c83e201b118a2693b921a980b44 Author: Zhenyu Wang Date: Wed Jan 25 10:30:02 2017 +0800 MAINTAINERS: update new mail list for intel gvt driver We've moved to lists.freedesktop.org from lists.01.org. Update info in MAINTAINERS. Signed-off-by: Zhenyu Wang MAINTAINERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 7283accfaef66e6a64f7d3ec0672596dd8e5b144 Author: Alex Williamson Date: Tue Jan 24 13:15:43 2017 -0700 drm/i915/gvt: Fix kmem_cache_create() name According to kmem_cache_sanity_check(), spaces are not allowed in the name of a cache and results in a kernel oops with CONFIG_DEBUG_VM. Convert to underscores. Signed-off-by: Alex Williamson Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/execlist.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit bdbfd5196d24a6d0845b549eba6ce8e6fa8bb3d0 Author: Alex Williamson Date: Tue Jan 24 12:53:45 2017 -0700 drm/i915/gvt/kvmgt: mdev ABI is available_instances, not available_instance Per the ABI specification[1], each mdev_supported_types entry should have an available_instances, with an "s", not available_instance. [1] Documentation/ABI/testing/sysfs-bus-vfio-mdev Signed-off-by: Alex Williamson Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/kvmgt.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 3feb479cea37fc623cf4e705631b2e679cbfbd7a Author: Fabio Estevam Date: Mon Jan 23 13:13:58 2017 -0200 Revert "thermal: thermal_hwmon: Convert to hwmon_device_register_with_info()" This reverts commit 7611fb68062f ("thermal: thermal_hwmon: Convert to hwmon_device_register_with_info()"). Pavel Machek reported breakage in the Nokia N900 due to this commit. We can revisit a proper fix for the warning later. Reported-by: Pavel Machek Signed-off-by: Fabio Estevam Acked-by: Guenter Roeck Acked-by: Pavel Machek Signed-off-by: Zhang Rui drivers/thermal/thermal_hwmon.c | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) commit 883af14e67e8b8702b5560aa64c888c0cd0bd66c Merge: 0263d4e aab4545 Author: Linus Torvalds Date: Tue Jan 24 16:54:39 2017 -0800 Merge branch 'akpm' (patches from Andrew) Merge fixes from Andrew Morton: "26 fixes" * emailed patches from Andrew Morton : (26 commits) MAINTAINERS: add Dan Streetman to zbud maintainers MAINTAINERS: add Dan Streetman to zswap maintainers mm: do not export ioremap_page_range symbol for external module mn10300: fix build error of missing fpu_save() romfs: use different way to generate fsid for BLOCK or MTD frv: add missing atomic64 operations mm, page_alloc: fix premature OOM when racing with cpuset mems update mm, page_alloc: move cpuset seqcount checking to slowpath mm, page_alloc: fix fast-path race with cpuset update or removal mm, page_alloc: fix check for NULL preferred_zone kernel/panic.c: add missing \n fbdev: color map copying bounds checking frv: add atomic64_add_unless() mm/mempolicy.c: do not put mempolicy before using its nodemask radix-tree: fix private list warnings Documentation/filesystems/proc.txt: add VmPin mm, memcg: do not retry precharge charges proc: add a schedule point in proc_pid_readdir() mm: alloc_contig: re-allow CMA to compact FS pages mm/slub.c: trace free objects at KERN_INFO ... commit aab45453ff5c77200c6da4ac909f7a4392aed17e Author: Dan Streetman Date: Tue Jan 24 15:18:57 2017 -0800 MAINTAINERS: add Dan Streetman to zbud maintainers Add myself as zbud maintainer. Link: http://lkml.kernel.org/r/20170124221705.26523-1-ddstreet@ieee.org Signed-off-by: Dan Streetman Cc: Seth Jennings Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds MAINTAINERS | 1 + 1 file changed, 1 insertion(+) commit 534c9dc982aca01b630297ad5637f6e95e94c1e2 Author: Dan Streetman Date: Tue Jan 24 15:18:55 2017 -0800 MAINTAINERS: add Dan Streetman to zswap maintainers Add myself as zswap maintainer. Link: http://lkml.kernel.org/r/20170124212200.19052-1-ddstreet@ieee.org Signed-off-by: Dan Streetman Acked-by: Seth Jennings Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds MAINTAINERS | 1 + 1 file changed, 1 insertion(+) commit 3277953de2f31dd03c6375e9a9f680ac37fc9d27 Author: zhong jiang Date: Tue Jan 24 15:18:52 2017 -0800 mm: do not export ioremap_page_range symbol for external module Recently, I've found cases in which ioremap_page_range was used incorrectly, in external modules, leading to crashes. This can be partly attributed to the fact that ioremap_page_range is lower-level, with fewer protections, as compared to the other functions that an external module would typically call. Those include: ioremap_cache ioremap_nocache ioremap_prot ioremap_uc ioremap_wc ioremap_wt ...each of which wraps __ioremap_caller, which in turn provides a safer way to achieve the mapping. Therefore, stop EXPORT-ing ioremap_page_range. Link: http://lkml.kernel.org/r/1485173220-29010-1-git-send-email-zhongjiang@huawei.com Signed-off-by: zhong jiang Reviewed-by: John Hubbard Suggested-by: John Hubbard Acked-by: Michal Hocko Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds lib/ioremap.c | 1 - 1 file changed, 1 deletion(-) commit 3705ccfdd1e8b539225ce20e3925a945cc788d67 Author: Randy Dunlap Date: Tue Jan 24 15:18:49 2017 -0800 mn10300: fix build error of missing fpu_save() When CONFIG_FPU is not enabled on arch/mn10300, causes a build error with a call to fpu_save(): kernel/built-in.o: In function `.L410': core.c:(.sched.text+0x28a): undefined reference to `fpu_save' Fix this by including in so that an empty static inline fpu_save() is defined. Link: http://lkml.kernel.org/r/dc421c4f-4842-4429-1b99-92865c2f24b6@infradead.org Signed-off-by: Randy Dunlap Reported-by: kbuild test robot Reviewed-by: David Howells Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/mn10300/include/asm/switch_to.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit f598f82e204ec0b17797caaf1b0311c52d43fb9a Author: Coly Li Date: Tue Jan 24 15:18:46 2017 -0800 romfs: use different way to generate fsid for BLOCK or MTD Commit 8a59f5d25265 ("fs/romfs: return f_fsid for statfs(2)") generates a 64bit id from sb->s_bdev->bd_dev. This is only correct when romfs is defined with CONFIG_ROMFS_ON_BLOCK. If romfs is only defined with CONFIG_ROMFS_ON_MTD, sb->s_bdev is NULL, referencing sb->s_bdev->bd_dev will triger an oops. Richard Weinberger points out that when CONFIG_ROMFS_BACKED_BY_BOTH=y, both CONFIG_ROMFS_ON_BLOCK and CONFIG_ROMFS_ON_MTD are defined. Therefore when calling huge_encode_dev() to generate a 64bit id, I use the follow order to choose parameter, - CONFIG_ROMFS_ON_BLOCK defined use sb->s_bdev->bd_dev - CONFIG_ROMFS_ON_BLOCK undefined and CONFIG_ROMFS_ON_MTD defined use sb->s_dev when, - both CONFIG_ROMFS_ON_BLOCK and CONFIG_ROMFS_ON_MTD undefined leave id as 0 When CONFIG_ROMFS_ON_MTD is defined and sb->s_mtd is not NULL, sb->s_dev is set to a device ID generated by MTD_BLOCK_MAJOR and mtd index, otherwise sb->s_dev is 0. This is a try-best effort to generate a uniq file system ID, if all the above conditions are not meet, f_fsid of this romfs instance will be 0. Generally only one romfs can be built on single MTD block device, this method is enough to identify multiple romfs instances in a computer. Link: http://lkml.kernel.org/r/1482928596-115155-1-git-send-email-colyli@suse.de Signed-off-by: Coly Li Reported-by: Nong Li Tested-by: Nong Li Cc: Richard Weinberger Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/romfs/super.c | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) commit 4180c4c170a5a33b9987b314d248a9d572d89ab0 Author: Sudip Mukherjee Date: Tue Jan 24 15:18:43 2017 -0800 frv: add missing atomic64 operations Some more atomic64 operations were missing and as a result frv allmodconfig was failing. Add the missing operations. Link: http://lkml.kernel.org/r/1485193844-12850-1-git-send-email-sudip.mukherjee@codethink.co.uk Signed-off-by: Sudip Mukherjee Cc: David Howells Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/frv/include/asm/atomic.h | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) commit e47483bca2cc59a4593b37a270b16ee42b1d9f08 Author: Vlastimil Babka Date: Tue Jan 24 15:18:41 2017 -0800 mm, page_alloc: fix premature OOM when racing with cpuset mems update Ganapatrao Kulkarni reported that the LTP test cpuset01 in stress mode triggers OOM killer in few seconds, despite lots of free memory. The test attempts to repeatedly fault in memory in one process in a cpuset, while changing allowed nodes of the cpuset between 0 and 1 in another process. The problem comes from insufficient protection against cpuset changes, which can cause get_page_from_freelist() to consider all zones as non-eligible due to nodemask and/or current->mems_allowed. This was masked in the past by sufficient retries, but since commit 682a3385e773 ("mm, page_alloc: inline the fast path of the zonelist iterator") we fix the preferred_zoneref once, and don't iterate over the whole zonelist in further attempts, thus the only eligible zones might be placed in the zonelist before our starting point and we always miss them. A previous patch fixed this problem for current->mems_allowed. However, cpuset changes also update the task's mempolicy nodemask. The fix has two parts. We have to repeat the preferred_zoneref search when we detect cpuset update by way of seqcount, and we have to check the seqcount before considering OOM. [akpm@linux-foundation.org: fix typo in comment] Link: http://lkml.kernel.org/r/20170120103843.24587-5-vbabka@suse.cz Fixes: c33d6c06f60f ("mm, page_alloc: avoid looking up the first zone in a zonelist twice") Signed-off-by: Vlastimil Babka Reported-by: Ganapatrao Kulkarni Acked-by: Mel Gorman Acked-by: Hillf Danton Cc: Michal Hocko Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/page_alloc.c | 35 ++++++++++++++++++++++++----------- 1 file changed, 24 insertions(+), 11 deletions(-) commit 5ce9bfef1d27944c119a397a9d827bef795487ce Author: Vlastimil Babka Date: Tue Jan 24 15:18:38 2017 -0800 mm, page_alloc: move cpuset seqcount checking to slowpath This is a preparation for the following patch to make review simpler. While the primary motivation is a bug fix, this also simplifies the fast path, although the moved code is only enabled when cpusets are in use. Link: http://lkml.kernel.org/r/20170120103843.24587-4-vbabka@suse.cz Signed-off-by: Vlastimil Babka Acked-by: Mel Gorman Acked-by: Hillf Danton Cc: Ganapatrao Kulkarni Cc: Michal Hocko Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/page_alloc.c | 47 ++++++++++++++++++++++++++--------------------- 1 file changed, 26 insertions(+), 21 deletions(-) commit 16096c25bf0ca5d87e4fa6ec6108ba53feead212 Author: Vlastimil Babka Date: Tue Jan 24 15:18:35 2017 -0800 mm, page_alloc: fix fast-path race with cpuset update or removal Ganapatrao Kulkarni reported that the LTP test cpuset01 in stress mode triggers OOM killer in few seconds, despite lots of free memory. The test attempts to repeatedly fault in memory in one process in a cpuset, while changing allowed nodes of the cpuset between 0 and 1 in another process. One possible cause is that in the fast path we find the preferred zoneref according to current mems_allowed, so that it points to the middle of the zonelist, skipping e.g. zones of node 1 completely. If the mems_allowed is updated to contain only node 1, we never reach it in the zonelist, and trigger OOM before checking the cpuset_mems_cookie. This patch fixes the particular case by redoing the preferred zoneref search if we switch back to the original nodemask. The condition is also slightly changed so that when the last non-root cpuset is removed, we don't miss it. Note that this is not a full fix, and more patches will follow. Link: http://lkml.kernel.org/r/20170120103843.24587-3-vbabka@suse.cz Fixes: 682a3385e773 ("mm, page_alloc: inline the fast path of the zonelist iterator") Signed-off-by: Vlastimil Babka Reported-by: Ganapatrao Kulkarni Acked-by: Michal Hocko Acked-by: Mel Gorman Acked-by: Hillf Danton Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/page_alloc.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) commit ea57485af8f4221312a5a95d63c382b45e7840dc Author: Vlastimil Babka Date: Tue Jan 24 15:18:32 2017 -0800 mm, page_alloc: fix check for NULL preferred_zone Patch series "fix premature OOM regression in 4.7+ due to cpuset races". This is v2 of my attempt to fix the recent report based on LTP cpuset stress test [1]. The intention is to go to stable 4.9 LTSS with this, as triggering repeated OOMs is not nice. That's why the patches try to be not too intrusive. Unfortunately why investigating I found that modifying the testcase to use per-VMA policies instead of per-task policies will bring the OOM's back, but that seems to be much older and harder to fix problem. I have posted a RFC [2] but I believe that fixing the recent regressions has a higher priority. Longer-term we might try to think how to fix the cpuset mess in a better and less error prone way. I was for example very surprised to learn, that cpuset updates change not only task->mems_allowed, but also nodemask of mempolicies. Until now I expected the parameter to alloc_pages_nodemask() to be stable. I wonder why do we then treat cpusets specially in get_page_from_freelist() and distinguish HARDWALL etc, when there's unconditional intersection between mempolicy and cpuset. I would expect the nodemask adjustment for saving overhead in g_p_f(), but that clearly doesn't happen in the current form. So we have both crazy complexity and overhead, AFAICS. [1] https://lkml.kernel.org/r/CAFpQJXUq-JuEP=QPidy4p_=FN0rkH5Z-kfB4qBvsf6jMS87Edg@mail.gmail.com [2] https://lkml.kernel.org/r/7c459f26-13a6-a817-e508-b65b903a8378@suse.cz This patch (of 4): Since commit c33d6c06f60f ("mm, page_alloc: avoid looking up the first zone in a zonelist twice") we have a wrong check for NULL preferred_zone, which can theoretically happen due to concurrent cpuset modification. We check the zoneref pointer which is never NULL and we should check the zone pointer. Also document this in first_zones_zonelist() comment per Michal Hocko. Fixes: c33d6c06f60f ("mm, page_alloc: avoid looking up the first zone in a zonelist twice") Link: http://lkml.kernel.org/r/20170120103843.24587-2-vbabka@suse.cz Signed-off-by: Vlastimil Babka Acked-by: Mel Gorman Acked-by: Hillf Danton Cc: Ganapatrao Kulkarni Cc: Michal Hocko Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/mmzone.h | 6 +++++- mm/page_alloc.c | 2 +- 2 files changed, 6 insertions(+), 2 deletions(-) commit ff7a28a074ccbea999dadbb58c46212cf90984c6 Author: Jiri Slaby Date: Tue Jan 24 15:18:29 2017 -0800 kernel/panic.c: add missing \n When a system panics, the "Rebooting in X seconds.." message is never printed because it lacks a new line. Fix it. Link: http://lkml.kernel.org/r/20170119114751.2724-1-jslaby@suse.cz Signed-off-by: Jiri Slaby Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds kernel/panic.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 2dc705a9930b4806250fbf5a76e55266e59389f2 Author: Kees Cook Date: Tue Jan 24 15:18:24 2017 -0800 fbdev: color map copying bounds checking Copying color maps to userspace doesn't check the value of to->start, which will cause kernel heap buffer OOB read due to signedness wraps. CVE-2016-8405 Link: http://lkml.kernel.org/r/20170105224249.GA50925@beast Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Kees Cook Reported-by: Peter Pi (@heisecode) of Trend Micro Cc: Min Chong Cc: Dan Carpenter Cc: Tomi Valkeinen Cc: Bartlomiej Zolnierkiewicz Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds drivers/video/fbdev/core/fbcmap.c | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) commit 545d58f677b21401f6de1ac12c25cc109f903ace Author: Sudip Mukherjee Date: Tue Jan 24 15:18:21 2017 -0800 frv: add atomic64_add_unless() The build of frv allmodconfig was failing with the error: lib/atomic64_test.c:209:9: error: implicit declaration of function 'atomic64_add_unless' All the atomic64 operations were defined in frv, but atomic64_add_unless() was not done. Implement atomic64_add_unless() as done in other arches. Link: http://lkml.kernel.org/r/1484781236-6698-1-git-send-email-sudipm.mukherjee@gmail.com Signed-off-by: Sudip Mukherjee Cc: David Howells Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/frv/include/asm/atomic.h | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) commit d51e9894d27492783fc6d1b489070b4ba66ce969 Author: Vlastimil Babka Date: Tue Jan 24 15:18:18 2017 -0800 mm/mempolicy.c: do not put mempolicy before using its nodemask Since commit be97a41b291e ("mm/mempolicy.c: merge alloc_hugepage_vma to alloc_pages_vma") alloc_pages_vma() can potentially free a mempolicy by mpol_cond_put() before accessing the embedded nodemask by __alloc_pages_nodemask(). The commit log says it's so "we can use a single exit path within the function" but that's clearly wrong. We can still do that when doing mpol_cond_put() after the allocation attempt. Make sure the mempolicy is not freed prematurely, otherwise __alloc_pages_nodemask() can end up using a bogus nodemask, which could lead e.g. to premature OOM. Fixes: be97a41b291e ("mm/mempolicy.c: merge alloc_hugepage_vma to alloc_pages_vma") Link: http://lkml.kernel.org/r/20170118141124.8345-1-vbabka@suse.cz Signed-off-by: Vlastimil Babka Acked-by: Kirill A. Shutemov Acked-by: Michal Hocko Acked-by: David Rientjes Cc: Aneesh Kumar K.V Cc: Andrea Arcangeli Cc: [4.0+] Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/mempolicy.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit dd040b6f6d5630202e185399a2ff7ab356ed469c Author: Matthew Wilcox Date: Tue Jan 24 15:18:16 2017 -0800 radix-tree: fix private list warnings The newly introduced warning in radix_tree_free_nodes() was testing the wrong variable; it should have been 'old' instead of 'node'. Fixes: ea07b862ac8e ("mm: workingset: fix use-after-free in shadow node shrinker") Link: http://lkml.kernel.org/r/20170118163746.GA32495@cmpxchg.org Signed-off-by: Matthew Wilcox Signed-off-by: Johannes Weiner Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds lib/radix-tree.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit bbd88e1d53a84df9f57a2e37acc15518c3d304db Author: Fabian Frederick Date: Tue Jan 24 15:18:13 2017 -0800 Documentation/filesystems/proc.txt: add VmPin Commit bc3e53f682d9 ("mm: distinguish between mlocked and pinned pages") added VmPin in /proc//status. Report that in Documentation/filesystems/proc.txt Also move Umask after Name to keep correct order. Link: http://lkml.kernel.org/r/20170114201219.30387-1-fabf@skynet.be Signed-off-by: Fabian Frederick Cc: Christoph Lameter Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Documentation/filesystems/proc.txt | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 3674534b775354516e5c148ea48f51d4d1909a78 Author: David Rientjes Date: Tue Jan 24 15:18:10 2017 -0800 mm, memcg: do not retry precharge charges When memory.move_charge_at_immigrate is enabled and precharges are depleted during move, mem_cgroup_move_charge_pte_range() will attempt to increase the size of the precharge. Prevent precharges from ever looping by setting __GFP_NORETRY. This was probably the intention of the GFP_KERNEL & ~__GFP_NORETRY, which is pointless as written. Fixes: 0029e19ebf84 ("mm: memcontrol: remove explicit OOM parameter in charge path") Link: http://lkml.kernel.org/r/alpine.DEB.2.10.1701130208510.69402@chino.kir.corp.google.com Signed-off-by: David Rientjes Acked-by: Michal Hocko Cc: Johannes Weiner Cc: Vladimir Davydov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/memcontrol.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 3ba4bceef23206349d4130ddf140819b365de7c8 Author: Eric Dumazet Date: Tue Jan 24 15:18:07 2017 -0800 proc: add a schedule point in proc_pid_readdir() We have seen proc_pid_readdir() invocations holding cpu for more than 50 ms. Add a cond_resched() to be gentle with other tasks. [akpm@linux-foundation.org: coding style fix] Link: http://lkml.kernel.org/r/1484238380.15816.42.camel@edumazet-glaptop3.roam.corp.google.com Signed-off-by: Eric Dumazet Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/proc/base.c | 2 ++ 1 file changed, 2 insertions(+) commit 424f6c4818bbf1b8ccf58aa012ecc19c0bb9b446 Author: Lucas Stach Date: Tue Jan 24 15:18:05 2017 -0800 mm: alloc_contig: re-allow CMA to compact FS pages Commit 73e64c51afc5 ("mm, compaction: allow compaction for GFP_NOFS requests") changed compation to skip FS pages if not explicitly allowed to touch them, but missed to update the CMA compact_control. This leads to a very high isolation failure rate, crippling performance of CMA even on a lightly loaded system. Re-allow CMA to compact FS pages by setting the correct GFP flags, restoring CMA behavior and performance to the kernel 4.9 level. Fixes: 73e64c51afc5 (mm, compaction: allow compaction for GFP_NOFS requests) Link: http://lkml.kernel.org/r/20170113115155.24335-1-l.stach@pengutronix.de Signed-off-by: Lucas Stach Acked-by: Michal Hocko Acked-by: Vlastimil Babka Cc: Joonsoo Kim Cc: Mel Gorman Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/page_alloc.c | 1 + 1 file changed, 1 insertion(+) commit aa2efd5ea4041754da4046c3d2e7edaac9526258 Author: Daniel Thompson Date: Tue Jan 24 15:18:02 2017 -0800 mm/slub.c: trace free objects at KERN_INFO Currently when trace is enabled (e.g. slub_debug=T,kmalloc-128 ) the trace messages are mostly output at KERN_INFO. However the trace code also calls print_section() to hexdump the head of a free object. This is hard coded to use KERN_ERR, meaning the console is deluged with trace messages even if we've asked for quiet. Fix this the obvious way but adding a level parameter to print_section(), allowing calls from the trace code to use the same trace level as other trace messages. Link: http://lkml.kernel.org/r/20170113154850.518-1-daniel.thompson@linaro.org Signed-off-by: Daniel Thompson Acked-by: Christoph Lameter Acked-by: David Rientjes Cc: Pekka Enberg Cc: Joonsoo Kim Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/slub.c | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) commit 15a77c6fe494f4b1757d30cd137fe66ab06a38c3 Author: Andrea Arcangeli Date: Tue Jan 24 15:17:59 2017 -0800 userfaultfd: fix SIGBUS resulting from false rwsem wakeups With >=32 CPUs the userfaultfd selftest triggered a graceful but unexpected SIGBUS because VM_FAULT_RETRY was returned by handle_userfault() despite the UFFDIO_COPY wasn't completed. This seems caused by rwsem waking the thread blocked in handle_userfault() and we can't run up_read() before the wait_event sequence is complete. Keeping the wait_even sequence identical to the first one, would require running userfaultfd_must_wait() again to know if the loop should be repeated, and it would also require retaking the rwsem and revalidating the whole vma status. It seems simpler to wait the targeted wakeup so that if false wakeups materialize we still wait for our specific wakeup event, unless of course there are signals or the uffd was released. Debug code collecting the stack trace of the wakeup showed this: $ ./userfaultfd 100 99999 nr_pages: 25600, nr_pages_per_cpu: 800 bounces: 99998, mode: racing ver poll, userfaults: 32 35 90 232 30 138 69 82 34 30 139 40 40 31 20 19 43 13 15 28 27 38 21 43 56 22 1 17 31 8 4 2 bounces: 99997, mode: rnd ver poll, Bus error (core dumped) save_stack_trace+0x2b/0x50 try_to_wake_up+0x2a6/0x580 wake_up_q+0x32/0x70 rwsem_wake+0xe0/0x120 call_rwsem_wake+0x1b/0x30 up_write+0x3b/0x40 vm_mmap_pgoff+0x9c/0xc0 SyS_mmap_pgoff+0x1a9/0x240 SyS_mmap+0x22/0x30 entry_SYSCALL_64_fastpath+0x1f/0xbd 0xffffffffffffffff FAULT_FLAG_ALLOW_RETRY missing 70 CPU: 24 PID: 1054 Comm: userfaultfd Tainted: G W 4.8.0+ #30 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.9.3-0-ge2fc41e-prebuilt.qemu-project.org 04/01/2014 Call Trace: dump_stack+0xb8/0x112 handle_userfault+0x572/0x650 handle_mm_fault+0x12cb/0x1520 __do_page_fault+0x175/0x500 trace_do_page_fault+0x61/0x270 do_async_page_fault+0x19/0x90 async_page_fault+0x25/0x30 This always happens when the main userfault selftest thread is running clone() while glibc runs either mprotect or mmap (both taking mmap_sem down_write()) to allocate the thread stack of the background threads, while locking/userfault threads already run at full throttle and are susceptible to false wakeups that may cause handle_userfault() to return before than expected (which results in graceful SIGBUS at the next attempt). This was reproduced only with >=32 CPUs because the loop to start the thread where clone() is too quick with fewer CPUs, while with 32 CPUs there's already significant activity on ~32 locking and userfault threads when the last background threads are started with clone(). This >=32 CPUs SMP race condition is likely reproducible only with the selftest because of the much heavier userfault load it generates if compared to real apps. We'll have to allow "one more" VM_FAULT_RETRY for the WP support and a patch floating around that provides it also hidden this problem but in reality only is successfully at hiding the problem. False wakeups could still happen again the second time handle_userfault() is invoked, even if it's a so rare race condition that getting false wakeups twice in a row is impossible to reproduce. This full fix is needed for correctness, the only alternative would be to allow VM_FAULT_RETRY to be returned infinitely. With this fix the WP support can stick to a strict "one more" VM_FAULT_RETRY logic (no need of returning it infinite times to avoid the SIGBUS). Link: http://lkml.kernel.org/r/20170111005535.13832-2-aarcange@redhat.com Signed-off-by: Andrea Arcangeli Reported-by: Shubham Kumar Sharma Tested-by: Mike Kravetz Acked-by: Hillf Danton Cc: Michael Rapoport Cc: "Dr. David Alan Gilbert" Cc: Pavel Emelyanov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/userfaultfd.c | 37 +++++++++++++++++++++++++++++++++++-- 1 file changed, 35 insertions(+), 2 deletions(-) commit de182cc8e882f74af2a112e09f148ce646937232 Author: Arnd Bergmann Date: Tue Jan 24 15:17:56 2017 -0800 drivers/memstick/core/memstick.c: avoid -Wnonnull warning gcc-7 produces a harmless false-postive warning about a possible NULL pointer access: drivers/memstick/core/memstick.c: In function 'h_memstick_read_dev_id': drivers/memstick/core/memstick.c:309:3: error: argument 2 null where non-null expected [-Werror=nonnull] memcpy(mrq->data, buf, mrq->data_len); This can't happen because the caller sets the command to 'MS_TPC_READ_REG', which causes the data direction to be 'READ' and the NULL pointer not accessed. As a simple workaround for the warning, we can pass a pointer to the data that we actually want to read into. This is not needed here, but also harmless, and lets the compiler know that the access is ok. Link: http://lkml.kernel.org/r/20170111144143.548867-1-arnd@arndb.de Signed-off-by: Arnd Bergmann Cc: Alex Dubov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds drivers/memstick/core/memstick.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit b94f51183b0617e7b9b4fb4137d4cf1cab7547c2 Author: Don Zickus Date: Tue Jan 24 15:17:53 2017 -0800 kernel/watchdog: prevent false hardlockup on overloaded system On an overloaded system, it is possible that a change in the watchdog threshold can be delayed long enough to trigger a false positive. This can easily be achieved by having a cpu spinning indefinitely on a task, while another cpu updates watchdog threshold. What happens is while trying to park the watchdog threads, the hrtimers on the other cpus trigger and reprogram themselves with the new slower watchdog threshold. Meanwhile, the nmi watchdog is still programmed with the old faster threshold. Because the one cpu is blocked, it prevents the thread parking on the other cpus from completing, which is needed to shutdown the nmi watchdog and reprogram it correctly. As a result, a false positive from the nmi watchdog is reported. Fix this by setting a park_in_progress flag to block all lockups until the parking is complete. Fix provided by Ulrich Obergfell. [akpm@linux-foundation.org: s/park_in_progress/watchdog_park_in_progress/] Link: http://lkml.kernel.org/r/1481041033-192236-1-git-send-email-dzickus@redhat.com Signed-off-by: Don Zickus Reviewed-by: Aaron Tomlin Cc: Ulrich Obergfell Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/nmi.h | 1 + kernel/watchdog.c | 9 +++++++++ kernel/watchdog_hld.c | 3 +++ 3 files changed, 13 insertions(+) commit 6affb9d7b137fc93d86c926a5587e77b8bc64255 Author: Ross Zwisler Date: Tue Jan 24 15:17:51 2017 -0800 dax: fix build warnings with FS_DAX and !FS_IOMAP As reported by Arnd: https://lkml.org/lkml/2017/1/10/756 Compiling with the following configuration: # CONFIG_EXT2_FS is not set # CONFIG_EXT4_FS is not set # CONFIG_XFS_FS is not set # CONFIG_FS_IOMAP depends on the above filesystems, as is not set CONFIG_FS_DAX=y generates build warnings about unused functions in fs/dax.c: fs/dax.c:878:12: warning: `dax_insert_mapping' defined but not used [-Wunused-function] static int dax_insert_mapping(struct address_space *mapping, ^~~~~~~~~~~~~~~~~~ fs/dax.c:572:12: warning: `copy_user_dax' defined but not used [-Wunused-function] static int copy_user_dax(struct block_device *bdev, sector_t sector, size_t size, ^~~~~~~~~~~~~ fs/dax.c:542:12: warning: `dax_load_hole' defined but not used [-Wunused-function] static int dax_load_hole(struct address_space *mapping, void **entry, ^~~~~~~~~~~~~ fs/dax.c:312:14: warning: `grab_mapping_entry' defined but not used [-Wunused-function] static void *grab_mapping_entry(struct address_space *mapping, pgoff_t index, ^~~~~~~~~~~~~~~~~~ Now that the struct buffer_head based DAX fault paths and I/O path have been removed we really depend on iomap support being present for DAX. Make this explicit by selecting FS_IOMAP if we compile in DAX support. This allows us to remove conditional selections of FS_IOMAP when FS_DAX was present for ext2 and ext4, and to remove an #ifdef in fs/dax.c. Link: http://lkml.kernel.org/r/1484087383-29478-1-git-send-email-ross.zwisler@linux.intel.com Signed-off-by: Ross Zwisler Reported-by: Arnd Bergmann Reviewed-by: Christoph Hellwig Reviewed-by: Jan Kara Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/Kconfig | 1 + fs/dax.c | 2 -- fs/ext2/Kconfig | 1 - fs/ext4/Kconfig | 1 - 4 files changed, 1 insertion(+), 4 deletions(-) commit 8310d48b125d19fcd9521d83b8293e63eb1646aa Author: Keno Fischer Date: Tue Jan 24 15:17:48 2017 -0800 mm/huge_memory.c: respect FOLL_FORCE/FOLL_COW for thp In commit 19be0eaffa3a ("mm: remove gup_flags FOLL_WRITE games from __get_user_pages()"), the mm code was changed from unsetting FOLL_WRITE after a COW was resolved to setting the (newly introduced) FOLL_COW instead. Simultaneously, the check in gup.c was updated to still allow writes with FOLL_FORCE set if FOLL_COW had also been set. However, a similar check in huge_memory.c was forgotten. As a result, remote memory writes to ro regions of memory backed by transparent huge pages cause an infinite loop in the kernel (handle_mm_fault sets FOLL_COW and returns 0 causing a retry, but follow_trans_huge_pmd bails out immidiately because `(flags & FOLL_WRITE) && !pmd_write(*pmd)` is true. While in this state the process is stil SIGKILLable, but little else works (e.g. no ptrace attach, no other signals). This is easily reproduced with the following code (assuming thp are set to always): #include #include #include #include #include #include #include #include #include #include #define TEST_SIZE 5 * 1024 * 1024 int main(void) { int status; pid_t child; int fd = open("/proc/self/mem", O_RDWR); void *addr = mmap(NULL, TEST_SIZE, PROT_READ, MAP_ANONYMOUS | MAP_PRIVATE, 0, 0); assert(addr != MAP_FAILED); pid_t parent_pid = getpid(); if ((child = fork()) == 0) { void *addr2 = mmap(NULL, TEST_SIZE, PROT_READ | PROT_WRITE, MAP_ANONYMOUS | MAP_PRIVATE, 0, 0); assert(addr2 != MAP_FAILED); memset(addr2, 'a', TEST_SIZE); pwrite(fd, addr2, TEST_SIZE, (uintptr_t)addr); return 0; } assert(child == waitpid(child, &status, 0)); assert(WIFEXITED(status) && WEXITSTATUS(status) == 0); return 0; } Fix this by updating follow_trans_huge_pmd in huge_memory.c analogously to the update in gup.c in the original commit. The same pattern exists in follow_devmap_pmd. However, we should not be able to reach that check with FOLL_COW set, so add WARN_ONCE to make sure we notice if we ever do. [akpm@linux-foundation.org: coding-style fixes] Link: http://lkml.kernel.org/r/20170106015025.GA38411@juliacomputing.com Signed-off-by: Keno Fischer Acked-by: Kirill A. Shutemov Cc: Greg Thelen Cc: Nicholas Piggin Cc: Willy Tarreau Cc: Oleg Nesterov Cc: Kees Cook Cc: Andy Lutomirski Cc: Michal Hocko Cc: Hugh Dickins Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/huge_memory.c | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) commit 8a1f780e7f28c7c1d640118242cf68d528c456cd Author: Yasuaki Ishimatsu Date: Tue Jan 24 15:17:45 2017 -0800 memory_hotplug: make zone_can_shift() return a boolean value online_{kernel|movable} is used to change the memory zone to ZONE_{NORMAL|MOVABLE} and online the memory. To check that memory zone can be changed, zone_can_shift() is used. Currently the function returns minus integer value, plus integer value and 0. When the function returns minus or plus integer value, it means that the memory zone can be changed to ZONE_{NORNAL|MOVABLE}. But when the function returns 0, there are two meanings. One of the meanings is that the memory zone does not need to be changed. For example, when memory is in ZONE_NORMAL and onlined by online_kernel the memory zone does not need to be changed. Another meaning is that the memory zone cannot be changed. When memory is in ZONE_NORMAL and onlined by online_movable, the memory zone may not be changed to ZONE_MOVALBE due to memory online limitation(see Documentation/memory-hotplug.txt). In this case, memory must not be onlined. The patch changes the return type of zone_can_shift() so that memory online operation fails when memory zone cannot be changed as follows: Before applying patch: # grep -A 35 "Node 2" /proc/zoneinfo Node 2, zone Normal node_scanned 0 spanned 8388608 present 7864320 managed 7864320 # echo online_movable > memory4097/state # grep -A 35 "Node 2" /proc/zoneinfo Node 2, zone Normal node_scanned 0 spanned 8388608 present 8388608 managed 8388608 online_movable operation succeeded. But memory is onlined as ZONE_NORMAL, not ZONE_MOVABLE. After applying patch: # grep -A 35 "Node 2" /proc/zoneinfo Node 2, zone Normal node_scanned 0 spanned 8388608 present 7864320 managed 7864320 # echo online_movable > memory4097/state bash: echo: write error: Invalid argument # grep -A 35 "Node 2" /proc/zoneinfo Node 2, zone Normal node_scanned 0 spanned 8388608 present 7864320 managed 7864320 online_movable operation failed because of failure of changing the memory zone from ZONE_NORMAL to ZONE_MOVABLE Fixes: df429ac03936 ("memory-hotplug: more general validation of zone during online") Link: http://lkml.kernel.org/r/2f9c3837-33d7-b6e5-59c0-6ca4372b2d84@gmail.com Signed-off-by: Yasuaki Ishimatsu Reviewed-by: Reza Arbab Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds drivers/base/memory.c | 4 ++-- include/linux/memory_hotplug.h | 4 ++-- mm/memory_hotplug.c | 28 +++++++++++++++++----------- 3 files changed, 21 insertions(+), 15 deletions(-) commit c7070619f3408d9a0dffbed9149e6f00479cf43b Author: Will Deacon Date: Fri Jan 20 10:33:32 2017 +0000 vring: Force use of DMA API for ARM-based systems with legacy devices Booting Linux on an ARM fastmodel containing an SMMU emulation results in an unexpected I/O page fault from the legacy virtio-blk PCI device: [ 1.211721] arm-smmu-v3 2b400000.smmu: event 0x10 received: [ 1.211800] arm-smmu-v3 2b400000.smmu: 0x00000000fffff010 [ 1.211880] arm-smmu-v3 2b400000.smmu: 0x0000020800000000 [ 1.211959] arm-smmu-v3 2b400000.smmu: 0x00000008fa081002 [ 1.212075] arm-smmu-v3 2b400000.smmu: 0x0000000000000000 [ 1.212155] arm-smmu-v3 2b400000.smmu: event 0x10 received: [ 1.212234] arm-smmu-v3 2b400000.smmu: 0x00000000fffff010 [ 1.212314] arm-smmu-v3 2b400000.smmu: 0x0000020800000000 [ 1.212394] arm-smmu-v3 2b400000.smmu: 0x00000008fa081000 [ 1.212471] arm-smmu-v3 2b400000.smmu: 0x0000000000000000 This is because the legacy virtio-blk device is behind an SMMU, so we have consequently swizzled its DMA ops and configured the SMMU to translate accesses. This then requires the vring code to use the DMA API to establish translations, otherwise all transactions will result in fatal faults and termination. Given that ARM-based systems only see an SMMU if one is really present (the topology is all described by firmware tables such as device-tree or IORT), then we can safely use the DMA API for all legacy virtio devices. Modern devices can advertise the prescense of an IOMMU using the VIRTIO_F_IOMMU_PLATFORM feature flag. Cc: Andy Lutomirski Cc: Michael S. Tsirkin Cc: Fixes: 876945dbf649 ("arm64: Hook up IOMMU dma_ops") Signed-off-by: Will Deacon Signed-off-by: Michael S. Tsirkin Acked-by: Marc Zyngier drivers/virtio/virtio_ring.c | 7 +++++++ 1 file changed, 7 insertions(+) commit f7f6634d23830ff74335734fbdb28ea109c1f349 Author: Robin Murphy Date: Tue Jan 10 17:51:17 2017 +0000 virtio_mmio: Set DMA masks appropriately Once DMA API usage is enabled, it becomes apparent that virtio-mmio is inadvertently relying on the default 32-bit DMA mask, which leads to problems like rapidly exhausting SWIOTLB bounce buffers. Ensure that we set the appropriate 64-bit DMA mask whenever possible, with the coherent mask suitably limited for the legacy vring as per a0be1db4304f ("virtio_pci: Limit DMA mask to 44 bits for legacy virtio devices"). Cc: Andy Lutomirski Cc: Michael S. Tsirkin Reported-by: Jean-Philippe Brucker Fixes: b42111382f0e ("virtio_mmio: Use the DMA API if enabled") Signed-off-by: Robin Murphy Signed-off-by: Michael S. Tsirkin drivers/virtio/virtio_mmio.c | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) commit 0516ffd88fa0d006ee80389ce14a9ca5ae45e845 Author: Stefan Hajnoczi Date: Thu Jan 19 10:43:53 2017 +0000 vhost/vsock: handle vhost_vq_init_access() error Propagate the error when vhost_vq_init_access() fails and set vq->private_data to NULL. Signed-off-by: Stefan Hajnoczi Signed-off-by: Michael S. Tsirkin drivers/vhost/vsock.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) commit 78f824d4312a8944f5340c6b161bba3bf2c81096 Author: Vineet Gupta Date: Tue Jun 21 14:24:33 2016 +0530 ARCv2: smp-boot: wake_flag polling by non-Masters needs to be uncached This is needed on HS38 cores, for setting up IO-Coherency aperture properly The polling could perturb the caches and coherecy fabric which could be wrong in the small window when Master is setting up IOC aperture etc in arc_cache_init() We do it only for ARCv2 based builds to not affect EZChip ARCompact based platform. Signed-off-by: Vineet Gupta arch/arc/kernel/smp.c | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) commit 27873de99f2fecca0f6b257316489ef2a1d86ffd Author: Bart Van Assche Date: Mon Jan 23 08:34:45 2017 -0800 scsi: qla2xxx: Fix a recently introduced memory leak qla2x00_probe_one() allocates IRQs before it initializes rsp_q_map so IRQs must be freed even if rsp_q_map allocation did not occur. This was detected by kmemleak. Fixes: 4fa183455988 ("scsi: qla2xxx: Utilize pci_alloc_irq_vectors/pci_free_irq_vectors calls") Signed-off-by: Bart Van Assche Cc: Michael Hernandez Cc: Himanshu Madhani Cc: Christoph Hellwig Cc: Reviewed-by: Christoph Hellwig Acked-By: Himanshu Madhani Reviewed-by: Johannes Thumshirn Signed-off-by: Martin K. Petersen drivers/scsi/qla2xxx/qla_isr.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit ec221a17a638dec4d9b0ba3e5817113f249dd194 Merge: 04d7f1f 85c8140 Author: David S. Miller Date: Tue Jan 24 16:21:37 2017 -0500 Merge branch 'lwt-module-unload' Robert Shearman says: ==================== net: Fix oops on state free after lwt module unload An oops is seen in lwtstate_free after an lwt ops module has been unloaded. This patchset fixes this by preventing modules implementing lwtunnel ops from being unloaded whilst there's state alive using those ops. The first patch adds fills in a new owner field in all lwt ops and the second patch makes use of this to reference count the modules as state is built and destroyed using them. Changes in v3: - don't put module reference if try_module_get fails on building state Changes in v2: - specify module owner for all modules as suggested by DaveM - reference count all modules building lwt state, not just those ops implementing destroy_state, as also suggested by DaveM. - rebased on top of David Ahern's lwtunnel changes ==================== Signed-off-by: David S. Miller commit 85c814016ce3b371016c2c054a905fa2492f5a65 Author: Robert Shearman Date: Tue Jan 24 16:26:48 2017 +0000 lwtunnel: Fix oops on state free after encap module unload When attempting to free lwtunnel state after the module for the encap has been unloaded an oops occurs: BUG: unable to handle kernel NULL pointer dereference at 0000000000000008 IP: lwtstate_free+0x18/0x40 [..] task: ffff88003e372380 task.stack: ffffc900001fc000 RIP: 0010:lwtstate_free+0x18/0x40 RSP: 0018:ffff88003fd83e88 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff88002bbb3380 RCX: ffff88000c91a300 [..] Call Trace: free_fib_info_rcu+0x195/0x1a0 ? rt_fibinfo_free+0x50/0x50 rcu_process_callbacks+0x2d3/0x850 ? rcu_process_callbacks+0x296/0x850 __do_softirq+0xe4/0x4cb irq_exit+0xb0/0xc0 smp_apic_timer_interrupt+0x3d/0x50 apic_timer_interrupt+0x93/0xa0 [..] Code: e8 6e c6 fc ff 89 d8 5b 5d c3 bb de ff ff ff eb f4 66 90 66 66 66 66 90 55 48 89 e5 53 0f b7 07 48 89 fb 48 8b 04 c5 00 81 d5 81 <48> 8b 40 08 48 85 c0 74 13 ff d0 48 8d 7b 20 be 20 00 00 00 e8 The problem is after the module for the encap can be unloaded the corresponding ops is removed and is thus NULL here. Modules implementing lwtunnel ops should not be allowed to unload while there is state alive using those ops, so grab the module reference for the ops on creating lwtunnel state and of course release the reference when freeing the state. Fixes: 1104d9ba443a ("lwtunnel: Add destroy state operation") Signed-off-by: Robert Shearman Signed-off-by: David S. Miller net/core/lwtunnel.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) commit 88ff7334f25909802140e690c0e16433e485b0a0 Author: Robert Shearman Date: Tue Jan 24 16:26:47 2017 +0000 net: Specify the owning module for lwtunnel ops Modules implementing lwtunnel ops should not be allowed to unload while there is state alive using those ops, so specify the owning module for all lwtunnel ops. Signed-off-by: Robert Shearman Signed-off-by: David S. Miller include/net/lwtunnel.h | 2 ++ net/core/lwt_bpf.c | 1 + net/ipv4/ip_tunnel_core.c | 2 ++ net/ipv6/ila/ila_lwt.c | 1 + net/ipv6/seg6_iptunnel.c | 1 + net/mpls/mpls_iptunnel.c | 1 + 6 files changed, 8 insertions(+) commit 2d4b21e0a2913612274a69a3ba1bfee4cffc6e77 Author: Yonatan Cohen Date: Thu Jan 19 15:25:59 2017 +0200 IB/rxe: Prevent from completer to operate on non valid QP On UD QP completer tasklet is scheduled for each packet sent. If it is followed by a destroy_qp(), the kernel panic will happen as the completer tries to operate on a destroyed QP. Fixes: 8700e3e7c485 ("Soft RoCE driver") Signed-off-by: Yonatan Cohen Reviewed-by: Moni Shoua Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/sw/rxe/rxe_qp.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit f39f775218a7520e3700de2003c84a042c3b5972 Author: Maor Gottlieb Date: Thu Jan 19 15:25:58 2017 +0200 IB/rxe: Fix rxe dev insertion to rxe_dev_list The first argument of list_add_tail is the new item and the second is the head of the list. Fix the code to pass arguments in the right order, otherwise not all the rxe devices will be removed during teardown. Fixes: 8700e3e7c4857 ('Soft RoCE driver') Signed-off-by: Maor Gottlieb Reviewed-by: Moni Shoua Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/sw/rxe/rxe_net.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 04d7f1fb7d25256d8c21b78c7d46193b4a7fabfe Merge: 294628c 35e22e4 Author: David S. Miller Date: Tue Jan 24 16:14:59 2017 -0500 Merge branch 'tipc-topology-fixes' Parthasarathy Bhuvaragan says: ==================== tipc: topology server fixes for nametable soft lockup In this series, we revert the commit 333f796235a527 ("tipc: fix a race condition leading to subscriber refcnt bug") and provide an alternate solution to fix the race conditions in commits 2-4. We have to do this as the above commit introduced a nametbl soft lockup at module exit as described by patch#4. ==================== Signed-off-by: David S. Miller commit 35e22e49a5d6a741ebe7f2dd280b2052c3003ef7 Author: Parthasarathy Bhuvaragan Date: Tue Jan 24 13:00:48 2017 +0100 tipc: fix cleanup at module unload In tipc_server_stop(), we iterate over the connections with limiting factor as server's idr_in_use. We ignore the fact that this variable is decremented in tipc_close_conn(), leading to premature exit. In this commit, we iterate until the we have no connections left. Acked-by: Ying Xue Acked-by: Jon Maloy Tested-by: John Thompson Signed-off-by: Parthasarathy Bhuvaragan Signed-off-by: David S. Miller net/tipc/server.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) commit 4c887aa65d38633885010277f3482400681be719 Author: Parthasarathy Bhuvaragan Date: Tue Jan 24 13:00:47 2017 +0100 tipc: ignore requests when the connection state is not CONNECTED In tipc_conn_sendmsg(), we first queue the request to the outqueue followed by the connection state check. If the connection is not connected, we should not queue this message. In this commit, we reject the messages if the connection state is not CF_CONNECTED. Acked-by: Ying Xue Acked-by: Jon Maloy Tested-by: John Thompson Signed-off-by: Parthasarathy Bhuvaragan Signed-off-by: David S. Miller net/tipc/server.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) commit 9dc3abdd1f7ea524e8552e0a3ef01219892ed1f4 Author: Parthasarathy Bhuvaragan Date: Tue Jan 24 13:00:46 2017 +0100 tipc: fix nametbl_lock soft lockup at module exit Commit 333f796235a527 ("tipc: fix a race condition leading to subscriber refcnt bug") reveals a soft lockup while acquiring nametbl_lock. Before commit 333f796235a527, we call tipc_conn_shutdown() from tipc_close_conn() in the context of tipc_topsrv_stop(). In that context, we are allowed to grab the nametbl_lock. Commit 333f796235a527, moved tipc_conn_release (renamed from tipc_conn_shutdown) to the connection refcount cleanup. This allows either tipc_nametbl_withdraw() or tipc_topsrv_stop() to the cleanup. Since tipc_exit_net() first calls tipc_topsrv_stop() and then tipc_nametble_withdraw() increases the chances for the later to perform the connection cleanup. The soft lockup occurs in the call chain of tipc_nametbl_withdraw(), when it performs the tipc_conn_kref_release() as it tries to grab nametbl_lock again while holding it already. tipc_nametbl_withdraw() grabs nametbl_lock tipc_nametbl_remove_publ() tipc_subscrp_report_overlap() tipc_subscrp_send_event() tipc_conn_sendmsg() << if (con->flags != CF_CONNECTED) we do conn_put(), triggering the cleanup as refcount=0. >> tipc_conn_kref_release tipc_sock_release tipc_conn_release tipc_subscrb_delete tipc_subscrp_delete tipc_nametbl_unsubscribe << Soft Lockup >> The previous changes in this series fixes the race conditions fixed by commit 333f796235a527. Hence we can now revert the commit. Fixes: 333f796235a52727 ("tipc: fix a race condition leading to subscriber refcnt bug") Reported-and-Tested-by: John Thompson Acked-by: Ying Xue Acked-by: Jon Maloy Signed-off-by: Parthasarathy Bhuvaragan Signed-off-by: David S. Miller net/tipc/server.c | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) commit fc0adfc8fd18b61b6f7a3f28b429e134d6f3a008 Author: Parthasarathy Bhuvaragan Date: Tue Jan 24 13:00:45 2017 +0100 tipc: fix connection refcount error Until now, the generic server framework maintains the connection id's per subscriber in server's conn_idr. At tipc_close_conn, we remove the connection id from the server list, but the connection is valid until we call the refcount cleanup. Hence we have a window where the server allocates the same connection to an new subscriber leading to inconsistent reference count. We have another refcount warning we grab the refcount in tipc_conn_lookup() for connections with flag with CF_CONNECTED not set. This usually occurs at shutdown when the we stop the topology server and withdraw TIPC_CFG_SRV publication thereby triggering a withdraw message to subscribers. In this commit, we: 1. remove the connection from the server list at recount cleanup. 2. grab the refcount for a connection only if CF_CONNECTED is set. Tested-by: John Thompson Acked-by: Ying Xue Acked-by: Jon Maloy Signed-off-by: Parthasarathy Bhuvaragan Signed-off-by: David S. Miller net/tipc/server.c | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) commit d094c4d5f5c7e1b225e94227ca3f007be3adc4e8 Author: Parthasarathy Bhuvaragan Date: Tue Jan 24 13:00:44 2017 +0100 tipc: add subscription refcount to avoid invalid delete Until now, the subscribers keep track of the subscriptions using reference count at subscriber level. At subscription cancel or subscriber delete, we delete the subscription only if the timer was pending for the subscription. This approach is incorrect as: 1. del_timer() is not SMP safe, if on CPU0 the check for pending timer returns true but CPU1 might schedule the timer callback thereby deleting the subscription. Thus when CPU0 is scheduled, it deletes an invalid subscription. 2. We export tipc_subscrp_report_overlap(), which accesses the subscription pointer multiple times. Meanwhile the subscription timer can expire thereby freeing the subscription and we might continue to access the subscription pointer leading to memory violations. In this commit, we introduce subscription refcount to avoid deleting an invalid subscription. Reported-and-Tested-by: John Thompson Acked-by: Ying Xue Acked-by: Jon Maloy Signed-off-by: Parthasarathy Bhuvaragan Signed-off-by: David S. Miller net/tipc/subscr.c | 124 ++++++++++++++++++++++++++++++------------------------ net/tipc/subscr.h | 1 + 2 files changed, 71 insertions(+), 54 deletions(-) commit 93f955aad4bacee5acebad141d1a03cd51f27b4e Author: Parthasarathy Bhuvaragan Date: Tue Jan 24 13:00:43 2017 +0100 tipc: fix nametbl_lock soft lockup at node/link events We trigger a soft lockup as we grab nametbl_lock twice if the node has a pending node up/down or link up/down event while: - we process an incoming named message in tipc_named_rcv() and perform an tipc_update_nametbl(). - we have pending backlog items in the name distributor queue during a nametable update using tipc_nametbl_publish() or tipc_nametbl_withdraw(). The following are the call chain associated: tipc_named_rcv() Grabs nametbl_lock tipc_update_nametbl() (publish/withdraw) tipc_node_subscribe()/unsubscribe() tipc_node_write_unlock() << lockup occurs if an outstanding node/link event exits, as we grabs nametbl_lock again >> tipc_nametbl_withdraw() Grab nametbl_lock tipc_named_process_backlog() tipc_update_nametbl() << rest as above >> The function tipc_node_write_unlock(), in addition to releasing the lock processes the outstanding node/link up/down events. To do this, we need to grab the nametbl_lock again leading to the lockup. In this commit we fix the soft lockup by introducing a fast variant of node_unlock(), where we just release the lock. We adapt the node_subscribe()/node_unsubscribe() to use the fast variants. Reported-and-Tested-by: John Thompson Acked-by: Ying Xue Acked-by: Jon Maloy Signed-off-by: Parthasarathy Bhuvaragan Signed-off-by: David S. Miller net/tipc/node.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) commit b2c11e4b9536ebab6b39929e1fe15f57039ab445 Author: Pablo Neira Ayuso Date: Tue Jan 24 00:51:48 2017 +0100 netfilter: nf_tables: bump set->ndeact on set flush Add missing set->ndeact update on each deactivated element from the set flush path. Otherwise, sets with fixed size break after flush since accounting breaks. # nft add set x y { type ipv4_addr\; size 2\; } # nft add element x y { 1.1.1.1 } # nft add element x y { 1.1.1.2 } # nft flush set x y # nft add element x y { 1.1.1.1 } :1:1-28: Error: Could not process rule: Too many open files in system Fixes: 8411b6442e59 ("netfilter: nf_tables: support for set flushing") Reported-by: Elise Lennion Signed-off-by: Pablo Neira Ayuso net/netfilter/nf_tables_api.c | 1 + 1 file changed, 1 insertion(+) commit de70185de0333783154863278ac87bfbbc54e384 Author: Pablo Neira Ayuso Date: Tue Jan 24 00:51:41 2017 +0100 netfilter: nf_tables: deconstify walk callback function The flush operation needs to modify set and element objects, so let's deconstify this. Signed-off-by: Pablo Neira Ayuso include/net/netfilter/nf_tables.h | 6 +++--- net/netfilter/nf_tables_api.c | 24 ++++++++++++------------ net/netfilter/nft_set_hash.c | 2 +- net/netfilter/nft_set_rbtree.c | 2 +- 4 files changed, 17 insertions(+), 17 deletions(-) commit 35d0ac9070ef619e3bf44324375878a1c540387b Author: Pablo Neira Ayuso Date: Tue Jan 24 00:51:32 2017 +0100 netfilter: nf_tables: fix set->nelems counting with no NLM_F_EXCL If the element exists and no NLM_F_EXCL is specified, do not bump set->nelems, otherwise we leak one set element slot. This problem amplifies if the set is full since the abort path always decrements the counter for the -ENFILE case too, giving one spare extra slot. Fix this by moving set->nelems update to nft_add_set_elem() after successful element insertion. Moreover, remove the element if the set is full so there is no need to rely on the abort path to undo things anymore. Fixes: c016c7e45ddf ("netfilter: nf_tables: honor NLM_F_EXCL flag in set element insertion") Signed-off-by: Pablo Neira Ayuso net/netfilter/nf_tables_api.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) commit 5ce6b04ce96896e8a79e6f60740ced911eaac7a4 Author: Liping Zhang Date: Sun Jan 22 22:10:32 2017 +0800 netfilter: nft_log: restrict the log prefix length to 127 First, log prefix will be truncated to NF_LOG_PREFIXLEN-1, i.e. 127, at nf_log_packet(), so the extra part is useless. Second, after adding a log rule with a very very long prefix, we will fail to dump the nft rules after this _special_ one, but acctually, they do exist. For example: # name_65000=$(printf "%0.sQ" {1..65000}) # nft add rule filter output log prefix "$name_65000" # nft add rule filter output counter # nft add rule filter output counter # nft list chain filter output table ip filter { chain output { type filter hook output priority 0; policy accept; } } So now, restrict the log prefix length to NF_LOG_PREFIXLEN-1. Fixes: 96518518cc41 ("netfilter: add nftables") Signed-off-by: Liping Zhang Signed-off-by: Pablo Neira Ayuso include/uapi/linux/netfilter/nf_log.h | 2 ++ net/netfilter/nf_log.c | 1 - net/netfilter/nft_log.c | 3 ++- 3 files changed, 4 insertions(+), 2 deletions(-) commit 828f6fa65ce7e80f77f5ab12942e44eb3d9d174e Author: Kenneth Lee Date: Thu Jan 5 15:00:05 2017 +0800 IB/umem: Release pid in error and ODP flow 1. Release pid before enter odp flow 2. Release pid when fail to allocate memory Fixes: 87773dd56d54 ("IB: ib_umem_release() should decrement mm->pinned_vm from ib_umem_get") Fixes: 8ada2c1c0c1d ("IB/core: Add support for on demand paging regions") Signed-off-by: Kenneth Lee Reviewed-by: Haggai Eran Reviewed-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/core/umem.c | 2 ++ 1 file changed, 2 insertions(+) commit 0263d4ebd94b36280608e296cba39b924b6e832b Merge: 19ca2c8 7b9e1d8 Author: Linus Torvalds Date: Tue Jan 24 12:38:43 2017 -0800 Merge tag 'platform-drivers-x86-v4.10-4' of git://git.infradead.org/linux-platform-drivers-x86 Pull x86 platform-driver fixes from Andy Shevchenko: "This is my first pull request since I become a co-maintainer of Platform Drivers x86 subsystem. It's a bit bigger than usual due to material collected for almost two weeks in a row. MAINTAINERS: - Add myself to X86 PLATFORM DRIVERS as a co-maintainer ideapad-laptop: - handle ACPI event 1 intel_mid_powerbtn: - Set IRQ_ONESHOT surface3-wmi: - fix uninitialized symbol - Shut up unused-function warning mlx-platform: - free first dev on error" * tag 'platform-drivers-x86-v4.10-4' of git://git.infradead.org/linux-platform-drivers-x86: MAINTAINERS: Add myself to X86 PLATFORM DRIVERS as a co-maintainer platform/x86: ideapad-laptop: handle ACPI event 1 platform/x86: intel_mid_powerbtn: Set IRQ_ONESHOT platform/x86: surface3-wmi: fix uninitialized symbol platform/x86: surface3-wmi: Shut up unused-function warning platform/x86: mlx-platform: free first dev on error commit f449c7a2d822c2d81b5bcb2c50eec80796766726 Author: Ram Amrani Date: Tue Jan 24 13:51:43 2017 +0200 RDMA/qedr: Dispatch port active event from qedr_add Relying on qede to trigger qedr on startup is problematic. When probing both if qedr loads slowly then qede can assume qedr is missing and not trigger it. This patch adds a triggering from qedr and protects against a race via an atomic bit. Signed-off-by: Ram Amrani Signed-off-by: Ariel Elior Signed-off-by: Doug Ledford drivers/infiniband/hw/qedr/main.c | 20 ++++++++++++++------ drivers/infiniband/hw/qedr/qedr.h | 5 +++++ 2 files changed, 19 insertions(+), 6 deletions(-) commit 9c1e0228ab35e52d30abf4b5629c28350833fbcb Author: Ram Amrani Date: Tue Jan 24 13:51:42 2017 +0200 RDMA/qedr: Fix and simplify memory leak in PD alloc Free the PD if no internal resources were available. Move userspace code under the relevant 'if'. Signed-off-by: Ram Amrani Signed-off-by: Ariel Elior Signed-off-by: Doug Ledford drivers/infiniband/hw/qedr/verbs.c | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) commit af2b14b8b8ae21b0047a52c767ac8b44f435a280 Author: Ram Amrani Date: Tue Jan 24 13:51:41 2017 +0200 RDMA/qedr: Fix RDMA CM loopback The loopback logic in RDMA CM packets compares Ethernet addresses and was accidently inverse. Signed-off-by: Ram Amrani Signed-off-by: Ariel Elior Signed-off-by: Doug Ledford drivers/infiniband/hw/qedr/qedr_cm.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 1a59075197976611bacaa383a6673f9e57e9e98b Author: Ram Amrani Date: Tue Jan 24 13:51:40 2017 +0200 RDMA/qedr: Fix formatting Remove standalone ';'. List function's parameters in a single line. Signed-off-by: Ram Amrani Signed-off-by: Ariel Elior Reviewed-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/qedr/main.c | 3 +-- drivers/infiniband/hw/qedr/verbs.c | 1 - 2 files changed, 1 insertion(+), 3 deletions(-) commit 27a4b1a6d6fcf09314359bacefa1e106927ae21b Author: Ram Amrani Date: Tue Jan 24 13:51:39 2017 +0200 RDMA/qedr: Mark three functions as static mark qedr_get_state_from_ibqp(), __qedr_alloc_mr() and __qedr_post_send() as static since they are only used in the same file. Signed-off-by: Ram Amrani Signed-off-by: Ariel Elior Signed-off-by: Doug Ledford drivers/infiniband/hw/qedr/verbs.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) commit 933e6dcaa0f65eb2f624ad760274020874a1f35e Author: Ram Amrani Date: Tue Jan 24 13:50:38 2017 +0200 RDMA/qedr: Don't reset QP when queues aren't flushed Fail QP state transition from error to reset if SQ/RQ are not empty and still in the process of flushing out the queued work entries. Signed-off-by: Ram Amrani Signed-off-by: Michal Kalderon Signed-off-by: Doug Ledford drivers/infiniband/hw/qedr/verbs.c | 8 ++++++++ 1 file changed, 8 insertions(+) commit c78c31496111f497b4a03f955c100091185da8b6 Author: Ram Amrani Date: Tue Jan 24 13:50:37 2017 +0200 RDMA/qedr: Don't spam dmesg if QP is in error state It is normal to flush CQEs if the QP is in error state. Hence there's no use in printing a message per CQE to dmesg. Signed-off-by: Ram Amrani Signed-off-by: Michal Kalderon Signed-off-by: Doug Ledford drivers/infiniband/hw/qedr/verbs.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) commit 91bff997db2ec04f9ba761a55c21642f9803b06c Author: Ram Amrani Date: Tue Jan 24 13:50:36 2017 +0200 RDMA/qedr: Remove CQ spinlock from CM completion handlers There is only a single event queue that triggers the completion events for the RDMA CM and it is being processed serially. This means that inherently there can no parallelism of CQ completion handler callbacks, hence the lock is redundant. Signed-off-by: Ram Amrani Signed-off-by: Michal Kalderon Reviewed-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/qedr/qedr.h | 3 --- drivers/infiniband/hw/qedr/qedr_cm.c | 10 ++-------- 2 files changed, 2 insertions(+), 11 deletions(-) commit 59e8970b3798e4cbe575ed9cf4d53098760a2a86 Author: Ram Amrani Date: Tue Jan 24 13:50:35 2017 +0200 RDMA/qedr: Return max inline data in QP query result Return the maximum supported amount of inline data, not the qp's current configured inline data size, when filling out the results of a query qp call. Signed-off-by: Ram Amrani Signed-off-by: Michal Kalderon Signed-off-by: Doug Ledford drivers/infiniband/hw/qedr/verbs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 865cea40b69741c3da2574176876463233b2b67c Author: Ram Amrani Date: Tue Jan 24 13:50:34 2017 +0200 RDMA/qedr: Return success when not changing QP state If the user is requesting us to change the QP state to the same state that it is already in, return success instead of failure. Signed-off-by: Ram Amrani Signed-off-by: Michal Kalderon Signed-off-by: Doug Ledford drivers/infiniband/hw/qedr/verbs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 20f5e10ef8bcf29a915642245b66e5a132e38fc4 Author: Amrani, Ram Date: Tue Jan 24 12:01:31 2017 +0200 RDMA/qedr: Add uapi header qedr-abi.h Signed-off-by: Ram Amrani Signed-off-by: Doug Ledford include/uapi/rdma/Kbuild | 1 + 1 file changed, 1 insertion(+) commit 097b615965fb1af714fbc2311f68839b1086ebcb Author: Amrani, Ram Date: Mon Dec 26 08:40:58 2016 +0200 RDMA/qedr: Fix MTU returned from QP query MTU value returned from QP query should include overhead. Signed-off-by: Ram Amrani Signed-off-by: Doug Ledford drivers/infiniband/hw/qedr/verbs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d3f4aadd614c4627244452ad64eaf351179f2c31 Author: Amrani, Ram Date: Mon Dec 26 08:40:57 2016 +0200 RDMA/core: Add the function ib_mtu_int_to_enum As the functionality to convert the MTU from a number to enum_ib_mtu is ubiquitous, define a dedicated function and remove the duplicated code. Signed-off-by: Ram Amrani Reviewed-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/cxgb3/iwch_provider.c | 11 +---------- drivers/infiniband/hw/cxgb4/provider.c | 11 +---------- drivers/infiniband/hw/i40iw/i40iw_verbs.c | 11 +---------- drivers/infiniband/hw/nes/nes_verbs.c | 12 +----------- include/rdma/ib_verbs.h | 14 ++++++++++++++ 5 files changed, 18 insertions(+), 41 deletions(-) commit c929ea0b910355e1876c64431f3d5802f95b3d75 Author: Kinglong Mee Date: Fri Jan 20 16:48:39 2017 +0800 SUNRPC: cleanup ida information when removing sunrpc module After removing sunrpc module, I get many kmemleak information as, unreferenced object 0xffff88003316b1e0 (size 544): comm "gssproxy", pid 2148, jiffies 4294794465 (age 4200.081s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [] kmemleak_alloc+0x4a/0xa0 [] kmem_cache_alloc+0x15e/0x1f0 [] ida_pre_get+0xaa/0x150 [] ida_simple_get+0xad/0x180 [] nlmsvc_lookup_host+0x4ab/0x7f0 [lockd] [] lockd+0x4d/0x270 [lockd] [] param_set_timeout+0x55/0x100 [lockd] [] svc_defer+0x114/0x3f0 [sunrpc] [] svc_defer+0x2d7/0x3f0 [sunrpc] [] rpc_show_info+0x8a/0x110 [sunrpc] [] proc_reg_write+0x7f/0xc0 [] __vfs_write+0xdf/0x3c0 [] vfs_write+0xef/0x240 [] SyS_write+0xad/0x130 [] entry_SYSCALL_64_fastpath+0x1a/0xa9 [] 0xffffffffffffffff I found, the ida information (dynamic memory) isn't cleanup. Signed-off-by: Kinglong Mee Fixes: 2f048db4680a ("SUNRPC: Add an identifier for struct rpc_clnt") Cc: stable@vger.kernel.org # v3.12+ Signed-off-by: Trond Myklebust include/linux/sunrpc/clnt.h | 1 + net/sunrpc/clnt.c | 5 +++++ net/sunrpc/sunrpc_syms.c | 1 + 3 files changed, 7 insertions(+) commit 294628c1fe660b5c4ba4127df05ff2aa8c09a08a Merge: 5b9f575 185acee Author: David S. Miller Date: Tue Jan 24 15:27:59 2017 -0500 Merge branch 'alx-mq-fixes' Tobias Regnery says: ==================== alx: fix fallout from multi queue conversion Here are 3 fixes for the multi queue conversion in v4.10. The first patch fixes a wrong condition in an if statement. Patches 2 and 3 fixes regressions in the corner case when requesting msi-x interrupts fails and we fall back to msi or legacy interrupts. ==================== Signed-off-by: David S. Miller commit 185aceefd80f98dc5b9d73eb6cbb70739a5ce4ea Author: Tobias Regnery Date: Tue Jan 24 14:34:24 2017 +0100 alx: work around hardware bug in interrupt fallback path If requesting msi-x interrupts fails in alx_request_irq we fall back to a single tx queue and msi or legacy interrupts. Currently the adapter stops working in this case and we get tx watchdog timeouts. For reasons unknown the adapter gets confused when we load the dma adresses to the chip in alx_init_ring_ptrs twice: the first time with multiple queues and the second time in the fallback case with a single queue. To fix this move the the call to alx_reinit_rings (which calls alx_init_ring_ptrs) after alx_request_irq. At this time it is clear how much tx queues we have and which dma addresses we use. Fixes: d768319cd427 ("alx: enable multiple tx queues") Signed-off-by: Tobias Regnery Signed-off-by: David S. Miller drivers/net/ethernet/atheros/alx/main.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) commit 37187a016c37d7e550544544dba25399ce4589c9 Author: Tobias Regnery Date: Tue Jan 24 14:34:23 2017 +0100 alx: fix fallback to msi or legacy interrupts If requesting msi-x interrupts fails we should fall back to msi or legacy interrupts. However alx_realloc_ressources don't call alx_init_intr, so we fail to set the right number of tx queues. This results in watchdog timeouts and a nonfunctional adapter. Fixes: d768319cd427 ("alx: enable multiple tx queues") Signed-off-by: Tobias Regnery Signed-off-by: David S. Miller drivers/net/ethernet/atheros/alx/main.c | 1 + 1 file changed, 1 insertion(+) commit f1db5c101cd48b5555ed9e061dcc49ed329812ea Author: Tobias Regnery Date: Tue Jan 24 14:34:22 2017 +0100 alx: fix wrong condition to free descriptor memory The condition to free the descriptor memory is wrong, we want to free the memory if it is set and not if it is unset. Invert the test to fix this issue. Fixes: b0999223f224b ("alx: add ability to allocate and free alx_napi structures") Signed-off-by: Tobias Regnery Signed-off-by: David S. Miller drivers/net/ethernet/atheros/alx/main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 5b9f57516337b523f7466a53939aaaea7b78141b Author: Bjørn Mork Date: Tue Jan 24 10:45:38 2017 +0100 qmi_wwan/cdc_ether: add device ID for HP lt2523 (Novatel E371) WWAN card Another rebranded Novatel E371. qmi_wwan should drive this device, while cdc_ether should ignore it. Even though the USB descriptors are plain CDC-ETHER that USB interface is a QMI interface. Ref commit 7fdb7846c9ca ("qmi_wwan/cdc_ether: add device IDs for Dell 5804 (Novatel E371) WWAN card") Cc: Dan Williams Signed-off-by: Bjørn Mork Signed-off-by: David S. Miller drivers/net/usb/cdc_ether.c | 8 ++++++++ drivers/net/usb/qmi_wwan.c | 7 +++++++ 2 files changed, 15 insertions(+) commit 83d230eb5c638949350f4761acdfc0af5cb1bc00 Author: Darrick J. Wong Date: Mon Jan 23 19:43:00 2017 -0800 xfs: verify dirblocklog correctly sb_dirblklog is added to sb_blocklog to compute the directory block size in bytes. Therefore, we must compare the sum of both those values against XFS_MAX_BLOCKSIZE_LOG, not just dirblklog. Signed-off-by: Darrick J. Wong Reviewed-by: Eric Sandeen Reviewed-by: Christoph Hellwig fs/xfs/libxfs/xfs_sb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 19ca2c8fecb1592d623fe5e82d6796f8d446268d Merge: a4685d2 880a385 Author: Linus Torvalds Date: Tue Jan 24 12:21:51 2017 -0800 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace Pull namespace fix from Eric Biederman: "This has a single brown bag fix. The possible deadlock with dec_pid_namespaces that I had thought was fixed earlier turned out only to have been moved. So instead of being cleaver this change takes ucounts_lock with irqs disabled. So dec_ucount can be used from any context without fear of deadlock. The items accounted for dec_ucount and inc_ucount are all comparatively heavy weight objects so I don't exepct this will have any measurable performance impact" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace: userns: Make ucounts lock irq-safe commit 23d28a859fb847fd7fcfbd31acb3b160abb5d6ae Author: Thomas Huth Date: Tue Jan 24 07:28:41 2017 +0100 ibmveth: Add a proper check for the availability of the checksum features When using the ibmveth driver in a KVM/QEMU based VM, it currently always prints out a scary error message like this when it is started: ibmveth 71000003 (unregistered net_device): unable to change checksum offload settings. 1 rc=-2 ret_attr=71000003 This happens because the driver always tries to enable the checksum offloading without checking for the availability of this feature first. QEMU does not support checksum offloading for the spapr-vlan device, thus we always get the error message here. According to the LoPAPR specification, the "ibm,illan-options" property of the corresponding device tree node should be checked first to see whether the H_ILLAN_ATTRIUBTES hypercall and thus the checksum offloading feature is available. Thus let's do this in the ibmveth driver, too, so that the error message is really only limited to cases where something goes wrong, and does not occur if the feature is just missing. Signed-off-by: Thomas Huth Signed-off-by: David S. Miller drivers/net/ethernet/ibm/ibmveth.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) commit 7d6556ac66eeb430a574e9e3381a3110965d17aa Merge: a824d0b efb5f68 Author: David S. Miller Date: Tue Jan 24 15:01:58 2017 -0500 Merge branch 'vxlan-fdb-fixes' Roopa Prabhu says: ==================== vxlan: misc fdb fixes ==================== Signed-off-by: David S. Miller commit efb5f68f32995c146944a9d4257c3cf8eae2c4a1 Author: Balakrishnan Raman Date: Mon Jan 23 20:44:33 2017 -0800 vxlan: do not age static remote mac entries Mac aging is applicable only for dynamically learnt remote mac entries. Check for user configured static remote mac entries and skip aging. Signed-off-by: Balakrishnan Raman Signed-off-by: Roopa Prabhu Signed-off-by: David S. Miller drivers/net/vxlan.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 8b3f9337e17aaf710c79e65fd0a3c572a075f498 Author: Roopa Prabhu Date: Mon Jan 23 20:44:32 2017 -0800 vxlan: don't flush static fdb entries on admin down This patch skips flushing static fdb entries in ndo_stop, but flushes all fdb entries during vxlan device delete. This is consistent with the bridge driver fdb Signed-off-by: Roopa Prabhu Signed-off-by: David S. Miller drivers/net/vxlan.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) commit a824d0b83109eb3e3ad44c489543831bc15f7166 Merge: d0fa28f fbfa743 Author: David S. Miller Date: Tue Jan 24 14:53:25 2017 -0500 Merge branch 'ip6_tnl_parse_tlv_enc_lim-fixes' Eric Dumazet says: ==================== ipv6: fix ip6_tnl_parse_tlv_enc_lim() issues First patch fixes ip6_tnl_parse_tlv_enc_lim() callers, bug added in linux-3.7 Second patch fixes ip6_tnl_parse_tlv_enc_lim() itself, bug predates linux-2.6.12 Based on a report from Dmitry Vyukov, thanks to KASAN. ==================== Signed-off-by: David S. Miller commit fbfa743a9d2a0ffa24251764f10afc13eb21e739 Author: Eric Dumazet Date: Mon Jan 23 16:43:06 2017 -0800 ipv6: fix ip6_tnl_parse_tlv_enc_lim() This function suffers from multiple issues. First one is that pskb_may_pull() may reallocate skb->head, so the 'raw' pointer needs either to be reloaded or not used at all. Second issue is that NEXTHDR_DEST handling does not validate that the options are present in skb->data, so we might read garbage or access non existent memory. With help from Willem de Bruijn. Signed-off-by: Eric Dumazet Reported-by: Dmitry Vyukov Cc: Willem de Bruijn Signed-off-by: David S. Miller net/ipv6/ip6_tunnel.c | 34 ++++++++++++++++++++++------------ 1 file changed, 22 insertions(+), 12 deletions(-) commit 21b995a9cb093fff33ec91d7cb3822b882a90a1e Author: Eric Dumazet Date: Mon Jan 23 16:43:05 2017 -0800 ip6_tunnel: must reload ipv6h in ip6ip6_tnl_xmit() Since ip6_tnl_parse_tlv_enc_lim() can call pskb_may_pull(), we must reload any pointer that was related to skb->head (or skb->data), or risk use after free. Fixes: c12b395a4664 ("gre: Support GRE over IPv6") Signed-off-by: Eric Dumazet Cc: Dmitry Kozlov Signed-off-by: David S. Miller net/ipv6/ip6_gre.c | 3 +++ net/ipv6/ip6_tunnel.c | 2 ++ 2 files changed, 5 insertions(+) commit d0fa28f00052391b5df328f502fbbdd4444938b7 Author: Michael S. Tsirkin Date: Mon Jan 23 21:37:52 2017 +0200 virtio_net: fix PAGE_SIZE > 64k I don't have any guests with PAGE_SIZE > 64k but the code seems to be clearly broken in that case as PAGE_SIZE / MERGEABLE_BUFFER_ALIGN will need more than 8 bit and so the code in mergeable_ctx_to_buf_address does not give us the actual true size. Cc: John Fastabend Signed-off-by: Michael S. Tsirkin Signed-off-by: David S. Miller drivers/net/virtio_net.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) commit 0fb44559ffd67de8517098b81f675fa0210f13f0 Author: WANG Cong Date: Mon Jan 23 11:17:35 2017 -0800 af_unix: move unix_mknod() out of bindlock Dmitry reported a deadlock scenario: unix_bind() path: u->bindlock ==> sb_writer do_splice() path: sb_writer ==> pipe->mutex ==> u->bindlock In the unix_bind() code path, unix_mknod() does not have to be done with u->bindlock held, since it is a pure fs operation, so we can just move unix_mknod() out. Reported-by: Dmitry Vyukov Tested-by: Dmitry Vyukov Cc: Rainer Weikusat Cc: Al Viro Signed-off-by: Cong Wang Signed-off-by: David S. Miller net/unix/af_unix.c | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) commit 2e38a37f23c98d7fad87ff022670060b8a0e2bf5 Author: Song Liu Date: Tue Jan 24 10:45:30 2017 -0800 md/r5cache: disable write back for degraded array write-back cache in degraded mode introduces corner cases to the array. Although we try to cover all these corner cases, it is safer to just disable write-back cache when the array is in degraded mode. In this patch, we disable writeback cache for degraded mode: 1. On device failure, if the array enters degraded mode, raid5_error() will submit async job r5c_disable_writeback_async to disable writeback; 2. In r5c_journal_mode_store(), it is invalid to enable writeback in degraded mode; 3. In r5c_try_caching_write(), stripes with s->failed>0 will be handled in write-through mode. Signed-off-by: Song Liu Signed-off-by: Shaohua Li drivers/md/raid5-cache.c | 46 ++++++++++++++++++++++++++++++++++++++++++++++ drivers/md/raid5.c | 15 ++++++++------- drivers/md/raid5.h | 2 ++ 3 files changed, 56 insertions(+), 7 deletions(-) commit 07e83364845e1e1c7e189a01206a9d7d33831568 Author: Song Liu Date: Mon Jan 23 17:12:58 2017 -0800 md/r5cache: shift complex rmw from read path to write path Write back cache requires a complex RMW mechanism, where old data is read into dev->orig_page for prexor, and then xor is done with dev->page. This logic is already implemented in the write path. However, current read path is not awared of this requirement. When the array is optimal, the RMW is not required, as the data are read from raid disks. However, when the target stripe is degraded, complex RMW is required to generate right data. To keep read path as clean as possible, we handle read path by flushing degraded, in-journal stripes before processing reads to missing dev. Specifically, when there is read requests to a degraded stripe with data in journal, handle_stripe_fill() calls r5c_make_stripe_write_out() and exits. Then handle_stripe_dirtying() will do the complex RMW and flush the stripe to RAID disks. After that, read requests are handled. There is one more corner case when there is non-overwrite bio for the missing (or out of sync) dev. handle_stripe_dirtying() will not be able to process the non-overwrite bios without constructing the data in handle_stripe_fill(). This is fixed by delaying non-overwrite bios in handle_stripe_dirtying(). So handle_stripe_fill() works on these bios after the stripe is flushed to raid disks. Signed-off-by: Song Liu Signed-off-by: Shaohua Li drivers/md/raid5.c | 49 +++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 45 insertions(+), 4 deletions(-) commit a85dd7b8df52e35d8ee3794c65cac5c39128fd80 Author: Song Liu Date: Mon Jan 23 17:12:57 2017 -0800 md/r5cache: flush data only stripes in r5l_recovery_log() For safer operation, all arrays start in write-through mode, which has been better tested and is more mature. And actually the write-through/write-mode isn't persistent after array restarted, so we always start array in write-through mode. However, if recovery found data-only stripes before the shutdown (from previous write-back mode), it is not safe to start the array in write-through mode, as write-through mode can not handle stripes with data in write-back cache. To solve this problem, we flush all data-only stripes in r5l_recovery_log(). When r5l_recovery_log() returns, the array starts with empty cache in write-through mode. This logic is implemented in r5c_recovery_flush_data_only_stripes(): 1. enable write back cache 2. flush all stripes 3. wake up conf->mddev->thread 4. wait for all stripes get flushed (reuse wait_for_quiescent) 5. disable write back cache The wait in 4 will be waked up in release_inactive_stripe_list() when conf->active_stripes reaches 0. It is safe to wake up mddev->thread here because all the resource required for the thread has been initialized. Signed-off-by: Song Liu Signed-off-by: Shaohua Li drivers/md/md.c | 5 +++++ drivers/md/raid5-cache.c | 56 ++++++++++++++++++++++++++++++++++-------------- 2 files changed, 45 insertions(+), 16 deletions(-) commit ba02684daf7fb4a827580f909b7c7db61c05ae7d Author: Song Liu Date: Thu Jan 12 17:22:42 2017 -0800 md/raid5: move comment of fetch_block to right location Signed-off-by: Song Liu Signed-off-by: Shaohua Li drivers/md/raid5.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) commit 86aa1397ddfde563b3692adadb8b8e32e97b4e5e Author: Song Liu Date: Thu Jan 12 17:22:41 2017 -0800 md/r5cache: read data into orig_page for prexor of cached data With write back cache, we use orig_page to do prexor. This patch makes sure we read data into orig_page for it. Flag R5_OrigPageUPTDODATE is added to show whether orig_page has the latest data from raid disk. We introduce a helper function uptodate_for_rmw() to simplify the a couple conditions in handle_stripe_dirtying(). Signed-off-by: Song Liu Signed-off-by: Shaohua Li drivers/md/raid5-cache.c | 2 ++ drivers/md/raid5.c | 44 +++++++++++++++++++++++++++++++++++--------- drivers/md/raid5.h | 5 +++++ 3 files changed, 42 insertions(+), 9 deletions(-) commit d46d29f072accb069cb42b5fbebcc77d9094a785 Author: Shaohua Li Date: Wed Jan 11 13:38:52 2017 -0800 md/raid5-cache: delete meaningless code sector_t is unsigned long, it's never < 0 Reported-by: Julia Lawall Signed-off-by: Shaohua Li drivers/md/raid5-cache.c | 2 -- 1 file changed, 2 deletions(-) commit ff89b070b7c98eb6782361310ca7a15186f15b2c Author: Adit Ranadive Date: Thu Jan 19 13:20:40 2017 -0800 IB/vmw_pvrdma: Fix incorrect cleanup on pvrdma_pci_probe error path If the interrupt allocation failed we should start freeing the CQ rings rather than unregistering the netdev notifier. Fixes: 29c8d9eba550 ("IB: Add vmw_pvrdma driver") Signed-off-by: Adit Ranadive Reviewed-by: Yuval Shaia Signed-off-by: Doug Ledford drivers/infiniband/hw/vmw_pvrdma/pvrdma_main.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) commit 7d211c81e97ef8505610ef82e14e302ab415bad1 Author: Adit Ranadive Date: Thu Jan 19 13:20:39 2017 -0800 IB/vmw_pvrdma: Don't leak info from alloc_ucontext Clear out the user response struct correctly. Fixes: 29c8d9eba550 ("IB: Add vmw_pvrdma driver") Reported-by: Dan Carpenter Signed-off-by: Adit Ranadive Signed-off-by: Doug Ledford drivers/infiniband/hw/vmw_pvrdma/pvrdma_verbs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit bf02454a741b58682a82c314a9a46bed930ed2f7 Author: Vineet Gupta Date: Thu Jan 12 14:30:29 2017 -0800 ARC: smp-boot: Decouple Non masters waiting API from jump to entry point For run-on-reset SMP configs, non master cores call a routine which waits until Master gives it a "go" signal (currently using a shared mem flag). The same routine then jumps off the well known entry point of all non Master cores i.e. @first_lines_of_secondary This patch moves out the last part into one single place in early boot code. This is better in terms of absraction (the wait API only waits) and returns, leaving out the "jump off to" part. In actual implementation this requires some restructuring of the early boot code as well as Master now jumps to BSS setup explicitly, vs. falling thru into it before. Technically this patch doesn't cause any functional change, it just moves the ugly #ifdef'ry from assembly code to "C" Signed-off-by: Vineet Gupta arch/arc/kernel/head.S | 14 +++++++------- arch/arc/kernel/smp.c | 6 ++++-- 2 files changed, 11 insertions(+), 9 deletions(-) commit 517e7610d2ce04d1b8d8b6c6d1a36dcce5cac6ab Author: Vineet Gupta Date: Thu Jan 19 17:05:00 2017 -0800 ARCv2: MCIP: update the BCR per current changes Signed-off-by: Vineet Gupta arch/arc/kernel/mcip.c | 3 +-- include/soc/arc/mcip.h | 16 ++++++++-------- 2 files changed, 9 insertions(+), 10 deletions(-) commit 36425cd67052e3becf325fd4d3ba5691791ef7e4 Author: Vineet Gupta Date: Tue Jan 24 10:23:42 2017 -0800 ARC: udelay: fix inline assembler by adding LP_COUNT to clobber list commit 3c7c7a2fc8811bc ("ARC: Don't use "+l" inline asm constraint") modified the inline assembly to setup LP_COUNT register manually and NOT rely on gcc to do it (with the +l inline assembler contraint hint, now being retired in the compiler) However the fix was flawed as we didn't add LP_COUNT to asm clobber list, meaning gcc doesn't know that LP_COUNT or zero-delay-loops are in action in the inline asm. This resulted in some fun - as nested ZOL loops were being generared | mov lp_count,250000 ;16 # tmp235, | lp .L__GCC__LP14 # <======= OUTER LOOP (gcc generated) | .L14: | ld r2, [r5] # MEM[(volatile u32 *)prephitmp_43], w | dmb 1 | breq r2, -1, @.L21 #, w,, | bbit0 r2,1,@.L13 # w,, | ld r4,[r7] ;25 # loops_per_jiffy, loops_per_jiffy | mpymu r3,r4,r6 #, loops_per_jiffy, tmp234 | | mov lp_count, r3 # <====== INNER LOOP (from inline asm) | lp 1f | nop | 1: | nop_s | .L__GCC__LP14: ; loop end, start is @.L14 #, This caused issues with drivers relying on sane behaviour of udelay friends. With LP_COUNT added to clobber list, gcc doesn't generate the outer loop in say above case. Addresses STAR 9001146134 Reported-by: Joao Pinto Fixes: 3c7c7a2fc8811bc ("ARC: Don't use "+l" inline asm constraint") Cc: stable@vger.kernel.org Signed-off-by: Vineet Gupta arch/arc/include/asm/delay.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit a59b7e0246774e28193126fe7fdbbd0ae9c67dcc Author: Ido Schimmel Date: Mon Jan 23 11:11:42 2017 +0100 mlxsw: spectrum_router: Correctly reallocate adjacency entries mlxsw_sp_nexthop_group_mac_update() is called in one of two cases: 1) When the MAC of a nexthop needs to be updated 2) When the size of a nexthop group has changed In the second case the adjacency entries for the nexthop group need to be reallocated from the adjacency table. In this case we must write to the entries the MAC addresses of all the nexthops that should be offloaded and not only those whose MAC changed. Otherwise, these entries would be filled with garbage data, resulting in packet loss. Fixes: a7ff87acd995 ("mlxsw: spectrum_router: Implement next-hop routing") Signed-off-by: Ido Schimmel Signed-off-by: Jiri Pirko Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) commit 6a0b76c04ec157c88ca943debf78a8ee58469f2d Author: hayeswang Date: Mon Jan 23 14:18:43 2017 +0800 r8152: don't execute runtime suspend if the tx is not empty Runtime suspend shouldn't be executed if the tx queue is not empty, because the device is not idle. Signed-off-by: Hayes Wang Signed-off-by: David S. Miller drivers/net/usb/r8152.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 7630ea4bda18df2ee1c64dfdca1724a9cc32f920 Author: Martin Blumenstingl Date: Sun Jan 22 17:41:32 2017 +0100 Documentation: net: phy: improve explanation when to specify the PHY ID The old description basically read like "ethernet-phy-idAAAA.BBBB" can be specified when you know the actual PHY ID. However, specifying this has a side-effect: it forces Linux to bind to a certain PHY driver (the one that matches the ID given in the compatible string), ignoring the ID which is reported by the actual PHY. Whenever a device is shipped with (multiple) different PHYs during it's production lifetime then explicitly specifying "ethernet-phy-idAAAA.BBBB" could break certain revisions of that device. Signed-off-by: Martin Blumenstingl Reviewed-by: Andrew Lunn Acked-by: Rob Herring Reviewed-by: Florian Fainelli Signed-off-by: David S. Miller Documentation/devicetree/bindings/net/phy.txt | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 3f5c34c6d4688b3b7e1dbc7bbc68a2f03a0d6b0c Author: Manuel Lauss Date: Tue Jan 24 10:12:00 2017 -0800 Input: wm97xx - make missing platform data non-fatal Commit 6480af4915d6 ("power_supply: wm97xx_battery: use power_supply_get_drvdata") made wm97xx platform data mandatory, although it's still optional. This patch fixes an oops during driver probe on one of my MIPS boards with a wm9712. Signed-off-by: Manuel Lauss Reviewed-by: Robert Jarzmik Acked-by: Charles Keepax Signed-off-by: Dmitry Torokhov drivers/input/touchscreen/wm97xx-core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 92fdb527eecff7e5eb945a3fbf4743110f5c1171 Author: Yuriy Kolerov Date: Wed Dec 28 11:46:26 2016 +0300 ARCv2: MCIP: Deprecate setting of affinity in Device Tree Ignore value of interrupt distribution mode for common interrupts in IDU since setting of affinity using value from Device Tree is deprecated in ARC. Originally it is done in idu_irq_xlate() function and it is semantically wrong and does not guaranty that an affinity value will be set properly. idu_irq_enable() function is better place for initialization of common interrupts. By default send all common interrupts to all available online CPUs. The affinity of common interrupts in IDU must be set manually since in some cases the kernel will not call irq_set_affinity() by itself: 1. When the kernel is not configured with support of SMP. 2. When the kernel is configured with support of SMP but upper interrupt controllers does not support setting of the affinity and cannot propagate it to IDU. Signed-off-by: Yuriy Kolerov Signed-off-by: Vineet Gupta .../interrupt-controller/snps,archs-idu-intc.txt | 3 ++ arch/arc/kernel/mcip.c | 52 +++++++++------------- 2 files changed, 25 insertions(+), 30 deletions(-) commit 62ed8ceda1699acae01b666497f004bfd3d67a6f Merge: 1c3415a 7a308bb Author: Dmitry Torokhov Date: Tue Jan 24 09:57:18 2017 -0800 Merge tag 'v4.10-rc5' into for-linus Sync up with mainline to apply fixup to a commit that came through power supply tree. commit a430607b2ef7c3be090f88c71cfcb1b3988aa7c0 Author: Benjamin Coddington Date: Tue Jan 24 11:34:20 2017 -0500 NFSv4.0: always send mode in SETATTR after EXCLUSIVE4 Some nfsv4.0 servers may return a mode for the verifier following an open with EXCLUSIVE4 createmode, but this does not mean the client should skip setting the mode in the following SETATTR. It should only do that for EXCLUSIVE4_1 or UNGAURDED createmode. Fixes: 5334c5bdac92 ("NFS: Send attributes in OPEN request for NFS4_CREATE_EXCLUSIVE4_1") Signed-off-by: Benjamin Coddington Cc: stable@vger.kernel.org # v4.3+ Signed-off-by: Trond Myklebust fs/nfs/nfs4proc.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 059aa734824165507c65fd30a55ff000afd14983 Author: Chuck Lever Date: Sun Jan 22 14:04:29 2017 -0500 nfs: Don't increment lock sequence ID after NFS4ERR_MOVED Xuan Qi reports that the Linux NFSv4 client failed to lock a file that was migrated. The steps he observed on the wire: 1. The client sent a LOCK request to the source server 2. The source server replied NFS4ERR_MOVED 3. The client switched to the destination server 4. The client sent the same LOCK request to the destination server with a bumped lock sequence ID 5. The destination server rejected the LOCK request with NFS4ERR_BAD_SEQID RFC 3530 section 8.1.5 provides a list of NFS errors which do not bump a lock sequence ID. However, RFC 3530 is now obsoleted by RFC 7530. In RFC 7530 section 9.1.7, this list has been updated by the addition of NFS4ERR_MOVED. Reported-by: Xuan Qi Signed-off-by: Chuck Lever Cc: stable@vger.kernel.org # v3.7+ Signed-off-by: Trond Myklebust include/linux/nfs4.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit f39aac7e839368e3895dff952f3bfa0a22e20060 Author: Jingju Hou Date: Sun Jan 22 18:20:56 2017 +0800 net: phy: marvell: Add Wake from LAN support for 88E1510 PHY Signed-off-by: Jingju Hou Signed-off-by: David S. Miller drivers/net/phy/marvell.c | 2 ++ 1 file changed, 2 insertions(+) commit b1a27eac7fefff33ccf6acc919fc0725bf9815fb Author: Nicolas Iooss Date: Sun Jan 22 14:41:22 2017 +0100 IB/cxgb3: fix misspelling in header guard Use CXGB3_... instead of CXBG3_... Fixes: a85fb3383340 ("IB/cxgb3: Move user vendor structures") Cc: stable@vger.kernel.org # 4.9 Signed-off-by: Nicolas Iooss Reviewed-by: Leon Romanovsky Acked-by: Steve Wise Signed-off-by: Doug Ledford include/uapi/rdma/cxgb3-abi.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit bd00fdf198e2da475a2f4265a83686ab42d998a8 Author: Greg Kurz Date: Tue Jan 24 17:50:26 2017 +0100 vfio/spapr: fail tce_iommu_attach_group() when iommu_data is null The recently added mediated VFIO driver doesn't know about powerpc iommu. It thus doesn't register a struct iommu_table_group in the iommu group upon device creation. The iommu_data pointer hence remains null. This causes a kernel oops when userspace tries to set the iommu type of a container associated with a mediated device to VFIO_SPAPR_TCE_v2_IOMMU. [ 82.585440] mtty mtty: MDEV: Registered [ 87.655522] iommu: Adding device 83b8f4f2-509f-382f-3c1e-e6bfe0fa1001 to group 10 [ 87.655527] vfio_mdev 83b8f4f2-509f-382f-3c1e-e6bfe0fa1001: MDEV: group_id = 10 [ 116.297184] Unable to handle kernel paging request for data at address 0x00000030 [ 116.297389] Faulting instruction address: 0xd000000007870524 [ 116.297465] Oops: Kernel access of bad area, sig: 11 [#1] [ 116.297611] SMP NR_CPUS=2048 [ 116.297611] NUMA [ 116.297627] PowerNV ... [ 116.297954] CPU: 33 PID: 7067 Comm: qemu-system-ppc Not tainted 4.10.0-rc5-mdev-test #8 [ 116.297993] task: c000000e7718b680 task.stack: c000000e77214000 [ 116.298025] NIP: d000000007870524 LR: d000000007870518 CTR: 0000000000000000 [ 116.298064] REGS: c000000e77217990 TRAP: 0300 Not tainted (4.10.0-rc5-mdev-test) [ 116.298103] MSR: 9000000000009033 [ 116.298107] CR: 84004444 XER: 00000000 [ 116.298154] CFAR: c00000000000888c DAR: 0000000000000030 DSISR: 40000000 SOFTE: 1 GPR00: d000000007870518 c000000e77217c10 d00000000787b0ed c000000eed2103c0 GPR04: 0000000000000000 0000000000000000 c000000eed2103e0 0000000f24320000 GPR08: 0000000000000104 0000000000000001 0000000000000000 d0000000078729b0 GPR12: c00000000025b7e0 c00000000fe08400 0000000000000001 000001002d31d100 GPR16: 000001002c22c850 00003ffff315c750 0000000043145680 0000000043141bc0 GPR20: ffffffffffffffed fffffffffffff000 0000000020003b65 d000000007706018 GPR24: c000000f16cf0d98 d000000007706000 c000000003f42980 c000000003f42980 GPR28: c000000f1575ac00 c000000003f429c8 0000000000000000 c000000eed2103c0 [ 116.298504] NIP [d000000007870524] tce_iommu_attach_group+0x10c/0x360 [vfio_iommu_spapr_tce] [ 116.298555] LR [d000000007870518] tce_iommu_attach_group+0x100/0x360 [vfio_iommu_spapr_tce] [ 116.298601] Call Trace: [ 116.298610] [c000000e77217c10] [d000000007870518] tce_iommu_attach_group+0x100/0x360 [vfio_iommu_spapr_tce] (unreliable) [ 116.298671] [c000000e77217cb0] [d0000000077033a0] vfio_fops_unl_ioctl+0x278/0x3e0 [vfio] [ 116.298713] [c000000e77217d40] [c0000000002a3ebc] do_vfs_ioctl+0xcc/0x8b0 [ 116.298745] [c000000e77217de0] [c0000000002a4700] SyS_ioctl+0x60/0xc0 [ 116.298782] [c000000e77217e30] [c00000000000b220] system_call+0x38/0xfc [ 116.298812] Instruction dump: [ 116.298828] 7d3f4b78 409effc8 3d220000 e9298020 3c800140 38a00018 608480c0 e8690028 [ 116.298869] 4800249d e8410018 7c7f1b79 41820230 2fa90000 419e0114 e9090020 [ 116.298914] ---[ end trace 1e10b0ced08b9120 ]--- This patch fixes the oops. Reported-by: Vaibhav Jain Signed-off-by: Greg Kurz Signed-off-by: Alex Williamson drivers/vfio/vfio_iommu_spapr_tce.c | 4 ++++ 1 file changed, 4 insertions(+) commit 83236f0157feec0f01bf688a1474b889bdcc5ad0 Author: Max Gurtovoy Date: Wed Jan 18 00:40:40 2017 +0200 IB/iser: remove unused variable from iser_conn struct max_sectors calculation was fixed in commit: 9c674815d346 ("IB/iser: Fix max_sectors calculation"). Thus, iser_conn variable scsi_max_sectors is not needed anymore. Signed-off-by: Max Gurtovoy Reviewed-by: Sagi Grimberg Tested-by: Raju Rangoju Signed-off-by: Doug Ledford drivers/infiniband/ulp/iser/iscsi_iser.c | 4 ++++ drivers/infiniband/ulp/iser/iscsi_iser.h | 2 -- drivers/infiniband/ulp/iser/iser_verbs.c | 13 +------------ 3 files changed, 5 insertions(+), 14 deletions(-) commit 1e5db6c31ade4150c2e2b1a21e39f776c38fea39 Author: Max Gurtovoy Date: Wed Jan 18 00:40:39 2017 +0200 IB/iser: Fix sg_tablesize calculation For devices that can register page list that is bigger than USHRT_MAX, we actually take the wrong value for sg_tablesize. E.g: for CX4 max_fast_reg_page_list_len is 65536 (bigger than USHRT_MAX) so we set sg_tablesize to 0 by mistake. Therefore, each IO that is bigger than 4k splitted to "< 4k" chunks that cause performance degredation. Remove wrong sg_tablesize assignment, and use the value that was set during address resolution handler with the needed casting. Cc: # v4.5+ Signed-off-by: Max Gurtovoy Reviewed-by: Sagi Grimberg Signed-off-by: Doug Ledford drivers/infiniband/ulp/iser/iscsi_iser.c | 7 ------- 1 file changed, 7 deletions(-) commit 7b9e1d89e1b6a3b99a8fdd949aa0f98dd5bf2f6b Author: Andy Shevchenko Date: Tue Jan 24 17:22:01 2017 +0200 MAINTAINERS: Add myself to X86 PLATFORM DRIVERS as a co-maintainer For last few months Darren and I are co-maintaining PDx86 subsystem. Make this fact official by updating MAINTAINERS database. Acked-by: Darren Hart Signed-off-by: Andy Shevchenko MAINTAINERS | 1 + 1 file changed, 1 insertion(+) commit 0a475ef4226e305bdcffe12b401ca1eab06c4913 Author: Israel Rukshin Date: Wed Jan 4 15:59:37 2017 +0200 IB/srp: fix invalid indirect_sg_entries parameter value After setting indirect_sg_entries module_param to huge value (e.g 500,000), srp_alloc_req_data() fails to allocate indirect descriptors for the request ring (kmalloc fails). This commit enforces the maximum value of indirect_sg_entries to be SG_MAX_SEGMENTS as signified in module param description. Fixes: 65e8617fba17 (scsi: rename SCSI_MAX_{SG, SG_CHAIN}_SEGMENTS) Fixes: c07d424d6118 (IB/srp: add support for indirect tables that don't fit in SRP_CMD) Cc: stable@vger.kernel.org # 4.7+ Signed-off-by: Israel Rukshin Signed-off-by: Max Gurtovoy Reviewed-by: Laurence Oberman Reviewed-by: Bart Van Assche -- Signed-off-by: Doug Ledford drivers/infiniband/ulp/srp/ib_srp.c | 6 ++++++ 1 file changed, 6 insertions(+) commit ad8e66b4a80182174f73487ed25fd2140cf43361 Author: Israel Rukshin Date: Wed Dec 28 12:48:28 2016 +0200 IB/srp: fix mr allocation when the device supports sg gaps If the device support arbitrary sg list mapping (device cap IB_DEVICE_SG_GAPS_REG set) we allocate the memory regions with IB_MR_TYPE_SG_GAPS. Fixes: 509c5f33f4f6 ("IB/srp: Prevent mapping failures") Cc: # 4.7+ Signed-off-by: Israel Rukshin Signed-off-by: Max Gurtovoy Reviewed-by: Leon Romanovsky Reviewed-by: Mark Bloch Reviewed-by: Yuval Shaia Reviewed-by: Bart Van Assche Signed-off-by: Doug Ledford drivers/infiniband/ulp/srp/ib_srp.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) commit baae29d653f899fca20bc23770a0dcc0195ebf4f Merge: 4078b76 115865f Author: David S. Miller Date: Tue Jan 24 10:57:56 2017 -0500 Merge tag 'mac80211-for-davem-2017-01-24' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211 Johannes Berg says: ==================== A single fix, for a sleeping context problem found by LTP. ==================== Signed-off-by: David S. Miller commit 115865fa0826ed18ca04717cf72d0fe874c0fe7f Author: Johannes Berg Date: Mon Jan 23 09:29:09 2017 +0100 mac80211: don't try to sleep in rate_control_rate_init() In my previous patch, I missed that rate_control_rate_init() is called from some places that cannot sleep, so it cannot call ieee80211_recalc_min_chandef(). Remove that call for now to fix the context bug, we'll have to find a different way to fix the minimum channel width issue. Fixes: 96aa2e7cf126 ("mac80211: calculate min channel width correctly") Reported-by: Xiaolong Ye (via lkp-robot) Signed-off-by: Johannes Berg net/mac80211/rate.c | 2 -- 1 file changed, 2 deletions(-) commit 0d6da872d3e4a60f43c295386d7ff9a4cdcd57e9 Author: Christian Borntraeger Date: Mon Jan 23 22:59:44 2017 +0100 s390/mm: Fix cmma unused transfer from pgste into pte The last pgtable rework silently disabled the CMMA unused state by setting a local pte variable (a parameter) instead of propagating it back into the caller. Fix it. Fixes: ebde765c0e85 ("s390/mm: uninline ptep_xxx functions from pgtable.h") Cc: stable@vger.kernel.org # v4.6+ Cc: Martin Schwidefsky Cc: Claudio Imbrenda Signed-off-by: Christian Borntraeger Signed-off-by: Martin Schwidefsky arch/s390/mm/pgtable.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) commit 690e5325b8c7d5db05fc569c0f7b888bb4248272 Author: Christoph Hellwig Date: Tue Jan 24 14:50:19 2017 +0100 block: fix use after free in __blkdev_direct_IO We can't dereference the dio structure after submitting the last bio for this request, as I/O completion might have happened before the code is run. Introduce a local is_sync variable instead. Fixes: 542ff7bf ("block: new direct I/O implementation") Signed-off-by: Christoph Hellwig Reported-by: Matias Bjørling Tested-by: Matias Bjørling Signed-off-by: Jens Axboe fs/block_dev.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit a971c5545c3d45a1e33fda6e57913bb75aaa20c9 Author: Fabio Estevam Date: Mon Jan 23 14:54:10 2017 -0200 ARM: dts: imx: Pass 'chosen' and 'memory' nodes Commit 7f107887d199 ("ARM: dts: imx: Remove skeleton.dtsi") causes boot issues when the bootloader does not create a 'chosen' node if such node is not present in the dtb. The reason for the boot failure is well explained by Javier Martinez Canillas: "the decompressor relies on a pre-existing chosen node to be available to insert the command line and merge other ATAGS info." , so pass an empty 'chosen' node to fix the boot problem. This issue has been seen in the kernelci reports with Barebox as bootloader. Also pass the 'memory' node in order to fix boot issues on the SolidRun iMX6 platforms. Fixes: 7f107887d199 ("ARM: dts: imx: Remove skeleton.dtsi") Reported-by: kernelci.org bot Reported-by: Russell King Signed-off-by: Fabio Estevam Signed-off-by: Shawn Guo arch/arm/boot/dts/imx1.dtsi | 8 ++++++++ arch/arm/boot/dts/imx23.dtsi | 8 ++++++++ arch/arm/boot/dts/imx25.dtsi | 8 ++++++++ arch/arm/boot/dts/imx27.dtsi | 8 ++++++++ arch/arm/boot/dts/imx28.dtsi | 8 ++++++++ arch/arm/boot/dts/imx31.dtsi | 8 ++++++++ arch/arm/boot/dts/imx35.dtsi | 8 ++++++++ arch/arm/boot/dts/imx50.dtsi | 8 ++++++++ arch/arm/boot/dts/imx51.dtsi | 8 ++++++++ arch/arm/boot/dts/imx53.dtsi | 8 ++++++++ arch/arm/boot/dts/imx6qdl.dtsi | 8 ++++++++ arch/arm/boot/dts/imx6sl.dtsi | 8 ++++++++ arch/arm/boot/dts/imx6sx.dtsi | 8 ++++++++ arch/arm/boot/dts/imx6ul.dtsi | 8 ++++++++ arch/arm/boot/dts/imx7s.dtsi | 8 ++++++++ 15 files changed, 120 insertions(+) commit bd19b5ab1da654de456e102250822ec06311d6ad Merge: 92549cd 03c902b Author: Kalle Valo Date: Tue Jan 24 14:27:53 2017 +0200 Merge tag 'iwlwifi-for-kalle-2017-01-23' of git://git.kernel.org/pub/scm/linux/kernel/git/iwlwifi/iwlwifi-fixes * Remove an extra hyphen from a string that was preventing the firmware to load * Avoid a crash when the firmware is restarted in certain scenarios with DQA commit 5d03a2fd2292e71936c4235885c35ccc3c94695b Author: Bjørn Mork Date: Tue Jan 24 10:31:18 2017 +0100 USB: serial: option: add device ID for HP lt2523 (Novatel E371) Yet another laptop vendor rebranded Novatel E371. Cc: stable@vger.kernel.org Signed-off-by: Bjørn Mork Signed-off-by: Johan Hovold drivers/usb/serial/option.c | 1 + 1 file changed, 1 insertion(+) commit f2574030b0e33263b8a1c28fa3c4fa9292283799 Author: Michael Ellerman Date: Tue Jan 24 21:37:20 2017 +1100 powerpc: Revert the initial stack protector support Unfortunately the stack protector support we merged recently only works on some toolchains. If the toolchain is built without glibc support everything works fine, but if glibc is built then it leads to a panic at boot. The solution is not rc5 material, so revert the support for now. This reverts commits: 6533b7c16ee5 ("powerpc: Initial stack protector (-fstack-protector) support") 902e06eb86cd ("powerpc/32: Change the stack protector canary value per task") Fixes: 6533b7c16ee5 ("powerpc: Initial stack protector (-fstack-protector) support") Signed-off-by: Michael Ellerman arch/powerpc/Kconfig | 1 - arch/powerpc/include/asm/stackprotector.h | 40 ------------------------------- arch/powerpc/kernel/Makefile | 4 ---- arch/powerpc/kernel/asm-offsets.c | 3 --- arch/powerpc/kernel/entry_32.S | 6 +---- arch/powerpc/kernel/process.c | 6 ----- 6 files changed, 1 insertion(+), 59 deletions(-) commit f05fea5b3574a5926c53865eea27139bb40b2f2b Author: Gavin Shan Date: Thu Jan 19 10:10:16 2017 +1100 powerpc/eeh: Fix wrong flag passed to eeh_unfreeze_pe() In __eeh_clear_pe_frozen_state(), we should pass the flag's value instead of its address to eeh_unfreeze_pe(). The isolated flag is cleared if no error returned from __eeh_clear_pe_frozen_state(). We never observed the error from the function. So the isolated flag should have been always cleared, no real issue is caused because of the misused @flag. This fixes the code by passing the value of @flag to eeh_unfreeze_pe(). Fixes: 5cfb20b96f6 ("powerpc/eeh: Emulate EEH recovery for VFIO devices") Cc: stable@vger.kernel.org # v3.18+ Signed-off-by: Gavin Shan Signed-off-by: Michael Ellerman arch/powerpc/kernel/eeh_driver.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit dffba9a31c7769be3231c420d4b364c92ba3f1ac Author: Yu-cheng Yu Date: Mon Jan 23 14:54:44 2017 -0800 x86/fpu/xstate: Fix xcomp_bv in XSAVES header The compacted-format XSAVES area is determined at boot time and never changed after. The field xsave.header.xcomp_bv indicates which components are in the fixed XSAVES format. In fpstate_init() we did not set xcomp_bv to reflect the XSAVES format since at the time there is no valid data. However, after we do copy_init_fpstate_to_fpregs() in fpu__clear(), as in commit: b22cbe404a9c x86/fpu: Fix invalid FPU ptrace state after execve() and when __fpu_restore_sig() does fpu__restore() for a COMPAT-mode app, a #GP occurs. This can be easily triggered by doing valgrind on a COMPAT-mode "Hello World," as reported by Joakim Tjernlund and others: https://bugzilla.kernel.org/show_bug.cgi?id=190061 Fix it by setting xcomp_bv correctly. This patch also moves the xcomp_bv initialization to the proper place, which was in copyin_to_xsaves() as of: 4c833368f0bf x86/fpu: Set the xcomp_bv when we fake up a XSAVES area which fixed the bug too, but it's more efficient and cleaner to initialize things once per boot, not for every signal handling operation. Reported-by: Kevin Hao Reported-by: Joakim Tjernlund Signed-off-by: Yu-cheng Yu Cc: Andy Lutomirski Cc: Borislav Petkov Cc: Dave Hansen Cc: Fenghua Yu Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Ravi V. Shankar Cc: Thomas Gleixner Cc: haokexin@gmail.com Link: http://lkml.kernel.org/r/1485212084-4418-1-git-send-email-yu-cheng.yu@intel.com [ Combined it with 4c833368f0bf. ] Signed-off-by: Ingo Molnar arch/x86/kernel/fpu/core.c | 4 +++- arch/x86/kernel/fpu/xstate.c | 1 - 2 files changed, 3 insertions(+), 2 deletions(-) commit 9dce990d2cf57b5ed4e71a9cdbd7eae4335111ff Author: Martin Schwidefsky Date: Tue Jan 24 08:05:52 2017 +0100 s390/ptrace: Preserve previous registers for short regset write Ensure that if userspace supplies insufficient data to PTRACE_SETREGSET to fill all the registers, the thread's old registers are preserved. convert_vx_to_fp() is adapted to handle only a specified number of registers rather than unconditionally handling all of them: other callers of this function are adapted appropriately. Based on an initial patch by Dave Martin. Cc: stable@vger.kernel.org Reported-by: Dave Martin Signed-off-by: Martin Schwidefsky arch/s390/kernel/ptrace.c | 8 ++++++++ 1 file changed, 8 insertions(+) commit af2b7fa17eb92e52b65f96604448ff7a2a89ee99 Author: Darren Stevens Date: Mon Jan 23 19:42:54 2017 +0000 powerpc: Add missing error check to prom_find_boot_cpu() prom_init.c calls 'instance-to-package' twice, but the return is not checked during prom_find_boot_cpu(). The result is then passed to prom_getprop(), which could be PROM_ERROR. Add a return check to prevent this. This was found on a pasemi system, where CFE doesn't have a working 'instance-to package' prom call. Before Commit 5c0484e25ec0 ('powerpc: Endian safe trampoline') the area around addr 0 was mostly 0's and this doesn't cause a problem. Once the macro 'FIXUP_ENDIAN' has been added to head_64.S, the low memory area now has non-zero values, which cause the prom_getprop() call to hang. mpe: Also confirmed that under SLOF if 'instance-to-package' did fail with PROM_ERROR we would crash in SLOF. So the bug is not specific to CFE, it's just that other open firmwares don't trigger it because they have a working 'instance-to-package'. Fixes: 5c0484e25ec0 ("powerpc: Endian safe trampoline") Cc: stable@vger.kernel.org # v3.13+ Signed-off-by: Darren Stevens Signed-off-by: Michael Ellerman arch/powerpc/kernel/prom_init.c | 3 +++ 1 file changed, 3 insertions(+) commit 8ac092519ad91931c96d306c4bfae2c6587c325f Author: Trond Myklebust Date: Mon Jan 23 22:44:12 2017 -0500 NFSv4.1: Fix a deadlock in layoutget We cannot call nfs4_handle_exception() without first ensuring that the slot has been freed. If not, we end up deadlocking with the process waiting for recovery to complete, and recovery waiting for the slot table to drain. Fixes: 2e80dbe7ac51 ("NFSv4.1: Close callback races for OPEN, LAYOUTGET...") Cc: stable@vger.kernel.org # v4.8+ Signed-off-by: Trond Myklebust fs/nfs/nfs4proc.c | 1 + 1 file changed, 1 insertion(+) commit b2fbd04498789def80ceba3d5bbc5af7f2f70a5f Author: Liping Zhang Date: Fri Jan 20 21:03:03 2017 +0800 netfilter: nf_tables: validate the name size when possible Currently, if the user add a stateful object with the name size exceed NFT_OBJ_MAXNAMELEN - 1 (i.e. 31), we truncate it down to 31 silently. This is not friendly, furthermore, this will cause duplicated stateful objects when the first 31 characters of the name is same. So limit the stateful object's name size to NFT_OBJ_MAXNAMELEN - 1. After apply this patch, error message will be printed out like this: # name_32=$(printf "%0.sQ" {1..32}) # nft add counter filter $name_32 :1:1-52: Error: Could not process rule: Numerical result out of range add counter filter QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Also this patch cleans up the codes which missing the name size limit validation in nftables. Fixes: e50092404c1b ("netfilter: nf_tables: add stateful objects") Signed-off-by: Liping Zhang Signed-off-by: Pablo Neira Ayuso net/netfilter/nf_tables_api.c | 21 ++++++++++++++------- net/netfilter/nft_dynset.c | 3 ++- net/netfilter/nft_lookup.c | 3 ++- net/netfilter/nft_objref.c | 6 ++++-- 4 files changed, 22 insertions(+), 11 deletions(-) commit a4685d2f58e2230d4e27fb2ee581d7ea35e5d046 Merge: 6302118 fd7c991 Author: Linus Torvalds Date: Mon Jan 23 13:51:59 2017 -0800 Merge branch 'stable' of git://git.kernel.org/pub/scm/linux/kernel/git/cmetcalf/linux-tile Pull tile bugfix from Chris Metcalf: "This avoids an issue with short userspace reads for regset via ptrace" * 'stable' of git://git.kernel.org/pub/scm/linux/kernel/git/cmetcalf/linux-tile: tile/ptrace: Preserve previous registers for short regset write commit 3a1d19a29670aa7eb58576a31883d0aa9fb77549 Author: Xiangliang Yu Date: Thu Jan 19 09:57:41 2017 +0800 drm/amdgpu: fix unload driver issue for virtual display Virtual display doesn't allocate amdgpu_encoder when initializing, so will get invaild pointer if try to free amdgpu_encoder when unloading driver. Signed-off-by: Xiangliang Yu Reviewed-by: Alex Deucher Acked-by: Christian König Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/dce_virtual.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) commit c5f21c9f878b8dcd54d0b9739c025ca73cb4c091 Author: Ding Pixel Date: Wed Jan 18 17:26:38 2017 +0800 drm/amdgpu: check ring being ready before using Return success when the ring is properly initialized, otherwise return failure. Tonga SRIOV VF doesn't have UVD and VCE engines, the initialization of these IPs is bypassed. The system crashes if application submit IB to their rings which are not ready to use. It could be a common issue if IP having ring buffer is disabled for some reason on specific ASIC, so it should check the ring being ready to use. Bug: amdgpu_test crashes system on Tonga VF. Signed-off-by: Ding Pixel Reviewed-by: Christian König Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 7 +++++++ 1 file changed, 7 insertions(+) commit 6302118226830c8f0aa0ec6afc8ef0cad84faa5f Merge: 3258943 739e6f5 Author: Linus Torvalds Date: Mon Jan 23 13:36:37 2017 -0800 Merge tag 'gpio-v4.10-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio Pull GPIO fix from Linus Walleij: "A single lockdep fix, nothing else going on. This makes lockdep noiseless and work properly with threaded GPIO IRQchips. Summary: Fix a lockdep issue: the threaded irqchips also need their unique key, and take this opportunity to get rid of the horrible macro and replace it with a static inline" * tag 'gpio-v4.10-3' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio: gpio: provide lockdep keys for nested/unnested irqchips commit 3258943ddb90157a5b220656712394bd91bd47f1 Merge: 7a308bb 9327901 Author: Linus Torvalds Date: Mon Jan 23 13:10:50 2017 -0800 Merge tag 'drm-fixes-for-v4.10-rc6' of git://people.freedesktop.org/~airlied/linux Pull drm fixes from Dave Airlie: "drm fixes across the board. Okay holidays and LCA kinda caught up with me, I thought I'd get some of this dequeued last week, but Hobart was sunny and warm and not all gloomy and rainy as usual. This is a bit large, but not too much considering it's two weeks stuff from AMD and Intel. core: - one locking fix that helps with dynamic suspend/resume races i915: - mostly GVT updates, GVT was a recent introduction so fixes for it shouldn't cause any notable side effects. amdgpu: - a bunch of fixes for GPUs with a different memory controller design that need different firmware. exynos: - decon regression fixes msm: - two regression fixes etnaviv: - a workaround for an mmu bug that needs a lot more work. virtio: - sparse fix, and a maintainers update" * tag 'drm-fixes-for-v4.10-rc6' of git://people.freedesktop.org/~airlied/linux: (56 commits) drm/exynos/decon5433: set STANDALONE_UPDATE_F on output enablement drm/exynos/decon5433: fix CMU programming drm/exynos/decon5433: do not disable video after reset drm/i915: Ignore bogus plane coordinates on SKL when the plane is not visible drm/i915: Remove WaDisableLSQCROPERFforOCL KBL workaround. drm/amdgpu: add support for new hainan variants drm/radeon: add support for new hainan variants drm/amdgpu: change clock gating mode for uvd_v4. drm/amdgpu: fix program vce instance logic error. drm/amdgpu: fix bug set incorrect value to vce register Revert "drm/amdgpu: Only update the CUR_SIZE register when necessary" drm/msm: fix potential null ptr issue in non-iommu case drm/msm/mdp5: rip out plane->pending tracking drm/exynos/decon5433: set STANDALONE_UPDATE_F also if planes are disabled drm/exynos/decon5433: update shadow registers iff there are active windows drm/i915/gvt: rewrite gt reset handler using new function intel_gvt_reset_vgpu_locked drm/i915/gvt: fix vGPU instance reuse issues by vGPU reset function drm/i915/gvt: introduce intel_vgpu_reset_mmio() to reset mmio space drm/i915/gvt: move mmio init/clean function to mmio.c drm/i915/gvt: introduce intel_vgpu_reset_cfg_space to reset configuration space ... commit 4078b76cac68e50ccf1f76a74e7d3d5788aec3fe Author: Florian Fainelli Date: Fri Jan 20 16:05:05 2017 -0800 net: dsa: Check return value of phy_connect_direct() We need to check the return value of phy_connect_direct() in dsa_slave_phy_connect() otherwise we may be continuing the initialization of a slave network device with a PHY that already attached somewhere else and which will soon be in error because the PHY device is in error. The conditions for such an error to occur are that we have a port of our switch that is not disabled, and has the same port number as a PHY address (say both 5) that can be probed using the DSA slave MII bus. We end-up having this slave network device find a PHY at the same address as our port number, and we try to attach to it. A slave network (e.g: port 0) has already attached to our PHY device, and we try to re-attach it with a different network device, but since we ignore the error we would end-up initializating incorrect device references by the time the slave network interface is opened. The code has been (re)organized several times, making it hard to provide an exact Fixes tag, this is a bugfix nonetheless. Signed-off-by: Florian Fainelli Signed-off-by: David S. Miller net/dsa/slave.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) commit eab127717a6af54401ba534790c793ec143cd1fc Author: Florian Fainelli Date: Fri Jan 20 15:31:52 2017 -0800 net: phy: Avoid deadlock during phy_error() phy_error() is called in the PHY state machine workqueue context, and calls phy_trigger_machine() which does a cancel_delayed_work_sync() of the workqueue we execute from, causing a deadlock situation. Augment phy_trigger_machine() machine with a sync boolean indicating whether we should use cancel_*_sync() or just cancel_*_work(). Fixes: 3c293f4e08b5 ("net: phy: Trigger state machine on state change and not polling.") Reported-by: Russell King Signed-off-by: Florian Fainelli Signed-off-by: David S. Miller drivers/net/phy/phy.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) commit d2b3964a0780d2d2994eba57f950d6c9fe489ed8 Author: Christoph Hellwig Date: Fri Jan 20 09:31:54 2017 -0800 xfs: fix COW writeback race Due to the way how xfs_iomap_write_allocate tries to convert the whole found extents from delalloc to real space we can run into a race condition with multiple threads doing writes to this same extent. For the non-COW case that is harmless as the only thing that can happen is that we call xfs_bmapi_write on an extent that has already been converted to a real allocation. For COW writes where we move the extent from the COW to the data fork after I/O completion the race is, however, not quite as harmless. In the worst case we are now calling xfs_bmapi_write on a region that contains hole in the COW work, which will trip up an assert in debug builds or lead to file system corruption in non-debug builds. This seems to be reproducible with workloads of small O_DSYNC write, although so far I've not managed to come up with a with an isolated reproducer. The fix for the issue is relatively simple: tell xfs_bmapi_write that we are only asked to convert delayed allocations and skip holes in that case. Signed-off-by: Christoph Hellwig Reviewed-by: Brian Foster Reviewed-by: Darrick J. Wong Signed-off-by: Darrick J. Wong fs/xfs/libxfs/xfs_bmap.c | 44 ++++++++++++++++++++++++++++++++------------ fs/xfs/libxfs/xfs_bmap.h | 6 +++++- fs/xfs/xfs_iomap.c | 2 +- 3 files changed, 38 insertions(+), 14 deletions(-) commit 3b4f18843e511193e7eb616710e838f5852e661d Author: Jan Beulich Date: Mon Jan 23 08:11:37 2017 -0700 xen-blkfront: correct maximum segment accounting Making use of "max_indirect_segments=" has issues: - blkfront_setup_indirect() may end up with zero psegs when PAGE_SIZE is sufficiently much larger than XEN_PAGE_SIZE - the variable driven by the command line option (xen_blkif_max_segments) has a somewhat different purpose, and hence should namely never end up being zero - as long as the specified value is lower than the legacy default, we better don't use indirect segments at all (or we'd in fact lower throughput) Signed-off-by: Jan Beulich Signed-off-by: Konrad Rzeszutek Wilk drivers/block/xen-blkfront.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) commit b32728ffef7f233dbdabb3f11814bdf692aaf501 Author: Jan Beulich Date: Mon Jan 23 08:12:19 2017 -0700 xen-blkfront: feature flags handling adjustments Don't truncate the "feature-persistent" value read from xenstore: Any non-zero value is supposed to enable the feature, just like is already being done for feature_secdiscard. Just like the other feature_* fields, feature_flush and feature_fua are boolean flags, and hence fit well into a single bit. Keep all bit fields together to limit gaps. Signed-off-by: Jan Beulich Signed-off-by: Konrad Rzeszutek Wilk drivers/block/xen-blkfront.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) commit d0e287a401d9acf67b75180b26e2d62b7d482652 Author: Rask Ingemann Lambertsen Date: Sat Jan 21 17:11:43 2017 +0100 regulator: axp20x: AXP806: Fix dcdcb being set instead of dcdce A typo or copy-paste bug means that the register access intended for regulator dcdce goes to dcdcb instead. This patch corrects it. Fixes: 2ca342d391e3 (regulator: axp20x: Support AXP806 variant) Signed-off-by: Rask Ingemann Lambertsen Acked-by: Chen-Yu Tsai Signed-off-by: Mark Brown Cc: stable@vger.kernel.org drivers/regulator/axp20x-regulator.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 9f427a0e474a67b454420c131709600d44850486 Author: David Ahern Date: Fri Jan 20 12:58:34 2017 -0800 net: mpls: Fix multipath selection for LSR use case MPLS multipath for LSR is broken -- always selecting the first nexthop in the one label case. For example: $ ip -f mpls ro ls 100 nexthop as to 200 via inet 172.16.2.2 dev virt12 nexthop as to 300 via inet 172.16.3.2 dev virt13 101 nexthop as to 201 via inet6 2000:2::2 dev virt12 nexthop as to 301 via inet6 2000:3::2 dev virt13 In this example incoming packets have a single MPLS labels which means BOS bit is set. The BOS bit is passed from mpls_forward down to mpls_multipath_hash which never processes the hash loop because BOS is 1. Update mpls_multipath_hash to process the entire label stack. mpls_hdr_len tracks the total mpls header length on each pass (on pass N mpls_hdr_len is N * sizeof(mpls_shim_hdr)). When the label is found with the BOS set it verifies the skb has sufficient header for ipv4 or ipv6, and find the IPv4 and IPv6 header by using the last mpls_hdr pointer and adding 1 to advance past it. With these changes I have verified the code correctly sees the label, BOS, IPv4 and IPv6 addresses in the network header and icmp/tcp/udp traffic for ipv4 and ipv6 are distributed across the nexthops. Fixes: 1c78efa8319ca ("mpls: flow-based multipath selection") Acked-by: Robert Shearman Signed-off-by: David Ahern Signed-off-by: David S. Miller net/mpls/af_mpls.c | 48 +++++++++++++++++++++++++----------------------- 1 file changed, 25 insertions(+), 23 deletions(-) commit 880a38547ff08715ce4f1daf9a4bb30c87676e68 Author: Nikolay Borisov Date: Fri Jan 20 15:21:35 2017 +0200 userns: Make ucounts lock irq-safe The ucounts_lock is being used to protect various ucounts lifecycle management functionalities. However, those services can also be invoked when a pidns is being freed in an RCU callback (e.g. softirq context). This can lead to deadlocks. There were already efforts trying to prevent similar deadlocks in add7c65ca426 ("pid: fix lockdep deadlock warning due to ucount_lock"), however they just moved the context from hardirq to softrq. Fix this issue once and for all by explictly making the lock disable irqs altogether. Dmitry Vyukov reported: > I've got the following deadlock report while running syzkaller fuzzer > on eec0d3d065bfcdf9cd5f56dd2a36b94d12d32297 of linux-next (on odroid > device if it matters): > > ================================= > [ INFO: inconsistent lock state ] > 4.10.0-rc3-next-20170112-xc2-dirty #6 Not tainted > --------------------------------- > inconsistent {SOFTIRQ-ON-W} -> {IN-SOFTIRQ-W} usage. > swapper/2/0 [HC0[0]:SC1[1]:HE1:SE0] takes: > (ucounts_lock){+.?...}, at: [< inline >] spin_lock > ./include/linux/spinlock.h:302 > (ucounts_lock){+.?...}, at: [] > put_ucounts+0x60/0x138 kernel/ucount.c:162 > {SOFTIRQ-ON-W} state was registered at: > [] mark_lock+0x220/0xb60 kernel/locking/lockdep.c:3054 > [< inline >] mark_irqflags kernel/locking/lockdep.c:2941 > [] __lock_acquire+0x388/0x3260 kernel/locking/lockdep.c:3295 > [] lock_acquire+0xa4/0x138 kernel/locking/lockdep.c:3753 > [< inline >] __raw_spin_lock ./include/linux/spinlock_api_smp.h:144 > [] _raw_spin_lock+0x90/0xd0 kernel/locking/spinlock.c:151 > [< inline >] spin_lock ./include/linux/spinlock.h:302 > [< inline >] get_ucounts kernel/ucount.c:131 > [] inc_ucount+0x80/0x6c8 kernel/ucount.c:189 > [< inline >] inc_mnt_namespaces fs/namespace.c:2818 > [] alloc_mnt_ns+0x78/0x3a8 fs/namespace.c:2849 > [] create_mnt_ns+0x28/0x200 fs/namespace.c:2959 > [< inline >] init_mount_tree fs/namespace.c:3199 > [] mnt_init+0x258/0x384 fs/namespace.c:3251 > [] vfs_caches_init+0x6c/0x80 fs/dcache.c:3626 > [] start_kernel+0x414/0x460 init/main.c:648 > [] __primary_switched+0x6c/0x70 arch/arm64/kernel/head.S:456 > irq event stamp: 2316924 > hardirqs last enabled at (2316924): [< inline >] rcu_do_batch > kernel/rcu/tree.c:2911 > hardirqs last enabled at (2316924): [< inline >] > invoke_rcu_callbacks kernel/rcu/tree.c:3182 > hardirqs last enabled at (2316924): [< inline >] > __rcu_process_callbacks kernel/rcu/tree.c:3149 > hardirqs last enabled at (2316924): [] > rcu_process_callbacks+0x7a4/0xc28 kernel/rcu/tree.c:3166 > hardirqs last disabled at (2316923): [< inline >] rcu_do_batch > kernel/rcu/tree.c:2900 > hardirqs last disabled at (2316923): [< inline >] > invoke_rcu_callbacks kernel/rcu/tree.c:3182 > hardirqs last disabled at (2316923): [< inline >] > __rcu_process_callbacks kernel/rcu/tree.c:3149 > hardirqs last disabled at (2316923): [] > rcu_process_callbacks+0x210/0xc28 kernel/rcu/tree.c:3166 > softirqs last enabled at (2316912): [] > _local_bh_enable+0x4c/0x80 kernel/softirq.c:155 > softirqs last disabled at (2316913): [< inline >] > do_softirq_own_stack ./include/linux/interrupt.h:488 > softirqs last disabled at (2316913): [< inline >] > invoke_softirq kernel/softirq.c:371 > softirqs last disabled at (2316913): [] > irq_exit+0x264/0x308 kernel/softirq.c:405 > > other info that might help us debug this: > Possible unsafe locking scenario: > > CPU0 > ---- > lock(ucounts_lock); > > lock(ucounts_lock); > > *** DEADLOCK *** > > 1 lock held by swapper/2/0: > #0: (rcu_callback){......}, at: [< inline >] __rcu_reclaim > kernel/rcu/rcu.h:108 > #0: (rcu_callback){......}, at: [< inline >] rcu_do_batch > kernel/rcu/tree.c:2919 > #0: (rcu_callback){......}, at: [< inline >] > invoke_rcu_callbacks kernel/rcu/tree.c:3182 > #0: (rcu_callback){......}, at: [< inline >] > __rcu_process_callbacks kernel/rcu/tree.c:3149 > #0: (rcu_callback){......}, at: [] > rcu_process_callbacks+0x720/0xc28 kernel/rcu/tree.c:3166 > > stack backtrace: > CPU: 2 PID: 0 Comm: swapper/2 Not tainted 4.10.0-rc3-next-20170112-xc2-dirty #6 > Hardware name: Hardkernel ODROID-C2 (DT) > Call trace: > [] dump_backtrace+0x0/0x440 arch/arm64/kernel/traps.c:500 > [] show_stack+0x20/0x30 arch/arm64/kernel/traps.c:225 > [] dump_stack+0x110/0x168 > [] print_usage_bug.part.27+0x49c/0x4bc > kernel/locking/lockdep.c:2387 > [< inline >] print_usage_bug kernel/locking/lockdep.c:2357 > [< inline >] valid_state kernel/locking/lockdep.c:2400 > [< inline >] mark_lock_irq kernel/locking/lockdep.c:2617 > [] mark_lock+0x934/0xb60 kernel/locking/lockdep.c:3065 > [< inline >] mark_irqflags kernel/locking/lockdep.c:2923 > [] __lock_acquire+0x640/0x3260 kernel/locking/lockdep.c:3295 > [] lock_acquire+0xa4/0x138 kernel/locking/lockdep.c:3753 > [< inline >] __raw_spin_lock ./include/linux/spinlock_api_smp.h:144 > [] _raw_spin_lock+0x90/0xd0 kernel/locking/spinlock.c:151 > [< inline >] spin_lock ./include/linux/spinlock.h:302 > [] put_ucounts+0x60/0x138 kernel/ucount.c:162 > [] dec_ucount+0xf4/0x158 kernel/ucount.c:214 > [< inline >] dec_pid_namespaces kernel/pid_namespace.c:89 > [] delayed_free_pidns+0x40/0xe0 kernel/pid_namespace.c:156 > [< inline >] __rcu_reclaim kernel/rcu/rcu.h:118 > [< inline >] rcu_do_batch kernel/rcu/tree.c:2919 > [< inline >] invoke_rcu_callbacks kernel/rcu/tree.c:3182 > [< inline >] __rcu_process_callbacks kernel/rcu/tree.c:3149 > [] rcu_process_callbacks+0x768/0xc28 kernel/rcu/tree.c:3166 > [] __do_softirq+0x324/0x6e0 kernel/softirq.c:284 > [< inline >] do_softirq_own_stack ./include/linux/interrupt.h:488 > [< inline >] invoke_softirq kernel/softirq.c:371 > [] irq_exit+0x264/0x308 kernel/softirq.c:405 > [] __handle_domain_irq+0xc0/0x150 kernel/irq/irqdesc.c:636 > [] gic_handle_irq+0x68/0xd8 > Exception stack(0xffff8000648e7dd0 to 0xffff8000648e7f00) > 7dc0: ffff8000648d4b3c 0000000000000007 > 7de0: 0000000000000000 1ffff0000c91a967 1ffff0000c91a967 1ffff0000c91a967 > 7e00: ffff20000a4b6b68 0000000000000001 0000000000000007 0000000000000001 > 7e20: 1fffe4000149ae90 ffff200009d35000 0000000000000000 0000000000000002 > 7e40: 0000000000000000 0000000000000000 0000000002624a1a 0000000000000000 > 7e60: 0000000000000000 ffff200009cbcd88 000060006d2ed000 0000000000000140 > 7e80: ffff200009cff000 ffff200009cb6000 ffff200009cc2020 ffff200009d2159d > 7ea0: 0000000000000000 ffff8000648d4380 0000000000000000 ffff8000648e7f00 > 7ec0: ffff20000820a478 ffff8000648e7f00 ffff20000820a47c 0000000010000145 > 7ee0: 0000000000000140 dfff200000000000 ffffffffffffffff ffff20000820a478 > [] el1_irq+0xb8/0x130 arch/arm64/kernel/entry.S:486 > [< inline >] arch_local_irq_restore > ./arch/arm64/include/asm/irqflags.h:81 > [] rcu_idle_exit+0x64/0xa8 kernel/rcu/tree.c:1030 > [< inline >] cpuidle_idle_call kernel/sched/idle.c:200 > [] do_idle+0x1dc/0x2d0 kernel/sched/idle.c:243 > [] cpu_startup_entry+0x24/0x28 kernel/sched/idle.c:345 > [] secondary_start_kernel+0x2cc/0x358 > arch/arm64/kernel/smp.c:276 > [<000000000279f1a4>] 0x279f1a4 Reported-by: Dmitry Vyukov Tested-by: Dmitry Vyukov Fixes: add7c65ca426 ("pid: fix lockdep deadlock warning due to ucount_lock") Fixes: f333c700c610 ("pidns: Add a limit on the number of pid namespaces") Cc: stable@vger.kernel.org Link: https://www.spinics.net/lists/kernel/msg2426637.html Signed-off-by: Nikolay Borisov Signed-off-by: Eric W. Biederman kernel/ucount.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) commit 11e3b725cfc282efe9d4a354153e99d86a16af08 Author: Ard Biesheuvel Date: Tue Jan 17 13:46:29 2017 +0000 crypto: arm64/aes-blk - honour iv_out requirement in CBC and CTR modes Update the ARMv8 Crypto Extensions and the plain NEON AES implementations in CBC and CTR modes to return the next IV back to the skcipher API client. This is necessary for chaining to work correctly. Note that for CTR, this is only done if the request is a round multiple of the block size, since otherwise, chaining is impossible anyway. Cc: # v3.16+ Signed-off-by: Ard Biesheuvel Signed-off-by: Herbert Xu arch/arm64/crypto/aes-modes.S | 88 +++++++++++++++++++++---------------------- 1 file changed, 42 insertions(+), 46 deletions(-) commit d6040764adcb5cb6de1489422411d701c158bb69 Author: Salvatore Benedetto Date: Fri Jan 13 11:54:08 2017 +0000 crypto: api - Clear CRYPTO_ALG_DEAD bit before registering an alg Make sure CRYPTO_ALG_DEAD bit is cleared before proceeding with the algorithm registration. This fixes qat-dh registration when driver is restarted Cc: Signed-off-by: Salvatore Benedetto Signed-off-by: Herbert Xu crypto/algapi.c | 1 + 1 file changed, 1 insertion(+) commit 03c902bff524e0cf664737a33f2365f7837040bf Author: Johannes Berg Date: Fri Dec 2 12:03:36 2016 +0100 iwlwifi: mvm: avoid crash on restart w/o reserved queues When the firmware restarts in a situation in which any station has no queue reserved anymore because that queue was used, the code will crash trying to access the queue_info array at the offset 255, which is far too big. Fix this by checking that a queue is actually reserved before writing its status. Fixes: 8d98ae6eb0d5 ("iwlwifi: mvm: re-assign old queues after hw restart in dqa mode") Signed-off-by: Johannes Berg Signed-off-by: Luca Coelho drivers/net/wireless/intel/iwlwifi/mvm/sta.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) commit 7941c59e45f3b6d30e07375e9b6713427e0a9f98 Author: Jürg Billeter Date: Mon Oct 10 18:30:01 2016 +0200 iwlwifi: fix double hyphen in MODULE_FIRMWARE for 8000 Mistakenly, the driver is trying to load the 8000C firmware with an incorrect name (i.e. with two hyphens where there should be only one) and that fails. Fix that by removing the hyphen from the format macro. Fixes: e1ba684f762b ("iwlwifi: 8000: fix MODULE_FIRMWARE input") Signed-off-by: Jürg Billeter Signed-off-by: Luca Coelho drivers/net/wireless/intel/iwlwifi/iwl-8000.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 7f59b319111bbc3a5f32730c8a43b201e9522f52 Author: Sébastien Szymanski Date: Wed Jan 18 11:09:51 2017 +0100 ARM: dts: imx6dl: fix GPIO4 range GPIO4_11 is on pin 152(MX6DL_PAD_KEY_ROW2) and not on pin 151(MX6DL_PAD_KEY_ROW1). I found the error while booting a mainline kernel on APF6S SoM and noticed the following message: [ 2.609337] imx6dl-pinctrl 20e0000.iomuxc: pin MX6DL_PAD_KEY_ROW1 already requested by 20a8000.gpio:105; cannot claim for 20a8000.gpio:107 [ 2.621884] imx6dl-pinctrl 20e0000.iomuxc: pin-151 (20a8000.gpio:107) status -22 [ 2.629303] spi_imx 2008000.ecspi: Can't get CS GPIO 107 With this patch, the message is gone and spi_imx driver probes correctly. Fixes: bb728d662bed ("ARM: dts: add gpio-ranges property to iMX GPIO controllers") Signed-off-by: Sébastien Szymanski Signed-off-by: Shawn Guo arch/arm/boot/dts/imx6dl.dtsi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 4c833368f0bf748d4147bf301b1f95bc8eccb3c0 Author: Kevin Hao Date: Sun Jan 22 16:50:23 2017 +0800 x86/fpu: Set the xcomp_bv when we fake up a XSAVES area I got the following calltrace on a Apollo Lake SoC with 32-bit kernel: WARNING: CPU: 2 PID: 261 at arch/x86/include/asm/fpu/internal.h:363 fpu__restore+0x1f5/0x260 [...] Hardware name: Intel Corp. Broxton P/NOTEBOOK, BIOS APLIRVPA.X64.0138.B35.1608091058 08/09/2016 Call Trace: dump_stack() __warn() ? fpu__restore() warn_slowpath_null() fpu__restore() __fpu__restore_sig() fpu__restore_sig() restore_sigcontext.isra.9() sys_sigreturn() do_int80_syscall_32() entry_INT80_32() The reason is that a #GP occurs when executing XRSTORS. The root cause is that we forget to set the xcomp_bv when we fake up the XSAVES area in the copyin_to_xsaves() function. Signed-off-by: Kevin Hao Cc: Andy Lutomirski Cc: Borislav Petkov Cc: Brian Gerst Cc: Dave Hansen Cc: Denys Vlasenko Cc: Fenghua Yu Cc: H. Peter Anvin Cc: Josh Poimboeuf Cc: Linus Torvalds Cc: Oleg Nesterov Cc: Peter Zijlstra Cc: Quentin Casasnovas Cc: Rik van Riel Cc: Thomas Gleixner Cc: Yu-cheng Yu Link: http://lkml.kernel.org/r/1485075023-30161-1-git-send-email-haokexin@gmail.com Signed-off-by: Ingo Molnar Signed-off-by: Thomas Gleixner arch/x86/kernel/fpu/xstate.c | 1 + 1 file changed, 1 insertion(+) commit e9748e0364fe82dc037d22900ff13a62d04518bf Author: Ziyuan Xu Date: Tue Jan 17 09:22:56 2017 +0800 mmc: dw_mmc: force setup bus if active slots exist It's necessary to setup bus if any slots are present. - update clock after ctrl reset - if the host has genpd node, we can guarantee the clock is available before starting request. Otherwies, the clock register is reset once power off the pd, and host can't output the active clock during communication. Fixes: e9ed8835e990 ("mmc: dw_mmc: add runtime PM callback") Fixes: df9bcc2bc0a1 ("mmc: dw_mmc: add missing codes for runtime resume") cc: Reported-by: Randy Li Reported-by: S. Gilles Signed-off-by: Ziyuan Xu Signed-off-by: Shawn Lin Signed-off-by: Ulf Hansson drivers/mmc/host/dw_mmc.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) commit c26665ab5c49ad3e142e0f054ca3204f259ba09c Author: Borislav Petkov Date: Fri Jan 20 21:29:40 2017 +0100 x86/microcode/intel: Drop stashed AP patch pointer optimization This was meant to save us the scanning of the microcode containter in the initrd since the first AP had already done that but it can also hurt us: Imagine a single hyperthreaded CPU (Intel(R) Atom(TM) CPU N270, for example) which updates the microcode on the BSP but since the microcode engine is shared between the two threads, the update on CPU1 doesn't happen because it has already happened on CPU0 and we don't find a newer microcode revision on CPU1. Which doesn't set the intel_ucode_patch pointer and at initrd jettisoning time we don't save the microcode patch for later application. Now, when we suspend to RAM, the loaded microcode gets cleared so we need to reload but there's no patch saved in the cache. Removing the optimization fixes this issue and all is fine and dandy. Fixes: 06b8534cb728 ("x86/microcode: Rework microcode loading") Signed-off-by: Borislav Petkov Reviewed-by: Thomas Gleixner Link: http://lkml.kernel.org/r/20170120202955.4091-2-bp@alien8.de Signed-off-by: Thomas Gleixner arch/x86/kernel/cpu/microcode/intel.c | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) commit 9579c4dc21292f375715d7acca439dac9855b3e9 Merge: a121103 5c113b5 Author: Greg Kroah-Hartman Date: Mon Jan 23 09:29:06 2017 +0100 Merge tag 'iio-fixes-for-4.10b' of git://git.kernel.org/pub/scm/linux/kernel/git/jic23/iio into staging-linus Jonathan writes: Second set of IIO fixes for the 4.10 cycle. * afe4403 - retrieve valid iio_dev in suspend / resume. Previously using the wrong dev for a call to dev_to_iio_dev. * afe4404 - retrieve valid iio_dev in suspend / resume. Previously using the wrong dev for a call to dev_to_iio_dev. * dht11 - Something seems to have caused a regression in timing on the raspberry pi 2B. However, the bug that it threw up was real. msleep was occasionally resulting in very long sleeps, over the limit possible to read from this chip. Switch to usleep_range to avoid this. The timing needed by this part is very fiddly. * max30100 - wrong parenthesis around fifo count check meant it always read after the almost_full state had been reached. I've tagged this with a fixes tag which covers the last patch that it will not need precursor patches. The bug predates that but will need backporting. * palmas_gpadc. - retrieve valid iio_dev in suspend / resume. Previously using the wrong dev for a call to dev_to_iio_dev. commit 7f1931b35f0909695543a8c12f72ccd2d20ff241 Author: Arnd Bergmann Date: Tue Jan 10 13:19:05 2017 +0100 ARM: imx: hide unused variable in #ifdef A bugfix added a new local variable that is only used inside of an #ifdef section, and unused if CONFIG_PERF_EVENTS is disabled: arch/arm/mach-imx/mmdc.c:63:25: warning: 'cpuhp_mmdc_state' defined but not used [-Wunused-variable] This moves the variable down inside that same ifdef. Fixes: a051f220d6b9 ("ARM/imx/mmcd: Fix broken cpu hotplug handling") Signed-off-by: Arnd Bergmann Acked-by: Frank Li Signed-off-by: Shawn Guo arch/arm/mach-imx/mmdc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 932790109f62aa52bdb4bb62aa66653c0b51bc75 Merge: 2f39258 af3076e Author: Dave Airlie Date: Mon Jan 23 09:25:53 2017 +1000 Merge tag 'drm-qemu-20170110' of git://git.kraxel.org/linux into drm-fixes drm-qemu: virtio sparse fix, MAINTAINERS updates. * tag 'drm-qemu-20170110' of git://git.kraxel.org/linux: drm: flip cirrus driver status to "obsolete". drm: update MAINTAINERS for qemu drivers (bochs, cirrus, qxl, virtio-gpu) drm/virtio: fix framebuffer sparse warning commit 2f39258e5744d34db5db27a1272fd41ac9d2397d Merge: 2e76f85 3546fb0 Author: Dave Airlie Date: Mon Jan 23 09:25:00 2017 +1000 Merge branch 'drm-etnaviv-fixes' of https://git.pengutronix.de/git/lst/linux into drm-fixes a single fix for a FE hang after IOVA rollover on GC3000. This isn't pretty, but is the minimal fix for the issue. A larger rework of the code, that will also fix this issue properly, is currently in the works, but that needs to wait for at least the next feature pull. * 'drm-etnaviv-fixes' of https://git.pengutronix.de/git/lst/linux: drm/etnaviv: trick drm_mm into giving out a low IOVA commit 2e76f85690a9e8ee8428b42588cdb22e5000f63b Merge: 484205d 11d8bce Author: Dave Airlie Date: Mon Jan 23 09:14:36 2017 +1000 Merge branch 'exynos-drm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/daeinki/drm-exynos into drm-fixes Just regression fixups to resolve page fault issue of DECON device. * 'exynos-drm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/daeinki/drm-exynos: drm/exynos/decon5433: set STANDALONE_UPDATE_F on output enablement drm/exynos/decon5433: fix CMU programming drm/exynos/decon5433: do not disable video after reset drm/exynos/decon5433: set STANDALONE_UPDATE_F also if planes are disabled drm/exynos/decon5433: update shadow registers iff there are active windows commit 484205df6baa8207683ad30a1679bafc26100658 Merge: b310348 17324b6 Author: Dave Airlie Date: Mon Jan 23 09:14:01 2017 +1000 Merge branch 'drm-fixes-4.10' of git://people.freedesktop.org/~agd5f/linux into drm-fixes A little bigger than usual since it's two weeks worth. Highlights: - Add support for new smc firmware on some new hainan variants - add support for SI chips that require special mc firmware - remove workarounds for issues fixed by new mc firmware - fix a regression in cursor handling - various VCE fixes - fix for UVD clockgating * 'drm-fixes-4.10' of git://people.freedesktop.org/~agd5f/linux: drm/amdgpu: add support for new hainan variants drm/radeon: add support for new hainan variants drm/amdgpu: change clock gating mode for uvd_v4. drm/amdgpu: fix program vce instance logic error. drm/amdgpu: fix bug set incorrect value to vce register Revert "drm/amdgpu: Only update the CUR_SIZE register when necessary" drm/amd/powerplay: refine vce dpm update code on Cz. drm/amdgpu: fix vm_fault_stop on gfx6 drm/amd/powerplay: fix vce cg logic error on CZ/St. drm/radeon: drop the mclk quirk for hainan drm/radeon: drop oland quirks drm/amdgpu: drop the mclk quirk for hainan drm/amdgpu: drop oland quirks drm/amdgpu/si: load special ucode for certain MC configs drm/radeon/si: load special ucode for certain MC configs commit b310348530c44bcfe98ea29c97274562853b4583 Merge: 78337c0 de85d2b Author: Dave Airlie Date: Mon Jan 23 09:13:45 2017 +1000 Merge branch 'msm-fixes-4.10-rc4' of git://people.freedesktop.org/~robclark/linux into drm-fixes * 'msm-fixes-4.10-rc4' of git://people.freedesktop.org/~robclark/linux: drm/msm: fix potential null ptr issue in non-iommu case drm/msm/mdp5: rip out plane->pending tracking commit 78337c0697e669554c28b8b48c644bbaad0ffc5e Merge: f1750e1 3846fd9 Author: Dave Airlie Date: Mon Jan 23 09:13:08 2017 +1000 Merge tag 'drm-misc-fixes-2017-01-13' of git://anongit.freedesktop.org/git/drm-misc into drm-fixes A few more core fixes. * tag 'drm-misc-fixes-2017-01-13' of git://anongit.freedesktop.org/git/drm-misc: drm/probe-helpers: Drop locking from poll_enable drm: Fix broken VT switch with video=1366x768 option drm: Schedule the output_poll_work with 1s delay if we have delayed event commit f1750e144a2f01b011bd3155fcf8b6dff299fe68 Merge: 9afe69d 3bfdfdc Author: Dave Airlie Date: Mon Jan 23 09:12:23 2017 +1000 Merge tag 'drm-intel-fixes-2017-01-19' of git://anongit.freedesktop.org/git/drm-intel into drm-fixes More GVT-g stuff than I'd like at this stage, but then again that's pretty new and isolated so I'm not too worried. * tag 'drm-intel-fixes-2017-01-19' of git://anongit.freedesktop.org/git/drm-intel: (26 commits) drm/i915: Ignore bogus plane coordinates on SKL when the plane is not visible drm/i915: Remove WaDisableLSQCROPERFforOCL KBL workaround. drm/i915/gvt: rewrite gt reset handler using new function intel_gvt_reset_vgpu_locked drm/i915/gvt: fix vGPU instance reuse issues by vGPU reset function drm/i915/gvt: introduce intel_vgpu_reset_mmio() to reset mmio space drm/i915/gvt: move mmio init/clean function to mmio.c drm/i915/gvt: introduce intel_vgpu_reset_cfg_space to reset configuration space drm/i915/gvt: move cfg space inititation function to cfg_space.c drm/i915/gvt: introuduce intel_vgpu_reset_gtt() to reset gtt drm/i915/gvt: introudce intel_vgpu_reset_resource() to reset vgpu resource state drm/i915: Fix phys pwrite for struct_mutex-less operation drm/i915: Clear ret before unbinding in i915_gem_evict_something() drm/i915/gvt: cleanup GFP flags drm/i915/gvt/kvmgt: return meaningful error for vgpu creating failure drm/i915/gvt: cleanup opregion memory allocation code drm/i915/gvt: destroy the allocated idr on vgpu creating failures drm/i915/gvt: init/destroy vgpu_idr properly drm/i915/gvt: dec vgpu->running_workload_num after the workload is really done drm/i915/gvt: fix use after free for workload drm/i915/gvt: remove duplicated definition ... commit a5b9b5a2d3d305598b70ed69dd40754e26516182 Merge: b667744 738f7f6 Author: David S. Miller Date: Sun Jan 22 16:57:20 2017 -0500 Merge branch 'amd-xgbe-fixes' Tom Lendacky says: ==================== amd-xgbe: AMD XGBE driver fixes 2017-01-20 This patch series addresses some issues in the AMD XGBE driver. The following fixes are included in this driver update series: - Add a fix for a version of the hardware that uses different register offset values for a device with the same PCI device ID - Add support to check the return code from the xgbe_init() function This patch series is based on net. ==================== Signed-off-by: David S. Miller commit 738f7f647371ff4cfc9646c99dba5b58ad142db3 Author: Lendacky, Thomas Date: Fri Jan 20 12:14:13 2017 -0600 amd-xgbe: Check xgbe_init() return code The xgbe_init() routine returns a return code indicating success or failure, but the return code is not checked. Add code to xgbe_init() to issue a message when failures are seen and add code to check the xgbe_init() return code. Signed-off-by: Tom Lendacky Signed-off-by: David S. Miller drivers/net/ethernet/amd/xgbe/xgbe-dev.c | 4 +++- drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) commit 4eccbfc36186926b570310bfbd44f4216cd05c63 Author: Lendacky, Thomas Date: Fri Jan 20 12:14:03 2017 -0600 amd-xgbe: Add a hardware quirk for register definitions A newer version of the hardware is using the same PCI ids for the network device but has altered register definitions for determining the window settings for the indirect PCS access. Add support to check for this hardware and if found use the new register values. Signed-off-by: Tom Lendacky Signed-off-by: David S. Miller drivers/net/ethernet/amd/xgbe/xgbe-common.h | 2 ++ drivers/net/ethernet/amd/xgbe/xgbe-dev.c | 4 ++-- drivers/net/ethernet/amd/xgbe/xgbe-pci.c | 15 ++++++++++++++- drivers/net/ethernet/amd/xgbe/xgbe.h | 2 ++ 4 files changed, 20 insertions(+), 3 deletions(-) commit 7a308bb3016f57e5be11a677d15b821536419d36 Author: Linus Torvalds Date: Sun Jan 22 12:54:15 2017 -0800 Linux 4.10-rc5 Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 095cbe66973771fecd8e8b1e8763181363ef703e Merge: 24b8683 020eb3d Author: Linus Torvalds Date: Sun Jan 22 12:47:48 2017 -0800 Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 fix from Thomas Gleixner: "Restore the retrigger callbacks in the IO APIC irq chips. That addresses a long standing regression which got introduced with the rewrite of the x86 irq subsystem two years ago and went unnoticed so far" * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/ioapic: Restore IO-APIC irq_chip retrigger callback commit 24b86839fab8e8059d2b16e0067dc86a1a0d3514 Merge: 585457f 0fec955 Author: Linus Torvalds Date: Sun Jan 22 12:45:47 2017 -0800 Merge branch 'smp-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull smp/hotplug fix from Thomas Gleixner: "Remove an unused variable which is a leftover from the notifier removal" * 'smp-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: cpu/hotplug: Remove unused but set variable in _cpu_down() commit 585457fc8383e373ab923e46cd1f70bbfe46763f Merge: bb6c01c 0db1dba Author: Linus Torvalds Date: Sun Jan 22 12:40:09 2017 -0800 Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost Pull virtio/vhost fixes from Michael Tsirkin: "Random fixes and cleanups that accumulated over the time" * tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost: virtio/s390: virtio: constify virtio_config_ops structures virtio/s390: add missing \n to end of dev_err message virtio/s390: support READ_STATUS command for virtio-ccw tools/virtio/ringtest: tweaks for s390 tools/virtio/ringtest: fix run-on-all.sh for offline cpus virtio_console: fix a crash in config_work_handler vhost/scsi: silence uninitialized variable warning vhost: scsi: constify target_core_fabric_ops structures commit bb6c01c2dde67b165cf7c808b0f00677b6f94b96 Merge: c497f8d bad94f8 Author: Linus Torvalds Date: Sun Jan 22 12:36:47 2017 -0800 Merge branch 'for-rc' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux Pull thermal management fixes from Zhang Rui: - fix a regression that thermal zone dynamically allocated sysfs attributes are freed before they're removed, which is introduced in 4.10-rc1 (Jacob von Chorus) - fix a boot warning because deprecated hwmon API is used (Fabio Estevam) - a couple of fixes for rockchip thermal driver (Brian Norris, Caesar Wang) * 'for-rc' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux: thermal: rockchip: fixes the conversion table thermal: core: move tz->device.groups cleanup to thermal_release thermal: thermal_hwmon: Convert to hwmon_device_register_with_info() thermal: rockchip: handle set_trips without the trip points thermal: rockchip: optimize the conversion table thermal: rockchip: fixes invalid temperature case thermal: rockchip: don't pass table structs by value thermal: rockchip: improve conversion error messages commit 5c113b5e0082e90d2e1c7b12e96a7b8cf0623e27 Author: John Brooks Date: Wed Jan 18 21:50:39 2017 +0000 iio: dht11: Use usleep_range instead of msleep for start signal The DHT22 (AM2302) datasheet specifies that the LOW start pulse should not exceed 20ms. However, observations with an oscilloscope of an RPi Model 2B (rev 1.1) communicating with a DHT22 sensor showed that the driver was consistently sending start pulses longer than 20ms: Kernel 4.7.10-v7+ (n=132): Minimum pulse length: 20.20ms Maximum: 29.84ms Mean: 24.96ms StDev: 2.82ms Sensor response rate: 100% Read success rate: 76% On kernel 4.8, the start pulse was so long that the sensor would not even respond 97% of the time: Kernel 4.8.16-v7+ (n=100): Minimum pulse length: 30.4ms Maximum: 74.4ms Mean: 39.3ms StDev: 10.2ms Sensor response rate: 3% Read success rate: 3% The driver would return ETIMEDOUT and write log messages like this: [ 51.430987] dht11 dht11@0: Only 1 signal edges detected [ 66.311019] dht11 dht11@0: Only 0 signal edges detected Replacing msleep(18) with usleep_range(18000, 20000) made the pulse length sane again and restored responsiveness: Kernel 4.8.16-v7+ with usleep_range (n=123): Minimum pulse length: 18.16ms Maximum: 20.20ms Mean: 19.85ms StDev: 0.51ms Sensor response rate: 100% Read success rate: 84% Cc: stable@vger.kernel.org Signed-off-by: John Brooks Reviewed-by: Harald Geyer Signed-off-by: Jonathan Cameron drivers/iio/humidity/dht11.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit cfee5d63767b2e7997c1f36420d008abbe61565c Author: Zach Ploskey Date: Sun Jan 22 00:47:19 2017 -0800 platform/x86: ideapad-laptop: handle ACPI event 1 On Ideapad laptops, ACPI event 1 is currently not handled. Many models log "ideapad_laptop: Unknown event: 1" every 20 seconds or so while running on battery power. Some convertible laptops receive this event when switching in and out of tablet mode. This adds and additional case for event 1 in ideapad_acpi_notify to call ideapad_input_report(priv, vpc_bit), so that the event is reported to userspace and we avoid unnecessary logging. Fixes bug #107481 (https://bugzilla.kernel.org/show_bug.cgi?id=107481) Fixes bug #65751 (https://bugzilla.kernel.org/show_bug.cgi?id=65751) Signed-off-by: Zach Ploskey Signed-off-by: Andy Shevchenko drivers/platform/x86/ideapad-laptop.c | 1 + 1 file changed, 1 insertion(+) commit c497f8d17246720afe680ea1a8fa6e48e75af852 Merge: f68d853 488dc16 Author: Linus Torvalds Date: Sat Jan 21 19:01:06 2017 -0800 Merge tag 'usb-4.10-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb Pull USB fixes from Greg KH: "Here are a few small USB fixes for 4.10-rc5. Most of these are gadget/dwc2 fixes for reported issues, all of these have been in linux-next for a while. The last one is a single xhci WARN_ON removal to handle an issue that the dwc3 driver is hitting in the 4.10-rc tree. The warning is harmless and needs to be removed, and a "real" fix that is more complex will show up in 4.11-rc1 for this device. That last patch hasn't been in linux-next yet due to the weekend timing, but it's a "simple" WARN_ON() removal so what could go wrong? :)" Famous last words. * tag 'usb-4.10-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: xhci: remove WARN_ON if dma mask is not set for platform devices usb: dwc2: host: fix Wmaybe-uninitialized warning usb: dwc2: gadget: Fix GUSBCFG.USBTRDTIM value usb: gadget: udc: atmel: remove memory leak usb: dwc3: exynos fix axius clock error path to do cleanup usb: dwc2: Avoid suspending if we're in gadget mode usb: dwc2: use u32 for DT binding parameters usb: gadget: f_fs: Fix iterations on endpoints. usb: dwc2: gadget: Fix DMA memory freeing usb: gadget: composite: Fix function used to free memory commit f68d8531cceabb6683a8f949d2d933cd854da141 Merge: f5e8c0f 1f19b98 Author: Linus Torvalds Date: Sat Jan 21 18:53:06 2017 -0800 Merge branch 'libnvdimm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm Pull libnvdimm fixes from Dan Williams: "Two fixes: - a regression fix for the multiple-pmem-namespace-per-region support added in 4.9. Even if an existing environment is not using that feature the act of creating and a destroying a single namespace with the ndctl utility will lead to the proliferation of extra unwanted namespace devices. - a fix for the error code returned from the pmem driver when the memcpy_mcsafe() routine returns -EFAULT. Btrfs seems to be the only block I/O consumer that tries to parse the meaning of the error code when it is non-zero. Neither of these fixes are critical, the namespace leak is awkward in that it can cause device naming to change and complicates debugging namespace initialization issues. The error code fix is included out of caution for what other consumers might be expecting -EIO for block I/O errors" * 'libnvdimm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm: libnvdimm, namespace: fix pmem namespace leak, delete when size set to zero pmem: return EIO on read_pmem() failure commit f5e8c0ff563e6bf1633e5a35b0d9b8fe4c7560b8 Merge: 455a70c 318fa46 Author: Linus Torvalds Date: Sat Jan 21 18:46:45 2017 -0800 Merge tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux Pull clk fix from Stephen Boyd: "One fix for Samsung Exynos524x SoCs where recent IOMMU patches have caused some of these clocks to turn off when they were always left on before" * tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux: clk/samsung: exynos542x: mark some clocks as critical commit 455a70cbe72906db2797b2725cabc7e0897857f5 Merge: 83fd57a d0e73e2 Author: Linus Torvalds Date: Sat Jan 21 18:07:40 2017 -0800 Merge tag 'arc-4.10-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc Pull ARC fixes from Vineet Gupta: - more intc updates [Yuriv] - fix module build when unwinder is turned off - IO Coherency Programming model updates - other miscellaneous * tag 'arc-4.10-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc: ARC: Revert "ARC: mm: IOC: Don't enable IOC by default" ARC: mm: split arc_cache_init to allow __init reaping of bulk ARCv2: IOC: Use actual memory size to setup aperture size ARCv2: IOC: Adhere to progamming model guidelines to avoid DMA corruption ARCv2: IOC: refactor the IOC and SLC operations into own functions ARC: module: Fix !CONFIG_ARC_DW2_UNWIND builds ARCv2: save r30 on kernel entry as gcc uses it for code-gen ARCv2: IRQ: Call entry/exit functions for chained handlers in MCIP ARC: IRQ: Use hwirq instead of virq in mask/unmask ARC: mmu: clarify the MMUv3 programming model commit 83fd57a740bb19286959b3085eb93532f3e7ef2c Merge: 4c9eff7 178f358 Author: Linus Torvalds Date: Sat Jan 21 17:58:45 2017 -0800 Merge tag 'powerpc-4.10-2' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux Pull powerpc fixes from Michael Ellerman: "Two fixes for fallout from the hugetlb changes we merged this cycle. Ten other fixes, four only affect Power9, and the rest are a bit of a mixture though nothing terrible. Thanks to: Aneesh Kumar K.V, Anton Blanchard, Benjamin Herrenschmidt, Dave Martin, Gavin Shan, Madhavan Srinivasan, Nicholas Piggin, Reza Arbab" * tag 'powerpc-4.10-2' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux: powerpc: Ignore reserved field in DCSR and PVR reads and writes powerpc/ptrace: Preserve previous TM fprs/vsrs on short regset write powerpc/ptrace: Preserve previous fprs/vsrs on short regset write powerpc/perf: Use MSR to report privilege level on P9 DD1 selftest/powerpc: Wrong PMC initialized in pmc56_overflow test powerpc/eeh: Enable IO path on permanent error powerpc/perf: Fix PM_BRU_CMPL event code for power9 powerpc/mm: Fix little-endian 4K hugetlb powerpc/mm/hugetlb: Don't panic when we don't find the default huge page size powerpc: Fix pgtable pmd cache init powerpc/icp-opal: Fix missing KVM case and harden replay powerpc/mm: Fix memory hotplug BUG() on radix commit d1aaf20ee655888c227d5137b7a63551f8d15416 Author: Alison Schofield Date: Mon Jan 16 11:27:52 2017 -0800 iio: adc: palmas_gpadc: retrieve a valid iio_dev in suspend/resume The suspend/resume functions were using dev_to_iio_dev() to get the iio_dev. That only works on IIO dev's. Use dev_get_drvdata() for a platform device to get the correct iio_dev. Signed-off-by: Alison Schofield Cc: Signed-off-by: Jonathan Cameron drivers/iio/adc/palmas_gpadc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 828f84ee8f84710ea1818b3565add268bcb824c8 Author: Matt Ranostay Date: Mon Jan 16 18:04:18 2017 -0800 iio: health: max30100: fixed parenthesis around FIFO count check FIFO was being read every sample after the "almost full" state was reached. This was due to an incorrect placement of the parenthesis in the while condition check. Note - the fixes tag is not actually correct, but the fix in this patch would also be needed for it to function correctly so we'll go with that one. Backports should pick up both. Signed-off-by: Matt Ranostay Fixes: b74fccad7 ("iio: health: max30100: correct FIFO check condition") Cc: Stable@vger.kernel.org> Signed-off-by: Jonathan Cameron drivers/iio/health/max30100.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 802ecfc113df1e15af1d028427cbbe785ae9cc4a Author: Alison Schofield Date: Sat Jan 14 19:52:50 2017 -0800 iio: health: afe4404: retrieve a valid iio_dev in suspend/resume The suspend/resume functions were using dev_to_iio_dev() to get the iio_dev. That only works on IIO dev's. Replace it with i2c functions to get the correct iio_dev. Signed-off-by: Alison Schofield Acked-by: Andrew F. Davis Cc: Signed-off-by: Jonathan Cameron drivers/iio/health/afe4404.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit a5badd1e97e6caeca78ad74191f12fc923c403a8 Author: Alison Schofield Date: Sat Jan 14 19:51:52 2017 -0800 iio: health: afe4403: retrieve a valid iio_dev in suspend/resume The suspend/resume functions were using dev_to_iio_dev() to get the iio_dev. That only works on IIO dev's. Replace it with spi functions to get the correct iio_dev. Signed-off-by: Alison Schofield Acked-by: Andrew F. Davis Cc: Signed-off-by: Jonathan Cameron drivers/iio/health/afe4403.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 92549cdc288f47f3a98cf80ac5890c91f5876a06 Author: Jens Axboe Date: Tue Jan 17 14:22:24 2017 -0800 iwlwifi: fix kernel crash when unregistering thermal zone A recent firmware change seems to have enabled thermal zones on the iwlwifi driver. Unfortunately, my device fails when registering the thermal zone. This doesn't stop the driver from attempting to unregister the thermal zone at unload time, triggering a NULL pointer deference in strlen() off the thermal_zone_device_unregister() path. Don't unregister if name is NULL, for that case we failed registering. Do the same for the cooling zone. Signed-off-by: Jens Axboe Signed-off-by: Kalle Valo drivers/net/wireless/intel/iwlwifi/mvm/tt.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) commit 773c7220e22d193e5667c352fcbf8d47eefc817f Author: Eric Farman Date: Fri Jan 13 12:48:06 2017 -0500 scsi: virtio_scsi: Reject commands when virtqueue is broken In the case of a graceful set of detaches, where the virtio-scsi-ccw disk is removed from the guest prior to the controller, the guest behaves quite normally. Specifically, the detach gets us into sd_sync_cache to issue a Synchronize Cache(10) command, which immediately fails (and is retried a couple of times) because the device has been removed. Later, the removal of the controller sees two CRWs presented, but there's no further indication of the removal from the guest viewpoint. [ 17.217458] sd 0:0:0:0: [sda] Synchronizing SCSI cache [ 17.219257] sd 0:0:0:0: [sda] Synchronize Cache(10) failed: Result: hostbyte=DID_BAD_TARGET driverbyte=DRIVER_OK [ 21.449400] crw_info : CRW reports slct=0, oflw=0, chn=1, rsc=3, anc=0, erc=4, rsid=2 [ 21.449406] crw_info : CRW reports slct=0, oflw=0, chn=0, rsc=3, anc=0, erc=4, rsid=0 However, on s390, the SCSI disks can be removed "by surprise" when an entire controller (host) is removed and all associated disks are removed via the loop in scsi_forget_host. The same call to sd_sync_cache is made, but because the controller has already been removed, the Synchronize Cache(10) command is neither issued (and then failed) nor rejected. That the I/O isn't returned means the guest cannot have other devices added nor removed, and other tasks (such as shutdown or reboot) issued by the guest will not complete either. The virtio ring has already been marked as broken (via virtio_break_device in virtio_ccw_remove), but we still attempt to queue the command only to have it remain there. The calling sequence provides a bit of distinction for us: virtscsi_queuecommand() -> virtscsi_kick_cmd() -> virtscsi_add_cmd() -> virtqueue_add_sgs() -> virtqueue_add() if success return 0 elseif vq->broken or vring_mapping_error() return -EIO else return -ENOSPC A return of ENOSPC is generally a temporary condition, so returning "host busy" from virtscsi_queuecommand makes sense here, to have it redriven in a moment or two. But the EIO return code is more of a permanent error and so it would be wise to return the I/O itself and allow the calling thread to finish gracefully. The result is these four kernel messages in the guest (the fourth one does not occur prior to this patch): [ 22.921562] crw_info : CRW reports slct=0, oflw=0, chn=1, rsc=3, anc=0, erc=4, rsid=2 [ 22.921580] crw_info : CRW reports slct=0, oflw=0, chn=0, rsc=3, anc=0, erc=4, rsid=0 [ 22.921978] sd 0:0:0:0: [sda] Synchronizing SCSI cache [ 22.921993] sd 0:0:0:0: [sda] Synchronize Cache(10) failed: Result: hostbyte=DID_BAD_TARGET driverbyte=DRIVER_OK I opted to fill in the same response data that is returned from the more graceful device detach, where the disk device is removed prior to the controller device. Signed-off-by: Eric Farman Reviewed-by: Fam Zheng Signed-off-by: Martin K. Petersen drivers/scsi/virtio_scsi.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) commit 5a00b6c2438460b870a451f14593fc40d3c7edf6 Author: Andy Shevchenko Date: Thu Jan 19 18:39:40 2017 +0200 platform/x86: intel_mid_powerbtn: Set IRQ_ONESHOT The commit 1c6c69525b40 ("genirq: Reject bogus threaded irq requests") starts refusing misconfigured interrupt handlers. This makes intel_mid_powerbtn not working anymore. Add a mandatory flag to a threaded IRQ request in the driver. Fixes: 1c6c69525b40 ("genirq: Reject bogus threaded irq requests") Signed-off-by: Andy Shevchenko drivers/platform/x86/intel_mid_powerbtn.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit e95ac4574b23a5fd8f5c5f2c19ef69ac15b7252c Author: Benjamin Tissoires Date: Wed Jan 18 09:13:46 2017 +0100 platform/x86: surface3-wmi: fix uninitialized symbol The patch 3dda3b3798f9: "platform/x86: Add custom surface3 platform device for controlling LID" from Nov 25, 2016, leads to the following static checker warning: drivers/platform/x86/surface3-wmi.c:168 s3_wmi_check_platform_device() error: uninitialized symbol 'ts_adev'. Reported-by: Dan Carpenter Signed-off-by: Benjamin Tissoires Signed-off-by: Andy Shevchenko drivers/platform/x86/surface3-wmi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 44e6861646748a21b55725adc0780342f4440066 Author: Arnd Bergmann Date: Tue Jan 10 16:28:47 2017 +0100 platform/x86: surface3-wmi: Shut up unused-function warning The newly added driver guards its "resume" callback with an warning in some configurations: drivers/platform/x86/surface3-wmi.c:248:12: error: 's3_wmi_resume' defined but not used [-Werror=unused-function] Using a __maybe_unused annotation without an #ifdef avoids the mistake more reliably. Fixes: 3dda3b3798f9 ("platform/x86: Add custom surface3 platform device for controlling LID") Signed-off-by: Arnd Bergmann Reviewed-by: Benjamin Tissoires Signed-off-by: Darren Hart drivers/platform/x86/surface3-wmi.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) commit 63d762b88cb5510f2bfdb5112ced18cde867ae61 Author: Dan Carpenter Date: Sat Jan 7 09:33:34 2017 +0300 platform/x86: mlx-platform: free first dev on error There is an off-by-one error so we don't unregister priv->pdev_mux[0]. Also it's slightly simpler as a while loop instead of a for loop. Fixes: 58cbbee2391c ("x86/platform/mellanox: Introduce support for Mellanox systems platform") Signed-off-by: Dan Carpenter Acked-by: Vadim Pasternak Signed-off-by: Andy Shevchenko drivers/platform/x86/mlx-platform.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 4c9eff7af69c61749b9eb09141f18f35edbf2210 Merge: 5116226 fec9690 Author: Linus Torvalds Date: Fri Jan 20 14:19:34 2017 -0800 Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm Pull KVM fixes from Radim Krčmář: "ARM: - Fix for timer setup on VHE machines - Drop spurious warning when the timer races against the vcpu running again - Prevent a vgic deadlock when the initialization fails (for stable) s390: - Fix a kernel memory exposure (for stable) x86: - Fix exception injection when hypercall instruction cannot be patched" * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: KVM: s390: do not expose random data via facility bitmap KVM: x86: fix fixing of hypercalls KVM: arm/arm64: vgic: Fix deadlock on error handling KVM: arm64: Access CNTHCTL_EL2 bit fields correctly on VHE systems KVM: arm/arm64: Fix occasional warning from the timer work function commit 5116226496e898ae3ddbe540ca5ff4f843c56bbe Merge: e3737b9 300af14 Author: Linus Torvalds Date: Fri Jan 20 14:17:04 2017 -0800 Merge branch 'scsi-target-for-v4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/bvanassche/linux Pull SCSI target fixes from Bart Van Assche: - two small fixes for the ibmvscsis driver - ten patches with bug fixes for the target mode of the qla2xxx driver - four patches that avoid that the "sparse" and "smatch" static analyzer tools report false positives for the qla2xxx code base * 'scsi-target-for-v4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/bvanassche/linux: qla2xxx: Disable out-of-order processing by default in firmware qla2xxx: Fix erroneous invalid handle message qla2xxx: Reduce exess wait during chip reset qla2xxx: Terminate exchange if corrupted qla2xxx: Fix crash due to null pointer access qla2xxx: Collect additional information to debug fw dump qla2xxx: Reset reserved field in firmware options to 0 qla2xxx: Set tcm_qla2xxx version to automatically track qla2xxx version qla2xxx: Include ATIO queue in firmware dump when in target mode qla2xxx: Fix wrong IOCB type assumption qla2xxx: Avoid that building with W=1 triggers complaints about set-but-not-used variables qla2xxx: Move two arrays from header files to .c files qla2xxx: Declare an array with file scope static qla2xxx: Fix indentation ibmvscsis: Fix sleeping in interrupt context ibmvscsis: Fix max transfer length commit e3737b9145636e884d7185176cbe76a3f2c645e2 Merge: cca112e d61b7f9 Author: Linus Torvalds Date: Fri Jan 20 12:28:02 2017 -0800 Merge branch 'for-linus' of git://git.kernel.dk/linux-block Pull block fixes from Jens Axboe: "Just two small fixes for this -rc. One is just killing an unused variable from Keith, but the other fixes a performance regression for nbd in this series, where we inadvertently flipped when we set MSG_MORE when outputting data" * 'for-linus' of git://git.kernel.dk/linux-block: nbd: only set MSG_MORE when we have more to send blk-mq: Remove unused variable commit cca112ecf259e24096bc18b736c3ae985e81ac72 Merge: e90665a 52cc720 Author: Linus Torvalds Date: Fri Jan 20 12:25:11 2017 -0800 Merge tag 'spi-fix-v4.10-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi Pull spi fixes from Mark Brown: "The usual small smattering of driver specific fixes. A few bits that stand out here: - the R-Car patches adding fallbacks are just adding new compatible strings to the driver so that device trees are written in a more robustly future proof fashion, this isn't strictly a fix but it's just new IDs and it's better to get it into mainline sooner to improve the ABI - the DesignWare "switch to new API part 2" patch is actually a misleadingly titled fix for a bit that got missed in the original conversion" * tag 'spi-fix-v4.10-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi: spi: davinci: use dma_mapping_error() spi: spi-axi: Free resources on error path spi: pxa2xx: add missed break spi: dw-mid: switch to new dmaengine_terminate_* API (part 2) spi: dw: Make debugfs name unique between instances spi: sh-msiof: Do not use C++ style comment spi: armada-3700: Set mode bits correctly spi: armada-3700: fix unsigned compare than zero on irq spi: sh-msiof: Add R-Car Gen 2 and 3 fallback bindings spi: SPI_FSL_DSPI should depend on HAS_DMA commit e90665a5d38b17fdbe484a85fbba917a7006522d Merge: 56ef188 6df8c9d Author: Linus Torvalds Date: Fri Jan 20 12:15:48 2017 -0800 Merge tag 'ceph-for-4.10-rc5' of git://github.com/ceph/ceph-client Pull ceph fixes from Ilya Dryomov: "Three filesystem endianness fixes (one goes back to the 2.6 era, all marked for stable) and two fixups for this merge window's patches" * tag 'ceph-for-4.10-rc5' of git://github.com/ceph/ceph-client: ceph: fix bad endianness handling in parse_reply_info_extra ceph: fix endianness bug in frag_tree_split_cmp ceph: fix endianness of getattr mask in ceph_d_revalidate libceph: make sure ceph_aes_crypt() IV is aligned ceph: fix ceph_get_caps() interruption commit b6677449dff674cf5b81429b11d5c7f358852ef9 Author: Ivan Vecera Date: Fri Jan 20 18:12:17 2017 +0100 bridge: netlink: call br_changelink() during br_dev_newlink() Any bridge options specified during link creation (e.g. ip link add) are ignored as br_dev_newlink() does not process them. Use br_changelink() to do it. Fixes: 133235161721 ("bridge: implement rtnl_link_ops->changelink") Signed-off-by: Ivan Vecera Reviewed-by: Jiri Pirko Signed-off-by: David S. Miller net/bridge/br_netlink.c | 33 +++++++++++++++++++-------------- 1 file changed, 19 insertions(+), 14 deletions(-) commit 56ef18829e559e592b0f0cf756aac56996a8259a Merge: eefa9fe 4c7d0c9 Author: Linus Torvalds Date: Fri Jan 20 11:58:30 2017 -0800 Merge branch 'overlayfs-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs Pull overlayfs fix from Miklos Szeredi: "This fixes a regression introduced in this cycle" * 'overlayfs-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs: ovl: fix possible use after free on redirect dir lookup commit eefa9feb7dad40c45259f7bcbed054508564fa7d Merge: f09ff1d 2106752 Author: Linus Torvalds Date: Fri Jan 20 11:56:29 2017 -0800 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse Pull fuse fixes from Miklos Szeredi: "Fix two regressions, one introduced in 4.9 and a less recent one in 4.2" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse: fuse: fix time_to_jiffies nsec sanity check fuse: clear FR_PENDING flag when moving requests out of pending queue commit f09ff1de63a20bc049af66d2a758a6ded4f7bdf3 Merge: f8f2d4b 9208b75 Author: Linus Torvalds Date: Fri Jan 20 11:47:18 2017 -0800 Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi Pull SCSI fixes from James Bottomley: "This is a set of 12 fixes including the mpt3sas one that was causing hangs on ATA passthrough. The others are a couple of zoned block device fixes, a SAS device detection bug which lead to SATA drives not being matched to bays, two qla2xxx MSI fixes, a qla2xxx req for rsp confusion caused by cut and paste, and a few other minor fixes" * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: scsi: mpt3sas: fix hang on ata passthrough commands scsi: lpfc: Set elsiocb contexts to NULL after freeing it scsi: sd: Ignore zoned field for host-managed devices scsi: sd: Fix wrong DPOFUA disable in sd_read_cache_type scsi: bfa: fix wrongly initialized variable in bfad_im_bsg_els_ct_request() scsi: ses: Fix SAS device detection in enclosure scsi: libfc: Fix variable name in fc_set_wwpn scsi: lpfc: avoid double free of resource identifiers scsi: qla2xxx: remove irq_affinity_notifier scsi: qla2xxx: fix MSI-X vector affinity scsi: qla2xxx: Fix apparent cut-n-paste error. scsi: qla2xxx: Get mutex lock before checking optrom_state commit f8f2d4bdb52e67139b0b3e5ae16da04e71ebc1a6 Merge: 44b4b46 7d9e8f7 Author: Linus Torvalds Date: Fri Jan 20 11:44:47 2017 -0800 Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux Pull arm64 fixes from Catalin Marinas: - avoid potential stack information leak via the ptrace ABI caused by uninitialised variables - SWIOTLB DMA API fall-back allocation fix when the SWIOTLB buffer is not initialised (all RAM is suitable for 32-bit DMA masks) - fix the bad_mode function returning for unhandled exceptions coming from user space - fix name clash in __page_to_voff() * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux: arm64: avoid returning from bad_mode arm64/ptrace: Reject attempts to set incomplete hardware breakpoint fields arm64/ptrace: Avoid uninitialised struct padding in fpr_set() arm64/ptrace: Preserve previous registers for short regset write arm64/ptrace: Preserve previous registers for short regset write arm64/ptrace: Preserve previous registers for short regset write arm64: mm: avoid name clash in __page_to_voff() arm64: Fix swiotlb fallback allocation commit 90c311b0eeead647b708a723dbdde1eda3dcad05 Author: Vineeth Remanan Pillai Date: Thu Jan 19 08:35:39 2017 -0800 xen-netfront: Fix Rx stall during network stress and OOM During an OOM scenario, request slots could not be created as skb allocation fails. So the netback cannot pass in packets and netfront wrongly assumes that there is no more work to be done and it disables polling. This causes Rx to stall. The issue is with the retry logic which schedules the timer if the created slots are less than NET_RX_SLOTS_MIN. The count of new request slots to be pushed are calculated as a difference between new req_prod and rsp_cons which could be more than the actual slots, if there are unconsumed responses. The fix is to calculate the count of newly created slots as the difference between new req_prod and old req_prod. Signed-off-by: Vineeth Remanan Pillai Reviewed-by: Juergen Gross Signed-off-by: David S. Miller drivers/net/xen-netfront.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit e048fc50d7bde23136e098e04a324d7e3404408d Author: Eric Dumazet Date: Wed Jan 18 23:03:08 2017 -0800 net/mlx5e: Do not recycle pages from emergency reserve A driver using dev_alloc_page() must not reuse a page allocated from emergency memory reserve. Otherwise all packets using this page will be immediately dropped, unless for very specific sockets having SOCK_MEMALLOC bit set. This issue might be hard to debug, because only a fraction of received packets would be dropped. Fixes: 4415a0319f92 ("net/mlx5e: Implement RX mapped page cache for page recycle") Signed-off-by: Eric Dumazet Cc: Tariq Toukan Cc: Saeed Mahameed Acked-by: Saeed Mahameed Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/en_rx.c | 3 +++ 1 file changed, 3 insertions(+) commit cdb749cef16bceb74950fc8668f2632ff7cac9aa Author: Jesper Dangaard Brouer Date: Wed Jan 18 17:19:00 2017 +0100 bpf: fix samples xdp_tx_iptunnel and tc_l2_redirect with fake KBUILD_MODNAME Fix build errors for samples/bpf xdp_tx_iptunnel and tc_l2_redirect, when dynamic debugging is enabled (CONFIG_DYNAMIC_DEBUG) by defining a fake KBUILD_MODNAME. Just like Daniel Borkmann fixed other samples/bpf in commit 96a8eb1eeed2 ("bpf: fix samples to add fake KBUILD_MODNAME"). Fixes: 12d8bb64e3f6 ("bpf: xdp: Add XDP example for head adjustment") Fixes: 90e02896f1a4 ("bpf: Add test for bpf_redirect to ipip/ip6tnl") Signed-off-by: Jesper Dangaard Brouer Signed-off-by: David S. Miller samples/bpf/tc_l2_redirect_kern.c | 1 + samples/bpf/xdp_tx_iptunnel_kern.c | 1 + 2 files changed, 2 insertions(+) commit fec969012314ec452620516f8251f512f9b534ac Merge: ce2e852 0447819 Author: Radim Krčmář Date: Fri Jan 20 17:59:02 2017 +0100 Merge tag 'kvm-s390-master-4.10-1' of git://git.kernel.org/pub/scm/linux/kernel/git/kvms390/linux KVM: s390: Fix for 4.10 (via kvm/master) Fix a kernel memory exposure. commit df384d435a5c034c735df3d9ea87a03172c59b56 Author: Arnd Bergmann Date: Wed Jan 18 15:52:53 2017 +0100 bcm63xx_enet: avoid uninitialized variable warning gcc-7 and probably earlier versions get confused by this function and print a harmless warning: drivers/net/ethernet/broadcom/bcm63xx_enet.c: In function 'bcm_enet_open': drivers/net/ethernet/broadcom/bcm63xx_enet.c:1130:3: error: 'phydev' may be used uninitialized in this function [-Werror=maybe-uninitialized] This adds an initialization for the 'phydev' variable when it is unused and changes the check to test for that NULL pointer to make it clear that we always pass a valid pointer here. Signed-off-by: Arnd Bergmann Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/bcm63xx_enet.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit 0629a330cf55454962168dd3ee46fad53a39323e Author: Arnd Bergmann Date: Wed Jan 18 15:52:52 2017 +0100 qed: avoid possible stack overflow in qed_ll2_acquire_connection struct qed_ll2_info is rather large, so putting it on the stack can cause an overflow, as this warning tries to tell us: drivers/net/ethernet/qlogic/qed/qed_ll2.c: In function 'qed_ll2_start': drivers/net/ethernet/qlogic/qed/qed_ll2.c:2159:1: error: the frame size of 1056 bytes is larger than 1024 bytes [-Werror=frame-larger-than=] qed_ll2_start_ooo() already uses a dynamic allocation for the structure to work around that problem, and we could do the same in qed_ll2_start() as well as qed_roce_ll2_start(), but since the structure is only used to pass a couple of initialization values here, it seems nicer to replace it with a different structure. Lacking any idea for better naming, I'm adding 'struct qed_ll2_conn', which now contains all the initialization data, and this now simply gets copied into struct qed_ll2_info rather than assigning all members one by one. Signed-off-by: Arnd Bergmann Acked-by: Yuval Mintz Signed-off-by: David S. Miller drivers/net/ethernet/qlogic/qed/qed_ll2.c | 88 +++++++++++++----------------- drivers/net/ethernet/qlogic/qed/qed_ll2.h | 24 ++++---- drivers/net/ethernet/qlogic/qed/qed_roce.c | 2 +- 3 files changed, 53 insertions(+), 61 deletions(-) commit 91e744653cb80554f3fdfd1d31c5ddf7b6169f37 Author: David S. Miller Date: Fri Jan 20 11:29:43 2017 -0500 Revert "net: sctp: fix array overrun read on sctp_timer_tbl" This reverts commit 0e73fc9a56f22f2eec4d2b2910c649f7af67b74d. This fix wasn't correct, a better one is coming right up. Signed-off-by: David S. Miller net/sctp/debug.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 0e73fc9a56f22f2eec4d2b2910c649f7af67b74d Author: Colin Ian King Date: Fri Jan 20 13:01:57 2017 +0000 net: sctp: fix array overrun read on sctp_timer_tbl The comparison on the timeout can lead to an array overrun read on sctp_timer_tbl because of an off-by-one error. Fix this by using < instead of <= and also compare to the array size rather than SCTP_EVENT_TIMEOUT_MAX. Fixes CoverityScan CID#1397639 ("Out-of-bounds read") Signed-off-by: Colin Ian King Signed-off-by: David S. Miller net/sctp/debug.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit e363116b90906f326c9cde5473b4b9a99ba476df Author: Eric Dumazet Date: Fri Jan 20 07:57:42 2017 -0800 ipv6: seg6_genl_set_tunsrc() must check kmemdup() return value seg6_genl_get_tunsrc() and set_tun_src() do not handle tun_src being possibly NULL, so we must check kmemdup() return value and abort if it is NULL Fixes: 915d7e5e5930 ("ipv6: sr: add code base for control plane support of SR-IPv6") Signed-off-by: Eric Dumazet Cc: David Lebrun Acked-by: David Lebrun Signed-off-by: David S. Miller net/ipv6/seg6.c | 2 ++ 1 file changed, 2 insertions(+) commit 2c561b2b728ca4013e76d6439bde2c137503745e Author: hayeswang Date: Fri Jan 20 14:33:55 2017 +0800 r8152: fix rtl8152_post_reset function The rtl8152_post_reset() should sumbit rx urb and interrupt transfer, otherwise the rx wouldn't work and the linking change couldn't be detected. Signed-off-by: Hayes Wang Signed-off-by: David S. Miller drivers/net/usb/r8152.c | 2 ++ 1 file changed, 2 insertions(+) commit 6391a4481ba0796805d6581e42f9f0418c099e34 Author: Jason Wang Date: Fri Jan 20 14:32:42 2017 +0800 virtio-net: restore VIRTIO_HDR_F_DATA_VALID on receiving Commit 501db511397f ("virtio: don't set VIRTIO_NET_HDR_F_DATA_VALID on xmit") in fact disables VIRTIO_HDR_F_DATA_VALID on receiving path too, fixing this by adding a hint (has_data_valid) and set it only on the receiving path. Cc: Rolf Neugebauer Signed-off-by: Jason Wang Acked-by: Rolf Neugebauer Signed-off-by: David S. Miller drivers/net/macvtap.c | 2 +- drivers/net/tun.c | 2 +- drivers/net/virtio_net.c | 2 +- include/linux/virtio_net.h | 6 +++++- net/packet/af_packet.c | 4 ++-- 5 files changed, 10 insertions(+), 6 deletions(-) commit 04478197416e3a302e9ebc917ba1aa884ef9bfab Author: Christian Borntraeger Date: Thu Jan 12 16:25:15 2017 +0100 KVM: s390: do not expose random data via facility bitmap kvm_s390_get_machine() populates the facility bitmap by copying bytes from the host results that are stored in a 256 byte array in the prefix page. The KVM code does use the size of the target buffer (2k), thus copying and exposing unrelated kernel memory (mostly machine check related logout data). Let's use the size of the source buffer instead. This is ok, as the target buffer will always be greater or equal than the source buffer as the KVM internal buffers (and thus S390_ARCH_FAC_LIST_SIZE_BYTE) cover the maximum possible size that is allowed by STFLE, which is 256 doublewords. All structures are zero allocated so we can leave bytes 256-2047 unchanged. Add a similar fix for kvm_arch_init_vm(). Reported-by: Heiko Carstens [found with smatch] Signed-off-by: Christian Borntraeger CC: stable@vger.kernel.org Acked-by: Cornelia Huck arch/s390/kvm/kvm-s390.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 488dc164914ff5ce5e913abd32048d28fc0d06b8 Author: Mathias Nyman Date: Fri Jan 20 15:38:24 2017 +0200 xhci: remove WARN_ON if dma mask is not set for platform devices The warn on is a bit too much, we will anyway set the dma mask if not set previously. The main reason for this fix is that 4.10-rc1 has a dwc3 change that pass a parent sysdev dev pointer instead of setting the dma mask of its xhci platform device. xhci platform driver can then get more attributes from the sysdev than just the dma mask. The usb core and xhci changes are not yet in 4.10, and a fix like this was preferred instead of taking those big changes this late in the rc-cycle. Signed-off-by: Mathias Nyman Signed-off-by: Greg Kroah-Hartman drivers/usb/host/xhci-plat.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit f1225ee4c8fcf09afaa199b8b1f0450f38b8cd11 Author: Stefano Stabellini Date: Thu Jan 19 10:39:09 2017 -0800 swiotlb-xen: update dev_addr after swapping pages In xen_swiotlb_map_page and xen_swiotlb_map_sg_attrs, if the original page is not suitable, we swap it for another page from the swiotlb pool. In these cases, we don't update the previously calculated dma address for the page before calling xen_dma_map_page. Thus, we end up calling xen_dma_map_page passing the wrong dev_addr, resulting in xen_dma_map_page mistakenly assuming that the page is foreign when it is local. Fix the bug by updating dev_addr appropriately. This change has no effect on x86, because xen_dma_map_page is a stub there. Signed-off-by: Stefano Stabellini Signed-off-by: Pooya Keshavarzi Tested-by: Pooya Keshavarzi Reviewed-by: Boris Ostrovsky Signed-off-by: Konrad Rzeszutek Wilk drivers/xen/swiotlb-xen.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit bad94f8068122b6342a73a218dad7d41e6ea907b Merge: f53345e 6c75a5d Author: Zhang Rui Date: Fri Jan 20 16:24:54 2017 +0800 Merge branches 'thermal-core' and 'thermal-soc' into for-rc commit 11d8bcef7a0399e1d2519f207fd575fc404306b4 Author: Andrzej Hajda Date: Tue Jan 17 15:15:20 2017 +0100 drm/exynos/decon5433: set STANDALONE_UPDATE_F on output enablement DECON_TV requires STANDALONE_UPDATE after output enabling, otherwise it does not start. This change is neutral for DECON. Signed-off-by: Andrzej Hajda Signed-off-by: Inki Dae drivers/gpu/drm/exynos/exynos5433_drm_decon.c | 2 ++ 1 file changed, 2 insertions(+) commit 1202a096328ed3de59e2a722038c4d80ec59a958 Author: Andrzej Hajda Date: Tue Jan 17 15:15:19 2017 +0100 drm/exynos/decon5433: fix CMU programming DECON_CMU register has reserved bits which should not be zeroed, otherwise IP can behave strangely and cause IOMMU faults. Signed-off-by: Andrzej Hajda Signed-off-by: Inki Dae drivers/gpu/drm/exynos/exynos5433_drm_decon.c | 4 ---- 1 file changed, 4 deletions(-) commit 4151e9a61c26bc86a356edfea713c0f913582760 Author: Andrzej Hajda Date: Tue Jan 17 15:15:18 2017 +0100 drm/exynos/decon5433: do not disable video after reset decon_commit is called just after reset so video is disabled anyway. Signed-off-by: Andrzej Hajda Signed-off-by: Inki Dae drivers/gpu/drm/exynos/exynos5433_drm_decon.c | 2 -- 1 file changed, 2 deletions(-) commit 178f358208ceb8b38e5cff3f815e0db4a6a70a07 Author: Anton Blanchard Date: Thu Jan 19 14:19:10 2017 +1100 powerpc: Ignore reserved field in DCSR and PVR reads and writes IBM bit 31 (for the rest of us - bit 0) is a reserved field in the instruction definition of mtspr and mfspr. Hardware is encouraged to (and does) ignore it. As a result, if userspace executes an mtspr DSCR with the reserved bit set, we get a DSCR facility unavailable exception. The kernel fails to match against the expected value/mask, and we silently return to userspace to try and re-execute the same mtspr DSCR instruction. We loop forever until the process is killed. We should do something here, and it seems mirroring what hardware does is the better option vs killing the process. While here, relax the matching of mfspr PVR too. Cc: stable@vger.kernel.org Signed-off-by: Anton Blanchard Signed-off-by: Michael Ellerman arch/powerpc/include/asm/ppc-opcode.h | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) commit b34ca60148c53971d373643195cc5c4d5d20be78 Author: Dave Martin Date: Thu Jan 5 16:50:57 2017 +0000 powerpc/ptrace: Preserve previous TM fprs/vsrs on short regset write Ensure that if userspace supplies insufficient data to PTRACE_SETREGSET to fill all the check pointed registers, the thread's old check pointed registers are preserved. Fixes: 9d3918f7c0e5 ("powerpc/ptrace: Enable support for NT_PPC_CVSX") Fixes: 19cbcbf75a0c ("powerpc/ptrace: Enable support for NT_PPC_CFPR") Cc: stable@vger.kernel.org # v4.8+ Signed-off-by: Dave Martin Signed-off-by: Michael Ellerman arch/powerpc/kernel/ptrace.c | 7 +++++++ 1 file changed, 7 insertions(+) commit 99dfe80a2a246c600440a815741fd2e74a8b4977 Author: Dave Martin Date: Thu Jan 5 16:50:57 2017 +0000 powerpc/ptrace: Preserve previous fprs/vsrs on short regset write Ensure that if userspace supplies insufficient data to PTRACE_SETREGSET to fill all the registers, the thread's old registers are preserved. Fixes: c6e6771b87d4 ("powerpc: Introduce VSX thread_struct and CONFIG_VSX") Cc: stable@vger.kernel.org # v2.6.27+ Signed-off-by: Dave Martin Signed-off-by: Michael Ellerman arch/powerpc/kernel/ptrace.c | 7 +++++++ 1 file changed, 7 insertions(+) commit 7a37052adb5e843bcfff6c98aee9b60bb087b910 Author: Lv Zheng Date: Thu Jan 19 15:21:34 2017 +0800 ACPICA: Tables: Fix hidden logic related to acpi_tb_install_standard_table() There is a hidden logic for acpi_tb_install_standard_table() as it can be invoked from the boot stage and during runtime. 1. When it is invoked from the OS boot stage, the ACPICA mutex may not have been initialized yet and so acpi_ut_acquire_mutex()/acpi_ut_release_mutex() are not invoked in these code paths: acpi_initialize_tables acpi_tb_parse_root_table acpi_tb_install_standard_table (4 invocations) acpi_install_table acpi_tb_install_standard_table 2. When it is invoked during the runtime, ACPICA mutex is used as appropriate: acpi_ex_load_op acpi_tb_install_and_load_table acpi_tb_install_standard_table acpi_load_table acpi_tb_install_and_load_table acpi_tb_install_standard_table The mutex is now used in acpi_tb_install_and_load_table(), while it actually should be in acpi_tb_install_standard_table(). This introduces another problem in acpi_tb_install_standard_table() where acpi_gbl_table_handler is invoked from and the lock contexts are thus not consistent for the table handlers. This triggers a regression when acpi_get_table()/acpi_put_table() start to hold table mutex during runtime. The regression is noticed by LKP as new errors reported by ACPICA mutex debugging facility. [ 2.043693] ACPI Error: Mutex [ACPI_MTX_Tables] already acquired by this thread [497483776] (20160930/utmutex-254) [ 2.054084] ACPI Error: Mutex [0x2] is not acquired, cannot release (20160930/utmutex-326) And it triggers a deadlock: [ 247.066214] INFO: task swapper/0:1 blocked for more than 120 seconds. ... [ 247.091271] Call Trace: ... [ 247.121523] down_timeout+0x47/0x50 [ 247.125065] acpi_os_wait_semaphore+0x47/0x62 [ 247.129475] acpi_ut_acquire_mutex+0x43/0x81 [ 247.133798] acpi_get_table+0x2d/0x84 [ 247.137513] acpi_table_attr_init+0xcd/0x100 [ 247.146590] acpi_sysfs_table_handler+0x5d/0xb8 [ 247.151174] acpi_bus_table_handler+0x23/0x2a [ 247.155583] acpi_tb_install_standard_table+0xe0/0x213 [ 247.164489] acpi_tb_install_and_load_table+0x3a/0x82 [ 247.169592] acpi_ex_load_op+0x194/0x201 ... [ 247.200108] acpi_ns_evaluate+0x1bb/0x247 [ 247.204170] acpi_evaluate_object+0x178/0x274 [ 247.213249] acpi_processor_set_pdc+0x154/0x17b ... The table mutex is held in acpi_tb_install_and_load_table() and is re-visited by acpi_get_table(). Noticing that the early mutex requirement actually belongs to the OSL layer and has already been handled in acpi_os_wait_semaphore()/acpi_os_signal_semaphore(), the regression canbe fixed by removing this hidden logic from the ACPICA core to the OS-specific code. Fixes: 174cc7187e6f ("ACPICA: Tables: Back port acpi_get_table_with_size() and early_acpi_os_unmap_memory() from Linux kernel") Reported-and-tested-by: Tomi Sarvela Reported-by: Ye Xiaolong Signed-off-by: Lv Zheng Signed-off-by: Rafael J. Wysocki drivers/acpi/acpica/tbdata.c | 9 ++------- drivers/acpi/acpica/tbinstal.c | 17 +++++++++++++++-- 2 files changed, 17 insertions(+), 9 deletions(-) commit 1443ebbacfd7f8d84fbbbf629ef66a12dc8a4b4e Author: Srinivas Pandruvada Date: Wed Jan 18 10:48:22 2017 -0800 cpufreq: intel_pstate: Fix sysfs limits enforcement for performance policy A side effect of keeping intel_pstate sysfs limits in sync with cpufreq is that the now sysfs limits can't enforced under performance policy. For example, if the max_perf_pct is changed from 100 to 80, this will call intel_pstate_set_policy(), which will change the max_perf to 100 again for performance policy. Same issue happens, when no_turbo is set. This change calculates max and min frequency using sysfs performance limits in intel_pstate_verify_policy() and adjusts policy limits by calling cpufreq_verify_within_limits(). Also, it causes the setting of performance limits to be skipped if no_turbo is set. Fixes: 111b8b3fe4fa (cpufreq: intel_pstate: Always keep all limits settings in sync) Signed-off-by: Srinivas Pandruvada Signed-off-by: Rafael J. Wysocki drivers/cpufreq/intel_pstate.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) commit e326ce013a8e851193eb337aafb1aa396c533a61 Author: Rafael J. Wysocki Date: Fri Jan 20 03:25:34 2017 +0100 Revert "PM / sleep / ACPI: Use the ACPI_FADT_LOW_POWER_S0 flag" Revert commit 08b98d329165 (PM / sleep / ACPI: Use the ACPI_FADT_LOW_POWER_S0 flag) as it caused system suspend (in the default configuration) to fail on Dell XPS13 (9360) with the Kaby Lake processor. Fixes: 08b98d329165 (PM / sleep / ACPI: Use the ACPI_FADT_LOW_POWER_S0 flag) Reported-by: Paul Menzel Signed-off-by: Rafael J. Wysocki Documentation/power/states.txt | 4 +--- drivers/acpi/sleep.c | 8 -------- include/linux/suspend.h | 2 -- kernel/power/suspend.c | 4 ++-- 4 files changed, 3 insertions(+), 15 deletions(-) commit 44b4b461a0fb407507b46ea76a71376d74de7058 Merge: 6e0362b 4384978 Author: Linus Torvalds Date: Thu Jan 19 16:40:03 2017 -0800 Merge tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc Pull ARM SoC fixes from Olof Johansson: "We've been sitting on fixes for a while, and they keep trickling in at a low rate. Nothing in here comes across as particularly scary or noteworthy, for the most part it's a large collection of small DT tweaks" * tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (24 commits) ARM: dts: da850-evm: fix read access to SPI flash ARM: dts: omap3: Fix Card Detect and Write Protect on Logic PD SOM-LV ARM64: dts: meson-gxbb-odroidc2: Disable SCPI DVFS ARM: dts: OMAP5 / DRA7: indicate that SATA port 0 is available. ARM: dts: NSP: Fix DT ranges error ARM: multi_v7_defconfig: set bcm47xx watchdog ARM: multi_v7_defconfig: fix config typo ARM: dts: dra72-evm-revc: fix typo in ethernet-phy node soc: ti: wkup_m3_ipc: Fix error return code in wkup_m3_ipc_probe() ARM: ux500: fix prcmu_is_cpu_in_wfi() calculation ARM: dts: sunxi: Change node name for pwrseq pin on Olinuxino-lime2-emmc ARM: dts: sun8i: Support DTB build for NanoPi M1 ARM: dts: sun6i: hummingbird: Enable display engine again ARM: dts: sun6i: Disable display pipeline by default ARM, ARM64: dts: drop "arm,amba-bus" in favor of "simple-bus" part 3 ARM: dts: imx6qdl-nitrogen6_som2: fix sgtl5000 pinctrl init ARM: dts: imx6qdl-nitrogen6_max: fix sgtl5000 pinctrl init ARM: OMAP1: DMA: Correct the number of logical channels ARM: dts: am335x-icev2: Remove the duplicated pinmux setting ARM: OMAP2+: Fix WL1283 Bluetooth Baud Rate ... commit 6e0362b3a84bb6c3fd33af3a3e440360e561156d Merge: 81aaeaa fd29f7a Author: Linus Torvalds Date: Thu Jan 19 16:33:00 2017 -0800 Merge tag 'xfs-for-linux-4.10-rc5-1' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux Pull xfs fixes from Darrick Wong: "I have a few more patches this week -- one to make the behavior of a quota id ioctl consistent with the other filesystems, and the rest improve validation of i_mode & i_size values coming into xfs so that we don't read off the ends of arrays or crash when handed garbage disk data. Summary: - inode i_mode sanitization - prevent overflows in getnextquota - minor build fixes" * tag 'xfs-for-linux-4.10-rc5-1' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux: xfs: fix xfs_mode_to_ftype() prototype xfs: don't wrap ID in xfs_dq_get_next_id xfs: sanity check inode di_mode xfs: sanity check inode mode when creating new dentry xfs: replace xfs_mode_to_ftype table with switch statement xfs: add missing include dependencies to xfs_dir2.h xfs: sanity check directory inode di_size xfs: make the ASSERT() condition likely commit 43849785e1079f6606a31cb7fda92d1200849728 Author: Fabien Parent Date: Tue Jan 17 13:57:42 2017 +0100 ARM: dts: da850-evm: fix read access to SPI flash Read access to the SPI flash are broken on da850-evm, i.e. the data read is not what is actually programmed on the flash. According to the datasheet for the M25P64 part present on the da850-evm, if the SPI frequency is higher than 20MHz then the READ command is not usable anymore and only the FAST_READ command can be used to read data. This commit specifies in the DTS that we should use FAST_READ command instead of the READ command. Cc: stable@vger.kernel.org Tested-by: Kevin Hilman Signed-off-by: Fabien Parent [nsekhar@ti.com: subject line adjustment] Signed-off-by: Sekhar Nori Signed-off-by: Olof Johansson arch/arm/boot/dts/da850-evm.dts | 1 + 1 file changed, 1 insertion(+) commit 0db1dba5dfaf70fb3baf07973996db2078528cde Author: Bhumika Goyal Date: Sat Jan 14 00:18:56 2017 +0530 virtio/s390: virtio: constify virtio_config_ops structures Declare virtio_config_ops structure as const as it is only stored in the config field of a virtio_device structure. This field is of type const, so virtio_config_ops structures having this property can be declared const. Done using Coccinelle: @r1 disable optional_qualifier@ identifier i; position p; @@ static struct virtio_config_ops i@p={...}; @ok1@ identifier r1.i; position p; struct virtio_ccw_device x; @@ x.vdev.config=&i@p @bad@ position p!={r1.p,ok1.p}; identifier r1.i; @@ i@p @depends on !bad disable optional_qualifier@ identifier r1.i; @@ +const struct virtio_config_ops i; File size before and after applying the patch remains the same. text data bss dec hex filename 9235 296 32928 42459 a5db drivers/s390/virtio/virtio_ccw.o Signed-off-by: Bhumika Goyal Message-Id: <1484333336-13443-1-git-send-email-bhumirks@gmail.com> Signed-off-by: Christian Borntraeger Signed-off-by: Cornelia Huck drivers/s390/virtio/virtio_ccw.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 99240622bdde46f159a89e72199779d3c5a08b98 Author: Colin Ian King Date: Tue Sep 27 13:08:44 2016 -0700 virtio/s390: add missing \n to end of dev_err message Trival fix, dev_err message is missing a \n, so add it. Signed-off-by: Colin Ian King Message-Id: <20160927200844.16008-1-colin.king@canonical.com> Signed-off-by: Christian Borntraeger Signed-off-by: Cornelia Huck drivers/s390/virtio/virtio_ccw.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 7d3ce5ab9430504b6d91027919529f68fd14af9b Author: Pierre Morel Date: Fri Aug 28 11:09:32 2015 +0200 virtio/s390: support READ_STATUS command for virtio-ccw As virtio-1 introduced the possibility of the device manipulating the status byte, revision 2 of the virtio-ccw transport introduced a means of getting the status byte from the device via READ_STATUS. Let's wire it up for revisions >= 2 and fall back to returning the stored status byte if not supported. Signed-off-by: Pierre Morel Signed-off-by: Cornelia Huck drivers/s390/virtio/virtio_ccw.c | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) commit 47a4c49af6cc1982ce613c8ee79aab459d04c44c Author: Halil Pasic Date: Fri Sep 2 17:59:36 2016 +0200 tools/virtio/ringtest: tweaks for s390 Make ringtest work on s390 too. Signed-off-by: Halil Pasic Acked-by: Sascha Silbe Signed-off-by: Cornelia Huck tools/virtio/ringtest/main.h | 12 ++++++++++++ 1 file changed, 12 insertions(+) commit 21f5eda9b8671744539c8295b9df62991fffb2ce Author: Halil Pasic Date: Mon Aug 29 18:25:22 2016 +0200 tools/virtio/ringtest: fix run-on-all.sh for offline cpus Since ef1b144d ("tools/virtio/ringtest: fix run-on-all.sh to work without /dev/cpu") run-on-all.sh uses seq 0 $HOST_AFFINITY as the list of ids of the CPUs to run the command on (assuming ids of online CPUs are consecutive and start from 0), where $HOST_AFFINITY is the highest CPU id in the system previously determined using lscpu. This can fail on systems with offline CPUs. Instead let's use lscpu to determine the list of online CPUs. Signed-off-by: Halil Pasic Fixes: ef1b144d ("tools/virtio/ringtest: fix run-on-all.sh to work without /dev/cpu") Reviewed-by: Sascha Silbe Signed-off-by: Cornelia Huck tools/virtio/ringtest/run-on-all.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 8379cadf71c3ee8173a1c6fc1ea7762a9638c047 Author: G. Campana Date: Thu Jan 19 23:37:46 2017 +0200 virtio_console: fix a crash in config_work_handler Using control_work instead of config_work as the 3rd argument to container_of results in an invalid portdev pointer. Indeed, the work structure is initialized as below: INIT_WORK(&portdev->config_work, &config_work_handler); It leads to a crash when portdev->vdev is dereferenced later. This bug is triggered when the guest uses a virtio-console without multiport feature and receives a config_changed virtio interrupt. Signed-off-by: G. Campana Reviewed-by: Amit Shah Signed-off-by: Michael S. Tsirkin drivers/char/virtio_console.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 532e15af105a0b86211f515bd5fec1f4cdd9f27b Author: Dan Carpenter Date: Thu Jan 12 21:45:04 2017 +0300 vhost/scsi: silence uninitialized variable warning This is to silence an uninitialized variable warning in debug output. The problem is this line: pr_debug("vhost_get_vq_desc: head: %d, out: %u in: %u\n", head, out, in); If "head == vq->num" is true on the first iteration then "out" and "in" aren't initialized. We handle that a few lines after the printk. I was tempted to just delete the pr_debug() but I decided to just initialize them to zero instead. Also checkpatch.pl complains if variables are declared as just "unsigned" without the "int". Signed-off-by: Dan Carpenter Signed-off-by: Michael S. Tsirkin drivers/vhost/scsi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 1d822a40b81568becba8777b525a1ed255a8078c Author: Bhumika Goyal Date: Mon Jan 9 20:51:02 2017 +0530 vhost: scsi: constify target_core_fabric_ops structures Declare target_core_fabric_ops strucrues as const as they are only passed as an argument to the functions target_register_template and target_unregister_template. The arguments are of type const struct target_core_fabric_ops *, so target_core_fabric_ops structures having this property can be declared const. Done using Coccinelle: @r disable optional_qualifier@ identifier i; position p; @@ static struct target_core_fabric_ops i@p={...}; @ok@ position p; identifier r.i; @@ ( target_register_template(&i@p) | target_unregister_template(&i@p) ) @bad@ position p!={r.p,ok.p}; identifier r.i; @@ i@p @depends on !bad disable optional_qualifier@ identifier r.i; @@ +const struct target_core_fabric_ops i; File size before: drivers/vhost/scsi.o text data bss dec hex filename 18063 2985 40 21088 5260 drivers/vhost/scsi.o File size after: drivers/vhost/scsi.o text data bss dec hex filename 18479 2601 40 21120 5280 drivers/vhost/scsi.o Signed-off-by: Bhumika Goyal Signed-off-by: Michael S. Tsirkin Acked-by: Jason Wang drivers/vhost/scsi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d61b7f972dab2a7d187c38254845546dfc8eed85 Author: Josef Bacik Date: Thu Jan 19 16:08:49 2017 -0500 nbd: only set MSG_MORE when we have more to send A user noticed that write performance was horrible over loopback and we traced it to an inversion of when we need to set MSG_MORE. It should be set when we have more bvec's to send, not when we are on the last bvec. This patch made the test go from 20 iops to 78k iops. Signed-off-by: Josef Bacik Fixes: 429a787be679 ("nbd: fix use-after-free of rq/bio in the xmit path") Signed-off-by: Jens Axboe drivers/block/nbd.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) commit 81aaeaac461071c591cbd188748ad875e0efae7e Merge: 2ed5e5a 4d191b1 Author: Linus Torvalds Date: Thu Jan 19 09:59:46 2017 -0800 Merge tag 'pci-v4.10-fixes-1' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci Pull PCI fixes from Bjorn Helgaas: - recognize that a PCI-to-PCIe bridge originates a PCIe hierarchy, so we enumerate that hierarchy correctly - X-Gene: fix a change merged for v4.10 that broke MSI - Keystone: avoid reading undefined registers, which can cause asynchronous external aborts - Supermicro X8DTH-i/6/iF/6F: ignore broken _CRS that caused us to change (and break) existing I/O port assignments * tag 'pci-v4.10-fixes-1' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci: PCI/MSI: pci-xgene-msi: Fix CPU hotplug registration handling PCI: Enumerate switches below PCI-to-PCIe bridges x86/PCI: Ignore _CRS on Supermicro X8DTH-i/6/iF/6F PCI: designware: Check for iATU unroll only on platforms that use ATU commit 2ed5e5af2f9d5fb583ac1d36ba819f787bafbda6 Merge: 4a1cc2e8 a9ce785 Author: Linus Torvalds Date: Thu Jan 19 09:49:58 2017 -0800 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid Pull HID fixes from Jiri Kosina: - regression fix for generic Wacom devices, from Jason Gerecke - DMA-on-stack fixes for hid-corsair driver, from Johan Hovold * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid: HID: wacom: Fix sibling detection regression HID: corsair: fix control-transfer error handling HID: corsair: fix DMA buffers on stack commit 4a1cc2e879c9fdfe1137060ce6de3bbe413630f6 Merge: 0866757 1d99957 Author: Linus Torvalds Date: Thu Jan 19 09:46:10 2017 -0800 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux Pull two s390 bug fixes from Martin Schwidefsky: "Two changes, the first is a fix to add a missing memory clobber to the inline assembly to load control registers. This has not caused any issues so far, but who knows what code gcc will generate in future versions. The second change is an update for the default configurations. This includes CONFIG_BUG_ON_DATA_CORRUPTION=y, we want this to be enabled for s390. The usual approach to debug problems on production systems is to use crash on a system dump and for us avoiding data corruptions is priority one" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux: s390: update defconfigs s390/ctl_reg: make __ctl_load a full memory barrier commit 086675779097c6fe95e94058072462196ffd1870 Merge: fb1d8e0 da72ff5 Author: Linus Torvalds Date: Thu Jan 19 09:38:27 2017 -0800 Merge tag 'for-linus-4.10-rc4-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip Pull xen fix from Juergen Gross: "A fix for Xen running in nested virtualization environment" * tag 'for-linus-4.10-rc4-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip: partially revert "xen: Remove event channel notification through Xen PCI platform device" commit 91298eec05cd8d4e828cf7ee5d4a6334f70cf69a Author: Liu Bo Date: Thu Dec 1 13:43:31 2016 -0800 Btrfs: fix truncate down when no_holes feature is enabled For such a file mapping, [0-4k][hole][8k-12k] In NO_HOLES mode, we don't have the [hole] extent any more. Commit c1aa45759e90 ("Btrfs: fix shrinking truncate when the no_holes feature is enabled") fixed disk isize not being updated in NO_HOLES mode when data is not flushed. However, even if data has been flushed, we can still have trouble in updating disk isize since we updated disk isize to 'start' of the last evicted extent. Reviewed-by: Chris Mason Signed-off-by: Liu Bo Signed-off-by: David Sterba fs/btrfs/inode.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) commit 97dcdea076ecef41ea4aaa23d4397c2f622e4265 Author: Chandan Rajendra Date: Fri Dec 23 15:00:18 2016 +0530 Btrfs: Fix deadlock between direct IO and fast fsync The following deadlock is seen when executing generic/113 test, ---------------------------------------------------------+---------------------------------------------------- Direct I/O task Fast fsync task ---------------------------------------------------------+---------------------------------------------------- btrfs_direct_IO __blockdev_direct_IO do_blockdev_direct_IO do_direct_IO btrfs_get_blocks_direct while (blocks needs to written) get_more_blocks (first iteration) btrfs_get_blocks_direct btrfs_create_dio_extent down_read(&BTRFS_I(inode) >dio_sem) Create and add extent map and ordered extent up_read(&BTRFS_I(inode) >dio_sem) btrfs_sync_file btrfs_log_dentry_safe btrfs_log_inode_parent btrfs_log_inode btrfs_log_changed_extents down_write(&BTRFS_I(inode) >dio_sem) Collect new extent maps and ordered extents wait for ordered extent completion get_more_blocks (second iteration) btrfs_get_blocks_direct btrfs_create_dio_extent down_read(&BTRFS_I(inode) >dio_sem) -------------------------------------------------------------------------------------------------------------- In the above description, Btrfs direct I/O code path has not yet started submitting bios for file range covered by the initial ordered extent. Meanwhile, The fast fsync task obtains the write semaphore and waits for I/O on the ordered extent to get completed. However, the Direct I/O task is now blocked on obtaining the read semaphore. To resolve the deadlock, this commit modifies the Direct I/O code path to obtain the read semaphore before invoking __blockdev_direct_IO(). The semaphore is then given up after __blockdev_direct_IO() returns. This allows the Direct I/O code to complete I/O on all the ordered extents it creates. Signed-off-by: Chandan Rajendra Reviewed-by: Filipe Manana Signed-off-by: David Sterba fs/btrfs/inode.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 47b5d64691350e116093c9b47b55ca6b9433bc50 Author: Wang Xiaoguang Date: Wed Sep 7 20:17:38 2016 +0800 btrfs: fix false enospc error when truncating heavily reflinked file Below test script can reveal this bug: dd if=/dev/zero of=fs.img bs=$((1024*1024)) count=100 dev=$(losetup --show -f fs.img) mkdir -p /mnt/mntpoint mkfs.btrfs -f $dev mount $dev /mnt/mntpoint cd /mnt/mntpoint echo "workdir is: /mnt/mntpoint" blocksize=$((128 * 1024)) dd if=/dev/zero of=testfile bs=$blocksize count=1 sync count=$((17*1024*1024*1024/blocksize)) echo "file size is:" $((count*blocksize)) for ((i = 1; i <= $count; i++)); do dst_offset=$((blocksize * i)) xfs_io -f -c "reflink testfile 0 $dst_offset $blocksize"\ testfile > /dev/null done sync truncate --size 0 testfile The last truncate operation will fail for ENOSPC reason, but indeed it should not fail. In btrfs_truncate(), we use a temporary block_rsv to do truncate operation. With every btrfs_truncate_inode_items() call, we migrate space to this block_rsv, but forget to cleanup previous reservation, which will make this block_rsv's reserved bytes keep growing, and this reserved space will only be released in the end of btrfs_truncate(), this metadata leak will impact other's metadata reservation. In this case, it's "btrfs_start_transaction(root, 2);" fails for enospc error, which make this truncate operation fail. Call btrfs_block_rsv_release() to fix this bug. Signed-off-by: Wang Xiaoguang Reviewed-by: David Sterba Signed-off-by: David Sterba fs/btrfs/inode.c | 1 + 1 file changed, 1 insertion(+) commit 69fed99baac186013840ced3524562841296034f Author: Eric Dumazet Date: Wed Jan 18 19:44:42 2017 -0800 gianfar: Do not reuse pages from emergency reserve A driver using dev_alloc_page() must not reuse a page that had to use emergency memory reserve. Otherwise all packets using this page will be immediately dropped, unless for very specific sockets having SOCK_MEMALLOC bit set. This issue might be hard to debug, because only a fraction of the RX ring buffer would suffer from drops. Fixes: 75354148ce69 ("gianfar: Add paged allocation and Rx S/G") Signed-off-by: Eric Dumazet Cc: Claudiu Manoil Acked-by: Claudiu Manoil Signed-off-by: David S. Miller drivers/net/ethernet/freescale/gianfar.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 0dbd7ff3ac5017a46033a9d0a87a8267d69119d9 Author: Alexey Kodanev Date: Thu Jan 19 16:36:39 2017 +0300 tcp: initialize max window for a new fastopen socket Found that if we run LTP netstress test with large MSS (65K), the first attempt from server to send data comparable to this MSS on fastopen connection will be delayed by the probe timer. Here is an example: < S seq 0:0 win 43690 options [mss 65495 wscale 7 tfo cookie] length 32 > S. seq 0:0 ack 1 win 43690 options [mss 65495 wscale 7] length 0 < . ack 1 win 342 length 0 Inside tcp_sendmsg(), tcp_send_mss() returns max MSS in 'mss_now', as well as in 'size_goal'. This results the segment not queued for transmition until all the data copied from user buffer. Then, inside __tcp_push_pending_frames(), it breaks on send window test and continues with the check probe timer. Fragmentation occurs in tcp_write_wakeup()... +0.2 > P. seq 1:43777 ack 1 win 342 length 43776 < . ack 43777, win 1365 length 0 > P. seq 43777:65001 ack 1 win 342 options [...] length 21224 ... This also contradicts with the fact that we should bound to the half of the window if it is large. Fix this flaw by correctly initializing max_window. Before that, it could have large values that affect further calculations of 'size_goal'. Fixes: 168a8f58059a ("tcp: TCP Fast Open Server - main code path") Signed-off-by: Alexey Kodanev Acked-by: Eric Dumazet Signed-off-by: David S. Miller net/ipv4/tcp_fastopen.c | 1 + 1 file changed, 1 insertion(+) commit ad05df399f3343b10664827a3860669a8a80782d Author: Arnd Bergmann Date: Thu Jan 19 10:33:29 2017 +0100 net/mlx5e: Remove unused variable A cleanup removed the only user of this variable mlx5/core/en_ethtool.c: In function 'mlx5e_set_channels': mlx5/core/en_ethtool.c:546:6: error: unused variable 'ncv' [-Werror=unused-variable] Let's remove the declaration as well. Fixes: 639e9e94160e ("net/mlx5e: Remove unnecessary checks when setting num channels") Signed-off-by: Arnd Bergmann Reported-by: Stephen Rothwell Reviewed-by: Tariq Toukan Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/en_ethtool.c | 1 - 1 file changed, 1 deletion(-) commit 03e4deff4987f79c34112c5ba4eb195d4f9382b0 Author: Kefeng Wang Date: Thu Jan 19 16:26:21 2017 +0800 ipv6: addrconf: Avoid addrconf_disable_change() using RCU read-side lock Just like commit 4acd4945cd1e ("ipv6: addrconf: Avoid calling netdevice notifiers with RCU read-side lock"), it is unnecessary to make addrconf_disable_change() use RCU iteration over the netdev list, since it already holds the RTNL lock, or we may meet Illegal context switch in RCU read-side critical section. Signed-off-by: Kefeng Wang Signed-off-by: David S. Miller net/ipv6/addrconf.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) commit 59cfa789d04c35b6c647aacf4cc89b3d4d430cfe Author: Hariprasad Shenai Date: Thu Jan 19 11:50:32 2017 +0530 MAINTAINERS: update cxgb4 maintainer Ganesg will be taking over as maintainer from now Signed-off-by: Hariprasad Shenai Signed-off-by: David S. Miller MAINTAINERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 7d9e8f71b989230bc613d121ca38507d34ada849 Author: Mark Rutland Date: Wed Jan 18 17:23:41 2017 +0000 arm64: avoid returning from bad_mode Generally, taking an unexpected exception should be a fatal event, and bad_mode is intended to cater for this. However, it should be possible to contain unexpected synchronous exceptions from EL0 without bringing the kernel down, by sending a SIGILL to the task. We tried to apply this approach in commit 9955ac47f4ba1c95 ("arm64: don't kill the kernel on a bad esr from el0"), by sending a signal for any bad_mode call resulting from an EL0 exception. However, this also applies to other unexpected exceptions, such as SError and FIQ. The entry paths for these exceptions branch to bad_mode without configuring the link register, and have no kernel_exit. Thus, if we take one of these exceptions from EL0, bad_mode will eventually return to the original user link register value. This patch fixes this by introducing a new bad_el0_sync handler to cater for the recoverable case, and restoring bad_mode to its original state, whereby it calls panic() and never returns. The recoverable case branches to bad_el0_sync with a bl, and returns to userspace via the usual ret_to_user mechanism. Signed-off-by: Mark Rutland Fixes: 9955ac47f4ba1c95 ("arm64: don't kill the kernel on a bad esr from el0") Reported-by: Mark Salter Cc: Will Deacon Cc: stable@vger.kernel.org Signed-off-by: Catalin Marinas arch/arm64/kernel/entry.S | 2 +- arch/arm64/kernel/traps.c | 28 ++++++++++++++++++++++++---- 2 files changed, 25 insertions(+), 5 deletions(-) commit e5072053b09642b8ff417d47da05b84720aea3ee Author: Florian Westphal Date: Wed Jan 18 02:01:22 2017 +0100 netfilter: conntrack: refine gc worker heuristics, redux This further refines the changes made to conntrack gc_worker in commit e0df8cae6c16 ("netfilter: conntrack: refine gc worker heuristics"). The main idea of that change was to reduce the scan interval when evictions take place. However, on the reporters' setup, there are 1-2 million conntrack entries in total and roughly 8k new (and closing) connections per second. In this case we'll always evict at least one entry per gc cycle and scan interval is always at 1 jiffy because of this test: } else if (expired_count) { gc_work->next_gc_run /= 2U; next_run = msecs_to_jiffies(1); being true almost all the time. Given we scan ~10k entries per run its clearly wrong to reduce interval based on nonzero eviction count, it will only waste cpu cycles since a vast majorities of conntracks are not timed out. Thus only look at the ratio (scanned entries vs. evicted entries) to make a decision on whether to reduce or not. Because evictor is supposed to only kick in when system turns idle after a busy period, pick a high ratio -- this makes it 50%. We thus keep the idea of increasing scan rate when its likely that table contains many expired entries. In order to not let timed-out entries hang around for too long (important when using event logging, in which case we want to timely destroy events), we now scan the full table within at most GC_MAX_SCAN_JIFFIES (16 seconds) even in worst-case scenario where all timed-out entries sit in same slot. I tested this with a vm under synflood (with sysctl net.netfilter.nf_conntrack_tcp_timeout_syn_recv=3). While flood is ongoing, interval now stays at its max rate (GC_MAX_SCAN_JIFFIES / GC_MAX_BUCKETS_DIV -> 125ms). With feedback from Nicolas Dichtel. Reported-by: Denys Fedoryshchenko Cc: Nicolas Dichtel Fixes: b87a2f9199ea82eaadc ("netfilter: conntrack: add gc worker to remove timed-out entries") Signed-off-by: Florian Westphal Tested-by: Nicolas Dichtel Acked-by: Nicolas Dichtel Tested-by: Denys Fedoryshchenko Signed-off-by: Pablo Neira Ayuso net/netfilter/nf_conntrack_core.c | 39 ++++++++++++++++++++------------------- 1 file changed, 20 insertions(+), 19 deletions(-) commit 524b698db06b9b6da7192e749f637904e2f62d7b Author: Florian Westphal Date: Mon Jan 16 18:24:56 2017 +0100 netfilter: conntrack: remove GC_MAX_EVICTS break Instead of breaking loop and instant resched, don't bother checking this in first place (the loop calls cond_resched for every bucket anyway). Suggested-by: Nicolas Dichtel Signed-off-by: Florian Westphal Acked-by: Nicolas Dichtel Signed-off-by: Pablo Neira Ayuso net/netfilter/nf_conntrack_core.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) commit a9ce7856cad1bf43de5c43888e4076e77371d51b Author: Jason Gerecke Date: Tue Jan 17 15:38:58 2017 -0800 HID: wacom: Fix sibling detection regression Commit 345857b ("HID: wacom: generic: Add support for sensor offsets") included a change to the operation and location of the call to 'wacom_add_shared_data' in 'wacom_parse_and_register'. The modifications included moving it higher up so that it would occur before the call to 'wacom_retrieve_hid_descriptor'. This was done to prevent a crash that would have occured when the report containing tablet offsets was fed into the driver with 'wacom_hid_report_raw_event' (specifically: the various 'wacom_wac_*_report' functions were written with the assumption that they would only be called once tablet setup had completed; 'wacom_wac_pen_report' in particular dereferences 'shared' which wasn't yet allocated). Moving the call to 'wacom_add_shared_data' effectively prevented the crash but also broke the sibiling detection code which assumes that the HID descriptor has been read and the various device_type flags set. To fix this situation, we restore the original 'wacom_add_shared_data' operation and location and instead implement an alternative change that can also prevent the crash. Specifically, we notice that the report functions mentioned above expect to be called only for input reports. By adding a check, we can prevent feature reports (such as the offset report) from causing trouble. Fixes: 345857bb49 ("HID: wacom: generic: Add support for sensor offsets") Signed-off-by: Jason Gerecke Tested-by: Ping Cheng Reviewed-by: Benjamin Tissoires Signed-off-by: Jiri Kosina drivers/hid/wacom_sys.c | 16 ++++++++-------- drivers/hid/wacom_wac.c | 10 ++++++++++ 2 files changed, 18 insertions(+), 8 deletions(-) commit df1539c25cce98e2ac69881958850c6535240707 Author: Masahiro Yamada Date: Tue Jan 17 19:52:54 2017 +0900 pinctrl: uniphier: fix Ethernet (RMII) pin-mux setting for LD20 Fix the pin-mux values for the MDC, MDIO, MDIO_INTL, PHYRSTL pins. Fixes: 1e359ab1285e ("pinctrl: uniphier: add Ethernet pin-mux settings") Signed-off-by: Masahiro Yamada Signed-off-by: Linus Walleij drivers/pinctrl/uniphier/pinctrl-uniphier-ld20.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit b27e36482c02a94194fec71fb29696f4c8e9241c Author: Martin Blumenstingl Date: Sun Jan 15 23:20:28 2017 +0100 pinctrl: meson: fix uart_ao_b for GXBB and GXL/GXM The GXBB and GXL/GXM pinctrl drivers had a configuration which conflicts with uart_ao_a. According to the GXBB ("S905") datasheet the AO UART functions are: - GPIOAO_0: Func1 = UART_TX_AO_A (bit 12), Func2 = UART_TX_AO_B (bit 26) - GPIOAO_1: Func1 = UART_RX_AO_A (bit 11), Func2 = UART_RX_AO_B (bit 25) - GPIOAO_4: Func2 = UART_TX_AO_B (bit 24) - GPIOAO_5: Func2 = UART_RX_AO_B (bit 25) The existing definition for uart_AO_A already uses GPIOAO_0 and GPIOAO_1. The old definition of uart_AO_B however was broken, as it used GPIOAO_0 for TX (which would be fine) and two pins (GPIOAO_1 and GPIOAO_5) for RX (which does not make any sense). This fixes the uart_AO_B configuration by moving it to GPIOAO_4 and GPIOAO_5 (it would be possible to use GPIOAO_0 and GPIOAO_1 in theory, but all existing hardware uses uart_AO_A there). The fix for GXBB and GXL/GXM is identical since it seems that these specific pins are identical on both SoC variants. Signed-off-by: Martin Blumenstingl Reviewed-by: Kevin Hilman Signed-off-by: Linus Walleij drivers/pinctrl/meson/pinctrl-meson-gxbb.c | 7 +++---- drivers/pinctrl/meson/pinctrl-meson-gxl.c | 7 +++---- 2 files changed, 6 insertions(+), 8 deletions(-) commit 739e6f5945d88dcee01590913f6886132a10c215 Author: Linus Walleij Date: Wed Jan 11 13:37:07 2017 +0100 gpio: provide lockdep keys for nested/unnested irqchips The helper function for adding a GPIO chip compiles in a lockdep key for debugging, the same key is needed for nested chips as well. The macro construction is unreadable, replace this with two static inlines instead. The _gpiochip_irqchip_add prefixed function is not helpful, rename it with gpiochip_irqchip_add_key() that tell us what the function is actually doing. Fixes: d245b3f9bd36 ("gpio: simplify adding threaded interrupts") Cc: Roger Quadros Reported-by: Clemens Gruber Reported-by: Roger Quadros Reported-by: Grygorii Strashko Tested-by: Clemens Gruber Tested-by: Grygorii Strashko Signed-off-by: Linus Walleij drivers/gpio/gpiolib.c | 18 ++++++------ include/linux/gpio/driver.h | 70 ++++++++++++++++++++++++++++++++------------- 2 files changed, 59 insertions(+), 29 deletions(-) commit 24d615a694d649aa2e167c3f97f62bdad07e3f84 Author: Aleksander Morgado Date: Wed Jan 18 21:31:31 2017 +0100 USB: serial: qcserial: add Dell DW5570 QDL The Dell DW5570 is a re-branded Sierra Wireless MC8805 which will by default boot with vid 0x413c and pid 0x81a3. When triggered QDL download mode, the device switches to pid 0x81a6 and provides the standard TTY used for firmware upgrade. Cc: Signed-off-by: Aleksander Morgado Signed-off-by: Johan Hovold drivers/usb/serial/qcserial.c | 1 + 1 file changed, 1 insertion(+) commit b5b46c4740aed1538544f0fa849c5b76c7823469 Author: Jiri Slaby Date: Wed Jan 18 14:29:21 2017 +0100 objtool: Fix IRET's opcode The IRET opcode is 0xcf according to the Intel manual and also to objdump of my vmlinux: 1ea8: 48 cf iretq Fix the opcode in arch_decode_instruction(). The previous value (0xc5) seems to correspond to LDS. Signed-off-by: Jiri Slaby Acked-by: Josh Poimboeuf Cc: Andy Lutomirski Cc: Borislav Petkov Cc: Brian Gerst Cc: Denys Vlasenko Cc: H. Peter Anvin Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20170118132921.19319-1-jslaby@suse.cz Signed-off-by: Ingo Molnar tools/objtool/arch/x86/decode.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d0e73e2ac6a6b157159e1e62f981c06d29f42336 Author: Vineet Gupta Date: Tue Jan 17 11:09:18 2017 -0800 ARC: Revert "ARC: mm: IOC: Don't enable IOC by default" The programming model has been fixed with prev patches so re-enable it by default This reverts commit 23cb1f644019bac49d87b4dd7c1eac0569cc4f53. Signed-off-by: Vineet Gupta arch/arc/mm/cache.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 76894a72a0d7e0759de272bf3f4d2279ebd86d0b Author: Vineet Gupta Date: Wed Jan 18 15:10:52 2017 -0800 ARC: mm: split arc_cache_init to allow __init reaping of bulk arc_cache_init() is called for each core so can't be tagged __init. However bulk of it is only executed by master core and thus is candidate for __init reaping. So split it up to allow that. Signed-off-by: Vineet Gupta arch/arc/mm/cache.c | 33 +++++++++++++++++++-------------- 1 file changed, 19 insertions(+), 14 deletions(-) commit e47a8b172972ef10246e72e9277d27e3119e35ab Merge: f7bcd4b 1ea6af3 Author: Olof Johansson Date: Wed Jan 18 16:11:03 2017 -0800 Merge tag 'omap-for-v4.10/fixes-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap into fixes Fixes for omaps for v4.10-rc cycle. Mostly a DMA regression fix for omap1, and then a handful of trivial fixes for boards and devices to work: - Fixes TI wilink bluetooth strange platform data baud rate - Remove duplicate pinmux line for am335x-icev2 - Fix omap1 dma regression - Fix uninitialized return value for wkup_m3_ipc_probe() - Fix Ethernet PHY binding typo for dra72-evm - Fix init for omap5 and dra7 sata ports - Fix mmc card detect pin for Logic PD SOM-LV * tag 'omap-for-v4.10/fixes-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap: ARM: dts: omap3: Fix Card Detect and Write Protect on Logic PD SOM-LV ARM: dts: OMAP5 / DRA7: indicate that SATA port 0 is available. ARM: dts: dra72-evm-revc: fix typo in ethernet-phy node soc: ti: wkup_m3_ipc: Fix error return code in wkup_m3_ipc_probe() ARM: OMAP1: DMA: Correct the number of logical channels ARM: dts: am335x-icev2: Remove the duplicated pinmux setting ARM: OMAP2+: Fix WL1283 Bluetooth Baud Rate Signed-off-by: Olof Johansson commit e497c8e52a83ebb5309ab41c8851c9cb53f28b73 Author: Vineet Gupta Date: Wed Jan 18 12:59:21 2017 -0800 ARCv2: IOC: Use actual memory size to setup aperture size vs. fixed 512M before. But this still assumes that all of memory is under IOC which may not be true for the SoC. Improve that later when this becomes a real issue, by specifying this from DT. Signed-off-by: Vineet Gupta arch/arc/include/asm/setup.h | 1 + arch/arc/mm/cache.c | 12 ++++++++++-- arch/arc/mm/init.c | 5 +++++ 3 files changed, 16 insertions(+), 2 deletions(-) commit 8c47f83ba45928ce9495fcf1b29e828c28e3c839 Author: Vineet Gupta Date: Wed Jun 22 16:01:19 2016 +0530 ARCv2: IOC: Adhere to progamming model guidelines to avoid DMA corruption On AXS103 release bitfiles, DMA data corruptions were seen because IOC setup was not following the recommended way in documentation. Flipping IOC on when caches are enabled or coherency transactions are in flight, might cause some of the memory operations to not observe coherency as expected. So strictly follow the programming model recommendations as documented in comment header above arc_ioc_setup() Signed-off-by: Vineet Gupta arch/arc/include/asm/cache.h | 7 ++++--- arch/arc/mm/cache.c | 46 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 50 insertions(+), 3 deletions(-) commit d4911cdd3270da45d3a1c55bf28e88a932bbba7b Author: Vineet Gupta Date: Wed Jun 22 15:43:22 2016 +0530 ARCv2: IOC: refactor the IOC and SLC operations into own functions - Move IOC setup into arc_ioc_setup() - Move SLC disabling into arc_slc_disable() Signed-off-by: Vineet Gupta arch/arc/include/asm/cache.h | 2 +- arch/arc/mm/cache.c | 68 ++++++++++++++++++++++++++++++-------------- 2 files changed, 48 insertions(+), 22 deletions(-) commit 88a7503376f4f3bf303c809d1a389739e1205614 Author: Keith Busch Date: Wed Jan 18 17:21:15 2017 -0500 blk-mq: Remove unused variable Signed-off-by: Keith Busch Reviewed-by: Christoph Hellwig Reviewed-by: Sagi Grimberg Signed-off-by: Jens Axboe block/blk-mq.c | 1 - 1 file changed, 1 deletion(-) commit d407bd25a204bd66b7346dde24bd3d37ef0e0b05 Author: Daniel Borkmann Date: Wed Jan 18 15:14:17 2017 +0100 bpf: don't trigger OOM killer under pressure with map alloc This patch adds two helpers, bpf_map_area_alloc() and bpf_map_area_free(), that are to be used for map allocations. Using kmalloc() for very large allocations can cause excessive work within the page allocator, so i) fall back earlier to vmalloc() when the attempt is considered costly anyway, and even more importantly ii) don't trigger OOM killer with any of the allocators. Since this is based on a user space request, for example, when creating maps with element pre-allocation, we really want such requests to fail instead of killing other user space processes. Also, don't spam the kernel log with warnings should any of the allocations fail under pressure. Given that, we can make backend selection in bpf_map_area_alloc() generic, and convert all maps over to use this API for spots with potentially large allocation requests. Note, replacing the one kmalloc_array() is fine as overflow checks happen earlier in htab_map_alloc(), since it must also protect the multiplication for vmalloc() should kmalloc_array() fail. Signed-off-by: Daniel Borkmann Acked-by: Alexei Starovoitov Signed-off-by: David S. Miller include/linux/bpf.h | 2 ++ kernel/bpf/arraymap.c | 18 +++++++----------- kernel/bpf/hashtab.c | 22 +++++++++------------- kernel/bpf/stackmap.c | 20 ++++++++------------ kernel/bpf/syscall.c | 26 ++++++++++++++++++++++++++ 5 files changed, 52 insertions(+), 36 deletions(-) commit 9ed59592e3e379b2e9557dc1d9e9ec8fcbb33f16 Author: David Ahern Date: Tue Jan 17 14:57:36 2017 -0800 lwtunnel: fix autoload of lwt modules Trying to add an mpls encap route when the MPLS modules are not loaded hangs. For example: CONFIG_MPLS=y CONFIG_NET_MPLS_GSO=m CONFIG_MPLS_ROUTING=m CONFIG_MPLS_IPTUNNEL=m $ ip route add 10.10.10.10/32 encap mpls 100 via inet 10.100.1.2 The ip command hangs: root 880 826 0 21:25 pts/0 00:00:00 ip route add 10.10.10.10/32 encap mpls 100 via inet 10.100.1.2 $ cat /proc/880/stack [] call_usermodehelper_exec+0xd6/0x134 [] __request_module+0x27b/0x30a [] lwtunnel_build_state+0xe4/0x178 [] fib_create_info+0x47f/0xdd4 [] fib_table_insert+0x90/0x41f [] inet_rtm_newroute+0x4b/0x52 ... modprobe is trying to load rtnl-lwt-MPLS: root 881 5 0 21:25 ? 00:00:00 /sbin/modprobe -q -- rtnl-lwt-MPLS and it hangs after loading mpls_router: $ cat /proc/881/stack [] rtnl_lock+0x12/0x14 [] register_netdevice_notifier+0x16/0x179 [] mpls_init+0x25/0x1000 [mpls_router] [] do_one_initcall+0x8e/0x13f [] do_init_module+0x5a/0x1e5 [] load_module+0x13bd/0x17d6 ... The problem is that lwtunnel_build_state is called with rtnl lock held preventing mpls_init from registering. Given the potential references held by the time lwtunnel_build_state it can not drop the rtnl lock to the load module. So, extract the module loading code from lwtunnel_build_state into a new function to validate the encap type. The new function is called while converting the user request into a fib_config which is well before any table, device or fib entries are examined. Fixes: 745041e2aaf1 ("lwtunnel: autoload of lwt modules") Signed-off-by: David Ahern Signed-off-by: David S. Miller include/net/lwtunnel.h | 11 +++++++++ net/core/lwtunnel.c | 62 ++++++++++++++++++++++++++++++++++++++++++++----- net/ipv4/fib_frontend.c | 8 +++++++ net/ipv6/route.c | 12 +++++++++- 4 files changed, 86 insertions(+), 7 deletions(-) commit 719ca8111402aa6157bd83a3c966d184db0d8956 Author: Michael Chan Date: Tue Jan 17 22:07:19 2017 -0500 bnxt_en: Fix "uninitialized variable" bug in TPA code path. In the TPA GRO code path, initialize the tcp_opt_len variable to 0 so that it will be correct for packets without TCP timestamps. The bug caused the SKB fields to be incorrectly set up for packets without TCP timestamps, leading to these packets being rejected by the stack. Reported-by: Andy Gospodarek Acked-by: Andy Gospodarek Signed-off-by: Michael Chan Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/bnxt/bnxt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit fb1d8e0e2c50f374cfc244564decfc3f0a336cb4 Merge: fa19a76 1cb51a1 Author: Linus Torvalds Date: Wed Jan 18 13:58:38 2017 -0800 Merge tag 'upstream-4.10-rc5' of git://git.infradead.org/linux-ubifs Pull UBIFS fixes from Richard Weinberger: "This contains fixes for UBIFS: - a long standing issue in UBIFS journal replay code - fallout from the merge window" * tag 'upstream-4.10-rc5' of git://git.infradead.org/linux-ubifs: ubifs: Fix journal replay wrt. xattr nodes ubifs: remove redundant checks for encryption key ubifs: allow encryption ioctls in compat mode ubifs: add CONFIG_BLOCK dependency for encryption ubifs: fix unencrypted journal write ubifs: ensure zero err is returned on successful return commit cd33b3e0da43522ff8e8f2b2b71d3d08298512b0 Author: Daniel Gonzalez Cabanelas Date: Tue Jan 17 16:26:55 2017 -0800 net: phy: bcm63xx: Utilize correct config_intr function Commit a1cba5613edf ("net: phy: Add Broadcom phy library for common interfaces") make the BCM63xx PHY driver utilize bcm_phy_config_intr() which would appear to do the right thing, except that it does not write to the MII_BCM63XX_IR register but to MII_BCM54XX_ECR which is different. This would be causing invalid link parameters and events from being generated by the PHY interrupt. Fixes: a1cba5613edf ("net: phy: Add Broadcom phy library for common interfaces") Signed-off-by: Daniel Gonzalez Cabanelas Signed-off-by: Florian Fainelli Signed-off-by: David S. Miller drivers/net/phy/bcm63xx.c | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) commit fd29f7af75b7adf250beccffa63746c6a88e2b74 Author: Arnd Bergmann Date: Wed Jan 18 12:39:21 2017 -0800 xfs: fix xfs_mode_to_ftype() prototype A harmless warning just got introduced: fs/xfs/libxfs/xfs_dir2.h:40:8: error: type qualifiers ignored on function return type [-Werror=ignored-qualifiers] Removing the 'const' modifier avoids the warning and has no other effect. Fixes: 1fc4d33fed12 ("xfs: replace xfs_mode_to_ftype table with switch statement") Signed-off-by: Arnd Bergmann Reviewed-by: Christoph Hellwig Reviewed-by: Darrick J. Wong Signed-off-by: Darrick J. Wong fs/xfs/libxfs/xfs_dir2.c | 2 +- fs/xfs/libxfs/xfs_dir2.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) commit 7be2c82cfd5d28d7adb66821a992604eb6dd112e Author: Eric Dumazet Date: Wed Jan 18 12:12:17 2017 -0800 net: fix harmonize_features() vs NETIF_F_HIGHDMA Ashizuka reported a highmem oddity and sent a patch for freescale fec driver. But the problem root cause is that core networking stack must ensure no skb with highmem fragment is ever sent through a device that does not assert NETIF_F_HIGHDMA in its features. We need to call illegal_highdma() from harmonize_features() regardless of CSUM checks. Fixes: ec5f06156423 ("net: Kill link between CSUM and SG features.") Signed-off-by: Eric Dumazet Cc: Pravin Shelar Reported-by: "Ashizuka, Yuusuke" Signed-off-by: David S. Miller net/core/dev.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit d89ede6d8f029d3435d8a1602d21e5be68831369 Merge: 6acbe37 f16f1df Author: David S. Miller Date: Wed Jan 18 15:11:21 2017 -0500 Merge branch 'xen-netback-leaks' Igor Druzhinin says: ==================== xen-netback: fix memory leaks on XenBus disconnect Just split the initial patch in two as proposed by Wei. Since the approach for locking netdev statistics is inconsistent (tends not to have any locking at all) accross the kernel we'd better to rely on our internal lock for this purpose. ==================== Signed-off-by: David S. Miller commit f16f1df65f1cf139ff9e9f84661e6573d6bb27fc Author: Igor Druzhinin Date: Tue Jan 17 20:49:38 2017 +0000 xen-netback: protect resource cleaning on XenBus disconnect vif->lock is used to protect statistics gathering agents from using the queue structure during cleaning. Signed-off-by: Igor Druzhinin Acked-by: Wei Liu Reviewed-by: Paul Durrant Signed-off-by: David S. Miller drivers/net/xen-netback/interface.c | 6 ++++-- drivers/net/xen-netback/xenbus.c | 2 ++ 2 files changed, 6 insertions(+), 2 deletions(-) commit 9a6cdf52b85ea5fb21d2bb31e4a7bc61b79923a7 Author: Igor Druzhinin Date: Tue Jan 17 20:49:37 2017 +0000 xen-netback: fix memory leaks on XenBus disconnect Eliminate memory leaks introduced several years ago by cleaning the queue resources which are allocated on XenBus connection event. Namely, queue structure array and pages used for IO rings. Signed-off-by: Igor Druzhinin Reviewed-by: Paul Durrant Acked-by: Wei Liu Signed-off-by: David S. Miller drivers/net/xen-netback/xenbus.c | 11 +++++++++++ 1 file changed, 11 insertions(+) commit 3fd0b634de7d6b9a85f34a4cf9d8afc1df465cc9 Author: Arnd Bergmann Date: Fri Jan 13 16:41:03 2017 +0100 netfilter: ipt_CLUSTERIP: fix build error without procfs We can't access c->pde if CONFIG_PROC_FS is disabled: net/ipv4/netfilter/ipt_CLUSTERIP.c: In function 'clusterip_config_find_get': net/ipv4/netfilter/ipt_CLUSTERIP.c:147:9: error: 'struct clusterip_config' has no member named 'pde' This moves the check inside of another #ifdef. Fixes: 6c5d5cfbe3c5 ("netfilter: ipt_CLUSTERIP: check duplicate config when initializing") Signed-off-by: Arnd Bergmann Signed-off-by: Pablo Neira Ayuso net/ipv4/netfilter/ipt_CLUSTERIP.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) commit 6acbe3716034a159f2e9a810631e40bc85af0458 Merge: 003ecadd 639e9e9 Author: David S. Miller Date: Wed Jan 18 14:58:24 2017 -0500 Merge branch 'ethtool-set-channels-fix' Tariq Toukan says: ==================== ethtool fix This patchset from Eran contains a fix to ethtool set_channels, where the call to get_channels with an uninitialized parameter might result in garbage fields. It also contains two followup changes in our mlx4/mlx5 Eth drivers. Series generated against net commit: 0faa9cb5b383 net sched actions: fix refcnt when GETing of action after bind ==================== Signed-off-by: David S. Miller commit 639e9e94160e59469305fc2c5e6f9c2733744958 Author: Eran Ben Elisha Date: Tue Jan 17 19:19:19 2017 +0200 net/mlx5e: Remove unnecessary checks when setting num channels Boundaries checks for the number of RX and TX should be checked by the caller and not in the driver. Signed-off-by: Eran Ben Elisha Signed-off-by: Tariq Toukan Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/en_ethtool.c | 10 ---------- 1 file changed, 10 deletions(-) commit e91ef71dfe834e11b57411f1715cd2e2bb4401f1 Author: Eran Ben Elisha Date: Tue Jan 17 19:19:18 2017 +0200 net/mlx4_en: Remove unnecessary checks when setting num channels Boundaries checks for the number of RX, TX, other and combined channels should be checked by the caller and not in the driver. In addition, remove wrong memset on get channels as it overrides the cmd field in the requester struct. Signed-off-by: Eran Ben Elisha Signed-off-by: Tariq Toukan Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx4/en_ethtool.c | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) commit 31a86d137219373c3222ca5f4f912e9a4d8065bb Author: Eran Ben Elisha Date: Tue Jan 17 19:19:17 2017 +0200 net: ethtool: Initialize buffer when querying device channel settings Ethtool channels respond struct was uninitialized when querying device channel boundaries settings. As a result, unreported fields by the driver hold garbage. This may cause sending unsupported params to driver. Fixes: 8bf368620486 ('ethtool: ensure channel counts are within bounds ...') Signed-off-by: Eran Ben Elisha Signed-off-by: Tariq Toukan CC: John W. Linville Signed-off-by: David S. Miller net/core/ethtool.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit fa19a769f82fb9a5ca000b83cacd13fcaeda51ac Merge: ca92e6c 90f92c6 Author: Linus Torvalds Date: Wed Jan 18 11:19:32 2017 -0800 Merge branch 'fixes' of git://git.armlinux.org.uk/~rmk/linux-arm Pull ARM fixes from Russell King: "A few ARM fixes: - fix a crash while performing TLB maintanence on early ARM SMP cores - blacklist Scorpion CPUs for hardware breakpoints - ARMs asm/types.h has been included as part of the UAPI due to the way the makefiles work, move it to uapi/asm/types.h to make it official - fix up ftrace syscall name matching" * 'fixes' of git://git.armlinux.org.uk/~rmk/linux-arm: ARM: 8613/1: Fix the uaccess crash on PB11MPCore MAINTAINERS: update rmk's entries ARM: put types.h in uapi ARM: 8634/1: hw_breakpoint: blacklist Scorpion CPUs ARM: 8632/1: ftrace: fix syscall name matching commit eb1357d942e5d96de6b4c20a8ffa55acf96233a2 Author: Vineet Gupta Date: Mon Jan 16 10:48:09 2017 -0800 ARC: module: Fix !CONFIG_ARC_DW2_UNWIND builds commit d65283f7b695b5 added mod->arch.secstr under CONFIG_ARC_DW2_UNWIND, but used it unconditionally which broke builds when the option was disabled. Fix that by adjusting the #ifdef guard. And while at it add a missing guard (for unwinder) in module.c as well Reported-by: Waldemar Brodkorb Cc: stable@vger.kernel.org #4.9 Fixes: d65283f7b695b5 ("ARC: module: elide loop to save reference to .eh_frame") Tested-by: Anton Kolesov Reviewed-by: Alexey Brodkin [abrodkin: provided fixlet to Kconfig per failure in allnoconfig build] Signed-off-by: Vineet Gupta arch/arc/Kconfig | 2 +- arch/arc/include/asm/module.h | 4 ++-- arch/arc/kernel/module.c | 4 +++- 3 files changed, 6 insertions(+), 4 deletions(-) commit ca92e6c7e6329029d7188487a5c32e86ef471977 Merge: 0b75f82 4205e47 Author: Linus Torvalds Date: Wed Jan 18 11:13:41 2017 -0800 Merge branch 'smp-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull SMP hotplug update from Thomas Gleixner: "This contains a trivial typo fix and an extension to the core code for dynamically allocating states in the prepare stage. The extension is necessary right now because we need a proper way to unbreak LTTNG, which iscurrently non functional due to the removal of the notifiers. Surely it's out of tree, but it's widely used by distros. The simple solution would have been to reserve a state for LTTNG, but I'm not fond about unused crap in the kernel and the dynamic range, which we admittedly should have done right away, allows us to remove quite some of the hardcoded states, i.e. those which have no ordering requirements. So doing the right thing now is better than having an smaller intermediate solution which needs to be reworked anyway" * 'smp-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: cpu/hotplug: Provide dynamic range for prepare stage perf/x86/amd/ibs: Fix typo after cleanup state names in cpu/hotplug commit 0b75f821ec8be459dd4dec77be39595d989d77ac Merge: 49b550f bc7c36e Author: Linus Torvalds Date: Wed Jan 18 11:12:13 2017 -0800 Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull timer fix from Ingo Molnar: "Fix a crash in the ARM-Exynos clocksource driver, triggered by CPU hotplug operations" * 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: clocksource/exynos_mct: Clear interrupt when cpu is shut down commit 49b550fee80b5f36b961640666f7945d7ec63000 Merge: 9da96f9 3e4f7a4 Author: Linus Torvalds Date: Wed Jan 18 10:47:11 2017 -0800 Merge branch 'rcu-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull RCU fixes from Ingo Molnar: "This fixes sporadic ACPI related hangs in synchronize_rcu() that were caused by the ACPI code mistakenly relying on an aspect of RCU that was neither promised to work nor reliable but which happened to work - until in v4.9 we changed the RCU implementation, which made the hangs more prominent. Since the mis-use of the RCU facility wasn't properly detected and prevented either, these fixes make the RCU side work reliably instead of working around the problem in the ACPI code. Hence the slightly larger diffstat that goes beyond the normal scope of RCU fixes in -rc kernels" * 'rcu-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: rcu: Narrow early boot window of illegal synchronous grace periods rcu: Remove cond_resched() from Tiny synchronize_sched() commit 9da96f99f15169b8bf77a1f27ed6d926f82ea59f Merge: 0aa0313 31f5260 Author: Linus Torvalds Date: Wed Jan 18 10:45:22 2017 -0800 Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull perf fixes from Ingo Molnar: "An Intel PMU driver hotplug fix and three 'perf probe' tooling fixes" * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: perf/x86/intel: Handle exclusive threadid correctly on CPU hotplug perf probe: Fix to probe on gcc generated functions in modules perf probe: Add error checks to offline probe post-processing perf probe: Fix to show correct locations for events on modules commit ad9e202aa1ce571b1d7fed969d06f66067f8a086 Author: Dave Martin Date: Wed Jan 18 16:25:24 2017 +0000 arm64/ptrace: Reject attempts to set incomplete hardware breakpoint fields We cannot preserve partial fields for hardware breakpoints, because the values written by userspace to the hardware breakpoint registers can't subsequently be recovered intact from the hardware. So, just reject attempts to write incomplete fields with -EINVAL. Cc: # 3.7.x- Fixes: 478fcb2cdb23 ("arm64: Debugging support") Signed-off-by: Dave Martin Acked-by: Will Deacon Signed-off-by: Catalin Marinas arch/arm64/kernel/ptrace.c | 4 ++++ 1 file changed, 4 insertions(+) commit aeb1f39d814b2e21e5e5706a48834bfd553d0059 Author: Dave Martin Date: Wed Jan 18 16:25:23 2017 +0000 arm64/ptrace: Avoid uninitialised struct padding in fpr_set() This patch adds an explicit __reserved[] field to user_fpsimd_state to replace what was previously unnamed padding. This ensures that data in this region are propagated across assignment rather than being left possibly uninitialised at the destination. Cc: # 3.7.x- Fixes: 60ffc30d5652 ("arm64: Exception handling") Signed-off-by: Dave Martin Acked-by: Will Deacon Signed-off-by: Catalin Marinas arch/arm64/include/uapi/asm/ptrace.h | 1 + 1 file changed, 1 insertion(+) commit a672401c00f82e4e19704aff361d9bad18003714 Author: Dave Martin Date: Wed Jan 18 16:25:22 2017 +0000 arm64/ptrace: Preserve previous registers for short regset write Ensure that if userspace supplies insufficient data to PTRACE_SETREGSET to fill all the registers, the thread's old registers are preserved. Cc: # 4.3.x- Fixes: 5d220ff9420f ("arm64: Better native ptrace support for compat tasks") Signed-off-by: Dave Martin Acked-by: Will Deacon Signed-off-by: Catalin Marinas arch/arm64/kernel/ptrace.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 9dd73f72f218320c6c90da5f834996e7360dc227 Author: Dave Martin Date: Wed Jan 18 16:25:21 2017 +0000 arm64/ptrace: Preserve previous registers for short regset write Ensure that if userspace supplies insufficient data to PTRACE_SETREGSET to fill all the registers, the thread's old registers are preserved. Cc: # 3.19.x- Fixes: 766a85d7bc5d ("arm64: ptrace: add NT_ARM_SYSTEM_CALL regset") Signed-off-by: Dave Martin Acked-by: Will Deacon Signed-off-by: Catalin Marinas arch/arm64/kernel/ptrace.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 9a17b876b573441bfb3387ad55d98bf7184daf9d Author: Dave Martin Date: Wed Jan 18 16:25:20 2017 +0000 arm64/ptrace: Preserve previous registers for short regset write Ensure that if userspace supplies insufficient data to PTRACE_SETREGSET to fill all the registers, the thread's old registers are preserved. Cc: # 3.7.x- Fixes: 478fcb2cdb23 ("arm64: Debugging support") Signed-off-by: Dave Martin Acked-by: Will Deacon Signed-off-by: Catalin Marinas arch/arm64/kernel/ptrace.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) commit 6df8c9d80a27cb587f61b4f06b57e248d8bc3f86 Author: Jeff Layton Date: Thu Jan 12 14:42:41 2017 -0500 ceph: fix bad endianness handling in parse_reply_info_extra sparse says: fs/ceph/mds_client.c:291:23: warning: restricted __le32 degrades to integer fs/ceph/mds_client.c:293:28: warning: restricted __le32 degrades to integer fs/ceph/mds_client.c:294:28: warning: restricted __le32 degrades to integer fs/ceph/mds_client.c:296:28: warning: restricted __le32 degrades to integer The op value is __le32, so we need to convert it before comparing it. Cc: stable@vger.kernel.org # needs backporting for < 3.14 Signed-off-by: Jeff Layton Reviewed-by: Sage Weil Signed-off-by: Ilya Dryomov fs/ceph/mds_client.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) commit fe2ed42517533068ac03eed5630fffafff27eacf Author: Jeff Layton Date: Thu Jan 12 14:42:39 2017 -0500 ceph: fix endianness bug in frag_tree_split_cmp sparse says: fs/ceph/inode.c:308:36: warning: incorrect type in argument 1 (different base types) fs/ceph/inode.c:308:36: expected unsigned int [unsigned] [usertype] a fs/ceph/inode.c:308:36: got restricted __le32 [usertype] frag fs/ceph/inode.c:308:46: warning: incorrect type in argument 2 (different base types) fs/ceph/inode.c:308:46: expected unsigned int [unsigned] [usertype] b fs/ceph/inode.c:308:46: got restricted __le32 [usertype] frag We need to convert these values to host-endian before calling the comparator. Fixes: a407846ef7c6 ("ceph: don't assume frag tree splits in mds reply are sorted") Signed-off-by: Jeff Layton Reviewed-by: Sage Weil Signed-off-by: Ilya Dryomov fs/ceph/inode.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 1097680d759918ce4a8705381c0ab2ed7bd60cf1 Author: Jeff Layton Date: Thu Jan 12 14:42:38 2017 -0500 ceph: fix endianness of getattr mask in ceph_d_revalidate sparse says: fs/ceph/dir.c:1248:50: warning: incorrect type in assignment (different base types) fs/ceph/dir.c:1248:50: expected restricted __le32 [usertype] mask fs/ceph/dir.c:1248:50: got int [signed] [assigned] mask Fixes: 200fd27c8fa2 ("ceph: use lookup request to revalidate dentry") Signed-off-by: Jeff Layton Reviewed-by: Sage Weil Signed-off-by: Ilya Dryomov fs/ceph/dir.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 124f930b8cbc4ac11236e6eb1c5f008318864588 Author: Ilya Dryomov Date: Mon Jan 16 19:16:46 2017 +0100 libceph: make sure ceph_aes_crypt() IV is aligned ... otherwise the crypto stack will align it for us with a GFP_ATOMIC allocation and a memcpy() -- see skcipher_walk_first(). Signed-off-by: Ilya Dryomov net/ceph/crypto.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 6e09d0fb64402cec579f029ca4c7f39f5c48fc60 Author: Yan, Zheng Date: Thu Dec 22 16:05:43 2016 +0800 ceph: fix ceph_get_caps() interruption Commit 5c341ee32881 ("ceph: fix scheduler warning due to nested blocking") causes infinite loop when process is interrupted. Fix it. Signed-off-by: Yan, Zheng Signed-off-by: Ilya Dryomov fs/ceph/caps.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) commit 003ecadd2e5686d39630f89fa72102c28d91c475 Merge: 93b43fd befa601 Author: David S. Miller Date: Wed Jan 18 11:36:41 2017 -0500 Merge tag 'linux-can-fixes-for-4.10-20170118' of git://git.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can Marc Kleine-Budde says: ==================== pull-request: can 2017-01-18 this is a pull request for net/master consisting of two patches. In the first patch Einar Jón fixes a NULL-pointer-deref in the c_can_pci driver. In the second patch Yegor Yefremov fixes the clock handling in the ti_hecc driver. ==================== Signed-off-by: David S. Miller commit b98acbff9a05b371c5f0ca6e44a3af8ce9274379 Author: Colin Ian King Date: Wed Jan 11 15:36:20 2017 +0000 regulator: twl6030: fix range comparison, allowing vsel = 59 The range min_uV > 1350000 && min_uV <= 150000 is never reachable because of a typo in the previous range check and hence vsel = 59 is never reached. Fix the previous range check to enable the vsel = 59 setting. Fixes CoverityScan CID#728454 ("Logially dead code") Signed-off-by: Colin Ian King Signed-off-by: Mark Brown drivers/regulator/twl6030-regulator.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 020eb3daaba2857b32c4cf4c82f503d6a00a67de Author: Ruslan Ruslichenko Date: Tue Jan 17 16:13:52 2017 +0200 x86/ioapic: Restore IO-APIC irq_chip retrigger callback commit d32932d02e18 removed the irq_retrigger callback from the IO-APIC chip and did not add it to the new IO-APIC-IR irq chip. Unfortunately the software resend fallback is not enabled on X86, so edge interrupts which are received during the lazy disabled state of the interrupt line are not retriggered and therefor lost. Restore the callbacks. [ tglx: Massaged changelog ] Fixes: d32932d02e18 ("x86/irq: Convert IOAPIC to use hierarchical irqdomain interfaces") Signed-off-by: Ruslan Ruslichenko Cc: xe-linux-external@cisco.com Cc: stable@vger.kernel.org Link: http://lkml.kernel.org/r/1484662432-13580-1-git-send-email-rruslich@cisco.com Signed-off-by: Thomas Gleixner arch/x86/kernel/apic/io_apic.c | 2 ++ 1 file changed, 2 insertions(+) commit 3bfdfdcbce2796ce75bf2d85fd8471858d702e5d Author: Ville Syrjälä Date: Mon Nov 7 22:20:54 2016 +0200 drm/i915: Ignore bogus plane coordinates on SKL when the plane is not visible When the plane is invisible we may have all sorts of bogus stuff in the coordinates, which we must ignore or else we might fail the plane update. This started to happen on SKL when I moved the plane offset computation to happen in the check phase. Previously we happily ignored it all since we never called the update_plane hook with an invisible plane. Cc: Sivakumar Thulasimani Cc: drm-intel-fixes@lists.freedesktop.org Fixes: b63a16f6cd89 ("drm/i915: Compute display surface offset in the plane check hook for SKL+") Signed-off-by: Ville Syrjälä Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=98258 Testcase: igt/pm_rpm/legacy-planes Testcase: igt/pm_rpm/universal-planes Reviewed-by: Matt Roper Signed-off-by: Matt Roper Link: http://patchwork.freedesktop.org/patch/msgid/1478550057-24864-3-git-send-email-ville.syrjala@linux.intel.com (cherry picked from commit a5e4c7d0aa6784d8abe95c3ceef0da9656d17468) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_display.c | 3 +++ 1 file changed, 3 insertions(+) commit 4fc020d864647ea3ae8cb8f17d63e48e87ebd0bf Author: Francisco Jerez Date: Thu Jan 12 12:44:54 2017 +0200 drm/i915: Remove WaDisableLSQCROPERFforOCL KBL workaround. The WaDisableLSQCROPERFforOCL workaround has the side effect of disabling an L3SQ optimization that has huge performance implications and is unlikely to be necessary for the correct functioning of usual graphic workloads. Userspace is free to re-enable the workaround on demand, and is generally in a better position to determine whether the workaround is necessary than the DRM is (e.g. only during the execution of compute kernels that rely on both L3 fences and HDC R/W requests). The same workaround seems to apply to BDW (at least to production stepping G1) and SKL as well (the internal workaround database claims that it does for all steppings, while the BSpec workaround table only mentions pre-production steppings), but the DRM doesn't do anything beyond whitelisting the L3SQCREG4 register so userspace can enable it when it sees fit. Do the same on KBL platforms. Improves performance of the GFXBench4 gl_manhattan31 benchmark by 60%, and gl_4 (AKA car chase) by 14% on a KBL GT2 running Mesa master -- This is followed by a regression of 35% and 10% respectively for the same benchmarks and platform caused by my recent patch series switching userspace to use the dataport constant cache instead of the sampler to implement uniform pull constant loads, which caused us to hit more heavily the L3 cache (and on platforms other than KBL had the opposite effect of improving performance of the same two benchmarks). The overall effect on KBL of this change combined with the recent userspace change is respectively 4.6% and 2.6%. SynMark2 OglShMapPcf was affected by the constant cache changes (though it improved as it did on other platforms rather than regressing), but is not significantly affected by this patch (with statistical significance of 5% and sample size 20). v2: Drop some more code to avoid unused variable warning. Fixes: 738fa1b3123f ("drm/i915/kbl: Add WaDisableLSQCROPERFforOCL") Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=99256 Signed-off-by: Francisco Jerez Cc: Matthew Auld Cc: Eero Tamminen Cc: Jani Nikula Cc: Mika Kuoppala Cc: beignet@lists.freedesktop.org Cc: # v4.7+ Reviewed-by: Mika Kuoppala [Removed double Fixes tag] Signed-off-by: Mika Kuoppala Link: http://patchwork.freedesktop.org/patch/msgid/1484217894-20505-1-git-send-email-mika.kuoppala@intel.com (cherry picked from commit 8726f2faa371514fba2f594d799db95203dfeee0) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_lrc.c | 10 ---------- drivers/gpu/drm/i915/intel_ringbuffer.c | 8 -------- 2 files changed, 18 deletions(-) commit 4c7d0c9cb713a28b133b265d595de2a93ee09712 Author: Amir Goldstein Date: Wed Jan 18 15:19:54 2017 +0100 ovl: fix possible use after free on redirect dir lookup ovl_lookup_layer() iterates on path elements of d->name.name but also frees and allocates a new pointer for d->name.name. For the case of lookup in upper layer, the initial d->name.name pointer is stable (dentry->d_name), but for lower layers, the initial d->name.name can be d->redirect, which can be freed during iteration. [SzM] Keep the count of remaining characters in the redirect path and calculate the current position from that. This works becuase only the prefix is modified, the ending always stays the same. Fixes: 02b69b284cd7 ("ovl: lookup redirects") Signed-off-by: Amir Goldstein Signed-off-by: Miklos Szeredi fs/overlayfs/namei.c | 27 ++++++++++++++++++--------- 1 file changed, 18 insertions(+), 9 deletions(-) commit befa60113ce7ea270cb51eada28443ca2756f480 Author: Yegor Yefremov Date: Wed Jan 18 11:35:57 2017 +0100 can: ti_hecc: add missing prepare and unprepare of the clock In order to make the driver work with the common clock framework, this patch converts the clk_enable()/clk_disable() to clk_prepare_enable()/clk_disable_unprepare(). Also add error checking for clk_prepare_enable(). Signed-off-by: Yegor Yefremov Cc: linux-stable Signed-off-by: Marc Kleine-Budde drivers/net/can/ti_hecc.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) commit c97c52be78b8463ac5407f1cf1f22f8f6cf93a37 Author: Einar Jón Date: Fri Aug 12 13:50:41 2016 +0200 can: c_can_pci: fix null-pointer-deref in c_can_start() - set device pointer The priv->device pointer for c_can_pci is never set, but it is used without a NULL check in c_can_start(). Setting it in c_can_pci_probe() like c_can_plat_probe() prevents c_can_pci.ko from crashing, with and without CONFIG_PM. This might also cause the pm_runtime_*() functions in c_can.c to actually be executed for c_can_pci devices - they are the only other place where priv->device is used, but they all contain a null check. Signed-off-by: Einar Jón Cc: linux-stable Signed-off-by: Marc Kleine-Budde drivers/net/can/c_can/c_can_pci.c | 1 + 1 file changed, 1 insertion(+) commit 1c8a946bf3754a59cba1fc373949a8114bfe5aaa Author: Oleksandr Andrushchenko Date: Wed Jan 18 09:09:25 2017 +0200 arm64: mm: avoid name clash in __page_to_voff() The arm64 __page_to_voff() macro takes a parameter called 'page', and also refers to 'struct page'. Thus, if the value passed in is not called 'page', we'll refer to the wrong struct name (which might not exist). Fixes: 3fa72fe9c614 ("arm64: mm: fix __page_to_voff definition") Acked-by: Mark Rutland Suggested-by: Volodymyr Babchuk Signed-off-by: Oleksandr Andrushchenko Signed-off-by: Catalin Marinas arch/arm64/include/asm/memory.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 0fec9557fd0c5349e3bd1a2141612a60bc20bb71 Author: Tobias Klauser Date: Tue Jan 17 15:35:01 2017 +0100 cpu/hotplug: Remove unused but set variable in _cpu_down() After the recent removal of the hotplug notifiers the variable 'hasdied' in _cpu_down() is set but no longer read, leading to the following GCC warning when building with 'make W=1': kernel/cpu.c:767:7: warning: variable ‘hasdied’ set but not used [-Wunused-but-set-variable] Fix it by removing the variable. Fixes: 530e9b76ae8f ("cpu/hotplug: Remove obsolete cpu hotplug register/unregister functions") Signed-off-by: Tobias Klauser Cc: Peter Zijlstra Cc: Sebastian Andrzej Siewior Cc: rt@linutronix.de Link: http://lkml.kernel.org/r/20170117143501.20893-1-tklauser@distanz.ch Signed-off-by: Thomas Gleixner kernel/cpu.c | 2 -- 1 file changed, 2 deletions(-) commit 27593d72c4ad451ed13af35354b941bcd0abcec6 Author: Madhavan Srinivasan Date: Wed Jan 18 09:12:56 2017 +0530 powerpc/perf: Use MSR to report privilege level on P9 DD1 SIER and SIAR are not updated correctly for some samples, so force the use of MSR and regs->nip instead for misc_flag updates. This is done by adding a new ppmu flag and updating the use_siar logic in perf_read_regs() to use it, and dropping the PPMU_HAS_SIER flag. Signed-off-by: Madhavan Srinivasan [mpe: Rename flag to PPMU_NO_SIAR, and also drop PPMU_HAS_SIER] Signed-off-by: Michael Ellerman arch/powerpc/include/asm/perf_event_server.h | 1 + arch/powerpc/perf/core-book3s.c | 2 ++ arch/powerpc/perf/power9-pmu.c | 2 +- 3 files changed, 4 insertions(+), 1 deletion(-) commit df21d2fa733035e4d414379960f94b2516b41296 Author: Madhavan Srinivasan Date: Mon Dec 19 17:46:53 2016 +0530 selftest/powerpc: Wrong PMC initialized in pmc56_overflow test Test uses PMC2 to count the event. But PMC1 is being initialized. Patch to fix it. Fixes: 3752e453f6ba ('selftests/powerpc: Add tests of PMU EBBs') Signed-off-by: Madhavan Srinivasan Signed-off-by: Michael Ellerman tools/testing/selftests/powerpc/pmu/ebb/pmc56_overflow_test.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 387bbc974f6adf91aa635090f73434ed10edd915 Author: Gavin Shan Date: Fri Jan 6 10:39:49 2017 +1100 powerpc/eeh: Enable IO path on permanent error We give up recovery on permanent error, simply shutdown the affected devices and remove them. If the devices can't be put into quiet state, they spew more traffic that is likely to cause another unexpected EEH error. This was observed on "p8dtu2u" machine: 0002:00:00.0 PCI bridge: IBM Device 03dc 0002:01:00.0 Ethernet controller: Intel Corporation \ Ethernet Controller X710/X557-AT 10GBASE-T (rev 02) 0002:01:00.1 Ethernet controller: Intel Corporation \ Ethernet Controller X710/X557-AT 10GBASE-T (rev 02) 0002:01:00.2 Ethernet controller: Intel Corporation \ Ethernet Controller X710/X557-AT 10GBASE-T (rev 02) 0002:01:00.3 Ethernet controller: Intel Corporation \ Ethernet Controller X710/X557-AT 10GBASE-T (rev 02) On P8 PowerNV platform, the IO path is frozen when shutdowning the devices, meaning the memory registers are inaccessible. It is why the devices can't be put into quiet state before removing them. This fixes the issue by enabling IO path prior to putting the devices into quiet state. Reported-by: Pridhiviraj Paidipeddi Signed-off-by: Gavin Shan Acked-by: Russell Currey Signed-off-by: Michael Ellerman arch/powerpc/kernel/eeh.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) commit d89f473ff6f84872e761419f7233d6e00f99c340 Author: Madhavan Srinivasan Date: Mon Jan 9 19:00:15 2017 +0530 powerpc/perf: Fix PM_BRU_CMPL event code for power9 Use 0x10012 event code for PM_BRU_CMPL event in power9 event list instead of current 0x40060. Fixes: 34922527a2bcb ('powerpc/perf: Add power9 event list macros for generic and cache events') Cc: stable@vger.kernel.org # v4.9+ Signed-off-by: Madhavan Srinivasan Signed-off-by: Michael Ellerman arch/powerpc/perf/power9-events-list.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 20717e1ff52672e31f9399c45d88936bbbc7e175 Author: Aneesh Kumar K.V Date: Wed Dec 14 10:07:53 2016 +0530 powerpc/mm: Fix little-endian 4K hugetlb When we switched to big endian page table, we never updated the hugepd format such that it can work for both big endian and little endian config. This patch series update hugepd format such that it is looked at as __be64 value in big endian page table config. This patch also switch hugepd_t.pd from signed long to unsigned long. I did update the FSL hugepd_ok check to check for the top bit instead of checking > 0. Fixes: 5dc1ef858c12 ("powerpc/mm: Use big endian Linux page tables for book3s 64") Cc: stable@vger.kernel.org # v4.7+ Signed-off-by: Aneesh Kumar K.V Signed-off-by: Michael Ellerman arch/powerpc/include/asm/book3s/64/hash-4k.h | 5 +++-- arch/powerpc/include/asm/hugetlb.h | 14 ++++++++------ arch/powerpc/include/asm/nohash/pgtable.h | 5 +++-- arch/powerpc/include/asm/page.h | 3 --- arch/powerpc/include/asm/pgtable-be-types.h | 8 ++++++++ arch/powerpc/include/asm/pgtable-types.h | 7 +++++++ arch/powerpc/mm/hugetlbpage-hash64.c | 5 ++++- arch/powerpc/mm/hugetlbpage.c | 22 +++++++++++----------- 8 files changed, 44 insertions(+), 25 deletions(-) commit ff8b85796dad5de869dc29903c95664fb444bbcc Author: Aneesh Kumar K.V Date: Tue Dec 13 19:34:11 2016 +0530 powerpc/mm/hugetlb: Don't panic when we don't find the default huge page size The generic hugetlbfs code can handle not finding the default huge page size correctly. With HPAGE_SHIFT = 0 we see in dmesg: hugetlbfs: disabling because there are no supported hugepage sizes bash-4.2# echo 30 > /proc/sys/vm/nr_hugepages bash: echo: write error: Operation not supported Fixes: 03bb2d65900c ("powerpc: get hugetlbpage handling more generic") Reported-by: Chris Smart Signed-off-by: Aneesh Kumar K.V Acked-by: Michael Neuling Signed-off-by: Michael Ellerman arch/powerpc/mm/hugetlbpage.c | 3 --- 1 file changed, 3 deletions(-) commit bf5ca68dd2eef59a936969e802d811bdac4709c2 Author: Nicholas Piggin Date: Wed Jan 4 01:55:17 2017 +1000 powerpc: Fix pgtable pmd cache init Commit 9b081e10805cd ("powerpc: port 64 bits pgtable_cache to 32 bits") mixed up PMD_INDEX_SIZE and PMD_CACHE_INDEX a couple of times. This resulted in 64s/hash/4k configs to panic at boot with a false positive error check. Fix that and simplify error handling by moving the check to the caller. Fixes: 9b081e10805cd ("powerpc: port 64 bits pgtable_cache to 32 bits") Signed-off-by: Nicholas Piggin Signed-off-by: Michael Ellerman arch/powerpc/mm/hugetlbpage.c | 6 +----- arch/powerpc/mm/init-common.c | 13 +++++-------- 2 files changed, 6 insertions(+), 13 deletions(-) commit 0aa0313f9d576affd7747cc3f179feb097d28990 Merge: 4b19a9e 5eb7c0d Author: Linus Torvalds Date: Tue Jan 17 14:49:21 2017 -0800 Merge tag 'modules-for-v4.10-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/jeyu/linux Pull modules fix from Jessica Yu: - fix out-of-tree module breakage when it supplies its own definitions of true and false * tag 'modules-for-v4.10-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/jeyu/linux: taint/module: Fix problems when out-of-kernel driver defines true or false commit 9208b75e048dda0d285904de9be7ab654a4b94fc Merge: 2f5a314 ffb5845 Author: James Bottomley Date: Tue Jan 17 17:32:54 2017 -0500 Merge remote-tracking branch 'mkp-scsi/fixes' into fixes commit 1ea6af3216b092ec97129ac81bd95cf254c4b140 Author: Adam Ford Date: Tue Jan 17 13:34:06 2017 -0600 ARM: dts: omap3: Fix Card Detect and Write Protect on Logic PD SOM-LV This fixes commit ab8dd3aed011 ("ARM: DTS: Add minimal Support for Logic PD DM3730 SOM-LV") where the Card Detect and Write Protect pins were improperly configured. Fixes: ab8dd3aed011 ("ARM: DTS: Add minimal Support for Logic PD DM3730 SOM-LV") Signed-off-by: Adam Ford Signed-off-by: Tony Lindgren arch/arm/boot/dts/logicpd-som-lv-37xx-devkit.dts | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) commit 93b43fd137cd8865adf9978ab9870a344365d3af Author: Alvaro G. M Date: Tue Jan 17 09:08:16 2017 +0100 net: phy: dp83848: add DP83620 PHY support This PHY with fiber support is register compatible with DP83848, so add support for it. Signed-off-by: Alvaro Gamez Machado Signed-off-by: David S. Miller drivers/net/phy/dp83848.c | 3 +++ 1 file changed, 3 insertions(+) commit 3fbfadce6012e7bb384b2e9ad47869d5177f7209 Author: Martin KaFai Lau Date: Mon Jan 16 22:17:29 2017 -0800 bpf: Fix test_lru_sanity5() in test_lru_map.c test_lru_sanity5() fails when the number of online cpus is fewer than the number of possible cpus. It can be reproduced with qemu by using cmd args "--smp cpus=2,maxcpus=8". The problem is the loop in test_lru_sanity5() is testing 'i' which is incorrect. This patch: 1. Make sched_next_online() always return -1 if it cannot find a next cpu to schedule the process. 2. In test_lru_sanity5(), the parent process does sched_setaffinity() first (through sched_next_online()) and the forked process will inherit it according to the 'man sched_setaffinity'. Fixes: 5db58faf989f ("bpf: Add tests for the LRU bpf_htab") Reported-by: Daniel Borkmann Signed-off-by: Martin KaFai Lau Acked-by: Daniel Borkmann Acked-by: Alexei Starovoitov Signed-off-by: David S. Miller tools/testing/selftests/bpf/test_lru_map.c | 53 +++++++++++++++--------------- 1 file changed, 27 insertions(+), 26 deletions(-) commit 17324b6add82d6c0bf119f1d1944baef392a4e39 Author: Alex Deucher Date: Tue Jan 17 15:06:58 2017 -0500 drm/amdgpu: add support for new hainan variants New hainan parts require updated smc firmware. Cc: Sonny Jiang Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/si_dpm.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) commit 4e6e98b1e48c9474aed7ce03025ec319b941e26e Author: Alex Deucher Date: Tue Jan 17 15:02:13 2017 -0500 drm/radeon: add support for new hainan variants New hainan parts require updated smc firmware. Cc: Sonny Jiang Signed-off-by: Alex Deucher drivers/gpu/drm/radeon/si.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) commit ca581e45335c6aa45e5b27999bc13bdefb7e84d9 Author: Rex Zhu Date: Thu Jan 12 21:48:26 2017 +0800 drm/amdgpu: change clock gating mode for uvd_v4. use sw cg when decode. and hw cg when idle. fixes: https://bugs.freedesktop.org/show_bug.cgi?id=99313 https://bugzilla.kernel.org/show_bug.cgi?id=192161 Signed-off-by: Rex Zhu Ack-by: Tom St Denis Reviewed-by: Alex Deucher Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/uvd_v4_2.c | 42 +++++++++-------------------------- 1 file changed, 10 insertions(+), 32 deletions(-) commit 50a1ebc70a2803deb7811fc73fb55d70e353bc34 Author: Rex Zhu Date: Tue Jan 10 20:03:59 2017 +0800 drm/amdgpu: fix program vce instance logic error. need to clear bit31-29 in GRBM_GFX_INDEX, then the program can be valid. Signed-off-by: Rex Zhu Acked-by: Christian König Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/vce_v3_0.c | 25 ++++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) commit e05208ded1905e500cd5b369d624b071951c68b9 Author: Rex Zhu Date: Tue Jan 10 20:00:40 2017 +0800 drm/amdgpu: fix bug set incorrect value to vce register Set the proper bits for clockgating setup. Signed-off-by: Rex Zhu Acked-by: Christian König Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/vce_v3_0.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d5ff72d9af73bc3cbaa3edb541333a851f8c7295 Author: Lance Richardson Date: Mon Jan 16 18:37:58 2017 -0500 vxlan: fix byte order of vxlan-gpe port number vxlan->cfg.dst_port is in network byte order, so an htons() is needed here. Also reduced comment length to stay closer to 80 column width (still slightly over, however). Fixes: e1e5314de08b ("vxlan: implement GPE") Signed-off-by: Lance Richardson Acked-by: Jiri Benc Signed-off-by: David S. Miller drivers/net/vxlan.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit f7bcd4b6f6983d668b057dc166799716690423a4 Author: Neil Armstrong Date: Fri Jan 6 09:04:32 2017 +0100 ARM64: dts: meson-gxbb-odroidc2: Disable SCPI DVFS The current hardware is not able to run with all cores enabled at a cluster frequency superior at 1536MHz. But the currently shipped u-boot for the platform still reports an OPP table with possible DVFS frequency up to 2GHz, and will not change since the off-tree linux tree supports limiting the OPPs with a kernel parameter. A recent u-boot change reports the boot-time DVFS around 100MHz and the default performance cpufreq governor sets the maximum frequency. Previous version of u-boot reported to be already at the max OPP and left the OPP as is. Nevertheless, other governors like ondemand could setup the max frequency and make the system crash. This patch disables the DVFS clock and disables cpufreq. Fixes: 70db166a2baa ("ARM64: dts: meson-gxbb: Add SCPI with cpufreq & sensors Nodes") Signed-off-by: Neil Armstrong Signed-off-by: Kevin Hilman Signed-off-by: Olof Johansson arch/arm64/boot/dts/amlogic/meson-gxbb-odroidc2.dts | 4 ++++ arch/arm64/boot/dts/amlogic/meson-gxbb.dtsi | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) commit 657bdfb7f5e68ca5e2ed009ab473c429b0d6af85 Author: Eric Sandeen Date: Tue Jan 17 11:43:38 2017 -0800 xfs: don't wrap ID in xfs_dq_get_next_id The GETNEXTQOTA ioctl takes whatever ID is sent in, and looks for the next active quota for an user equal or higher to that ID. But if we are at the maximum ID and then ask for the "next" one, we may wrap back to zero. In this case, userspace may loop forever, because it will start querying again at zero. We'll fix this in userspace as well, but for the kernel, return -ENOENT if we ask for the next quota ID past UINT_MAX so the caller knows to stop. Signed-off-by: Eric Sandeen Reviewed-by: Christoph Hellwig Reviewed-by: Darrick J. Wong Signed-off-by: Darrick J. Wong fs/xfs/xfs_dquot.c | 4 ++++ 1 file changed, 4 insertions(+) commit a324cbf10a3c67aaa10c9f47f7b5801562925bc2 Author: Amir Goldstein Date: Tue Jan 17 11:41:44 2017 -0800 xfs: sanity check inode di_mode Check for invalid file type in xfs_dinode_verify() and fail to load the inode structure from disk. Reviewed-by: Darrick J. Wong Signed-off-by: Amir Goldstein Reviewed-by: Christoph Hellwig Reviewed-by: Darrick J. Wong Signed-off-by: Darrick J. Wong fs/xfs/libxfs/xfs_inode_buf.c | 3 +++ 1 file changed, 3 insertions(+) commit fab8eef86c814c3dd46bc5d760b6e4a53d5fc5a6 Author: Amir Goldstein Date: Tue Jan 17 11:41:44 2017 -0800 xfs: sanity check inode mode when creating new dentry The helper xfs_dentry_to_name() is used by 2 different classes of callers: Callers that pass zero mode and don't care about the returned name.type field and Callers that pass non zero mode and do care about the name.type field. Change xfs_dentry_to_name() to not take the mode argument and change the call sites of the first class to not pass the mode argument. Create a new helper xfs_dentry_mode_to_name() which does pass the mode argument and returns -EFSCORRUPTED if mode is invalid. Callers that translate non zero mode to on-disk file type now check the return value and will export the error to user instead of staging an invalid file type to be written to directory entry. Signed-off-by: Amir Goldstein Reviewed-by: Christoph Hellwig Reviewed-by: Darrick J. Wong Signed-off-by: Darrick J. Wong fs/xfs/xfs_iops.c | 48 +++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 39 insertions(+), 9 deletions(-) commit 1fc4d33fed124fb182e8e6c214e973a29389ae83 Author: Amir Goldstein Date: Tue Jan 17 11:41:43 2017 -0800 xfs: replace xfs_mode_to_ftype table with switch statement The size of the xfs_mode_to_ftype[] conversion table was too small to handle an invalid value of mode=S_IFMT. Instead of fixing the table size, replace the conversion table with a conversion helper that uses a switch statement. Suggested-by: Christoph Hellwig Reviewed-by: Darrick J. Wong Reviewed-by: Christoph Hellwig Signed-off-by: Amir Goldstein Signed-off-by: Darrick J. Wong fs/xfs/libxfs/xfs_dir2.c | 36 ++++++++++++++++++++++-------------- fs/xfs/libxfs/xfs_dir2.h | 5 ++--- fs/xfs/xfs_iops.c | 2 +- 3 files changed, 25 insertions(+), 18 deletions(-) commit b597dd5373a1ccc08218665dc8417433b1c09550 Author: Amir Goldstein Date: Tue Jan 17 11:41:42 2017 -0800 xfs: add missing include dependencies to xfs_dir2.h xfs_dir2.h dereferences some data types in inline functions and fails to include those type definitions, e.g.: xfs_dir2_data_aoff_t, struct xfs_da_geometry. Signed-off-by: Amir Goldstein Reviewed-by: Christoph Hellwig Reviewed-by: Darrick J. Wong Signed-off-by: Darrick J. Wong fs/xfs/libxfs/xfs_dir2.h | 3 +++ 1 file changed, 3 insertions(+) commit 3c6f46eacd876bd723a9bad3c6882714c052fd8e Author: Amir Goldstein Date: Tue Jan 17 11:41:41 2017 -0800 xfs: sanity check directory inode di_size This changes fixes an assertion hit when fuzzing on-disk i_mode values. The easy case to fix is when changing an empty file i_mode to S_IFDIR. In this case, xfs_dinode_verify() detects an illegal zero size for directory and fails to load the inode structure from disk. For the case of non empty file whose i_mode is changed to S_IFDIR, the ASSERT() statement in xfs_dir2_isblock() is replaced with return -EFSCORRUPTED, to avoid interacting with corrupted jusk also when XFS_DEBUG is disabled. Suggested-by: Darrick J. Wong Reviewed-by: Christoph Hellwig Signed-off-by: Amir Goldstein Reviewed-by: Darrick J. Wong Signed-off-by: Darrick J. Wong fs/xfs/libxfs/xfs_dir2.c | 3 ++- fs/xfs/libxfs/xfs_inode_buf.c | 7 +++++-- 2 files changed, 7 insertions(+), 3 deletions(-) commit bf46ecc3d8cca05f2907cf482755c42c2b11a79d Author: Amir Goldstein Date: Tue Jan 17 11:41:41 2017 -0800 xfs: make the ASSERT() condition likely The ASSERT() condition is the normal case, not the exception, so testing the condition should be likely(), not unlikely(). Reviewed-by: Christoph Hellwig Signed-off-by: Amir Goldstein Reviewed-by: Darrick J. Wong Signed-off-by: Darrick J. Wong fs/xfs/xfs_linux.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit ffb58456589443ca572221fabbdef3db8483a779 Author: James Bottomley Date: Sun Jan 1 09:39:24 2017 -0800 scsi: mpt3sas: fix hang on ata passthrough commands mpt3sas has a firmware failure where it can only handle one pass through ATA command at a time. If another comes in, contrary to the SAT standard, it will hang until the first one completes (causing long commands like secure erase to timeout). The original fix was to block the device when an ATA command came in, but this caused a regression with commit 669f044170d8933c3d66d231b69ea97cb8447338 Author: Bart Van Assche Date: Tue Nov 22 16:17:13 2016 -0800 scsi: srp_transport: Move queuecommand() wait code to SCSI core So fix the original fix of the secure erase timeout by properly returning SAM_STAT_BUSY like the SAT recommends. The original patch also had a concurrency problem since scsih_qcmd is lockless at that point (this is fixed by using atomic bitops to set and test the flag). [mkp: addressed feedback wrt. test_bit and fixed whitespace] Fixes: 18f6084a989ba1b (mpt3sas: Fix secure erase premature termination) Signed-off-by: James Bottomley Acked-by: Sreekanth Reddy Reviewed-by: Christoph Hellwig Reported-by: Ingo Molnar Tested-by: Ingo Molnar Signed-off-by: Martin K. Petersen drivers/scsi/mpt3sas/mpt3sas_base.h | 12 +++++++++++ drivers/scsi/mpt3sas/mpt3sas_scsih.c | 40 +++++++++++++++++++++++------------- 2 files changed, 38 insertions(+), 14 deletions(-) commit 300af14bdb28157090f0c6f89d244fda940082da Author: Quinn Tran Date: Fri Dec 23 18:06:14 2016 -0800 qla2xxx: Disable out-of-order processing by default in firmware Out of order(OOO) processing requires initiator, switch and target to support OOO. In today's environment, none of the switches support OOO. OOO requires extra buffer space which affect performance. By turning ON this feature in QLogic's FW, it delays error recovery because dropped frame is treated as out of order frame. We're turning OFF this option of speed up error recovery. Signed-off-by: Quinn Tran Signed-off-by: Himanshu Madhani Reviewed-by: Christoph Hellwig [ bvanassche: Fixed spelling in patch description ] Signed-off-by: Bart Van Assche drivers/scsi/qla2xxx/qla_target.c | 6 ------ 1 file changed, 6 deletions(-) commit 4f060736f29a960aba8e781a88837464756200a8 Author: Quinn Tran Date: Fri Dec 23 18:06:13 2016 -0800 qla2xxx: Fix erroneous invalid handle message Termination of Immediate Notify IOCB was using wrong IOCB handle. IOCB completion code was unable to find appropriate code path due to wrong handle. Following message is seen in the logs. "Error entry - invalid handle/queue (ffff)." Signed-off-by: Quinn Tran Signed-off-by: Himanshu Madhani Reviewed-by: Christoph Hellwig [ bvanassche: Fixed word order in patch title ] Signed-off-by: Bart Van Assche drivers/scsi/qla2xxx/qla_isr.c | 4 ++++ drivers/scsi/qla2xxx/qla_target.c | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) commit 200ffb159b2f48857aa18c0502a4d29b102d013b Author: Quinn Tran Date: Fri Dec 23 18:06:12 2016 -0800 qla2xxx: Reduce exess wait during chip reset Soft reset and Risc reset should take 100uS to complete. This change pad the timeout up to 400uS, which should be plenty. Signed-off-by: Quinn Tran Signed-off-by: Himanshu Madhani Reviewed-by: Christoph Hellwig Signed-off-by: Bart Van Assche drivers/scsi/qla2xxx/qla_init.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 5f35509db179ca7ed1feaa4b14f841adb06ed220 Author: Quinn Tran Date: Fri Dec 23 18:06:11 2016 -0800 qla2xxx: Terminate exchange if corrupted Corrupted ATIO is defined as length of fcp_header & fcp_cmd payload is less than 0x38. It's the minimum size for a frame to carry 8..16 bytes SCSI CDB. The exchange will be dropped or terminated if corrupted. Signed-off-by: Quinn Tran Signed-off-by: Himanshu Madhani Reviewed-by: Christoph Hellwig [ bvanassche: Fixed spelling in patch title ] Signed-off-by: Bart Van Assche drivers/scsi/qla2xxx/qla_def.h | 3 ++- drivers/scsi/qla2xxx/qla_target.c | 23 ++++++++++++++++++++--- drivers/scsi/qla2xxx/qla_target.h | 22 +++++++++++++++++++++- 3 files changed, 43 insertions(+), 5 deletions(-) commit fc1ffd6cb38a1c1af625b9833c41928039e733f5 Author: Quinn Tran Date: Fri Dec 23 18:06:10 2016 -0800 qla2xxx: Fix crash due to null pointer access During code inspection, while investigating following stack trace seen on one of the test setup, we found out there was possibility of memory leak becuase driver was not unwinding the stack properly. This issue has not been reproduced in a test environment or on a customer setup. Here's stack trace that was seen. [1469877.797315] Call Trace: [1469877.799940] [] qla2x00_mem_alloc+0xb09/0x10c0 [qla2xxx] [1469877.806980] [] qla2x00_probe_one+0x86a/0x1b50 [qla2xxx] [1469877.814013] [] ? __pm_runtime_resume+0x51/0xa0 [1469877.820265] [] ? _raw_spin_lock_irqsave+0x25/0x90 [1469877.826776] [] ? _raw_spin_unlock_irqrestore+0x6d/0x80 [1469877.833720] [] ? preempt_count_sub+0xb1/0x100 [1469877.839885] [] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [1469877.846830] [] local_pci_probe+0x4c/0xb0 [1469877.852562] [] ? preempt_count_sub+0xb1/0x100 [1469877.858727] [] pci_call_probe+0x89/0xb0 Cc: Signed-off-by: Quinn Tran Signed-off-by: Himanshu Madhani Reviewed-by: Christoph Hellwig [ bvanassche: Fixed spelling in patch description ] Signed-off-by: Bart Van Assche drivers/scsi/qla2xxx/qla_os.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) commit 8d3c9c230818aa3c27edb4fd126494479d35d3d5 Author: Quinn Tran Date: Fri Dec 23 18:06:09 2016 -0800 qla2xxx: Collect additional information to debug fw dump Signed-off-by: Quinn Tran Signed-off-by: Himanshu Madhani Reviewed-by: Christoph Hellwig Signed-off-by: Bart Van Assche drivers/scsi/qla2xxx/qla_mbx.c | 27 ++++++++++++++++++++------- 1 file changed, 20 insertions(+), 7 deletions(-) commit c0f6462754f050e9bc960662992c029c5ef88f34 Author: Himanshu Madhani Date: Fri Dec 23 18:06:08 2016 -0800 qla2xxx: Reset reserved field in firmware options to 0 During NVRAM initialization in target mode, reset reserved fields in firmware options to Zero (BIT 15) Signed-off-by: Himanshu Madhani Signed-off-by: Giridhar Malavali Reviewed-by: Christoph Hellwig Signed-off-by: Bart Van Assche drivers/scsi/qla2xxx/qla_target.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) commit 2a47c68529e99e5631af0ac337fb8519c4eadb3f Author: Himanshu Madhani Date: Fri Dec 23 18:06:07 2016 -0800 qla2xxx: Set tcm_qla2xxx version to automatically track qla2xxx version Signed-off-by: Himanshu Madhani Signed-off-by: Giridhar Malavali Reviewed-by: Christoph Hellwig Signed-off-by: Bart Van Assche drivers/scsi/qla2xxx/tcm_qla2xxx.c | 4 ++-- drivers/scsi/qla2xxx/tcm_qla2xxx.h | 1 - 2 files changed, 2 insertions(+), 3 deletions(-) commit 1cbb91562df536eac6e06d7bd2df5965ffd67803 Author: Himanshu Madhani Date: Fri Dec 23 18:06:06 2016 -0800 qla2xxx: Include ATIO queue in firmware dump when in target mode Include ATIO queue for ISP27XX when firmware dump is collected for target mode. Signed-off-by: Himanshu Madhani Signed-off-by: Giridhar Malavali Reviewed-by: Christoph Hellwig Signed-off-by: Bart Van Assche drivers/scsi/qla2xxx/qla_tmpl.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) commit bb1181c9a8b46b6f10e749d9ed94480336445d7f Author: Quinn Tran Date: Fri Dec 23 18:06:05 2016 -0800 qla2xxx: Fix wrong IOCB type assumption qlt_reset is called with Immedidate Notify IOCB only. Current code wrongly cast it as ATIO IOCB. Signed-off-by: Quinn Tran Signed-off-by: Himanshu Madhani Reviewed-by: Christoph Hellwig Signed-off-by: Bart Van Assche drivers/scsi/qla2xxx/qla_target.c | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) commit 91f42b33e5b48a956a352ce10da52b77f4277d5f Author: Bart Van Assche Date: Wed Mar 30 15:25:21 2016 -0700 qla2xxx: Avoid that building with W=1 triggers complaints about set-but-not-used variables Remove two set-but-not-used variables and avoid that the compiler warns about a third variable (rc). Signed-off-by: Bart Van Assche Acked-by: Himanshu Madhani Cc: Quinn Tran Cc: Christoph Hellwig drivers/scsi/qla2xxx/qla_attr.c | 3 +-- drivers/scsi/qla2xxx/qla_mbx.c | 2 -- drivers/scsi/qla2xxx/qla_target.c | 3 +++ 3 files changed, 4 insertions(+), 4 deletions(-) commit 61778a1c5a4556da1a1e005d506f89f009031e62 Author: Bart Van Assche Date: Wed Jan 11 11:57:17 2017 -0800 qla2xxx: Move two arrays from header files to .c files This patch avoids that building with W=1 triggers compiler warnings similar to the following: drivers/scsi/qla2xxx/qla_nx2.h:538:23: warning: ‘qla8044_reg_tbl’ defined but not used [-Wunused-const-variable=] Signed-off-by: Bart Van Assche Acked-by: Himanshu Madhani Cc: Quinn Tran Cc: Christoph Hellwig drivers/scsi/qla2xxx/qla_nx.c | 5 +++++ drivers/scsi/qla2xxx/qla_nx.h | 3 +-- drivers/scsi/qla2xxx/qla_nx2.c | 17 +++++++++++++++++ drivers/scsi/qla2xxx/qla_nx2.h | 17 ----------------- 4 files changed, 23 insertions(+), 19 deletions(-) commit ca825828a5c797d431f6ec6a83c912787ffbb8af Author: Bart Van Assche Date: Tue Jan 17 09:34:14 2017 -0800 qla2xxx: Declare an array with file scope static This patch avoids that building with W=1 triggers a compiler warning about a missing declaration. Signed-off-by: Bart Van Assche Acked-by: Himanshu Madhani Cc: Quinn Tran Cc: Christoph Hellwig drivers/scsi/qla2xxx/qla_mbx.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit c2a5d94ffd042db6aaee17b767c43502da3bd8f5 Author: Bart Van Assche Date: Wed Jan 11 15:58:58 2017 -0800 qla2xxx: Fix indentation This patch avoids that smatch complains about inconsistent indentation. Signed-off-by: Bart Van Assche Acked-by: Himanshu Madhani Cc: Quinn Tran Cc: Christoph Hellwig drivers/scsi/qla2xxx/qla_mbx.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 8667f515952feefebb3c0f8d9a9266c91b101a46 Author: Johannes Thumshirn Date: Tue Jan 10 12:05:54 2017 +0100 scsi: lpfc: Set elsiocb contexts to NULL after freeing it Set the elsiocb contexts to NULL after freeing as others depend on it. Signed-off-by: Johannes Thumshirn Acked-by: Dick Kennedy Signed-off-by: Martin K. Petersen drivers/scsi/lpfc/lpfc_els.c | 2 ++ 1 file changed, 2 insertions(+) commit a249708bc2aa1fe3ddf15dfac22bee519d15996b Author: Julia Lawall Date: Tue Jan 17 12:23:21 2017 +0100 stmmac: add missing of_node_put The function stmmac_dt_phy provides several possibilities for initializing plat->mdio_node, all of which have the effect of increasing the reference count of the assigned value. This field is not updated elsewhere, so the value is live until the end of the lifetime of plat (devm_allocated), just after the end of stmmac_remove_config_dt. Thus, add an of_node_put on plat->mdio_node in stmmac_remove_config_dt. It is possible that the field mdio_node is never initialized, but of_node_put is NULL-safe, so it is also safe to call of_node_put in that case. Signed-off-by: Julia Lawall Acked-by: Alexandre TORGUE Signed-off-by: David S. Miller drivers/net/ethernet/stmicro/stmmac/stmmac_platform.c | 1 + 1 file changed, 1 insertion(+) commit 501db511397fd6efff3aa5b4e8de415b55559550 Author: Rolf Neugebauer Date: Tue Jan 17 18:13:51 2017 +0000 virtio: don't set VIRTIO_NET_HDR_F_DATA_VALID on xmit This patch part reverts fd2a0437dc33 and e858fae2b0b8 which introduced a subtle change in how the virtio_net flags are derived from the SKBs ip_summed field. With the above commits, the flags are set to VIRTIO_NET_HDR_F_DATA_VALID when ip_summed == CHECKSUM_UNNECESSARY, thus treating it differently to ip_summed == CHECKSUM_NONE, which should be the same. Further, the virtio spec 1.0 / CS04 explicitly says that VIRTIO_NET_HDR_F_DATA_VALID must not be set by the driver. Fixes: fd2a0437dc33 ("virtio_net: introduce virtio_net_hdr_{from,to}_skb") Fixes: e858fae2b0b8 (" virtio_net: use common code for virtio_net_hdr and skb GSO conversion") Signed-off-by: Rolf Neugebauer Acked-by: Michael S. Tsirkin Signed-off-by: David S. Miller include/linux/virtio_net.h | 2 -- 1 file changed, 2 deletions(-) commit 68af412c7713b55c01ffc4312320abd10ca70e77 Author: Damien Le Moal Date: Thu Jan 12 15:25:11 2017 +0900 scsi: sd: Ignore zoned field for host-managed devices There is no good match of the zoned field of the block device characteristics page for host-managed devices. For these devices, the zoning model is derived directly from the device type. So ignore the zoned field for these drives. [mkp: typo] Signed-off-by: Damien Le Moal Reviewed-by: Hannes Reinecke Signed-off-by: Martin K. Petersen drivers/scsi/sd.c | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) commit 26f2819772af891dee2843e1f8662c58e5129d5f Author: Damien Le Moal Date: Thu Jan 12 15:25:10 2017 +0900 scsi: sd: Fix wrong DPOFUA disable in sd_read_cache_type Zoned block devices force the use of READ/WRITE(16) commands by setting sdkp->use_16_for_rw and clearing sdkp->use_10_for_rw. This result in DPOFUA always being disabled for these drives as the assumed use of the deprecated READ/WRITE(6) commands only looks at sdkp->use_10_for_rw. Strenghten the test by also checking that sdkp->use_16_for_rw is false. Signed-off-by: Damien Le Moal Reviewed-by: Hannes Reinecke Signed-off-by: Martin K. Petersen drivers/scsi/sd.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 4633773799940b1b8b3ff98ea05e6c1ef072febd Author: Johannes Thumshirn Date: Tue Jan 10 12:54:36 2017 +0100 scsi: bfa: fix wrongly initialized variable in bfad_im_bsg_els_ct_request() Commit 01e0e15c8b3b ("scsi: don't use fc_bsg_job::request and fc_bsg_job::reply directly") introduced a typo, which causes that the bsg_request variable in bfad_im_bsg_els_ct_request() is initialized to itself instead of pointing to the bsg job's request. Reported-by: Nicolas Iooss Signed-off-by: Johannes Thumshirn Signed-off-by: Martin K. Petersen drivers/scsi/bfa/bfad_bsg.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 9373eba6cfae48911b977d14323032cd5d161aae Author: Ewan D. Milne Date: Mon Jan 9 16:33:36 2017 -0500 scsi: ses: Fix SAS device detection in enclosure The call to scsi_is_sas_rphy() needs to be made on the SAS end_device, not on the SCSI device. Fixes: 835831c57e9b ("ses: use scsi_is_sas_rphy instead of is_sas_attached") Signed-off-by: Ewan D. Milne Reviewed-by: Johannes Thumshirn Reviewed-by: James Bottomley Signed-off-by: Martin K. Petersen drivers/scsi/ses.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 5eb7c0d04f04a667c049fe090a95494a8de2955c Author: Larry Finger Date: Sun Jan 1 20:25:25 2017 -0600 taint/module: Fix problems when out-of-kernel driver defines true or false Commit 7fd8329ba502 ("taint/module: Clean up global and module taint flags handling") used the key words true and false as character members of a new struct. These names cause problems when out-of-kernel modules such as VirtualBox include their own definitions of true and false. Fixes: 7fd8329ba502 ("taint/module: Clean up global and module taint flags handling") Signed-off-by: Larry Finger Cc: Petr Mladek Cc: Jessica Yu Cc: Rusty Russell Reported-by: Valdis Kletnieks Reviewed-by: Petr Mladek Acked-by: Rusty Russell Signed-off-by: Jessica Yu include/linux/kernel.h | 4 ++-- kernel/module.c | 2 +- kernel/panic.c | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) commit 52cc720c568efd8fd454053b98fe4b4fd94688fe Merge: 3f95ba3 264c3e8 Author: Mark Brown Date: Tue Jan 17 18:48:13 2017 +0000 Merge remote-tracking branch 'spi/fix/sh-msiof' into spi-linus commit 3f95ba38e44b27a5c2e8c416c460a961c2bed9ec Merge: 42cd4ed 9620ca9 c5a2a39 cf1716e dadab2d a2dd8af Author: Mark Brown Date: Tue Jan 17 18:48:11 2017 +0000 Merge remote-tracking branches 'spi/fix/armada', 'spi/fix/axi', 'spi/fix/davinci', 'spi/fix/dw', 'spi/fix/fsl-dspi' and 'spi/fix/pxa2xx' into spi-linus commit a5b0e4062fb225155189e593699bbfcd0597f8b5 Author: Bryant G. Ly Date: Wed Jan 11 13:16:42 2017 -0600 ibmvscsis: Fix sleeping in interrupt context Currently, dma_alloc_coherent is being called with a GFP_KERNEL flag which allows it to sleep in an interrupt context, need to change to GFP_ATOMIC. Cc: stable@vger.kernel.org Tested-by: Steven Royer Reviewed-by: Michael Cyr Signed-off-by: Bryant G. Ly Signed-off-by: Bart Van Assche drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 387b978cb0d12cf3720ecb17e652e0a9991a08e2 Author: Bryant G. Ly Date: Wed Jan 11 13:52:27 2017 -0600 ibmvscsis: Fix max transfer length Current code incorrectly calculates the max transfer length, since it is assuming a 4k page table, but ppc64 all run on 64k page tables. Cc: stable@vger.kernel.org Reported-by: Steven Royer Tested-by: Steven Royer Signed-off-by: Bryant G. Ly Signed-off-by: Bart Van Assche drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 4b19a9e20bf99d62e1c47554f8eb2d9f520642ba Merge: 203f80f 0faa9cb Author: Linus Torvalds Date: Tue Jan 17 09:33:10 2017 -0800 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net Pull networking fixes from David Miller: 1) Handle multicast packets properly in fast-RX path of mac80211, from Johannes Berg. 2) Because of a logic bug, the user can't actually force SW checksumming on r8152 devices. This makes diagnosis of hw checksumming bugs really annoying. Fix from Hayes Wang. 3) VXLAN route lookup does not take the source and destination ports into account, which means IPSEC policies cannot be matched properly. Fix from Martynas Pumputis. 4) Do proper RCU locking in netvsc callbacks, from Stephen Hemminger. 5) Fix SKB leaks in mlxsw driver, from Arkadi Sharshevsky. 6) If lwtunnel_fill_encap() fails, we do not abort the netlink message construction properly in fib_dump_info(), from David Ahern. 7) Do not use kernel stack for DMA buffers in atusb driver, from Stefan Schmidt. 8) Openvswitch conntack actions need to maintain a correct checksum, fix from Lance Richardson. 9) ax25_disconnect() is missing a check for ax25->sk being NULL, in fact it already checks this, but not in all of the necessary spots. Fix from Basil Gunn. 10) Action GET operations in the packet scheduler can erroneously bump the reference count of the entry, making it unreleasable. Fix from Jamal Hadi Salim. Jamal gives a great set of example command lines that trigger this in the commit message. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (46 commits) net sched actions: fix refcnt when GETing of action after bind net/mlx4_core: Eliminate warning messages for SRQ_LIMIT under SRIOV net/mlx4_core: Fix when to save some qp context flags for dynamic VST to VGT transitions net/mlx4_core: Fix racy CQ (Completion Queue) free net: stmmac: don't use netdev_[dbg, info, ..] before net_device is registered net/mlx5e: Fix a -Wmaybe-uninitialized warning ax25: Fix segfault after sock connection timeout bpf: rework prog_digest into prog_tag tipc: allocate user memory with GFP_KERNEL flag net: phy: dp83867: allow RGMII_TXID/RGMII_RXID interface types ip6_tunnel: Account for tunnel header in tunnel MTU mld: do not remove mld souce list info when set link down be2net: fix MAC addr setting on privileged BE3 VFs be2net: don't delete MAC on close on unprivileged BE3 VFs be2net: fix status check in be_cmd_pmac_add() cpmac: remove hopeless #warning ravb: do not use zero-length alignment DMA descriptor mlx4: do not call napi_schedule() without care openvswitch: maintain correct checksum state in conntrack actions tcp: fix tcp_fastopen unaligned access complaints on sparc ... commit 203f80f1c4187b2d5b3a282586fa6cc6d9503d4b Merge: 7e84b30 602d985 Author: Linus Torvalds Date: Tue Jan 17 09:27:50 2017 -0800 Merge branch 'stable/for-linus-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/swiotlb Pull swiotlb fix from Konrad Rzeszutek Wilk: "A tiny fix to make sure that page-sized mappings are page-aligned (and not say straddle two pages). This is important for some drivers (such as NVME)" * 'stable/for-linus-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/swiotlb: swiotlb: ensure that page-sized mappings are page-aligned commit 7e84b3035592b58872f476cdeff61d4bbcbb3452 Merge: 7d8b8c0 ee6ff74 Author: Linus Torvalds Date: Tue Jan 17 09:08:19 2017 -0800 Merge tag 'mmc-v4.10-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc Pull MMC fixes from Ulf Hansson: "MMC core: - fix regressions detecting HS/HS DDR eMMC cards related to CMD6 MMC host: - mmc: mxs-mmc: Fix additional cycles after transmission stop - sdhci-acpi: Only powered up enabled acpi child devices - meson: avoid possible NULL dereference" * tag 'mmc-v4.10-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc: mmc: core: Restore parts of the polling policy when switch to HS/HS DDR mmc: mxs-mmc: Fix additional cycles after transmission stop mmc: sdhci-acpi: Only powered up enabled acpi child devices MMC: meson: avoid possible NULL dereference commit 7d8b8c09d71dab6747c519d869cc93352b359af3 Merge: 5cf7a0f 5bdee54 Author: Linus Torvalds Date: Tue Jan 17 08:50:59 2017 -0800 Merge tag 'for-linus-20170116' of git://git.infradead.org/linux-mtd Pull MTD fixes from Brian Norris: "Just NAND updates from Boris: - avoid compiling xway NAND controller driver as a module (which didn't work) - fix tango NAND DT binding and make sure the controller is in a clean state at probe time - add dependency on HAS_IOMEM to the oxnas NAND driver - fix irq number validity check in the lpc32xx driver" * tag 'for-linus-20170116' of git://git.infradead.org/linux-mtd: mtd: nand: lpc32xx: fix invalid error handling of a requested irq mtd: nand: tango: Reset pbus to raw mode in probe mtd: nand: tango: Update DT binding description mtd: nand: oxnas_nand: fix build errors on arch/um, require HAS_IOMEM mtd: nand: xway: fix build because of module functions mtd: nand: xway: disable module support commit 31f5260a7653e6042ac28578db1c61e84f2d7898 Merge: 4e71de7 613f050 Author: Ingo Molnar Date: Tue Jan 17 16:58:53 2017 +0100 Merge tag 'perf-urgent-for-mingo-4.10-20170117' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux into perf/urgent Pull 'perf probe' fixes from Arnaldo Carvalho de Melo - Show correct locations for 'perf probe' on modules (Masami Hiramatsu) - Correctly handle 'perf probe's on GCC generated functions in modules (Masami Hiramatsu) Signed-off-by: Arnaldo Carvalho de Melo Signed-off-by: Ingo Molnar commit 4d191b1b63c209e37bf27938ef365244d3c41084 Author: Marc Zyngier Date: Tue Jan 17 14:21:56 2017 +0000 PCI/MSI: pci-xgene-msi: Fix CPU hotplug registration handling The conversion to the new hotplug state machine introduced a regression where a successful hotplug registration would be treated as an error, effectively disabling the MSI driver forever. Fix it by doing the proper check on the return value. Fixes: 9c248f8896e6 ("PCI/xgene-msi: Convert to hotplug state machine") Signed-off-by: Marc Zyngier Signed-off-by: Bjorn Helgaas Acked-by: Sebastian Andrzej Siewior Tested-by: Duc Dang CC: Thomas Gleixner CC: stable@vger.kernel.org drivers/pci/host/pci-xgene-msi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit ce2e852ecc9a42e4b8dabb46025cfef63209234a Author: Dmitry Vyukov Date: Tue Jan 17 14:51:04 2017 +0100 KVM: x86: fix fixing of hypercalls emulator_fix_hypercall() replaces hypercall with vmcall instruction, but it does not handle GP exception properly when writes the new instruction. It can return X86EMUL_PROPAGATE_FAULT without setting exception information. This leads to incorrect emulation and triggers WARN_ON(ctxt->exception.vector > 0x1f) in x86_emulate_insn() as discovered by syzkaller fuzzer: WARNING: CPU: 2 PID: 18646 at arch/x86/kvm/emulate.c:5558 Call Trace: warn_slowpath_null+0x2c/0x40 kernel/panic.c:582 x86_emulate_insn+0x16a5/0x4090 arch/x86/kvm/emulate.c:5572 x86_emulate_instruction+0x403/0x1cc0 arch/x86/kvm/x86.c:5618 emulate_instruction arch/x86/include/asm/kvm_host.h:1127 [inline] handle_exception+0x594/0xfd0 arch/x86/kvm/vmx.c:5762 vmx_handle_exit+0x2b7/0x38b0 arch/x86/kvm/vmx.c:8625 vcpu_enter_guest arch/x86/kvm/x86.c:6888 [inline] vcpu_run arch/x86/kvm/x86.c:6947 [inline] Set exception information when write in emulator_fix_hypercall() fails. Signed-off-by: Dmitry Vyukov Cc: Paolo Bonzini Cc: Radim Krčmář Cc: Wanpeng Li Cc: kvm@vger.kernel.org Cc: syzkaller@googlegroups.com Signed-off-by: Radim Krčmář arch/x86/kvm/x86.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 1b1973ef9a6a951903c1d7701f0c420b27e77cf3 Merge: 49def18 1193e6a Author: Radim Krčmář Date: Tue Jan 17 15:04:59 2017 +0100 Merge tag 'kvm-arm-for-4.10-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm KVM/ARM updates for 4.10-rc4 - Fix for timer setup on VHE machines - Drop spurious warning when the timer races against the vcpu running again - Prevent a vgic deadlock when the initialization fails commit 1cb51a15b576ee325d527726afff40947218fd5e Author: Richard Weinberger Date: Tue Jan 10 11:49:40 2017 +0100 ubifs: Fix journal replay wrt. xattr nodes When replaying the journal it can happen that a journal entry points to a garbage collected node. This is the case when a power-cut occurred between a garbage collect run and a commit. In such a case nodes have to be read using the failable read functions to detect whether the found node matches what we expect. One corner case was forgotten, when the journal contains an entry to remove an inode all xattrs have to be removed too. UBIFS models xattr like directory entries, so the TNC code iterates over all xattrs of the inode and removes them too. This code re-uses the functions for walking directories and calls ubifs_tnc_next_ent(). ubifs_tnc_next_ent() expects to be used only after the journal and aborts when a node does not match the expected result. This behavior can render an UBIFS volume unmountable after a power-cut when xattrs are used. Fix this issue by using failable read functions in ubifs_tnc_next_ent() too when replaying the journal. Cc: stable@vger.kernel.org Fixes: 1e51764a3c2ac05a ("UBIFS: add new flash file system") Reported-by: Rock Lee Reviewed-by: David Gstir Signed-off-by: Richard Weinberger fs/ubifs/tnc.c | 25 +++++++++++++++++++++++-- 1 file changed, 23 insertions(+), 2 deletions(-) commit 3d4b2fcbc980879a1385d5d7d17a4ffd0ee9aa1f Author: Eric Biggers Date: Mon Dec 19 11:15:48 2016 -0800 ubifs: remove redundant checks for encryption key In several places, ubifs checked for an encryption key before creating a file in an encrypted directory. This was redundant with fscrypt_setup_filename() or ubifs_new_inode(), and in the case of ubifs_link() it broke linking to special files. So remove the extra checks. Signed-off-by: Eric Biggers Signed-off-by: Richard Weinberger fs/ubifs/dir.c | 58 +++------------------------------------------------------- 1 file changed, 3 insertions(+), 55 deletions(-) commit a75467d910135905de60b3af3f11b3693625781e Author: Eric Biggers Date: Mon Dec 19 11:12:48 2016 -0800 ubifs: allow encryption ioctls in compat mode The ubifs encryption ioctls did not work when called by a 32-bit program on a 64-bit kernel. Since 'struct fscrypt_policy' is not affected by the word size, ubifs just needs to allow these ioctls through, like what ext4 and f2fs do. Signed-off-by: Eric Biggers Signed-off-by: Richard Weinberger fs/ubifs/ioctl.c | 3 +++ 1 file changed, 3 insertions(+) commit 404e0b63312ea294b058b4d5c964d064d321ea32 Author: Arnd Bergmann Date: Fri Dec 16 09:42:16 2016 +0100 ubifs: add CONFIG_BLOCK dependency for encryption This came up during the v4.10 merge window: warning: (UBIFS_FS_ENCRYPTION) selects FS_ENCRYPTION which has unmet direct dependencies (BLOCK) fs/crypto/crypto.c: In function 'fscrypt_zeroout_range': fs/crypto/crypto.c:355:9: error: implicit declaration of function 'bio_alloc';did you mean 'd_alloc'? [-Werror=implicit-function-declaration] bio = bio_alloc(GFP_NOWAIT, 1); The easiest way out is to limit UBIFS_FS_ENCRYPTION to configurations that also enable BLOCK. Fixes: d475a507457b ("ubifs: Add skeleton for fscrypto") Signed-off-by: Arnd Bergmann Signed-off-by: Richard Weinberger fs/ubifs/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 507502adf0f415108ef0b87a0acbb84d1839007f Author: Peter Rosin Date: Wed Jan 4 09:38:29 2017 +0100 ubifs: fix unencrypted journal write Without this, I get the following on reboot: UBIFS error (ubi1:0 pid 703): ubifs_load_znode: bad target node (type 1) length (8240) UBIFS error (ubi1:0 pid 703): ubifs_load_znode: have to be in range of 48-4144 UBIFS error (ubi1:0 pid 703): ubifs_load_znode: bad indexing node at LEB 13:11080, error 5 magic 0x6101831 crc 0xb1cb246f node_type 9 (indexing node) group_type 0 (no node group) sqnum 546 len 128 child_cnt 5 level 0 Branches: 0: LEB 14:72088 len 161 key (133, inode) 1: LEB 14:81120 len 160 key (134, inode) 2: LEB 20:26624 len 8240 key (134, data, 0) 3: LEB 14:81280 len 160 key (135, inode) 4: LEB 20:34864 len 8240 key (135, data, 0) UBIFS warning (ubi1:0 pid 703): ubifs_ro_mode.part.0: switched to read-only mode, error -22 CPU: 0 PID: 703 Comm: mount Not tainted 4.9.0-next-20161213+ #1197 Hardware name: Atmel SAMA5 [] (unwind_backtrace) from [] (show_stack+0x10/0x14) [] (show_stack) from [] (ubifs_jnl_update+0x2e8/0x614) [] (ubifs_jnl_update) from [] (ubifs_mkdir+0x160/0x204) [] (ubifs_mkdir) from [] (vfs_mkdir+0xb0/0x104) [] (vfs_mkdir) from [] (ovl_create_real+0x118/0x248) [] (ovl_create_real) from [] (ovl_fill_super+0x994/0xaf4) [] (ovl_fill_super) from [] (mount_nodev+0x44/0x9c) [] (mount_nodev) from [] (mount_fs+0x14/0xa4) [] (mount_fs) from [] (vfs_kern_mount+0x4c/0xd4) [] (vfs_kern_mount) from [] (do_mount+0x154/0xac8) [] (do_mount) from [] (SyS_mount+0x74/0x9c) [] (SyS_mount) from [] (ret_fast_syscall+0x0/0x3c) UBIFS error (ubi1:0 pid 703): ubifs_mkdir: cannot create directory, error -22 overlayfs: failed to create directory /mnt/ovl/work/work (errno: 22); mounting read-only Fixes: 7799953b34d1 ("ubifs: Implement encrypt/decrypt for all IO") Signed-off-by: Peter Rosin Tested-by: Kevin Hilman Signed-off-by: Richard Weinberger fs/ubifs/journal.c | 1 + 1 file changed, 1 insertion(+) commit e8f19746e4b1e8c3118d240dba51f06153a37b07 Author: Colin Ian King Date: Fri Dec 16 13:32:39 2016 +0000 ubifs: ensure zero err is returned on successful return err is no longer being set on a successful return path, causing a garbage value being returned. Fix this by setting err to zero for the successful return path. Found with static analysis by CoverityScan, CID 1389473 Fixes: 7799953b34d18 ("ubifs: Implement encrypt/decrypt for all IO") Signed-off-by: Colin Ian King Signed-off-by: Richard Weinberger fs/ubifs/journal.c | 1 + 1 file changed, 1 insertion(+) commit 7195439d1d71bc4a6c33cfb57bc669a7cd041041 Author: Rafał Miłecki Date: Fri Jan 13 12:23:35 2017 +0100 Revert "bcma: init serial console directly from ChipCommon code" This reverts commit 4c81acab3816 ("bcma: init serial console directly from ChipCommon code") as it broke IRQ assignment. Getting IRQ with bcma_core_irq helper on SoC requires MIPS core to be set. It happens *after* ChipCommon initialization so we can't do this so early. This fixes a user reported regression. It wasn't critical as serial was still somehow working but lack of IRQs was making in unreliable. Fixes: 4c81acab3816 ("bcma: init serial console directly from ChipCommon code") Reported-by: Felix Fietkau Cc: stable@vger.kernel.org # 4.6+ Signed-off-by: Rafał Miłecki Signed-off-by: Kalle Valo drivers/bcma/bcma_private.h | 3 +++ drivers/bcma/driver_chipcommon.c | 11 +++-------- drivers/bcma/driver_mips.c | 3 +++ 3 files changed, 9 insertions(+), 8 deletions(-) commit 524dabe1c68e0bca25ce7b108099e5d89472a101 Author: Alexander Graf Date: Mon Jan 16 12:46:33 2017 +0100 arm64: Fix swiotlb fallback allocation Commit b67a8b29df introduced logic to skip swiotlb allocation when all memory is DMA accessible anyway. While this is a great idea, __dma_alloc still calls swiotlb code unconditionally to allocate memory when there is no CMA memory available. The swiotlb code is called to ensure that we at least try get_free_pages(). Without initialization, swiotlb allocation code tries to access io_tlb_list which is NULL. That results in a stack trace like this: Unable to handle kernel NULL pointer dereference at virtual address 00000000 [...] [] swiotlb_tbl_map_single+0xd0/0x2b0 [] swiotlb_alloc_coherent+0x10c/0x198 [] __dma_alloc+0x68/0x1a8 [] drm_gem_cma_create+0x98/0x108 [drm] [] drm_fbdev_cma_create_with_funcs+0xbc/0x368 [drm_kms_helper] [] drm_fbdev_cma_create+0x2c/0x40 [drm_kms_helper] [] drm_fb_helper_initial_config+0x238/0x410 [drm_kms_helper] [] drm_fbdev_cma_init_with_funcs+0x98/0x160 [drm_kms_helper] [] drm_fbdev_cma_init+0x40/0x58 [drm_kms_helper] [] vc4_kms_load+0x90/0xf0 [vc4] [] vc4_drm_bind+0xec/0x168 [vc4] [...] Thankfully swiotlb code just learned how to not do allocations with the FORCE_NO option. This patch configures the swiotlb code to use that if we decide not to initialize the swiotlb framework. Fixes: b67a8b29df ("arm64: mm: only initialize swiotlb when necessary") Signed-off-by: Alexander Graf CC: Jisheng Zhang CC: Geert Uytterhoeven CC: Konrad Rzeszutek Wilk Signed-off-by: Catalin Marinas arch/arm64/mm/init.c | 2 ++ 1 file changed, 2 insertions(+) commit 6b8ac63847bc2f958dd93c09edc941a0118992d9 Author: Eric Anholt Date: Tue Jan 17 21:58:06 2017 +1100 drm/vc4: Return -EINVAL on the overflow checks failing. By failing to set the errno, we'd continue on to trying to set up the RCL, and then oops on trying to dereference the tile_bo that binning validation should have set up. Reported-by: Ingo Molnar Signed-off-by: Eric Anholt Fixes: d5b1a78a772f ("drm/vc4: Add support for drawing 3D frames.") drivers/gpu/drm/vc4/vc4_gem.c | 1 + 1 file changed, 1 insertion(+) commit 0f2ff82e11c86c05d051cae32b58226392d33bbf Author: Eric Anholt Date: Tue Jan 17 21:42:53 2017 +1100 drm/vc4: Fix an integer overflow in temporary allocation layout. We copy the unvalidated ioctl arguments from the user into kernel temporary memory to run the validation from, to avoid a race where the user updates the unvalidate contents in between validating them and copying them into the validated BO. However, in setting up the layout of the kernel side, we failed to check one of the additions (the roundup() for shader_rec_offset) against integer overflow, allowing a nearly MAX_UINT value of bin_cl_size to cause us to under-allocate the temporary space that we then copy_from_user into. Reported-by: Murray McAllister Signed-off-by: Eric Anholt Fixes: d5b1a78a772f ("drm/vc4: Add support for drawing 3D frames.") drivers/gpu/drm/vc4/vc4_gem.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 21ccc32496b2f63228f5232b3ac0e426e8fb3c31 Author: Dan Carpenter Date: Fri Jan 13 10:49:00 2017 +0300 drm/vc4: fix a bounds check We accidentally return success even if vc4_full_res_bounds_check() fails. Fixes: d5b1a78a772f ("drm/vc4: Add support for drawing 3D frames.") Signed-off-by: Dan Carpenter Reviewed-by: Eric Engestrom Reviewed-by: Eric Anholt drivers/gpu/drm/vc4/vc4_render_cl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 7622b25543665567d8830a63210385b7d705924b Author: Eric Anholt Date: Mon Oct 10 09:44:06 2016 -0700 drm/vc4: Fix memory leak of the CRTC state. The underscores variant frees the pointers inside, while the no-underscores variant calls underscores and then frees the struct. Signed-off-by: Eric Anholt Fixes: d8dbf44f13b9 ("drm/vc4: Make the CRTCs cooperate on allocating display lists.") Cc: stable@vger.kernel.org drivers/gpu/drm/vc4/vc4_crtc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 4e71de7986386d5fd3765458f27d612931f27f5e Author: Zhou Chengming Date: Mon Jan 16 11:21:11 2017 +0800 perf/x86/intel: Handle exclusive threadid correctly on CPU hotplug The CPU hotplug function intel_pmu_cpu_starting() sets cpu_hw_events.excl_thread_id unconditionally to 1 when the shared exclusive counters data structure is already availabe for the sibling thread. This works during the boot process because the first sibling gets threadid 0 assigned and the second sibling which shares the data structure gets 1. But when the first thread of the core is offlined and onlined again it shares the data structure with the second thread and gets exclusive thread id 1 assigned as well. Prevent this by checking the threadid of the already online thread. [ tglx: Rewrote changelog ] Signed-off-by: Zhou Chengming Cc: NuoHan Qiao Cc: ak@linux.intel.com Cc: peterz@infradead.org Cc: kan.liang@intel.com Cc: dave.hansen@linux.intel.com Cc: eranian@google.com Cc: qiaonuohan@huawei.com Cc: davidcc@google.com Cc: guohanjun@huawei.com Link: http://lkml.kernel.org/r/1484536871-3131-1-git-send-email-zhouchengming1@huawei.com Signed-off-by: Thomas Gleixner --- --- arch/x86/events/intel/core.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) arch/x86/events/intel/core.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) commit 833674a45ec7506f67eca93d51741ba5bc9c93f9 Merge: 49def18 efe357f Author: Greg Kroah-Hartman Date: Tue Jan 17 10:34:44 2017 +0100 Merge tag 'fixes-for-v4.10-rc5' of git://git.kernel.org/pub/scm/linux/kernel/git/balbi/usb into usb-linus Felipe writes: usb: fixes for v4.10-rc5 One memory leak fix on the atmel UDC. Several fixes for dwc2. A fix on composite.c to use usb_ep_free_request() when freeing struct usb_request. commit bc7c36eedb0c7004aa06c2afc3c5385adada8fa3 Author: Joonyoung Shim Date: Tue Jan 17 13:54:36 2017 +0900 clocksource/exynos_mct: Clear interrupt when cpu is shut down When a CPU goes offline a potentially pending timer interrupt is not cleared. When the CPU comes online again then the pending interrupt is delivered before the per cpu clockevent device is initialized. As a consequence the tick interrupt handler dereferences a NULL pointer. [ 51.251378] Unable to handle kernel NULL pointer dereference at virtual address 00000040 [ 51.289348] task: ee942d00 task.stack: ee960000 [ 51.293861] PC is at tick_periodic+0x38/0xb0 [ 51.298102] LR is at tick_handle_periodic+0x1c/0x90 Clear the pending interrupt in the cpu dying path. Fixes: 56a94f13919c ("clocksource: exynos_mct: Avoid blocking calls in the cpu hotplug notifier") Reported-by: Seung-Woo Kim Signed-off-by: Joonyoung Shim Cc: linux-samsung-soc@vger.kernel.org Cc: cw00.choi@samsung.com Cc: daniel.lezcano@linaro.org Cc: stable@vger.kernel.org Cc: javier@osg.samsung.com Cc: kgene@kernel.org Cc: krzk@kernel.org Cc: linux-arm-kernel@lists.infradead.org Link: http://lkml.kernel.org/r/1484628876-22065-1-git-send-email-jy0922.shim@samsung.com Signed-off-by: Thomas Gleixner drivers/clocksource/exynos_mct.c | 1 + 1 file changed, 1 insertion(+) commit 62f0a11e2339e1ba154600d1f49ef5d5d84eaae4 Author: Chris Wilson Date: Fri Jan 6 19:58:16 2017 +0000 drm/i915/gvt: Fix relocation of shadow bb set_gma_to_bb_cmd() is completely bogus - it is (incorrectly) applying the rules to read a GTT offset from a command as opposed to writing the GTT offset. And to cap it all set_gma_to_bb_cmd() is called within a list iterator of the most strange construction. Fixes: be1da7070aea ("drm/i915/gvt: vGPU command scanner") Signed-off-by: Chris Wilson Cc: Zhenyu Wang Cc: Zhi Wang Cc: Yulei Zhang Cc: # v4.10-rc1+ Tested-by: Tina Zhang Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/execlist.c | 64 ++++++++++-------------------------- drivers/gpu/drm/i915/gvt/scheduler.h | 2 +- 2 files changed, 19 insertions(+), 47 deletions(-) commit 58c744da9dcc82a4b55a18e05149ae0e32624d11 Author: Tina Zhang Date: Tue Jan 17 14:33:16 2017 +0800 drm/i915/gvt: Enable the shadow batch buffer Shadow batch buffer is used to shadow the privileged batch buffer which is submitted by vGPU's workload. This patch is used to unmark this functionality. Signed-off-by: Tina Zhang Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/cmd_parser.c | 4 ---- 1 file changed, 4 deletions(-) commit 6c75a5d1131eba90fcf04adc586167e65afc79b0 Merge: 0c744ea db83188 Author: Zhang Rui Date: Tue Jan 17 15:51:21 2017 +0800 Merge branch 'fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/evalenti/linux-soc-thermal into thermal-soc commit 941d3156e9a5d6826b17d451ccac876aa2f7a0d2 Merge: dcde6b1 f0e8faa Author: Olof Johansson Date: Mon Jan 16 22:25:55 2017 -0800 Merge tag 'ux500-fix-for-armsoc' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-stericsson into fixes A single PM fix from Arnd * tag 'ux500-fix-for-armsoc' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-stericsson: ARM: ux500: fix prcmu_is_cpu_in_wfi() calculation Signed-off-by: Olof Johansson commit dcde6b16eb6fda3f6434074e08b141c3d1f93308 Merge: e577969 6771e01 Author: Olof Johansson Date: Mon Jan 16 22:09:05 2017 -0800 Merge tag 'arm-soc/for-4.10/devicetree-fixes' of http://github.com/Broadcom/stblinux into fixes This pull request contains Broadcom ARM-based SoC Device Tree fixes for v4.10, please pull the following: - Jon fixes an invalid value for the "ranges" property of the bus nodes on NorthStar Plus SoCs * tag 'arm-soc/for-4.10/devicetree-fixes' of http://github.com/Broadcom/stblinux: ARM: dts: NSP: Fix DT ranges error Signed-off-by: Olof Johansson commit e577969aee3681866fd0d3b54a2ec5e2a8005523 Merge: 9fab907 91546c5 Author: Olof Johansson Date: Mon Jan 16 22:07:31 2017 -0800 Merge tag 'arm-soc/for-4.10/defconfig-fixes' of http://github.com/Broadcom/stblinux into fixes This pull request contains fixes to multi_v7_defconfig for Broadcom ARM-based SoCs, please pull the following changes: - Valenting fixes two incorrect Kconfig symbols for BCM47xx: NVRAM and watchdog drivers * tag 'arm-soc/for-4.10/defconfig-fixes' of http://github.com/Broadcom/stblinux: ARM: multi_v7_defconfig: set bcm47xx watchdog ARM: multi_v7_defconfig: fix config typo Signed-off-by: Olof Johansson commit 9fab907f3de67b6124b0337f11efe384c325d49d Merge: 927867a 3ef01c9 Author: Olof Johansson Date: Mon Jan 16 21:46:42 2017 -0800 Merge tag 'samsung-fixes-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/krzk/linux into fixes Samsung fixes for v4.10: 1. Update maintainers entry with Patchwork address. 2. Fix invalid values for NF_CT_PROTO_* in s3c2410 defconfig (these options cannot be modules anymore). * tag 'samsung-fixes-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/krzk/linux: ARM: s3c2410_defconfig: Fix invalid values for NF_CT_PROTO_* MAINTAINERS: Add Patchwork URL to Samsung Exynos entry Signed-off-by: Olof Johansson commit 927867a4b78b86d9eac48fe805e9af50cfd55da0 Merge: a11f470 3116d37 Author: Olof Johansson Date: Mon Jan 16 21:45:54 2017 -0800 Merge tag 'sunxi-fixes-for-4.10' of https://git.kernel.org/pub/scm/linux/kernel/git/mripard/linux into fixes Allwinner fixes for 4.10 A few fixes here and there to enable the build of some DT leftover, prevent display issues or setup a proper muxing. * tag 'sunxi-fixes-for-4.10' of https://git.kernel.org/pub/scm/linux/kernel/git/mripard/linux: ARM: dts: sunxi: Change node name for pwrseq pin on Olinuxino-lime2-emmc ARM: dts: sun8i: Support DTB build for NanoPi M1 ARM: dts: sun6i: hummingbird: Enable display engine again ARM: dts: sun6i: Disable display pipeline by default Signed-off-by: Olof Johansson commit a11f4706d102ddf82ba38f1db93ac2a61b4685e7 Merge: 64cbff4 37530e7 Author: Olof Johansson Date: Mon Jan 16 21:44:56 2017 -0800 Merge tag 'imx-fixes-4.10-2' of git://git.kernel.org/pub/scm/linux/kernel/git/shawnguo/linux into fixes i.MX fixes for 4.10, 2nd round: - A couple of Nitrogen6 device tree fixes for audio codec probe failure, which is caused by that pinctrl setting for codec clock was not in the correct device node. * tag 'imx-fixes-4.10-2' of git://git.kernel.org/pub/scm/linux/kernel/git/shawnguo/linux: ARM: dts: imx6qdl-nitrogen6_som2: fix sgtl5000 pinctrl init ARM: dts: imx6qdl-nitrogen6_max: fix sgtl5000 pinctrl init Signed-off-by: Olof Johansson commit db8318865e2c04dbe3d95089c7215b94a5b879b7 Author: Caesar Wang Date: Thu Jan 5 12:37:55 2017 +0800 thermal: rockchip: fixes the conversion table As Ayaka reported the thermal was abormal on rk3288 at booting time. thermal thermal_zone1: critical temperature reached(125 C),shutting down thermal thermal_zone2: critical temperature reached(125 C),shutting down thermal thermal_zone1: critical temperature reached(125 C),shutting down thermal thermal_zone2: critical temperature reached(125 C),shutting down ... The root caused by reading the invald analogic value, the value is zero will convert the 125 degree to trigger the critical temperature. Fixes it with insteading of the incorrect reading now. Fixes commit cadf29dc2a8bcaae83 ("thermal: rockchip: optimize the conversion table") Reported-by: ayaka Signed-off-by: Caesar Wang Signed-off-by: Eduardo Valentin drivers/thermal/rockchip_thermal.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 5d0e7705774dd412a465896d08d59a81a345c1e4 Author: Tom Hromatka Date: Tue Jan 10 10:57:56 2017 -0700 sparc: Fixed typo in sstate.c. Replaced panicing with panicking Signed-off-by: Tom Hromatka Signed-off-by: David S. Miller arch/sparc/kernel/sstate.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 9728a7c8ab2f7a1c8d5c95278d2e4f4ac1285385 Author: Benjamin Herrenschmidt Date: Mon Jan 16 11:58:53 2017 -0600 powerpc/icp-opal: Fix missing KVM case and harden replay The icp-opal call is missing the code from icp-native to recover interrupts snatched by KVM. Without that, when running KVM, we can get into a situation where an interrupt is lost and the CPU stuck with an elevated CPPR. Also harden replay by always checking the return from opal_int_eoi(). Fixes: d74361881f0d ("powerpc/xics: Add ICP OPAL backend") Cc: stable@vger.kernel.org # v4.8+ Signed-off-by: Benjamin Herrenschmidt Signed-off-by: Michael Ellerman arch/powerpc/sysdev/xics/icp-opal.c | 31 ++++++++++++++++++++++++------- 1 file changed, 24 insertions(+), 7 deletions(-) commit 0faa9cb5b3836a979864a6357e01d2046884ad52 Author: Jamal Hadi Salim Date: Sun Jan 15 10:14:06 2017 -0500 net sched actions: fix refcnt when GETing of action after bind Demonstrating the issue: .. add a drop action $sudo $TC actions add action drop index 10 .. retrieve it $ sudo $TC -s actions get action gact index 10 action order 1: gact action drop random type none pass val 0 index 10 ref 2 bind 0 installed 29 sec used 29 sec Action statistics: Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 ... bug 1 above: reference is two. Reference is actually 1 but we forget to subtract 1. ... do a GET again and we see the same issue try a few times and nothing changes ~$ sudo $TC -s actions get action gact index 10 action order 1: gact action drop random type none pass val 0 index 10 ref 2 bind 0 installed 31 sec used 31 sec Action statistics: Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 ... lets try to bind the action to a filter.. $ sudo $TC qdisc add dev lo ingress $ sudo $TC filter add dev lo parent ffff: protocol ip prio 1 \ u32 match ip dst 127.0.0.1/32 flowid 1:1 action gact index 10 ... and now a few GETs: $ sudo $TC -s actions get action gact index 10 action order 1: gact action drop random type none pass val 0 index 10 ref 3 bind 1 installed 204 sec used 204 sec Action statistics: Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 $ sudo $TC -s actions get action gact index 10 action order 1: gact action drop random type none pass val 0 index 10 ref 4 bind 1 installed 206 sec used 206 sec Action statistics: Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 $ sudo $TC -s actions get action gact index 10 action order 1: gact action drop random type none pass val 0 index 10 ref 5 bind 1 installed 235 sec used 235 sec Action statistics: Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 .... as can be observed the reference count keeps going up. After the fix $ sudo $TC actions add action drop index 10 $ sudo $TC -s actions get action gact index 10 action order 1: gact action drop random type none pass val 0 index 10 ref 1 bind 0 installed 4 sec used 4 sec Action statistics: Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 $ sudo $TC -s actions get action gact index 10 action order 1: gact action drop random type none pass val 0 index 10 ref 1 bind 0 installed 6 sec used 6 sec Action statistics: Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 $ sudo $TC qdisc add dev lo ingress $ sudo $TC filter add dev lo parent ffff: protocol ip prio 1 \ u32 match ip dst 127.0.0.1/32 flowid 1:1 action gact index 10 $ sudo $TC -s actions get action gact index 10 action order 1: gact action drop random type none pass val 0 index 10 ref 2 bind 1 installed 32 sec used 32 sec Action statistics: Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 $ sudo $TC -s actions get action gact index 10 action order 1: gact action drop random type none pass val 0 index 10 ref 2 bind 1 installed 33 sec used 33 sec Action statistics: Sent 0 bytes 0 pkt (dropped 0, overlimits 0 requeues 0) backlog 0b 0p requeues 0 Fixes: aecc5cefc389 ("net sched actions: fix GETing actions") Signed-off-by: Jamal Hadi Salim Signed-off-by: David S. Miller net/sched/act_api.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) commit 32b53c012e0bfe20b2745962a89db0dc72ef3270 Author: Reza Arbab Date: Tue Jan 3 14:39:51 2017 -0600 powerpc/mm: Fix memory hotplug BUG() on radix Memory hotplug is leading to hash page table calls, even on radix: arch_add_memory create_section_mapping htab_bolt_mapping BUG_ON(!ppc_md.hpte_insert); To fix, refactor {create,remove}_section_mapping() into hash__ and radix__ variants. Leave the radix versions stubbed for now. Reviewed-by: Aneesh Kumar K.V Acked-by: Balbir Singh Signed-off-by: Reza Arbab Signed-off-by: Michael Ellerman arch/powerpc/include/asm/book3s/64/hash.h | 4 ++++ arch/powerpc/mm/hash_utils_64.c | 4 ++-- arch/powerpc/mm/pgtable-book3s64.c | 18 ++++++++++++++++++ 3 files changed, 24 insertions(+), 2 deletions(-) commit 7e9081c5aac73b8a0bc22e0b3e7a12c3e9cf5256 Author: Gustavo Padovan Date: Fri Jan 13 12:22:09 2017 -0200 drm/fence: fix memory overwrite when setting out_fence fd Currently if the userspace declares a int variable to store the out_fence fd and pass it to OUT_FENCE_PTR the kernel will overwrite the 32 bits above the int variable on 64 bits systems. Fix this by making the internal storage of out_fence in the kernel a s32 pointer. Reported-by: Chad Versace Signed-off-by: Gustavo Padovan Fixes: beaf5af48034 ("drm/fence: add out-fences support") Cc: Daniel Vetter Cc: Rafael Antognolli Cc: Laurent Pinchart Acked-by: Laurent Pinchart Reviewed-and-Tested-by: Chad Versace Link: http://patchwork.freedesktop.org/patch/msgid/1484317329-9293-1-git-send-email-gustavo@padovan.org drivers/gpu/drm/drm_atomic.c | 12 ++++++------ include/drm/drm_atomic.h | 2 +- include/drm/drm_mode_config.h | 2 +- 3 files changed, 8 insertions(+), 8 deletions(-) commit 67d35e70af9cabb663c827e03bc5c1e89b43db72 Author: Fam Zheng Date: Fri Jan 13 11:40:01 2017 +0800 scsi: libfc: Fix variable name in fc_set_wwpn The parameter name should be wwpn instead of wwnn. Signed-off-by: Fam Zheng Acked-by: Johannes Thumshirn Signed-off-by: Martin K. Petersen include/scsi/libfc.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 5cf7a0f3442b2312326c39f571d637669a478235 Merge: 2eabb8b c6180a6 Author: Linus Torvalds Date: Mon Jan 16 12:15:59 2017 -0800 Merge tag 'nfs-for-4.10-3' of git://git.linux-nfs.org/projects/trondmy/linux-nfs Pull NFS client bugfixes from Trond Myklebust: - fix invalid fget()/fput() calls when doing file locking - fix multiple directory cache invalidation issues due to the client failing to recognise that the directory wasn't changed - fix client recovery when server reboots multiple times * tag 'nfs-for-4.10-3' of git://git.linux-nfs.org/projects/trondmy/linux-nfs: NFSv4: Fix client recovery when server reboots multiple times NFSv4: update_changeattr should update the attribute timestamp NFSv4: Don't call update_changeattr() unless the unlink is successful NFSv4: Don't apply change_info4 twice on rename within a directory NFSv4: Call update_changeattr() from _nfs4_proc_open only if a file was created nfs: Don't take a reference on fl->fl_file for LOCK operation commit 617125e759673873e6503481d7dabaee6ded7af8 Merge: b618ab4 9577b17 Author: David S. Miller Date: Mon Jan 16 15:08:29 2017 -0500 Merge branch 'mlx4-core-fixes' Tariq Toukan says: ==================== mlx4 core fixes This patchset contains bug fixes from Jack to the mlx4 Core driver. Patch 1 solves a race in the flow of CQ free. Patch 2 moves some qp context flags update to the correct qp transition. Patch 3 eliminates warnings from the path of SRQ_LIMIT that flood the message log, and keeps them only in the path of SRQ_CATAS_ERROR. Series generated against net commit: 1a717fcf8bbe Merge tag 'mac80211-for-davem-2017-01-13' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211 ==================== Signed-off-by: David S. Miller commit 9577b174cd0323d287c994ef0891db71666d0765 Author: Jack Morgenstein Date: Mon Jan 16 18:31:39 2017 +0200 net/mlx4_core: Eliminate warning messages for SRQ_LIMIT under SRIOV When running SRIOV, warnings for SRQ LIMIT events flood the Hypervisor's message log when (correct, normally operating) apps use SRQ LIMIT events as a trigger to post WQEs to SRQs. Add more information to the existing debug printout for SRQ_LIMIT, and output the warning messages only for the SRQ CATAS ERROR event. Fixes: acba2420f9d2 ("mlx4_core: Add wrapper functions and comm channel and slave event support to EQs") Fixes: e0debf9cb50d ("mlx4_core: Reduce warning message for SRQ_LIMIT event to debug level") Signed-off-by: Jack Morgenstein Signed-off-by: Tariq Toukan Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx4/eq.c | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) commit 7c3945bc2073554bb2ecf983e073dee686679c53 Author: Jack Morgenstein Date: Mon Jan 16 18:31:38 2017 +0200 net/mlx4_core: Fix when to save some qp context flags for dynamic VST to VGT transitions Save the qp context flags byte containing the flag disabling vlan stripping in the RESET to INIT qp transition, rather than in the INIT to RTR transition. Per the firmware spec, the flags in this byte are active in the RESET to INIT transition. As a result of saving the flags in the incorrect qp transition, when switching dynamically from VGT to VST and back to VGT, the vlan remained stripped (as is required for VST) and did not return to not-stripped (as is required for VGT). Fixes: f0f829bf42cd ("net/mlx4_core: Add immediate activate for VGT->VST->VGT") Signed-off-by: Jack Morgenstein Signed-off-by: Tariq Toukan Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx4/resource_tracker.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 291c566a28910614ce42d0ffe82196eddd6346f4 Author: Jack Morgenstein Date: Mon Jan 16 18:31:37 2017 +0200 net/mlx4_core: Fix racy CQ (Completion Queue) free In function mlx4_cq_completion() and mlx4_cq_event(), the radix_tree_lookup requires a rcu_read_lock. This is mandatory: if another core frees the CQ, it could run the radix_tree_node_rcu_free() call_rcu() callback while its being used by the radix tree lookup function. Additionally, in function mlx4_cq_event(), since we are adding the rcu lock around the radix-tree lookup, we no longer need to take the spinlock. Also, the synchronize_irq() call for the async event eliminates the need for incrementing the cq reference count in mlx4_cq_event(). Other changes: 1. In function mlx4_cq_free(), replace spin_lock_irq with spin_lock: we no longer take this spinlock in the interrupt context. The spinlock here, therefore, simply protects against different threads simultaneously invoking mlx4_cq_free() for different cq's. 2. In function mlx4_cq_free(), we move the radix tree delete to before the synchronize_irq() calls. This guarantees that we will not access this cq during any subsequent interrupts, and therefore can safely free the CQ after the synchronize_irq calls. The rcu_read_lock in the interrupt handlers only needs to protect against corrupting the radix tree; the interrupt handlers may access the cq outside the rcu_read_lock due to the synchronize_irq calls which protect against premature freeing of the cq. 3. In function mlx4_cq_event(), we change the mlx_warn message to mlx4_dbg. 4. We leave the cq reference count mechanism in place, because it is still needed for the cq completion tasklet mechanism. Fixes: 6d90aa5cf17b ("net/mlx4_core: Make sure there are no pending async events when freeing CQ") Fixes: 225c7b1feef1 ("IB/mlx4: Add a driver Mellanox ConnectX InfiniBand adapters") Signed-off-by: Jack Morgenstein Signed-off-by: Matan Barak Signed-off-by: Tariq Toukan Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx4/cq.c | 38 +++++++++++++++++---------------- 1 file changed, 20 insertions(+), 18 deletions(-) commit b618ab4561d40664492cf9f9507f19a1c8272970 Author: Heiner Kallweit Date: Sun Jan 15 19:19:00 2017 +0100 net: stmmac: don't use netdev_[dbg, info, ..] before net_device is registered Don't use netdev_info and friends before the net_device is registered. This avoids ugly messages like "meson8b-dwmac c9410000.ethernet (unnamed net_device) (uninitialized): Enable RX Mitigation via HW Watchdog Timer" Signed-off-by: Heiner Kallweit Signed-off-by: David S. Miller drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) commit abeffce90c7f6ce74de9794ad0977a168edf8ef6 Author: Arnd Bergmann Date: Sun Jan 15 19:50:46 2017 +0200 net/mlx5e: Fix a -Wmaybe-uninitialized warning As found by Olof's build bot, we gain a harmless warning about a potential uninitialized variable reference in mlx5: drivers/net/ethernet/mellanox/mlx5/core/en_tc.c: In function 'parse_tc_fdb_actions': drivers/net/ethernet/mellanox/mlx5/core/en_tc.c:769:13: warning: 'out_dev' may be used uninitialized in this function [-Wmaybe-uninitialized] drivers/net/ethernet/mellanox/mlx5/core/en_tc.c:811:21: note: 'out_dev' was declared here This was introduced through the addition of an 'IS_ERR/PTR_ERR' pair that gcc is unfortunately unable to completely figure out. The problem being gcc cannot tell that if(IS_ERR()) in mlx5e_route_lookup_ipv4() is equivalent to checking if(err) later, so it assumes that 'out_dev' is used after the 'return PTR_ERR(rt)'. The PTR_ERR_OR_ZERO() case by comparison is fairly easy to detect by gcc, so it can't get that wrong, so it no longer warns. Hadar Hen Zion already attempted to fix the warning earlier by adding fake initializations, but that ended up not fully addressing all warnings, so I'm reverting it now that it is no longer needed. Link: http://arm-soc.lixom.net/buildlogs/mainline/v4.10-rc3-98-gcff3b2c/ Fixes: a42485eb0ee4 ("net/mlx5e: TC ipv4 tunnel encap offload error flow fixes") Fixes: a757d108dc1a ("net/mlx5e: Fix kbuild warnings for uninitialized parameters") Signed-off-by: Arnd Bergmann Signed-off-by: Or Gerlitz Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) commit 8a367e74c0120ef68c8c70d5a025648c96626dff Author: Basil Gunn Date: Sat Jan 14 12:18:55 2017 -0800 ax25: Fix segfault after sock connection timeout The ax.25 socket connection timed out & the sock struct has been previously taken down ie. sock struct is now a NULL pointer. Checking the sock_flag causes the segfault. Check if the socket struct pointer is NULL before checking sock_flag. This segfault is seen in timed out netrom connections. Please submit to -stable. Signed-off-by: Basil Gunn Signed-off-by: David S. Miller net/ax25/ax25_subr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit f1f7714ea51c56b7163fb1a5acf39c6a204dd758 Author: Daniel Borkmann Date: Fri Jan 13 23:38:15 2017 +0100 bpf: rework prog_digest into prog_tag Commit 7bd509e311f4 ("bpf: add prog_digest and expose it via fdinfo/netlink") was recently discussed, partially due to admittedly suboptimal name of "prog_digest" in combination with sha1 hash usage, thus inevitably and rightfully concerns about its security in terms of collision resistance were raised with regards to use-cases. The intended use cases are for debugging resp. introspection only for providing a stable "tag" over the instruction sequence that both kernel and user space can calculate independently. It's not usable at all for making a security relevant decision. So collisions where two different instruction sequences generate the same tag can happen, but ideally at a rather low rate. The "tag" will be dumped in hex and is short enough to introspect in tracepoints or kallsyms output along with other data such as stack trace, etc. Thus, this patch performs a rename into prog_tag and truncates the tag to a short output (64 bits) to make it obvious it's not collision-free. Should in future a hash or facility be needed with a security relevant focus, then we can think about requirements, constraints, etc that would fit to that situation. For now, rework the exposed parts for the current use cases as long as nothing has been released yet. Tested on x86_64 and s390x. Fixes: 7bd509e311f4 ("bpf: add prog_digest and expose it via fdinfo/netlink") Signed-off-by: Daniel Borkmann Acked-by: Alexei Starovoitov Cc: Andy Lutomirski Signed-off-by: David S. Miller include/linux/bpf.h | 2 +- include/linux/filter.h | 6 ++++-- include/uapi/linux/pkt_cls.h | 2 +- include/uapi/linux/tc_act/tc_bpf.h | 2 +- kernel/bpf/core.c | 14 ++++++++------ kernel/bpf/syscall.c | 8 ++++---- kernel/bpf/verifier.c | 2 +- net/sched/act_bpf.c | 5 ++--- net/sched/cls_bpf.c | 4 ++-- 9 files changed, 24 insertions(+), 21 deletions(-) commit 613f050d68a8ed3c0b18b9568698908ef7bbc1f7 Author: Masami Hiramatsu Date: Wed Jan 11 15:01:57 2017 +0900 perf probe: Fix to probe on gcc generated functions in modules Fix to probe on gcc generated functions on modules. Since probing on a module is based on its symbol name, it should be adjusted on actual symbols. E.g. without this fix, perf probe shows probe definition on non-exist symbol as below. $ perf probe -m build-x86_64/net/netfilter/nf_nat.ko -F in_range* in_range.isra.12 $ perf probe -m build-x86_64/net/netfilter/nf_nat.ko -D in_range p:probe/in_range nf_nat:in_range+0 With this fix, perf probe correctly shows a probe on gcc-generated symbol. $ perf probe -m build-x86_64/net/netfilter/nf_nat.ko -D in_range p:probe/in_range nf_nat:in_range.isra.12+0 This also fixes same problem on online module as below. $ perf probe -m i915 -D assert_plane p:probe/assert_plane i915:assert_plane.constprop.134+0 Signed-off-by: Masami Hiramatsu Tested-by: Arnaldo Carvalho de Melo Cc: Jiri Olsa Cc: Namhyung Kim Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/148411450673.9978.14905987549651656075.stgit@devbox Signed-off-by: Arnaldo Carvalho de Melo tools/perf/util/probe-event.c | 45 +++++++++++++++++++++++++++--------------- tools/perf/util/probe-finder.c | 7 +++++-- tools/perf/util/probe-finder.h | 3 +++ 3 files changed, 37 insertions(+), 18 deletions(-) commit 3e96dac7c956089d3f23aca98c4dfca57b6aaf8a Author: Masami Hiramatsu Date: Wed Jan 11 15:00:47 2017 +0900 perf probe: Add error checks to offline probe post-processing Add error check codes on post processing and improve it for offline probe events as: - post processing fails if no matched symbol found in map(-ENOENT) or strdup() failed(-ENOMEM). - Even if the symbol name is the same, it updates symbol address and offset. Signed-off-by: Masami Hiramatsu Cc: Jiri Olsa Cc: Namhyung Kim Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/148411443738.9978.4617979132625405545.stgit@devbox Signed-off-by: Arnaldo Carvalho de Melo tools/perf/util/probe-event.c | 50 ++++++++++++++++++++++++++++--------------- 1 file changed, 33 insertions(+), 17 deletions(-) commit 57d5f64d83ab5b5a5118b1597386dd76eaf4340d Author: Parthasarathy Bhuvaragan Date: Fri Jan 13 15:46:25 2017 +0100 tipc: allocate user memory with GFP_KERNEL flag Until now, we allocate memory always with GFP_ATOMIC flag. When the system is under memory pressure and a user tries to send, the send fails due to low memory. However, the user application can wait for free memory if we allocate it using GFP_KERNEL flag. In this commit, we use allocate memory with GFP_KERNEL for all user allocation. Reported-by: Rune Torgersen Acked-by: Jon Maloy Signed-off-by: Parthasarathy Bhuvaragan Signed-off-by: David S. Miller net/tipc/discover.c | 4 ++-- net/tipc/link.c | 2 +- net/tipc/msg.c | 16 ++++++++-------- net/tipc/msg.h | 2 +- net/tipc/name_distr.c | 2 +- 5 files changed, 13 insertions(+), 13 deletions(-) commit 34c55cf2fc75f8bf6ba87df321038c064cf2d426 Author: Karicheri, Muralidharan Date: Fri Jan 13 09:32:34 2017 -0500 net: phy: dp83867: allow RGMII_TXID/RGMII_RXID interface types Currently dp83867 driver returns error if phy interface type PHY_INTERFACE_MODE_RGMII_RXID is used to set the rx only internal delay. Similarly issue happens for PHY_INTERFACE_MODE_RGMII_TXID. Fix this by checking also the interface type if a particular delay value is missing in the phy dt bindings. Also update the DT document accordingly. Signed-off-by: Murali Karicheri Signed-off-by: Sekhar Nori Signed-off-by: David S. Miller Documentation/devicetree/bindings/net/ti,dp83867.txt | 6 ++++-- drivers/net/phy/dp83867.c | 8 ++++++-- 2 files changed, 10 insertions(+), 4 deletions(-) commit 02ca0423fd65a0a9c4d70da0dbb8f4b8503f08c7 Author: Jakub Sitnicki Date: Fri Jan 13 10:12:20 2017 +0100 ip6_tunnel: Account for tunnel header in tunnel MTU With ip6gre we have a tunnel header which also makes the tunnel MTU smaller. We need to reserve room for it. Previously we were using up space reserved for the Tunnel Encapsulation Limit option header (RFC 2473). Also, after commit b05229f44228 ("gre6: Cleanup GREv6 transmit path, call common GRE functions") our contract with the caller has changed. Now we check if the packet length exceeds the tunnel MTU after the tunnel header has been pushed, unlike before. This is reflected in the check where we look at the packet length minus the size of the tunnel header, which is already accounted for in tunnel MTU. Fixes: b05229f44228 ("gre6: Cleanup GREv6 transmit path, call common GRE functions") Signed-off-by: Jakub Sitnicki Signed-off-by: David S. Miller net/ipv6/ip6_tunnel.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit d2d4edbebe07ddb77980656abe7b9bc7a9e0cdf7 Author: Masami Hiramatsu Date: Wed Jan 11 14:59:38 2017 +0900 perf probe: Fix to show correct locations for events on modules Fix to show correct locations for events on modules by relocating given address instead of retrying after failure. This happens when the module text size is big enough, bigger than sh_addr, because the original code retries with given address + sh_addr if it failed to find CU DIE at the given address. Any address smaller than sh_addr always fails and it retries with the correct address, but addresses bigger than sh_addr will get a CU DIE which is on the given address (not adjusted by sh_addr). In my environment(x86-64), the sh_addr of ".text" section is 0x10030. Since i915 is a huge kernel module, we can see this issue as below. $ grep "[Tt] .*\[i915\]" /proc/kallsyms | sort | head -n1 ffffffffc0270000 t i915_switcheroo_can_switch [i915] ffffffffc0270000 + 0x10030 = ffffffffc0280030, so we'll check symbols cross this boundary. $ grep "[Tt] .*\[i915\]" /proc/kallsyms | grep -B1 ^ffffffffc028\ | head -n 2 ffffffffc027ff80 t haswell_init_clock_gating [i915] ffffffffc0280110 t valleyview_init_clock_gating [i915] So setup probes on both function and see what happen. $ sudo ./perf probe -m i915 -a haswell_init_clock_gating \ -a valleyview_init_clock_gating Added new events: probe:haswell_init_clock_gating (on haswell_init_clock_gating in i915) probe:valleyview_init_clock_gating (on valleyview_init_clock_gating in i915) You can now use it in all perf tools, such as: perf record -e probe:valleyview_init_clock_gating -aR sleep 1 $ sudo ./perf probe -l probe:haswell_init_clock_gating (on haswell_init_clock_gating@gpu/drm/i915/intel_pm.c in i915) probe:valleyview_init_clock_gating (on i915_vga_set_decode:4@gpu/drm/i915/i915_drv.c in i915) As you can see, haswell_init_clock_gating is correctly shown, but valleyview_init_clock_gating is not. With this patch, both events are shown correctly. $ sudo ./perf probe -l probe:haswell_init_clock_gating (on haswell_init_clock_gating@gpu/drm/i915/intel_pm.c in i915) probe:valleyview_init_clock_gating (on valleyview_init_clock_gating@gpu/drm/i915/intel_pm.c in i915) Committer notes: In my case: # perf probe -m i915 -a haswell_init_clock_gating -a valleyview_init_clock_gating Added new events: probe:haswell_init_clock_gating (on haswell_init_clock_gating in i915) probe:valleyview_init_clock_gating (on valleyview_init_clock_gating in i915) You can now use it in all perf tools, such as: perf record -e probe:valleyview_init_clock_gating -aR sleep 1 # perf probe -l probe:haswell_init_clock_gating (on i915_getparam+432@gpu/drm/i915/i915_drv.c in i915) probe:valleyview_init_clock_gating (on __i915_printk+240@gpu/drm/i915/i915_drv.c in i915) # # readelf -SW /lib/modules/4.9.0+/build/vmlinux | egrep -w '.text|Name' [Nr] Name Type Address Off Size ES Flg Lk Inf Al [ 1] .text PROGBITS ffffffff81000000 200000 822fd3 00 AX 0 0 4096 # So both are b0rked, now with the fix: # perf probe -m i915 -a haswell_init_clock_gating -a valleyview_init_clock_gating Added new events: probe:haswell_init_clock_gating (on haswell_init_clock_gating in i915) probe:valleyview_init_clock_gating (on valleyview_init_clock_gating in i915) You can now use it in all perf tools, such as: perf record -e probe:valleyview_init_clock_gating -aR sleep 1 # perf probe -l probe:haswell_init_clock_gating (on haswell_init_clock_gating@gpu/drm/i915/intel_pm.c in i915) probe:valleyview_init_clock_gating (on valleyview_init_clock_gating@gpu/drm/i915/intel_pm.c in i915) # Both looks correct. Signed-off-by: Masami Hiramatsu Tested-by: Arnaldo Carvalho de Melo Cc: Jiri Olsa Cc: Namhyung Kim Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/148411436777.9978.1440275861947194930.stgit@devbox Signed-off-by: Arnaldo Carvalho de Melo tools/perf/util/probe-finder.c | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) commit 1666d49e1d416fcc2cce708242a52fe3317ea8ba Author: Hangbin Liu Date: Thu Jan 12 21:19:37 2017 +0800 mld: do not remove mld souce list info when set link down This is an IPv6 version of commit 24803f38a5c0 ("igmp: do not remove igmp souce list..."). In mld_del_delrec(), we will restore back all source filter info instead of flush them. Move mld_clear_delrec() from ipv6_mc_down() to ipv6_mc_destroy_dev() since we should not remove source list info when set link down. Remove igmp6_group_dropped() in ipv6_mc_destroy_dev() since we have called it in ipv6_mc_down(). Also clear all source info after igmp6_group_dropped() instead of in it because ipv6_mc_down() will call igmp6_group_dropped(). Signed-off-by: Hangbin Liu Signed-off-by: David S. Miller net/ipv6/mcast.c | 51 ++++++++++++++++++++++++++++++--------------------- 1 file changed, 30 insertions(+), 21 deletions(-) commit 2eabb8b8d68bc9c7779ba8b04bec8d4f8baed0bc Merge: 49def18 ce1ca7d Author: Linus Torvalds Date: Mon Jan 16 09:34:37 2017 -0800 Merge tag 'nfsd-4.10-1' of git://linux-nfs.org/~bfields/linux Pull nfsd fixes from Bruce Fields: "Miscellaneous nfsd bugfixes, one for a 4.10 regression, three for older bugs" * tag 'nfsd-4.10-1' of git://linux-nfs.org/~bfields/linux: svcrdma: avoid duplicate dma unmapping during error recovery sunrpc: don't call sleeping functions from the notifier block callbacks svcrpc: don't leak contexts on PROC_DESTROY nfsd: fix supported attributes for acl & labels commit 90f92c631b210c1e97080b53a9d863783281a932 Author: Linus Walleij Date: Tue Sep 13 12:31:17 2016 +0100 ARM: 8613/1: Fix the uaccess crash on PB11MPCore The following patch was sketched by Russell in response to my crashes on the PB11MPCore after the patch for software-based priviledged no access support for ARMv8.1. See this thread: http://marc.info/?l=linux-arm-kernel&m=144051749807214&w=2 I am unsure what is going on, I suspect everyone involved in the discussion is. I just want to repost this to get the discussion restarted, as I still have to apply this patch with every kernel iteration to get my PB11MPCore Realview running. Testing by Neil Armstrong on the Oxnas NAS has revealed that this bug exist also on that widely deployed hardware, so we are probably currently regressing all ARM11MPCore systems. Cc: Russell King Cc: Will Deacon Fixes: a5e090acbf54 ("ARM: software-based priviledged-no-access support") Tested-by: Neil Armstrong Signed-off-by: Linus Walleij Signed-off-by: Russell King arch/arm/kernel/smp_tlb.c | 7 +++++++ 1 file changed, 7 insertions(+) commit 34393529163af7163ef8459808e3cf2af7db7f16 Author: Ivan Vecera Date: Fri Jan 13 22:38:29 2017 +0100 be2net: fix MAC addr setting on privileged BE3 VFs During interface opening MAC address stored in netdev->dev_addr is programmed in the HW with exception of BE3 VFs where the initial MAC is programmed by parent PF. This is OK when MAC address is not changed when an interfaces is down. In this case the requested MAC is stored to netdev->dev_addr and later is stored into HW during opening. But this is not done for all BE3 VFs so the NIC HW does not know anything about this change and all traffic is filtered. This is the case of bonding if fail_over_mac == 0 where the MACs of the slaves are changed while they are down. The be2net behavior is too restrictive because if a BE3 VF has the FILTMGMT privilege then it is able to modify its MAC without any restriction. To solve the described problem the driver should take care about these privileged BE3 VFs so the MAC is programmed during opening. And by contrast unpriviled BE3 VFs should not be allowed to change its MAC in any case. Cc: Sathya Perla Cc: Ajit Khaparde Cc: Sriharsha Basavapatna Cc: Somnath Kotur Signed-off-by: Ivan Vecera Signed-off-by: David S. Miller drivers/net/ethernet/emulex/benet/be_main.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) commit 6d928ae590c8d58cfd5cca997d54394de139cbb7 Author: Ivan Vecera Date: Fri Jan 13 22:38:28 2017 +0100 be2net: don't delete MAC on close on unprivileged BE3 VFs BE3 VFs without FILTMGMT privilege are not allowed to modify its MAC, VLAN table and UC/MC lists. So don't try to delete MAC on such VFs. Cc: Sathya Perla Cc: Ajit Khaparde Cc: Sriharsha Basavapatna Cc: Somnath Kotur Signed-off-by: Ivan Vecera Signed-off-by: David S. Miller drivers/net/ethernet/emulex/benet/be_main.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) commit fe68d8bfe59c561664aa87d827aa4b320eb08895 Author: Ivan Vecera Date: Fri Jan 13 22:38:27 2017 +0100 be2net: fix status check in be_cmd_pmac_add() Return value from be_mcc_notify_wait() contains a base completion status together with an additional status. The base_status() macro need to be used to access base status. Fixes: e3a7ae2 be2net: Changing MAC Address of a VF was broken Cc: Sathya Perla Cc: Ajit Khaparde Cc: Sriharsha Basavapatna Cc: Somnath Kotur Signed-off-by: Ivan Vecera Signed-off-by: David S. Miller drivers/net/ethernet/emulex/benet/be_cmds.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d43e6fb4ac4abfe4ef7c102833ed02330ad701e0 Author: Arnd Bergmann Date: Mon Jan 16 14:20:54 2017 +0100 cpmac: remove hopeless #warning The #warning was present 10 years ago when the driver first got merged. As the platform is rather obsolete by now, it seems very unlikely that the warning will cause anyone to fix the code properly. kernelci.org reports the warning for every build in the meantime, so I think it's better to just turn it into a code comment to reduce noise. Signed-off-by: Arnd Bergmann Signed-off-by: David S. Miller drivers/net/ethernet/ti/cpmac.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 8ec3e8a192ba6f13be4522ee81227c792c86fb1a Author: Masaru Nagai Date: Mon Jan 16 11:45:21 2017 +0100 ravb: do not use zero-length alignment DMA descriptor Due to alignment requirements of the hardware transmissions are split into two DMA descriptors, a small padding descriptor of 0 - 3 bytes in length followed by a descriptor for rest of the packet. In the case of IP packets the first descriptor will never be zero due to the way that the stack aligns buffers for IP packets. However, for non-IP packets it may be zero. In that case it has been reported that timeouts occur, presumably because transmission stops at the first zero-length DMA descriptor and thus the packet is not transmitted. However, in my environment a BUG is triggered as follows: [ 20.381417] ------------[ cut here ]------------ [ 20.386054] kernel BUG at lib/swiotlb.c:495! [ 20.390324] Internal error: Oops - BUG: 0 [#1] PREEMPT SMP [ 20.395805] Modules linked in: [ 20.398862] CPU: 0 PID: 2089 Comm: mz Not tainted 4.10.0-rc3-00001-gf13ad2db193f #162 [ 20.406689] Hardware name: Renesas Salvator-X board based on r8a7796 (DT) [ 20.413474] task: ffff80063b1f1900 task.stack: ffff80063a71c000 [ 20.419404] PC is at swiotlb_tbl_map_single+0x178/0x2ec [ 20.424625] LR is at map_single+0x4c/0x98 [ 20.428629] pc : [] lr : [] pstate: 800001c5 [ 20.436019] sp : ffff80063a71f9b0 [ 20.439327] x29: ffff80063a71f9b0 x28: ffff80063a20d500 [ 20.444636] x27: ffff000008ed5000 x26: 0000000000000000 [ 20.449944] x25: 000000067abe2adc x24: 0000000000000000 [ 20.455252] x23: 0000000000200000 x22: 0000000000000001 [ 20.460559] x21: 0000000000175ffe x20: ffff80063b2a0010 [ 20.465866] x19: 0000000000000000 x18: 0000ffffcae6fb20 [ 20.471173] x17: 0000ffffa09ba018 x16: ffff0000087c8b70 [ 20.476480] x15: 0000ffffa084f588 x14: 0000ffffa09cfa14 [ 20.481787] x13: 0000ffffcae87ff0 x12: 000000000063abe2 [ 20.487098] x11: ffff000008096360 x10: ffff80063abe2adc [ 20.492407] x9 : 0000000000000000 x8 : 0000000000000000 [ 20.497718] x7 : 0000000000000000 x6 : ffff000008ed50d0 [ 20.503028] x5 : 0000000000000000 x4 : 0000000000000001 [ 20.508338] x3 : 0000000000000000 x2 : 000000067abe2adc [ 20.513648] x1 : 00000000bafff000 x0 : 0000000000000000 [ 20.518958] [ 20.520446] Process mz (pid: 2089, stack limit = 0xffff80063a71c000) [ 20.526798] Stack: (0xffff80063a71f9b0 to 0xffff80063a720000) [ 20.532543] f9a0: ffff80063a71fa30 ffff00000839c680 [ 20.540374] f9c0: ffff80063b2a0010 ffff80063b2a0010 0000000000000001 0000000000000000 [ 20.548204] f9e0: 000000000000006e ffff80063b23c000 ffff80063b23c000 0000000000000000 [ 20.556034] fa00: ffff80063b23c000 ffff80063a20d500 000000013b1f1900 0000000000000000 [ 20.563864] fa20: ffff80063ffd18e0 ffff80063b2a0010 ffff80063a71fa60 ffff00000839cd10 [ 20.571694] fa40: ffff80063b2a0010 0000000000000000 ffff80063ffd18e0 000000067abe2adc [ 20.579524] fa60: ffff80063a71fa90 ffff000008096380 ffff80063b2a0010 0000000000000000 [ 20.587353] fa80: 0000000000000000 0000000000000001 ffff80063a71fac0 ffff00000864f770 [ 20.595184] faa0: ffff80063b23caf0 0000000000000000 0000000000000000 0000000000000140 [ 20.603014] fac0: ffff80063a71fb60 ffff0000087e6498 ffff80063a20d500 ffff80063b23c000 [ 20.610843] fae0: 0000000000000000 ffff000008daeaf0 0000000000000000 ffff000008daeb00 [ 20.618673] fb00: ffff80063a71fc0c ffff000008da7000 ffff80063b23c090 ffff80063a44f000 [ 20.626503] fb20: 0000000000000000 ffff000008daeb00 ffff80063a71fc0c ffff000008da7000 [ 20.634333] fb40: ffff80063b23c090 0000000000000000 ffff800600000037 ffff0000087e63d8 [ 20.642163] fb60: ffff80063a71fbc0 ffff000008807510 ffff80063a692400 ffff80063a20d500 [ 20.649993] fb80: ffff80063a44f000 ffff80063b23c000 ffff80063a69249c 0000000000000000 [ 20.657823] fba0: 0000000000000000 ffff80063a087800 ffff80063b23c000 ffff80063a20d500 [ 20.665653] fbc0: ffff80063a71fc10 ffff0000087e67dc ffff80063a20d500 ffff80063a692400 [ 20.673483] fbe0: ffff80063b23c000 0000000000000000 ffff80063a44f000 ffff80063a69249c [ 20.681312] fc00: ffff80063a5f1a10 000000103a087800 ffff80063a71fc70 ffff0000087e6b24 [ 20.689142] fc20: ffff80063a5f1a80 ffff80063a71fde8 000000000000000f 00000000000005ea [ 20.696972] fc40: ffff80063a5f1a10 0000000000000000 000000000000000f ffff00000887fbd0 [ 20.704802] fc60: fffffff43a5f1a80 0000000000000000 ffff80063a71fc80 ffff000008880240 [ 20.712632] fc80: ffff80063a71fd90 ffff0000087c7a34 ffff80063afc7180 0000000000000000 [ 20.720462] fca0: 0000ffffcae6fe18 0000000000000014 0000000060000000 0000000000000015 [ 20.728292] fcc0: 0000000000000123 00000000000000ce ffff0000088d2000 ffff80063b1f1900 [ 20.736122] fce0: 0000000000008933 ffff000008e7cb80 ffff80063a71fd80 ffff0000087c50a4 [ 20.743951] fd00: 0000000000008933 ffff000008e7cb80 ffff000008e7cb80 000000100000000e [ 20.751781] fd20: ffff80063a71fe4c 0000ffff00000300 0000000000000123 0000000000000000 [ 20.759611] fd40: 0000000000000000 ffff80063b1f0000 000000000000000e 0000000000000300 [ 20.767441] fd60: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 [ 20.775271] fd80: 0000000000000000 0000000000000000 ffff80063a71fda0 ffff0000087c8c20 [ 20.783100] fda0: 0000000000000000 ffff000008082f30 0000000000000000 0000800637260000 [ 20.790930] fdc0: ffffffffffffffff 0000ffffa0903078 0000000000000000 000000001ea87232 [ 20.798760] fde0: 000000000000000f ffff80063a71fe40 ffff800600000014 ffff000000000001 [ 20.806590] fe00: 0000000000000000 0000000000000000 ffff80063a71fde8 0000000000000000 [ 20.814420] fe20: 0000000000000000 0000000000000000 0000000000000000 0000000000000001 [ 20.822249] fe40: 0000000203000011 0000000000000000 0000000000000000 ffff80063a68aa00 [ 20.830079] fe60: ffff80063a68aa00 0000000000000003 0000000000008933 ffff0000081f1b9c [ 20.837909] fe80: 0000000000000000 ffff000008082f30 0000000000000000 0000800637260000 [ 20.845739] fea0: ffffffffffffffff 0000ffffa07ca81c 0000000060000000 0000000000000015 [ 20.853569] fec0: 0000000000000003 000000001ea87232 000000000000000f 0000000000000000 [ 20.861399] fee0: 0000ffffcae6fe18 0000000000000014 0000000000000300 0000000000000000 [ 20.869228] ff00: 00000000000000ce 0000000000000000 00000000ffffffff 0000000000000000 [ 20.877059] ff20: 0000000000000002 0000ffffcae87ff0 0000ffffa09cfa14 0000ffffa084f588 [ 20.884888] ff40: 0000000000000000 0000ffffa09ba018 0000ffffcae6fb20 000000001ea87010 [ 20.892718] ff60: 0000ffffa09b9000 0000ffffcae6fe30 0000ffffcae6fe18 000000000000000f [ 20.900548] ff80: 0000000000000003 000000001ea87232 0000000000000000 0000000000000000 [ 20.908378] ffa0: 0000000000000000 0000ffffcae6fdc0 0000ffffa09a7824 0000ffffcae6fdc0 [ 20.916208] ffc0: 0000ffffa0903078 0000000060000000 0000000000000003 00000000000000ce [ 20.924038] ffe0: 0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffffff [ 20.931867] Call trace: [ 20.934312] Exception stack(0xffff80063a71f7e0 to 0xffff80063a71f910) [ 20.940750] f7e0: 0000000000000000 0001000000000000 ffff80063a71f9b0 ffff00000839c4c0 [ 20.948580] f800: ffff80063a71f840 ffff00000888a6e4 ffff80063a24c418 ffff80063a24c448 [ 20.956410] f820: 0000000000000000 ffff00000811cd54 ffff80063a71f860 ffff80063a24c458 [ 20.964240] f840: ffff80063a71f870 ffff00000888b258 ffff80063a24c418 0000000000000001 [ 20.972070] f860: ffff80063a71f910 ffff80063a7b7028 ffff80063a71f890 ffff0000088825e4 [ 20.979899] f880: 0000000000000000 00000000bafff000 000000067abe2adc 0000000000000000 [ 20.987729] f8a0: 0000000000000001 0000000000000000 ffff000008ed50d0 0000000000000000 [ 20.995560] f8c0: 0000000000000000 0000000000000000 ffff80063abe2adc ffff000008096360 [ 21.003390] f8e0: 000000000063abe2 0000ffffcae87ff0 0000ffffa09cfa14 0000ffffa084f588 [ 21.011219] f900: ffff0000087c8b70 0000ffffa09ba018 [ 21.016097] [] swiotlb_tbl_map_single+0x178/0x2ec [ 21.022362] [] map_single+0x4c/0x98 [ 21.027411] [] swiotlb_map_page+0xa4/0x138 [ 21.033072] [] __swiotlb_map_page+0x20/0x7c [ 21.038821] [] ravb_start_xmit+0x174/0x668 [ 21.044484] [] dev_hard_start_xmit+0x8c/0x120 [ 21.050407] [] sch_direct_xmit+0x108/0x1a0 [ 21.056064] [] __dev_queue_xmit+0x194/0x4cc [ 21.061807] [] dev_queue_xmit+0x10/0x18 [ 21.067214] [] packet_sendmsg+0xf40/0x1220 [ 21.072873] [] sock_sendmsg+0x18/0x2c [ 21.078097] [] SyS_sendto+0xb0/0xf0 [ 21.083150] [] el0_svc_naked+0x24/0x28 [ 21.088462] Code: d34bfef7 2a1803f3 1a9f86d6 35fff878 (d4210000) [ 21.094611] ---[ end trace 5bc544ad491f3814 ]--- [ 21.099234] Kernel panic - not syncing: Fatal exception in interrupt [ 21.105587] Kernel Offset: disabled [ 21.109073] Memory Limit: none [ 21.112126] ---[ end Kernel panic - not syncing: Fatal exception in interrupt Fixes: 2f45d1902acf ("ravb: minimize TX data copying") Signed-off-by: Masaru Nagai Acked-by: Sergei Shtylyov Signed-off-by: David S. Miller drivers/net/ethernet/renesas/ravb_main.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) commit 0d7f4f0594fc38531e37b94a73ea3ebcc9d9bc11 Author: Russell King Date: Tue Nov 1 20:27:13 2016 +0000 MAINTAINERS: update rmk's entries Update my entries in the MAINTAINERS file with the same email address for kernel work, and, now that the git tree is hosted on more suitable hardware, add git tree references where appropriate. Signed-off-by: Russell King MAINTAINERS | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) commit 8cf699ec849f4ca1413cea01289bd7d37dbcc626 Author: Eric Dumazet Date: Fri Jan 13 08:39:24 2017 -0800 mlx4: do not call napi_schedule() without care Disable BH around the call to napi_schedule() to avoid following warning [ 52.095499] NOHZ: local_softirq_pending 08 [ 52.421291] NOHZ: local_softirq_pending 08 [ 52.608313] NOHZ: local_softirq_pending 08 Fixes: 8d59de8f7bb3 ("net/mlx4_en: Process all completions in RX rings after port goes up") Signed-off-by: Eric Dumazet Cc: Erez Shitrit Cc: Eugenia Emantayev Cc: Tariq Toukan Acked-by: Tariq Toukan Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx4/en_netdev.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit 507191952406c90290fb605ebd4ebfe34b7303b9 Merge: 1a717fc 8e38b7d Author: David S. Miller Date: Mon Jan 16 11:36:42 2017 -0500 Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth Johan Hedberg says: ==================== pull request: bluetooth 2017-01-16 Here are a couple of important 802.15.4 driver fixes for the 4.10 kernel. Please let me know if there are any issues pulling. Thanks. ==================== Signed-off-by: David S. Miller commit ee6ff743e3a4b697e8286054667d7e4e1b56510d Author: Ulf Hansson Date: Fri Jan 13 12:05:03 2017 +0100 mmc: core: Restore parts of the polling policy when switch to HS/HS DDR Regressions for not being able to detect an eMMC HS DDR mode card has been reported for the sdhci-esdhc-imx driver, but potentially other sdhci variants may suffer from the similar problem. The commit e173f8911f09 ("mmc: core: Update CMD13 polling policy when switch to HS DDR mode"), is causing the problem. It seems that change moved one step to far, regarding changing the host's timing before polling for a busy card. To fix this, let's move back to the behaviour when the host's timing is updated after the polling, but before the switch status is fetched and validated. In cases when polling with CMD13, we keep validating the switch status at each attempt. However, to align with the other card busy detections mechanism, let's fetch and validate the switch status also after the host's timing is updated. Reported-by: Clemens Gruber Reported-by: Gary Bisson Fixes: e173f8911f09 ("mmc: core: Update CMD13 polling policy when switch..") Cc: Shawn Lin Cc: Dong Aisheng Cc: Haibo Chen Signed-off-by: Ulf Hansson Tested-by: Clemens Gruber Tested-by: Jagan Teki Reviewed-by: Shawn Lin Tested-by: Haibo Chen Reviewed-by: Dong Aisheng drivers/mmc/core/mmc_ops.c | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) commit e4670b058af64639ec1aef4db845c39bfdfff7c4 Author: William Breathitt Gray Date: Mon Jan 9 17:24:18 2017 -0500 netfilter: Fix typo in NF_CONNTRACK Kconfig option description The NF_CONNTRACK Kconfig option description makes an incorrect reference to the "meta" expression where the "ct" expression would be correct.This patch fixes the respective typographical error. Fixes: d497c6352736 ("netfilter: add help information to new nf_tables Kconfig options") Signed-off-by: William Breathitt Gray Signed-off-by: Pablo Neira Ayuso net/netfilter/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d21e540b4dd74a26df7a66ebab75c693a4a6a861 Author: Liping Zhang Date: Sat Jan 7 20:51:50 2017 +0800 netfilter: nf_tables: fix possible oops when dumping stateful objects When dumping nft stateful objects, if NFTA_OBJ_TABLE and NFTA_OBJ_TYPE attributes are not specified either, filter will become NULL, so oops will happen(actually nft utility will always set NFTA_OBJ_TABLE attr, so I write a test program to make this happen): BUG: unable to handle kernel NULL pointer dereference at (null) IP: nf_tables_dump_obj+0x17c/0x330 [nf_tables] [...] Call Trace: ? nf_tables_dump_obj+0x5/0x330 [nf_tables] ? __kmalloc_reserve.isra.35+0x31/0x90 ? __alloc_skb+0x5b/0x1e0 netlink_dump+0x124/0x2a0 __netlink_dump_start+0x161/0x190 nf_tables_getobj+0xe8/0x280 [nf_tables] Fixes: a9fea2a3c3cf ("netfilter: nf_tables: allow to filter stateful object dumps by type") Signed-off-by: Liping Zhang Signed-off-by: Pablo Neira Ayuso net/netfilter/nf_tables_api.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 6443ebc3fdd6f3c766d9442c18be274b3d736050 Author: Liping Zhang Date: Sat Jan 7 20:49:18 2017 +0800 netfilter: rpfilter: fix incorrect loopback packet judgment Currently, we check the existing rtable in PREROUTING hook, if RTCF_LOCAL is set, we assume that the packet is loopback. But this assumption is incorrect, for example, a packet encapsulated in ipsec transport mode was received and routed to local, after decapsulation, it would be delivered to local again, and the rtable was not dropped, so RTCF_LOCAL check would trigger. But actually, the packet was not loopback. So for these normal loopback packets, we can check whether the in device is IFF_LOOPBACK or not. For these locally generated broadcast/multicast, we can check whether the skb->pkt_type is PACKET_LOOPBACK or not. Finally, there's a subtle difference between nft fib expr and xtables rpfilter extension, user can add the following nft rule to do strict rpfilter check: # nft add rule x y meta iif eth0 fib saddr . iif oif != eth0 drop So when the packet is loopback, it's better to store the in device instead of the LOOPBACK_IFINDEX, otherwise, after adding the above nft rule, locally generated broad/multicast packets will be dropped incorrectly. Fixes: f83a7ea2075c ("netfilter: xt_rpfilter: skip locally generated broadcast/multicast, too") Fixes: f6d0cbcf09c5 ("netfilter: nf_tables: add fib expression") Signed-off-by: Liping Zhang Signed-off-by: Pablo Neira Ayuso include/net/netfilter/nft_fib.h | 6 ++++++ net/ipv4/netfilter/ipt_rpfilter.c | 8 ++++---- net/ipv4/netfilter/nft_fib_ipv4.c | 15 +++++---------- net/ipv6/netfilter/ip6t_rpfilter.c | 8 ++++---- net/ipv6/netfilter/nft_fib_ipv6.c | 13 ++++--------- 5 files changed, 23 insertions(+), 27 deletions(-) commit d7f5762c5e532dfe8247ce1bc60d97af27ff8d00 Author: Alexander Alemayhu Date: Wed Jan 4 23:16:41 2017 +0100 netfilter: nf_tables: fix spelling mistakes o s/numerice/numeric o s/opertaor/operator Signed-off-by: Alexander Alemayhu Signed-off-by: Pablo Neira Ayuso include/uapi/linux/netfilter/nf_tables.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 4205e4786d0b9fc3b4fec7b1910cf645a0468307 Author: Thomas Gleixner Date: Tue Jan 10 14:01:05 2017 +0100 cpu/hotplug: Provide dynamic range for prepare stage Mathieu reported that the LTTNG modules are broken as of 4.10-rc1 due to the removal of the cpu hotplug notifiers. Usually I don't care much about out of tree modules, but LTTNG is widely used in distros. There are two ways to solve that: 1) Reserve a hotplug state for LTTNG 2) Add a dynamic range for the prepare states. While #1 is the simplest solution, #2 is the proper one as we can convert in tree users, which do not care about ordering, to the dynamic range as well. Add a dynamic range which allows LTTNG to request states in the prepare stage. Reported-and-tested-by: Mathieu Desnoyers Signed-off-by: Thomas Gleixner Reviewed-by: Mathieu Desnoyers Cc: Peter Zijlstra Cc: Sebastian Sewior Cc: Steven Rostedt Link: http://lkml.kernel.org/r/alpine.DEB.2.20.1701101353010.3401@nanos Signed-off-by: Thomas Gleixner include/linux/cpuhotplug.h | 2 ++ kernel/cpu.c | 22 ++++++++++++++++++---- 2 files changed, 20 insertions(+), 4 deletions(-) commit efe357f4633a12ca89bdf9bbdd8aaf5a7a0cc3c0 Author: Nicholas Mc Guire Date: Thu Jan 12 17:33:26 2017 +0100 usb: dwc2: host: fix Wmaybe-uninitialized warning Uninitialized char* causes a sparse build-warning, fix it up by initializing it to NULL. Acked-by: John Youn Signed-off-by: Nicholas Mc Guire Signed-off-by: Felipe Balbi drivers/usb/dwc2/hcd.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit ca02954ada711b08e5b0d84590a631fd63ed39f9 Author: Amelie Delaunay Date: Thu Jan 12 16:09:44 2017 +0100 usb: dwc2: gadget: Fix GUSBCFG.USBTRDTIM value USBTrdTim must be programmed to 0x5 when phy has a UTMI+ 16-bit wide interface or 0x9 when it has a 8-bit wide interface. GUSBCFG reset value (Value After Reset: 0x1400) sets USBTrdTim to 0x5. In case of 8-bit UTMI+, without clearing GUSBCFG.USBTRDTIM mask, USBTrdTim results in 0xD (0x5 | 0x9). That's why we need to clear GUSBCFG.USBTRDTIM mask before setting USBTrdTim value, to ensure USBTrdTim is correctly set in case of 8-bit UTMI+. Signed-off-by: Amelie Delaunay Signed-off-by: Felipe Balbi drivers/usb/dwc2/gadget.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit f80c2fb63295b371bd3c179d987a44c41f077856 Merge: e4621b7 c34eaa8 Author: Jani Nikula Date: Mon Jan 16 11:05:37 2017 +0200 Merge tag 'gvt-fixes-2017-01-16' of https://github.com/01org/gvt-linux into drm-intel-fixes gvt-fixes-2017-01-16 vGPU reset fixes from Changbin. Signed-off-by: Jani Nikula commit 3e4f7a4956e54143f7fc15c636158ad4166d219d Merge: f4d3935 52d7e48 Author: Ingo Molnar Date: Mon Jan 16 07:45:44 2017 +0100 Merge branch 'rcu/urgent' of git://git.kernel.org/pub/scm/linux/kernel/git/paulmck/linux-rcu into rcu/urgent Pull an urgent RCU fix from Paul E. McKenney: "This series contains a pair of commits that permit RCU synchronous grace periods (synchronize_rcu() and friends) to work correctly throughout boot. This eliminates the current "dead time" starting when the scheduler spawns its first taks and ending when the last of RCU's kthreads is spawned (this last happens during early_initcall() time). Although RCU's synchronous grace periods have long been documented as not working during this time, prior to 4.9, the expedited grace periods worked by accident, and some ACPI code came to rely on this unintentional behavior. (Note that this unintentional behavior was -not- reliable. For example, failures from ACPI could occur on !SMP systems and on systems booting with the rcu_normal kernel boot parameter.) Either way, there is a bug that needs fixing, and the 4.9 switch of RCU's expedited grace periods to workqueues could be considered to have caused a regression. This series therefore makes RCU's expedited grace periods operate correctly throughout the boot process. This has been demonstrated to fix the problems ACPI was encountering, and has the added longer-term benefit of simplifying RCU's behavior." Signed-off-by: Ingo Molnar commit 1d9995771fcbdd70d975b8dac4a201e76c9a2537 Author: Heiko Carstens Date: Mon Jan 9 13:23:55 2017 +0100 s390: update defconfigs Signed-off-by: Heiko Carstens arch/s390/configs/default_defconfig | 27 +++++++++--------- arch/s390/configs/gcov_defconfig | 50 ++++++++++++++++++++------------- arch/s390/configs/performance_defconfig | 33 ++++++++++++++-------- arch/s390/defconfig | 5 ++-- 4 files changed, 67 insertions(+), 48 deletions(-) commit e991c24d68b8c0ba297eeb7af80b1e398e98c33f Author: Heiko Carstens Date: Wed Dec 28 11:33:48 2016 +0100 s390/ctl_reg: make __ctl_load a full memory barrier We have quite a lot of code that depends on the order of the __ctl_load inline assemby and subsequent memory accesses, like e.g. disabling lowcore protection and the writing to lowcore. Since the __ctl_load macro does not have memory barrier semantics, nor any other dependencies the compiler is, theoretically, free to shuffle code around. Or in other words: storing to lowcore could happen before lowcore protection is disabled. In order to avoid this class of potential bugs simply add a full memory barrier to the __ctl_load macro. Signed-off-by: Heiko Carstens Signed-off-by: Martin Schwidefsky arch/s390/include/asm/ctl_reg.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 1a717fcf8bbeadc0e94da66b2d1f1099faeaa89b Merge: 75f01a4 dbef536 Author: David S. Miller Date: Sun Jan 15 22:17:59 2017 -0500 Merge tag 'mac80211-for-davem-2017-01-13' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211 Johannes Berg says: ==================== We have a number of fixes, in part because I was late in actually sending them out - will try to do better in the future: * handle VHT opmode properly when hostapd is controlling full station state * two fixes for minimum channel width in mac80211 * don't leave SMPS set to junk in HT capabilities * fix headroom when forwarding mesh packets, recently broken by another fix that failed to take into account frame encryption * fix the TID in null-data packets indicating EOSP (end of service period) in U-APSD * prevent attempting to use (and then failing which results in crashes) TXQs on stations that aren't added to the driver yet ==================== Signed-off-by: David S. Miller commit 75f01a4c9cc291ff5cb28ca1216adb163b7a20ee Author: Lance Richardson Date: Thu Jan 12 19:33:18 2017 -0500 openvswitch: maintain correct checksum state in conntrack actions When executing conntrack actions on skbuffs with checksum mode CHECKSUM_COMPLETE, the checksum must be updated to account for header pushes and pulls. Otherwise we get "hw csum failure" logs similar to this (ICMP packet received on geneve tunnel via ixgbe NIC): [ 405.740065] genev_sys_6081: hw csum failure [ 405.740106] CPU: 3 PID: 0 Comm: swapper/3 Tainted: G I 4.10.0-rc3+ #1 [ 405.740108] Call Trace: [ 405.740110] [ 405.740113] dump_stack+0x63/0x87 [ 405.740116] netdev_rx_csum_fault+0x3a/0x40 [ 405.740118] __skb_checksum_complete+0xcf/0xe0 [ 405.740120] nf_ip_checksum+0xc8/0xf0 [ 405.740124] icmp_error+0x1de/0x351 [nf_conntrack_ipv4] [ 405.740132] nf_conntrack_in+0xe1/0x550 [nf_conntrack] [ 405.740137] ? find_bucket.isra.2+0x62/0x70 [openvswitch] [ 405.740143] __ovs_ct_lookup+0x95/0x980 [openvswitch] [ 405.740145] ? netif_rx_internal+0x44/0x110 [ 405.740149] ovs_ct_execute+0x147/0x4b0 [openvswitch] [ 405.740153] do_execute_actions+0x22e/0xa70 [openvswitch] [ 405.740157] ovs_execute_actions+0x40/0x120 [openvswitch] [ 405.740161] ovs_dp_process_packet+0x84/0x120 [openvswitch] [ 405.740166] ovs_vport_receive+0x73/0xd0 [openvswitch] [ 405.740168] ? udp_rcv+0x1a/0x20 [ 405.740170] ? ip_local_deliver_finish+0x93/0x1e0 [ 405.740172] ? ip_local_deliver+0x6f/0xe0 [ 405.740174] ? ip_rcv_finish+0x3a0/0x3a0 [ 405.740176] ? ip_rcv_finish+0xdb/0x3a0 [ 405.740177] ? ip_rcv+0x2a7/0x400 [ 405.740180] ? __netif_receive_skb_core+0x970/0xa00 [ 405.740185] netdev_frame_hook+0xd3/0x160 [openvswitch] [ 405.740187] __netif_receive_skb_core+0x1dc/0xa00 [ 405.740194] ? ixgbe_clean_rx_irq+0x46d/0xa20 [ixgbe] [ 405.740197] __netif_receive_skb+0x18/0x60 [ 405.740199] netif_receive_skb_internal+0x40/0xb0 [ 405.740201] napi_gro_receive+0xcd/0x120 [ 405.740204] gro_cell_poll+0x57/0x80 [geneve] [ 405.740206] net_rx_action+0x260/0x3c0 [ 405.740209] __do_softirq+0xc9/0x28c [ 405.740211] irq_exit+0xd9/0xf0 [ 405.740213] do_IRQ+0x51/0xd0 [ 405.740215] common_interrupt+0x93/0x93 Fixes: 7f8a436eaa2c ("openvswitch: Add conntrack action") Signed-off-by: Lance Richardson Acked-by: Pravin B Shelar Signed-off-by: David S. Miller net/openvswitch/conntrack.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit 49def1853334396f948dcb4cedb9347abb318df5 Author: Linus Torvalds Date: Sun Jan 15 16:21:59 2017 -0800 Linux 4.10-rc4 Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 99421c1cb27fb837e93b517036fab4500fe39de5 Merge: c928162 93362fa Author: Linus Torvalds Date: Sun Jan 15 16:09:50 2017 -0800 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace Pull namespace fixes from Eric Biederman: "This tree contains 4 fixes. The first is a fix for a race that can causes oopses under the right circumstances, and that someone just recently encountered. Past that are several small trivial correct fixes. A real issue that was blocking development of an out of tree driver, but does not appear to have caused any actual problems for in-tree code. A potential deadlock that was reported by lockdep. And a deadlock people have experienced and took the time to track down caused by a cleanup that removed the code to drop a reference count" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace: sysctl: Drop reference added by grab_header in proc_sys_readdir pid: fix lockdep deadlock warning due to ucount_lock libfs: Modify mount_pseudo_xattr to be clear it is not a userspace mount mnt: Protect the mountpoint hashtable with mount_lock commit c92816275674c1491ce228ee49aa030a5fa1be04 Merge: 2d5a710 c8a6a09 Author: Linus Torvalds Date: Sun Jan 15 12:40:53 2017 -0800 Merge tag 'char-misc-4.10-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc Pull char/misc driver fixes from Greg KH: "Here are some small char/misc driver fixes for 4.10-rc4 that resolve some reported issues. The MEI driver issue resolves a lot of problems that people have been having, as does the mem driver fix. The other minor fixes resolve other reported issues. All of these have been in linux-next for a while" * tag 'char-misc-4.10-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: vme: Fix wrong pointer utilization in ca91cx42_slave_get auxdisplay: fix new ht16k33 build errors ppdev: don't print a free'd string extcon: return error code on failure drivers: char: mem: Fix thinkos in kmem address checks mei: bus: enable OS version only for SPT and newer commit 2d5a7101a140adcf7a5d8677649847fbb2dd5a2f Merge: 7f138b9 c7334ce Author: Linus Torvalds Date: Sun Jan 15 12:38:53 2017 -0800 Merge tag 'driver-core-4.10-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core Pull driver core fix from Greg KH: "Here is a single patch being reverted to remove a feature that was added in 4.10-rc1 that isn't quite ready for release. It will be redone as a debugfs file instead of a sysfs file in the future" * tag 'driver-core-4.10-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core: Revert "driver core: Add deferred_probe attribute to devices in sysfs" commit 7f138b9706f5f3528d598aefd35337d54a8c1afb Merge: 793e039 802c038 Author: Linus Torvalds Date: Sun Jan 15 12:36:32 2017 -0800 Merge tag 'tty-4.10-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty Pull tty/serial fixes from Greg KH: "Here are some small tty/serial driver fixes for 4.10-rc4 to resolve a number of reported issues. Nothing major here at all, one revert of a problematic patch, and some other tiny bugfixes. Full details are in the shortlog below. All have been in linux-next with no reported issues" * tag 'tty-4.10-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty: sysrq: attach sysrq handler correctly for 32-bit kernel Revert "tty: serial: 8250: add CON_CONSDEV to flags" Clearing FIFOs in RS485 emulation mode causes subsequent transmits to break 8250_pci: Fix potential use-after-free in error path tty/serial: atmel: RS485 half duplex w/DMA: enable RX after TX is done tty/serial: atmel_serial: BUG: stop DMA from transmitting in stop_tx commit 793e039ea07191946b5ec136db00f8b03ee4a13e Merge: aa2797b 97f9c5f Author: Linus Torvalds Date: Sun Jan 15 12:34:35 2017 -0800 Merge tag 'usb-4.10-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb Pull USB fixes from Greg KH: "Here are a few small USB driver fixes for 4.10-rc4 to resolve some reported issues. The "largest" here is a number of bugs being fixed in the ch341 usb-serial driver, to hopefully resolve the mess of different devices floating around that use this driver that have been having problems with the 4.10-rc1 release. There's also a tiny musb fix that I missed in the last pull request, as well as the traditional xhci fix rounding out the batch. All have been in linux-next with no reported issues" * tag 'usb-4.10-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: xhci: fix deadlock at host remove by running watchdog correctly USB: serial: ch341: fix control-message error handling usb: musb: fix runtime PM in debugfs wusbcore: Fix one more crypto-on-the-stack bug USB: serial: kl5kusb105: fix line-state error handling USB: serial: ch341: fix baud rate and line-control handling USB: serial: ch341: fix line settings after reset-resume USB: serial: ch341: fix resume after reset USB: serial: ch341: fix open error handling USB: serial: ch341: fix modem-control and B0 handling USB: serial: ch341: fix open and resume after B0 USB: serial: ch341: fix initial modem-control state commit aa2797b30c322531981f24833b082446072d3c79 Merge: 83346fb 701dc20 Author: Linus Torvalds Date: Sun Jan 15 12:28:14 2017 -0800 Merge branch 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux Pull i2c fixes from Wolfram Sang: "Bugfixes for I2C. Mostly core this time which is a bit unusual but nothing really scary in there" * 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux: i2c: piix4: Avoid race conditions with IMC i2c: fix spelling mistake: "insufficent" -> "insufficient" i2c: print correct device invalid address i2c: do not enable fall back to Host Notify by default i2c: fix kernel memory disclosure in dev interface commit 83346fbc07d267de777e2597552f785174ad0373 Merge: a11ce3a4 4538286 Author: Linus Torvalds Date: Sun Jan 15 12:03:11 2017 -0800 Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 fixes from Ingo Molnar: "Misc fixes: - unwinder fixes - AMD CPU topology enumeration fixes - microcode loader fixes - x86 embedded platform fixes - fix for a bootup crash that may trigger when clearcpuid= is used with invalid values" * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/mpx: Use compatible types in comparison to fix sparse error x86/tsc: Add the Intel Denverton Processor to native_calibrate_tsc() x86/entry: Fix the end of the stack for newly forked tasks x86/unwind: Include __schedule() in stack traces x86/unwind: Disable KASAN checks for non-current tasks x86/unwind: Silence warnings for non-current tasks x86/microcode/intel: Use correct buffer size for saving microcode data x86/microcode/intel: Fix allocation size of struct ucode_patch x86/microcode/intel: Add a helper which gives the microcode revision x86/microcode: Use native CPUID to tickle out microcode revision x86/CPU: Add native CPUID variants returning a single datum x86/boot: Add missing declaration of string functions x86/CPU/AMD: Fix Bulldozer topology x86/platform/intel-mid: Rename 'spidev' to 'mrfld_spidev' x86/cpu: Fix typo in the comment for Anniedale x86/cpu: Fix bootup crashes by sanitizing the argument of the 'clearcpuid=' command-line option commit a11ce3a4ac0ad78618cddb9ce16def7486f2707d Merge: 79078c5 24b91e3 Author: Linus Torvalds Date: Sun Jan 15 12:00:37 2017 -0800 Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull NOHZ fix from Ingo Molnar: "This fixes an old NOHZ race where we incorrectly calculate the next timer interrupt in certain circumstances where hrtimers are pending, that can cause hard to reproduce stalled-values artifacts in /proc/stat" * 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: nohz: Fix collision between tick and other hrtimers commit 79078c53baabee12dfefb0cfe00ca94cb2c35570 Merge: 255e614 18e7a45 Author: Linus Torvalds Date: Sun Jan 15 11:37:43 2017 -0800 Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull perf fixes from Ingo Molnar: "Misc race fixes uncovered by fuzzing efforts, a Sparse fix, two PMU driver fixes, plus miscellanous tooling fixes" * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: perf/x86: Reject non sampling events with precise_ip perf/x86/intel: Account interrupts for PEBS errors perf/core: Fix concurrent sys_perf_event_open() vs. 'move_group' race perf/core: Fix sys_perf_event_open() vs. hotplug perf/x86/intel: Use ULL constant to prevent undefined shift behaviour perf/x86/intel/uncore: Fix hardcoded socket 0 assumption in the Haswell init code perf/x86: Set pmu->module in Intel PMU modules perf probe: Fix to probe on gcc generated symbols for offline kernel perf probe: Fix --funcs to show correct symbols for offline module perf symbols: Robustify reading of build-id from sysfs perf tools: Install tools/lib/traceevent plugins with install-bin tools lib traceevent: Fix prev/next_prio for deadline tasks perf record: Fix --switch-output documentation and comment perf record: Make __record_options static tools lib subcmd: Add OPT_STRING_OPTARG_SET option perf probe: Fix to get correct modname from elf header samples/bpf trace_output_user: Remove duplicate sys/ioctl.h include samples/bpf sock_example: Avoid getting ethhdr from two includes perf sched timehist: Show total scheduling time commit 255e6140fa76ec9d0e24f201427e7e9a9573f681 Merge: f4d3935 0100a3e Author: Linus Torvalds Date: Sun Jan 15 10:54:39 2017 -0800 Merge branch 'efi-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull EFI fixes from Ingo Molnar: "A number of regression fixes: - Fix a boot hang on machines that have somewhat unusual memory map entries of phys_addr=0x0 num_pages=0, which broke due to a recent commit. This commit got cherry-picked from the v4.11 queue because the bug is affecting real machines. - Fix a boot hang also reported by KASAN, caused by incorrect init ordering introduced by a recent optimization. - Fix a recent robustification fix to allocate_new_fdt_and_exit_boot() that introduced an invalid assumption. Neither bugs were seen in the wild AFAIK" * 'efi-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: efi/x86: Prune invalid memory map entries and fix boot regression x86/efi: Don't allocate memmap through memblock after mm_init() efi/libstub/arm*: Pass latest memory map to the kernel commit 602d9858f07c72eab64f5f00e2fae55f9902cfbe Author: Nikita Yushchenko Date: Wed Jan 11 21:56:31 2017 +0300 swiotlb: ensure that page-sized mappings are page-aligned Some drivers do depend on page mappings to be page aligned. Swiotlb already enforces such alignment for mappings greater than page, extend that to page-sized mappings as well. Without this fix, nvme hits BUG() in nvme_setup_prps(), because that routine assumes page-aligned mappings. Signed-off-by: Nikita Yushchenko Reviewed-by: Christoph Hellwig Reviewed-by: Sagi Grimberg Signed-off-by: Konrad Rzeszutek Wilk lib/swiotlb.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 52d7e48b86fc108e45a656d8e53e4237993c481d Author: Paul E. McKenney Date: Tue Jan 10 02:28:26 2017 -0800 rcu: Narrow early boot window of illegal synchronous grace periods The current preemptible RCU implementation goes through three phases during bootup. In the first phase, there is only one CPU that is running with preemption disabled, so that a no-op is a synchronous grace period. In the second mid-boot phase, the scheduler is running, but RCU has not yet gotten its kthreads spawned (and, for expedited grace periods, workqueues are not yet running. During this time, any attempt to do a synchronous grace period will hang the system (or complain bitterly, depending). In the third and final phase, RCU is fully operational and everything works normally. This has been OK for some time, but there has recently been some synchronous grace periods showing up during the second mid-boot phase. This code worked "by accident" for awhile, but started failing as soon as expedited RCU grace periods switched over to workqueues in commit 8b355e3bc140 ("rcu: Drive expedited grace periods from workqueue"). Note that the code was buggy even before this commit, as it was subject to failure on real-time systems that forced all expedited grace periods to run as normal grace periods (for example, using the rcu_normal ksysfs parameter). The callchain from the failure case is as follows: early_amd_iommu_init() |-> acpi_put_table(ivrs_base); |-> acpi_tb_put_table(table_desc); |-> acpi_tb_invalidate_table(table_desc); |-> acpi_tb_release_table(...) |-> acpi_os_unmap_memory |-> acpi_os_unmap_iomem |-> acpi_os_map_cleanup |-> synchronize_rcu_expedited The kernel showing this callchain was built with CONFIG_PREEMPT_RCU=y, which caused the code to try using workqueues before they were initialized, which did not go well. This commit therefore reworks RCU to permit synchronous grace periods to proceed during this mid-boot phase. This commit is therefore a fix to a regression introduced in v4.9, and is therefore being put forward post-merge-window in v4.10. This commit sets a flag from the existing rcu_scheduler_starting() function which causes all synchronous grace periods to take the expedited path. The expedited path now checks this flag, using the requesting task to drive the expedited grace period forward during the mid-boot phase. Finally, this flag is updated by a core_initcall() function named rcu_exp_runtime_mode(), which causes the runtime codepaths to be used. Note that this arrangement assumes that tasks are not sent POSIX signals (or anything similar) from the time that the first task is spawned through core_initcall() time. Fixes: 8b355e3bc140 ("rcu: Drive expedited grace periods from workqueue") Reported-by: "Zheng, Lv" Reported-by: Borislav Petkov Signed-off-by: Paul E. McKenney Tested-by: Stan Kain Tested-by: Ivan Tested-by: Emanuel Castelo Tested-by: Bruno Pesavento Tested-by: Borislav Petkov Tested-by: Frederic Bezies Cc: # 4.9.0- include/linux/rcupdate.h | 4 ++++ kernel/rcu/rcu.h | 1 + kernel/rcu/tiny_plugin.h | 9 +++++++-- kernel/rcu/tree.c | 33 ++++++++++++++++++------------ kernel/rcu/tree_exp.h | 52 ++++++++++++++++++++++++++++++++++++++---------- kernel/rcu/tree_plugin.h | 2 +- kernel/rcu/update.c | 38 +++++++++++++++++++++++++++-------- 7 files changed, 104 insertions(+), 35 deletions(-) commit f466ae66fa6a599f9a53b5f9bafea4b8cfffa7fb Author: Paul E. McKenney Date: Mon Jan 9 23:23:15 2017 -0800 rcu: Remove cond_resched() from Tiny synchronize_sched() It is now legal to invoke synchronize_sched() at early boot, which causes Tiny RCU's synchronize_sched() to emit spurious splats. This commit therefore removes the cond_resched() from Tiny RCU's synchronize_sched(). Fixes: 8b355e3bc140 ("rcu: Drive expedited grace periods from workqueue") Signed-off-by: Paul E. McKenney Cc: # 4.9.0- kernel/rcu/tiny.c | 4 ---- 1 file changed, 4 deletions(-) commit f4d3935e4f4884ba80561db5549394afb8eef8f7 Merge: 34241af b9dc6f6 Author: Linus Torvalds Date: Sat Jan 14 17:13:28 2017 -0800 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs Pull vfs fixes from Al Viro. The most notable fix here is probably the fix for a splice regression ("fix a fencepost error in pipe_advance()") noticed by Alan Wylie. * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: fix a fencepost error in pipe_advance() coredump: Ensure proper size of sparse core files aio: fix lock dep warning tmpfs: clear S_ISGID when setting posix ACLs commit 34241af77b8696120a9735bb2579ec7044199a8b Merge: f0ad177 bef1331 Author: Linus Torvalds Date: Sat Jan 14 17:07:04 2017 -0800 Merge branch 'for-linus' of git://git.kernel.dk/linux-block Pull block fixes from Jens Axboe: - the virtio_blk stack DMA corruption fix from Christoph, fixing and issue with VMAP stacks. - O_DIRECT blkbits calculation fix from Chandan. - discard regression fix from Christoph. - queue init error handling fixes for nbd and virtio_blk, from Omar and Jeff. - two small nvme fixes, from Christoph and Guilherme. - rename of blk_queue_zone_size and bdev_zone_size to _sectors instead, to more closely follow what we do in other places in the block layer. This interface is new for this series, so let's get the naming right before releasing a kernel with this feature. From Damien. * 'for-linus' of git://git.kernel.dk/linux-block: block: don't try to discard from __blkdev_issue_zeroout sd: remove __data_len hack for WRITE SAME nvme: use blk_rq_payload_bytes scsi: use blk_rq_payload_bytes block: add blk_rq_payload_bytes block: Rename blk_queue_zone_size and bdev_zone_size nvme: apply DELAY_BEFORE_CHK_RDY quirk at probe time too nvme-rdma: fix nvme_rdma_queue_is_ready virtio_blk: fix panic in initialization error path nbd: blk_mq_init_queue returns an error code on failure, not NULL virtio_blk: avoid DMA to stack for the sense buffer do_direct_IO: Use inode->i_blkbits to compute block count to be cleaned commit b9dc6f65bc5e232d1c05fe34b5daadc7e8bbf1fb Author: Al Viro Date: Sat Jan 14 19:33:08 2017 -0500 fix a fencepost error in pipe_advance() The logics in pipe_advance() used to release all buffers past the new position failed in cases when the number of buffers to release was equal to pipe->buffers. If that happened, none of them had been released, leaving pipe full. Worse, it was trivial to trigger and we end up with pipe full of uninitialized pages. IOW, it's an infoleak. Cc: stable@vger.kernel.org # v4.9 Reported-by: "Alan J. Wylie" Tested-by: "Alan J. Wylie" Signed-off-by: Al Viro lib/iov_iter.c | 54 +++++++++++++++++++++++++++++++----------------------- 1 file changed, 31 insertions(+), 23 deletions(-) commit 4d22c75d4c7b5c5f4bd31054f09103ee490878fd Author: Dave Kleikamp Date: Wed Jan 11 13:25:00 2017 -0600 coredump: Ensure proper size of sparse core files If the last section of a core file ends with an unmapped or zero page, the size of the file does not correspond with the last dump_skip() call. gdb complains that the file is truncated and can be confusing to users. After all of the vma sections are written, make sure that the file size is no smaller than the current file position. This problem can be demonstrated with gdb's bigcore testcase on the sparc architecture. Signed-off-by: Dave Kleikamp Cc: Alexander Viro Cc: linux-fsdevel@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Al Viro fs/binfmt_elf.c | 1 + fs/coredump.c | 18 ++++++++++++++++++ include/linux/coredump.h | 1 + 3 files changed, 20 insertions(+) commit a12f1ae61c489076a9aeb90bddca7722bf330df3 Author: Shaohua Li Date: Tue Dec 13 12:09:56 2016 -0800 aio: fix lock dep warning lockdep reports a warnning. file_start_write/file_end_write only acquire/release the lock for regular files. So checking the files in aio side too. [ 453.532141] ------------[ cut here ]------------ [ 453.533011] WARNING: CPU: 1 PID: 1298 at ../kernel/locking/lockdep.c:3514 lock_release+0x434/0x670 [ 453.533011] DEBUG_LOCKS_WARN_ON(depth <= 0) [ 453.533011] Modules linked in: [ 453.533011] CPU: 1 PID: 1298 Comm: fio Not tainted 4.9.0+ #964 [ 453.533011] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.9.0-1.fc24 04/01/2014 [ 453.533011] ffff8803a24b7a70 ffffffff8196cffb ffff8803a24b7ae8 0000000000000000 [ 453.533011] ffff8803a24b7ab8 ffffffff81091ee1 ffff8803a5dba700 00000dba00000008 [ 453.533011] ffffed0074496f59 ffff8803a5dbaf54 ffff8803ae0f8488 fffffffffffffdef [ 453.533011] Call Trace: [ 453.533011] [] dump_stack+0x67/0x9c [ 453.533011] [] __warn+0x111/0x130 [ 453.533011] [] warn_slowpath_fmt+0x97/0xb0 [ 453.533011] [] ? __warn+0x130/0x130 [ 453.533011] [] ? blk_finish_plug+0x29/0x60 [ 453.533011] [] lock_release+0x434/0x670 [ 453.533011] [] ? import_single_range+0xd4/0x110 [ 453.533011] [] ? rw_verify_area+0x65/0x140 [ 453.533011] [] ? aio_write+0x1f6/0x280 [ 453.533011] [] aio_write+0x229/0x280 [ 453.533011] [] ? aio_complete+0x640/0x640 [ 453.533011] [] ? debug_check_no_locks_freed+0x1a0/0x1a0 [ 453.533011] [] ? debug_lockdep_rcu_enabled.part.2+0x1a/0x30 [ 453.533011] [] ? debug_lockdep_rcu_enabled+0x35/0x40 [ 453.533011] [] ? __might_fault+0x7e/0xf0 [ 453.533011] [] do_io_submit+0x94c/0xb10 [ 453.533011] [] ? do_io_submit+0x23e/0xb10 [ 453.533011] [] ? SyS_io_destroy+0x270/0x270 [ 453.533011] [] ? mark_held_locks+0x23/0xc0 [ 453.533011] [] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 453.533011] [] SyS_io_submit+0x10/0x20 [ 453.533011] [] entry_SYSCALL_64_fastpath+0x18/0xad [ 453.533011] [] ? trace_hardirqs_off_caller+0xc0/0x110 [ 453.533011] ---[ end trace b2fbe664d1cc0082 ]--- Cc: Dmitry Monakhov Cc: Jan Kara Cc: Christoph Hellwig Cc: Al Viro Reviewed-by: Christoph Hellwig Signed-off-by: Shaohua Li Signed-off-by: Al Viro fs/aio.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit 81ddd8c0c5e1cb41184d66567140cb48c53eb3d1 Author: Rabin Vincent Date: Fri Jan 13 15:00:16 2017 +0100 cifs: initialize file_info_lock Reviewed-by: Jeff Layton CC: Stable file_info_lock is not initalized in initiate_cifs_search(), leading to the following splat after a simple "mount.cifs ... dir && ls dir/": BUG: spinlock bad magic on CPU#0, ls/486 lock: 0xffff880009301110, .magic: 00000000, .owner: /-1, .owner_cpu: 0 CPU: 0 PID: 486 Comm: ls Not tainted 4.9.0 #27 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) ffffc900042f3db0 ffffffff81327533 0000000000000000 ffff880009301110 ffffc900042f3dd0 ffffffff810baf75 ffff880009301110 ffffffff817ae077 ffffc900042f3df0 ffffffff810baff6 ffff880009301110 ffff880008d69900 Call Trace: [] dump_stack+0x65/0x92 [] spin_dump+0x85/0xe0 [] spin_bug+0x26/0x30 [] do_raw_spin_lock+0xe9/0x130 [] _raw_spin_lock+0x1f/0x30 [] cifs_closedir+0x4d/0x100 [] __fput+0x5d/0x160 [] ____fput+0xe/0x10 [] task_work_run+0x7e/0xa0 [] exit_to_usermode_loop+0x92/0xa0 [] syscall_return_slowpath+0x49/0x50 [] entry_SYSCALL_64_fastpath+0xa7/0xa9 Fixes: 3afca265b5f53a0 ("Clarify locking of cifs file and tcon structures and make more granular") Signed-off-by: Rabin Vincent Signed-off-by: Steve French fs/cifs/readdir.c | 1 + 1 file changed, 1 insertion(+) commit f0ad17712b9f71c24e2b8b9725230ef57232377f Merge: e96f8f1 3139dc8 Author: Linus Torvalds Date: Sat Jan 14 11:09:24 2017 -0800 Merge tag 'dmaengine-fix-4.10-rc4' of git://git.infradead.org/users/vkoul/slave-dma Pull dmaengine fixes from Vinod Koul: "The fixes this time around are spread over drivers, pretty normal update: - PCI ID for SKL ioatdma, workaround for SKX and ioat_alloc_chan_resources sleepy allocation fix - dw kconfig typo fix - null pointer deref for stm32 - MAINTAINERS Update for at_hdmac - pl330 runtime pm fixes - omap-dma port window fix - rcar-dmac unmap slave resource fix" * tag 'dmaengine-fix-4.10-rc4' of git://git.infradead.org/users/vkoul/slave-dma: dmaengine: rcar-dmac: unmap slave resource when channel is freed dmaengine: omap-dma: Fix the port_window support dmaengine: iota: ioat_alloc_chan_resources should not perform sleeping allocations. dmaengine: pl330: Fix runtime PM support for terminated transfers MAINTAINERS: dmaengine: Update + Hand over the at_hdmac driver to Ludovic dmaengine: omap-dma: Fix dynamic lch_map allocation dmaengine: ti-dma-crossbar: Add some 'of_node_put()' in error path. dmaengine: stm32-dma: Fix null pointer dereference in stm32_dma_tx_status dmaengine: stm32-dma: Set correct args number for DMA request from DT dmaengine: dw: fix typo in Kconfig dmaengine: ioatdma: workaround SKX ioatdma version dmaengine: ioatdma: Add Skylake PCI Dev ID commit 0100a3e67a9cef64d72cd3a1da86f3ddbee50363 Author: Peter Jones Date: Mon Dec 12 18:42:28 2016 -0500 efi/x86: Prune invalid memory map entries and fix boot regression Some machines, such as the Lenovo ThinkPad W541 with firmware GNET80WW (2.28), include memory map entries with phys_addr=0x0 and num_pages=0. These machines fail to boot after the following commit, commit 8e80632fb23f ("efi/esrt: Use efi_mem_reserve() and avoid a kmalloc()") Fix this by removing such bogus entries from the memory map. Furthermore, currently the log output for this case (with efi=debug) looks like: [ 0.000000] efi: mem45: [Reserved | | | | | | | | | | | | ] range=[0x0000000000000000-0xffffffffffffffff] (0MB) This is clearly wrong, and also not as informative as it could be. This patch changes it so that if we find obviously invalid memory map entries, we print an error and skip those entries. It also detects the display of the address range calculation overflow, so the new output is: [ 0.000000] efi: [Firmware Bug]: Invalid EFI memory map entries: [ 0.000000] efi: mem45: [Reserved | | | | | | | | | | | | ] range=[0x0000000000000000-0x0000000000000000] (invalid) It also detects memory map sizes that would overflow the physical address, for example phys_addr=0xfffffffffffff000 and num_pages=0x0200000000000001, and prints: [ 0.000000] efi: [Firmware Bug]: Invalid EFI memory map entries: [ 0.000000] efi: mem45: [Reserved | | | | | | | | | | | | ] range=[phys_addr=0xfffffffffffff000-0x20ffffffffffffffff] (invalid) It then removes these entries from the memory map. Signed-off-by: Peter Jones Signed-off-by: Ard Biesheuvel [ardb: refactor for clarity with no functional changes, avoid PAGE_SHIFT] Signed-off-by: Matt Fleming [Matt: Include bugzilla info in commit log] Cc: # v4.9+ Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Link: https://bugzilla.kernel.org/show_bug.cgi?id=191121 Signed-off-by: Ingo Molnar arch/x86/platform/efi/efi.c | 66 +++++++++++++++++++++++++++++++++++++++++++++ include/linux/efi.h | 1 + 2 files changed, 67 insertions(+) commit c7334ce814f7e5d8fc1f9b3126cda0640c2f81b3 Author: Greg Kroah-Hartman Date: Sat Jan 14 14:09:03 2017 +0100 Revert "driver core: Add deferred_probe attribute to devices in sysfs" This reverts commit 6751667a29d6fd64afb9ce30567ad616b68ed789. Rob Herring objected to it, and a replacement for it will be added using debugfs in the future. Cc: Ben Hutchings Reported-by: Rob Herring Signed-off-by: Greg Kroah-Hartman Documentation/ABI/testing/sysfs-devices-deferred_probe | 12 ------------ drivers/base/base.h | 2 -- drivers/base/core.c | 7 ------- drivers/base/dd.c | 13 ------------- 4 files changed, 34 deletions(-) commit 18e7a45af91acdde99d3aa1372cc40e1f8142f7b Author: Jiri Olsa Date: Tue Jan 3 15:24:54 2017 +0100 perf/x86: Reject non sampling events with precise_ip As Peter suggested [1] rejecting non sampling PEBS events, because they dont make any sense and could cause bugs in the NMI handler [2]. [1] http://lkml.kernel.org/r/20170103094059.GC3093@worktop [2] http://lkml.kernel.org/r/1482931866-6018-3-git-send-email-jolsa@kernel.org Signed-off-by: Jiri Olsa Signed-off-by: Peter Zijlstra (Intel) Cc: Alexander Shishkin Cc: Arnaldo Carvalho de Melo Cc: Arnaldo Carvalho de Melo Cc: Jiri Olsa Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Stephane Eranian Cc: Thomas Gleixner Cc: Vince Weaver Cc: Vince Weaver Link: http://lkml.kernel.org/r/20170103142454.GA26251@krava Signed-off-by: Ingo Molnar arch/x86/events/core.c | 4 ++++ 1 file changed, 4 insertions(+) commit 475113d937adfd150eb82b5e2c5507125a68e7af Author: Jiri Olsa Date: Wed Dec 28 14:31:03 2016 +0100 perf/x86/intel: Account interrupts for PEBS errors It's possible to set up PEBS events to get only errors and not any data, like on SNB-X (model 45) and IVB-EP (model 62) via 2 perf commands running simultaneously: taskset -c 1 ./perf record -c 4 -e branches:pp -j any -C 10 This leads to a soft lock up, because the error path of the intel_pmu_drain_pebs_nhm() does not account event->hw.interrupt for error PEBS interrupts, so in case you're getting ONLY errors you don't have a way to stop the event when it's over the max_samples_per_tick limit: NMI watchdog: BUG: soft lockup - CPU#22 stuck for 22s! [perf_fuzzer:5816] ... RIP: 0010:[] [] smp_call_function_single+0xe2/0x140 ... Call Trace: ? trace_hardirqs_on_caller+0xf5/0x1b0 ? perf_cgroup_attach+0x70/0x70 perf_install_in_context+0x199/0x1b0 ? ctx_resched+0x90/0x90 SYSC_perf_event_open+0x641/0xf90 SyS_perf_event_open+0x9/0x10 do_syscall_64+0x6c/0x1f0 entry_SYSCALL64_slow_path+0x25/0x25 Add perf_event_account_interrupt() which does the interrupt and frequency checks and call it from intel_pmu_drain_pebs_nhm()'s error path. We keep the pending_kill and pending_wakeup logic only in the __perf_event_overflow() path, because they make sense only if there's any data to deliver. Signed-off-by: Jiri Olsa Signed-off-by: Peter Zijlstra (Intel) Cc: Alexander Shishkin Cc: Arnaldo Carvalho de Melo Cc: Arnaldo Carvalho de Melo Cc: Jiri Olsa Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Stephane Eranian Cc: Thomas Gleixner Cc: Vince Weaver Cc: Vince Weaver Link: http://lkml.kernel.org/r/1482931866-6018-2-git-send-email-jolsa@kernel.org Signed-off-by: Ingo Molnar arch/x86/events/intel/ds.c | 6 +++++- include/linux/perf_event.h | 1 + kernel/events/core.c | 47 ++++++++++++++++++++++++++++++---------------- 3 files changed, 37 insertions(+), 17 deletions(-) commit 321027c1fe77f892f4ea07846aeae08cefbbb290 Author: Peter Zijlstra Date: Wed Jan 11 21:09:50 2017 +0100 perf/core: Fix concurrent sys_perf_event_open() vs. 'move_group' race Di Shen reported a race between two concurrent sys_perf_event_open() calls where both try and move the same pre-existing software group into a hardware context. The problem is exactly that described in commit: f63a8daa5812 ("perf: Fix event->ctx locking") ... where, while we wait for a ctx->mutex acquisition, the event->ctx relation can have changed under us. That very same commit failed to recognise sys_perf_event_context() as an external access vector to the events and thereby didn't apply the established locking rules correctly. So while one sys_perf_event_open() call is stuck waiting on mutex_lock_double(), the other (which owns said locks) moves the group about. So by the time the former sys_perf_event_open() acquires the locks, the context we've acquired is stale (and possibly dead). Apply the established locking rules as per perf_event_ctx_lock_nested() to the mutex_lock_double() for the 'move_group' case. This obviously means we need to validate state after we acquire the locks. Reported-by: Di Shen (Keen Lab) Tested-by: John Dias Signed-off-by: Peter Zijlstra (Intel) Cc: Alexander Shishkin Cc: Arnaldo Carvalho de Melo Cc: Arnaldo Carvalho de Melo Cc: Jiri Olsa Cc: Kees Cook Cc: Linus Torvalds Cc: Min Chong Cc: Peter Zijlstra Cc: Stephane Eranian Cc: Thomas Gleixner Cc: Vince Weaver Fixes: f63a8daa5812 ("perf: Fix event->ctx locking") Link: http://lkml.kernel.org/r/20170106131444.GZ3174@twins.programming.kicks-ass.net Signed-off-by: Ingo Molnar kernel/events/core.c | 58 ++++++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 54 insertions(+), 4 deletions(-) commit 63cae12bce9861cec309798d34701cf3da20bc71 Author: Peter Zijlstra Date: Fri Dec 9 14:59:00 2016 +0100 perf/core: Fix sys_perf_event_open() vs. hotplug There is problem with installing an event in a task that is 'stuck' on an offline CPU. Blocked tasks are not dis-assosciated from offlined CPUs, after all, a blocked task doesn't run and doesn't require a CPU etc.. Only on wakeup do we ammend the situation and place the task on a available CPU. If we hit such a task with perf_install_in_context() we'll loop until either that task wakes up or the CPU comes back online, if the task waking depends on the event being installed, we're stuck. While looking into this issue, I also spotted another problem, if we hit a task with perf_install_in_context() that is in the middle of being migrated, that is we observe the old CPU before sending the IPI, but run the IPI (on the old CPU) while the task is already running on the new CPU, things also go sideways. Rework things to rely on task_curr() -- outside of rq->lock -- which is rather tricky. Imagine the following scenario where we're trying to install the first event into our task 't': CPU0 CPU1 CPU2 (current == t) t->perf_event_ctxp[] = ctx; smp_mb(); cpu = task_cpu(t); switch(t, n); migrate(t, 2); switch(p, t); ctx = t->perf_event_ctxp[]; // must not be NULL smp_function_call(cpu, ..); generic_exec_single() func(); spin_lock(ctx->lock); if (task_curr(t)) // false add_event_to_ctx(); spin_unlock(ctx->lock); perf_event_context_sched_in(); spin_lock(ctx->lock); // sees event So its CPU0's store of t->perf_event_ctxp[] that must not go 'missing'. Because if CPU2's load of that variable were to observe NULL, it would not try to schedule the ctx and we'd have a task running without its counter, which would be 'bad'. As long as we observe !NULL, we'll acquire ctx->lock. If we acquire it first and not see the event yet, then CPU0 must observe task_curr() and retry. If the install happens first, then we must see the event on sched-in and all is well. I think we can translate the first part (until the 'must not be NULL') of the scenario to a litmus test like: C C-peterz { } P0(int *x, int *y) { int r1; WRITE_ONCE(*x, 1); smp_mb(); r1 = READ_ONCE(*y); } P1(int *y, int *z) { WRITE_ONCE(*y, 1); smp_store_release(z, 1); } P2(int *x, int *z) { int r1; int r2; r1 = smp_load_acquire(z); smp_mb(); r2 = READ_ONCE(*x); } exists (0:r1=0 /\ 2:r1=1 /\ 2:r2=0) Where: x is perf_event_ctxp[], y is our tasks's CPU, and z is our task being placed on the rq of CPU2. The P0 smp_mb() is the one added by this patch, ordering the store to perf_event_ctxp[] from find_get_context() and the load of task_cpu() in task_function_call(). The smp_store_release/smp_load_acquire model the RCpc locking of the rq->lock and the smp_mb() of P2 is the context switch switching from whatever CPU2 was running to our task 't'. This litmus test evaluates into: Test C-peterz Allowed States 7 0:r1=0; 2:r1=0; 2:r2=0; 0:r1=0; 2:r1=0; 2:r2=1; 0:r1=0; 2:r1=1; 2:r2=1; 0:r1=1; 2:r1=0; 2:r2=0; 0:r1=1; 2:r1=0; 2:r2=1; 0:r1=1; 2:r1=1; 2:r2=0; 0:r1=1; 2:r1=1; 2:r2=1; No Witnesses Positive: 0 Negative: 7 Condition exists (0:r1=0 /\ 2:r1=1 /\ 2:r2=0) Observation C-peterz Never 0 7 Hash=e427f41d9146b2a5445101d3e2fcaa34 And the strong and weak model agree. Reported-by: Mark Rutland Tested-by: Mark Rutland Signed-off-by: Peter Zijlstra (Intel) Cc: Alexander Shishkin Cc: Arnaldo Carvalho de Melo Cc: Arnaldo Carvalho de Melo Cc: Jiri Olsa Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Sebastian Andrzej Siewior Cc: Stephane Eranian Cc: Thomas Gleixner Cc: Vince Weaver Cc: Will Deacon Cc: jeremy.linton@arm.com Link: http://lkml.kernel.org/r/20161209135900.GU3174@twins.programming.kicks-ass.net Signed-off-by: Ingo Molnar kernel/events/core.c | 70 +++++++++++++++++++++++++++++++++++----------------- 1 file changed, 48 insertions(+), 22 deletions(-) commit 453828625731d0ba7218242ef6ec88f59408f368 Author: Tobias Klauser Date: Thu Jan 12 16:53:11 2017 +0100 x86/mpx: Use compatible types in comparison to fix sparse error info->si_addr is of type void __user *, so it should be compared against something from the same address space. This fixes the following sparse error: arch/x86/mm/mpx.c:296:27: error: incompatible types in comparison expression (different address spaces) Signed-off-by: Tobias Klauser Cc: Dave Hansen Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar arch/x86/mm/mpx.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 695085b4bc7603551db0b3da897b8bf9893ca218 Author: Len Brown Date: Fri Jan 13 01:11:18 2017 -0500 x86/tsc: Add the Intel Denverton Processor to native_calibrate_tsc() The Intel Denverton microserver uses a 25 MHz TSC crystal, so we can derive its exact [*] TSC frequency using CPUID and some arithmetic, eg.: TSC: 1800 MHz (25000000 Hz * 216 / 3 / 1000000) [*] 'exact' is only as good as the crystal, which should be +/- 20ppm Signed-off-by: Len Brown Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/306899f94804aece6d8fa8b4223ede3b48dbb59c.1484287748.git.len.brown@intel.com Signed-off-by: Ingo Molnar arch/x86/kernel/tsc.c | 1 + 1 file changed, 1 insertion(+) commit e96f8f18c81b2f5b290206fc0da74b551e82646d Merge: 04e3962 0bf70aeb Author: Linus Torvalds Date: Fri Jan 13 17:40:22 2017 -0800 Merge branch 'for-linus-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs Pull btrfs fixes from Chris Mason: "These are all over the place. The tracepoint part of the pull fixes a crash and adds a little more information to two tracepoints, while the rest are good old fashioned fixes" * 'for-linus-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs: btrfs: make tracepoint format strings more compact Btrfs: add truncated_len for ordered extent tracepoints Btrfs: add 'inode' for extent map tracepoint btrfs: fix crash when tracepoint arguments are freed by wq callbacks Btrfs: adjust outstanding_extents counter properly when dio write is split Btrfs: fix lockdep warning about log_mutex Btrfs: use down_read_nested to make lockdep silent btrfs: fix locking when we put back a delayed ref that's too new btrfs: fix error handling when run_delayed_extent_op fails btrfs: return the actual error value from from btrfs_uuid_tree_iterate commit 04e396277b5f171f8676defc5b720084f1cc0948 Merge: af54efa 84fcc2d Author: Linus Torvalds Date: Fri Jan 13 17:38:05 2017 -0800 Merge tag 'ceph-for-4.10-rc4' of git://github.com/ceph/ceph-client Pull ceph fixes from Ilya Dryomov: "Two small fixups for the filesystem changes that went into this merge window" * tag 'ceph-for-4.10-rc4' of git://github.com/ceph/ceph-client: ceph: fix get_oldest_context() ceph: fix mds cluster availability check commit af54efa4f5275b0594da50c68bfa8159a8cda0f5 Merge: 406732c 94a6fa8 Author: Linus Torvalds Date: Fri Jan 13 17:35:43 2017 -0800 Merge tag 'vfio-v4.10-rc4' of git://github.com/awilliam/linux-vfio Pull VFIO fixes from Alex Williamson: - Cleanups and bug fixes for the mtty sample driver (Dan Carpenter) - Export and make use of has_capability() to fix incorrect use of ns_capable() for testing task capabilities (Jike Song) * tag 'vfio-v4.10-rc4' of git://github.com/awilliam/linux-vfio: vfio/type1: Remove pid_namespace.h include vfio iommu type1: fix the testing of capability for remote task capability: export has_capability vfio-mdev: remove some dead code vfio-mdev: buffer overflow in ioctl() vfio-mdev: return -EFAULT if copy_to_user() fails commit 406732c932d47715395345ba036a3d58341cad55 Merge: a65c925 33ab911 Author: Linus Torvalds Date: Fri Jan 13 17:06:24 2017 -0800 Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm Pull KVM fixes from Paolo Bonzini: - fix for module unload vs deferred jump labels (note: there might be other buggy modules!) - two NULL pointer dereferences from syzkaller - also syzkaller: fix emulation of fxsave/fxrstor/sgdt/sidt, problem made worse during this merge window, "just" kernel memory leak on releases - fix emulation of "mov ss" - somewhat serious on AMD, less so on Intel * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: KVM: x86: fix emulation of "MOV SS, null selector" KVM: x86: fix NULL deref in vcpu_scan_ioapic KVM: eventfd: fix NULL deref irqbypass consumer KVM: x86: Introduce segmented_write_std KVM: x86: flush pending lapic jump label updates on module unload jump_labels: API for flushing deferred jump label updates commit a65c92597dc7556eaa219a70336d66c058a9627c Merge: c79d47f 41c066f Author: Linus Torvalds Date: Fri Jan 13 17:00:42 2017 -0800 Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux Pull arm64 fixes from Catalin Marinas: - Fix huge_ptep_set_access_flags() to return "changed" when any of the ptes in the contiguous range is changed, not just the last one - Fix the adr_l assembly macro to work in modules under KASLR * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux: arm64: assembler: make adr_l work in modules under KASLR arm64: hugetlb: fix the wrong return value for huge_ptep_set_access_flags commit bef13315e990fd3d3fb4c39013aefd53f06c3657 Author: Christoph Hellwig Date: Fri Jan 13 15:18:16 2017 -0700 block: don't try to discard from __blkdev_issue_zeroout Discard can return -EIO asynchronously if the alignment for the request isn't suitable for the driver, which makes a proper fallback to other methods in __blkdev_issue_zeroout impossible. Thus only issue a sync discard from blkdev_issue_zeroout an don't try discard at all from __blkdev_issue_zeroout as a non-invasive workaround. One more reason why abusing discard for zeroing must die.. Signed-off-by: Christoph Hellwig Reported-by: Eryu Guan Fixes: e73c23ff ("block: add async variant of blkdev_issue_zeroout") Signed-off-by: Jens Axboe block/blk-lib.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) commit f80de881d8df967488b7343381619efa15019493 Author: Christoph Hellwig Date: Fri Jan 13 12:29:13 2017 +0100 sd: remove __data_len hack for WRITE SAME Now that we have the blk_rq_payload_bytes helper available to determine the actual I/O size we don't need to mess around with __data_len for WRITE SAME. Signed-off-by: Christoph Hellwig Reviewed-by: Hannes Reinecke Reviewed-by: Sagi Grimberg Signed-off-by: Jens Axboe drivers/scsi/sd.c | 17 +---------------- 1 file changed, 1 insertion(+), 16 deletions(-) commit b131c61d62266eb21b0f125f63f3d07e5670d726 Author: Christoph Hellwig Date: Fri Jan 13 12:29:12 2017 +0100 nvme: use blk_rq_payload_bytes The new blk_rq_payload_bytes generalizes the payload length hacks that nvme_map_len did before. Signed-off-by: Christoph Hellwig Reviewed-by: Hannes Reinecke Reviewed-by: Sagi Grimberg Signed-off-by: Jens Axboe drivers/nvme/host/fc.c | 5 ++--- drivers/nvme/host/nvme.h | 8 -------- drivers/nvme/host/pci.c | 19 ++++++++----------- drivers/nvme/host/rdma.c | 13 +++++-------- 4 files changed, 15 insertions(+), 30 deletions(-) commit fd102b125e174edbea34e6e7a2d371bc7901c53d Author: Christoph Hellwig Date: Fri Jan 13 12:29:11 2017 +0100 scsi: use blk_rq_payload_bytes Without that we'll pass a wrong payload size in cmd->sdb, which can lead to hangs with drivers that need the total transfer size. Signed-off-by: Christoph Hellwig Reported-by: Chris Valean Reported-by: Dexuan Cui Fixes: f9d03f96 ("block: improve handling of the magic discard payload") Reviewed-by: Hannes Reinecke Reviewed-by: Sagi Grimberg Signed-off-by: Jens Axboe drivers/scsi/scsi_lib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 2e3258ecfaebace1ceffaa14e0ea94775d54f46f Author: Christoph Hellwig Date: Fri Jan 13 12:29:10 2017 +0100 block: add blk_rq_payload_bytes Add a helper to calculate the actual data transfer size for special payload requests. Signed-off-by: Christoph Hellwig Reviewed-by: Hannes Reinecke Signed-off-by: Jens Axboe include/linux/blkdev.h | 13 +++++++++++++ 1 file changed, 13 insertions(+) commit c79d47f14fbadce94af3b606a54984a3f25ea558 Merge: 6d90b4f a47fff1 Author: Linus Torvalds Date: Fri Jan 13 12:38:36 2017 -0800 Merge tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi Pull SCSI fixes from James Bottomley: "The major fix is the bfa firmware, since the latest 10Gb cards fail probing with the current firmware. The rest is a set of minor fixes: one missed Kconfig dependency causing randconfig failures, a missed error return on an error leg, a change for how multiqueue waits on a blocked device and a don't reset while in reset fix" * tag 'scsi-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: scsi: bfa: Increase requested firmware version to 3.2.5.1 scsi: snic: Return error code on memory allocation failure scsi: fnic: Avoid sending reset to firmware when another reset is in progress scsi: qedi: fix build, depends on UIO scsi: scsi-mq: Wait for .queue_rq() if necessary commit 6d90b4f99d62e6cf7643c7d8b48a9d7c005455bd Merge: 557ed56 1c3415a Author: Linus Torvalds Date: Fri Jan 13 11:49:34 2017 -0800 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input Pull input updates from Dmitry Torokhov: "Small driver fixups" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input: Input: elants_i2c - avoid divide by 0 errors on bad touchscreen data Input: adxl34x - make it enumerable in ACPI environment Input: ALPS - fix TrackStick Y axis handling for SS5 hardware Input: synaptics-rmi4 - fix F03 build error when serio is module Input: xpad - use correct product id for x360w controllers Input: synaptics_i2c - change msleep to usleep_range for small msecs Input: i8042 - add Pegatron touchpad to noloop table Input: joydev - remove unused linux/miscdevice.h include commit c6180a6237174f481dc856ed6e890d8196b6f0fb Author: Trond Myklebust Date: Fri Jan 13 13:31:32 2017 -0500 NFSv4: Fix client recovery when server reboots multiple times If the server reboots multiple times, the client should rely on the server to tell it that it cannot reclaim state as per section 9.6.3.4 in RFC7530 and section 8.4.2.1 in RFC5661. Currently, the client is being to conservative, and is assuming that if the server reboots while state recovery is in progress, then it must ignore state that was not recovered before the reboot. Signed-off-by: Trond Myklebust fs/nfs/nfs4state.c | 1 - 1 file changed, 1 deletion(-) commit da72ff5bfcb02c6ac8b169a7cf597a3c8e6c4de1 Author: Stefano Stabellini Date: Fri Jan 13 10:07:23 2017 -0800 partially revert "xen: Remove event channel notification through Xen PCI platform device" Commit 72a9b186292d ("xen: Remove event channel notification through Xen PCI platform device") broke Linux when booting as Dom0 on Xen in a nested Xen environment (Xen installed inside a Xen VM). In this scenario, Linux is a PV guest, but at the same time it uses the platform-pci driver to receive notifications from L0 Xen. vector callbacks are not available because L1 Xen doesn't allow them. Partially revert the offending commit, by restoring IRQ based notifications for PV guests only. I restored only the code which is strictly needed and replaced the xen_have_vector_callback checks within it with xen_pv_domain() checks. Signed-off-by: Stefano Stabellini Reviewed-by: Boris Ostrovsky drivers/xen/platform-pci.c | 71 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 71 insertions(+) commit 1f19b983a8877f81763fab3e693c6befe212736d Author: Dan Williams Date: Mon Jan 9 17:30:49 2017 -0800 libnvdimm, namespace: fix pmem namespace leak, delete when size set to zero Commit 98a29c39dc68 ("libnvdimm, namespace: allow creation of multiple pmem-namespaces per region") added support for establishing additional pmem namespace beyond the seed device, similar to blk namespaces. However, it neglected to delete the namespace when the size is set to zero. Fixes: 98a29c39dc68 ("libnvdimm, namespace: allow creation of multiple pmem-namespaces per region") Cc: Signed-off-by: Dan Williams drivers/nvdimm/namespace_devs.c | 23 ++++++++++------------- 1 file changed, 10 insertions(+), 13 deletions(-) commit 003c941057eaa868ca6fedd29a274c863167230d Author: Shannon Nelson Date: Thu Jan 12 14:24:58 2017 -0800 tcp: fix tcp_fastopen unaligned access complaints on sparc Fix up a data alignment issue on sparc by swapping the order of the cookie byte array field with the length field in struct tcp_fastopen_cookie, and making it a proper union to clean up the typecasting. This addresses log complaints like these: log_unaligned: 113 callbacks suppressed Kernel unaligned access at TPC[976490] tcp_try_fastopen+0x2d0/0x360 Kernel unaligned access at TPC[9764ac] tcp_try_fastopen+0x2ec/0x360 Kernel unaligned access at TPC[9764c8] tcp_try_fastopen+0x308/0x360 Kernel unaligned access at TPC[9764e4] tcp_try_fastopen+0x324/0x360 Kernel unaligned access at TPC[976490] tcp_try_fastopen+0x2d0/0x360 Cc: Eric Dumazet Signed-off-by: Shannon Nelson Acked-by: Eric Dumazet Signed-off-by: David S. Miller include/linux/tcp.h | 7 ++++++- net/ipv4/tcp_fastopen.c | 2 +- 2 files changed, 7 insertions(+), 2 deletions(-) commit fa79581ea66ca43d56ef065346ac5be767fcb418 Author: David Lebrun Date: Thu Jan 12 21:30:01 2017 +0100 ipv6: sr: fix several BUGs when preemption is enabled When CONFIG_PREEMPT=y, CONFIG_IPV6=m and CONFIG_SEG6_HMAC=y, seg6_hmac_init() is called during the initialization of the ipv6 module. This causes a subsequent call to smp_processor_id() with preemption enabled, resulting in the following trace. [ 20.451460] BUG: using smp_processor_id() in preemptible [00000000] code: systemd/1 [ 20.452556] caller is debug_smp_processor_id+0x17/0x19 [ 20.453304] CPU: 0 PID: 1 Comm: systemd Not tainted 4.9.0-rc5-00973-g46738b1 #1 [ 20.454406] ffffc9000062fc18 ffffffff813607b2 0000000000000000 ffffffff81a7f782 [ 20.455528] ffffc9000062fc48 ffffffff813778dc 0000000000000000 00000000001dcf98 [ 20.456539] ffffffffa003bd08 ffffffff81af93e0 ffffc9000062fc58 ffffffff81377905 [ 20.456539] Call Trace: [ 20.456539] [] dump_stack+0x63/0x7f [ 20.456539] [] check_preemption_disabled+0xd1/0xe3 [ 20.456539] [] debug_smp_processor_id+0x17/0x19 [ 20.460260] [] seg6_hmac_init+0xfa/0x192 [ipv6] [ 20.460260] [] seg6_init+0x39/0x6f [ipv6] [ 20.460260] [] inet6_init+0x21a/0x321 [ipv6] [ 20.460260] [] ? 0xffffffffa0061000 [ 20.460260] [] do_one_initcall+0x8b/0x115 [ 20.460260] [] do_init_module+0x53/0x1c4 [ 20.460260] [] load_module+0x1153/0x14ec [ 20.460260] [] SYSC_finit_module+0x8c/0xb9 [ 20.460260] [] ? SYSC_finit_module+0x8c/0xb9 [ 20.460260] [] SyS_finit_module+0x9/0xb [ 20.460260] [] do_syscall_64+0x62/0x75 [ 20.460260] [] entry_SYSCALL64_slow_path+0x25/0x25 Moreover, dst_cache_* functions also call smp_processor_id(), generating a similar trace. This patch uses raw_cpu_ptr() in seg6_hmac_init() rather than this_cpu_ptr() and disable preemption when using dst_cache_* functions. Signed-off-by: David Lebrun Signed-off-by: David S. Miller net/ipv6/seg6_hmac.c | 2 +- net/ipv6/seg6_iptunnel.c | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) commit 148d3d021cf9724fcf189ce4e525a094bbf5ce89 Author: Florian Fainelli Date: Thu Jan 12 12:09:09 2017 -0800 net: systemport: Decouple flow control from __bcm_sysport_tx_reclaim The __bcm_sysport_tx_reclaim() function is used to reclaim transmit resources in different places within the driver. Most of them should not affect the state of the transit flow control. Introduce bcm_sysport_tx_clean() which cleans the ring, but does not re-enable flow control towards the networking stack, and make bcm_sysport_tx_reclaim() do the actual transmit queue flow control. Fixes: 80105befdb4b ("net: systemport: add Broadcom SYSTEMPORT Ethernet MAC driver") Signed-off-by: Florian Fainelli Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/bcmsysport.c | 25 ++++++++++++++++++------- 1 file changed, 18 insertions(+), 7 deletions(-) commit 87cb12910a2ab6ed41ae951ea4d9c1cc1120199a Author: Jean-Jacques Hiblot Date: Mon Jan 9 13:22:15 2017 +0100 ARM: dts: OMAP5 / DRA7: indicate that SATA port 0 is available. AHCI provides the register PORTS_IMPL to let the software know which port is supported. The register must be initialized by the bootloader. However in some cases u-boot doesn't properly initialize this value (if it is not compiled with SATA support for example or if the SATA initialization fails). The DTS entry "ports-implemented" can be used to override the value in PORTS_IMPL. Without this patch the SATA will not work in the following two cases: * if there has been a failure to initialize SATA in u-boot. * if ahci_platform module has been removed and re-inserted. The reason is that the content of PORTS_IMPL is lost after the module is removed. I suspect that it's because the controller is reset by the hwmod. Cc: # v4.6+ Signed-off-by: Jean-Jacques Hiblot Acked-by: Roger Quadros [tony@atomide.com: updated comments with what goes wrong] Signed-off-by: Tony Lindgren arch/arm/boot/dts/dra7.dtsi | 1 + arch/arm/boot/dts/omap5.dtsi | 1 + 2 files changed, 2 insertions(+) commit 69bcc0b7140c30de552aa3ef08322295862e8e2f Author: Michel Dänzer Date: Wed Jan 11 18:27:25 2017 +0900 Revert "drm/amdgpu: Only update the CUR_SIZE register when necessary" This reverts commits 7c83d7abc9997cf1efac2c0ce384b5e8453ee870 and a1f49cc179ce6b7b7758ae3ff5cdb138d0ee0f56. They caused the HW cursor to disappear under various circumstances in the wild. I wasn't able to reproduce any of them, and I'm not sure what's going on. But those changes aren't a big deal anyway, so let's just revert for now. Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=191291 Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=99143 Acked-by: Alex Deucher Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/dce_v10_0.c | 22 +++++++--------------- drivers/gpu/drm/amd/amdgpu/dce_v11_0.c | 22 +++++++--------------- drivers/gpu/drm/amd/amdgpu/dce_v6_0.c | 24 +++++++++--------------- drivers/gpu/drm/amd/amdgpu/dce_v8_0.c | 22 +++++++--------------- 4 files changed, 30 insertions(+), 60 deletions(-) commit ed79c9d34f4f4c5842b66cab840315e7ac29f666 Author: Nicolas Dichtel Date: Fri Jan 13 11:46:39 2017 +0100 ARM: put types.h in uapi Due to the way kbuild works, this header was unintentionally exported back in 2013 when it was created, despite it not being in a uapi/ directory. This is very non-intuitive behaviour by Kbuild. However, we've had this include exported to userland for almost four years, and searching google for "ARM types.h __UINTPTR_TYPE__" gives no hint that anyone has complained about it. So, let's make it officially exported in this state. Signed-off-by: Nicolas Dichtel Signed-off-by: Russell King arch/arm/include/asm/types.h | 40 --------------------------------------- arch/arm/include/uapi/asm/types.h | 40 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 40 insertions(+), 40 deletions(-) commit 210675270caa33253e4c33f3c5e657e7d6060812 Author: David Sheets Date: Fri Jan 13 15:58:30 2017 +0000 fuse: fix time_to_jiffies nsec sanity check Commit bcb6f6d2b9c2 ("fuse: use timespec64") introduced clamped nsec values in time_to_jiffies but used the max of nsec and NSEC_PER_SEC - 1 instead of the min. Because of this, dentries would stay in the cache longer than requested and go stale in scenarios that relied on their timely eviction. Fixes: bcb6f6d2b9c2 ("fuse: use timespec64") Signed-off-by: David Sheets Signed-off-by: Miklos Szeredi Cc: # 4.9 fs/fuse/dir.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 94a6fa899d2cb5ee76933406df32996576a562e4 Author: Alex Williamson Date: Thu Jan 12 08:24:16 2017 -0700 vfio/type1: Remove pid_namespace.h include Using has_capability() rather than ns_capable(), we're no longer using this header. Cc: Jike Song Cc: Kirti Wankhede Signed-off-by: Alex Williamson drivers/vfio/vfio_iommu_type1.c | 1 - 1 file changed, 1 deletion(-) commit de85d2b35ac74f6be769573d4a8708c823219900 Author: Rob Clark Date: Thu Jan 12 17:41:44 2017 -0500 drm/msm: fix potential null ptr issue in non-iommu case Fixes: 9cb07b099fb ("drm/msm: support multiple address spaces") Reported-by: Riku Voipio Signed-off-by: Rob Clark drivers/gpu/drm/msm/adreno/adreno_gpu.c | 5 ++--- drivers/gpu/drm/msm/msm_gem.c | 2 ++ 2 files changed, 4 insertions(+), 3 deletions(-) commit c57a94ffd0105d58ab104fe383148c5eda5aa033 Author: Rob Clark Date: Wed Jan 11 10:16:12 2017 -0500 drm/msm/mdp5: rip out plane->pending tracking It would race between userspace thread and commit worker. Ie. vblank irq would trigger event and userspace could begin the next atomic update, before the commit worker had a chance to clear the pending flag. If we do end up needing something to prevent userspace from trying another pageflip before getting vblank event, it should probably be implemented as a pending_planes bitmask, similar to pending_crtcs. See start_atomic() and end_atomic(). Signed-off-by: Rob Clark drivers/gpu/drm/msm/mdp/mdp5/mdp5_kms.c | 6 ------ drivers/gpu/drm/msm/mdp/mdp5/mdp5_kms.h | 4 ---- drivers/gpu/drm/msm/mdp/mdp5/mdp5_plane.c | 22 ---------------------- 3 files changed, 32 deletions(-) commit 2f5a31456ee80b37ef1170319fa134af0a1dfcc4 Merge: a47fff1 cd60be4 Author: James Bottomley Date: Fri Jan 13 07:02:51 2017 -0800 Merge remote-tracking branch 'mkp-scsi/4.10/scsi-fixes' into fixes commit dbef53621116474bb883f76f0ba6b7640bc42332 Author: Michal Kazior Date: Fri Jan 13 13:32:51 2017 +0100 mac80211: prevent skb/txq mismatch Station structure is considered as not uploaded (to driver) until drv_sta_state() finishes. This call is however done after the structure is attached to mac80211 internal lists and hashes. This means mac80211 can lookup (and use) station structure before it is uploaded to a driver. If this happens (structure exists, but sta->uploaded is false) fast_tx path can still be taken. Deep in the fastpath call the sta->uploaded is checked against to derive "pubsta" argument for ieee80211_get_txq(). If sta->uploaded is false (and sta is actually non-NULL) ieee80211_get_txq() effectively downgraded to vif->txq. At first glance this may look innocent but coerces mac80211 into a state that is almost guaranteed (codel may drop offending skb) to crash because a station-oriented skb gets queued up on vif-oriented txq. The ieee80211_tx_dequeue() ends up looking at info->control.flags and tries to use txq->sta which in the fail case is NULL. It's probably pointless to pretend one can downgrade skb from sta-txq to vif-txq. Since downgrading unicast traffic to vif->txq must not be done there's no txq to put a frame on if sta->uploaded is false. Therefore the code is made to fall back to regular tx() op path if the described condition is hit. Only drivers using wake_tx_queue were affected. Example crash dump before fix: Unable to handle kernel paging request at virtual address ffffe26c PC is at ieee80211_tx_dequeue+0x204/0x690 [mac80211] [] (ieee80211_tx_dequeue [mac80211]) from [] (ath10k_mac_tx_push_txq+0x54/0x1c0 [ath10k_core]) [] (ath10k_mac_tx_push_txq [ath10k_core]) from [] (ath10k_htt_txrx_compl_task+0xd78/0x11d0 [ath10k_core]) [] (ath10k_htt_txrx_compl_task [ath10k_core]) [] (ath10k_pci_napi_poll+0x54/0xe8 [ath10k_pci]) [] (ath10k_pci_napi_poll [ath10k_pci]) from [] (net_rx_action+0xac/0x160) Reported-by: Mohammed Shafi Shajakhan Signed-off-by: Michal Kazior Signed-off-by: Johannes Berg net/mac80211/tx.c | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) commit 1193e6aeecb36c74c48c7cd0f641acbbed9ddeef Author: Marc Zyngier Date: Thu Jan 12 09:21:56 2017 +0000 KVM: arm/arm64: vgic: Fix deadlock on error handling Dmitry Vyukov reported that the syzkaller fuzzer triggered a deadlock in the vgic setup code when an error was detected, as the cleanup code tries to take a lock that is already held by the setup code. The fix is to avoid retaking the lock when cleaning up, by telling the cleanup function that we already hold it. Cc: stable@vger.kernel.org Reported-by: Dmitry Vyukov Reviewed-by: Christoffer Dall Reviewed-by: Eric Auger Signed-off-by: Marc Zyngier virt/kvm/arm/vgic/vgic-init.c | 18 +++++++++++++----- virt/kvm/arm/vgic/vgic-v2.c | 2 -- virt/kvm/arm/vgic/vgic-v3.c | 2 -- 3 files changed, 13 insertions(+), 9 deletions(-) commit 488f94d7212b00a2ec72fb886b155f1b04c5aa98 Author: Jintack Lim Date: Thu Dec 1 14:32:05 2016 -0500 KVM: arm64: Access CNTHCTL_EL2 bit fields correctly on VHE systems Current KVM world switch code is unintentionally setting wrong bits to CNTHCTL_EL2 when E2H == 1, which may allow guest OS to access physical timer. Bit positions of CNTHCTL_EL2 are changing depending on HCR_EL2.E2H bit. EL1PCEN and EL1PCTEN are 1st and 0th bits when E2H is not set, but they are 11th and 10th bits respectively when E2H is set. In fact, on VHE we only need to set those bits once, not for every world switch. This is because the host kernel runs in EL2 with HCR_EL2.TGE == 1, which makes those bits have no effect for the host kernel execution. So we just set those bits once for guests, and that's it. Signed-off-by: Jintack Lim Reviewed-by: Marc Zyngier Signed-off-by: Marc Zyngier arch/arm/include/asm/virt.h | 5 +++++ arch/arm/kvm/arm.c | 3 +++ arch/arm64/include/asm/virt.h | 9 +++++++++ include/kvm/arm_arch_timer.h | 1 + virt/kvm/arm/arch_timer.c | 23 +++++++++++++++++++++++ virt/kvm/arm/hyp/timer-sr.c | 33 +++++++++++++++++++++------------ 6 files changed, 62 insertions(+), 12 deletions(-) commit 63e41226afc3f7a044b70325566fa86ac3142538 Author: Christoffer Dall Date: Mon Jan 9 12:18:56 2017 +0100 KVM: arm/arm64: Fix occasional warning from the timer work function When a VCPU blocks (WFI) and has programmed the vtimer, we program a soft timer to expire in the future to wake up the vcpu thread when appropriate. Because such as wake up involves a vcpu kick, and the timer expire function can get called from interrupt context, and the kick may sleep, we have to schedule the kick in the work function. The work function currently has a warning that gets raised if it turns out that the timer shouldn't fire when it's run, which was added because the idea was that in that case the work should never have been cancelled. However, it turns out that this whole thing is racy and we can get spurious warnings. The problem is that we clear the armed flag in the work function, which may run in parallel with the kvm_timer_unschedule->timer_disarm() call. This results in a possible situation where the timer_disarm() call does not call cancel_work_sync(), which effectively synchronizes the completion of the work function with running the VCPU. As a result, the VCPU thread proceeds before the work function completees, causing changes to the timer state such that kvm_timer_should_fire(vcpu) returns false in the work function. All we do in the work function is to kick the VCPU, and an occasional rare extra kick never harmed anyone. Since the race above is extremely rare, we don't bother checking if the race happens but simply remove the check and the clearing of the armed flag from the work function. Reported-by: Matthias Brugger Reviewed-by: Marc Zyngier Signed-off-by: Christoffer Dall Signed-off-by: Marc Zyngier virt/kvm/arm/arch_timer.c | 3 --- 1 file changed, 3 deletions(-) commit a8a86d78d673b1c99fe9b0064739fde9e9774184 Author: Tahsin Erdogan Date: Thu Jan 12 12:04:04 2017 -0800 fuse: clear FR_PENDING flag when moving requests out of pending queue fuse_abort_conn() moves requests from pending list to a temporary list before canceling them. This operation races with request_wait_answer() which also tries to remove the request after it gets a fatal signal. It checks FR_PENDING flag to determine whether the request is still in the pending list. Make fuse_abort_conn() clear FR_PENDING flag so that request_wait_answer() does not remove the request from temporary list. This bug causes an Oops when trying to delete an already deleted list entry in end_requests(). Fixes: ee314a870e40 ("fuse: abort: no fc->lock needed for request ending") Signed-off-by: Tahsin Erdogan Signed-off-by: Miklos Szeredi Cc: # 4.2+ fs/fuse/dev.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 7a546af50eb78ab99840903083231eb635c8a566 Author: Johan Hovold Date: Thu Jan 12 18:17:43 2017 +0100 HID: corsair: fix control-transfer error handling Make sure to check for short control transfers in order to avoid parsing uninitialised buffer data and leaking it to user space. Note that the backlight and macro-mode buffer constraints are kept as loose as possible in order to avoid any regressions should the current buffer sizes be larger than necessary. Fixes: 6f78193ee9ea ("HID: corsair: Add Corsair Vengeance K90 driver") Cc: stable Signed-off-by: Johan Hovold Signed-off-by: Jiri Kosina drivers/hid/hid-corsair.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 6d104af38b570d37aa32a5803b04c354f8ed513d Author: Johan Hovold Date: Thu Jan 12 18:17:42 2017 +0100 HID: corsair: fix DMA buffers on stack Not all platforms support DMA to the stack, and specifically since v4.9 this is no longer supported on x86 with VMAP_STACK either. Note that the macro-mode buffer was larger than necessary. Fixes: 6f78193ee9ea ("HID: corsair: Add Corsair Vengeance K90 driver") Cc: stable Signed-off-by: Johan Hovold Signed-off-by: Jiri Kosina drivers/hid/hid-corsair.c | 54 ++++++++++++++++++++++++++++++++++++----------- 1 file changed, 42 insertions(+), 12 deletions(-) commit 43071d8fb3b7f589d72663c496a6880fb097533c Author: Felix Fietkau Date: Fri Jan 13 11:28:25 2017 +0100 mac80211: initialize SMPS field in HT capabilities ibss and mesh modes copy the ht capabilites from the band without overriding the SMPS state. Unfortunately the default value 0 for the SMPS field means static SMPS instead of disabled. This results in HT ibss and mesh setups using only single-stream rates, even though SMPS is not supposed to be active. Initialize SMPS to disabled for all bands on ieee80211_hw_register to ensure that the value is sane where it is not overriden with the real SMPS state. Reported-by: Elektra Wagenrad Signed-off-by: Felix Fietkau [move VHT TODO comment to a better place] Signed-off-by: Johannes Berg net/mac80211/main.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) commit 821b40b79db7dedbfe15ab330dfd181e661a533f Author: Andrzej Hajda Date: Fri Jan 13 10:20:58 2017 +0100 drm/exynos/decon5433: set STANDALONE_UPDATE_F also if planes are disabled STANDALONE_UPDATE_F should be set if something changed in plane configurations, including plane disable. The patch fixes page-faults bugs, caused by decon still using framebuffers of disabled planes. v2: fixed clear-bit code (Thx Marek) v3: use test_and_clear_bit (Thx Joonyoung) Signed-off-by: Andrzej Hajda Tested-by: Joonyoung Shim Signed-off-by: Inki Dae drivers/gpu/drm/exynos/exynos5433_drm_decon.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) commit f65a7c9cb3770ed4d3e7c57c66d7032689081b5e Author: Andrzej Hajda Date: Mon Jan 9 15:33:02 2017 +0100 drm/exynos/decon5433: update shadow registers iff there are active windows Improper usage of DECON_UPDATE register leads to subtle errors. If it set in decon_commit when there are no active windows it results in slow registry updates - all subsequent shadow registry updates takes more than full vblank. On the other side if it is not set when there are active windows it results in garbage on the screen after suspend/resume of FB console. The patch hopefully fixes it. Signed-off-by: Andrzej Hajda Signed-off-by: Inki Dae drivers/gpu/drm/exynos/exynos5433_drm_decon.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) commit c34eaa8d0f9d9ae26a4a6af7bc3aca57310cf483 Author: Changbin Du Date: Fri Jan 13 11:16:03 2017 +0800 drm/i915/gvt: rewrite gt reset handler using new function intel_gvt_reset_vgpu_locked GT reset and FLR share some operations and they are both implemented in our new function intel_gvt_reset_vgpu_locked(). This patch rewrite the gt reset handler using this new function. Besides, this new implementation fixed the old issue in GT reset. The old implementation reset GGTT entries which is illegal. We only clear GGTT entries at PCI level reset. Signed-off-by: Changbin Du Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/handlers.c | 90 ++++++++++++------------------------- 1 file changed, 29 insertions(+), 61 deletions(-) commit cfe65f4037cedb911a840ebcf6dafc5b69e535b4 Author: Changbin Du Date: Fri Jan 13 11:16:02 2017 +0800 drm/i915/gvt: fix vGPU instance reuse issues by vGPU reset function Our function tests found several issues related to reusing vGPU instance. They are qemu reboot failure, guest tdr after reboot, host hang when reboot guest. All these issues are caused by dirty status inherited from last VM. This patch fix all these issues by resetting a virtual GPU before VM use it. The reset logical is put into a low level function _intel_gvt_reset_vgpu(), which supports Device Model Level Reset, Full GT Reset and Per-Engine Reset. vGPU Device Model Level Reset (DMLR) simulates the PCI reset to reset the whole vGPU to default state as when it is created, including GTT, execlist, scratch pages, cfg space, mmio space, pvinfo page, scheduler and fence registers. The ultimate goal of vGPU DMLR is that reuse a vGPU instance by different virtual machines. When we reassign a vGPU to a virtual machine we must issue such reset first. Full GT Reset and Per-Engine GT Reset are soft reset flow for GPU engines (Render, Blitter, Video, Video Enhancement). It is defined by GPU Spec. Unlike the FLR, GT reset only reset particular resource of a vGPU per the reset request. Guest driver can issue a GT reset by programming the virtual GDRST register to reset specific virtual GPU engine or all engines. Since vGPU DMLR and GT reset can share some code so we implement both these two into one single function intel_gvt_reset_vgpu_locked(). The parameter dmlr is to identify if we will do FLR or GT reset. The parameter engine_mask is to specific the engines that need to be resetted. If value ALL_ENGINES is given for engine_mask, it means the caller requests a full gt reset that we will reset all virtual GPU engines. Signed-off-by: Changbin Du Reviewed-by: Jike Song Reviewed-by: Kevin Tian Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/gvt.h | 2 ++ drivers/gpu/drm/i915/gvt/vgpu.c | 73 ++++++++++++++++++++++++++++++++++++++++- 2 files changed, 74 insertions(+), 1 deletion(-) commit 97d58f7dd0ff12e5fddeffb40aed845daa628149 Author: Changbin Du Date: Fri Jan 13 11:16:01 2017 +0800 drm/i915/gvt: introduce intel_vgpu_reset_mmio() to reset mmio space This patch introduces a new function intel_vgpu_reset_mmio() to reset vGPU MMIO space (virtual registers of the vGPU). The default values are loaded as firmware during gvt inititiation. Signed-off-by: Changbin Du Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/mmio.c | 39 +++++++++++++++++++++++++-------------- drivers/gpu/drm/i915/gvt/mmio.h | 1 + 2 files changed, 26 insertions(+), 14 deletions(-) commit cdcc43479c9b929940a1955d2e7bae696d2b9496 Author: Changbin Du Date: Fri Jan 13 11:16:00 2017 +0800 drm/i915/gvt: move mmio init/clean function to mmio.c Move the mmio space inititation function setup_vgpu_mmio() and cleanup function clean_vgpu_mmio() in vgpu.c to dedicated source file mmio.c, and rename them as intel_vgpu_init_mmio() and intel_vgpu_clean_mmio() respectively. Signed-off-by: Changbin Du Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/gvt.h | 1 - drivers/gpu/drm/i915/gvt/handlers.c | 2 +- drivers/gpu/drm/i915/gvt/mmio.c | 42 +++++++++++++++++++++++++++++++++++++ drivers/gpu/drm/i915/gvt/mmio.h | 3 +++ drivers/gpu/drm/i915/gvt/vgpu.c | 37 +++----------------------------- 5 files changed, 49 insertions(+), 36 deletions(-) commit c64ff6c774413fdbffd7f0f3ef5b04127d461cf4 Author: Changbin Du Date: Fri Jan 13 11:15:59 2017 +0800 drm/i915/gvt: introduce intel_vgpu_reset_cfg_space to reset configuration space This patch introduces a new function intel_vgpu_reset_cfg_space() to reset vGPU configuration space. This function will unmap gttmmio and aperture if they are mapped before. Then entire cfg space will be restored to default values. Currently we only do such reset when vGPU is not owned by any VM so we simply restore entire cfg space to default value, not following the PCIe FLR spec that some fields should remain unchanged. Signed-off-by: Changbin Du Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/cfg_space.c | 25 +++++++++++++++++++++++++ drivers/gpu/drm/i915/gvt/gvt.h | 2 ++ 2 files changed, 27 insertions(+) commit 536fc234074b09adae1763d8fb5b2d947847ad1d Author: Changbin Du Date: Fri Jan 13 11:15:58 2017 +0800 drm/i915/gvt: move cfg space inititation function to cfg_space.c Move the configuration space inititation function setup_vgpu_cfg_space() in vgpu.c to dedicated source file cfg_space.c, and rename the function as intel_vgpu_init_cfg_space(). Signed-off-by: Changbin Du Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/cfg_space.c | 49 ++++++++++++++++++++++++++++++++++++ drivers/gpu/drm/i915/gvt/gvt.h | 2 ++ drivers/gpu/drm/i915/gvt/vgpu.c | 44 +------------------------------- 3 files changed, 52 insertions(+), 43 deletions(-) commit b611581b375ce28536ab50be9cd507bb6092fb1e Author: Changbin Du Date: Fri Jan 13 11:15:57 2017 +0800 drm/i915/gvt: introuduce intel_vgpu_reset_gtt() to reset gtt This patch introduces a new function intel_vgpu_reset_gtt() to reset the all GTT related status, including GGTT, PPGTT, scratch page. This function can free all shadowed PPGTT, clear all GGTT entry, and clear scratch page to all zero. After this, we can ensure no gtt related information can be leakaged from one VM to anothor one when assign vgpu instance across different VMs (not simultaneously). Signed-off-by: Changbin Du Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/gtt.c | 27 +++++++++++++++++++++++++++ drivers/gpu/drm/i915/gvt/gtt.h | 1 + 2 files changed, 28 insertions(+) commit d22a48bf7302ef064295749fa79cd47093c5a000 Author: Changbin Du Date: Fri Jan 13 11:15:56 2017 +0800 drm/i915/gvt: introudce intel_vgpu_reset_resource() to reset vgpu resource state This patch introudces a new function intel_vgpu_reset_resource() to reset allocated vgpu resources by intel_vgpu_alloc_resource(). So far we only need clear the fence registers. The function _clear_vgpu_fence() will reset both virtual and physical fence registers to 0. Signed-off-by: Changbin Du Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/aperture_gm.c | 29 +++++++++++++++++++++++++++-- drivers/gpu/drm/i915/gvt/gvt.h | 1 + 2 files changed, 28 insertions(+), 2 deletions(-) commit 3139dc8ded6f27552a248d23fe9f086e3027fa12 Author: Niklas Söderlund Date: Wed Jan 11 15:39:31 2017 +0100 dmaengine: rcar-dmac: unmap slave resource when channel is freed The slave mapping should be removed together with other channel resources when the channel is freed. If it's not unmapped it will hang around forever after the channel is freed. Fixes: 9f878603dbdb7db3 ("dmaengine: rcar-dmac: add iommu support for slave transfers") Reported-by: Laurent Pinchart Signed-off-by: Niklas Söderlund Reviewed-by: Laurent Pinchart Signed-off-by: Vinod Koul drivers/dma/sh/rcar-dmac.c | 8 ++++++++ 1 file changed, 8 insertions(+) commit d47d1d27fd6206c18806440f6ebddf51a806be4f Author: Stefan Hajnoczi Date: Thu Jan 5 10:05:46 2017 +0000 pmem: return EIO on read_pmem() failure The read_pmem() function uses memcpy_mcsafe() on x86 where an EFAULT error code indicates a failed read. Block I/O should use EIO to indicate failure. Other pmem code paths (like bad blocks) already use EIO so let's be consistent. This fixes compatibility with consumers like btrfs that try to parse the specific error code rather than treat all errors the same. Reviewed-by: Jeff Moyer Signed-off-by: Stefan Hajnoczi Signed-off-by: Dan Williams drivers/nvdimm/pmem.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 6771e01f7965ea13988d0a5a7972f97be4e46452 Author: Jon Mason Date: Thu Jan 12 10:50:10 2017 -0500 ARM: dts: NSP: Fix DT ranges error The range size for axi is 0x2 bytes too small, as the QSPI needs 0x11c408 + 0x004 (which is 0x0011c40c, not 0x0011c40a). No errors have been observed with this shortcoming, but fixing it for correctness. Fixes: 329f98c1974e ("ARM: dts: NSP: Add QSPI nodes to NSPI and bcm958625k DTSes") Signed-off-by: Jon Mason Signed-off-by: Florian Fainelli arch/arm/boot/dts/bcm-nsp.dtsi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 91546c56624a79f4a8fd80bede6b5a38c0f0ad78 Author: Valentin Rothberg Date: Fri Dec 2 10:42:49 2016 +0100 ARM: multi_v7_defconfig: set bcm47xx watchdog Correct the bcm47xx watchdog option. The convention of bcm watchdogs is the _WDT suffix. Fixes: 8dace3040426 ("ARM: multi_v7_defconfig: Enable BCM47xx/BCM5301x drivers") Signed-off-by: Valentin Rothberg Signed-off-by: Florian Fainelli arch/arm/configs/multi_v7_defconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 321012faf5975a4679771d7478b22ed42095aa9d Author: Valentin Rothberg Date: Fri Dec 2 10:24:56 2016 +0100 ARM: multi_v7_defconfig: fix config typo s/CONFIG_CONFIG_BCM47XX_NVRAM/CONFIG_BCM47XX_NVRAM/ Fixes: 8dace3040426 ("ARM: multi_v7_defconfig: Enable BCM47xx/BCM5301x drivers") Signed-off-by: Valentin Rothberg Signed-off-by: Florian Fainelli arch/arm/configs/multi_v7_defconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d1b333d12cde9cabe898160b6be9769d3382d81c Author: Jike Song Date: Thu Jan 12 16:52:03 2017 +0800 vfio iommu type1: fix the testing of capability for remote task Before the mdev enhancement type1 iommu used capable() to test the capability of current task; in the course of mdev development a new requirement, testing for another task other than current, was raised. ns_capable() was used for this purpose, however it still tests current, the only difference is, in a specified namespace. Fix it by using has_capability() instead, which tests the cap for specified task in init_user_ns, the same namespace as capable(). Cc: Gerd Hoffmann Signed-off-by: Jike Song Reviewed-by: James Morris Reviewed-by: Kirti Wankhede Signed-off-by: Alex Williamson drivers/vfio/vfio_iommu_type1.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 557ed56cc75e0a33c15ba438734a280bac23bd32 Merge: e28ac1f 6cf4569 Author: Linus Torvalds Date: Thu Jan 12 14:45:59 2017 -0800 Merge tag 'sound-4.10-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound Pull sound fixes from Takashi Iwai: "This time we got a few more fixes than the previous rc's, and most of commits were about ASoC. The only significant change in the core side is the regression fix wrt the aux device list handling, and all the rest are driver-specific small / trivial fixes" * tag 'sound-4.10-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: ALSA: usb-audio: Add a quirk for Plantronics BT600 ASoC: rt5645: set sel_i2s_pre_div1 to 2 ASoC: dpcm: Avoid putting stream state to STOP when FE stream is paused ASoC: Intel: Skylake: Release FW ctx in cleanup ASoC: Intel: bytcr-rt5640: fix settings in internal clock mode ASoC: fsl_ssi: set fifo watermark to more reliable value ASoC: nau8825: fix invalid configuration in Pre-Scalar of FLL ASoC: nau8825: correct the function name of register ASoC: Intel: Skylake: Fix to fail safely if module not available in path ASoC: tlv320aic3x: Mark the RESET register as volatile ASoC: Fix binding and probing of auxiliary components ASoC: wm_adsp: Don't overrun firmware file buffer when reading region data ASoC: Intel: bytcr_rt5640: fallback mechanism if MCLK is not enabled ASoC: hdmi-codec: use unsigned type to structure members with bit-field ASoC: topology: kfree kcontrol->private_value before freeing kcontrol ASoC: rsnd: don't double free kctrl ASoC: dwc: Fix PIO mode initialization commit ab8db87b8256e13a62f10af1d32f5fc233c398cc Author: Rex Zhu Date: Tue Jan 10 15:47:50 2017 +0800 drm/amd/powerplay: refine vce dpm update code on Cz. Program HardMin based on the vce_arbiter.ecclk if ecclk is 0, disable ECLK DPM 0. Otherwise VCE could hang if switching SCLK from DPM 0 to 6/7 Signed-off-by: Rex Zhu Acked-by: Alex Deucher Signed-off-by: Alex Deucher drivers/gpu/drm/amd/powerplay/hwmgr/cz_hwmgr.c | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) commit a844764751275e0e5d381958e3c7e6e0fe739e25 Author: Flora Cui Date: Tue Jan 10 10:50:30 2017 +0800 drm/amdgpu: fix vm_fault_stop on gfx6 Signed-off-by: Flora Cui Reviewed-by: Christian König Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/gmc_v6_0.c | 23 +++++++++-------------- 1 file changed, 9 insertions(+), 14 deletions(-) commit 3731d12dce83d47b357753ffc450ce03f1b49688 Author: Rex Zhu Date: Tue Jan 10 19:26:49 2017 +0800 drm/amd/powerplay: fix vce cg logic error on CZ/St. can fix Bug 191281: vce ib test failed. when vce idle, set vce clock gate, so the clock in vce domain will be disabled. when need to encode, disable vce clock gate, enable the clocks to vce engine. Signed-off-by: Rex Zhu Reviewed-by: Alex Deucher Signed-off-by: Alex Deucher drivers/gpu/drm/amd/powerplay/hwmgr/cz_clockpowergating.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit a628392cf03e0eef21b345afbb192cbade041741 Author: Alex Deucher Date: Thu Jan 5 13:08:01 2017 -0500 drm/radeon: drop the mclk quirk for hainan fixed by the new 58 mc firmware. Acked-by: Edward O'Callaghan Signed-off-by: Alex Deucher drivers/gpu/drm/radeon/si_dpm.c | 1 - 1 file changed, 1 deletion(-) commit 3a69adfe5617ceba04ad3cff0f9ccad470503fb2 Author: Alex Deucher Date: Thu Jan 5 13:07:14 2017 -0500 drm/radeon: drop oland quirks Fixed by the new 58 MC firmware. Acked-by: Edward O'Callaghan Signed-off-by: Alex Deucher drivers/gpu/drm/radeon/si_dpm.c | 11 ----------- 1 file changed, 11 deletions(-) commit 5cc6f520ace3aa0086747e08417c2627374af1d7 Author: Alex Deucher Date: Thu Jan 5 13:05:52 2017 -0500 drm/amdgpu: drop the mclk quirk for hainan fixed by the new 58 mc firmware. Acked-by: Edward O'Callaghan Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/si_dpm.c | 1 - 1 file changed, 1 deletion(-) commit 89d5595a6f53eba4d274c1d577d649db47620601 Author: Alex Deucher Date: Thu Jan 5 13:04:47 2017 -0500 drm/amdgpu: drop oland quirks Fixed by the new 58 MC firmware. Acked-by: Edward O'Callaghan Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/si_dpm.c | 11 ----------- 1 file changed, 11 deletions(-) commit f1d877be65d36806c581c32b4687d4acefa55960 Author: Alex Deucher Date: Tue Dec 20 16:40:48 2016 -0500 drm/amdgpu/si: load special ucode for certain MC configs Special MC ucode is required for these memory configurations. Acked-by: Edward O'Callaghan Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/gmc_v6_0.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) commit ef736d394e85b1bf1fd65ba5e5257b85f6c82325 Author: Alex Deucher Date: Tue Dec 20 16:35:50 2016 -0500 drm/radeon/si: load special ucode for certain MC configs Special MC ucode is required for these memory configurations. Acked-by: Edward O'Callaghan Signed-off-by: Alex Deucher drivers/gpu/drm/radeon/si.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) commit 8e2329ead748a85f4ae103d71a0575ef364c30a0 Author: Sekhar Nori Date: Thu Jan 12 16:24:43 2017 +0530 ARM: dts: dra72-evm-revc: fix typo in ethernet-phy node Fix a typo in impedance setting for ethernet-phy@3 Fixes: b76db38cd8ae ("ARM: dts: dra72-evm-revc: add phy impedance settings") Cc: Mugunthan V N Signed-off-by: Sekhar Nori Signed-off-by: Tony Lindgren arch/arm/boot/dts/dra72-evm-revc.dts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 7aa4865506a26c607e00bd9794a85785b55ebca7 Author: Vadim Lomovtsev Date: Thu Jan 12 07:28:06 2017 -0800 net: thunderx: acpi: fix LMAC initialization While probing BGX we requesting appropriate QLM for it's configuration and get LMAC count by that request. Then, while reading configured MAC values from SSDT table we need to save them in proper mapping: BGX[i]->lmac[j].mac = to later provide for initialization stuff. In order to fill such mapping properly we need to add lmac index to be used while acpi initialization since at this moment bgx->lmac_count already contains actual value. Signed-off-by: Vadim Lomovtsev Signed-off-by: David S. Miller drivers/net/ethernet/cavium/thunder/thunder_bgx.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) commit 36b29eb30ee0f6c99f06bea406c23a3fd4cbb80b Author: Wei Yongjun Date: Thu Jan 12 14:53:41 2017 +0000 soc: ti: wkup_m3_ipc: Fix error return code in wkup_m3_ipc_probe() Fix to return a negative error code from the kthread_run() error handling case instead of 0, as done elsewhere in this function. Fixes: cdd5de500b2c ("soc: ti: Add wkup_m3_ipc driver") Signed-off-by: Wei Yongjun Signed-off-by: Tony Lindgren drivers/soc/ti/wkup_m3_ipc.c | 1 + 1 file changed, 1 insertion(+) commit ce1ca7d2d140a1f4aaffd297ac487f246963dd2f Author: Sriharsha Basavapatna Date: Mon Jan 9 16:00:44 2017 +0530 svcrdma: avoid duplicate dma unmapping during error recovery In rdma_read_chunk_frmr() when ib_post_send() fails, the error code path invokes ib_dma_unmap_sg() to unmap the sg list. It then invokes svc_rdma_put_frmr() which in turn tries to unmap the same sg list through ib_dma_unmap_sg() again. This second unmap is invalid and could lead to problems when the iova being unmapped is subsequently reused. Remove the call to unmap in rdma_read_chunk_frmr() and let svc_rdma_put_frmr() handle it. Fixes: 412a15c0fe53 ("svcrdma: Port to new memory registration API") Cc: stable@vger.kernel.org Signed-off-by: Sriharsha Basavapatna Reviewed-by: Chuck Lever Reviewed-by: Yuval Shaia Signed-off-by: J. Bruce Fields net/sunrpc/xprtrdma/svc_rdma_recvfrom.c | 2 -- 1 file changed, 2 deletions(-) commit 8e38b7d4d71479b23b77f01cf0e5071610b8f357 Author: Stefan Schmidt Date: Mon Jan 2 16:58:13 2017 +0100 ieee802154: atusb: fix driver to work with older firmware versions After the addition of the frame_retries callback we could run into cases where a ATUSB device with an older firmware version would now longer be able to bring the interface up. We keep this functionality disabled now if the minimum firmware version for this feature is not available. Fixes: 5d82288b93db3bc ("ieee802154: atusb: implement .set_frame_retries ops callback") Reported-by: Alexander Aring Acked-by: Alexander Aring Signed-off-by: Stefan Schmidt Signed-off-by: Marcel Holtmann drivers/net/ieee802154/atusb.c | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) commit f301606934b240fb54d8edf3618a0483e36046fc Author: Andrey Smirnov Date: Sun Dec 18 15:25:33 2016 -0800 at86rf230: Allow slow GPIO pins for "rstn" Driver code never touches "rstn" signal in atomic context, so there's no need to implicitly put such restriction on it by using gpio_set_value to manipulate it. Replace gpio_set_value to gpio_set_value_cansleep to fix that. As a an example of where such restriction might be inconvenient, consider a hardware design where "rstn" is connected to a pin of I2C/SPI GPIO expander chip. Cc: Chris Healy Signed-off-by: Andrey Smirnov Signed-off-by: Stefan Schmidt Signed-off-by: Marcel Holtmann drivers/net/ieee802154/at86rf230.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 5eb35a6ccea61648a55713c076ab65423eea1ac0 Author: Stefan Schmidt Date: Thu Dec 15 18:40:16 2016 +0100 ieee802154: atusb: do not use the stack for address fetching to make it DMA able From 4.9 we should really avoid using the stack here as this will not be DMA able on various platforms. This changes a buffer that was introduced in the 4.10 merge window. Fixes: 6cc33eba232c ("ieee802154: atusb: try to read permanent extended address from device") Reported-by: Dan Carpenter Signed-off-by: Stefan Schmidt Signed-off-by: Marcel Holtmann drivers/net/ieee802154/atusb.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) commit 2fd2b550a5ed13b1d6640ff77630fc369636a544 Author: Stefan Schmidt Date: Thu Dec 15 18:40:15 2016 +0100 ieee802154: atusb: make sure we set a randaom extended address if fetching fails In the unlikely case were the firmware is new enough but the actual USB command still fails make sure we set a random address and return. Signed-off-by: Stefan Schmidt Signed-off-by: Marcel Holtmann drivers/net/ieee802154/atusb.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) commit 05a974efa4bdf6e2a150e3f27dc6fcf0a9ad5655 Author: Stefan Schmidt Date: Thu Dec 15 18:40:14 2016 +0100 ieee802154: atusb: do not use the stack for buffers to make them DMA able From 4.9 we should really avoid using the stack here as this will not be DMA able on various platforms. This changes the buffers already being present in time of 4.9 being released. This should go into stable as well. Reported-by: Dan Carpenter Cc: stable@vger.kernel.org Signed-off-by: Stefan Schmidt Signed-off-by: Marcel Holtmann drivers/net/ieee802154/atusb.c | 31 +++++++++++++++++++++++++++---- 1 file changed, 27 insertions(+), 4 deletions(-) commit 546125d1614264d26080817d0c8cddb9b25081fa Author: Scott Mayhew Date: Thu Jan 5 16:34:51 2017 -0500 sunrpc: don't call sleeping functions from the notifier block callbacks The inet6addr_chain is an atomic notifier chain, so we can't call anything that might sleep (like lock_sock)... instead of closing the socket from svc_age_temp_xprts_now (which is called by the notifier function), just have the rpc service threads do it instead. Cc: stable@vger.kernel.org Fixes: c3d4879e01be "sunrpc: Add a function to close..." Signed-off-by: Scott Mayhew Signed-off-by: J. Bruce Fields include/linux/sunrpc/svc_xprt.h | 1 + net/sunrpc/svc_xprt.c | 10 +++++++--- 2 files changed, 8 insertions(+), 3 deletions(-) commit 78794d1890708cf94e3961261e52dcec2cc34722 Author: J. Bruce Fields Date: Mon Jan 9 17:15:18 2017 -0500 svcrpc: don't leak contexts on PROC_DESTROY Context expiry times are in units of seconds since boot, not unix time. The use of get_seconds() here therefore sets the expiry time decades in the future. This prevents timely freeing of contexts destroyed by client RPC_GSS_PROC_DESTROY requests. We'd still free them eventually (when the module is unloaded or the container shut down), but a lot of contexts could pile up before then. Cc: stable@vger.kernel.org Fixes: c5b29f885afe "sunrpc: use seconds since boot in expiry cache" Reported-by: Andy Adamson Signed-off-by: J. Bruce Fields net/sunrpc/auth_gss/svcauth_gss.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit dcd208697707b12adeaa45643bab239c5e90ef9b Author: J. Bruce Fields Date: Wed Jan 11 20:34:50 2017 -0500 nfsd: fix supported attributes for acl & labels Oops--in 916d2d844afd I moved some constants into an array for convenience, but here I'm accidentally writing to that array. The effect is that if you ever encounter a filesystem lacking support for ACLs or security labels, then all queries of supported attributes will report that attribute as unsupported from then on. Fixes: 916d2d844afd "nfsd: clean up supported attribute handling" Signed-off-by: J. Bruce Fields fs/nfsd/nfs4xdr.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit d3129ef672cac81c4d0185336af377c8dc1091d3 Author: Trond Myklebust Date: Wed Jan 11 22:07:28 2017 -0500 NFSv4: update_changeattr should update the attribute timestamp Otherwise, the attribute cache remains marked as being expired. Signed-off-by: Trond Myklebust fs/nfs/nfs4proc.c | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) commit c40d52fe1c2ba25dcb8cd207c8d26ef5f57f0476 Author: Trond Myklebust Date: Wed Jan 11 12:36:11 2017 -0500 NFSv4: Don't call update_changeattr() unless the unlink is successful If the unlink wasn't successful, then the directory has presumably not changed. Signed-off-by: Trond Myklebust fs/nfs/nfs4proc.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit c733c49c32624f927f443be6dbabb387006bbe42 Author: Trond Myklebust Date: Wed Jan 11 12:32:26 2017 -0500 NFSv4: Don't apply change_info4 twice on rename within a directory If a file is renamed, but stays in the same directory, we will still receive 2 change_info4 structures describing the change to that directory, but we only want to apply it once. Signed-off-by: Trond Myklebust fs/nfs/nfs4proc.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) commit 2dfc61736482441993bfb7dfaa971113b53f107c Author: Trond Myklebust Date: Wed Jan 11 08:47:00 2017 -0500 NFSv4: Call update_changeattr() from _nfs4_proc_open only if a file was created We don't want to invalidate the directory attribute and data cache unless we know that a file was created, or the change attribute differs from the one in our cache. Signed-off-by: Trond Myklebust fs/nfs/nfs4proc.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 8a430ed50bb1b19ca14a46661f3b1b35f2fb5c39 Author: David Ahern Date: Wed Jan 11 15:42:17 2017 -0800 net: ipv4: fix table id in getroute response rtm_table is an 8-bit field while table ids are allowed up to u32. Commit 709772e6e065 ("net: Fix routing tables with id > 255 for legacy software") added the preference to set rtm_table in dumps to RT_TABLE_COMPAT if the table id is > 255. The table id returned on get route requests should do the same. Fixes: c36ba6603a11 ("net: Allow user to get table id from route lookup") Signed-off-by: David Ahern Signed-off-by: David S. Miller net/ipv4/route.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 994c5483e7f6dbf9fea622ba2031b9d868feb4b9 Author: Timur Tabi Date: Wed Jan 11 16:45:51 2017 -0600 net: qcom/emac: grab a reference to the phydev on ACPI systems Commit 6ffe1c4cd0a7 ("net: qcom/emac: fix of_node and phydev leaks") fixed the problem with reference leaks on phydev, but the fix is device-tree specific. When the driver unloads, the reference is dropped only on DT systems. Instead, it's cleaner if up grab an reference on ACPI systems. When the driver unloads, we can drop the reference without having to check whether we're on a DT system. Signed-off-by: Timur Tabi Reviewed-by: Johan Hovold Signed-off-by: David S. Miller drivers/net/ethernet/qualcomm/emac/emac-phy.c | 7 +++++++ drivers/net/ethernet/qualcomm/emac/emac.c | 6 ++---- 2 files changed, 9 insertions(+), 4 deletions(-) commit ea7a80858f57d8878b1499ea0f1b8a635cc48de7 Author: David Ahern Date: Wed Jan 11 14:29:54 2017 -0800 net: lwtunnel: Handle lwtunnel_fill_encap failure Handle failure in lwtunnel_fill_encap adding attributes to skb. Fixes: 571e722676fe ("ipv4: support for fib route lwtunnel encap attributes") Fixes: 19e42e451506 ("ipv6: support for fib route lwtunnel encap attributes") Signed-off-by: David Ahern Signed-off-by: David S. Miller net/ipv4/fib_semantics.c | 11 +++++++---- net/ipv6/route.c | 3 ++- 2 files changed, 9 insertions(+), 5 deletions(-) commit 701dc207bf551d9fe6defa36e84a911e880398c3 Author: Ricardo Ribalda Date: Wed Jan 11 10:11:44 2017 +0100 i2c: piix4: Avoid race conditions with IMC On AMD's SB800 and upwards, the SMBus is shared with the Integrated Micro Controller (IMC). The platform provides a hardware semaphore to avoid race conditions among them. (Check page 288 of the SB800-Series Southbridges Register Reference Guide http://support.amd.com/TechDocs/45482.pdf) Without this patch, many access to the SMBus end with an invalid transaction or even with the bus stalled. Reported-by: Alexandre Desnoyers Signed-off-by: Ricardo Ribalda Delgado Reviewed-by: Andy Shevchenko : Signed-off-by: Wolfram Sang drivers/i2c/busses/i2c-piix4.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) commit 3846fd9b86001bea171943cc3bb9222cb6da6b42 Author: Daniel Vetter Date: Wed Jan 11 10:01:17 2017 +0100 drm/probe-helpers: Drop locking from poll_enable It was only needed to protect the connector_list walking, see commit 8c4ccc4ab6f64e859d4ff8d7c02c2ed2e956e07f Author: Daniel Vetter Date: Thu Jul 9 23:44:26 2015 +0200 drm/probe-helper: Grab mode_config.mutex in poll_init/enable Unfortunately the commit message of that patch fails to mention that the new locking check was for the connector_list. But that requirement disappeared in commit c36a3254f7857f1ad9badbe3578ccc92be541a8e Author: Daniel Vetter Date: Thu Dec 15 16:58:43 2016 +0100 drm: Convert all helpers to drm_connector_list_iter and so we can drop this again. This fixes a locking inversion on nouveau, where the rpm code needs to re-enable. But in other places the rpm_get() calls are nested within the big modeset locks. While at it, also improve the kerneldoc for these two functions a notch. v2: Update the kerneldoc even more to explain that these functions can't be called concurrently, or bad things happen (Chris). Cc: Dave Airlie Reviewed-by: Chris Wilson Cc: Chris Wilson Tested-by: Lyude Reviewed-by: Lyude Signed-off-by: Daniel Vetter Link: http://patchwork.freedesktop.org/patch/msgid/20170111090117.5134-1-daniel.vetter@ffwll.ch drivers/gpu/drm/drm_probe_helper.c | 51 ++++++++++++++---------------------- drivers/gpu/drm/i915/intel_hotplug.c | 4 +-- include/drm/drm_crtc_helper.h | 1 - 3 files changed, 22 insertions(+), 34 deletions(-) commit 2659161dd40dbb599a19f320164373093df44a89 Author: Colin Ian King Date: Thu Dec 29 22:27:33 2016 +0000 i2c: fix spelling mistake: "insufficent" -> "insufficient" Trivial fix to spelling mistake in WARN message, insufficient has an insufficient number of i's in the spelling. Signed-off-by: Colin Ian King Signed-off-by: Wolfram Sang drivers/i2c/i2c-core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit e28ac1fc31299d826b5dbf1d67e74720a95cda48 Merge: 9ca277e 0a417b8 Author: Linus Torvalds Date: Thu Jan 12 11:06:26 2017 -0800 Merge tag 'xfs-for-linus-4.10-rc4-1' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux Pull xfs fixes from Darrick Wong: "As promised last week, here's some stability fixes from Christoph and Jan Kara: - fix free space request handling when low on disk space - remove redundant log failure error messages - free truncated dirty pages instead of letting them build up forever" * tag 'xfs-for-linus-4.10-rc4-1' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux: xfs: Timely free truncated dirty pages xfs: don't print warnings when xfs_log_force fails xfs: don't rely on ->total in xfs_alloc_space_available xfs: adjust allocation length in xfs_alloc_space_available xfs: fix bogus minleft manipulations xfs: bump up reserved blocks in xfs_alloc_set_aside commit 6f724fb3039522486fce2e32e4c0fbe238a6ab02 Author: John Garry Date: Fri Jan 6 19:02:57 2017 +0800 i2c: print correct device invalid address In of_i2c_register_device(), when the check for device address validity fails we print the info.addr, which has not been assigned properly. Fix this by printing the actual invalid address. Signed-off-by: John Garry Reviewed-by: Vladimir Zapolskiy Signed-off-by: Wolfram Sang Fixes: b4e2f6ac1281 ("i2c: apply DT flags when probing") Cc: stable@kernel.org drivers/i2c/i2c-core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 331c34255293cd02d395b7097008b509ba89e60e Author: Dmitry Torokhov Date: Wed Jan 4 20:57:22 2017 -0800 i2c: do not enable fall back to Host Notify by default Falling back unconditionally to HostNotify as primary client's interrupt breaks some drivers which alter their functionality depending on whether interrupt is present or not, so let's introduce a board flag telling I2C core explicitly if we want wired interrupt or HostNotify-based one: I2C_CLIENT_HOST_NOTIFY. For DT-based systems we introduce "host-notify" property that we convert to I2C_CLIENT_HOST_NOTIFY board flag. Tested-by: Benjamin Tissoires Signed-off-by: Dmitry Torokhov Acked-by: Pali Rohár Acked-by: Rob Herring Signed-off-by: Wolfram Sang Documentation/devicetree/bindings/i2c/i2c.txt | 8 ++++++++ drivers/i2c/i2c-core.c | 17 ++++++++--------- include/linux/i2c.h | 1 + 3 files changed, 17 insertions(+), 9 deletions(-) commit 30f939feaeee23e21391cfc7b484f012eb189c3c Author: Vlad Tsyrklevich Date: Mon Jan 9 22:53:36 2017 +0700 i2c: fix kernel memory disclosure in dev interface i2c_smbus_xfer() does not always fill an entire block, allowing kernel stack memory disclosure through the temp variable. Clear it before it's read to. Signed-off-by: Vlad Tsyrklevich Signed-off-by: Wolfram Sang Cc: stable@kernel.org drivers/i2c/i2c-dev.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 9ca277eba05ad99c6e7caa51cdaa93102875c026 Merge: 1d865da a0c1068 Author: Linus Torvalds Date: Thu Jan 12 11:00:22 2017 -0800 Merge tag 'rproc-v4.10-fixes' of git://github.com/andersson/remoteproc Pull remoteproc fixes from Bjorn Andersson: "This fixes two regressions that have been reported to be introduced in v4.10-rc1. - correct an incorrect usage of the kref api - revert the change to make the resource table read-only. As the space each vdev resource is used as virtio device config space it must be shared with the remote" * tag 'rproc-v4.10-fixes' of git://github.com/andersson/remoteproc: Revert "remoteproc: Merge table_ptr and cached_table pointers" remoteproc: fix vdev reference management commit 1d865da79e3ba09362ef474807981d0634881f1d Merge: 95ce131 6344764 Author: Linus Torvalds Date: Thu Jan 12 10:58:16 2017 -0800 Merge tag 'rpmsg-v4.10-fixes' of git://github.com/andersson/remoteproc Pull rpmsg fixes from Bjorn Andersson: "This fixes a regression introduced in v4.10-rc1 that prohibits multiple channels with the same name but different endpoint addresses to be used" * tag 'rpmsg-v4.10-fixes' of git://github.com/andersson/remoteproc: rpmsg: virtio_rpmsg_bus: fix channel creation commit 95ce13138e9074b12d9de50024ae1428317eee39 Merge: cb38b45 a89af4a Author: Linus Torvalds Date: Thu Jan 12 10:55:28 2017 -0800 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid Pull HID fixes from Jiri Kosina: - device descriptor length validation fix to hid-cypress driver from Greg - introduction of a short delay into i2c-hid, which is not really mandated by the spec, but fixes Asus Touchpads - Petzl USB connectable flashlight quirk from myself * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid: HID: i2c-hid: Add sleep between POWER ON and RESET HID: hid-cypress: validate length of report HID: ignore Petzl USB headlamp commit cb38b45346f17f4b0a105b9315b030a2e24fb7e6 Merge: 607ae5f 7c9d8d0 Author: Linus Torvalds Date: Thu Jan 12 10:41:20 2017 -0800 Merge branch 'scsi-target-for-v4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/bvanassche/linux Pull scsi target fixes from Bart Van Assche: - a series of bug fixes for the XCOPY implementation from David Disseldorp - one bug fix for the ibmvscsis driver, a driver that is used for communication between partitions on IBM POWER systems. * 'scsi-target-for-v4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/bvanassche/linux: ibmvscsis: Fix srp_transfer_data fail return code target: support XCOPY requests without parameters target: check for XCOPY parameter truncation target: use XCOPY segment descriptor CSCD IDs target: check XCOPY segment descriptor CSCD IDs target: simplify XCOPY wwn->se_dev lookup helper target: return UNSUPPORTED TARGET/SEGMENT DESC TYPE CODE sense target: bounds check XCOPY total descriptor list length target: bounds check XCOPY segment descriptor list target: use XCOPY TOO MANY TARGET DESCRIPTORS sense target: add XCOPY target/segment desc sense codes commit 84fcc2d2bd6cbf621e49e1d0f7eaef2e3c666b40 Author: Geng, Jichao Date: Thu Jan 5 16:50:39 2017 +0800 ceph: fix get_oldest_context() For no snapshot case, we should use ci->truncate_{seq,size}. Fixes: 5f743e456606 ("ceph: record truncate size/seq for snap data writeback") Signed-off-by: Geng, Jichao Signed-off-by: Yan, Zheng fs/ceph/addr.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit cc8e8342930129aa2c9b629e1653e4681f0896ea Author: Yan, Zheng Date: Wed Jan 4 16:21:58 2017 +0800 ceph: fix mds cluster availability check We should apply the check after getting the initial mdsmap. Fixes: e9e427f0a14f ("ceph: check availability of mds cluster on mount") Link: http://tracker.ceph.com/issues/18161 Signed-off-by: Yan, Zheng fs/ceph/mds_client.c | 5 +++++ 1 file changed, 5 insertions(+) commit 607ae5f26920b8dfedbbf882c0f9edd3b9aa6cf7 Merge: ba836a6 32cd7cb Author: Linus Torvalds Date: Thu Jan 12 10:17:59 2017 -0800 Merge tag 'md/4.10-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/shli/md Pull md fixes from Shaohua Li: "Basically one fix for raid5 cache which is merged in this cycle, others are trival fixes" * tag 'md/4.10-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/shli/md: md/raid5: Use correct IS_ERR() variation on pointer check md: cleanup mddev flag clear for takeover md/r5cache: fix spelling mistake on "recoverying" md/r5cache: assign conf->log before r5l_load_log() md/r5cache: simplify handling of sh->log_start in recovery md/raid5-cache: removes unnecessary write-through mode judgments md/raid10: Refactor raid10_make_request md/raid1: Refactor raid1_make_request commit 41c066f2c4d436c535616fe182331766c57838f0 Author: Ard Biesheuvel Date: Wed Jan 11 14:54:53 2017 +0000 arm64: assembler: make adr_l work in modules under KASLR When CONFIG_RANDOMIZE_MODULE_REGION_FULL=y, the offset between loaded modules and the core kernel may exceed 4 GB, putting symbols exported by the core kernel out of the reach of the ordinary adrp/add instruction pairs used to generate relative symbol references. So make the adr_l macro emit a movz/movk sequence instead when executing in module context. While at it, remove the pointless special case for the stack pointer. Acked-by: Mark Rutland Acked-by: Will Deacon Signed-off-by: Ard Biesheuvel Signed-off-by: Catalin Marinas arch/arm64/include/asm/assembler.h | 36 +++++++++++++++++++++++++++--------- 1 file changed, 27 insertions(+), 9 deletions(-) commit 4b09ec4b14a168bf2c687e1f598140c3c11e9222 Author: Benjamin Coddington Date: Thu Jan 5 10:20:16 2017 -0500 nfs: Don't take a reference on fl->fl_file for LOCK operation I have reports of a crash that look like __fput() was called twice for a NFSv4.0 file. It seems possible that the state manager could try to reclaim a lock and take a reference on the fl->fl_file at the same time the file is being released if, during the close(), a signal interrupts the wait for outstanding IO while removing locks which then skips the removal of that lock. Since 83bfff23e9ed ("nfs4: have do_vfs_lock take an inode pointer") has removed the need to traverse fl->fl_file->f_inode in nfs4_lock_done(), taking that reference is no longer necessary. Signed-off-by: Benjamin Coddington Reviewed-by: Jeff Layton Signed-off-by: Trond Myklebust fs/nfs/nfs4proc.c | 3 --- 1 file changed, 3 deletions(-) commit c5a2a394835f473ae23931eda5066d3771d7b2f8 Author: Kevin Hilman Date: Wed Jan 11 18:18:40 2017 -0800 spi: davinci: use dma_mapping_error() The correct error checking for dma_map_single() is to use dma_mapping_error(). Signed-off-by: Kevin Hilman Signed-off-by: Mark Brown drivers/spi/spi-davinci.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 97f9c5f211d1f063b1745370e6b4fd64d6adaeff Merge: d6169d0 2d5a9c7 Author: Greg Kroah-Hartman Date: Thu Jan 12 18:17:38 2017 +0100 Merge tag 'usb-serial-4.10-rc4' of git://git.kernel.org/pub/scm/linux/kernel/git/johan/usb-serial into usb-linus Johan writes: USB-serial fixes for v4.10-rc4 These fixes address a number of issues in the ch341 driver and includes a partial revert of a change in how we set the line settings that went into 4.10-rc1 but which turned out to have undesired side effects. This included deasserting the modem-control lines when configuring the device, but also prevented a certain class of CH340 devices from working with the driver. Included are also two fixes for two minor information leaks in kl5kusb105 and ch341 due to failures to detect short control transfers. Signed-off-by: Johan Hovold commit 18a3ed59d09cf81a6447aadf6931bf0c9ffec5e0 Author: Kazuya Mizuguchi Date: Thu Jan 12 13:21:06 2017 +0100 ravb: Remove Rx overflow log messages Remove Rx overflow log messages as in an environment where logging results in network traffic logging may cause further overflows. Fixes: c156633f1353 ("Renesas Ethernet AVB driver proper") Signed-off-by: Kazuya Mizuguchi [simon: reworked changelog] Signed-off-by: Simon Horman Acked-by: Sergei Shtylyov Signed-off-by: David S. Miller drivers/net/ethernet/renesas/ravb_main.c | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) commit f99e86485cc32cd16e5cc97f9bb0474f28608d84 Author: Damien Le Moal Date: Thu Jan 12 07:58:32 2017 -0700 block: Rename blk_queue_zone_size and bdev_zone_size All block device data fields and functions returning a number of 512B sectors are by convention named xxx_sectors while names in the form xxx_size are generally used for a number of bytes. The blk_queue_zone_size and bdev_zone_size functions were not following this convention so rename them. No functional change is introduced by this patch. Signed-off-by: Damien Le Moal Collapsed the two patches, they were nonsensically split and broke bisection. Signed-off-by: Jens Axboe block/blk-zoned.c | 4 ++-- block/partition-generic.c | 14 +++++++------- fs/f2fs/segment.c | 4 ++-- fs/f2fs/super.c | 6 +++--- include/linux/blkdev.h | 6 +++--- 5 files changed, 17 insertions(+), 17 deletions(-) commit 608edabd4e00915c36c27af3b16b92264fc111c5 Merge: 0719e72 28e46a0 Author: David S. Miller Date: Thu Jan 12 09:25:56 2017 -0500 Merge branch 'mlxsw-fixes' Jiri Pirko says: ==================== mlxsw: Couple of fixes Couple of simple fixes from Arkadi and Elad. Please queue these up for stable. Thanks. ==================== Signed-off-by: David S. Miller commit 28e46a0f2e03ab4ed0e23cace1ea89a68c8c115b Author: Elad Raz Date: Thu Jan 12 09:10:39 2017 +0100 mlxsw: pci: Fix EQE structure definition The event_data starts from address 0x00-0x0C and not from 0x08-0x014. This leads to duplication with other fields in the Event Queue Element such as sub-type, cqn and owner. Fixes: eda6500a987a0 ("mlxsw: Add PCI bus implementation") Signed-off-by: Elad Raz Signed-off-by: Jiri Pirko Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlxsw/pci_hw.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 400fc0106dd8c27ed84781c929c1a184785b9c79 Author: Arkadi Sharshevsky Date: Thu Jan 12 09:10:38 2017 +0100 mlxsw: switchx2: Fix memory leak at skb reallocation During transmission the skb is checked for headroom in order to add vendor specific header. In case the skb needs to be re-allocated, skb_realloc_headroom() is called to make a private copy of the original, but doesn't release it. Current code assumes that the original skb is released during reallocation and only releases it at the error path which causes a memory leak. Fix this by adding the original skb release to the main path. Fixes: d003462a50de ("mlxsw: Simplify mlxsw_sx_port_xmit function") Signed-off-by: Arkadi Sharshevsky Signed-off-by: Jiri Pirko Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlxsw/switchx2.c | 1 + 1 file changed, 1 insertion(+) commit 36bf38d158d3482119b3e159c0619b3c1539b508 Author: Arkadi Sharshevsky Date: Thu Jan 12 09:10:37 2017 +0100 mlxsw: spectrum: Fix memory leak at skb reallocation During transmission the skb is checked for headroom in order to add vendor specific header. In case the skb needs to be re-allocated, skb_realloc_headroom() is called to make a private copy of the original, but doesn't release it. Current code assumes that the original skb is released during reallocation and only releases it at the error path which causes a memory leak. Fix this by adding the original skb release to the main path. Fixes: 56ade8fe3fe1 ("mlxsw: spectrum: Add initial support for Spectrum ASIC") Signed-off-by: Arkadi Sharshevsky Reviewed-by: Ido Schimmel Signed-off-by: Jiri Pirko Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlxsw/spectrum.c | 1 + 1 file changed, 1 insertion(+) commit 33ab91103b3415e12457e3104f0e4517ce12d0f3 Author: Paolo Bonzini Date: Thu Jan 12 15:02:32 2017 +0100 KVM: x86: fix emulation of "MOV SS, null selector" This is CVE-2017-2583. On Intel this causes a failed vmentry because SS's type is neither 3 nor 7 (even though the manual says this check is only done for usable SS, and the dmesg splat says that SS is unusable!). On AMD it's worse: svm.c is confused and sets CPL to 0 in the vmcb. The fix fabricates a data segment descriptor when SS is set to a null selector, so that CPL and SS.DPL are set correctly in the VMCS/vmcb. Furthermore, only allow setting SS to a NULL selector if SS.RPL < 3; this in turn ensures CPL < 3 because RPL must be equal to CPL. Thanks to Andy Lutomirski and Willy Tarreau for help in analyzing the bug and deciphering the manuals. Reported-by: Xiaohan Zhang Fixes: 79d5b4c3cd809c770d4bf9812635647016c56011 Cc: stable@nongnu.org Signed-off-by: Paolo Bonzini arch/x86/kvm/emulate.c | 48 ++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 38 insertions(+), 10 deletions(-) commit 19c816e8e455f58da9997e4c6626f06203d8fbf0 Author: Jike Song Date: Thu Jan 12 16:52:02 2017 +0800 capability: export has_capability has_capability() is sometimes needed by modules to test capability for specified task other than current, so export it. Cc: Kirti Wankhede Signed-off-by: Jike Song Acked-by: Serge Hallyn Acked-by: James Morris Signed-off-by: Alex Williamson kernel/capability.c | 1 + 1 file changed, 1 insertion(+) commit 546d87e5c903a7f3ee7b9f998949a94729fbc65b Author: Wanpeng Li Date: Tue Jan 3 18:56:19 2017 -0800 KVM: x86: fix NULL deref in vcpu_scan_ioapic Reported by syzkaller: BUG: unable to handle kernel NULL pointer dereference at 00000000000001b0 IP: _raw_spin_lock+0xc/0x30 PGD 3e28eb067 PUD 3f0ac6067 PMD 0 Oops: 0002 [#1] SMP CPU: 0 PID: 2431 Comm: test Tainted: G OE 4.10.0-rc1+ #3 Call Trace: ? kvm_ioapic_scan_entry+0x3e/0x110 [kvm] kvm_arch_vcpu_ioctl_run+0x10a8/0x15f0 [kvm] ? pick_next_task_fair+0xe1/0x4e0 ? kvm_arch_vcpu_load+0xea/0x260 [kvm] kvm_vcpu_ioctl+0x33a/0x600 [kvm] ? hrtimer_try_to_cancel+0x29/0x130 ? do_nanosleep+0x97/0xf0 do_vfs_ioctl+0xa1/0x5d0 ? __hrtimer_init+0x90/0x90 ? do_nanosleep+0x5b/0xf0 SyS_ioctl+0x79/0x90 do_syscall_64+0x6e/0x180 entry_SYSCALL64_slow_path+0x25/0x25 RIP: _raw_spin_lock+0xc/0x30 RSP: ffffa43688973cc0 The syzkaller folks reported a NULL pointer dereference due to ENABLE_CAP succeeding even without an irqchip. The Hyper-V synthetic interrupt controller is activated, resulting in a wrong request to rescan the ioapic and a NULL pointer dereference. #include #include #include #include #include #include #include #include #include #include #ifndef KVM_CAP_HYPERV_SYNIC #define KVM_CAP_HYPERV_SYNIC 123 #endif void* thr(void* arg) { struct kvm_enable_cap cap; cap.flags = 0; cap.cap = KVM_CAP_HYPERV_SYNIC; ioctl((long)arg, KVM_ENABLE_CAP, &cap); return 0; } int main() { void *host_mem = mmap(0, 0x1000, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0); int kvmfd = open("/dev/kvm", 0); int vmfd = ioctl(kvmfd, KVM_CREATE_VM, 0); struct kvm_userspace_memory_region memreg; memreg.slot = 0; memreg.flags = 0; memreg.guest_phys_addr = 0; memreg.memory_size = 0x1000; memreg.userspace_addr = (unsigned long)host_mem; host_mem[0] = 0xf4; ioctl(vmfd, KVM_SET_USER_MEMORY_REGION, &memreg); int cpufd = ioctl(vmfd, KVM_CREATE_VCPU, 0); struct kvm_sregs sregs; ioctl(cpufd, KVM_GET_SREGS, &sregs); sregs.cr0 = 0; sregs.cr4 = 0; sregs.efer = 0; sregs.cs.selector = 0; sregs.cs.base = 0; ioctl(cpufd, KVM_SET_SREGS, &sregs); struct kvm_regs regs = { .rflags = 2 }; ioctl(cpufd, KVM_SET_REGS, ®s); ioctl(vmfd, KVM_CREATE_IRQCHIP, 0); pthread_t th; pthread_create(&th, 0, thr, (void*)(long)cpufd); usleep(rand() % 10000); ioctl(cpufd, KVM_RUN, 0); pthread_join(th, 0); return 0; } This patch fixes it by failing ENABLE_CAP if without an irqchip. Reported-by: Dmitry Vyukov Fixes: 5c919412fe61 (kvm/x86: Hyper-V synthetic interrupt controller) Cc: stable@vger.kernel.org # 4.5+ Cc: Paolo Bonzini Cc: Radim Krčmář Cc: Dmitry Vyukov Signed-off-by: Wanpeng Li Signed-off-by: Paolo Bonzini arch/x86/kvm/x86.c | 2 ++ 1 file changed, 2 insertions(+) commit 4f3dbdf47e150016aacd734e663347fcaa768303 Author: Wanpeng Li Date: Thu Jan 5 17:39:42 2017 -0800 KVM: eventfd: fix NULL deref irqbypass consumer Reported syzkaller: BUG: unable to handle kernel NULL pointer dereference at 0000000000000008 IP: irq_bypass_unregister_consumer+0x9d/0xb70 [irqbypass] PGD 0 Oops: 0002 [#1] SMP CPU: 1 PID: 125 Comm: kworker/1:1 Not tainted 4.9.0+ #1 Workqueue: kvm-irqfd-cleanup irqfd_shutdown [kvm] task: ffff9bbe0dfbb900 task.stack: ffffb61802014000 RIP: 0010:irq_bypass_unregister_consumer+0x9d/0xb70 [irqbypass] Call Trace: irqfd_shutdown+0x66/0xa0 [kvm] process_one_work+0x16b/0x480 worker_thread+0x4b/0x500 kthread+0x101/0x140 ? process_one_work+0x480/0x480 ? kthread_create_on_node+0x60/0x60 ret_from_fork+0x25/0x30 RIP: irq_bypass_unregister_consumer+0x9d/0xb70 [irqbypass] RSP: ffffb61802017e20 CR2: 0000000000000008 The syzkaller folks reported a NULL pointer dereference that due to unregister an consumer which fails registration before. The syzkaller creates two VMs w/ an equal eventfd occasionally. So the second VM fails to register an irqbypass consumer. It will make irqfd as inactive and queue an workqueue work to shutdown irqfd and unregister the irqbypass consumer when eventfd is closed. However, the second consumer has been initialized though it fails registration. So the token(same as the first VM's) is taken to unregister the consumer through the workqueue, the consumer of the first VM is found and unregistered, then NULL deref incurred in the path of deleting consumer from the consumers list. This patch fixes it by making irq_bypass_register/unregister_consumer() looks for the consumer entry based on consumer pointer itself instead of token matching. Reported-by: Dmitry Vyukov Suggested-by: Alex Williamson Cc: stable@vger.kernel.org Cc: Paolo Bonzini Cc: Radim Krčmář Cc: Dmitry Vyukov Cc: Alex Williamson Signed-off-by: Wanpeng Li Signed-off-by: Paolo Bonzini virt/lib/irqbypass.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 129a72a0d3c8e139a04512325384fe5ac119e74d Author: Steve Rutherford Date: Wed Jan 11 18:28:29 2017 -0800 KVM: x86: Introduce segmented_write_std Introduces segemented_write_std. Switches from emulated reads/writes to standard read/writes in fxsave, fxrstor, sgdt, and sidt. This fixes CVE-2017-2584, a longstanding kernel memory leak. Since commit 283c95d0e389 ("KVM: x86: emulate FXSAVE and FXRSTOR", 2016-11-09), which is luckily not yet in any final release, this would also be an exploitable kernel memory *write*! Reported-by: Dmitry Vyukov Cc: stable@vger.kernel.org Fixes: 96051572c819194c37a8367624b285be10297eca Fixes: 283c95d0e3891b64087706b344a4b545d04a6e62 Suggested-by: Paolo Bonzini Signed-off-by: Steve Rutherford Signed-off-by: Paolo Bonzini arch/x86/kvm/emulate.c | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) commit cef84c302fe051744b983a92764d3fcca933415d Author: David Matlack Date: Fri Dec 16 14:30:36 2016 -0800 KVM: x86: flush pending lapic jump label updates on module unload KVM's lapic emulation uses static_key_deferred (apic_{hw,sw}_disabled). These are implemented with delayed_work structs which can still be pending when the KVM module is unloaded. We've seen this cause kernel panics when the kvm_intel module is quickly reloaded. Use the new static_key_deferred_flush() API to flush pending updates on module unload. Signed-off-by: David Matlack Cc: stable@vger.kernel.org Signed-off-by: Paolo Bonzini arch/x86/kvm/lapic.c | 6 ++++++ arch/x86/kvm/lapic.h | 1 + arch/x86/kvm/x86.c | 1 + 3 files changed, 8 insertions(+) commit b6416e61012429e0277bd15a229222fd17afc1c1 Author: David Matlack Date: Fri Dec 16 14:30:35 2016 -0800 jump_labels: API for flushing deferred jump label updates Modules that use static_key_deferred need a way to synchronize with any delayed work that is still pending when the module is unloaded. Introduce static_key_deferred_flush() which flushes any pending jump label updates. Signed-off-by: David Matlack Cc: stable@vger.kernel.org Acked-by: Peter Zijlstra (Intel) Signed-off-by: Paolo Bonzini include/linux/jump_label_ratelimit.h | 5 +++++ kernel/jump_label.c | 7 +++++++ 2 files changed, 12 insertions(+) commit f0e8faa7a5e894b0fc99d24be1b18685a92ea466 Author: Arnd Bergmann Date: Wed Nov 16 16:20:37 2016 +0100 ARM: ux500: fix prcmu_is_cpu_in_wfi() calculation This function clearly never worked and always returns true, as pointed out by gcc-7: arch/arm/mach-ux500/pm.c: In function 'prcmu_is_cpu_in_wfi': arch/arm/mach-ux500/pm.c:137:212: error: ?: using integer constants in boolean context, the expression will always evaluate to 'true' [-Werror=int-in-bool-context] With the added braces, the condition actually makes sense. Fixes: 34fe6f107eab ("mfd : Check if the other db8500 core is in WFI") Signed-off-by: Arnd Bergmann Acked-by: Daniel Lezcano Signed-off-by: Linus Walleij arch/arm/mach-ux500/pm.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 01167c7b9cbf099c69fe411a228e4e9c7104e123 Author: Stefan Wahren Date: Thu Jan 5 19:24:04 2017 +0000 mmc: mxs-mmc: Fix additional cycles after transmission stop According to the code the intention is to append 8 SCK cycles instead of 4 at end of a MMC_STOP_TRANSMISSION command. But this will never happened because it's an AC command not an ADTC command. So fix this by moving the statement into the right function. Signed-off-by: Stefan Wahren Fixes: e4243f13d10e (mmc: mxs-mmc: add mmc host driver for i.MX23/28) Cc: Signed-off-by: Ulf Hansson drivers/mmc/host/mxs-mmc.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit e1d070c3793a2766122865a7c2142853b48808c5 Author: Hans de Goede Date: Wed Dec 21 00:19:19 2016 +0100 mmc: sdhci-acpi: Only powered up enabled acpi child devices Commit e5bbf30733f9 ("mmc: sdhci-acpi: Ensure connected devices are powered when probing") introduced code to powerup any acpi child nodes listed in the dstd. But some dstd-s list all possible devices used on some board variants, while reporting if the device is actually present and enabled in the status field of the device. So we end up calling the acpi _PS0 (power-on) method for devices which are not actually present. This does not always end well, e.g. on my cube iwork8 air tablet, this results in freezing the entire tablet as soon as the r8723bs module is loaded. This commit fixes this by checking the child device's status.present and status.enabled bits and only call acpi_device_fix_up_power() if both are set. Fixes: e5bbf30733f9 ("mmc: sdhci-acpi: Ensure connected devices are powered when probing") BugLink: https://github.com/hadess/rtl8723bs/issues/80 Signed-off-by: Hans de Goede Acked-by: Adrian Hunter Cc: Signed-off-by: Ulf Hansson drivers/mmc/host/sdhci-acpi.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit ff3f7e2475bbf9201e95824e72698fcdc5c3d47a Author: Josh Poimboeuf Date: Mon Jan 9 12:00:25 2017 -0600 x86/entry: Fix the end of the stack for newly forked tasks When unwinding a task, the end of the stack is always at the same offset right below the saved pt_regs, regardless of which syscall was used to enter the kernel. That convention allows the unwinder to verify that a stack is sane. However, newly forked tasks don't always follow that convention, as reported by the following unwinder warning seen by Dave Jones: WARNING: kernel stack frame pointer at ffffc90001443f30 in kworker/u8:8:30468 has bad value (null) The warning was due to the following call chain: (ftrace handler) call_usermodehelper_exec_async+0x5/0x140 ret_from_fork+0x22/0x30 The problem is that ret_from_fork() doesn't create a stack frame before calling other functions. Fix that by carefully using the frame pointer macros. In addition to conforming to the end of stack convention, this also makes related stack traces more sensible by making it clear to the user that ret_from_fork() was involved. Reported-by: Dave Jones Signed-off-by: Josh Poimboeuf Cc: Andy Lutomirski Cc: Andy Lutomirski Cc: Borislav Petkov Cc: Brian Gerst Cc: Denys Vlasenko Cc: Dmitry Vyukov Cc: H. Peter Anvin Cc: Linus Torvalds Cc: Miroslav Benes Cc: Peter Zijlstra Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/8854cdaab980e9700a81e9ebf0d4238e4bbb68ef.1483978430.git.jpoimboe@redhat.com Signed-off-by: Ingo Molnar arch/x86/entry/entry_32.S | 30 +++++++++++------------------- arch/x86/entry/entry_64.S | 11 +++++++---- 2 files changed, 18 insertions(+), 23 deletions(-) commit 2c96b2fe9c57b4267c3f0a680d82d7cc52e1c447 Author: Josh Poimboeuf Date: Mon Jan 9 12:00:24 2017 -0600 x86/unwind: Include __schedule() in stack traces In the following commit: 0100301bfdf5 ("sched/x86: Rewrite the switch_to() code") ... the layout of the 'inactive_task_frame' struct was designed to have a frame pointer header embedded in it, so that the unwinder could use the 'bp' and 'ret_addr' fields to report __schedule() on the stack (or ret_from_fork() for newly forked tasks which haven't actually run yet). Finish the job by changing get_frame_pointer() to return a pointer to inactive_task_frame's 'bp' field rather than 'bp' itself. This allows the unwinder to start one frame higher on the stack, so that it properly reports __schedule(). Reported-by: Miroslav Benes Signed-off-by: Josh Poimboeuf Cc: Andy Lutomirski Cc: Andy Lutomirski Cc: Borislav Petkov Cc: Brian Gerst Cc: Dave Jones Cc: Denys Vlasenko Cc: Dmitry Vyukov Cc: H. Peter Anvin Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/598e9f7505ed0aba86e8b9590aa528c6c7ae8dcd.1483978430.git.jpoimboe@redhat.com Signed-off-by: Ingo Molnar arch/x86/include/asm/stacktrace.h | 5 +---- arch/x86/include/asm/switch_to.h | 10 +++++++++- 2 files changed, 10 insertions(+), 5 deletions(-) commit 84936118bdf37bda513d4a361c38181a216427e0 Author: Josh Poimboeuf Date: Mon Jan 9 12:00:23 2017 -0600 x86/unwind: Disable KASAN checks for non-current tasks There are a handful of callers to save_stack_trace_tsk() and show_stack() which try to unwind the stack of a task other than current. In such cases, it's remotely possible that the task is running on one CPU while the unwinder is reading its stack from another CPU, causing the unwinder to see stack corruption. These cases seem to be mostly harmless. The unwinder has checks which prevent it from following bad pointers beyond the bounds of the stack. So it's not really a bug as long as the caller understands that unwinding another task will not always succeed. In such cases, it's possible that the unwinder may read a KASAN-poisoned region of the stack. Account for that by using READ_ONCE_NOCHECK() when reading the stack of another task. Use READ_ONCE() when reading the stack of the current task, since KASAN warnings can still be useful for finding bugs in that case. Reported-by: Dmitry Vyukov Signed-off-by: Josh Poimboeuf Cc: Andy Lutomirski Cc: Andy Lutomirski Cc: Borislav Petkov Cc: Brian Gerst Cc: Dave Jones Cc: Denys Vlasenko Cc: H. Peter Anvin Cc: Linus Torvalds Cc: Miroslav Benes Cc: Peter Zijlstra Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/4c575eb288ba9f73d498dfe0acde2f58674598f1.1483978430.git.jpoimboe@redhat.com Signed-off-by: Ingo Molnar arch/x86/include/asm/stacktrace.h | 5 ++++- arch/x86/kernel/unwind_frame.c | 20 ++++++++++++++++++-- 2 files changed, 22 insertions(+), 3 deletions(-) commit 900742d89c1b4e04bd373aec8470b88e183f08ca Author: Josh Poimboeuf Date: Mon Jan 9 12:00:22 2017 -0600 x86/unwind: Silence warnings for non-current tasks There are a handful of callers to save_stack_trace_tsk() and show_stack() which try to unwind the stack of a task other than current. In such cases, it's remotely possible that the task is running on one CPU while the unwinder is reading its stack from another CPU, causing the unwinder to see stack corruption. These cases seem to be mostly harmless. The unwinder has checks which prevent it from following bad pointers beyond the bounds of the stack. So it's not really a bug as long as the caller understands that unwinding another task will not always succeed. Since stack "corruption" on another task's stack isn't necessarily a bug, silence the warnings when unwinding tasks other than current. Reported-by: Dave Jones Signed-off-by: Josh Poimboeuf Cc: Andy Lutomirski Cc: Andy Lutomirski Cc: Borislav Petkov Cc: Brian Gerst Cc: Denys Vlasenko Cc: Dmitry Vyukov Cc: H. Peter Anvin Cc: Linus Torvalds Cc: Miroslav Benes Cc: Peter Zijlstra Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/00d8c50eea3446c1524a2a755397a3966629354c.1483978430.git.jpoimboe@redhat.com Signed-off-by: Ingo Molnar arch/x86/kernel/unwind_frame.c | 10 ++++++++++ 1 file changed, 10 insertions(+) commit e4621b73b6b472fe2b434b4f0f76b8f33ee26a73 Author: Chris Wilson Date: Fri Jan 6 15:22:38 2017 +0000 drm/i915: Fix phys pwrite for struct_mutex-less operation Since commit fe115628d567 ("drm/i915: Implement pwrite without struct-mutex") the lowlevel pwrite calls are now called without the protection of struct_mutex, but pwrite_phys was still asserting that it held the struct_mutex and later tried to drop and relock it. Fixes: fe115628d567 ("drm/i915: Implement pwrite without struct-mutex") Signed-off-by: Chris Wilson Cc: Joonas Lahtinen Cc: Link: http://patchwork.freedesktop.org/patch/msgid/20170106152240.5793-1-chris@chris-wilson.co.uk Reviewed-by: Tvrtko Ursulin (cherry picked from commit 10466d2a59b23aa6d5ecd5310296c8cdb6458dac) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/i915_gem.c | 34 ++++------------------------------ 1 file changed, 4 insertions(+), 30 deletions(-) commit e88893fea17996018b2d68a22e677ea04f3baadf Author: Chris Wilson Date: Thu Jan 5 15:59:40 2017 +0000 drm/i915: Clear ret before unbinding in i915_gem_evict_something() Missed when rebasing patches, I failed to set ret to zero before starting the unbind loop (which depends upon ret being zero). Reported-by: Matthew Auld Fixes: 9332f3b1b99a ("drm/i915: Combine loops within i915_gem_evict_something") Signed-off-by: Chris Wilson Cc: Matthew Auld Link: http://patchwork.freedesktop.org/patch/msgid/20170105155940.10033-1-chris@chris-wilson.co.uk Reviewed-by: Matthew Auld Cc: # v4.9+ (cherry picked from commit 121dfbb2a2ef1c5f49e15c38ccc47ff0beb59446) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/i915_gem_evict.c | 1 + 1 file changed, 1 insertion(+) commit 32856eea7bf75dfb99b955ada6e147f553a11366 Author: Alexandre Belloni Date: Wed Jan 11 13:11:08 2017 +0100 usb: gadget: udc: atmel: remove memory leak Commit bbe097f092b0 ("usb: gadget: udc: atmel: fix endpoint name") introduced a memory leak when unbinding the driver. The endpoint names would not be freed. Solve that by including the name as a string in struct usba_ep so it is freed when the endpoint is. Signed-off-by: Alexandre Belloni Signed-off-by: Felipe Balbi drivers/usb/gadget/udc/atmel_usba_udc.c | 3 ++- drivers/usb/gadget/udc/atmel_usba_udc.h | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) commit 8ae584d1951f241efd45499f8774fd7066f22823 Author: Shuah Khan Date: Tue Jan 10 16:05:28 2017 -0700 usb: dwc3: exynos fix axius clock error path to do cleanup Axius clock error path returns without disabling clock and suspend clock. Fix it to disable them before returning error. Reviewed-by: Javier Martinez Canillas Signed-off-by: Shuah Khan Signed-off-by: Felipe Balbi drivers/usb/dwc3/dwc3-exynos.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 866932e2771f35d20ed2f1865bcf6af8dba765bb Author: John Stultz Date: Mon Jan 9 13:10:24 2017 -0800 usb: dwc2: Avoid suspending if we're in gadget mode I've found when booting HiKey with the usb gadget cable attached if I then try to connect via adb, I get an infinite spew of: dwc2 f72c0000.usb: dwc2_hsotg_ep_sethalt(ep ffffffc0790ecb18 ep1out, 0) dwc2 f72c0000.usb: dwc2_hsotg_ep_sethalt(ep ffffffc0790eca18 ep1in, 0) It seems that the usb autosuspend is suspending the bus shortly after bootup when the gadget cable is attached. So when adbd then tries to use the device, it doesn't work and it then tries to restart it over and over via the ep_sethalt calls (via FUNCTIONFS_CLEAR_HALT ioctl). Chen Yu suggested this patch to avoid suspending if we're in device mode, and it avoids the problem. Cc: Wei Xu Cc: Guodong Xu Cc: Amit Pundir Cc: Rob Herring Cc: John Youn Cc: Douglas Anderson Cc: Chen Yu Cc: Kishon Vijay Abraham I Cc: Felipe Balbi Cc: Greg Kroah-Hartman Cc: linux-usb@vger.kernel.org Suggested-by: Chen Yu Signed-off-by: John Stultz Signed-off-by: John Youn Signed-off-by: Felipe Balbi drivers/usb/dwc2/hcd.c | 3 +++ 1 file changed, 3 insertions(+) commit b2f92f0ff0a26a6d758ce85167a77d7d1268ca36 Author: Leo Yan Date: Mon Jan 9 13:09:55 2017 -0800 usb: dwc2: use u32 for DT binding parameters Commit 05ee799f2021 ("usb: dwc2: Move gadget settings into core_params") changes to type u16 for DT binding "g-rx-fifo-size" and "g-np-tx-fifo-size" but use type u32 for "g-tx-fifo-size". Finally the the first two parameters cannot be passed successfully with wrong data format. This is found the data transferring broken on 96boards Hikey. This patch is to change all parameters to u32 type, and verified on Hikey board the DT parameters can pass successfully. [johnyoun: minor rebase] Signed-off-by: Leo Yan Signed-off-by: John Youn Tested-by: John Stultz Signed-off-by: Felipe Balbi drivers/usb/dwc2/core.h | 4 ++-- drivers/usb/dwc2/params.c | 10 +++++----- 2 files changed, 7 insertions(+), 7 deletions(-) commit 08f37148b6a915a6996c7dbef87769b9efee2dba Author: Vincent Pelletier Date: Mon Jan 9 13:46:00 2017 +0000 usb: gadget: f_fs: Fix iterations on endpoints. When zero endpoints are declared for a function, there is no endpoint to disable, enable or free, so replace do...while loops with while loops. Change pre-decrement to post-decrement to iterate the same number of times when there are endpoints to process. Signed-off-by: Vincent Pelletier Signed-off-by: Felipe Balbi drivers/usb/gadget/function/f_fs.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) commit 9383e084a88d04d442ea2dce128edff05f344e5c Author: Vardan Mikayelyan Date: Thu Jan 5 18:01:48 2017 -0800 usb: dwc2: gadget: Fix DMA memory freeing Remove DMA memory free from EP disable flow by replacing dma_alloc_coherent with dmam_alloc_coherent. Tested-by: John Stultz Signed-off-by: Vardan Mikayelyan Signed-off-by: John Youn Signed-off-by: Felipe Balbi drivers/usb/dwc2/gadget.c | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-) commit 990758c53eafe5a220a780ed12e7b4d51b3df032 Author: Christophe JAILLET Date: Wed Jan 4 06:30:16 2017 +0100 usb: gadget: composite: Fix function used to free memory 'cdev->os_desc_req' has been allocated with 'usb_ep_alloc_request()' so 'usb_ep_free_request()' should be used to free it. Signed-off-by: Christophe JAILLET Signed-off-by: Felipe Balbi drivers/usb/gadget/composite.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 581d3c2025632f838fb08e5160dab752b3a1f527 Author: Arnd Bergmann Date: Wed Jan 11 15:36:56 2017 +0100 pinctrl: amd: avoid maybe-uninitalized warning Since gpio_dev->hwbank_num is now a variable, the compiler cannot figure out if pin_num is initialized at all: drivers/pinctrl/pinctrl-amd.c: In function 'amd_gpio_dbg_show': drivers/pinctrl/pinctrl-amd.c:210:3: warning: 'pin_num' may be used uninitialized in this function [-Wmaybe-uninitialized] for (; i < pin_num; i++) { ^~~ drivers/pinctrl/pinctrl-amd.c:172:21: warning: 'i' may be used uninitialized in this function [-Wmaybe-uninitialized] This adds a 'default' statement to make that case well-defined. Fixes: 3bfd44306c65 ("pinctrl: amd: Add support for additional GPIO") Signed-off-by: Arnd Bergmann Signed-off-by: Linus Walleij drivers/pinctrl/pinctrl-amd.c | 2 ++ 1 file changed, 2 insertions(+) commit 49c03096263871a68c9dea3e86b7d1e163d2fba8 Author: Andy Shevchenko Date: Wed Jan 11 15:49:00 2017 +0200 pinctrl: baytrail: Do not add all GPIOs to IRQ domain When DIRECT_IRQ_EN is set, the pin is routed directly to the IO-APIC bypassing the GPIO driver completely. However, the mask register is still used to determine if the pin is supposed to generate IRQ or not. So with commit 3ae02c14d964 the IRQ core masks all IRQs (because of handle_bad_irq()) the pin connected to the touchscreen gets masked as well and hence no interrupts. To make this all work as expected we do not add those GPIOs to the IRQ domain that can actually propagate interrupts. Fixes: 3ae02c14d964 ("pinctrl: intel: set default handler to be handle_bad_irq()") Reported-by: Robert R. Howell Suggested-by: Mika Westerberg Signed-off-by: Andy Shevchenko Acked-by: Mika Westerberg Signed-off-by: Linus Walleij drivers/pinctrl/intel/pinctrl-baytrail.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) commit cd60be4916ae689387d04b86b6fc15931e4c95ae Author: Roberto Sassu Date: Wed Jan 11 11:06:42 2017 +0100 scsi: lpfc: avoid double free of resource identifiers Set variables initialized in lpfc_sli4_alloc_resource_identifiers() to NULL if an error occurred. Otherwise, lpfc_sli4_driver_resource_unset() attempts to free the memory again. Signed-off-by: Roberto Sassu Signed-off-by: Johannes Thumshirn Acked-by: James Smart Signed-off-by: Martin K. Petersen drivers/scsi/lpfc/lpfc_sli.c | 7 +++++++ 1 file changed, 7 insertions(+) commit 98624c4fed0abd848b291fbd3da18c2251b79429 Author: Christoph Hellwig Date: Wed Jan 11 17:55:46 2017 +0100 scsi: qla2xxx: remove irq_affinity_notifier Now that qla2xxx uses the IRQ layer affinity assignment, affinity won't change over the life time of a device and the notifiers are useless. Signed-off-by: Christoph Hellwig Acked-by: Himanshu Madhani Signed-off-by: Martin K. Petersen drivers/scsi/qla2xxx/qla_def.h | 1 - drivers/scsi/qla2xxx/qla_isr.c | 73 ------------------------------------------ 2 files changed, 74 deletions(-) commit 17e5fc58588b5e3df8220c90a9d8af55201d6b45 Author: Christoph Hellwig Date: Wed Jan 11 17:55:45 2017 +0100 scsi: qla2xxx: fix MSI-X vector affinity The first two or three vectors in qla2xxx adapter are global and not associated with a specific queue. They should not have IRQ affinity assigned. Signed-off-by: Christoph Hellwig Acked-by: Himanshu Madhani Signed-off-by: Martin K. Petersen drivers/scsi/qla2xxx/qla_def.h | 2 +- drivers/scsi/qla2xxx/qla_isr.c | 15 +++++++++++---- 2 files changed, 12 insertions(+), 5 deletions(-) commit 0719e72ccb801829a3d735d187ca8417f0930459 Author: stephen hemminger Date: Wed Jan 11 09:16:32 2017 -0800 netvsc: add rcu_read locking to netvsc callback The receive callback (in tasklet context) is using RCU to get reference to associated VF network device but this is not safe. RCU read lock needs to be held. Found by running with full lockdep debugging enabled. Fixes: f207c10d9823 ("hv_netvsc: use RCU to protect vf_netdev") Signed-off-by: Stephen Hemminger Signed-off-by: David S. Miller drivers/net/hyperv/netvsc_drv.c | 3 +++ 1 file changed, 3 insertions(+) commit 4ecb1d83f6abe8d49163427f4d431ebe98f8bd5f Author: Martynas Pumputis Date: Wed Jan 11 15:18:53 2017 +0000 vxlan: Set ports in flow key when doing route lookups Otherwise, a xfrm policy with sport/dport being set cannot be matched. Signed-off-by: Martynas Pumputis Signed-off-by: David S. Miller drivers/net/vxlan.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) commit 19c0f40d4fca3a47b8f784a627f0467f0138ccc8 Author: hayeswang Date: Wed Jan 11 16:25:34 2017 +0800 r8152: fix the sw rx checksum is unavailable Fix the hw rx checksum is always enabled, and the user couldn't switch it to sw rx checksum. Note that the RTL_VER_01 only support sw rx checksum only. Besides, the hw rx checksum for RTL_VER_02 is disabled after commit b9a321b48af4 ("r8152: Fix broken RX checksums."). Re-enable it. Signed-off-by: Hayes Wang Signed-off-by: David S. Miller drivers/net/usb/r8152.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) commit a89af4abdf9b353cdd6f61afc0eaaac403304873 Author: Brendan McGrath Date: Sat Jan 7 08:01:38 2017 +1100 HID: i2c-hid: Add sleep between POWER ON and RESET Support for the Asus Touchpad was recently added. It turns out this device can fail initialisation (and become unusable) when the RESET command is sent too soon after the POWER ON command. Unfortunately the i2c-hid specification does not specify the need for a delay between these two commands. But it was discovered the Windows driver has a 1ms delay. As a result, this patch modifies the i2c-hid module to add a sleep inbetween the POWER ON and RESET commands which lasts between 1ms and 5ms. See https://github.com/vlasenko/hid-asus-dkms/issues/24 for further details. Signed-off-by: Brendan McGrath Reviewed-by: Benjamin Tissoires Signed-off-by: Jiri Kosina drivers/hid/i2c-hid/i2c-hid.c | 9 +++++++++ 1 file changed, 9 insertions(+) commit ba836a6f5ab1243ff5e08a941a2d1de8b31244e1 Merge: cff3b2c 575b196 Author: Linus Torvalds Date: Wed Jan 11 11:15:15 2017 -0800 Merge branch 'akpm' (patches from Andrew) Merge fixes from Andrew Morton: "27 fixes. There are three patches that aren't actually fixes. They're simple function renamings which are nice-to-have in mainline as ongoing net development depends on them." * akpm: (27 commits) timerfd: export defines to userspace mm/hugetlb.c: fix reservation race when freeing surplus pages mm/slab.c: fix SLAB freelist randomization duplicate entries zram: support BDI_CAP_STABLE_WRITES zram: revalidate disk under init_lock mm: support anonymous stable page mm: add documentation for page fragment APIs mm: rename __page_frag functions to __page_frag_cache, drop order from drain mm: rename __alloc_page_frag to page_frag_alloc and __free_page_frag to page_frag_free mm, memcg: fix the active list aging for lowmem requests when memcg is enabled mm: don't dereference struct page fields of invalid pages mailmap: add codeaurora.org names for nameless email commits signal: protect SIGNAL_UNKILLABLE from unintentional clearing. mm: pmd dirty emulation in page fault handler ipc/sem.c: fix incorrect sem_lock pairing lib/Kconfig.debug: fix frv build failure mm: get rid of __GFP_OTHER_NODE mm: fix remote numa hits statistics mm: fix devm_memremap_pages crash, use mem_hotplug_{begin, done} ocfs2: fix crash caused by stale lvb with fsdlm plugin ... commit 73da4268fdbae972f617946d1c690f2136964802 Author: Dan Carpenter Date: Sat Jan 7 09:30:08 2017 +0300 vfio-mdev: remove some dead code We set info.count to 1 in mtty_get_irq_info() so static checkers complain that, "Why do we have impossible conditions?" The answer is that it seems to be left over dead code that can be safely removed. Signed-off-by: Dan Carpenter Reviewed-by: Kirti Wankhede Signed-off-by: Alex Williamson samples/vfio-mdev/mtty.c | 3 --- 1 file changed, 3 deletions(-) commit 5c677869e0abbffbade2cfd82d46d0eebe823f34 Author: Dan Carpenter Date: Sat Jan 7 09:28:40 2017 +0300 vfio-mdev: buffer overflow in ioctl() This is a sample driver for documentation so the impact is probably pretty low. But we should check that bar_index is valid so we don't write beyond the end of the mdev_state->region_info[] array. Fixes: 9d1a546c53b4 ("docs: Sample driver to demonstrate how to use Mediated device framework.") Signed-off-by: Dan Carpenter Reviewed-by: Kirti Wankhede Signed-off-by: Alex Williamson samples/vfio-mdev/mtty.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) commit 6ed0993a0b859ce62edf2930ded683e452286d39 Author: Dan Carpenter Date: Sat Jan 7 09:27:49 2017 +0300 vfio-mdev: return -EFAULT if copy_to_user() fails The copy_to_user() function returns the number of bytes which it wasn't able to copy but we want to return a negative error code. Fixes: 9d1a546c53b4 ("docs: Sample driver to demonstrate how to use Mediated device framework.") Signed-off-by: Dan Carpenter Reviewed-by: Kirti Wankhede Signed-off-by: Alex Williamson samples/vfio-mdev/mtty.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) commit 6cf4569ce3561dec560147e6051959d6896b23d1 Merge: 2e40795 42e0ebd Author: Takashi Iwai Date: Wed Jan 11 19:49:27 2017 +0100 Merge tag 'asoc-fix-v4.10-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus ASoC: Fixes for v4.10 As well as the usual smattering of driver specific fixes collected since the merge window this has one particularly important fix to the core for handling of aux_devs which was broken during the merge window by some of the componentization refactoring. commit 0a417b8dc1f10b03e8f558b8a831f07ec4c23795 Author: Jan Kara Date: Wed Jan 11 10:20:04 2017 -0800 xfs: Timely free truncated dirty pages Commit 99579ccec4e2 "xfs: skip dirty pages in ->releasepage()" started to skip dirty pages in xfs_vm_releasepage() which also has the effect that if a dirty page is truncated, it does not get freed by block_invalidatepage() and is lingering in LRU list waiting for reclaim. So a simple loop like: while true; do dd if=/dev/zero of=file bs=1M count=100 rm file done will keep using more and more memory until we hit low watermarks and start pagecache reclaim which will eventually reclaim also the truncate pages. Keeping these truncated (and thus never usable) pages in memory is just a waste of memory, is unnecessarily stressing page cache reclaim, and reportedly also leads to anonymous mmap(2) returning ENOMEM prematurely. So instead of just skipping dirty pages in xfs_vm_releasepage(), return to old behavior of skipping them only if they have delalloc or unwritten buffers and fix the spurious warnings by warning only if the page is clean. CC: stable@vger.kernel.org CC: Brian Foster CC: Vlastimil Babka Reported-by: Petr Tůma Fixes: 99579ccec4e271c3d4d4e7c946058766812afdab Signed-off-by: Jan Kara Reviewed-by: Brian Foster Signed-off-by: Darrick J. Wong fs/xfs/xfs_aops.c | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) commit cff3b2c4b3d2112eb9bb344e96d3d6aa66f2c13c Merge: a6b6e61 24c63bb Author: Linus Torvalds Date: Wed Jan 11 09:52:12 2017 -0800 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net Pull networking fixes from David Miller: 1) Fix rtlwifi crash, from Larry Finger. 2) Memory disclosure in appletalk ipddp routing code, from Vlad Tsyrklevich. 3) r8152 can erroneously split an RX packet into multiple URBs if the Rx FIFO is not empty when we suspend. Fix this by waiting for the FIFO to empty before suspending. From Hayes Wang. 4) Two GRO fixes (enter slow path when not enough SKB tail room exists, disable frag0 optimizations when there are IPV6 extension headers) from Eric Dumazet and Herbert Xu. 5) A series of mlx5e bug fixes (do source udp port offloading for tunnels properly, Ip fragment matching fixes, handling firmware errors properly when installing TC rules, etc.) from Saeed Mahameed, Or Gerlitz, Roi Dayan, Hadar Hen Zion, Gil Rockah, and Daniel Jurgens. 6) Two VRF fixes from David Ahern (don't skip multipath selection for VRF paths, disallow VRF to be configured with table ID 0). * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (35 commits) net: vrf: do not allow table id 0 net: phy: marvell: fix Marvell 88E1512 used in SGMII mode sctp: Fix spelling mistake: "Atempt" -> "Attempt" net: ipv4: Fix multipath selection with vrf cgroup: move CONFIG_SOCK_CGROUP_DATA to init/Kconfig gro: use min_t() in skb_gro_reset_offset() net/mlx5: Only cancel recovery work when cleaning up device net/mlx5e: Remove WARN_ONCE from adaptive moderation code net/mlx5e: Un-register uplink representor on nic_disable net/mlx5e: Properly handle FW errors while adding TC rules net/mlx5e: Fix kbuild warnings for uninitialized parameters net/mlx5e: Set inline mode requirements for matching on IP fragments net/mlx5e: Properly get address type of encapsulation IP headers net/mlx5e: TC ipv4 tunnel encap offload error flow fixes net/mlx5e: Warn when rejecting offload attempts of IP tunnels net/mlx5e: Properly handle offloading of source udp port for IP tunnels gro: Disable frag0 optimization on IPv6 ext headers gro: Enter slow-path if there is no tailroom mlx4: Return EOPNOTSUPP instead of ENOTSUPP net/af_iucv: don't use paged skbs for TX on HiperSockets ... commit a6b6e6165057f55c4cd35780520275d3c46e4c82 Merge: 807b93e 07825f0 Author: Linus Torvalds Date: Wed Jan 11 09:28:13 2017 -0800 Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 Pull crypto fix from Herbert Xu: "This fixes a regression in aesni that renders it useless if it's built-in with a modular pcbc configuration" * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: crypto: aesni - Fix failure when built-in with modular pcbc commit fdf35a6b22247746a7053fc764d04218a9306f82 Author: Takashi Iwai Date: Mon Jan 9 15:56:14 2017 +0100 drm: Fix broken VT switch with video=1366x768 option I noticed that the VT switch doesn't work any longer with a Dell laptop with 1366x768 eDP when the machine is connected with a DP monitor. It behaves as if VT were switched, but the graphics remain frozen. Actually the keyboard works, so I could switch back to VT7 again. I tried to track down the problem, and encountered a long story until we reach to this error: - The machine is booted with video=1366x768 option (the distro installer seems to add it as default). - Recently, drm_helper_probe_single_connector_modes() deals with cmdline modes, and it tries to create a new mode when no matching mode is found. - The drm_mode_create_from_cmdline_mode() creates a mode based on either CVT of GFT according to the given cmdline mode; in our case, it's 1366x768. - Since both CVT and GFT can't express the width 1366 due to alignment, the resultant mode becomes 1368x768, slightly larger than the given size. - Later on, the atomic commit is performed, and in drm_atomic_check_only(), the size of each plane is checked. - The size check of 1366x768 fails due to the above, and eventually the whole VT switch fails. Back in the history, we've had a manual fix-up of 1368x768 in various places via c09dedb7a50e ("drm/edid: Add a workaround for 1366x768 HD panel"), but they have been all in drm_edid.c at probing the modes from EDID. For addressing the problem above, we need a similar hack to the mode newly created from cmdline, manually adjusting the width when the expected size is 1366 while we get 1368 instead. Fixes: eaf99c749d43 ("drm: Perform cmdline mode parsing during...") Cc: Signed-off-by: Takashi Iwai Link: http://patchwork.freedesktop.org/patch/msgid/20170109145614.29454-1-tiwai@suse.de Reviewed-by: Ville Syrjälä Signed-off-by: Ville Syrjälä drivers/gpu/drm/drm_modes.c | 7 +++++++ 1 file changed, 7 insertions(+) commit b5a10c5f7532b7473776da87e67f8301bbc32693 Author: Guilherme G. Piccoli Date: Wed Dec 28 22:13:15 2016 -0200 nvme: apply DELAY_BEFORE_CHK_RDY quirk at probe time too Commit 54adc01055b7 ("nvme/quirk: Add a delay before checking for adapter readiness") introduced a quirk to adapters that cannot read the bit NVME_CSTS_RDY right after register NVME_REG_CC is set; these adapters need a delay or else the action of reading the bit NVME_CSTS_RDY could somehow corrupt adapter's registers state and it never recovers. When this quirk was added, we checked ctrl->tagset in order to avoid quirking in probe time, supposing we would never require such delay during probe. Well, it was too optimistic; we in fact need this quirk at probe time in some cases, like after a kexec. In some experiments, after abnormal shutdown of machine (aka power cord unplug), we booted into our bootloader in Power, which is a Linux kernel, and kexec'ed into another distro. If this kexec is too quick, we end up reaching the probe of NVMe adapter in that distro when adapter is in bad state (not fully initialized on our bootloader). What happens next is that nvme_wait_ready() is unable to complete, except if the quirk is enabled. So, this patch removes the original ctrl->tagset verification in order to enable the quirk even on probe time. Fixes: 54adc01055b7 ("nvme/quirk: Add a delay before checking for adapter readiness") Reported-by: Andrew Byrne Reported-by: Jaime A. H. Gomez Reported-by: Zachary D. Myers Signed-off-by: Guilherme G. Piccoli Acked-by: Jeffrey Lien Signed-off-by: Christoph Hellwig drivers/nvme/host/core.c | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) commit 1392370ee7de8aa3f69936f55bea6bfcc9879c59 Author: Christoph Hellwig Date: Tue Jan 3 14:29:02 2017 +0300 nvme-rdma: fix nvme_rdma_queue_is_ready Now that we don't abuse the cmd field in struct request for nvme command passthrough this function needs to be converted to the proper accessor as well. Fixes: d49187e97e ("nvme: introduce struct nvme_request") Signed-off-by: Christoph Hellwig Reviewed-by: Max Gurtovoy drivers/nvme/host/rdma.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d6169d04097fd9ddf811e63eae4e5cd71e6666e2 Author: Mathias Nyman Date: Wed Jan 11 17:10:34 2017 +0200 xhci: fix deadlock at host remove by running watchdog correctly If a URB is killed while the host is removed we can end up in a situation where the hub thread takes the roothub device lock, and waits for the URB to be given back by xhci-hcd, blocking the host remove code. xhci-hcd tries to stop the endpoint and give back the urb, but can't as the host is removed from PCI bus at the same time, preventing the normal way of giving back urb. Instead we need to rely on the stop command timeout function to give back the urb. This xhci_stop_endpoint_command_watchdog() timeout function used a XHCI_STATE_DYING flag to indicate if the timeout function is already running, but later this flag has been taking into use in other places to mark that xhci is dying. Remove checks for XHCI_STATE_DYING in xhci_urb_dequeue. We are still checking that reading from pci state does not return 0xffffffff or that host is not halted before trying to stop the endpoint. This whole area of stopping endpoints, giving back URBs, and the wathdog timeout need rework, this fix focuses on solving a specific deadlock issue that we can then send to stable before any major rework. Cc: Signed-off-by: Mathias Nyman Signed-off-by: Greg Kroah-Hartman drivers/usb/host/xhci-ring.c | 11 ----------- drivers/usb/host/xhci.c | 13 ------------- 2 files changed, 24 deletions(-) commit ad5013d5699d30ded0cdbbc68b93b2aa28222c6e Author: Colin King Date: Wed Jan 11 11:43:10 2017 +0000 perf/x86/intel: Use ULL constant to prevent undefined shift behaviour When x86_pmu.num_counters is 32 the shift of the integer constant 1 is exceeding 32bit and therefor undefined behaviour. Fix this by shifting 1ULL instead of 1. Reported-by: CoverityScan CID#1192105 ("Bad bit shift operation") Signed-off-by: Colin Ian King Cc: Andi Kleen Cc: Peter Zijlstra Cc: Kan Liang Cc: Stephane Eranian Cc: Alexander Shishkin Link: http://lkml.kernel.org/r/20170111114310.17928-1-colin.king@canonical.com Signed-off-by: Thomas Gleixner arch/x86/events/intel/core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d2941df8fbd9708035d66d889ada4d3d160170ce Author: Johannes Berg Date: Thu Oct 20 08:52:50 2016 +0200 mac80211: recalculate min channel width on VHT opmode changes When an associated station changes its VHT operating mode this can/will affect the bandwidth it's using, and consequently we must recalculate the minimum bandwidth we need to use. Failure to do so can lead to one of two scenarios: 1) we use a too high bandwidth, this is benign 2) we use a too narrow bandwidth, causing rate control and actual PHY configuration to be out of sync, which can in turn cause problems/crashes Signed-off-by: Johannes Berg net/mac80211/iface.c | 21 +++++++++++++++++++++ net/mac80211/rx.c | 9 +-------- net/mac80211/vht.c | 4 +++- 3 files changed, 25 insertions(+), 9 deletions(-) commit 96aa2e7cf126773b16c6c19b7474a8a38d3c707e Author: Johannes Berg Date: Fri Oct 7 12:23:49 2016 +0200 mac80211: calculate min channel width correctly In the current minimum chandef code there's an issue in that the recalculation can happen after rate control is initialized for a station that has a wider bandwidth than the current chanctx, and then rate control can immediately start using those higher rates which could cause problems. Observe that first of all that this problem is because we don't take non-associated and non-uploaded stations into account. The restriction to non-associated is quite pointless and is one of the causes for the problem described above, since the rate init will happen before the station is set to associated; no frames could actually be sent until associated, but the rate table can already contain higher rates and that might cause problems. Also, rejecting non-uploaded stations is wrong, since the rate control can select higher rates for those as well. Secondly, it's then necessary to recalculate the minimal config before initializing rate control, so that when rate control is initialized, the higher rates are already available. This can be done easily by adding the necessary function call in rate init. Change-Id: Ib9bc02d34797078db55459d196993f39dcd43070 Signed-off-by: Johannes Berg net/mac80211/chan.c | 3 --- net/mac80211/rate.c | 2 ++ 2 files changed, 2 insertions(+), 3 deletions(-) commit 06f7c88c107fb469f4f1344142e80df5175c6836 Author: Beni Lev Date: Tue Jul 19 19:28:56 2016 +0300 cfg80211: consider VHT opmode on station update Currently, this attribute is only fetched on station addition, but not on station change. Since this info is only present in the assoc request, with full station state support in the driver it cannot be present when the station is added. Thus, add support for changing the VHT opmode on station update if done before (or while) the station is marked as associated. After this, ignore it, since it used to be ignored. Signed-off-by: Beni Lev Signed-off-by: Johannes Berg include/uapi/linux/nl80211.h | 4 +++- net/wireless/nl80211.c | 15 +++++++++++++++ 2 files changed, 18 insertions(+), 1 deletion(-) commit d7f842442f766db3f39fc5d166ddcc24bf817056 Author: Emmanuel Grumbach Date: Tue Oct 25 10:32:16 2016 +0300 mac80211: fix the TID on NDPs sent as EOSP carrier In the commit below, I forgot to translate the mac80211's AC to QoS IE order. Moreover, the condition in the if was wrong. Fix both issues. This bug would hit only with clients that didn't set all the ACs as delivery enabled. Fixes: f438ceb81d4 ("mac80211: uapsd_queues is in QoS IE order") Signed-off-by: Emmanuel Grumbach Signed-off-by: Johannes Berg net/mac80211/sta_info.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 51ebfc92b72b4f7dac1ab45683bf56741e454b8c Author: Bjorn Helgaas Date: Wed Jan 11 09:11:53 2017 -0600 PCI: Enumerate switches below PCI-to-PCIe bridges A PCI-to-PCIe bridge (a "reverse bridge") has a PCI or PCI-X primary interface and a PCI Express secondary interface. The PCIe interface is a Downstream Port that originates a Link. See the "PCI Express to PCI/PCI-X Bridge Specification", rev 1.0, sections 1.2 and A.6. The bug report below involves a PCI-to-PCIe bridge and a PCIe switch below the bridge: 00:1e.0 Intel 82801 PCI Bridge to [bus 01-0a] 01:00.0 Pericom PI7C9X111SL PCIe-to-PCI Reversible Bridge to [bus 02-0a] 02:00.0 Pericom Device 8608 [PCIe Upstream Port] to [bus 03-0a] 03:01.0 Pericom Device 8608 [PCIe Downstream Port] to [bus 0a] 01:00.0 is configured as a PCI-to-PCIe bridge (despite the name printed by lspci). As we traverse a PCIe hierarchy, device connections alternate between PCIe Links and internal Switch logic. Previously we did not recognize that 01:00.0 had a secondary link, so we thought the 02:00.0 Upstream Port *did* have a secondary link. In fact, it's the other way around: 01:00.0 has a secondary link, and 02:00.0 has internal Switch logic on its secondary side. When we thought 02:00.0 had a secondary link, the pci_scan_slot() -> only_one_child() path assumed 02:00.0 could have only one child, so 03:00.0 was the only possible downstream device. But 03:00.0 doesn't exist, so we didn't look for any other devices on bus 03. Booting with "pci=pcie_scan_all" is a workaround, but we don't want users to have to do that. Recognize that PCI-to-PCIe bridges originate links on their secondary interfaces. Link: https://bugzilla.kernel.org/show_bug.cgi?id=189361 Fixes: d0751b98dfa3 ("PCI: Add dev->has_secondary_link to track downstream PCIe links") Tested-by: Blake Moore Signed-off-by: Bjorn Helgaas CC: stable@vger.kernel.org # v4.2+ drivers/pci/probe.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) commit 89e9f7bcd8744ea25fcf0ac671b8d72c10d7d790 Author: Bjorn Helgaas Date: Wed Dec 28 14:55:16 2016 -0600 x86/PCI: Ignore _CRS on Supermicro X8DTH-i/6/iF/6F Martin reported that the Supermicro X8DTH-i/6/iF/6F advertises incorrect host bridge windows via _CRS: pci_root PNP0A08:00: host bridge window [io 0xf000-0xffff] pci_root PNP0A08:01: host bridge window [io 0xf000-0xffff] Both bridges advertise the 0xf000-0xffff window, which cannot be correct. Work around this by ignoring _CRS on this system. The downside is that we may not assign resources correctly to hot-added PCI devices (if they are possible on this system). Link: https://bugzilla.kernel.org/show_bug.cgi?id=42606 Reported-by: Martin Burnicki Signed-off-by: Bjorn Helgaas CC: stable@vger.kernel.org arch/x86/pci/acpi.c | 10 ++++++++++ 1 file changed, 10 insertions(+) commit c38c39bf7cc04d688291f382469e84ec2a8548a4 Author: Cedric Izoard Date: Wed Jan 11 14:39:07 2017 +0000 mac80211: Fix headroom allocation when forwarding mesh pkt This patch fix issue introduced by my previous commit that tried to ensure enough headroom was present, and instead broke it. When forwarding mesh pkt, mac80211 may also add security header, and it must therefore be taken into account in the needed headroom. Fixes: d8da0b5d64d5 ("mac80211: Ensure enough headroom when forwarding mesh pkt") Signed-off-by: Cedric Izoard Signed-off-by: Johannes Berg net/mac80211/rx.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 24c63bbc18e25d5d8439422aa5fd2d66390b88eb Author: David Ahern Date: Tue Jan 10 15:22:25 2017 -0800 net: vrf: do not allow table id 0 Frank reported that vrf devices can be created with a table id of 0. This breaks many of the run time table id checks and should not be allowed. Detect this condition at create time and fail with EINVAL. Fixes: 193125dbd8eb ("net: Introduce VRF device driver") Reported-by: Frank Kellermann Signed-off-by: David Ahern Signed-off-by: David S. Miller drivers/net/vrf.c | 2 ++ 1 file changed, 2 insertions(+) commit a13c06525ab9ff442924e67df9393a5efa914c56 Author: Russell King Date: Tue Jan 10 23:13:45 2017 +0000 net: phy: marvell: fix Marvell 88E1512 used in SGMII mode When an Marvell 88E1512 PHY is connected to a nic in SGMII mode, the fiber page is used for the SGMII host-side connection. The PHY driver notices that SUPPORTED_FIBRE is set, so it tries reading the fiber page for the link status, and ends up reading the MAC-side status instead of the outgoing (copper) link. This leads to incorrect results reported via ethtool. If the PHY is connected via SGMII to the host, ignore the fiber page. However, continue to allow the existing power management code to suspend and resume the fiber page. Fixes: 6cfb3bcc0641 ("Marvell phy: check link status in case of fiber link.") Signed-off-by: Russell King Signed-off-by: David S. Miller drivers/net/phy/marvell.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit eb004603c857f3e3bfcda437b6c68fd258c54960 Author: Colin Ian King Date: Tue Jan 10 22:53:06 2017 +0000 sctp: Fix spelling mistake: "Atempt" -> "Attempt" Trivial fix to spelling mistake in WARN_ONCE message Signed-off-by: Colin Ian King Acked-by: Neil Horman Signed-off-by: David S. Miller net/sctp/outqueue.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 7a18c5b9fb31a999afc62b0e60978aa896fc89e9 Author: David Ahern Date: Tue Jan 10 14:37:35 2017 -0800 net: ipv4: Fix multipath selection with vrf fib_select_path does not call fib_select_multipath if oif is set in the flow struct. For VRF use cases oif is always set, so multipath route selection is bypassed. Use the FLOWI_FLAG_SKIP_NH_OIF to skip the oif check similar to what is done in fib_table_lookup. Add saddr and proto to the flow struct for the fib lookup done by the VRF driver to better match hash computation for a flow. Fixes: 613d09b30f8b ("net: Use VRF device index for lookups on TX") Signed-off-by: David Ahern Signed-off-by: David S. Miller drivers/net/vrf.c | 2 ++ net/ipv4/fib_semantics.c | 9 +++++++-- 2 files changed, 9 insertions(+), 2 deletions(-) commit 73b351473547e543e9c8166dd67fd99c64c15b0b Author: Arnd Bergmann Date: Tue Jan 10 13:08:06 2017 +0100 cgroup: move CONFIG_SOCK_CGROUP_DATA to init/Kconfig We now 'select SOCK_CGROUP_DATA' but Kconfig complains that this is not right when CONFIG_NET is disabled and there is no socket interface: warning: (CGROUP_BPF) selects SOCK_CGROUP_DATA which has unmet direct dependencies (NET) I don't know what the correct solution for this is, but simply removing the dependency on NET from SOCK_CGROUP_DATA by moving it out of the 'if NET' section avoids the warning and does not produce other build errors. Fixes: 483c4933ea09 ("cgroup: Fix CGROUP_BPF config") Signed-off-by: Arnd Bergmann Signed-off-by: David S. Miller init/Kconfig | 4 ++++ net/Kconfig | 4 ---- 2 files changed, 4 insertions(+), 4 deletions(-) commit 0bf70aebf12d8fa0d06967b72ca4b257eb6adf06 Merge: 3dda13a 562a7a0 Author: Chris Mason Date: Wed Jan 11 06:26:12 2017 -0800 Merge branch 'tracepoint-updates-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/kdave/linux into for-linus-4.10 commit 7cfd5fd5a9813f1430290d20c0fead9b4582a307 Author: Eric Dumazet Date: Tue Jan 10 19:52:43 2017 -0800 gro: use min_t() in skb_gro_reset_offset() On 32bit arches, (skb->end - skb->data) is not 'unsigned int', so we shall use min_t() instead of min() to avoid a compiler error. Fixes: 1272ce87fa01 ("gro: Enter slow-path if there is no tailroom") Reported-by: kernel test robot Signed-off-by: Eric Dumazet Signed-off-by: David S. Miller net/core/dev.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 04ff5a095d662e0879f0eb04b9247e092210aeff Author: Andy Shevchenko Date: Tue Jan 10 16:38:52 2017 +0200 pinctrl: baytrail: Rectify debounce support The commit 658b476c742f ("pinctrl: baytrail: Add debounce configuration") implements debounce for Baytrail pin control, but seems wasn't tested properly. The register which keeps debounce value is separated from the configuration one. Writing wrong values to the latter will guarantee wrong behaviour of the driver and even might break something physically. Besides above there is missed case how to disable it, which is actually done through the bit in configuration register. Rectify implementation here by using proper register for debounce value. Fixes: 658b476c742f ("pinctrl: baytrail: Add debounce configuration") Cc: Cristina Ciocan Signed-off-by: Andy Shevchenko Acked-by: Mika Westerberg Signed-off-by: Linus Walleij drivers/pinctrl/intel/pinctrl-baytrail.c | 28 +++++++++++++++++----------- 1 file changed, 17 insertions(+), 11 deletions(-) commit 17fab473693e8357a9aa6fee4fbed6c13a34bd81 Author: Andy Shevchenko Date: Mon Jan 2 14:07:22 2017 +0200 pinctrl: intel: Set pin direction properly There are two bits in the PADCFG0 register to configure direction, one per TX/RX buffers. For now we wrongly assume that the GPIO is always requested before it is being used, which is not true when the GPIO is used through irqchip. In this case the GPIO is never requested and we never enable RX buffer for it. Fix this by setting both bits accordingly. Reported-by: Jarkko Nikula Signed-off-by: Andy Shevchenko Signed-off-by: Linus Walleij drivers/pinctrl/intel/pinctrl-intel.c | 30 +++++++++++++++++++----------- 1 file changed, 19 insertions(+), 11 deletions(-) commit ecc8995363ee6231b32dad61c955b371b79cc4cf Author: Mika Westerberg Date: Tue Jan 10 17:31:56 2017 +0300 pinctrl: broxton: Use correct PADCFGLOCK offset PADCFGLOCK (and PADCFGLOCK_TX) offset in Broxton actually starts at 0x060 and not 0x090 as used in the driver. Fix it to use the correct offset. Signed-off-by: Mika Westerberg Reviewed-by: Andy Shevchenko Signed-off-by: Linus Walleij drivers/pinctrl/intel/pinctrl-broxton.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 6d6daa20945f3f598e56e18d1f926c08754f5801 Author: Prarit Bhargava Date: Thu Jan 5 10:09:25 2017 -0500 perf/x86/intel/uncore: Fix hardcoded socket 0 assumption in the Haswell init code hswep_uncore_cpu_init() uses a hardcoded physical package id 0 for the boot cpu. This works as long as the boot CPU is actually on the physical package 0, which is normaly the case after power on / reboot. But it fails with a NULL pointer dereference when a kdump kernel is started on a secondary socket which has a different physical package id because the locigal package translation for physical package 0 does not exist. Use the logical package id of the boot cpu instead of hard coded 0. [ tglx: Rewrote changelog once more ] Fixes: cf6d445f6897 ("perf/x86/uncore: Track packages, not per CPU data") Signed-off-by: Prarit Bhargava Cc: Alexander Shishkin Cc: Arnaldo Carvalho de Melo Cc: Borislav Petkov Cc: H. Peter Anvin Cc: Harish Chegondi Cc: Jiri Olsa Cc: Kan Liang Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Stephane Eranian Cc: Thomas Gleixner Cc: Vince Weaver Cc: stable@vger.kernel.org Link: http://lkml.kernel.org/r/1483628965-2890-1-git-send-email-prarit@redhat.com Signed-off-by: Ingo Molnar Signed-off-by: Thomas Gleixner arch/x86/events/intel/uncore_snbep.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 2d5a9c72d0c4ac73cf97f4b7814ed6c44b1e49ae Author: Johan Hovold Date: Fri Jan 6 19:15:18 2017 +0100 USB: serial: ch341: fix control-message error handling A short control transfer would currently fail to be detected, something which could lead to stale buffer data being used as valid input. Check for short transfers, and make sure to log any transfer errors. Note that this also avoids leaking heap data to user space (TIOCMGET) and the remote device (break control). Fixes: 6ce76104781a ("USB: Driver for CH341 USB-serial adaptor") Cc: stable Signed-off-by: Johan Hovold drivers/usb/serial/ch341.c | 32 +++++++++++++++++++++----------- 1 file changed, 21 insertions(+), 11 deletions(-) commit 69d012345a1a32d3f03957f14d972efccc106a98 Author: Huang Shijie Date: Wed Jan 11 14:02:00 2017 +0800 arm64: hugetlb: fix the wrong return value for huge_ptep_set_access_flags In current code, the @changed always returns the last one's status for the huge page with the contiguous bit set. This is really not what we want. Even one of the PTEs is changed, we should tell it to the caller. This patch fixes this issue. Fixes: 66b3923a1a0f ("arm64: hugetlb: add support for PTE contiguous bit") Cc: # 4.5.x- Signed-off-by: Huang Shijie Signed-off-by: Catalin Marinas arch/arm64/mm/hugetlbpage.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit c8a6a09c1c617402cc9254b2bc8da359a0347d75 Author: Augusto Mecking Caringi Date: Tue Jan 10 10:45:00 2017 +0000 vme: Fix wrong pointer utilization in ca91cx42_slave_get In ca91cx42_slave_get function, the value pointed by vme_base pointer is set through: *vme_base = ioread32(bridge->base + CA91CX42_VSI_BS[i]); So it must be dereferenced to be used in calculation of pci_base: *pci_base = (dma_addr_t)*vme_base + pci_offset; This bug was caught thanks to the following gcc warning: drivers/vme/bridges/vme_ca91cx42.c: In function ‘ca91cx42_slave_get’: drivers/vme/bridges/vme_ca91cx42.c:467:14: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast] *pci_base = (dma_addr_t)vme_base + pci_offset; Signed-off-by: Augusto Mecking Caringi Acked-By: Martyn Welch Cc: stable Signed-off-by: Greg Kroah-Hartman drivers/vme/bridges/vme_ca91cx42.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 24b91e360ef521a2808771633d76ebc68bd5604b Author: Frederic Weisbecker Date: Wed Jan 4 15:12:04 2017 +0100 nohz: Fix collision between tick and other hrtimers When the tick is stopped and an interrupt occurs afterward, we check on that interrupt exit if the next tick needs to be rescheduled. If it doesn't need any update, we don't want to do anything. In order to check if the tick needs an update, we compare it against the clockevent device deadline. Now that's a problem because the clockevent device is at a lower level than the tick itself if it is implemented on top of hrtimer. Every hrtimer share this clockevent device. So comparing the next tick deadline against the clockevent device deadline is wrong because the device may be programmed for another hrtimer whose deadline collides with the tick. As a result we may end up not reprogramming the tick accidentally. In a worst case scenario under full dynticks mode, the tick stops firing as it is supposed to every 1hz, leaving /proc/stat stalled: Task in a full dynticks CPU ---------------------------- * hrtimer A is queued 2 seconds ahead * the tick is stopped, scheduled 1 second ahead * tick fires 1 second later * on tick exit, nohz schedules the tick 1 second ahead but sees the clockevent device is already programmed to that deadline, fooled by hrtimer A, the tick isn't rescheduled. * hrtimer A is cancelled before its deadline * tick never fires again until an interrupt happens... In order to fix this, store the next tick deadline to the tick_sched local structure and reuse that value later to check whether we need to reprogram the clock after an interrupt. On the other hand, ts->sleep_length still wants to know about the next clock event and not just the tick, so we want to improve the related comment to avoid confusion. Reported-by: James Hartsock Signed-off-by: Frederic Weisbecker Reviewed-by: Wanpeng Li Acked-by: Peter Zijlstra Acked-by: Rik van Riel Link: http://lkml.kernel.org/r/1483539124-5693-1-git-send-email-fweisbec@gmail.com Cc: stable@vger.kernel.org Signed-off-by: Thomas Gleixner kernel/time/tick-sched.c | 9 +++++++-- kernel/time/tick-sched.h | 2 ++ 2 files changed, 9 insertions(+), 2 deletions(-) commit 3546fb0cdac25a79c89d87020566fab52b92867d Author: Lucas Stach Date: Mon Dec 12 16:15:17 2016 +0100 drm/etnaviv: trick drm_mm into giving out a low IOVA After rollover of the IOVA space, we want to get a low IOVA address, otherwise the the games we play by remembering the last IOVA are pointless. When we search for a free hole with DRM_MM_SEARCH_DEFAULT, drm_mm will pop the next entry from the free holes stack, which will likely be a high IOVA. By using DRM_MM_SEARCH_BELOW we can trick drm_mm into reversing the search and provide us with a low IOVA. Signed-off-by: Lucas Stach Reviewed-by: Wladimir van der Laan drivers/gpu/drm/etnaviv/etnaviv_mmu.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) commit 546cf3ef9c92b76ff0037c871b939e63caea98b3 Author: Randy Dunlap Date: Mon Dec 26 09:58:34 2016 -0800 auxdisplay: fix new ht16k33 build errors Fix build errors caused by selecting incorrect kconfig symbols. drivers/built-in.o:(.data+0x19cec): undefined reference to `sys_fillrect' drivers/built-in.o:(.data+0x19cf0): undefined reference to `sys_copyarea' drivers/built-in.o:(.data+0x19cf4): undefined reference to `sys_imageblit' Fixes: 31114fa95bdb (auxdisplay: ht16k33: select framebuffer helper modules) Signed-off-by: Randy Dunlap Cc: Miguel Ojeda Sandonis Reported-by: kbuild test robot Acked-by: Robin van der Gracht Signed-off-by: Greg Kroah-Hartman drivers/auxdisplay/Kconfig | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 802c03881f29844af0252b6e22be5d2f65f93fd0 Author: Akinobu Mita Date: Fri Jan 6 02:14:16 2017 +0900 sysrq: attach sysrq handler correctly for 32-bit kernel The sysrq input handler should be attached to the input device which has a left alt key. On 32-bit kernels, some input devices which has a left alt key cannot attach sysrq handler. Because the keybit bitmap in struct input_device_id for sysrq is not correctly initialized. KEY_LEFTALT is 56 which is greater than BITS_PER_LONG on 32-bit kernels. I found this problem when using a matrix keypad device which defines a KEY_LEFTALT (56) but doesn't have a KEY_O (24 == 56%32). Cc: Jiri Slaby Signed-off-by: Akinobu Mita Acked-by: Dmitry Torokhov Cc: stable Signed-off-by: Greg Kroah-Hartman drivers/tty/sysrq.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 0fa2c8eb270413160557babda519aa3c21e2bfaf Author: Colin Ian King Date: Fri Dec 2 16:23:55 2016 +0000 ppdev: don't print a free'd string A previous fix of a memory leak now prints the string 'name' that was previously free'd. Fix this by free'ing the string at the end of the function and adding an error exit path for the error conditions. CoverityScan CID#1384523 ("Use after free") Fixes: 2bd362d5f45c1 ("ppdev: fix memory leak") Signed-off-by: Colin Ian King Acked-by: Sudip Mukherjee Signed-off-by: Greg Kroah-Hartman drivers/char/ppdev.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) commit 5b11ebedd6a8bb4271b796e498cd15c0fe1133b6 Author: Pan Bian Date: Sat Dec 3 16:56:49 2016 +0800 extcon: return error code on failure Function get_zeroed_page() returns a NULL pointer if there is no enough memory. In function extcon_sync(), it returns 0 if the call to get_zeroed_page() fails. The return value 0 indicates success in the context, which is incosistent with the execution status. This patch fixes the bug by returning -ENOMEM. Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=188611 Signed-off-by: Pan Bian Fixes: a580982f0836e Cc: stable Acked-by: Chanwoo Choi Signed-off-by: Greg Kroah-Hartman drivers/extcon/extcon.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 6741f551a0b26479de2532ffa43a366747e6dbf3 Author: Herbert Xu Date: Sun Dec 11 10:05:49 2016 +0800 Revert "tty: serial: 8250: add CON_CONSDEV to flags" This commit needs to be reverted because it prevents people from using the serial console as a secondary console with input being directed to tty0. IOW, if you boot with console=ttyS0 console=tty0 then all kernels prior to this commit will produce output on both ttyS0 and tty0 but input will only be taken from tty0. With this patch the serial console will always be the primary console instead of tty0, potentially preventing people from getting into their machines in emergency situations. Fixes: d03516df8375 ("tty: serial: 8250: add CON_CONSDEV to flags") Signed-off-by: Herbert Xu Cc: stable Signed-off-by: Greg Kroah-Hartman drivers/tty/serial/8250/8250_core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 2bed8a8e70729f996af92042d3ad0f11870acc1f Author: Daniel Jedrychowski Date: Mon Dec 12 09:18:28 2016 +1100 Clearing FIFOs in RS485 emulation mode causes subsequent transmits to break When in RS485 emulation mode, __do_stop_tx_rs485() calls serial8250_clear_fifos(). This not only clears the FIFOs, but also sets all bits in their control register (UART_FCR) to 0. One of the effects of this is the disabling of the FIFOs, which turns them into single-byte holding registers. The rest of the driver doesn't know this, which results in the lions share of characters passed into a write call to be dropped. (I can supply logic analyzer screenshots if necessary) This fix replaces the serial8250_clear_fifos() call to serial8250_clear_and_reinit_fifos() - this prevents the "dropped characters" issue from manifesting again while retaining the requirement of clearing the RX FIFO after transmission if the SER_RS485_RX_DURING_TX flag is disabled. Signed-off-by: Daniel Jedrychowski Cc: stable Signed-off-by: Greg Kroah-Hartman drivers/tty/serial/8250/8250_port.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit c130b666a9a711f985a0a44b58699ebe14bb7245 Author: Gabriel Krisman Bertazi Date: Wed Dec 28 16:42:00 2016 -0200 8250_pci: Fix potential use-after-free in error path Commit f209fa03fc9d ("serial: 8250_pci: Detach low-level driver during PCI error recovery") introduces a potential use-after-free in case the pciserial_init_ports call in serial8250_io_resume fails, which may happen if a memory allocation fails or if the .init quirk failed for whatever reason). If this happen, further pci_get_drvdata will return a pointer to freed memory. This patch reworks the PCI recovery resume hook to restore the old priv structure in this case, which should be ok, since the ports were already detached. Such error during recovery causes us to give up on the recovery. Fixes: f209fa03fc9d ("serial: 8250_pci: Detach low-level driver during PCI error recovery") Reported-by: Michal Suchanek Signed-off-by: Gabriel Krisman Bertazi Signed-off-by: Guilherme G. Piccoli Signed-off-by: Greg Kroah-Hartman drivers/tty/serial/8250/8250_pci.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) commit b389f173aaa1204d6dc1f299082a162eb0491545 Author: Richard Genoud Date: Tue Dec 6 13:05:33 2016 +0100 tty/serial: atmel: RS485 half duplex w/DMA: enable RX after TX is done When using RS485 in half duplex, RX should be enabled when TX is finished, and stopped when TX starts. Before commit 0058f0871efe7b01c6 ("tty/serial: atmel: fix RS485 half duplex with DMA"), RX was not disabled in atmel_start_tx() if the DMA was used. So, collisions could happened. But disabling RX in atmel_start_tx() uncovered another bug: RX was enabled again in the wrong place (in atmel_tx_dma) instead of being enabled when TX is finished (in atmel_complete_tx_dma), so the transmission simply stopped. This bug was not triggered before commit 0058f0871efe7b01c6 ("tty/serial: atmel: fix RS485 half duplex with DMA") because RX was never disabled before. Moving atmel_start_rx() in atmel_complete_tx_dma() corrects the problem. Cc: stable@vger.kernel.org Reported-by: Gil Weber Fixes: 0058f0871efe7b01c6 Tested-by: Gil Weber Signed-off-by: Richard Genoud Acked-by: Alexandre Belloni Signed-off-by: Greg Kroah-Hartman drivers/tty/serial/atmel_serial.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) commit 89d8232411a85b9a6b12fd5da4d07d8a138a8e0c Author: Richard Genoud Date: Tue Dec 13 17:27:56 2016 +0100 tty/serial: atmel_serial: BUG: stop DMA from transmitting in stop_tx If we don't disable the transmitter in atmel_stop_tx, the DMA buffer continues to send data until it is emptied. This cause problems with the flow control (CTS is asserted and data are still sent). So, disabling the transmitter in atmel_stop_tx is a sane thing to do. Tested on at91sam9g35-cm(DMA) Tested for regressions on sama5d2-xplained(Fifo) and at91sam9g20ek(PDC) Cc: (beware, this won't apply before 4.3) Signed-off-by: Richard Genoud Acked-by: Nicolas Ferre Signed-off-by: Greg Kroah-Hartman drivers/tty/serial/atmel_serial.c | 11 +++++++++++ 1 file changed, 11 insertions(+) commit 488debb9971bc7d0edd6d8080ba78ca02a04f6c4 Author: Robin Murphy Date: Thu Jan 5 17:15:01 2017 +0000 drivers: char: mem: Fix thinkos in kmem address checks When borrowing the pfn_valid() check from mmap_kmem(), somebody managed to get physical and virtual addresses spectacularly muddled up, such that we've ended up with checks for one being the other. Whilst this does indeed prevent out-of-bounds accesses crashing, on most systems it also prevents the more desirable use-case of working at all ever. Check the *virtual* offset correctly for what it is. Furthermore, do so in the right place - a read or write may span multiple pages, so a single up-front check is insufficient. High memory accesses already have a similar validity check just before the copy_to_user() call, so just make the low memory path fully consistent with that. Reported-by: Jason A. Donenfeld CC: stable@vger.kernel.org Fixes: 148a1bc84398 ("drivers: char: mem: Check {read,write}_kmem() addresses") Signed-off-by: Robin Murphy Signed-off-by: Greg Kroah-Hartman drivers/char/mem.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) commit 7ee7f45a763bd68c3a606595a8c1bb08c3e6146b Author: Alexander Usyskin Date: Wed Jan 11 01:27:21 2017 +0200 mei: bus: enable OS version only for SPT and newer Sending OS version for support of TPM2_ChangeEPS() is required only for SPT FW (HMB version 2.0) and newer. On older platforms the command should be just ignored by the firmware but some older platforms misbehave so it's safer to send the command only if required. Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=192051 Fixes: 7279b238bade (mei: send OS type to the FW) Signed-off-by: Alexander Usyskin Signed-off-by: Tomas Winkler Tested-by: Jan Niehusmann Signed-off-by: Greg Kroah-Hartman drivers/misc/mei/bus-fixup.c | 3 +++ drivers/misc/mei/debugfs.c | 2 ++ drivers/misc/mei/hbm.c | 4 ++++ drivers/misc/mei/hw.h | 6 ++++++ drivers/misc/mei/mei_dev.h | 2 ++ 5 files changed, 17 insertions(+) commit 6c711c8691bf91d0e830ff4215b08e51c0626769 Merge: 57ea52a 5e44fca Author: David S. Miller Date: Tue Jan 10 21:34:03 2017 -0500 Merge branch 'mlx5-fixes' Saeed Mahameed says: ==================== Mellanox mlx5 fixes and cleanups 2017-01-10 This series includes some mlx5e general cleanups from Daniel, Gil, Hadar and myself. Also it includes some critical mlx5e TC offloads fixes from Or Gerlitz. For -stable: - net/mlx5e: Remove WARN_ONCE from adaptive moderation code Although this fix doesn't affect any functionality, I thought it is better to clean this -WARN_ONCE- up for -stable in case someone hits such corner case. Please apply and let me know if there's any problem. ==================== Signed-off-by: David S. Miller commit 5e44fca5047054f1762813751626b5245e0da022 Author: Daniel Jurgens Date: Tue Jan 10 22:33:39 2017 +0200 net/mlx5: Only cancel recovery work when cleaning up device Do not attempt to drain the health workqueue when unloading the device in the recovery flow, this can cause a deadlock when the recovery work tries to cancel itself with sync. Because the work is no longer unconditionally canceled when unloading, it must be explicitly canceled in the AER flow. fixes: 689a248df83b ("net/mlx5: Cancel recovery work in remove flow") Signed-off-by: Daniel Jurgens Signed-off-by: Saeed Mahameed Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/main.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit 0bbcc0a8fc394d01988fe0263ccf7fddb77a12c3 Author: Gil Rockah Date: Tue Jan 10 22:33:38 2017 +0200 net/mlx5e: Remove WARN_ONCE from adaptive moderation code When trying to do interface down or changing interface configuration under heavy traffic, some of the adaptive moderation corner cases can occur and leave a WARN_ONCE call trace in the kernel log. Those WARN_ONCE are meant for debug only, and should have been inserted only under debug. We avoid such call traces by removing those WARN_ONCE. Fixes: cb3c7fd4f839 ("net/mlx5e: Support adaptive RX coalescing") Signed-off-by: Gil Rockah Signed-off-by: Saeed Mahameed Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/en_rx_am.c | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) commit 3deef8cea3efcaeeae240bb00541de66abb9bfa0 Author: Saeed Mahameed Date: Tue Jan 10 22:33:37 2017 +0200 net/mlx5e: Un-register uplink representor on nic_disable The code before this patch registered uplink e-Switch representor on nic_enable and unregistered on nic_cleanup, the right place for this unregister is in nic_disable. Fixes: 127ea380acc9 ("net/mlx5: Add Representors registration API") Signed-off-by: Saeed Mahameed Reviewed-by: Mohamad Haj Yahia Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) commit 5e86397abe10aa4c884478a45e9a35b6a37d8d5d Author: Or Gerlitz Date: Tue Jan 10 22:33:36 2017 +0200 net/mlx5e: Properly handle FW errors while adding TC rules When the firmware returns an error (common example is an attempt to add twice the same rule which is refused by the some FWs), we are not properly derefing/cleaning few resources allocated on the way. Examples are vport vlan deref under eswitch vlan offloads, and encap entry/neighbour deref under eswitch encapsulation offloads, fix that. Fixes: a54e20b4fcae ('net/mlx5e: Add basic TC tunnel set action for SRIOV offloads') Fixes: 8b32580df1cb ('net/mlx5e: Add TC vlan action for SRIOV offloads') Signed-off-by: Or Gerlitz Reviewed-by: Roi Dayan Signed-off-by: Saeed Mahameed Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) commit a757d108dc1a053722215ee89116f8af9bba1525 Author: Hadar Hen Zion Date: Tue Jan 10 22:33:35 2017 +0200 net/mlx5e: Fix kbuild warnings for uninitialized parameters kbuild warn about parameters that may be used uninitialized, fix it. Fixes: a54e20b4fcae ('net/mlx5e: Add basic TC tunnel set action for SRIOV offloads') Signed-off-by: Hadar Hen Zion Signed-off-by: Saeed Mahameed Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 0827444d052ba5347900376dbdbf5d9065d091d4 Author: Or Gerlitz Date: Tue Jan 10 22:33:34 2017 +0200 net/mlx5e: Set inline mode requirements for matching on IP fragments For e-switch level matching on packets being an IP fragment, we need to make sure the source vport inline mode is L3, fix that. Fixes: 3f7d0eb42d59 ('net/mlx5e: Offload TC matching on packets being IP fragments') Signed-off-by: Or Gerlitz Reviewed-by: Roi Dayan Signed-off-by: Saeed Mahameed Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 4 ++++ 1 file changed, 4 insertions(+) commit 2e72eb438ce5ea9fa118edfd9a5f628c2a69111a Author: Or Gerlitz Date: Tue Jan 10 22:33:33 2017 +0200 net/mlx5e: Properly get address type of encapsulation IP headers As done elsewhere in our TC/flower offload code, the address type of the encapsulation IP headers should be realized accroding to the addr_type field of the encapsulation control dissector key, do that. Fixes: bbd00f7e2349 ('net/mlx5e: Add TC tunnel release action for SRIOV offloads') Signed-off-by: Or Gerlitz Reviewed-by: Hadar Hen Zion Signed-off-by: Saeed Mahameed Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) commit a42485eb0ee458da3a0df82b0e42ab58ce76be05 Author: Or Gerlitz Date: Tue Jan 10 22:33:32 2017 +0200 net/mlx5e: TC ipv4 tunnel encap offload error flow fixes When the route lookup fails we should return the actual error. When the neigh isn't valid, we should return -EOPNOTSUPP as done in similar cases along the code. When the offload can't take place as of invalid neigh etc, we must release the neigh. Fixes: a54e20b4fcae ('net/mlx5e: Add basic TC tunnel set action for SRIOV offloads') Signed-off-by: Or Gerlitz Reviewed-by: Hadar Hen Zion Signed-off-by: Saeed Mahameed Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) commit 2fcd82e9be133e4ec777f66fd67a8fb8e7748b1b Author: Or Gerlitz Date: Tue Jan 10 22:33:31 2017 +0200 net/mlx5e: Warn when rejecting offload attempts of IP tunnels We silently reject offloading of IPv6 tunnels, non vxlan tunnels, vxlan tunnels where the dst port to match is not provided, etc. Be a bit more verbose and print a warning so the user better realizes what went wrong here and can fix it. Fixes: a54e20b4fcae ('net/mlx5e: Add basic TC tunnel set action for SRIOV offloads') Fixes: bbd00f7e2349 ('net/mlx5e: Add TC tunnel release action for SRIOV offloads') Signed-off-by: Or Gerlitz Reviewed-by: Hadar Hen Zion Signed-off-by: Saeed Mahameed Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 30 ++++++++++++++++++++----- 1 file changed, 24 insertions(+), 6 deletions(-) commit cd3776638003b3362d9d7d1f27bcb80c276e2c28 Author: Or Gerlitz Date: Tue Jan 10 22:33:30 2017 +0200 net/mlx5e: Properly handle offloading of source udp port for IP tunnels We can offload the matching on source udp port of ip tunnels for decapsulation. We can not offload setting source udp port for tunnels as part of encapsulation. Fix both the code that deals with matching offload (decap) and the code that deal with encap offload to align with that. Fixes: a54e20b4fcae ('net/mlx5e: Add basic TC tunnel set action for SRIOV offloads') Fixes: bbd00f7e2349 ('net/mlx5e: Add TC tunnel release action for SRIOV offloads') Signed-off-by: Or Gerlitz Reviewed-by: Hadar Hen Zion Signed-off-by: Saeed Mahameed Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) commit 575b1967e10a1f3038266244d2c7a3ca6b99fed8 Author: Mike Frysinger Date: Tue Jan 10 16:58:30 2017 -0800 timerfd: export defines to userspace Since userspace is expected to call timerfd syscalls directly with these flags/ioctls, make sure we export them so they don't have to duplicate the values themselves. Link: http://lkml.kernel.org/r/20161219064052.7196-1-vapier@gentoo.org Signed-off-by: Mike Frysinger Acked-by: Thomas Gleixner Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/timerfd.h | 20 +------------------- include/uapi/linux/Kbuild | 1 + include/uapi/linux/timerfd.h | 36 ++++++++++++++++++++++++++++++++++++ 3 files changed, 38 insertions(+), 19 deletions(-) commit e5bbc8a6c992901058bc09e2ce01d16c111ff047 Author: Mike Kravetz Date: Tue Jan 10 16:58:27 2017 -0800 mm/hugetlb.c: fix reservation race when freeing surplus pages return_unused_surplus_pages() decrements the global reservation count, and frees any unused surplus pages that were backing the reservation. Commit 7848a4bf51b3 ("mm/hugetlb.c: add cond_resched_lock() in return_unused_surplus_pages()") added a call to cond_resched_lock in the loop freeing the pages. As a result, the hugetlb_lock could be dropped, and someone else could use the pages that will be freed in subsequent iterations of the loop. This could result in inconsistent global hugetlb page state, application api failures (such as mmap) failures or application crashes. When dropping the lock in return_unused_surplus_pages, make sure that the global reservation count (resv_huge_pages) remains sufficiently large to prevent someone else from claiming pages about to be freed. Analyzed by Paul Cassella. Fixes: 7848a4bf51b3 ("mm/hugetlb.c: add cond_resched_lock() in return_unused_surplus_pages()") Link: http://lkml.kernel.org/r/1483991767-6879-1-git-send-email-mike.kravetz@oracle.com Signed-off-by: Mike Kravetz Reported-by: Paul Cassella Suggested-by: Michal Hocko Cc: Masayoshi Mizuma Cc: Naoya Horiguchi Cc: Aneesh Kumar Cc: Hillf Danton Cc: [3.15+] Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/hugetlb.c | 37 ++++++++++++++++++++++++++++--------- 1 file changed, 28 insertions(+), 9 deletions(-) commit c4e490cf148e85ead0d1b1c2caaba833f1d5b29f Author: John Sperbeck Date: Tue Jan 10 16:58:24 2017 -0800 mm/slab.c: fix SLAB freelist randomization duplicate entries This patch fixes a bug in the freelist randomization code. When a high random number is used, the freelist will contain duplicate entries. It will result in different allocations sharing the same chunk. It will result in odd behaviours and crashes. It should be uncommon but it depends on the machines. We saw it happening more often on some machines (every few hours of running tests). Fixes: c7ce4f60ac19 ("mm: SLAB freelist randomization") Link: http://lkml.kernel.org/r/20170103181908.143178-1-thgarnie@google.com Signed-off-by: John Sperbeck Signed-off-by: Thomas Garnier Cc: Christoph Lameter Cc: Pekka Enberg Cc: David Rientjes Cc: Joonsoo Kim Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/slab.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit b09ab054b69b07077bd3292f67e777861ac796e5 Author: Minchan Kim Date: Tue Jan 10 16:58:21 2017 -0800 zram: support BDI_CAP_STABLE_WRITES zram has used per-cpu stream feature from v4.7. It aims for increasing cache hit ratio of scratch buffer for compressing. Downside of that approach is that zram should ask memory space for compressed page in per-cpu context which requires stricted gfp flag which could be failed. If so, it retries to allocate memory space out of per-cpu context so it could get memory this time and compress the data again, copies it to the memory space. In this scenario, zram assumes the data should never be changed but it is not true without stable page support. So, If the data is changed under us, zram can make buffer overrun so that zsmalloc free object chain is broken so system goes crash like below https://bugzilla.suse.com/show_bug.cgi?id=997574 This patch adds BDI_CAP_STABLE_WRITES to zram for declaring "I am block device needing *stable write*". Fixes: da9556a2367c ("zram: user per-cpu compression streams") Link: http://lkml.kernel.org/r/1482366980-3782-4-git-send-email-minchan@kernel.org Signed-off-by: Minchan Kim Reviewed-by: Sergey Senozhatsky Cc: Takashi Iwai Cc: Hyeoncheol Lee Cc: Cc: Sangseok Lee Cc: Hugh Dickins Cc: Darrick J. Wong Cc: [4.7+] Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds drivers/block/zram/zram_drv.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) commit e7ccfc4ccb703e0f033bd4617580039898e912dd Author: Minchan Kim Date: Tue Jan 10 16:58:18 2017 -0800 zram: revalidate disk under init_lock Commit b4c5c60920e3 ("zram: avoid lockdep splat by revalidate_disk") moved revalidate_disk call out of init_lock to avoid lockdep false-positive splat. However, commit 08eee69fcf6b ("zram: remove init_lock in zram_make_request") removed init_lock in IO path so there is no worry about lockdep splat. So, let's restore it. This patch is needed to set BDI_CAP_STABLE_WRITES atomically in next patch. Fixes: da9556a2367c ("zram: user per-cpu compression streams") Link: http://lkml.kernel.org/r/1482366980-3782-3-git-send-email-minchan@kernel.org Signed-off-by: Minchan Kim Reviewed-by: Sergey Senozhatsky Cc: Takashi Iwai Cc: Hyeoncheol Lee Cc: Cc: Sangseok Lee Cc: Hugh Dickins Cc: Darrick J. Wong Cc: [4.7+] Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds drivers/block/zram/zram_drv.c | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) commit f05714293a591038304ddae7cb0dd747bb3786cc Author: Minchan Kim Date: Tue Jan 10 16:58:15 2017 -0800 mm: support anonymous stable page During developemnt for zram-swap asynchronous writeback, I found strange corruption of compressed page, resulting in: Modules linked in: zram(E) CPU: 3 PID: 1520 Comm: zramd-1 Tainted: G E 4.8.0-mm1-00320-ge0d4894c9c38-dirty #3274 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014 task: ffff88007620b840 task.stack: ffff880078090000 RIP: set_freeobj.part.43+0x1c/0x1f RSP: 0018:ffff880078093ca8 EFLAGS: 00010246 RAX: 0000000000000018 RBX: ffff880076798d88 RCX: ffffffff81c408c8 RDX: 0000000000000018 RSI: 0000000000000000 RDI: 0000000000000246 RBP: ffff880078093cb0 R08: 0000000000000000 R09: 0000000000000000 R10: ffff88005bc43030 R11: 0000000000001df3 R12: ffff880076798d88 R13: 000000000005bc43 R14: ffff88007819d1b8 R15: 0000000000000001 FS: 0000000000000000(0000) GS:ffff88007e380000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fc934048f20 CR3: 0000000077b01000 CR4: 00000000000406e0 Call Trace: obj_malloc+0x22b/0x260 zs_malloc+0x1e4/0x580 zram_bvec_rw+0x4cd/0x830 [zram] page_requests_rw+0x9c/0x130 [zram] zram_thread+0xe6/0x173 [zram] kthread+0xca/0xe0 ret_from_fork+0x25/0x30 With investigation, it reveals currently stable page doesn't support anonymous page. IOW, reuse_swap_page can reuse the page without waiting writeback completion so it can overwrite page zram is compressing. Unfortunately, zram has used per-cpu stream feature from v4.7. It aims for increasing cache hit ratio of scratch buffer for compressing. Downside of that approach is that zram should ask memory space for compressed page in per-cpu context which requires stricted gfp flag which could be failed. If so, it retries to allocate memory space out of per-cpu context so it could get memory this time and compress the data again, copies it to the memory space. In this scenario, zram assumes the data should never be changed but it is not true unless stable page supports. So, If the data is changed under us, zram can make buffer overrun because second compression size could be bigger than one we got in previous trial and blindly, copy bigger size object to smaller buffer which is buffer overrun. The overrun breaks zsmalloc free object chaining so system goes crash like above. I think below is same problem. https://bugzilla.suse.com/show_bug.cgi?id=997574 Unfortunately, reuse_swap_page should be atomic so that we cannot wait on writeback in there so the approach in this patch is simply return false if we found it needs stable page. Although it increases memory footprint temporarily, it happens rarely and it should be reclaimed easily althoug it happened. Also, It would be better than waiting of IO completion, which is critial path for application latency. Fixes: da9556a2367c ("zram: user per-cpu compression streams") Link: http://lkml.kernel.org/r/20161120233015.GA14113@bbox Link: http://lkml.kernel.org/r/1482366980-3782-2-git-send-email-minchan@kernel.org Signed-off-by: Minchan Kim Acked-by: Hugh Dickins Cc: Sergey Senozhatsky Cc: Darrick J. Wong Cc: Takashi Iwai Cc: Hyeoncheol Lee Cc: Cc: Sangseok Lee Cc: [4.7+] Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/swap.h | 3 ++- mm/swapfile.c | 20 +++++++++++++++++++- 2 files changed, 21 insertions(+), 2 deletions(-) commit 4d09d0f45dd5d78b3a301c238272211d1ea7d9e6 Author: Alexander Duyck Date: Tue Jan 10 16:58:12 2017 -0800 mm: add documentation for page fragment APIs This is a first pass at trying to add documentation for the page_frag APIs. They may still change over time but for now I thought I would try to get these documented so that as more network drivers and stack calls make use of them we have one central spot to document how they are meant to be used. Link: http://lkml.kernel.org/r/20170104024157.13451.6758.stgit@localhost.localdomain Signed-off-by: Alexander Duyck Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Documentation/vm/page_frags | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) commit 2976db8018532b624c4123ae662fbc0814877abf Author: Alexander Duyck Date: Tue Jan 10 16:58:09 2017 -0800 mm: rename __page_frag functions to __page_frag_cache, drop order from drain This patch does two things. First it goes through and renames the __page_frag prefixed functions to __page_frag_cache so that we can be clear that we are draining or refilling the cache, not the frags themselves. Second we drop the order parameter from __page_frag_cache_drain since we don't actually need to pass it since all fragments are either order 0 or must be a compound page. Link: http://lkml.kernel.org/r/20170104023954.13451.5678.stgit@localhost.localdomain Signed-off-by: Alexander Duyck Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds drivers/net/ethernet/intel/igb/igb_main.c | 6 +++--- include/linux/gfp.h | 3 +-- mm/page_alloc.c | 13 +++++++------ 3 files changed, 11 insertions(+), 11 deletions(-) commit 8c2dd3e4a4bae78093c4a5cee6494877651be3c9 Author: Alexander Duyck Date: Tue Jan 10 16:58:06 2017 -0800 mm: rename __alloc_page_frag to page_frag_alloc and __free_page_frag to page_frag_free Patch series "Page fragment updates", v4. This patch series takes care of a few cleanups for the page fragments API. First we do some renames so that things are much more consistent. First we move the page_frag_ portion of the name to the front of the functions names. Secondly we split out the cache specific functions from the other page fragment functions by adding the word "cache" to the name. Finally I added a bit of documentation that will hopefully help to explain some of this. I plan to revisit this later as we get things more ironed out in the near future with the changes planned for the DMA setup to support eXpress Data Path. This patch (of 3): This patch renames the page frag functions to be more consistent with other APIs. Specifically we place the name page_frag first in the name and then have either an alloc or free call name that we append as the suffix. This makes it a bit clearer in terms of naming. In addition we drop the leading double underscores since we are technically no longer a backing interface and instead the front end that is called from the networking APIs. Link: http://lkml.kernel.org/r/20170104023854.13451.67390.stgit@localhost.localdomain Signed-off-by: Alexander Duyck Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/gfp.h | 6 +++--- include/linux/skbuff.h | 2 +- mm/page_alloc.c | 10 +++++----- net/core/skbuff.c | 8 ++++---- 4 files changed, 13 insertions(+), 13 deletions(-) commit b4536f0c829c8586544c94735c343f9b5070bd01 Author: Michal Hocko Date: Tue Jan 10 16:58:04 2017 -0800 mm, memcg: fix the active list aging for lowmem requests when memcg is enabled Nils Holland and Klaus Ethgen have reported unexpected OOM killer invocations with 32b kernel starting with 4.8 kernels kworker/u4:5 invoked oom-killer: gfp_mask=0x2400840(GFP_NOFS|__GFP_NOFAIL), nodemask=0, order=0, oom_score_adj=0 kworker/u4:5 cpuset=/ mems_allowed=0 CPU: 1 PID: 2603 Comm: kworker/u4:5 Not tainted 4.9.0-gentoo #2 [...] Mem-Info: active_anon:58685 inactive_anon:90 isolated_anon:0 active_file:274324 inactive_file:281962 isolated_file:0 unevictable:0 dirty:649 writeback:0 unstable:0 slab_reclaimable:40662 slab_unreclaimable:17754 mapped:7382 shmem:202 pagetables:351 bounce:0 free:206736 free_pcp:332 free_cma:0 Node 0 active_anon:234740kB inactive_anon:360kB active_file:1097296kB inactive_file:1127848kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:29528kB dirty:2596kB writeback:0kB shmem:0kB shmem_thp: 0kB shmem_pmdmapped: 184320kB anon_thp: 808kB writeback_tmp:0kB unstable:0kB pages_scanned:0 all_unreclaimable? no DMA free:3952kB min:788kB low:984kB high:1180kB active_anon:0kB inactive_anon:0kB active_file:7316kB inactive_file:0kB unevictable:0kB writepending:96kB present:15992kB managed:15916kB mlocked:0kB slab_reclaimable:3200kB slab_unreclaimable:1408kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 813 3474 3474 Normal free:41332kB min:41368kB low:51708kB high:62048kB active_anon:0kB inactive_anon:0kB active_file:532748kB inactive_file:44kB unevictable:0kB writepending:24kB present:897016kB managed:836248kB mlocked:0kB slab_reclaimable:159448kB slab_unreclaimable:69608kB kernel_stack:1112kB pagetables:1404kB bounce:0kB free_pcp:528kB local_pcp:340kB free_cma:0kB lowmem_reserve[]: 0 0 21292 21292 HighMem free:781660kB min:512kB low:34356kB high:68200kB active_anon:234740kB inactive_anon:360kB active_file:557232kB inactive_file:1127804kB unevictable:0kB writepending:2592kB present:2725384kB managed:2725384kB mlocked:0kB slab_reclaimable:0kB slab_unreclaimable:0kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:800kB local_pcp:608kB free_cma:0kB the oom killer is clearly pre-mature because there there is still a lot of page cache in the zone Normal which should satisfy this lowmem request. Further debugging has shown that the reclaim cannot make any forward progress because the page cache is hidden in the active list which doesn't get rotated because inactive_list_is_low is not memcg aware. The code simply subtracts per-zone highmem counters from the respective memcg's lru sizes which doesn't make any sense. We can simply end up always seeing the resulting active and inactive counts 0 and return false. This issue is not limited to 32b kernels but in practice the effect on systems without CONFIG_HIGHMEM would be much harder to notice because we do not invoke the OOM killer for allocations requests targeting < ZONE_NORMAL. Fix the issue by tracking per zone lru page counts in mem_cgroup_per_node and subtract per-memcg highmem counts when memcg is enabled. Introduce helper lruvec_zone_lru_size which redirects to either zone counters or mem_cgroup_get_zone_lru_size when appropriate. We are losing empty LRU but non-zero lru size detection introduced by ca707239e8a7 ("mm: update_lru_size warn and reset bad lru_size") because of the inherent zone vs. node discrepancy. Fixes: f8d1a31163fc ("mm: consider whether to decivate based on eligible zones inactive ratio") Link: http://lkml.kernel.org/r/20170104100825.3729-1-mhocko@kernel.org Signed-off-by: Michal Hocko Reported-by: Nils Holland Tested-by: Nils Holland Reported-by: Klaus Ethgen Acked-by: Minchan Kim Acked-by: Mel Gorman Acked-by: Johannes Weiner Reviewed-by: Vladimir Davydov Cc: [4.8+] Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/memcontrol.h | 26 +++++++++++++++++++++++--- include/linux/mm_inline.h | 2 +- mm/memcontrol.c | 18 ++++++++---------- mm/vmscan.c | 27 +++++++++++++++++---------- 4 files changed, 49 insertions(+), 24 deletions(-) commit f073bdc51771f5a5c7a8d1191bfc3ae371d44de7 Author: Ard Biesheuvel Date: Tue Jan 10 16:58:00 2017 -0800 mm: don't dereference struct page fields of invalid pages The VM_BUG_ON() check in move_freepages() checks whether the node id of a page matches the node id of its zone. However, it does this before having checked whether the struct page pointer refers to a valid struct page to begin with. This is guaranteed in most cases, but may not be the case if CONFIG_HOLES_IN_ZONE=y. So reorder the VM_BUG_ON() with the pfn_valid_within() check. Link: http://lkml.kernel.org/r/1481706707-6211-2-git-send-email-ard.biesheuvel@linaro.org Signed-off-by: Ard Biesheuvel Acked-by: Will Deacon Cc: Catalin Marinas Cc: Hanjun Guo Cc: Yisheng Xie Cc: Robert Richter Cc: James Morse Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/page_alloc.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 9ebf73b275f06b114586af27cda3fd72e149d5ba Author: Stephen Boyd Date: Tue Jan 10 16:57:57 2017 -0800 mailmap: add codeaurora.org names for nameless email commits Some codeaurora.org emails have crept in but the names don't exist for them. Add the names for the emails so git can match everyone up. Link: http://lkml.kernel.org/r/20170104194611.25933-1-sboyd@codeaurora.org Signed-off-by: Stephen Boyd Cc: Sarangdhar Joshi Cc: Subash Abhinov Kasiviswanathan Cc: Subhash Jadavani Cc: Thomas Pedersen Cc: Andy Gross Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds .mailmap | 4 ++++ 1 file changed, 4 insertions(+) commit 2d39b3cd34e6d323720d4c61bd714f5ae202c022 Author: Jamie Iles Date: Tue Jan 10 16:57:54 2017 -0800 signal: protect SIGNAL_UNKILLABLE from unintentional clearing. Since commit 00cd5c37afd5 ("ptrace: permit ptracing of /sbin/init") we can now trace init processes. init is initially protected with SIGNAL_UNKILLABLE which will prevent fatal signals such as SIGSTOP, but there are a number of paths during tracing where SIGNAL_UNKILLABLE can be implicitly cleared. This can result in init becoming stoppable/killable after tracing. For example, running: while true; do kill -STOP 1; done & strace -p 1 and then stopping strace and the kill loop will result in init being left in state TASK_STOPPED. Sending SIGCONT to init will resume it, but init will now respond to future SIGSTOP signals rather than ignoring them. Make sure that when setting SIGNAL_STOP_CONTINUED/SIGNAL_STOP_STOPPED that we don't clear SIGNAL_UNKILLABLE. Link: http://lkml.kernel.org/r/20170104122017.25047-1-jamie.iles@oracle.com Signed-off-by: Jamie Iles Acked-by: Oleg Nesterov Cc: Alexander Viro Cc: Ingo Molnar Cc: Peter Zijlstra Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/sched.h | 10 ++++++++++ kernel/signal.c | 4 ++-- 2 files changed, 12 insertions(+), 2 deletions(-) commit 20f664aabeb88d582b623a625f83b0454fa34f07 Author: Minchan Kim Date: Tue Jan 10 16:57:51 2017 -0800 mm: pmd dirty emulation in page fault handler Andreas reported [1] made a test in jemalloc hang in THP mode in arm64: http://lkml.kernel.org/r/mvmmvfy37g1.fsf@hawking.suse.de The problem is currently page fault handler doesn't supports dirty bit emulation of pmd for non-HW dirty-bit architecture so that application stucks until VM marked the pmd dirty. How the emulation work depends on the architecture. In case of arm64, when it set up pte firstly, it sets pte PTE_RDONLY to get a chance to mark the pte dirty via triggering page fault when store access happens. Once the page fault occurs, VM marks the pmd dirty and arch code for setting pmd will clear PTE_RDONLY for application to proceed. IOW, if VM doesn't mark the pmd dirty, application hangs forever by repeated fault(i.e., store op but the pmd is PTE_RDONLY). This patch enables pmd dirty-bit emulation for those architectures. [1] b8d3c4c3009d, mm/huge_memory.c: don't split THP page when MADV_FREE syscall is called Fixes: b8d3c4c3009d ("mm/huge_memory.c: don't split THP page when MADV_FREE syscall is called") Link: http://lkml.kernel.org/r/1482506098-6149-1-git-send-email-minchan@kernel.org Signed-off-by: Minchan Kim Reported-by: Andreas Schwab Tested-by: Andreas Schwab Acked-by: Kirill A. Shutemov Acked-by: Michal Hocko Cc: Jason Evans Cc: Will Deacon Cc: Catalin Marinas Cc: [4.5+] Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/huge_memory.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit c626bc46edb0fec289adfc86b02e07d34127ef6c Author: Manfred Spraul Date: Tue Jan 10 16:57:48 2017 -0800 ipc/sem.c: fix incorrect sem_lock pairing Based on the syzcaller test case from dvyukov: https://gist.githubusercontent.com/dvyukov/d0e5efefe4d7d6daed829f5c3ca26a40/raw/08d0a261fe3c987bed04fbf267e08ba04bd533ea/gistfile1.txt The slow (i.e.: failure to acquire) syscall exit from semtimedop() incorrectly assumed that the the same lock is acquired as it was at the initial syscall entry. This is wrong: - thread A: single semop semop(), sleeps - thread B: multi semop semop(), sleeps - thread A: woken up by signal/timeout With this sequence, the initial sem_lock() call locks the per-semaphore spinlock, and it is unlocked with sem_unlock(). The call at the syscall return locks the global spinlock. Because locknum is not updated, the following sem_unlock() call unlocks the per-semaphore spinlock, which is actually not locked. The fix is trivial: Use the return value from sem_lock. Fixes: 370b262c896e ("ipc/sem: avoid idr tree lookup for interrupted semop") Link: http://lkml.kernel.org/r/1482215645-22328-1-git-send-email-manfred@colorfullife.com Signed-off-by: Manfred Spraul Reported-by: Dmitry Vyukov Reported-by: Johanna Abrahamsson Tested-by: Johanna Abrahamsson Acked-by: Davidlohr Bueso Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds ipc/sem.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit da0510c47519fe0999cffe316e1d370e29f952be Author: Sudip Mukherjee Date: Tue Jan 10 16:57:45 2017 -0800 lib/Kconfig.debug: fix frv build failure The build of frv allmodconfig was failing with the errors like: /tmp/cc0JSPc3.s: Assembler messages: /tmp/cc0JSPc3.s:1839: Error: symbol `.LSLT0' is already defined /tmp/cc0JSPc3.s:1842: Error: symbol `.LASLTP0' is already defined /tmp/cc0JSPc3.s:1969: Error: symbol `.LELTP0' is already defined /tmp/cc0JSPc3.s:1970: Error: symbol `.LELT0' is already defined Commit 866ced950bcd ("kbuild: Support split debug info v4") introduced splitting the debug info and keeping that in a separate file. Somehow, the frv-linux gcc did not like that and I am guessing that instead of splitting it started copying. The first report about this is at: https://lists.01.org/pipermail/kbuild-all/2015-July/010527.html. I will try and see if this can work with frv and if still fails I will open a bug report with gcc. But meanwhile this is the easiest option to solve build failure of frv. Fixes: 866ced950bcd ("kbuild: Support split debug info v4") Link: http://lkml.kernel.org/r/1482062348-5352-1-git-send-email-sudipm.mukherjee@gmail.com Signed-off-by: Sudip Mukherjee Reported-by: Fengguang Wu Cc: Andi Kleen Cc: David Howells Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds lib/Kconfig.debug | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 41b6167e8f746b475668f1da78599fc4284f18db Author: Michal Hocko Date: Tue Jan 10 16:57:42 2017 -0800 mm: get rid of __GFP_OTHER_NODE The flag was introduced by commit 78afd5612deb ("mm: add __GFP_OTHER_NODE flag") to allow proper accounting of remote node allocations done by kernel daemons on behalf of a process - e.g. khugepaged. After "mm: fix remote numa hits statistics" we do not need and actually use the flag so we can safely remove it because all allocations which are satisfied from their "home" node are accounted properly. [mhocko@suse.com: fix build] Link: http://lkml.kernel.org/r/20170106122225.GK5556@dhcp22.suse.cz Link: http://lkml.kernel.org/r/20170102153057.9451-3-mhocko@kernel.org Signed-off-by: Michal Hocko Acked-by: Mel Gorman Acked-by: Vlastimil Babka Cc: Michal Hocko Cc: Johannes Weiner Cc: Joonsoo Kim Cc: Taku Izumi Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/gfp.h | 13 +++---------- include/trace/events/mmflags.h | 3 +-- mm/huge_memory.c | 3 +-- mm/khugepaged.c | 5 ++--- mm/page_alloc.c | 5 ++--- tools/perf/builtin-kmem.c | 1 - 6 files changed, 9 insertions(+), 21 deletions(-) commit 2df26639e708a88dcc22171949da638a9998f3bc Author: Michal Hocko Date: Tue Jan 10 16:57:39 2017 -0800 mm: fix remote numa hits statistics Jia He has noticed that commit b9f00e147f27 ("mm, page_alloc: reduce branches in zone_statistics") has an unintentional side effect that remote node allocation requests are accounted as NUMA_MISS rathat than NUMA_HIT and NUMA_OTHER if such a request doesn't use __GFP_OTHER_NODE. There are many of these potentially because the flag is used very rarely while we have many users of __alloc_pages_node. Fix this by simply ignoring __GFP_OTHER_NODE (it can be removed in a follow up patch) and treat all allocations that were satisfied from the preferred zone's node as NUMA_HITS because this is the same node we requested the allocation from in most cases. If this is not the local node then we just account it as NUMA_OTHER rather than NUMA_LOCAL. One downsize would be that an allocation request for a node which is outside of the mempolicy nodemask would be reported as a hit which is a bit weird but that was the case before b9f00e147f27 already. Fixes: b9f00e147f27 ("mm, page_alloc: reduce branches in zone_statistics") Link: http://lkml.kernel.org/r/20170102153057.9451-2-mhocko@kernel.org Signed-off-by: Michal Hocko Reported-by: Jia He Reviewed-by: Vlastimil Babka # with cbmc[1] superpowers Acked-by: Mel Gorman Cc: Johannes Weiner Cc: Joonsoo Kim Cc: Taku Izumi Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/page_alloc.c | 15 ++++----------- 1 file changed, 4 insertions(+), 11 deletions(-) commit f931ab479dd24cf7a2c6e2df19778406892591fb Author: Dan Williams Date: Tue Jan 10 16:57:36 2017 -0800 mm: fix devm_memremap_pages crash, use mem_hotplug_{begin, done} Both arch_add_memory() and arch_remove_memory() expect a single threaded context. For example, arch/x86/mm/init_64.c::kernel_physical_mapping_init() does not hold any locks over this check and branch: if (pgd_val(*pgd)) { pud = (pud_t *)pgd_page_vaddr(*pgd); paddr_last = phys_pud_init(pud, __pa(vaddr), __pa(vaddr_end), page_size_mask); continue; } pud = alloc_low_page(); paddr_last = phys_pud_init(pud, __pa(vaddr), __pa(vaddr_end), page_size_mask); The result is that two threads calling devm_memremap_pages() simultaneously can end up colliding on pgd initialization. This leads to crash signatures like the following where the loser of the race initializes the wrong pgd entry: BUG: unable to handle kernel paging request at ffff888ebfff0000 IP: memcpy_erms+0x6/0x10 PGD 2f8e8fc067 PUD 0 /* <---- Invalid PUD */ Oops: 0000 [#1] SMP DEBUG_PAGEALLOC CPU: 54 PID: 3818 Comm: systemd-udevd Not tainted 4.6.7+ #13 task: ffff882fac290040 ti: ffff882f887a4000 task.ti: ffff882f887a4000 RIP: memcpy_erms+0x6/0x10 [..] Call Trace: ? pmem_do_bvec+0x205/0x370 [nd_pmem] ? blk_queue_enter+0x3a/0x280 pmem_rw_page+0x38/0x80 [nd_pmem] bdev_read_page+0x84/0xb0 Hold the standard memory hotplug mutex over calls to arch_{add,remove}_memory(). Fixes: 41e94a851304 ("add devm_memremap_pages") Link: http://lkml.kernel.org/r/148357647831.9498.12606007370121652979.stgit@dwillia2-desk3.amr.corp.intel.com Signed-off-by: Dan Williams Cc: Christoph Hellwig Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds kernel/memremap.c | 4 ++++ 1 file changed, 4 insertions(+) commit e7ee2c089e94067d68475990bdeed211c8852917 Author: Eric Ren Date: Tue Jan 10 16:57:33 2017 -0800 ocfs2: fix crash caused by stale lvb with fsdlm plugin The crash happens rather often when we reset some cluster nodes while nodes contend fiercely to do truncate and append. The crash backtrace is below: dlm: C21CBDA5E0774F4BA5A9D4F317717495: dlm_recover_grant 1 locks on 971 resources dlm: C21CBDA5E0774F4BA5A9D4F317717495: dlm_recover 9 generation 5 done: 4 ms ocfs2: Begin replay journal (node 318952601, slot 2) on device (253,18) ocfs2: End replay journal (node 318952601, slot 2) on device (253,18) ocfs2: Beginning quota recovery on device (253,18) for slot 2 ocfs2: Finishing quota recovery on device (253,18) for slot 2 (truncate,30154,1):ocfs2_truncate_file:470 ERROR: bug expression: le64_to_cpu(fe->i_size) != i_size_read(inode) (truncate,30154,1):ocfs2_truncate_file:470 ERROR: Inode 290321, inode i_size = 732 != di i_size = 937, i_flags = 0x1 ------------[ cut here ]------------ kernel BUG at /usr/src/linux/fs/ocfs2/file.c:470! invalid opcode: 0000 [#1] SMP Modules linked in: ocfs2_stack_user(OEN) ocfs2(OEN) ocfs2_nodemanager ocfs2_stackglue(OEN) quota_tree dlm(OEN) configfs fuse sd_mod iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi af_packet iscsi_ibft iscsi_boot_sysfs softdog xfs libcrc32c ppdev parport_pc pcspkr parport joydev virtio_balloon virtio_net i2c_piix4 acpi_cpufreq button processor ext4 crc16 jbd2 mbcache ata_generic cirrus virtio_blk ata_piix drm_kms_helper ahci syscopyarea libahci sysfillrect sysimgblt fb_sys_fops ttm floppy libata drm virtio_pci virtio_ring uhci_hcd virtio ehci_hcd usbcore serio_raw usb_common sg dm_multipath dm_mod scsi_dh_rdac scsi_dh_emc scsi_dh_alua scsi_mod autofs4 Supported: No, Unsupported modules are loaded CPU: 1 PID: 30154 Comm: truncate Tainted: G OE N 4.4.21-69-default #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.8.1-0-g4adadbd-20151112_172657-sheep25 04/01/2014 task: ffff88004ff6d240 ti: ffff880074e68000 task.ti: ffff880074e68000 RIP: 0010:[] [] ocfs2_truncate_file+0x640/0x6c0 [ocfs2] RSP: 0018:ffff880074e6bd50 EFLAGS: 00010282 RAX: 0000000000000074 RBX: 000000000000029e RCX: 0000000000000000 RDX: 0000000000000001 RSI: 0000000000000246 RDI: 0000000000000246 RBP: ffff880074e6bda8 R08: 000000003675dc7a R09: ffffffff82013414 R10: 0000000000034c50 R11: 0000000000000000 R12: ffff88003aab3448 R13: 00000000000002dc R14: 0000000000046e11 R15: 0000000000000020 FS: 00007f839f965700(0000) GS:ffff88007fc80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b CR2: 00007f839f97e000 CR3: 0000000036723000 CR4: 00000000000006e0 Call Trace: ocfs2_setattr+0x698/0xa90 [ocfs2] notify_change+0x1ae/0x380 do_truncate+0x5e/0x90 do_sys_ftruncate.constprop.11+0x108/0x160 entry_SYSCALL_64_fastpath+0x12/0x6d Code: 24 28 ba d6 01 00 00 48 c7 c6 30 43 62 a0 8b 41 2c 89 44 24 08 48 8b 41 20 48 c7 c1 78 a3 62 a0 48 89 04 24 31 c0 e8 a0 97 f9 ff <0f> 0b 3d 00 fe ff ff 0f 84 ab fd ff ff 83 f8 fc 0f 84 a2 fd ff RIP [] ocfs2_truncate_file+0x640/0x6c0 [ocfs2] It's because ocfs2_inode_lock() get us stale LVB in which the i_size is not equal to the disk i_size. We mistakenly trust the LVB because the underlaying fsdlm dlm_lock() doesn't set lkb_sbflags with DLM_SBF_VALNOTVALID properly for us. But, why? The current code tries to downconvert lock without DLM_LKF_VALBLK flag to tell o2cb don't update RSB's LVB if it's a PR->NULL conversion, even if the lock resource type needs LVB. This is not the right way for fsdlm. The fsdlm plugin behaves different on DLM_LKF_VALBLK, it depends on DLM_LKF_VALBLK to decide if we care about the LVB in the LKB. If DLM_LKF_VALBLK is not set, fsdlm will skip recovering RSB's LVB from this lkb and set the right DLM_SBF_VALNOTVALID appropriately when node failure happens. The following diagram briefly illustrates how this crash happens: RSB1 is inode metadata lock resource with LOCK_TYPE_USES_LVB; The 1st round: Node1 Node2 RSB1: PR RSB1(master): NULL->EX ocfs2_downconvert_lock(PR->NULL, set_lvb==0) ocfs2_dlm_lock(no DLM_LKF_VALBLK) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - dlm_lock(no DLM_LKF_VALBLK) convert_lock(overwrite lkb->lkb_exflags with no DLM_LKF_VALBLK) RSB1: NULL RSB1: EX reset Node2 dlm_recover_rsbs() recover_lvb() /* The LVB is not trustable if the node with EX fails and * no lock >= PR is left. We should set RSB_VALNOTVALID for RSB1. */ if(!(kb_exflags & DLM_LKF_VALBLK)) /* This means we miss the chance to return; * to invalid the LVB here. */ The 2nd round: Node 1 Node2 RSB1(become master from recovery) ocfs2_setattr() ocfs2_inode_lock(NULL->EX) /* dlm_lock() return the stale lvb without setting DLM_SBF_VALNOTVALID */ ocfs2_meta_lvb_is_trustable() return 1 /* so we don't refresh inode from disk */ ocfs2_truncate_file() mlog_bug_on_msg(disk isize != i_size_read(inode)) /* crash! */ The fix is quite straightforward. We keep to set DLM_LKF_VALBLK flag for dlm_lock() if the lock resource type needs LVB and the fsdlm plugin is uesed. Link: http://lkml.kernel.org/r/1481275846-6604-1-git-send-email-zren@suse.com Signed-off-by: Eric Ren Reviewed-by: Joseph Qi Cc: Mark Fasheh Cc: Joel Becker Cc: Junxiao Bi Cc: Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/ocfs2/dlmglue.c | 10 ++++++++++ fs/ocfs2/stackglue.c | 6 ++++++ fs/ocfs2/stackglue.h | 3 +++ 3 files changed, 19 insertions(+) commit 7984c27c2c5cd3298de8afdba3e1bd46f884e934 Author: Michal Hocko Date: Tue Jan 10 16:57:30 2017 -0800 bpf: do not use KMALLOC_SHIFT_MAX Commit 01b3f52157ff ("bpf: fix allocation warnings in bpf maps and integer overflow") has added checks for the maximum allocateable size. It (ab)used KMALLOC_SHIFT_MAX for that purpose. While this is not incorrect it is not very clean because we already have KMALLOC_MAX_SIZE for this very reason so let's change both checks to use KMALLOC_MAX_SIZE instead. The original motivation for using KMALLOC_SHIFT_MAX was to work around an incorrect KMALLOC_MAX_SIZE which could lead to allocation warnings but it is no longer needed since "slab: make sure that KMALLOC_MAX_SIZE will fit into MAX_ORDER". Link: http://lkml.kernel.org/r/20161220130659.16461-3-mhocko@kernel.org Signed-off-by: Michal Hocko Acked-by: Christoph Lameter Cc: Alexei Starovoitov Cc: Andrey Konovalov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds kernel/bpf/arraymap.c | 2 +- kernel/bpf/hashtab.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) commit bb1107f7c6052c863692a41f78c000db792334bf Author: Michal Hocko Date: Tue Jan 10 16:57:27 2017 -0800 mm, slab: make sure that KMALLOC_MAX_SIZE will fit into MAX_ORDER Andrey Konovalov has reported the following warning triggered by the syzkaller fuzzer. WARNING: CPU: 1 PID: 9935 at mm/page_alloc.c:3511 __alloc_pages_nodemask+0x159c/0x1e20 Kernel panic - not syncing: panic_on_warn set ... CPU: 1 PID: 9935 Comm: syz-executor0 Not tainted 4.9.0-rc7+ #34 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 Call Trace: __alloc_pages_slowpath mm/page_alloc.c:3511 __alloc_pages_nodemask+0x159c/0x1e20 mm/page_alloc.c:3781 alloc_pages_current+0x1c7/0x6b0 mm/mempolicy.c:2072 alloc_pages include/linux/gfp.h:469 kmalloc_order+0x1f/0x70 mm/slab_common.c:1015 kmalloc_order_trace+0x1f/0x160 mm/slab_common.c:1026 kmalloc_large include/linux/slab.h:422 __kmalloc+0x210/0x2d0 mm/slub.c:3723 kmalloc include/linux/slab.h:495 ep_write_iter+0x167/0xb50 drivers/usb/gadget/legacy/inode.c:664 new_sync_write fs/read_write.c:499 __vfs_write+0x483/0x760 fs/read_write.c:512 vfs_write+0x170/0x4e0 fs/read_write.c:560 SYSC_write fs/read_write.c:607 SyS_write+0xfb/0x230 fs/read_write.c:599 entry_SYSCALL_64_fastpath+0x1f/0xc2 The issue is caused by a lack of size check for the request size in ep_write_iter which should be fixed. It, however, points to another problem, that SLUB defines KMALLOC_MAX_SIZE too large because the its KMALLOC_SHIFT_MAX is (MAX_ORDER + PAGE_SHIFT) which means that the resulting page allocator request might be MAX_ORDER which is too large (see __alloc_pages_slowpath). The same applies to the SLOB allocator which allows even larger sizes. Make sure that they are capped properly and never request more than MAX_ORDER order. Link: http://lkml.kernel.org/r/20161220130659.16461-2-mhocko@kernel.org Signed-off-by: Michal Hocko Reported-by: Andrey Konovalov Acked-by: Christoph Lameter Cc: Alexei Starovoitov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/slab.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit f729c8c9b24f0540a6e6b86e68f3888ba90ef7e7 Author: Ross Zwisler Date: Tue Jan 10 16:57:24 2017 -0800 dax: wrprotect pmd_t in dax_mapping_entry_mkclean Currently dax_mapping_entry_mkclean() fails to clean and write protect the pmd_t of a DAX PMD entry during an *sync operation. This can result in data loss in the following sequence: 1) mmap write to DAX PMD, dirtying PMD radix tree entry and making the pmd_t dirty and writeable 2) fsync, flushing out PMD data and cleaning the radix tree entry. We currently fail to mark the pmd_t as clean and write protected. 3) more mmap writes to the PMD. These don't cause any page faults since the pmd_t is dirty and writeable. The radix tree entry remains clean. 4) fsync, which fails to flush the dirty PMD data because the radix tree entry was clean. 5) crash - dirty data that should have been fsync'd as part of 4) could still have been in the processor cache, and is lost. Fix this by marking the pmd_t clean and write protected in dax_mapping_entry_mkclean(), which is called as part of the fsync operation 2). This will cause the writes in step 3) above to generate page faults where we'll re-dirty the PMD radix tree entry, resulting in flushes in the fsync that happens in step 4). Fixes: 4b4bb46d00b3 ("dax: clear dirty entry tags on cache flush") Link: http://lkml.kernel.org/r/1482272586-21177-3-git-send-email-ross.zwisler@linux.intel.com Signed-off-by: Ross Zwisler Reviewed-by: Jan Kara Cc: Alexander Viro Cc: Christoph Hellwig Cc: Dan Williams Cc: Dave Chinner Cc: Jan Kara Cc: Matthew Wilcox Cc: Dave Hansen Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/dax.c | 51 ++++++++++++++++++++++++++++++++++++--------------- include/linux/mm.h | 2 -- mm/memory.c | 4 ++-- 3 files changed, 38 insertions(+), 19 deletions(-) commit 097963959594c5eccaba42510f7033f703211bda Author: Ross Zwisler Date: Tue Jan 10 16:57:21 2017 -0800 mm: add follow_pte_pmd() Patch series "Write protect DAX PMDs in *sync path". Currently dax_mapping_entry_mkclean() fails to clean and write protect the pmd_t of a DAX PMD entry during an *sync operation. This can result in data loss, as detailed in patch 2. This series is based on Dan's "libnvdimm-pending" branch, which is the current home for Jan's "dax: Page invalidation fixes" series. You can find a working tree here: https://git.kernel.org/cgit/linux/kernel/git/zwisler/linux.git/log/?h=dax_pmd_clean This patch (of 2): Similar to follow_pte(), follow_pte_pmd() allows either a PTE leaf or a huge page PMD leaf to be found and returned. Link: http://lkml.kernel.org/r/1482272586-21177-2-git-send-email-ross.zwisler@linux.intel.com Signed-off-by: Ross Zwisler Suggested-by: Dave Hansen Cc: Alexander Viro Cc: Christoph Hellwig Cc: Dan Williams Cc: Dave Chinner Cc: Jan Kara Cc: Matthew Wilcox Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/mm.h | 2 ++ mm/memory.c | 37 ++++++++++++++++++++++++++++++------- 2 files changed, 32 insertions(+), 7 deletions(-) commit d670ffd87509b6b136d8ed6f757851a8ebe442b2 Author: Aneesh Kumar K.V Date: Tue Jan 10 16:57:18 2017 -0800 mm/thp/pagecache/collapse: free the pte page table on collapse for thp page cache. With THP page cache, when trying to build a huge page from regular pte pages, we just clear the pmd entry. We will take another fault and at that point we will find the huge page in the radix tree, thereby using the huge page to complete the page fault The second fault path will allocate the needed pgtable_t page for archs like ppc64. So no need to deposit the same in collapse path. Depositing them in the collapse path resulting in a pgtable_t memory leak also giving errors like BUG: non-zero nr_ptes on freeing mm: 3 Fixes: 953c66c2b22a ("mm: THP page cache support for ppc64") Link: http://lkml.kernel.org/r/20161212163428.6780-2-aneesh.kumar@linux.vnet.ibm.com Signed-off-by: Aneesh Kumar K.V Acked-by: Kirill A. Shutemov Cc: Michael Ellerman Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/khugepaged.c | 21 ++------------------- 1 file changed, 2 insertions(+), 19 deletions(-) commit 965d004af54088d138f806d04d803fb60d441986 Author: Ross Zwisler Date: Tue Jan 10 16:57:15 2017 -0800 dax: fix deadlock with DAX 4k holes Currently in DAX if we have three read faults on the same hole address we can end up with the following: Thread 0 Thread 1 Thread 2 -------- -------- -------- dax_iomap_fault grab_mapping_entry lock_slot dax_iomap_fault grab_mapping_entry get_unlocked_mapping_entry dax_iomap_fault grab_mapping_entry get_unlocked_mapping_entry dax_load_hole find_or_create_page ... page_cache_tree_insert dax_wake_mapping_entry_waiter __radix_tree_replace get_page lock_page ... put_locked_mapping_entry unlock_page put_page The crux of the problem is that once we insert a 4k zero page, all locking from then on is done in terms of that 4k zero page and any additional threads sleeping on the empty DAX entry will never be woken. Fix this by waking all sleepers when we replace the DAX radix tree entry with a 4k zero page. This will allow all sleeping threads to successfully transition from locking based on the DAX empty entry to locking on the 4k zero page. With the test case reported by Xiong this happens very regularly in my test setup, with some runs resulting in 9+ threads in this deadlocked state. With this fix I've been able to run that same test dozens of times in a loop without issue. Fixes: ac401cc78242 ("dax: New fault locking") Link: http://lkml.kernel.org/r/1483479365-13607-1-git-send-email-ross.zwisler@linux.intel.com Signed-off-by: Ross Zwisler Reported-by: Xiong Zhou Reviewed-by: Jan Kara Cc: [4.7+] Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/filemap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 5771f6ea8d5ccc0df4d02ae65833413150a1b829 Author: Vlastimil Babka Date: Tue Jan 10 16:57:12 2017 -0800 MAINTAINERS: remove duplicate bug filling description I have noticed that two different descriptions for B: entries in MAINTAINERS were merged: commit 686564434e88 ("MAINTAINERS: Add bug tracking system location entry type") and 2de2bd95f456 ("MAINTAINERS: add "B:" for URI where to file bugs"). This patch keeps the description from 2de2bd95f456. There has been a discussion [1] about whether this more detailed description is useful and what it exactly implies. I find it more useful and general, and the author of 686564434e88 agreed in the end that either is fine. [1] https://lkml.org/lkml/2016/12/8/71 Link: http://lkml.kernel.org/r/20161219085158.12114-1-vbabka@suse.cz Signed-off-by: Vlastimil Babka Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds MAINTAINERS | 1 - 1 file changed, 1 deletion(-) commit 57ea52a865144aedbcd619ee0081155e658b6f7d Author: Herbert Xu Date: Tue Jan 10 12:24:15 2017 -0800 gro: Disable frag0 optimization on IPv6 ext headers The GRO fast path caches the frag0 address. This address becomes invalid if frag0 is modified by pskb_may_pull or its variants. So whenever that happens we must disable the frag0 optimization. This is usually done through the combination of gro_header_hard and gro_header_slow, however, the IPv6 extension header path did the pulling directly and would continue to use the GRO fast path incorrectly. This patch fixes it by disabling the fast path when we enter the IPv6 extension header path. Fixes: 78a478d0efd9 ("gro: Inline skb_gro_header and cache frag0 virtual address") Reported-by: Slava Shwartsman Signed-off-by: Herbert Xu Signed-off-by: Eric Dumazet Signed-off-by: David S. Miller include/linux/netdevice.h | 9 +++++++-- net/ipv6/ip6_offload.c | 1 + 2 files changed, 8 insertions(+), 2 deletions(-) commit 1272ce87fa017ca4cf32920764d879656b7a005a Author: Herbert Xu Date: Tue Jan 10 12:24:01 2017 -0800 gro: Enter slow-path if there is no tailroom The GRO path has a fast-path where we avoid calling pskb_may_pull and pskb_expand by directly accessing frag0. However, this should only be done if we have enough tailroom in the skb as otherwise we'll have to expand it later anyway. This patch adds the check by capping frag0_len with the skb tailroom. Fixes: cb18978cbf45 ("gro: Open-code final pskb_may_pull") Reported-by: Slava Shwartsman Signed-off-by: Herbert Xu Signed-off-by: Eric Dumazet Signed-off-by: David S. Miller net/core/dev.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 9f9b74ef896792399dc7b5121896b9c963db80fb Author: Martin KaFai Lau Date: Tue Jan 10 09:41:49 2017 -0800 mlx4: Return EOPNOTSUPP instead of ENOTSUPP In commit b45f0674b997 ("mlx4: xdp: Allow raising MTU up to one page minus eth and vlan hdrs"), it changed EOPNOTSUPP to ENOTSUPP by mistake. This patch fixes it. Fixes: b45f0674b997 ("mlx4: xdp: Allow raising MTU up to one page minus eth and vlan hdrs") Signed-off-by: Martin KaFai Lau Acked-by: Saeed Mahameed Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx4/en_netdev.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit dc5367bcc556e97555fc94a32cd1aadbebdff47e Author: Julian Wiedmann Date: Tue Jan 10 17:10:34 2017 +0100 net/af_iucv: don't use paged skbs for TX on HiperSockets With commit e53743994e21 ("af_iucv: use paged SKBs for big outbound messages"), we transmit paged skbs for both of AF_IUCV's transport modes (IUCV or HiperSockets). The qeth driver for Layer 3 HiperSockets currently doesn't support NETIF_F_SG, so these skbs would just be linearized again by the stack. Avoid that overhead by using paged skbs only for IUCV transport. cc stable, since this also circumvents a significant skb leak when sending large messages (where the skb then needs to be linearized). Signed-off-by: Julian Wiedmann Signed-off-by: Ursula Braun Cc: # v4.8+ Fixes: e53743994e21 ("af_iucv: use paged SKBs for big outbound messages") Signed-off-by: David S. Miller net/iucv/af_iucv.c | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) commit 5d722b3024f6762addb8642ffddc9f275b5107ae Author: Anna, Suman Date: Mon Jan 9 21:48:56 2017 -0600 net: add the AF_QIPCRTR entries to family name tables Commit bdabad3e363d ("net: Add Qualcomm IPC router") introduced a new address family. Update the family name tables accordingly so that the lockdep initialization can use the proper names for this family. Cc: Courtney Cavin Cc: Bjorn Andersson Signed-off-by: Suman Anna Signed-off-by: David S. Miller net/core/sock.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 3512a1ad56174308a9fd3e10f4b1e3e152e9ec01 Author: Stephen Boyd Date: Mon Jan 9 14:31:58 2017 -0800 net: qrtr: Mark 'buf' as little endian Failure to mark this pointer as __le32 causes checkers like sparse to complain: net/qrtr/qrtr.c:274:16: warning: incorrect type in assignment (different base types) net/qrtr/qrtr.c:274:16: expected unsigned int [unsigned] [usertype] net/qrtr/qrtr.c:274:16: got restricted __le32 [usertype] net/qrtr/qrtr.c:275:16: warning: incorrect type in assignment (different base types) net/qrtr/qrtr.c:275:16: expected unsigned int [unsigned] [usertype] net/qrtr/qrtr.c:275:16: got restricted __le32 [usertype] net/qrtr/qrtr.c:276:16: warning: incorrect type in assignment (different base types) net/qrtr/qrtr.c:276:16: expected unsigned int [unsigned] [usertype] net/qrtr/qrtr.c:276:16: got restricted __le32 [usertype] Silence it. Cc: Bjorn Andersson Signed-off-by: Stephen Boyd Acked-by: Bjorn Andersson Signed-off-by: David S. Miller net/qrtr/qrtr.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit faf3a932fbeb77860226a8323eacb835edc98648 Author: Florian Fainelli Date: Mon Jan 9 11:58:34 2017 -0800 net: dsa: Ensure validity of dst->ds[0] It is perfectly possible to have non zero indexed switches being present in a DSA switch tree, in such a case, we will be deferencing a NULL pointer while dsa_cpu_port_ethtool_{setup,restore}. Be more defensive and ensure that dst->ds[0] is valid before doing anything with it. Fixes: 0c73c523cf73 ("net: dsa: Initialize CPU port ethtool ops per tree") Signed-off-by: Florian Fainelli Reviewed-by: Vivien Didelot Signed-off-by: David S. Miller net/dsa/dsa2.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) commit ddc37832a1349f474c4532de381498020ed71d31 Author: Mark Rutland Date: Fri Jan 6 13:12:47 2017 +0100 ARM: 8634/1: hw_breakpoint: blacklist Scorpion CPUs On APQ8060, the kernel crashes in arch_hw_breakpoint_init, taking an undefined instruction trap within write_wb_reg. This is because Scorpion CPUs erroneously appear to set DBGPRSR.SPD when WFI is issued, even if the core is not powered down. When DBGPRSR.SPD is set, breakpoint and watchpoint registers are treated as undefined. It's possible to trigger similar crashes later on from userspace, by requesting the kernel to install a breakpoint or watchpoint, as we can go idle at any point between the reset of the debug registers and their later use. This has always been the case. Given that this has always been broken, no-one has complained until now, and there is no clear workaround, disable hardware breakpoints and watchpoints on Scorpion to avoid these issues. Signed-off-by: Mark Rutland Reported-by: Linus Walleij Reviewed-by: Stephen Boyd Acked-by: Will Deacon Cc: Russell King Cc: stable@vger.kernel.org Signed-off-by: Russell King arch/arm/include/asm/cputype.h | 3 +++ arch/arm/kernel/hw_breakpoint.c | 16 ++++++++++++++++ 2 files changed, 19 insertions(+) commit 270c8cf1cacc69cb8d99dea812f06067a45e4609 Author: Rabin Vincent Date: Wed Nov 23 13:02:32 2016 +0100 ARM: 8632/1: ftrace: fix syscall name matching ARM has a few system calls (most notably mmap) for which the names of the functions which are referenced in the syscall table do not match the names of the syscall tracepoints. As a consequence of this, these tracepoints are not made available. Implement arch_syscall_match_sym_name to fix this and allow tracing even these system calls. Signed-off-by: Rabin Vincent Signed-off-by: Russell King arch/arm/include/asm/ftrace.h | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) commit 807b93e995d1f44dd94b4ec50d3a864e72296416 Merge: bd5d742 7738789 Author: Linus Torvalds Date: Tue Jan 10 13:51:54 2017 -0800 Merge tag 'linux-kselftest-4.10-rc4-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest Pull kselftest fixes from Shuah Khan: "This update consists of fixes to use shell instead of bash to run tests in embedded devices where the only shell available is the busybox ash. Also included is a typo fix to a test result message" * tag 'linux-kselftest-4.10-rc4-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest: selftests: x86/pkeys: fix spelling mistake: "itertation" -> "iteration" selftests: do not require bash to run netsocktests testcase selftests: do not require bash to run bpf tests selftests: do not require bash for the generated test commit 6bf6b0aa3da84a3d9126919a94c49c0fb7ee2fb3 Author: Omar Sandoval Date: Mon Jan 9 11:44:12 2017 -0800 virtio_blk: fix panic in initialization error path If blk_mq_init_queue() returns an error, it gets assigned to vblk->disk->queue. Then, when we call put_disk(), we end up calling blk_put_queue() with the ERR_PTR, causing a bad dereference. Fix it by only assigning to vblk->disk->queue on success. Signed-off-by: Omar Sandoval Reviewed-by: Jeff Moyer Signed-off-by: Jens Axboe drivers/block/virtio_blk.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 25b4acfc7de0fc4da3bfea3a316f7282c6fbde81 Author: Jeff Moyer Date: Mon Jan 9 15:20:31 2017 -0500 nbd: blk_mq_init_queue returns an error code on failure, not NULL Additionally, don't assign directly to disk->queue, otherwise blk_put_queue (called via put_disk) will choke (panic) on the errno stored there. Bug found by code inspection after Omar found a similar issue in virtio_blk. Compile-tested only. Signed-off-by: Jeff Moyer Reviewed-by: Omar Sandoval Reviewed-by: Josef Bacik Signed-off-by: Jens Axboe drivers/block/nbd.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit a14d749fcebe97ddf6af6db3d1f6ece85c9ddcb9 Author: Christoph Hellwig Date: Mon Jan 9 08:56:23 2017 -0700 virtio_blk: avoid DMA to stack for the sense buffer Most users of BLOCK_PC requests allocate the sense buffer on the stack, so to avoid DMA to the stack copy them to a field in the heap allocated virtblk_req structure. Without that any attempt at SCSI passthrough I/O, including the SG_IO ioctl from userspace will crash the kernel. Note that this includes running tools like hdparm even when the host does not have SCSI passthrough enabled. Signed-off-by: Christoph Hellwig Cc: stable@vger.kernel.org # v4.9+ Signed-off-by: Jens Axboe drivers/block/virtio_blk.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit dd545b52a3e1efd9f2c6352dbe95ccd0c53461cc Author: Chandan Rajendra Date: Tue Jan 10 13:29:54 2017 -0700 do_direct_IO: Use inode->i_blkbits to compute block count to be cleaned The code currently uses sdio->blkbits to compute the number of blocks to be cleaned. However sdio->blkbits is derived from the logical block size of the underlying block device (Refer to the definition of do_blockdev_direct_IO()). Due to this, generic/299 test would rarely fail when executed on an ext4 filesystem with 64k as the block size and when using a virtio based disk (having 512 byte as the logical block size) inside a kvm guest. This commit fixes the bug by using inode->i_blkbits to compute the number of blocks to be cleaned. Signed-off-by: Chandan Rajendra Reviewed-by: Christoph Hellwig Fixed up by Jeff Moyer to only use/evaluate inode->i_blkbits once, to avoid issues with block size changes with IO in flight. Signed-off-by: Jens Axboe fs/direct-io.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit ecd43afdbe72017aefe48080631eb625e177ef4d Author: Vineet Gupta Date: Sun Jan 8 19:45:48 2017 -0800 ARCv2: save r30 on kernel entry as gcc uses it for code-gen This is not exposed to userspace debugers yet, which can be done independently as a seperate patch ! Signed-off-by: Vineet Gupta arch/arc/include/asm/entry-arcv2.h | 2 ++ arch/arc/include/asm/ptrace.h | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) commit 3bcf96e0183f5c863657cb6ae9adad307a0f6071 Author: Steve Wise Date: Thu Dec 22 07:40:37 2016 -0800 iw_cxgb4: do not send RX_DATA_ACK CPLs after close/abort Function rx_data(), which handles ingress CPL_RX_DATA messages, was always sending an RX_DATA_ACK with the goal of updating the credits. However, if the RDMA connection is moved out of FPDU mode abruptly, then it is possible for iw_cxgb4 to process queued RX_DATA CPLs after HW has aborted the connection. These CPLs should not trigger RX_DATA_ACKS. If they do, HW can see a READ after DELETE of the DB_LE hash entry for the tid and post a LE_DB HashTblMemCrcError. Signed-off-by: Steve Wise Signed-off-by: Doug Ledford drivers/infiniband/hw/cxgb4/cm.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) commit c12a67fec8d99bb554e8d4e99120d418f1a39c87 Author: Steve Wise Date: Thu Dec 22 07:40:36 2016 -0800 iw_cxgb4: free EQ queue memory on last deref Commit ad61a4c7a9b7 ("iw_cxgb4: don't block in destroy_qp awaiting the last deref") introduced a bug where the RDMA QP EQ queue memory (and QIDs) are possibly freed before the underlying connection has been fully shutdown. The result being a possible DMA read issued by HW after the queue memory has been unmapped and freed. This results in possible WR corruption in the worst case, system bus errors if an IOMMU is in use, and SGE "bad WR" errors reported in the very least. The fix is to defer unmap/free of queue memory and QID resources until the QP struct has been fully dereferenced. To do this, the c4iw_ucontext must also be kept around until the last QP that references it is fully freed. In addition, since the last QP deref can happen in an IRQ disabled context, we need a new workqueue thread to do the final unmap/free of the EQ queue memory. Fixes: ad61a4c7a9b7 ("iw_cxgb4: don't block in destroy_qp awaiting the last deref") Cc: stable@vger.kernel.org Signed-off-by: Steve Wise Signed-off-by: Doug Ledford drivers/infiniband/hw/cxgb4/device.c | 9 +++++++++ drivers/infiniband/hw/cxgb4/iw_cxgb4.h | 18 +++++++++++++++++ drivers/infiniband/hw/cxgb4/provider.c | 20 +++++++++++++++---- drivers/infiniband/hw/cxgb4/qp.c | 35 +++++++++++++++++++++++++--------- 4 files changed, 69 insertions(+), 13 deletions(-) commit 4fe7c2962e110dfd58e61888514726aac419562f Author: Steve Wise Date: Thu Dec 22 07:04:59 2016 -0800 iw_cxgb4: refactor sq/rq drain logic With the addition of the IB/Core drain API, iw_cxgb4 supported drain by watching the CQs when the QP was out of RTS and signalling "drain complete" when the last CQE is polled. This, however, doesn't fully support the drain semantics. Namely, the drain logic is supposed to signal "drain complete" only when the application has _processed_ the last CQE, not just removed them from the CQ. Thus a small timing hole exists that can cause touch after free type bugs in applications using the drain API (nvmf, iSER, for example). So iw_cxgb4 needs a better solution. The iWARP Verbs spec mandates that "_at some point_ after the QP is moved to ERROR", the iWARP driver MUST synchronously fail post_send and post_recv calls. iw_cxgb4 was currently not allowing any posts once the QP is in ERROR. This was in part due to the fact that the HW queues for the QP in ERROR state are disabled at this point, so there wasn't much else to do but fail the post operation synchronously. This restriction is what drove the first drain implementation in iw_cxgb4 that has the above mentioned flaw. This patch changes iw_cxgb4 to allow post_send and post_recv WRs after the QP is moved to ERROR state for kernel mode users, thus still adhering to the Verbs spec for user mode users, but allowing flush WRs for kernel users. Since the HW queues are disabled, we just synthesize a CQE for this post, queue it to the SW CQ, and then call the CQ event handler. This enables proper drain operations for the various storage applications. Signed-off-by: Steve Wise Signed-off-by: Doug Ledford drivers/infiniband/hw/cxgb4/cq.c | 21 ++++--- drivers/infiniband/hw/cxgb4/iw_cxgb4.h | 6 +- drivers/infiniband/hw/cxgb4/provider.c | 2 - drivers/infiniband/hw/cxgb4/qp.c | 112 ++++++++++++++++++++------------- drivers/infiniband/hw/cxgb4/t4.h | 2 + 5 files changed, 85 insertions(+), 58 deletions(-) commit d9584d8ccc06ba98f4fad8ec720de66b6659fd35 Author: Eric Dumazet Date: Mon Jan 9 11:18:01 2017 -0800 net: skb_flow_get_be16() can be static Removes following sparse complain : net/core/flow_dissector.c:70:8: warning: symbol 'skb_flow_get_be16' was not declared. Should it be static? Fixes: 972d3876faa8 ("flow dissector: ICMP support") Signed-off-by: Eric Dumazet Signed-off-by: David S. Miller net/core/flow_dissector.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 3116d37651d77125bf50f81f859b1278e02ccce6 Author: Emmanuel Vadot Date: Wed Dec 14 15:57:24 2016 +0100 ARM: dts: sunxi: Change node name for pwrseq pin on Olinuxino-lime2-emmc The node name for the power seq pin is mmc2@0 like the mmc2_pins_a one. This makes the original node (mmc2_pins_a) scrapped out of the dtb and result in a unusable eMMC if U-Boot didn't configured the pins to the correct functions. Signed-off-by: Emmanuel Vadot Signed-off-by: Maxime Ripard arch/arm/boot/dts/sun7i-a20-olinuxino-lime2-emmc.dts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 7c9d8d0c41b3e24473ac7648a7fc2d644ccf08ff Author: Bryant G. Ly Date: Mon Jan 9 10:21:20 2017 -0600 ibmvscsis: Fix srp_transfer_data fail return code If srp_transfer_data fails within ibmvscsis_write_pending, then the most likely scenario is that the client timed out the op and removed the TCE mapping. Thus it will loop forever retrying the op that is pretty much guaranteed to fail forever. A better return code would be EIO instead of EAGAIN. Cc: stable@vger.kernel.org Reported-by: Steven Royer Tested-by: Steven Royer Signed-off-by: Bryant G. Ly Signed-off-by: Bart Van Assche drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 661ccdc1a95f18ab6c1373322fde09afd5b90a1f Author: Milo Kim Date: Tue Dec 13 08:18:15 2016 +0900 ARM: dts: sun8i: Support DTB build for NanoPi M1 The commit 10efbf5f1633 ("ARM: dts: sun8i: Add dts file for NanoPi M1 SBC") introduced NanoPi M1 board but it's missing in Allwinner H3 DTB build. Signed-off-by: Milo Kim Signed-off-by: Maxime Ripard arch/arm/boot/dts/Makefile | 1 + 1 file changed, 1 insertion(+) commit 6b546c2a15f9d8d3b1fb22adeb4063d497b08265 Author: Chen-Yu Tsai Date: Thu Nov 24 14:43:39 2016 +0800 ARM: dts: sun6i: hummingbird: Enable display engine again Now that we disable the display engine by default, we need to re-enable it for the Hummingbird A31, which already had its display pipeline enabled. Signed-off-by: Chen-Yu Tsai Signed-off-by: Maxime Ripard arch/arm/boot/dts/sun6i-a31-hummingbird.dts | 4 ++++ 1 file changed, 4 insertions(+) commit 205ac7b33e556bde7e3374042b4ca9989e245d89 Author: Chen-Yu Tsai Date: Thu Nov 24 14:43:38 2016 +0800 ARM: dts: sun6i: Disable display pipeline by default While we now support the internal display pipeline found on sun6i, it is possible that we are unable to enable the display for some boards, due to a lack of drivers for the panels or bridges found on them. If the display pipeline is enabled, the driver will try to enable, and possibly screw up the simple framebuffer U-boot had configured. Disable the display pipeline by default. Fixes: 6d0e5b70be13 ("ARM: dts: sun6i: Add device nodes for first display pipeline") Signed-off-by: Chen-Yu Tsai Signed-off-by: Maxime Ripard arch/arm/boot/dts/sun6i-a31.dtsi | 1 + 1 file changed, 1 insertion(+) commit 7b6c1b4c0e1e44544aa18161dba6a741c080a7ef Author: Bin Liu Date: Tue Jan 10 10:46:00 2017 -0600 usb: musb: fix runtime PM in debugfs MUSB driver now has runtime PM support, but the debugfs driver misses the PM _get/_put() calls, which could cause MUSB register access failure. Cc: stable@vger.kernel.org # 4.9+ Acked-by: Tony Lindgren Signed-off-by: Bin Liu Signed-off-by: Greg Kroah-Hartman drivers/usb/musb/musb_debugfs.c | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) commit 2f8225e834618b9b93eaff5cea8aabbd42f04c84 Merge: dc647ec 75dc692 Author: David S. Miller Date: Tue Jan 10 11:46:47 2017 -0500 Merge branch 'r8152-fix-autosuspend' Hayes Wang says: ==================== r8152: fix autosuspend issue Avoid rx is split into two parts when runtime suspend occurs. ==================== Signed-off-by: David S. Miller commit 75dc692eda114cb234a46cb11893a9c3ea520934 Author: hayeswang Date: Tue Jan 10 17:04:07 2017 +0800 r8152: fix rx issue for runtime suspend Pause the rx and make sure the rx fifo is empty when the autosuspend occurs. If the rx data comes when the driver is canceling the rx urb, the host controller would stop getting the data from the device and continue it after next rx urb is submitted. That is, one continuing data is split into two different urb buffers. That let the driver take the data as a rx descriptor, and unexpected behavior happens. Signed-off-by: Hayes Wang Signed-off-by: David S. Miller drivers/net/usb/r8152.c | 31 ++++++++++++++++++++++++++++--- 1 file changed, 28 insertions(+), 3 deletions(-) commit 8fb280616878b81c0790a0c33acbeec59c5711f4 Author: hayeswang Date: Tue Jan 10 17:04:06 2017 +0800 r8152: split rtl8152_suspend function Split rtl8152_suspend() into rtl8152_system_suspend() and rtl8152_rumtime_suspend(). Signed-off-by: Hayes Wang Signed-off-by: David S. Miller drivers/net/usb/r8152.c | 57 ++++++++++++++++++++++++++++++++++--------------- 1 file changed, 40 insertions(+), 17 deletions(-) commit 87156518da94a696f2b27ab8945d531af2f1d339 Author: David Disseldorp Date: Mon Jan 2 18:04:09 2017 +0100 target: support XCOPY requests without parameters SPC4r37 6.4.1 EXTENDED COPY(LID4) states (also applying to LID1 reqs): A parameter list length of zero specifies that the copy manager shall not transfer any data or alter any internal state, and this shall not be considered an error. This behaviour can be tested using the libiscsi ExtendedCopy.ParamHdr test. Signed-off-by: David Disseldorp Reviewed-by: Christoph Hellwig Signed-off-by: Bart Van Assche drivers/target/target_core_xcopy.c | 4 ++++ 1 file changed, 4 insertions(+) commit f94fd098f674b78c29f482da1999d8de0c93c74e Author: David Disseldorp Date: Mon Jan 2 18:04:08 2017 +0100 target: check for XCOPY parameter truncation Check for XCOPY header, CSCD descriptor and segment descriptor list truncation, and respond accordingly. SPC4r37 6.4.1 EXTENDED COPY(LID4) states (also applying to LID1 reqs): If the parameter list length causes truncation of the parameter list, then the copy manager shall transfer no data and shall terminate the EXTENDED COPY command with CHECK CONDITION status, with the sense key set to ILLEGAL REQUEST, and the additional sense code set to PARAMETER LIST LENGTH ERROR. This behaviour can be tested using the libiscsi ExtendedCopy.ParamHdr test. Signed-off-by: David Disseldorp Reviewed-by: Christoph Hellwig Signed-off-by: Bart Van Assche drivers/target/target_core_xcopy.c | 14 ++++++++++++++ drivers/target/target_core_xcopy.h | 1 + 2 files changed, 15 insertions(+) commit 66640d35c1e4ef3c96ba5edb3c5e2ff8ab812e7a Author: David Disseldorp Date: Mon Jan 2 18:04:07 2017 +0100 target: use XCOPY segment descriptor CSCD IDs The XCOPY specification in SPC4r37 states that the XCOPY source and destination device(s) should be derived from the copy source and copy destination (CSCD) descriptor IDs in the XCOPY segment descriptor. The CSCD IDs are generally (for block -> block copies), indexes into the corresponding CSCD descriptor list, e.g. ================================= EXTENDED COPY Header ================================= CSCD Descriptor List - entry 0 + LU ID <--------------<------------------\ - entry 1 | + LU ID <______________<_____________ | ================================= | | Segment Descriptor List | | - segment 0 | | + src CSCD ID = 0 --------->---------+----/ + dest CSCD ID = 1 ___________>______| + len + src lba + dest lba ================================= Currently LIO completely ignores the src and dest CSCD IDs in the Segment Descriptor List, and instead assumes that the first entry in the CSCD list corresponds to the source, and the second to the destination. This commit removes this assumption, by ensuring that the Segment Descriptor List is parsed prior to processing the CSCD Descriptor List. CSCD Descriptor List processing is modified to compare the current list index with the previously obtained src and dest CSCD IDs. Additionally, XCOPY requests where the src and dest CSCD IDs refer to the CSCD Descriptor List entry can now be successfully processed. Fixes: cbf031f ("target: Add support for EXTENDED_COPY copy offload") Link: https://bugzilla.kernel.org/show_bug.cgi?id=191381 Signed-off-by: David Disseldorp Reviewed-by: Christoph Hellwig Signed-off-by: Bart Van Assche drivers/target/target_core_xcopy.c | 79 +++++++++++++++++++++++--------------- 1 file changed, 48 insertions(+), 31 deletions(-) commit f184210bca6c9d0091ff5e5629dea4cbb8a17c0f Author: David Disseldorp Date: Mon Jan 2 18:04:06 2017 +0100 target: check XCOPY segment descriptor CSCD IDs Ensure that the segment descriptor CSCD descriptor ID values correspond to CSCD descriptor entries located in the XCOPY command parameter list. SPC4r37 6.4.6.1 Table 150 specifies this range as 0000h to 07FFh, where the CSCD descriptor location in the parameter list can be located via: 16 + (id * 32) Signed-off-by: David Disseldorp Reviewed-by: Christoph Hellwig [ bvanassche: inserted "; " in the format string of an error message and also moved a "||" operator from the start of a line to the end of the previous line ] Signed-off-by: Bart Van Assche drivers/target/target_core_xcopy.c | 8 ++++++++ drivers/target/target_core_xcopy.h | 6 ++++++ 2 files changed, 14 insertions(+) commit 94aae4caacda89a1bdb7198b260f4ca3595b7ed7 Author: David Disseldorp Date: Mon Jan 2 18:04:05 2017 +0100 target: simplify XCOPY wwn->se_dev lookup helper target_xcopy_locate_se_dev_e4() is used to locate an se_dev, based on the WWN provided with the XCOPY request. Remove a couple of unneeded arguments, and rely on the caller for the src/dst test. Signed-off-by: David Disseldorp Reviewed-by: Christoph Hellwig Signed-off-by: Bart Van Assche drivers/target/target_core_xcopy.c | 28 +++++++++------------------- 1 file changed, 9 insertions(+), 19 deletions(-) commit c243849720ac237e9e7191fe57f619bb3a871d4c Author: David Disseldorp Date: Mon Jan 2 18:04:04 2017 +0100 target: return UNSUPPORTED TARGET/SEGMENT DESC TYPE CODE sense Use UNSUPPORTED TARGET DESCRIPTOR TYPE CODE and UNSUPPORTED SEGMENT DESCRIPTOR TYPE CODE additional sense codes if a descriptor type in an XCOPY request is not supported, as specified in spc4r37 6.4.5 and 6.4.6. Signed-off-by: David Disseldorp Reviewed-by: Christoph Hellwig Signed-off-by: Bart Van Assche drivers/target/target_core_xcopy.c | 4 ++++ 1 file changed, 4 insertions(+) commit 7d38706669ce00603b187f667a4eb67c94eac098 Author: David Disseldorp Date: Fri Dec 23 11:37:56 2016 +0100 target: bounds check XCOPY total descriptor list length spc4r37 6.4.3.5 states: If the combined length of the CSCD descriptors and segment descriptors exceeds the allowed value, then the copy manager shall terminate the command with CHECK CONDITION status, with the sense key set to ILLEGAL REQUEST, and the additional sense code set to PARAMETER LIST LENGTH ERROR. This functionality can be tested using the libiscsi ExtendedCopy.DescrLimits test. Signed-off-by: David Disseldorp Reviewed-by: Christoph Hellwig Signed-off-by: Bart Van Assche drivers/target/target_core_xcopy.c | 6 ++++++ 1 file changed, 6 insertions(+) commit af9f62c1686268c0517b289274d38f3a03bebd2a Author: David Disseldorp Date: Fri Dec 23 11:37:55 2016 +0100 target: bounds check XCOPY segment descriptor list Check the length of the XCOPY request segment descriptor list against the value advertised via the MAXIMUM SEGMENT DESCRIPTOR COUNT field in the RECEIVE COPY OPERATING PARAMETERS response. spc4r37 6.4.3.5 states: If the number of segment descriptors exceeds the allowed number, the copy manager shall terminate the command with CHECK CONDITION status, with the sense key set to ILLEGAL REQUEST, and the additional sense code set to TOO MANY SEGMENT DESCRIPTORS. This functionality is testable using the libiscsi ExtendedCopy.DescrLimits test. Signed-off-by: David Disseldorp Reviewed-by: Christoph Hellwig Signed-off-by: Bart Van Assche drivers/target/target_core_xcopy.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) commit 61c359194c46cbffec9a1f2c59c1c4011222ad84 Author: David Disseldorp Date: Fri Dec 23 11:37:54 2016 +0100 target: use XCOPY TOO MANY TARGET DESCRIPTORS sense spc4r37 6.4.3.4 states: If the number of CSCD descriptors exceeds the allowed number, the copy manager shall terminate the command with CHECK CONDITION status, with the sense key set to ILLEGAL REQUEST, and the additional sense code set to TOO MANY TARGET DESCRIPTORS. LIO currently responds with INVALID FIELD IN PARAMETER LIST, which sees it fail the libiscsi ExtendedCopy.DescrLimits test. Signed-off-by: David Disseldorp Reviewed-by: Christoph Hellwig Signed-off-by: Bart Van Assche drivers/target/target_core_xcopy.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit e864212078ded276bdb272b2e0ee6a979357ca8a Author: David Disseldorp Date: Fri Dec 23 11:37:53 2016 +0100 target: add XCOPY target/segment desc sense codes As defined in http://www.t10.org/lists/asc-num.htm. To be used during validation of XCOPY target and segment descriptor lists. Signed-off-by: David Disseldorp Reviewed-by: Christoph Hellwig Signed-off-by: Bart Van Assche drivers/target/target_core_transport.c | 24 ++++++++++++++++++++++++ include/target/target_core_base.h | 4 ++++ 2 files changed, 28 insertions(+) commit dc647ec88e029307e60e6bf9988056605f11051a Author: Tobias Klauser Date: Tue Jan 10 09:30:51 2017 +0100 net: socket: Make unnecessarily global sockfs_setattr() static Make sockfs_setattr() static as it is not used outside of net/socket.c This fixes the following GCC warning: net/socket.c:534:5: warning: no previous prototype for ‘sockfs_setattr’ [-Wmissing-prototypes] Fixes: 86741ec25462 ("net: core: Add a UID field to struct sock.") Cc: Lorenzo Colitti Signed-off-by: Tobias Klauser Acked-by: Lorenzo Colitti Signed-off-by: David S. Miller net/socket.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 2bc979f27378350465ab4eb9179ab267c8ea9074 Merge: 6bb629d 60f59ce Author: David S. Miller Date: Tue Jan 10 11:27:46 2017 -0500 Merge tag 'wireless-drivers-for-davem-2017-01-10' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers Kalle Valo says: ==================== wireless-drivers fixes for 4.10 Only two fixes at this time. The rtlwifi fix is an important one as it fixes a reported oops and Linus was already asking about it. The orinoco fix is not tested on a real device, because it's old legacy hardware and hardly no-one use it, but it should fix a (theoretical) issue with VMAP_STACK. ==================== Signed-off-by: David S. Miller commit 620f1a632ebcc9811c2f8009ba52297c7006f805 Author: Andy Lutomirski Date: Tue Dec 13 18:50:13 2016 -0800 wusbcore: Fix one more crypto-on-the-stack bug The driver put a constant buffer of all zeros on the stack and pointed a scatterlist entry at it. This doesn't work with virtual stacks. Use ZERO_PAGE instead. Cc: stable@vger.kernel.org # 4.9 only Reported-by: Eric Biggers Signed-off-by: Andy Lutomirski Signed-off-by: Greg Kroah-Hartman drivers/usb/wusbcore/crypto.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 146cc8a17a3b4996f6805ee5c080e7101277c410 Author: Johan Hovold Date: Tue Jan 10 12:05:37 2017 +0100 USB: serial: kl5kusb105: fix line-state error handling The current implementation failed to detect short transfers when attempting to read the line state, and also, to make things worse, logged the content of the uninitialised heap transfer buffer. Fixes: abf492e7b3ae ("USB: kl5kusb105: fix DMA buffers on stack") Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable Reviewed-by: Greg Kroah-Hartman Signed-off-by: Johan Hovold drivers/usb/serial/kl5kusb105.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) commit a782b5f986c3fa1cfa7f2b57941200c6a5809242 Author: Murali Karicheri Date: Wed Jan 4 14:32:30 2017 -0500 PCI: designware: Check for iATU unroll only on platforms that use ATU Previously we checked for iATU unroll support by reading PCIE_ATU_VIEWPORT even on platforms, e.g., Keystone, that do not have ATU ports. This can cause bad behavior such as asynchronous external aborts: OF: PCI: MEM 0x60000000..0x6fffffff -> 0x60000000 Unhandled fault: asynchronous external abort (0x1211) at 0x00000000 pgd = c0003000 [00000000] *pgd=80000800004003, *pmd=00000000 Internal error: : 1211 [#1] PREEMPT SMP ARM Modules linked in: CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.9.0-00009-g6ff59d2-dirty #7 Hardware name: Keystone task: eb878000 task.stack: eb866000 PC is at dw_pcie_setup_rc+0x24/0x380 LR is at ks_pcie_host_init+0x10/0x170 Move the dw_pcie_iatu_unroll_enabled() check so we only call it on platforms that do not use the ATU. These platforms supply their own ->rd_other_conf() and ->wr_other_conf() methods. [bhelgaas: changelog] Fixes: a0601a470537 ("PCI: designware: Add iATU Unroll feature") Fixes: 416379f9ebde ("PCI: designware: Check for iATU unroll support after initializing host") Tested-by: Kishon Vijay Abraham I Signed-off-by: Murali Karicheri Signed-off-by: Bjorn Helgaas Acked-By: Joao Pinto CC: stable@vger.kernel.org # v4.9+ drivers/pci/host/pcie-designware.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) commit af3076e67c31ceb3e314933dd61cb68a1d5120cf Author: Gerd Hoffmann Date: Mon Nov 21 19:32:06 2016 +0100 drm: flip cirrus driver status to "obsolete". Also update Kconfig help text, explaining things: Cirrus is obsolete, the hardware was designed in the 90ies and can't keep up with todays needs. More background: https://www.kraxel.org/blog/2014/10/qemu-using-cirrus-considered-harmful/ Better alternatives are: - stdvga (DRM_BOCHS, qemu -vga std, default in qemu 2.2+) - qxl (DRM_QXL, qemu -vga qxl, works best with spice) - virtio (VIRTIO_GPU), qemu -vga virtio) Signed-off-by: Gerd Hoffmann MAINTAINERS | 3 ++- drivers/gpu/drm/cirrus/Kconfig | 9 +++++++++ 2 files changed, 11 insertions(+), 1 deletion(-) commit 0c19f97f12bbb1c2370cb62e31d0f749642937ee Author: Gerd Hoffmann Date: Mon Nov 21 19:00:30 2016 +0100 drm: update MAINTAINERS for qemu drivers (bochs, cirrus, qxl, virtio-gpu) Changes: * add myself as maintainer, so patches land in my inbox. * add virtualization@lists.linux-foundation.org mailing list. * add drm-qemu git repo. * flip bochs and qxl status to "Maintained". Signed-off-by: Gerd Hoffmann MAINTAINERS | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) commit 71d3f6ef7f5af38dea2975ec5715c88bae92e92d Author: Gerd Hoffmann Date: Mon Nov 28 08:52:20 2016 +0100 drm/virtio: fix framebuffer sparse warning virtio uses normal ram as backing storage for the framebuffer, so we should assign the address to new screen_buffer (added by commit 17a7b0b4d9749f80d365d7baff5dec2f54b0e992) instead of screen_base. Reported-by: Michael S. Tsirkin Signed-off-by: Gerd Hoffmann drivers/gpu/drm/virtio/virtgpu_fb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 19a91dd4e39e755d650444da7f3a571b40a11093 Author: Heinrich Schuchardt Date: Fri Dec 23 16:01:08 2016 +0100 MMC: meson: avoid possible NULL dereference No actual segmentation faults were observed but the coding is at least inconsistent. irqreturn_t meson_mmc_irq(): We should not dereference host before checking it. meson_mmc_irq_thread(): If cmd or mrq are NULL we should not dereference them after writing a warning. Fixes: 51c5d8447bd7 MMC: meson: initial support for GX platforms Signed-off-by: Heinrich Schuchardt Acked-by: Kevin Hilman Signed-off-by: Ulf Hansson drivers/mmc/host/meson-gx-mmc.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) commit 42e0ebdef53d91891939a475c6ef23970829ff99 Merge: 1c681a1 a1792cda5 02c5c03 63c3194 c2b3612 Author: Mark Brown Date: Tue Jan 10 10:47:54 2017 +0000 Merge remote-tracking branches 'asoc/fix/nau8825', 'asoc/fix/rt5645', 'asoc/fix/tlv320aic3x' and 'asoc/fix/topology' into asoc-linus commit 1c681a1921e55628abd9cde2431c166ef8a6b993 Merge: df3c63d 1cab2a8 9f169b9 6fce983 4ee437f 9e4d59a Author: Mark Brown Date: Tue Jan 10 10:47:50 2017 +0000 Merge remote-tracking branches 'asoc/fix/arizona', 'asoc/fix/dpcm', 'asoc/fix/dwc', 'asoc/fix/fsl-ssi' and 'asoc/fix/hdmi-codec' into asoc-linus commit df3c63d39dc95dcfd70d891238b4deccac8259d6 Merge: 7dfe7e1 0ea617a Author: Mark Brown Date: Tue Jan 10 10:47:48 2017 +0000 Merge remote-tracking branch 'asoc/fix/rcar' into asoc-linus commit 7dfe7e18b5585719a5cc0da8bf3bf4490b36724a Merge: 01c2a84 bc65a32 Author: Mark Brown Date: Tue Jan 10 10:47:47 2017 +0000 Merge remote-tracking branch 'asoc/fix/intel' into asoc-linus commit 01c2a84c491cf1cceaf696c69870667d9563f7d0 Merge: a121103 d2e3a13 Author: Mark Brown Date: Tue Jan 10 10:47:45 2017 +0000 Merge remote-tracking branch 'asoc/fix/component' into asoc-linus commit 2e40795c3bf344cfb5220d94566205796e3ef19a Author: Dennis Kadioglu Date: Mon Jan 9 17:10:46 2017 +0100 ALSA: usb-audio: Add a quirk for Plantronics BT600 Plantronics BT600 does not support reading the sample rate which leads to many lines of "cannot get freq at ep 0x1" and "cannot get freq at ep 0x82". This patch adds the USB ID of the BT600 to quirks.c and avoids those error messages. Signed-off-by: Dennis Kadioglu Cc: Signed-off-by: Takashi Iwai sound/usb/quirks.c | 1 + 1 file changed, 1 insertion(+) commit 68f458eec7069d618a6c884ca007426e0cea411b Author: Peter Ujfalusi Date: Mon Jan 9 16:31:58 2017 +0200 drm: Schedule the output_poll_work with 1s delay if we have delayed event Instead of scheduling the work to handle the initial delayed event, use 1s delay. This delay should not be needed, but Optimus/nouveau will fail in a mysterious way if the delayed event is handled as soon as possible like it is done in drm_helper_probe_single_connector_modes() in case the poll was enabled before. Reverting 339fd36238dd would give back the 10 sec (!) delay to handle the delayed event. Adding 1sec delay to the poll_work is enough to work around the issue in Optimus setups and gives shorter response on handling the initial delayed event. Fixes: 339fd36238dd ("drm: drm_probe_helper: Fix output_poll_work scheduling") Cc: stable@vger.kernel.org # v4.9 Signed-off-by: Peter Ujfalusi [danvet: Add FIXME to the comment to make it stick out more.] Signed-off-by: Daniel Vetter Link: http://patchwork.freedesktop.org/patch/msgid/20170109143158.21917-1-peter.ujfalusi@ti.com drivers/gpu/drm/drm_probe_helper.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) commit 79b11b6437bd31b315f5fda72fe1a00baf98e804 Merge: a121103 9631739 Author: Jani Nikula Date: Tue Jan 10 10:10:22 2017 +0200 Merge tag 'gvt-fixes-2017-01-10' of https://github.com/01org/gvt-linux into drm-intel-fixes GVT-g fixes from Zhenya, "Please pull GVT-g device model fixes for rc4. This is based on rc3 with new vfio/mdev interface change." Signed-off-by: Jani Nikula commit 497de07d89c1410d76a15bec2bb41f24a2a89f31 Author: Gu Zheng Date: Mon Jan 9 09:34:48 2017 +0800 tmpfs: clear S_ISGID when setting posix ACLs This change was missed the tmpfs modification in In CVE-2016-7097 commit 073931017b49 ("posix_acl: Clear SGID bit when setting file permissions") It can test by xfstest generic/375, which failed to clear setgid bit in the following test case on tmpfs: touch $testfile chown 100:100 $testfile chmod 2755 $testfile _runas -u 100 -g 101 -- setfacl -m u::rwx,g::rwx,o::rwx $testfile Signed-off-by: Gu Zheng Signed-off-by: Al Viro fs/posix_acl.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) commit 527a27591312e4b3a0f8179f321f9e85c0850df0 Author: Peter Ujfalusi Date: Mon Jan 9 16:50:52 2017 +0200 dmaengine: omap-dma: Fix the port_window support We do not yet have users of port_window. The following errors were found when converting the tusb6010_omap.c musb driver: - The peripheral side must have SRC_/DST_PACKED disabled - when configuring the burst for the peripheral side the memory side configuration were overwritten: d->csdp = ... -> d->csdp |= ... - The EI and FI were configured for the wrong sides of the transfers. With these changes and the converted tus6010_omap.c I was able to verify that things are working as they expected to work. Fixes: 201ac4861c19 ("dmaengine: omap-dma: Support for slave devices with data port window") Signed-off-by: Peter Ujfalusi Signed-off-by: Vinod Koul drivers/dma/omap-dma.c | 31 ++++++++++++++++--------------- 1 file changed, 16 insertions(+), 15 deletions(-) commit 21d25f6a4217e755906cb548b55ddab39d0e88b9 Author: Krister Johansen Date: Wed Jan 4 01:22:52 2017 -0800 dmaengine: iota: ioat_alloc_chan_resources should not perform sleeping allocations. On a kernel with DEBUG_LOCKS, ioat_free_chan_resources triggers an in_interrupt() warning. With PROVE_LOCKING, it reports detecting a SOFTIRQ-safe to SOFTIRQ-unsafe lock ordering in the same code path. This is because dma_generic_alloc_coherent() checks if the GFP flags permit blocking. It allocates from different subsystems if blocking is permitted. The free path knows how to return the memory to the correct allocator. If GFP_KERNEL is specified then the alloc and free end up going through cma_alloc(), which uses mutexes. Given that ioat_free_chan_resources() can be called in interrupt context, ioat_alloc_chan_resources() must specify GFP_NOWAIT so that the allocations do not block and instead use an allocator that uses spinlocks. Signed-off-by: Krister Johansen Acked-by: Dave Jiang Signed-off-by: Vinod Koul drivers/dma/ioat/init.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit c3c4239465e11b2cc25fcf375c7909a342bcf4dc Author: Dave Jones Date: Tue Dec 27 13:13:21 2016 -0500 scsi: qla2xxx: Fix apparent cut-n-paste error. Commit 093df73771ba ("scsi: qla2xxx: Fix Target mode handling with Multiqueue changes.") introduces two bodies of code that look similar but with s/req/rsp/ in the second instance. But in one case, it looks like this conversion was missed. Signed-off-by: Dave Jones Reviewed-by: Laurence Oberman Acked-by: Quinn Tran Signed-off-by: Martin K. Petersen drivers/scsi/qla2xxx/qla_os.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit c7702b8c22712a06080e10f1d2dee1a133ec8809 Author: Milan P. Gandhi Date: Sat Dec 24 22:02:46 2016 +0530 scsi: qla2xxx: Get mutex lock before checking optrom_state There is a race condition with qla2xxx optrom functions where one thread might modify optrom buffer, optrom_state while other thread is still reading from it. In couple of crashes, it was found that we had successfully passed the following 'if' check where we confirm optrom_state to be QLA_SREADING. But by the time we acquired mutex lock to proceed with memory_read_from_buffer function, some other thread/process had already modified that option rom buffer and optrom_state from QLA_SREADING to QLA_SWAITING. Then we got ha->optrom_buffer 0x0 and crashed the system: if (ha->optrom_state != QLA_SREADING) return 0; mutex_lock(&ha->optrom_mutex); rval = memory_read_from_buffer(buf, count, &off, ha->optrom_buffer, ha->optrom_region_size); mutex_unlock(&ha->optrom_mutex); With current optrom function we get following crash due to a race condition: [ 1479.466679] BUG: unable to handle kernel NULL pointer dereference at (null) [ 1479.466707] IP: [] memcpy+0x6/0x110 [...] [ 1479.473673] Call Trace: [ 1479.474296] [] ? memory_read_from_buffer+0x3c/0x60 [ 1479.474941] [] qla2x00_sysfs_read_optrom+0x9c/0xc0 [qla2xxx] [ 1479.475571] [] read+0xdb/0x1f0 [ 1479.476206] [] vfs_read+0x9e/0x170 [ 1479.476839] [] SyS_read+0x7f/0xe0 [ 1479.477466] [] system_call_fastpath+0x16/0x1b Below patch modifies qla2x00_sysfs_read_optrom, qla2x00_sysfs_write_optrom functions to get the mutex_lock before checking ha->optrom_state to avoid similar crashes. The patch was applied and tested and same crashes were no longer observed again. Tested-by: Milan P. Gandhi Signed-off-by: Milan P. Gandhi Reviewed-by: Laurence Oberman Acked-by: Himanshu Madhani Signed-off-by: Martin K. Petersen drivers/scsi/qla2xxx/qla_attr.c | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) commit 64cbff449a8ad11d72c2b437cb7412e70fc99654 Author: Masahiro Yamada Date: Wed Dec 28 00:51:26 2016 +0900 ARM, ARM64: dts: drop "arm,amba-bus" in favor of "simple-bus" part 3 Tree-wide replacement was done by commit 2ef7d5f342c1 ("ARM, ARM64: dts: drop "arm,amba-bus" in favor of "simple-bus"), then the 2nd round by commit 15b7cc78f095 ("arm64: dts: drop "arm,amba-bus" in favor of "simple-bus" part 2"). Here, some new users have appeared for Linux v4.10-rc1. Eliminate them now. Signed-off-by: Masahiro Yamada Signed-off-by: Olof Johansson arch/arm/boot/dts/qcom-mdm9615.dtsi | 2 +- arch/arm64/boot/dts/exynos/exynos5433.dtsi | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) commit 9511ecab0762bf4df35cfc05adbc3ada09ad7075 Merge: 1b9ec81 c415f9e Author: Olof Johansson Date: Mon Jan 9 19:06:15 2017 -0800 Merge tag 'zynmp-dt-fixes-for-4.10' of https://github.com/Xilinx/linux-xlnx into fixes arm: Xilinx ZynqMP DT fixes for v4.10 - Fix dtc warnings - Fix i2c compatible string * tag 'zynmp-dt-fixes-for-4.10' of https://github.com/Xilinx/linux-xlnx: ARM64: zynqmp: Fix i2c node's compatible string ARM64: zynqmp: Fix W=1 dtc 1.4 warnings Signed-off-by: Olof Johansson commit 37530e74609a28ae3a3b51e7685fe54a00b1e2f2 Author: Gary Bisson Date: Tue Jan 3 12:22:47 2017 +0100 ARM: dts: imx6qdl-nitrogen6_som2: fix sgtl5000 pinctrl init Since the codec is probed first, the pinctrl node should be under the codec node. The codec init was working for this board since U-Boot was already setting GPIO_0 as CLKO1 but better fix it anyway. Fixes: 3faa1bb2e89c ("ARM: dts: imx: add Boundary Devices Nitrogen6_SOM2 support") Signed-off-by: Gary Bisson Signed-off-by: Shawn Guo arch/arm/boot/dts/imx6qdl-nitrogen6_som2.dtsi | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 6ab5c2b662e2dcbb964099bf7f19e9dbc9ae5a41 Author: Gary Bisson Date: Tue Jan 3 12:22:46 2017 +0100 ARM: dts: imx6qdl-nitrogen6_max: fix sgtl5000 pinctrl init This patch fixes the following error: sgtl5000 0-000a: Error reading chip id -6 imx-sgtl5000 sound: ASoC: CODEC DAI sgtl5000 not registered imx-sgtl5000 sound: snd_soc_register_card failed (-517) The problem was that the pinctrl group was linked to the sound driver instead of the codec node. Since the codec is probed first, the sys_mclk was missing and it would therefore fail to initialize. Fixes: b32e700256bc ("ARM: dts: imx: add Boundary Devices Nitrogen6_Max board") Signed-off-by: Gary Bisson Signed-off-by: Shawn Guo arch/arm/boot/dts/imx6qdl-nitrogen6_max.dtsi | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 93362fa47fe98b62e4a34ab408c4a418432e7939 Author: Zhou Chengming Date: Fri Jan 6 09:32:32 2017 +0800 sysctl: Drop reference added by grab_header in proc_sys_readdir Fixes CVE-2016-9191, proc_sys_readdir doesn't drop reference added by grab_header when return from !dir_emit_dots path. It can cause any path called unregister_sysctl_table will wait forever. The calltrace of CVE-2016-9191: [ 5535.960522] Call Trace: [ 5535.963265] [] schedule+0x3f/0xa0 [ 5535.968817] [] schedule_timeout+0x3db/0x6f0 [ 5535.975346] [] ? wait_for_completion+0x45/0x130 [ 5535.982256] [] wait_for_completion+0xc3/0x130 [ 5535.988972] [] ? wake_up_q+0x80/0x80 [ 5535.994804] [] drop_sysctl_table+0xc4/0xe0 [ 5536.001227] [] drop_sysctl_table+0x77/0xe0 [ 5536.007648] [] unregister_sysctl_table+0x4d/0xa0 [ 5536.014654] [] unregister_sysctl_table+0x7f/0xa0 [ 5536.021657] [] unregister_sched_domain_sysctl+0x15/0x40 [ 5536.029344] [] partition_sched_domains+0x44/0x450 [ 5536.036447] [] ? __mutex_unlock_slowpath+0x111/0x1f0 [ 5536.043844] [] rebuild_sched_domains_locked+0x64/0xb0 [ 5536.051336] [] update_flag+0x11d/0x210 [ 5536.057373] [] ? mutex_lock_nested+0x2df/0x450 [ 5536.064186] [] ? cpuset_css_offline+0x1b/0x60 [ 5536.070899] [] ? trace_hardirqs_on+0xd/0x10 [ 5536.077420] [] ? mutex_lock_nested+0x2df/0x450 [ 5536.084234] [] ? css_killed_work_fn+0x25/0x220 [ 5536.091049] [] cpuset_css_offline+0x35/0x60 [ 5536.097571] [] css_killed_work_fn+0x5c/0x220 [ 5536.104207] [] process_one_work+0x1df/0x710 [ 5536.110736] [] ? process_one_work+0x160/0x710 [ 5536.117461] [] worker_thread+0x12b/0x4a0 [ 5536.123697] [] ? process_one_work+0x710/0x710 [ 5536.130426] [] kthread+0xfe/0x120 [ 5536.135991] [] ret_from_fork+0x1f/0x40 [ 5536.142041] [] ? kthread_create_on_node+0x230/0x230 One cgroup maintainer mentioned that "cgroup is trying to offline a cpuset css, which takes place under cgroup_mutex. The offlining ends up trying to drain active usages of a sysctl table which apprently is not happening." The real reason is that proc_sys_readdir doesn't drop reference added by grab_header when return from !dir_emit_dots path. So this cpuset offline path will wait here forever. See here for details: http://www.openwall.com/lists/oss-security/2016/11/04/13 Fixes: f0c3b5093add ("[readdir] convert procfs") Cc: stable@vger.kernel.org Reported-by: CAI Qian Tested-by: Yang Shukui Signed-off-by: Zhou Chengming Acked-by: Al Viro Signed-off-by: Eric W. Biederman fs/proc/proc_sysctl.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit add7c65ca426b7a37184dd3d2172394e23d585d6 Author: Andrei Vagin Date: Wed Jan 4 19:28:14 2017 -0800 pid: fix lockdep deadlock warning due to ucount_lock ========================================================= [ INFO: possible irq lock inversion dependency detected ] 4.10.0-rc2-00024-g4aecec9-dirty #118 Tainted: G W --------------------------------------------------------- swapper/1/0 just changed the state of lock: (&(&sighand->siglock)->rlock){-.....}, at: [] __lock_task_sighand+0xb6/0x2c0 but this lock took another, HARDIRQ-unsafe lock in the past: (ucounts_lock){+.+...} and interrupts could create inverse lock ordering between them. other info that might help us debug this: Chain exists of: &(&sighand->siglock)->rlock --> &(&tty->ctrl_lock)->rlock --> ucounts_lock Possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ---- lock(ucounts_lock); local_irq_disable(); lock(&(&sighand->siglock)->rlock); lock(&(&tty->ctrl_lock)->rlock); lock(&(&sighand->siglock)->rlock); *** DEADLOCK *** This patch removes a dependency between rlock and ucount_lock. Fixes: f333c700c610 ("pidns: Add a limit on the number of pid namespaces") Cc: stable@vger.kernel.org Signed-off-by: Andrei Vagin Acked-by: Al Viro Signed-off-by: Eric W. Biederman kernel/pid_namespace.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) commit 75422726b0f717d67db3283c2eb5bc14fa2619c5 Author: Eric W. Biederman Date: Wed Jan 4 17:37:27 2017 +1300 libfs: Modify mount_pseudo_xattr to be clear it is not a userspace mount Add MS_KERNMOUNT to the flags that are passed. Use sget_userns and force &init_user_ns instead of calling sget so that even if called from a weird context the internal filesystem will be considered to be in the intial user namespace. Luis Ressel reported that the the failure to pass MS_KERNMOUNT into mount_pseudo broke his in development graphics driver that uses the generic drm infrastructure. I am not certain the deriver was bug free in it's usage of that infrastructure but since mount_pseudo_xattr can never be triggered by userspace it is clearer and less error prone, and less problematic for the code to be explicit. Reported-by: Luis Ressel Tested-by: Luis Ressel Acked-by: Al Viro Signed-off-by: "Eric W. Biederman" fs/libfs.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 3895dbf8985f656675b5bde610723a29cbce3fa7 Author: Eric W. Biederman Date: Tue Jan 3 14:18:43 2017 +1300 mnt: Protect the mountpoint hashtable with mount_lock Protecting the mountpoint hashtable with namespace_sem was sufficient until a call to umount_mnt was added to mntput_no_expire. At which point it became possible for multiple calls of put_mountpoint on the same hash chain to happen on the same time. Kristen Johansen reported: > This can cause a panic when simultaneous callers of put_mountpoint > attempt to free the same mountpoint. This occurs because some callers > hold the mount_hash_lock, while others hold the namespace lock. Some > even hold both. > > In this submitter's case, the panic manifested itself as a GP fault in > put_mountpoint() when it called hlist_del() and attempted to dereference > a m_hash.pprev that had been poisioned by another thread. Al Viro observed that the simple fix is to switch from using the namespace_sem to the mount_lock to protect the mountpoint hash table. I have taken Al's suggested patch moved put_mountpoint in pivot_root (instead of taking mount_lock an additional time), and have replaced new_mountpoint with get_mountpoint a function that does the hash table lookup and addition under the mount_lock. The introduction of get_mounptoint ensures that only the mount_lock is needed to manipulate the mountpoint hashtable. d_set_mounted is modified to only set DCACHE_MOUNTED if it is not already set. This allows get_mountpoint to use the setting of DCACHE_MOUNTED to ensure adding a struct mountpoint for a dentry happens exactly once. Cc: stable@vger.kernel.org Fixes: ce07d891a089 ("mnt: Honor MNT_LOCKED when detaching mounts") Reported-by: Krister Johansen Suggested-by: Al Viro Acked-by: Al Viro Signed-off-by: "Eric W. Biederman" fs/dcache.c | 7 +++++-- fs/namespace.c | 64 +++++++++++++++++++++++++++++++++++++++++----------------- 2 files changed, 50 insertions(+), 21 deletions(-) commit 318fa46cc60d37fec1e87dbf03a82aca0f5ce695 Author: Marek Szyprowski Date: Thu Dec 22 10:44:30 2016 +0100 clk/samsung: exynos542x: mark some clocks as critical Some parent clocks of the Exynos542x clock blocks, which have separate power domains (like DISP, MFC, MSC, GSC, FSYS and G2D) must be always enabled to access any register related to power management unit or devices connected to it. For the time being, until a proper solution based on runtime PM is applied, mark those clocks as critical (instead of ignore unused or even no flags) to prevent disabling them. Signed-off-by: Marek Szyprowski Acked-by: Sylwester Nawrocki Reviewed-by: Chanwoo Choi Reviewed-by: Javier Martinez Canillas Tested-by: Javier Martinez Canillas [Exynos5800 Peach Pi Chromebook] Signed-off-by: Stephen Boyd drivers/clk/samsung/clk-exynos5420.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) commit 9afe69d5a9495f8b023017e4c328fa717e00f092 Merge: 6edd870 f0a8b49 Author: Dave Airlie Date: Tue Jan 10 08:18:53 2017 +1000 Merge tag 'drm-misc-fixes-2017-01-09' of git://anongit.freedesktop.org/git/drm-misc into drm-fixes Single drm bridge fix. * tag 'drm-misc-fixes-2017-01-09' of git://anongit.freedesktop.org/git/drm-misc: drm/bridge: analogix dp: Fix runtime PM state on driver bind commit 2e86222c67bb5d942da68e8415749b32db208534 Author: Junichi Nomura Date: Mon Jan 9 12:41:47 2017 +0100 x86/microcode/intel: Use correct buffer size for saving microcode data In generic_load_microcode(), curr_mc_size is the size of the last allocated buffer and since we have this performance "optimization" there to vmalloc a new buffer only when the current one is bigger, curr_mc_size ends up becoming the size of the biggest buffer we've seen so far. However, we end up saving the microcode patch which matches our CPU and its size is not curr_mc_size but the respective mc_size during the iteration while we're staring at it. So save that mc_size into a separate variable and use it to store the previously found microcode buffer. Without this fix, we could get oops like this: BUG: unable to handle kernel paging request at ffffc9000e30f000 IP: __memcpy+0x12/0x20 ... Call Trace: ? kmemdup+0x43/0x60 __alloc_microcode_buf+0x44/0x70 save_microcode_patch+0xd4/0x150 generic_load_microcode+0x1b8/0x260 request_microcode_user+0x15/0x20 microcode_write+0x91/0x100 __vfs_write+0x34/0x120 vfs_write+0xc1/0x130 SyS_write+0x56/0xc0 do_syscall_64+0x6c/0x160 entry_SYSCALL64_slow_path+0x25/0x25 Fixes: 06b8534cb728 ("x86/microcode: Rework microcode loading") Signed-off-by: Jun'ichi Nomura Signed-off-by: Borislav Petkov Link: http://lkml.kernel.org/r/4f33cbfd-44f2-9bed-3b66-7446cd14256f@ce.jp.nec.com Signed-off-by: Thomas Gleixner arch/x86/kernel/cpu/microcode/intel.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 9fcf5ba2ef908af916e9002891fbbca20ce4dc98 Author: Junichi Nomura Date: Mon Jan 9 12:41:46 2017 +0100 x86/microcode/intel: Fix allocation size of struct ucode_patch We allocate struct ucode_patch here. @size is the size of microcode data and used for kmemdup() later in this function. Fixes: 06b8534cb728 ("x86/microcode: Rework microcode loading") Signed-off-by: Jun'ichi Nomura Signed-off-by: Borislav Petkov Link: http://lkml.kernel.org/r/7a730dc9-ac17-35c4-fe76-dfc94e5ecd95@ce.jp.nec.com Signed-off-by: Thomas Gleixner arch/x86/kernel/cpu/microcode/intel.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 4167709bbf826512a52ebd6aafda2be104adaec9 Author: Borislav Petkov Date: Mon Jan 9 12:41:45 2017 +0100 x86/microcode/intel: Add a helper which gives the microcode revision Since on Intel we're required to do CPUID(1) first, before reading the microcode revision MSR, let's add a special helper which does the required steps so that we don't forget to do them next time, when we want to read the microcode revision. Signed-off-by: Borislav Petkov Link: http://lkml.kernel.org/r/20170109114147.5082-4-bp@alien8.de Signed-off-by: Thomas Gleixner arch/x86/include/asm/microcode_intel.h | 15 ++++++++++++ arch/x86/kernel/cpu/intel.c | 11 +++------ arch/x86/kernel/cpu/microcode/intel.c | 43 ++++++++++------------------------ 3 files changed, 31 insertions(+), 38 deletions(-) commit f3e2a51f568d9f33370f4e8bb05669a34223241a Author: Borislav Petkov Date: Mon Jan 9 12:41:44 2017 +0100 x86/microcode: Use native CPUID to tickle out microcode revision Intel supplies the microcode revision value in MSR 0x8b (IA32_BIOS_SIGN_ID) after CPUID(1) has been executed. Execute it each time before reading that MSR. It used to do sync_core() which did do CPUID but c198b121b1a1 ("x86/asm: Rewrite sync_core() to use IRET-to-self") changed the sync_core() implementation so we better make the microcode loading case explicit, as the SDM documents it. Reported-and-tested-by: Jun'ichi Nomura Signed-off-by: Borislav Petkov Link: http://lkml.kernel.org/r/20170109114147.5082-3-bp@alien8.de Signed-off-by: Thomas Gleixner arch/x86/kernel/cpu/intel.c | 2 +- arch/x86/kernel/cpu/microcode/intel.c | 26 +++----------------------- 2 files changed, 4 insertions(+), 24 deletions(-) commit 5dedade6dfa243c130b85d1e4daba6f027805033 Author: Borislav Petkov Date: Mon Jan 9 12:41:43 2017 +0100 x86/CPU: Add native CPUID variants returning a single datum ... similarly to the cpuid_() variants. Signed-off-by: Borislav Petkov Link: http://lkml.kernel.org/r/20170109114147.5082-2-bp@alien8.de Signed-off-by: Thomas Gleixner arch/x86/include/asm/processor.h | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) commit 32cd7cbbacf700885a2316275f188f2d5739b5f4 Author: Jes Sorensen Date: Fri Jan 6 19:31:35 2017 -0500 md/raid5: Use correct IS_ERR() variation on pointer check This fixes a build error on certain architectures, such as ppc64. Fixes: 6995f0b247e("md: takeover should clear unrelated bits") Signed-off-by: Jes Sorensen Signed-off-by: Shaohua Li drivers/md/raid5.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 84a4620cfe97c9d57e39b2369bfb77faff55063d Author: Christoph Hellwig Date: Mon Jan 9 13:41:33 2017 -0800 xfs: don't print warnings when xfs_log_force fails There are only two reasons for xfs_log_force / xfs_log_force_lsn to fail: one is an I/O error, for which xlog_bdstrat already logs a warning, and the second is an already shutdown log due to a previous I/O errors. In the latter case we'll already have a previous indication for the actual error, but the large stream of misleading warnings from xfs_log_force will probably scroll it out of the message buffer. Simply removing the warnings thus makes the XFS log reporting significantly better. Signed-off-by: Christoph Hellwig Reviewed-by: Carlos Maiolino Signed-off-by: Darrick J. Wong fs/xfs/xfs_log.c | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) commit 12ef830198b0d71668eb9b59f9ba69d32951a48a Author: Christoph Hellwig Date: Mon Jan 9 13:39:35 2017 -0800 xfs: don't rely on ->total in xfs_alloc_space_available ->total is a bit of an odd parameter passed down to the low-level allocator all the way from the high-level callers. It's supposed to contain the maximum number of blocks to be allocated for the whole transaction [1]. But in xfs_iomap_write_allocate we only convert existing delayed allocations and thus only have a minimal block reservation for the current transaction, so xfs_alloc_space_available can't use it for the allocation decisions. Use the maximum of args->total and the calculated block requirement to make a decision. We probably should get rid of args->total eventually and instead apply ->minleft more broadly, but that will require some extensive changes all over. [1] which creates lots of confusion as most callers don't decrement it once doing a first allocation. But that's for a separate series. Signed-off-by: Christoph Hellwig Reviewed-by: Brian Foster Signed-off-by: Darrick J. Wong fs/xfs/libxfs/xfs_alloc.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) commit 54fee133ad59c87ab01dd84ab3e9397134b32acb Author: Christoph Hellwig Date: Mon Jan 9 13:44:30 2017 -0800 xfs: adjust allocation length in xfs_alloc_space_available We must decide in xfs_alloc_fix_freelist if we can perform an allocation from a given AG is possible or not based on the available space, and should not fail the allocation past that point on a healthy file system. But currently we have two additional places that second-guess xfs_alloc_fix_freelist: xfs_alloc_ag_vextent tries to adjust the maxlen parameter to remove the reservation before doing the allocation (but ignores the various minium freespace requirements), and xfs_alloc_fix_minleft tries to fix up the allocated length after we've found an extent, but ignores the reservations and also doesn't take the AGFL into account (and thus fails allocations for not matching minlen in some cases). Remove all these later fixups and just correct the maxlen argument inside xfs_alloc_fix_freelist once we have the AGF buffer locked. Signed-off-by: Christoph Hellwig Reviewed-by: Brian Foster Signed-off-by: Darrick J. Wong fs/xfs/libxfs/xfs_alloc.c | 81 ++++++++++------------------------------------- fs/xfs/libxfs/xfs_alloc.h | 2 +- 2 files changed, 18 insertions(+), 65 deletions(-) commit 255c516278175a6dc7037d1406307f35237d8688 Author: Christoph Hellwig Date: Mon Jan 9 13:36:19 2017 -0800 xfs: fix bogus minleft manipulations We can't just set minleft to 0 when we're low on space - that's exactly what we need minleft for: to protect space in the AG for btree block allocations when we are low on free space. Signed-off-by: Christoph Hellwig Reviewed-by: Brian Foster Signed-off-by: Darrick J. Wong fs/xfs/libxfs/xfs_alloc.c | 24 +++++++----------------- fs/xfs/libxfs/xfs_bmap.c | 3 --- fs/xfs/libxfs/xfs_bmap_btree.c | 3 +-- 3 files changed, 8 insertions(+), 22 deletions(-) commit 5149fd327f16e393c1d04fa5325ab072c32472bf Author: Christoph Hellwig Date: Mon Jan 9 13:36:30 2017 -0800 xfs: bump up reserved blocks in xfs_alloc_set_aside Setting aside 4 blocks globally for bmbt splits isn't all that useful, as different threads can allocate space in parallel. Bump it to 4 blocks per AG to allow each thread that is currently doing an allocation to dip into it separately. Without that we may no have enough reserved blocks if there are enough parallel transactions in an almost out space file system that all run into bmap btree splits. Signed-off-by: Christoph Hellwig Reviewed-by: Brian Foster Signed-off-by: Darrick J. Wong fs/xfs/libxfs/xfs_alloc.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) commit 6bb629db5e7daa619f5242b6ad93e4dd9bf7432c Author: Eric Dumazet Date: Mon Jan 9 08:51:32 2017 -0800 tcp: do not export tcp_peer_is_proven() After commit 1fb6f159fd21 ("tcp: add tcp_conn_request"), tcp_peer_is_proven() no longer needs to be exported. Signed-off-by: Eric Dumazet Signed-off-by: David S. Miller net/ipv4/tcp_metrics.c | 1 - 1 file changed, 1 deletion(-) commit 2ebae8bd60188f57e26e95e7fde6b8943297d348 Author: Jean Delvare Date: Mon Jan 9 15:17:27 2017 +0100 net: phy: Add Meson GXL PHY hardware dependency As I understand it the Meson GXL PHY driver is only useful on one architecture so only make it visible on that architecture. Signed-off-by: Jean Delvare Fixes: 7334b3e47aee ("net: phy: Add Meson GXL Internal PHY driver") Cc: Neil Armstrong Cc: Florian Fainelli Cc: Andrew Lunn Cc: David S. Miller Signed-off-by: David S. Miller drivers/net/phy/Kconfig | 1 + 1 file changed, 1 insertion(+) commit ce7e40c432ba84da104438f6799d460a4cad41bc Author: Vlad Tsyrklevich Date: Mon Jan 9 20:57:48 2017 +0700 net/appletalk: Fix kernel memory disclosure ipddp_route structs contain alignment padding so kernel heap memory is leaked when they are copied to user space in ipddp_ioctl(SIOCFINDIPDDPRT). Change kmalloc() to kzalloc() to clear that memory. Signed-off-by: Vlad Tsyrklevich Signed-off-by: David S. Miller drivers/net/appletalk/ipddp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit b007f09072ca8afa118ade333e717ba443e8d807 Author: Pavel Tikhomirov Date: Mon Jan 9 10:45:49 2017 +0300 ipv4: make tcp_notsent_lowat sysctl knob behave as true unsigned int > cat /proc/sys/net/ipv4/tcp_notsent_lowat -1 > echo 4294967295 > /proc/sys/net/ipv4/tcp_notsent_lowat -bash: echo: write error: Invalid argument > echo -2147483648 > /proc/sys/net/ipv4/tcp_notsent_lowat > cat /proc/sys/net/ipv4/tcp_notsent_lowat -2147483648 but in documentation we have "tcp_notsent_lowat - UNSIGNED INTEGER" v2: simplify to just proc_douintvec Signed-off-by: Pavel Tikhomirov Signed-off-by: David S. Miller net/ipv4/sysctl_net_ipv4.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 67c408cfa8862fe7e45b3a1f762f7140e03b7217 Author: Alexander Alemayhu Date: Sat Jan 7 23:53:00 2017 +0100 ipv6: fix typos o s/approriate/appropriate o s/discouvery/discovery Signed-off-by: Alexander Alemayhu Signed-off-by: David S. Miller net/ipv6/route.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit bd5d7428f5e50cc10b98cf0abc13ccac391e1e33 Merge: 756a733 6edd870 Author: Linus Torvalds Date: Mon Jan 9 12:54:20 2017 -0800 Merge tag 'drm-fixes-for-v4.10-rc4' of git://people.freedesktop.org/~airlied/linux Pull drm fixes from Dave Airlie: "amdgpu, radeon, msm, meson, tilcdc, drm fixes. Just back online for a couple of days, gathered up the remaining fixes pull requests. This contains fixes for a few ARM platforms (msm, tilcdc, meson), and one core atomic fix. The AMD pull has some new hardware support (Polaris12) in it, but this is pretty limited to just hw enablement and shouldn't cause any problems" * tag 'drm-fixes-for-v4.10-rc4' of git://people.freedesktop.org/~airlied/linux: drm/amdgpu: drop verde dpm quirks drm/radeon: drop verde dpm quirks drm/radeon: update smc firmware selection for SI drm/amdgpu: update si kicker smc firmware drm/amd/powerplay: extend smu's response timeout time. drm/amdgpu: remove static integer for uvd pp state drm/amd/amdgpu: add Polaris12 PCI ID drm/amdgpu/powerplay: add Polaris12 support drm/amd/amdgpu: add Polaris12 support (v3) MAINTAINERS: Update mailing list for radeon and amdgpu drm/meson: Fix CVBS VDAC disable drm/meson: Fix CVBS initialization when HDMI is configured by bootloader drm: Clean up planes in atomic commit helper failure path drm: tilcdc: simplify the recovery from sync lost error on rev1 drm/meson: Fix plane atomic check when no crtc for the plane drm/msm: Verify that MSM_SUBMIT_BO_FLAGS are set drm/msm: Put back the vaddr in submit_reloc() drm/msm: Ensure that the hardware write pointer is valid commit 756a7334f2b8a7fee56c221580ce75e2eb182d62 Merge: c92f5bd 5018ada Author: Linus Torvalds Date: Mon Jan 9 12:50:33 2017 -0800 Merge tag 'gpio-v4.10-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio Pull GPIO fixes from Linus Walleij: - move freeing of GPIO hogs to after freeing the device to get rid of a warning state. - a small compile warning fix * tag 'gpio-v4.10-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio: gpio: Move freeing of GPIO hogs before numbing of the device gpio: mxs: remove __init annotation commit 811a919135b980bac8009d042acdccf10dc1ef5e Author: Zefir Kurtisi Date: Fri Jan 6 12:14:48 2017 +0100 phy state machine: failsafe leave invalid RUNNING state While in RUNNING state, phy_state_machine() checks for link changes by comparing phydev->link before and after calling phy_read_status(). This works as long as it is guaranteed that phydev->link is never changed outside the phy_state_machine(). If in some setups this happens, it causes the state machine to miss a link loss and remain RUNNING despite phydev->link being 0. This has been observed running a dsa setup with a process continuously polling the link states over ethtool each second (SNMPD RFC-1213 agent). Disconnecting the link on a phy followed by a ETHTOOL_GSET causes dsa_slave_get_settings() / dsa_slave_get_link_ksettings() to call phy_read_status() and with that modify the link status - and with that bricking the phy state machine. This patch adds a fail-safe check while in RUNNING, which causes to move to CHANGELINK when the link is gone and we are still RUNNING. Signed-off-by: Zefir Kurtisi Reviewed-by: Florian Fainelli Signed-off-by: David S. Miller drivers/net/phy/phy.c | 9 +++++++++ 1 file changed, 9 insertions(+) commit c92f5bdc4b9ba509a93f9e386fbb1fa779d4b0d6 Merge: a121103 03430fa Author: Linus Torvalds Date: Mon Jan 9 11:58:28 2017 -0800 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net Pull networking fixes from David Miller: 1) Fix dumping of nft_quota entries, from Pablo Neira Ayuso. 2) Fix out of bounds access in nf_tables discovered by KASAN, from Florian Westphal. 3) Fix IRQ enabling in dp83867 driver, from Grygorii Strashko. 4) Fix unicast filtering in be2net driver, from Ivan Vecera. 5) tg3_get_stats64() can race with driver close and ethtool reconfigurations, fix from Michael Chan. 6) Fix error handling when pass limit is reached in bpf code gen on x86. From Daniel Borkmann. 7) Don't clobber switch ops and use proper MDIO nested reads and writes in bcm_sf2 driver, from Florian Fainelli. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (21 commits) net: dsa: bcm_sf2: Utilize nested MDIO read/write net: dsa: bcm_sf2: Do not clobber b53_switch_ops net: stmmac: fix maxmtu assignment to be within valid range bpf: change back to orig prog on too many passes tg3: Fix race condition in tg3_get_stats64(). be2net: fix unicast list filling be2net: fix accesses to unicast list netlabel: add CALIPSO to the list of built-in protocols vti6: fix device register to report IFLA_INFO_KIND net: phy: dp83867: fix irq generation amd-xgbe: Fix IRQ processing when running in single IRQ mode sh_eth: R8A7740 supports packet shecksumming sh_eth: fix EESIPR values for SH77{34|63} r8169: fix the typo in the comment nl80211: fix sched scan netlink socket owner destruction bridge: netfilter: Fix dropping packets that moving through bridge interface netfilter: ipt_CLUSTERIP: check duplicate config when initializing netfilter: nft_payload: mangle ckecksum if NFT_PAYLOAD_L4CSUM_PSEUDOHDR is set netfilter: nf_tables: fix oob access netfilter: nft_queue: use raw_smp_processor_id() ... commit bf99b4ded5f8a4767dbb9d180626f06c51f9881f Author: Pau Espin Pedrol Date: Fri Jan 6 20:33:28 2017 +0100 tcp: fix mark propagation with fwmark_reflect enabled Otherwise, RST packets generated by the TCP stack for non-existing sockets always have mark 0. The mark from the original packet is assigned to the netns_ipv4/6 socket used to send the response so that it can get copied into the response skb when the socket sends it. Fixes: e110861f8609 ("net: add a sysctl to reflect the fwmark on replies") Cc: Lorenzo Colitti Signed-off-by: Pau Espin Pedrol Signed-off-by: Pablo Neira Ayuso net/ipv4/ip_output.c | 1 + net/ipv6/tcp_ipv6.c | 1 + 2 files changed, 2 insertions(+) commit cc31d43b4154ad5a7d8aa5543255a93b7e89edc2 Author: Pau Espin Pedrol Date: Fri Jan 6 20:33:27 2017 +0100 netfilter: use fwmark_reflect in nf_send_reset Otherwise, RST packets generated by ipt_REJECT always have mark 0 when the routing is checked later in the same code path. Fixes: e110861f8609 ("net: add a sysctl to reflect the fwmark on replies") Cc: Lorenzo Colitti Signed-off-by: Pau Espin Pedrol Signed-off-by: Pablo Neira Ayuso net/ipv4/netfilter/nf_reject_ipv4.c | 2 ++ net/ipv6/netfilter/nf_reject_ipv6.c | 3 +++ 2 files changed, 5 insertions(+) commit 55fa15b5987db22b4f35d3f0798928c126be5f1c Author: Johan Hovold Date: Fri Jan 6 19:15:16 2017 +0100 USB: serial: ch341: fix baud rate and line-control handling Revert to using direct register writes to set the divisor and line-control registers. A recent change switched to using the init vendor command to update these registers, something which also enabled support for CH341A devices. It turns out that simply setting bit 7 in the divisor register is sufficient to support CH341A and specifically prevent data from being buffered until a full endpoint-size packet (32 bytes) has been received. Using the init command also had the side-effect of temporarily deasserting the DTR/RTS signals on every termios change (including initialisation on open) something which for example could cause problems in setups where DTR is used to trigger a reset. Fixes: 4e46c410e050 ("USB: serial: ch341: reinitialize chip on reconfiguration") Signed-off-by: Johan Hovold drivers/usb/serial/ch341.c | 24 +++++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) commit 3cca8624b6624e7ffb87dcd8a0a05bef9b50e97b Author: Johan Hovold Date: Fri Jan 6 19:15:15 2017 +0100 USB: serial: ch341: fix line settings after reset-resume A recent change added support for modifying the default line-control settings, but did not make sure that the modified settings were used as part of reconfiguration after a device has been reset during resume. This caused a port that was open before suspend to be unusable until being closed and reopened. Fixes: ba781bdf8662 ("USB: serial: ch341: add support for parity, frame length, stop bits") Signed-off-by: Johan Hovold drivers/usb/serial/ch341.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit ce5e292828117d1b71cbd3edf9e9137cf31acd30 Author: Johan Hovold Date: Fri Jan 6 19:15:14 2017 +0100 USB: serial: ch341: fix resume after reset Fix reset-resume handling which failed to resubmit the read and interrupt URBs, thereby leaving a port that was open before suspend in a broken state until closed and reopened. Fixes: 1ded7ea47b88 ("USB: ch341 serial: fix port number changed after resume") Fixes: 2bfd1c96a9fb ("USB: serial: ch341: remove reset_resume callback") Cc: stable Signed-off-by: Johan Hovold drivers/usb/serial/ch341.c | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) commit f2950b78547ffb8475297ada6b92bc2d774d5461 Author: Johan Hovold Date: Fri Jan 6 19:15:13 2017 +0100 USB: serial: ch341: fix open error handling Make sure to stop the interrupt URB before returning on errors during open. Fixes: 664d5df92e88 ("USB: usb-serial ch341: support for DTR/RTS/CTS") Cc: stable Signed-off-by: Johan Hovold drivers/usb/serial/ch341.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) commit 030ee7ae52a46a2be52ccc8242c4a330aba8d38e Author: Johan Hovold Date: Fri Jan 6 19:15:12 2017 +0100 USB: serial: ch341: fix modem-control and B0 handling The modem-control signals are managed by the tty-layer during open and should not be asserted prematurely when set_termios is called from driver open. Also make sure that the signals are asserted only when changing speed from B0. Fixes: 664d5df92e88 ("USB: usb-serial ch341: support for DTR/RTS/CTS") Cc: stable Signed-off-by: Johan Hovold drivers/usb/serial/ch341.c | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) commit a20047f36e2f6a1eea4f1fd261aaa55882369868 Author: Johan Hovold Date: Fri Jan 6 19:15:11 2017 +0100 USB: serial: ch341: fix open and resume after B0 The private baud_rate variable is used to configure the port at open and reset-resume and must never be set to (and left at) zero or reset-resume and all further open attempts will fail. Fixes: aa91def41a7b ("USB: ch341: set tty baud speed according to tty struct") Fixes: 664d5df92e88 ("USB: usb-serial ch341: support for DTR/RTS/CTS") Cc: stable Signed-off-by: Johan Hovold drivers/usb/serial/ch341.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 4e2da44691cffbfffb1535f478d19bc2dca3e62b Author: Johan Hovold Date: Fri Jan 6 19:15:10 2017 +0100 USB: serial: ch341: fix initial modem-control state DTR and RTS will be asserted by the tty-layer when the port is opened and deasserted on close (if HUPCL is set). Make sure the initial state is not-asserted before the port is first opened as well. Fixes: 664d5df92e88 ("USB: usb-serial ch341: support for DTR/RTS/CTS") Cc: stable Signed-off-by: Johan Hovold drivers/usb/serial/ch341.c | 1 - 1 file changed, 1 deletion(-) commit 02c5c03283c52157d336abf5e44ffcda10579fbf Author: Bard Liao Date: Tue Dec 27 12:05:05 2016 +0800 ASoC: rt5645: set sel_i2s_pre_div1 to 2 The i2s clock pre-divider 1 is used for both i2s1 and sysclk. The i2s1 is usually used for the main i2s and the pre-divider will be set in hw_params function. However, if i2s2 is used, the pre-divider is not set in the hw_params function and the default value of i2s clock pre-divider 1 is too high for sysclk and DMIC usage. Fix by overriding default divider value to 2. Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=95681 Tested-by: Pierre-Louis Bossart Signed-off-by: Bard Liao Signed-off-by: Mark Brown sound/soc/codecs/rt5645.c | 3 +++ 1 file changed, 3 insertions(+) commit 9620ca90115d4bd700f05862d3b210a266a66efe Author: Christophe JAILLET Date: Mon Jan 9 01:02:47 2017 +0100 spi: spi-axi: Free resources on error path We should go to 'err_put_master' here instead of returning directly. Otherwise a call to 'spi_master_put' is missing. Signed-off-by: Christophe JAILLET Acked-by: Lars-Peter Clausen Signed-off-by: Mark Brown drivers/spi/spi-axi-spi-engine.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit fac69d0efad08fc15e4dbfc116830782acc0dc9a Author: Nicholas Mc Guire Date: Sat Jan 7 10:38:31 2017 +0100 x86/boot: Add missing declaration of string functions Add the missing declarations of basic string functions to string.h to allow a clean build. Fixes: 5be865661516 ("String-handling functions for the new x86 setup code.") Signed-off-by: Nicholas Mc Guire Link: http://lkml.kernel.org/r/1483781911-21399-1-git-send-email-hofrat@osadl.org Signed-off-by: Thomas Gleixner arch/x86/boot/string.c | 1 + arch/x86/boot/string.h | 9 +++++++++ 2 files changed, 10 insertions(+) commit 562a7a07bf61e2949f7cbdb6ac7537ad9e2794d1 Author: David Sterba Date: Fri Jan 6 15:51:36 2017 +0100 btrfs: make tracepoint format strings more compact We've recently added the fsid to trace events, this makes the line quite long. To reduce the it again, remove extra spaces around = and remove ",". Signed-off-by: David Sterba include/trace/events/btrfs.h | 112 +++++++++++++++++++++---------------------- 1 file changed, 56 insertions(+), 56 deletions(-) commit 7856654842bdbebc0fbcbf51573da5d70a787aba Author: Liu Bo Date: Wed Nov 30 16:10:10 2016 -0800 Btrfs: add truncated_len for ordered extent tracepoints This can help us monitor truncated ordered extents. Signed-off-by: Liu Bo Reviewed-by: David Sterba Signed-off-by: David Sterba include/trace/events/btrfs.h | 4 ++++ 1 file changed, 4 insertions(+) commit 92a1bf76a89ad338f00eb9a2c7689a3907fbcaad Author: Liu Bo Date: Thu Nov 17 15:00:50 2016 -0800 Btrfs: add 'inode' for extent map tracepoint 'inode' is an important field for btrfs_get_extent, lets trace it. Signed-off-by: Liu Bo Reviewed-by: David Sterba Signed-off-by: David Sterba fs/btrfs/inode.c | 2 +- include/trace/events/btrfs.h | 12 ++++++++---- 2 files changed, 9 insertions(+), 5 deletions(-) commit ac0c7cf8be00f269f82964cf7b144ca3edc5dbc4 Author: David Sterba Date: Fri Jan 6 14:12:51 2017 +0100 btrfs: fix crash when tracepoint arguments are freed by wq callbacks Enabling btrfs tracepoints leads to instant crash, as reported. The wq callbacks could free the memory and the tracepoints started to dereference the members to get to fs_info. The proposed fix https://marc.info/?l=linux-btrfs&m=148172436722606&w=2 removed the tracepoints but we could preserve them by passing only the required data in a safe way. Fixes: bc074524e123 ("btrfs: prefix fsid to all trace events") CC: stable@vger.kernel.org # 4.8+ Reported-by: Sebastian Andrzej Siewior Reviewed-by: Qu Wenruo Signed-off-by: David Sterba fs/btrfs/async-thread.c | 15 +++++++++++---- include/trace/events/btrfs.h | 22 +++++++++++++--------- 2 files changed, 24 insertions(+), 13 deletions(-) commit eeb0d56fab4cd7848cf2be6704fa48900dbc1381 Author: Johannes Berg Date: Wed Dec 14 16:47:43 2016 +0100 mac80211: implement multicast forwarding on fast-RX path In AP (or VLAN) mode, when unicast 802.11 packets are received, they might actually be multicast after conversion. In this case the fast-RX path didn't handle them properly to send them back to the wireless medium. Implement that by copying the SKB and sending it back out. The possible alternative would be to just punt the packet back to the regular (slow) RX path, but since we have almost all of the required code here already it's not so complicated to add here. Punting it back would also mean acquiring the spinlock, which would be bad for the stated purpose of the fast-RX path, to enable well-performing parallel RX. Cc: stable@vger.kernel.org Signed-off-by: Johannes Berg net/mac80211/rx.c | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) commit 9631739f8196ec80b5d9bf955f79b711490c0205 Author: Jike Song Date: Mon Jan 9 15:38:38 2017 +0800 drm/i915/gvt: cleanup GFP flags In gvt, almost all memory allocations are in sleepable contexts. It's fault-prone to use GFP_ATOMIC everywhere. Replace it with GFP_KERNEL wherever possible. Signed-off-by: Jike Song Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/gtt.c | 39 +++++++++++++++------------------------ 1 file changed, 15 insertions(+), 24 deletions(-) commit f0a8b49c03d22a511a601dc54b2a3425a41e35fa Author: Marek Szyprowski Date: Fri Dec 30 10:57:46 2016 +0100 drm/bridge: analogix dp: Fix runtime PM state on driver bind Analogix_dp_bind() can be called from component framework, which doesn't guarantee proper runtime PM state of the device during bind operation, so ensure that device is runtime active before doing any register access. This ensures that the power domain, to which DP module belongs, is turned on. While at it, also fix the unbalanced call to phy_power_on() in analogix_dp_bind() function. This patch solves the following kernel oops on Samsung Exynos5250 Snow board: Unhandled fault: imprecise external abort (0x406) at 0x00000000 pgd = c0004000 [00000000] *pgd=00000000 Internal error: : 406 [#1] PREEMPT SMP ARM Modules linked in: CPU: 0 PID: 75 Comm: kworker/0:2 Not tainted 4.9.0 #1046 Hardware name: SAMSUNG EXYNOS (Flattened Device Tree) Workqueue: events deferred_probe_work_func task: ee272300 task.stack: ee312000 PC is at analogix_dp_enable_sw_function+0x18/0x2c LR is at analogix_dp_init_dp+0x2c/0x50 ... [] (analogix_dp_enable_sw_function) from [] (analogix_dp_init_dp+0x2c/0x50) [] (analogix_dp_init_dp) from [] (analogix_dp_bind+0x184/0x42c) [] (analogix_dp_bind) from [] (component_bind_all+0xf0/0x218) [] (component_bind_all) from [] (exynos_drm_load+0x134/0x200) [] (exynos_drm_load) from [] (drm_dev_register+0xa0/0xd0) [] (drm_dev_register) from [] (drm_platform_init+0x58/0xb0) [] (drm_platform_init) from [] (try_to_bring_up_master+0x14c/0x188) [] (try_to_bring_up_master) from [] (component_add+0x88/0x138) [] (component_add) from [] (platform_drv_probe+0x50/0xb0) [] (platform_drv_probe) from [] (driver_probe_device+0x1f0/0x2a8) [] (driver_probe_device) from [] (bus_for_each_drv+0x44/0x8c) [] (bus_for_each_drv) from [] (__device_attach+0x9c/0x100) [] (__device_attach) from [] (bus_probe_device+0x84/0x8c) [] (bus_probe_device) from [] (deferred_probe_work_func+0x60/0x8c) [] (deferred_probe_work_func) from [] (process_one_work+0x120/0x318) [] (process_one_work) from [] (process_scheduled_works+0x28/0x38) [] (process_scheduled_works) from [] (worker_thread+0x204/0x4ac) [] (worker_thread) from [] (kthread+0xd8/0xf4) [] (kthread) from [] (ret_from_fork+0x14/0x3c) Code: e59035f0 e5935018 f57ff04f e3c55001 (f57ff04e) ---[ end trace 3d1d0d87796de344 ]--- Reviewed-by: Sean Paul Signed-off-by: Marek Szyprowski Signed-off-by: Archit Taneja Link: http://patchwork.freedesktop.org/patch/msgid/1483091866-1088-1-git-send-email-m.szyprowski@samsung.com drivers/gpu/drm/bridge/analogix/analogix_dp_core.c | 7 +++++++ 1 file changed, 7 insertions(+) commit a47fff1056376fab0929661e8cc85f90572cf55a Merge: db27edf 2d1148f Author: James Bottomley Date: Sun Jan 8 19:20:35 2017 -0800 Merge remote-tracking branch 'mkp-scsi/fixes' into fixes commit 5753394b64a07dd502cb288a5fd52e71fb01fc5d Author: Jike Song Date: Fri Jan 6 15:16:20 2017 +0800 drm/i915/gvt/kvmgt: return meaningful error for vgpu creating failure The vgpu_create() routine we called returns meaningful errors to indicate failures, so we'd better to pass it to our caller, the mdev framework, whereby the sysfs is able to tell userspace what happened. Signed-off-by: Jike Song Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/kvmgt.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) commit 03551e971f6e52c8dedd5741bf48631e65675759 Author: Jike Song Date: Fri Jan 6 15:16:23 2017 +0800 drm/i915/gvt: cleanup opregion memory allocation code According to the spec, ACPI OpRegion must be placed at a physical address below 4G. That is, for a vGPU it must be associated with a GPA below 4G, but on host side, it doesn't matter where the backing pages actually are. So when allocating pages from host, the GFP_DMA32 flag is unnecessary. Also the allocation is from a sleepable context, so GFP_ATOMIC is also unnecessary. This patch also removes INTEL_GVT_OPREGION_PORDER and use get_order() instead. Signed-off-by: Jike Song Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/opregion.c | 8 ++++---- drivers/gpu/drm/i915/gvt/reg.h | 3 +-- 2 files changed, 5 insertions(+), 6 deletions(-) commit 4e5378918b5b96e6b93fcadf1ab84a8486ca60a1 Author: Jike Song Date: Fri Jan 6 15:16:22 2017 +0800 drm/i915/gvt: destroy the allocated idr on vgpu creating failures Once idr_alloc gets called data is allocated within the idr list, if any error occurs afterwards, we should undo that by idr_remove on the error path. Signed-off-by: Jike Song Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/vgpu.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 59c0573dfbd5f66e3aa54c2ce0bebcb0953d4db4 Author: Jike Song Date: Fri Jan 6 15:16:21 2017 +0800 drm/i915/gvt: init/destroy vgpu_idr properly An idr should be initialized before use and destroyed afterwards. Signed-off-by: Jike Song Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/gvt.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) commit 440a9b9fae37dfd7e4c7d76db34fada57f9afd92 Author: Changbin Du Date: Thu Jan 5 16:49:03 2017 +0800 drm/i915/gvt: dec vgpu->running_workload_num after the workload is really done The vgpu->running_workload_num is used to determine whether a vgpu has any workload running or not. So we should make sure the workload is really done before we dec running_workload_num. Function complete_current_workload is not the right place to do it, since this function is still processing the workload. This patch move the dec op afterward. v2: move dec op before wake_up(&scheduler->workload_complete_wq) (Min He) Signed-off-by: Changbin Du Reviewed-by: Min He Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/scheduler.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) commit 2e51ef32b0d66fcd5fe45c437cf7c6aef8350746 Author: Changbin Du Date: Thu Jan 5 13:28:05 2017 +0800 drm/i915/gvt: fix use after free for workload In the function workload_thread(), we invoke complete_current_workload() to cleanup the just processed workload (workload will be freed there). So we cannot access workload->req after that. This patch move complete_current_workload() afterward. Signed-off-by: Changbin Du Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/scheduler.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 2fcdb66364ee467d69228a3d2ea074498c177211 Author: Zhenyu Wang Date: Thu Jan 5 10:26:24 2017 +0800 drm/i915/gvt: remove duplicated definition Remove duplicated definition for resource size in aperture_gm.c which are already defined in gvt.h. Need only one to take effect. Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/aperture_gm.c | 7 ------- 1 file changed, 7 deletions(-) commit 888530b57f88f2bc856f181479df732c9622fa22 Author: Zhenyu Wang Date: Thu Jan 5 10:26:13 2017 +0800 drm/i915/gvt: adjust high memory size for default vGPU type Previous high mem size initialized for vGPU type was too small which caused failure for some VMs. This trys to take minimal value of 384MB for each VM and enlarge default high mem size to make guest driver happy. Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/vgpu.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 901a14b721feef1b37cfe6362ee103e135133677 Author: Pei Zhang Date: Wed Jan 4 22:32:23 2017 +0800 drm/i915/gvt: print correct value for untracked mmio In function intel_vgpu_emulate_mmio_read, the untracked mmio register is dumped through kernel log, but the register value is not correct. This patch fixes this issue. V2: fix the fromat warning from checkpatch.pl. Signed-off-by: Pei Zhang Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/mmio.c | 31 ++++++++++++++++--------------- 1 file changed, 16 insertions(+), 15 deletions(-) commit 905a5035ebe79e89712cda0bed1887c73aa8e9bb Author: Changbin Du Date: Fri Dec 30 14:10:53 2016 +0800 drm/i915/gvt: always use readq and writeq The readq and writeq are already offered by drm_os_linux.h. So we can use them directly whithout dectecting their presence. This patch removed the duplicated code. Signed-off-by: Changbin Du Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/gtt.c | 15 ++------------- 1 file changed, 2 insertions(+), 13 deletions(-) commit 39762ad437f1149b904e6baeaf28824da34a89c1 Author: Changbin Du Date: Tue Dec 27 13:25:06 2016 +0800 drm/i915/gvt: fix return value in mul_force_wake_write All mmio handlers should return a negetive value for failure, not 1. Signed-off-by: Changbin Du Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/handlers.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit a12010534d0984f91bc5bdcf9e27bd55e20d82da Author: Changbin Du Date: Tue Dec 27 13:24:52 2016 +0800 drm/i915/gvt: fix error handing of tlb_control emulation Return ealier for a invalid access, else it would false set tlb flag for RCS. Signed-off-by: Changbin Du Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/handlers.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) commit 3e70c5d6ea510e38f612d07fa0fd7487277b7087 Author: Nicolas Iooss Date: Mon Dec 26 14:52:23 2016 +0100 drm/i915/gvt: verify functions types in new_mmio_info() The current prototype of new_mmio_info() uses void* for parameters read and write, which are functions with precise calling conventions (argument types and return type). Write down these conventions in new_mmio_info() definition. This has been reported by the following warnings when clang is used to build the kernel: drivers/gpu/drm/i915/gvt/handlers.c:124:21: error: pointer type mismatch ('void *' and 'int (*)(struct intel_vgpu *, unsigned int, void *, unsigned int)') [-Werror,-Wpointer-type-mismatch] info->read = read ? read : intel_vgpu_default_mmio_read; ^ ~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ drivers/gpu/drm/i915/gvt/handlers.c:125:23: error: pointer type mismatch ('void *' and 'int (*)(struct intel_vgpu *, unsigned int, void *, unsigned int)') [-Werror,-Wpointer-type-mismatch] info->write = write ? write : intel_vgpu_default_mmio_write; ^ ~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ This allows the compiler to detect that sbi_ctl_mmio_write() returns a "bool" value instead of an expected "int" one. Fix this. Signed-off-by: Nicolas Iooss Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/handlers.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 03430fa10b99e95e3a15eb7c00978fb1652f3b24 Merge: a2cd64f 2cfe8f8 Author: David S. Miller Date: Sun Jan 8 22:01:22 2017 -0500 Merge branch 'bcm_sf2-fixes' Florian Fainelli says: ==================== net: dsa: bcm_sf2: Couple fixes Here are a couple of fixes for bcm_sf2, please queue these up for -stable as well, thank you very much! ==================== Signed-off-by: David S. Miller commit 2cfe8f8290bd28cf1ee67db914a6e76cf8e6437b Author: Florian Fainelli Date: Sat Jan 7 21:01:57 2017 -0800 net: dsa: bcm_sf2: Utilize nested MDIO read/write We are implementing a MDIO bus which is behind another one, so use the nested version of the accessors to get lockdep annotations correct. Fixes: 461cd1b03e32 ("net: dsa: bcm_sf2: Register our slave MDIO bus") Signed-off-by: Florian Fainelli Reviewed-by: Andrew Lunn Signed-off-by: David S. Miller drivers/net/dsa/bcm_sf2.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit a4c61b92b3a4cbda35bb0251a5063a68f0861b2c Author: Florian Fainelli Date: Sat Jan 7 21:01:56 2017 -0800 net: dsa: bcm_sf2: Do not clobber b53_switch_ops We make the bcm_sf2 driver override ds->ops which points to b53_switch_ops since b53_switch_alloc() did the assignent. This is all well and good until a second b53 switch comes in, and ends up using the bcm_sf2 operations. Make a proper local copy, substitute the ds->ops pointer and then override the operations. Fixes: f458995b9ad8 ("net: dsa: bcm_sf2: Utilize core B53 driver when possible") Signed-off-by: Florian Fainelli Reviewed-by: Andrew Lunn Signed-off-by: David S. Miller drivers/net/dsa/bcm_sf2.c | 7 +++++++ 1 file changed, 7 insertions(+) commit 6edd870bca30b3aa69370a99bcefc1e5f2b8b190 Merge: 6906407 7192c54 Author: Dave Airlie Date: Mon Jan 9 09:47:19 2017 +1000 Merge branch 'drm-fixes-4.10' of git://people.freedesktop.org/~agd5f/linux into drm-fixes Fixes for 4.10: - Polaris 12 support - Add new amd-gfx mailing list to MAINTAINERS file - UVD clockgating fix - SI dpm fixes * 'drm-fixes-4.10' of git://people.freedesktop.org/~agd5f/linux: drm/amdgpu: drop verde dpm quirks drm/radeon: drop verde dpm quirks drm/radeon: update smc firmware selection for SI drm/amdgpu: update si kicker smc firmware drm/amd/powerplay: extend smu's response timeout time. drm/amdgpu: remove static integer for uvd pp state drm/amd/amdgpu: add Polaris12 PCI ID drm/amdgpu/powerplay: add Polaris12 support drm/amd/amdgpu: add Polaris12 support (v3) MAINTAINERS: Update mailing list for radeon and amdgpu commit a2cd64f30140c5aebd9359f66c00c19d5c6bece6 Author: Kweh, Hock Leong Date: Sat Jan 7 17:32:03 2017 +0800 net: stmmac: fix maxmtu assignment to be within valid range There is no checking valid value of maxmtu when getting it from device tree. This resolution added the checking condition to ensure the assignment is made within a valid range. Signed-off-by: Kweh, Hock Leong Reviewed-by: Andy Shevchenko Signed-off-by: David S. Miller drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 10 +++++++++- drivers/net/ethernet/stmicro/stmmac/stmmac_pci.c | 6 ++++++ 2 files changed, 15 insertions(+), 1 deletion(-) commit 6906407eeb690ed31b183a38ae10db2907cc3a58 Merge: 90e5d2d a6cb3b8 Author: Dave Airlie Date: Mon Jan 9 09:13:20 2017 +1000 Merge branch 'msm-fixes-4.10' of git://people.freedesktop.org/~robclark/linux into drm-fixes A few fixes for 4.10.. the first fixes a long-standing logic bug, that by luck (ie. size of packets written into RB for a submit) wasn't hit on a3xx/a4xx but was causing intermittent GPU lockups on a5xx. And a couple other robustness issues that Jordan noticed. * 'msm-fixes-4.10' of git://people.freedesktop.org/~robclark/linux: drm/msm: Verify that MSM_SUBMIT_BO_FLAGS are set drm/msm: Put back the vaddr in submit_reloc() drm/msm: Ensure that the hardware write pointer is valid commit 90e5d2d45776451e58989361a182c067008d5941 Merge: 13fe46b 5db60ea Author: Dave Airlie Date: Mon Jan 9 09:13:13 2017 +1000 Merge tag 'meson-drm-fixes-for-4.10' of git://people.freedesktop.org/~narmstrong/linux into drm-fixes - plan atomic check oops fix - fix CVBS init when HDMI is configured by bootloader - fix CVBS VDAC disable * tag 'meson-drm-fixes-for-4.10' of git://people.freedesktop.org/~narmstrong/linux: drm/meson: Fix CVBS VDAC disable drm/meson: Fix CVBS initialization when HDMI is configured by bootloader drm/meson: Fix plane atomic check when no crtc for the plane commit 13fe46b589c216f3a0c8e142282125c782a175f5 Merge: e1ef6f7 f97fd38 Author: Dave Airlie Date: Mon Jan 9 09:13:06 2017 +1000 Merge tag 'tilcdc-4.10-fixes' of https://github.com/jsarha/linux into drm-fixes tilcdc fixes for v4.10. * tag 'tilcdc-4.10-fixes' of https://github.com/jsarha/linux: drm: tilcdc: simplify the recovery from sync lost error on rev1 commit e1ef6f71e347655f3ffbcc40d7ced8ea754114b7 Merge: a121103 aebe55c Author: Dave Airlie Date: Mon Jan 9 09:12:45 2017 +1000 Merge tag 'drm-misc-fixes-2017-01-04' of git://anongit.freedesktop.org/git/drm-misc into drm-fixes single drm fix. * tag 'drm-misc-fixes-2017-01-04' of git://anongit.freedesktop.org/git/drm-misc: drm: Clean up planes in atomic commit helper failure path commit a121103c922847ba5010819a3f250f1f7fc84ab8 Author: Linus Torvalds Date: Sun Jan 8 14:18:17 2017 -0800 Linux 4.10-rc3 Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 9d5ecb09d525469abd1a10c096cb5a17206523f2 Author: Daniel Borkmann Date: Sat Jan 7 00:26:33 2017 +0100 bpf: change back to orig prog on too many passes If after too many passes still no image could be emitted, then swap back to the original program as we do in all other cases and don't use the one with blinding. Fixes: 959a75791603 ("bpf, x86: add support for constant blinding") Signed-off-by: Daniel Borkmann Acked-by: Alexei Starovoitov Signed-off-by: David S. Miller arch/x86/net/bpf_jit_comp.c | 2 ++ 1 file changed, 2 insertions(+) commit 83280e90ef001f77a64e2ce59c25ab66e47ab1f0 Merge: cc250e2 0a8fd13 Author: Linus Torvalds Date: Sun Jan 8 11:42:04 2017 -0800 Merge tag 'usb-4.10-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb Pull USB fixes from Greg KH: "Here are a bunch of USB fixes for 4.10-rc3. Yeah, it's a lot, an artifact of the holiday break I think. Lots of gadget and the usual XHCI fixups for reported issues (one day that driver will calm down...) Also included are a bunch of usb-serial driver fixes, and for good measure, a number of much-reported MUSB driver issues have finally been resolved. All of these have been in linux-next with no reported issues" * tag 'usb-4.10-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: (72 commits) USB: fix problems with duplicate endpoint addresses usb: ohci-at91: use descriptor-based gpio APIs correctly usb: storage: unusual_uas: Add JMicron JMS56x to unusual device usb: hub: Move hub_port_disable() to fix warning if PM is disabled usb: musb: blackfin: add bfin_fifo_offset in bfin_ops usb: musb: fix compilation warning on unused function usb: musb: Fix trying to free already-free IRQ 4 usb: musb: dsps: implement clear_ep_rxintr() callback usb: musb: core: add clear_ep_rxintr() to musb_platform_ops USB: serial: ti_usb_3410_5052: fix NULL-deref at open USB: serial: spcp8x5: fix NULL-deref at open USB: serial: quatech2: fix sleep-while-atomic in close USB: serial: pl2303: fix NULL-deref at open USB: serial: oti6858: fix NULL-deref at open USB: serial: omninet: fix NULL-derefs at open and disconnect USB: serial: mos7840: fix misleading interrupt-URB comment USB: serial: mos7840: remove unused write URB USB: serial: mos7840: fix NULL-deref at open USB: serial: mos7720: remove obsolete port initialisation USB: serial: mos7720: fix parallel probe ... commit cc250e267bd56c531b0bee455fc724d50af83fac Merge: 6ea17ed 421463b Author: Linus Torvalds Date: Sun Jan 8 11:37:44 2017 -0800 Merge tag 'char-misc-4.10-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc Pull char/misc fixes from Greg KH: "Here are a few small char/misc driver fixes for 4.10-rc3. Two MEI driver fixes, and three NVMEM patches for reported issues, and a new Hyper-V driver MAINTAINER update. Nothing major at all, all have been in linux-next with no reported issues" * tag 'char-misc-4.10-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: hyper-v: Add myself as additional MAINTAINER nvmem: fix nvmem_cell_read() return type doc nvmem: imx-ocotp: Fix wrong register size nvmem: qfprom: Allow single byte accesses for read/write mei: move write cb to completion on credentials failures mei: bus: fix mei_cldev_enable KDoc commit 6ea17ed15d9a343c2d17d76b99501fcad204f309 Merge: ea07b86 01d0f71 Author: Linus Torvalds Date: Sun Jan 8 11:22:00 2017 -0800 Merge tag 'staging-4.10-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging Pull staging/IIO fixes from Greg KH: "Here are some staging and IIO driver fixes for 4.10-rc3. Most of these are minor IIO fixes of reported issues, along with one network driver fix to resolve an issue. And a MAINTAINERS update with a new mailing list. All of these, except the MAINTAINERS file update, have been in linux-next with no reported issues (the MAINTAINERS patch happened on Friday...)" * tag 'staging-4.10-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging: MAINTAINERS: add greybus subsystem mailing list staging: octeon: Call SET_NETDEV_DEV() iio: accel: st_accel: fix LIS3LV02 reading and scaling iio: common: st_sensors: fix channel data parsing iio: max44000: correct value in illuminance_integration_time_available iio: adc: TI_AM335X_ADC should depend on HAS_DMA iio: bmi160: Fix time needed to sleep after command execution iio: 104-quad-8: Fix active level mismatch for the preset enable option iio: 104-quad-8: Fix off-by-one errors when addressing IOR iio: 104-quad-8: Fix index control configuration commit f5992b72ebe0dde488fa8f706b887194020c66fc Author: Michael Chan Date: Fri Jan 6 16:18:53 2017 -0500 tg3: Fix race condition in tg3_get_stats64(). The driver's ndo_get_stats64() method is not always called under RTNL. So it can race with driver close or ethtool reconfigurations. Fix the race condition by taking tp->lock spinlock in tg3_free_consistent() when freeing the tp->hw_stats memory block. tg3_get_stats64() is already taking tp->lock. Reported-by: Wang Yufen Signed-off-by: Michael Chan Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/tg3.c | 3 +++ 1 file changed, 3 insertions(+) commit 6052cd1af86f9833b6b0b60d5d4787c4a06d65ea Author: Ivan Vecera Date: Fri Jan 6 21:59:30 2017 +0100 be2net: fix unicast list filling The adapter->pmac_id[0] item is used for primary MAC address but this is not true for adapter->uc_list[0] as is assumed in be_set_uc_list(). There are N UC addresses copied first from net_device to adapter->uc_list[1..N] and then N UC addresses from adapter->uc_list[0..N-1] are sent to HW. So the last UC address is never stored into HW and address 00:00:00:00;00:00 (from uc_list[0]) is used instead. Cc: Sathya Perla Cc: Ajit Khaparde Cc: Sriharsha Basavapatna Cc: Somnath Kotur Fixes: b717241 be2net: replace polling with sleeping in the FW completion path Signed-off-by: Ivan Vecera Signed-off-by: David S. Miller drivers/net/ethernet/emulex/benet/be_main.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit ea07b862ac8ef9b8c8358517d2e39f847dda6659 Author: Johannes Weiner Date: Fri Jan 6 19:21:43 2017 -0500 mm: workingset: fix use-after-free in shadow node shrinker Several people report seeing warnings about inconsistent radix tree nodes followed by crashes in the workingset code, which all looked like use-after-free access from the shadow node shrinker. Dave Jones managed to reproduce the issue with a debug patch applied, which confirmed that the radix tree shrinking indeed frees shadow nodes while they are still linked to the shadow LRU: WARNING: CPU: 2 PID: 53 at lib/radix-tree.c:643 delete_node+0x1e4/0x200 CPU: 2 PID: 53 Comm: kswapd0 Not tainted 4.10.0-rc2-think+ #3 Call Trace: delete_node+0x1e4/0x200 __radix_tree_delete_node+0xd/0x10 shadow_lru_isolate+0xe6/0x220 __list_lru_walk_one.isra.4+0x9b/0x190 list_lru_walk_one+0x23/0x30 scan_shadow_nodes+0x2e/0x40 shrink_slab.part.44+0x23d/0x5d0 shrink_node+0x22c/0x330 kswapd+0x392/0x8f0 This is the WARN_ON_ONCE(!list_empty(&node->private_list)) placed in the inlined radix_tree_shrink(). The problem is with 14b468791fa9 ("mm: workingset: move shadow entry tracking to radix tree exceptional tracking"), which passes an update callback into the radix tree to link and unlink shadow leaf nodes when tree entries change, but forgot to pass the callback when reclaiming a shadow node. While the reclaimed shadow node itself is unlinked by the shrinker, its deletion from the tree can cause the left-most leaf node in the tree to be shrunk. If that happens to be a shadow node as well, we don't unlink it from the LRU as we should. Consider this tree, where the s are shadow entries: root->rnode | [0 n] | | [s ] [sssss] Now the shadow node shrinker reclaims the rightmost leaf node through the shadow node LRU: root->rnode | [0 ] | [s ] Because the parent of the deleted node is the first level below the root and has only one child in the left-most slot, the intermediate level is shrunk and the node containing the single shadow is put in its place: root->rnode | [s ] The shrinker again sees a single left-most slot in a first level node and thus decides to store the shadow in root->rnode directly and free the node - which is a leaf node on the shadow node LRU. root->rnode | s Without the update callback, the freed node remains on the shadow LRU, where it causes later shrinker runs to crash. Pass the node updater callback into __radix_tree_delete_node() in case the deletion causes the left-most branch in the tree to collapse too. Also add warnings when linked nodes are freed right away, rather than wait for the use-after-free when the list is scanned much later. Fixes: 14b468791fa9 ("mm: workingset: move shadow entry tracking to radix tree exceptional tracking") Reported-by: Dave Chinner Reported-by: Hugh Dickins Reported-by: Andrea Arcangeli Reported-and-tested-by: Dave Jones Signed-off-by: Johannes Weiner Cc: Christoph Hellwig Cc: Chris Leech Cc: Lee Duncan Cc: Jan Kara Cc: Kirill A. Shutemov Cc: Matthew Wilcox Cc: Andrew Morton Signed-off-by: Linus Torvalds include/linux/radix-tree.h | 4 +++- lib/radix-tree.c | 11 +++++++++-- mm/workingset.c | 3 ++- 3 files changed, 14 insertions(+), 4 deletions(-) commit b0b9b3df27d100a975b4e8818f35382b64a5e35c Author: Hugh Dickins Date: Sat Jan 7 15:37:31 2017 -0800 mm: stop leaking PageTables 4.10-rc loadtest (even on x86, and even without THPCache) fails with "fork: Cannot allocate memory" or some such; and /proc/meminfo shows PageTables growing. Commit 953c66c2b22a ("mm: THP page cache support for ppc64") that got merged in rc1 removed the freeing of an unused preallocated pagetable after do_fault_around() has called map_pages(). This is usually a good optimization, so that the followup doesn't have to reallocate one; but it's not sufficient to shift the freeing into alloc_set_pte(), since there are failure cases (most commonly VM_FAULT_RETRY) which never reach finish_fault(). Check and free it at the outer level in do_fault(), then we don't need to worry in alloc_set_pte(), and can restore that to how it was (I cannot find any reason to pte_free() under lock as it was doing). And fix a separate pagetable leak, or crash, introduced by the same change, that could only show up on some ppc64: why does do_set_pmd()'s failure case attempt to withdraw a pagetable when it never deposited one, at the same time overwriting (so leaking) the vmf->prealloc_pte? Residue of an earlier implementation, perhaps? Delete it. Fixes: 953c66c2b22a ("mm: THP page cache support for ppc64") Cc: Aneesh Kumar K.V Cc: Kirill A. Shutemov Cc: Michael Ellerman Cc: Benjamin Herrenschmidt Cc: Michael Neuling Cc: Paul Mackerras Cc: Balbir Singh Cc: Andrew Morton Signed-off-by: Hugh Dickins Signed-off-by: Linus Torvalds mm/memory.c | 47 ++++++++++++++++++++--------------------------- 1 file changed, 20 insertions(+), 27 deletions(-) commit 87bc610730a944b49f1c53ab9f4230d85f35df0c Merge: 308c470 c7858bf Author: Linus Torvalds Date: Sat Jan 7 09:47:43 2017 -0800 Merge branch 'rc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild Pull kbuild fix from Michal Marek: "The asm-prototypes.h file added in the last merge window results in invalid code with CONFIG_KMEMCHECK=y. The net result is that genksyms segfaults. This pull request fixes the header, the genksyms fix is in my kbuild branch for 4.11" * 'rc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild: asm-prototypes: Clear any CPP defines before declaring the functions commit 01d0f715869161dc70e2bf66fcdf6533a6a782cd Author: Greg Kroah-Hartman Date: Fri Jan 6 08:20:03 2017 +0100 MAINTAINERS: add greybus subsystem mailing list The Greybus driver subsystem has a mailing list, so list it in the MAINTAINERS file so that people know to send patches there as well. Signed-off-by: Greg Kroah-Hartman Acked-by: Johan Hovold Reviewed-by: Viresh Kumar Signed-off-by: Greg Kroah-Hartman MAINTAINERS | 1 + 1 file changed, 1 insertion(+) commit 20b1e22d01a4b0b11d3a1066e9feb04be38607ec Author: Nicolai Stange Date: Thu Jan 5 13:51:29 2017 +0100 x86/efi: Don't allocate memmap through memblock after mm_init() With the following commit: 4bc9f92e64c8 ("x86/efi-bgrt: Use efi_mem_reserve() to avoid copying image data") ... efi_bgrt_init() calls into the memblock allocator through efi_mem_reserve() => efi_arch_mem_reserve() *after* mm_init() has been called. Indeed, KASAN reports a bad read access later on in efi_free_boot_services(): BUG: KASAN: use-after-free in efi_free_boot_services+0xae/0x24c at addr ffff88022de12740 Read of size 4 by task swapper/0/0 page:ffffea0008b78480 count:0 mapcount:-127 mapping: (null) index:0x1 flags: 0x5fff8000000000() [...] Call Trace: dump_stack+0x68/0x9f kasan_report_error+0x4c8/0x500 kasan_report+0x58/0x60 __asan_load4+0x61/0x80 efi_free_boot_services+0xae/0x24c start_kernel+0x527/0x562 x86_64_start_reservations+0x24/0x26 x86_64_start_kernel+0x157/0x17a start_cpu+0x5/0x14 The instruction at the given address is the first read from the memmap's memory, i.e. the read of md->type in efi_free_boot_services(). Note that the writes earlier in efi_arch_mem_reserve() don't splat because they're done through early_memremap()ed addresses. So, after memblock is gone, allocations should be done through the "normal" page allocator. Introduce a helper, efi_memmap_alloc() for this. Use it from efi_arch_mem_reserve(), efi_free_boot_services() and, for the sake of consistency, from efi_fake_memmap() as well. Note that for the latter, the memmap allocations cease to be page aligned. This isn't needed though. Tested-by: Dan Williams Signed-off-by: Nicolai Stange Reviewed-by: Ard Biesheuvel Cc: # v4.9 Cc: Dave Young Cc: Linus Torvalds Cc: Matt Fleming Cc: Mika Penttilä Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-efi@vger.kernel.org Fixes: 4bc9f92e64c8 ("x86/efi-bgrt: Use efi_mem_reserve() to avoid copying image data") Link: http://lkml.kernel.org/r/20170105125130.2815-1-nicstange@gmail.com Signed-off-by: Ingo Molnar arch/x86/platform/efi/quirks.c | 4 ++-- drivers/firmware/efi/fake_mem.c | 3 +-- drivers/firmware/efi/memmap.c | 38 ++++++++++++++++++++++++++++++++++++++ include/linux/efi.h | 1 + 4 files changed, 42 insertions(+), 4 deletions(-) commit 1d0f110a2c6c4bca3dbcc4b0e27f1e3dc2d44a2c Author: Ivan Vecera Date: Fri Jan 6 20:30:02 2017 +0100 be2net: fix accesses to unicast list Commit 988d44b "be2net: Avoid redundant addition of mac address in HW" introduced be_dev_mac_add & be_uc_mac_add helpers that incorrectly access adapter->uc_list as an array of bytes instead of an array of be_eth_addr. Consequently NIC is not filled with valid data so unicast filtering is broken. Cc: Sathya Perla Cc: Ajit Khaparde Cc: Sriharsha Basavapatna Cc: Somnath Kotur Fixes: 988d44b be2net: Avoid redundant addition of mac address in HW Signed-off-by: Ivan Vecera Signed-off-by: David S. Miller drivers/net/ethernet/emulex/benet/be_main.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) commit bcd5e1a49f0d54afd3c5411bed2f59996e1c53e4 Author: Paul Moore Date: Fri Jan 6 14:26:54 2017 -0500 netlabel: add CALIPSO to the list of built-in protocols When we added CALIPSO support in Linux v4.8 we forgot to add it to the list of supported protocols with display at boot. Signed-off-by: Paul Moore Signed-off-by: David S. Miller net/netlabel/netlabel_kapi.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) commit 308c470bc482c46b5acbb2c2072df303d6526250 Merge: d72f0de e4f34cf Author: Linus Torvalds Date: Fri Jan 6 15:38:39 2017 -0800 Merge tag 'sound-4.10-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound Pull sound fixes from Takashi Iwai: "Nothing particular stands out, only a few small fixes for USB-audio, HD-audio and Firewire. The USB-audio fix is the respin of the previous race fix after a revert due to the regression" * tag 'sound-4.10-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: Revert "ALSA: firewire-lib: change structure member with proper type" ALSA: usb-audio: test EP_FLAG_RUNNING at urb completion ALSA: usb-audio: Fix irq/process data synchronization ALSA: hda - Apply asus-mode8 fixup to ASUS X71SL ALSA: hda - Fix up GPIO for ASUS ROG Ranger ALSA: firewire-lib: change structure member with proper type ALSA: firewire-tascam: Fix to handle error from initialization of stream data ALSA: fireworks: fix asymmetric API call at unit removal commit d72f0ded89cc78598b8eb0570890234eba167588 Merge: baaf031 3868f13 Author: Linus Torvalds Date: Fri Jan 6 15:35:27 2017 -0800 Merge tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux Pull clk fixes from Stephen Boyd: "One fix for a broken driver on Renesas RZ/A1 SoCs with bootloaders that don't turn all the clks on and another fix for stm32f4 SoCs where we have multiple drivers attaching to the same DT node" * tag 'clk-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux: clk: stm32f4: Use CLK_OF_DECLARE_DRIVER initialization method clk: renesas: mstp: Support 8-bit registers for r7s72100 commit baaf031521b7f67be45f07593023b6ba47f07d15 Merge: 08289086 e9572fd Author: Linus Torvalds Date: Fri Jan 6 15:32:40 2017 -0800 Merge tag 'hwmon-for-linus-v4.10-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging Pull hwmon fix from Guenter Roeck: "Fix temp1_max_alarm attribute in lm90 driver" * tag 'hwmon-for-linus-v4.10-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging: hwmon: (lm90) fix temp1_max_alarm attribute commit 08289086b0ab0379f54e1590ceb5e1b04d239c07 Merge: b1ee5170 69130ea Author: Linus Torvalds Date: Fri Jan 6 15:27:17 2017 -0800 Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm Pull KVM fixes from Radim Krčmář: "MIPS: - fix host kernel crashes when receiving a signal with 64-bit userspace - flush instruction cache on all vcpus after generating entry code (both for stable) x86: - fix NULL dereference in MMU caused by SMM transitions (for stable) - correct guest instruction pointer after emulating some VMX errors - minor cleanup" * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: KVM: VMX: remove duplicated declaration KVM: MIPS: Flush KVM entry code from icache globally KVM: MIPS: Don't clobber CP0_Status.UX KVM: x86: reset MMU on KVM_SET_VCPU_EVENTS KVM: nVMX: fix instruction skipping during emulated vm-entry commit b1ee51702e12a99d35d7c11d1d2b5cd324001ee2 Merge: 5824f92 9d84fb2 Author: Linus Torvalds Date: Fri Jan 6 15:18:58 2017 -0800 Merge tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux Pull arm64 fixes from Catalin Marinas: - re-introduce the arm64 get_current() optimisation - KERN_CONT fallout fix in show_pte() * tag 'arm64-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux: arm64: restore get_current() optimisation arm64: mm: fix show_pte KERN_CONT fallout commit 7192c54a68013f6058b1bb505645fcd07015191c Author: Alex Deucher Date: Thu Jan 5 13:02:37 2017 -0500 drm/amdgpu: drop verde dpm quirks Port of radeon change to amdgpu. Acked-by: Edward O'Callaghan Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org drivers/gpu/drm/amd/amdgpu/si_dpm.c | 13 ------------- 1 file changed, 13 deletions(-) commit 8a08403bcb39f5d0e733bcf59a8a74f16b538f6e Author: Alex Deucher Date: Thu Jan 5 12:39:01 2017 -0500 drm/radeon: drop verde dpm quirks fixes: https://bugs.freedesktop.org/show_bug.cgi?id=98897 https://bugs.launchpad.net/bugs/1651981 Acked-by: Edward O'Callaghan Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org Cc: Adrian Fiergolski drivers/gpu/drm/radeon/si_dpm.c | 13 ------------- 1 file changed, 13 deletions(-) commit 6458bd4dfd9414cba5804eb9907fe2a824278c34 Author: Alex Deucher Date: Thu Jan 5 12:15:52 2017 -0500 drm/radeon: update smc firmware selection for SI Use the appropriate smc firmware for each chip revision. Using the wrong one can cause stability issues. Acked-by: Edward O'Callaghan Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org drivers/gpu/drm/radeon/si.c | 60 +++++++++++++++++++++------------------------ 1 file changed, 28 insertions(+), 32 deletions(-) commit 5165484b02f2cbedb5bf3a41ff5e8ae16069016c Author: Flora Cui Date: Thu Dec 15 13:43:59 2016 +0800 drm/amdgpu: update si kicker smc firmware Use the appropriate smc firmware for each chip revision. Using the wrong one can cause stability issues. Acked-by: Edward O'Callaghan Signed-off-by: Flora Cui Reviewed-by: Junwei Zhang Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org drivers/gpu/drm/amd/amdgpu/si_dpm.c | 57 ++++++++++++++++++------------------- 1 file changed, 28 insertions(+), 29 deletions(-) commit 70fd80d6f7e37bf637331c682fafcce1112750ac Author: Rex Zhu Date: Wed Dec 21 17:44:59 2016 +0800 drm/amd/powerplay: extend smu's response timeout time. Signed-off-by: Rex Zhu Reviewed-by: Alex Deucher Signed-off-by: Alex Deucher drivers/gpu/drm/amd/include/amd_shared.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d6df71e125b4e4ab8932349ce81e09ef73304b91 Author: Yintian Tao Date: Wed Dec 21 14:32:21 2016 +0800 drm/amdgpu: remove static integer for uvd pp state At two gpu core condition, static integer will cause that second gpu core uvd state setting will be directly skipped due to the first one setting Signed-off-by: Yintian Tao Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/uvd_v5_0.c | 5 ----- 1 file changed, 5 deletions(-) commit fc8e9c54699e42754094ff475da46440778d8f19 Author: Junwei Zhang Date: Thu Aug 4 12:54:22 2016 +0800 drm/amd/amdgpu: add Polaris12 PCI ID Signed-off-by: Junwei Zhang Reviewed-by: Alex Deucher Reviewed-by: Christian König Reviewed-by: Ken Wang Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/amdgpu_drv.c | 7 +++++++ 1 file changed, 7 insertions(+) commit f4309526576db325264b6dc9ee150ee70b330a42 Author: Junwei Zhang Date: Wed Dec 14 15:40:48 2016 -0500 drm/amdgpu/powerplay: add Polaris12 support Signed-off-by: Junwei Zhang Reviewed-by: Alex Deucher Reviewed-by: Christian König Reviewed-by: Ken Wang Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/amdgpu_powerplay.c | 1 + drivers/gpu/drm/amd/powerplay/hwmgr/hwmgr.c | 3 ++- drivers/gpu/drm/amd/powerplay/hwmgr/smu7_powertune.c | 2 +- drivers/gpu/drm/amd/powerplay/smumgr/smumgr.c | 1 + 4 files changed, 5 insertions(+), 2 deletions(-) commit c4642a479fac9f5c224ff7425d86c427b94011af Author: Junwei Zhang Date: Wed Dec 14 15:32:28 2016 -0500 drm/amd/amdgpu: add Polaris12 support (v3) v2: agd: squash in various fixes v3: agd: squash in: drm/amdgpu: remove unnecessary smc sk firmware for polaris12 Signed-off-by: Junwei Zhang Reviewed-by: Alex Deucher Reviewed-by: Christian König Reviewed-by: Ken Wang Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c | 3 +++ drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 2 ++ drivers/gpu/drm/amd/amdgpu/amdgpu_uvd.c | 5 +++++ drivers/gpu/drm/amd/amdgpu/amdgpu_vce.c | 5 +++++ drivers/gpu/drm/amd/amdgpu/dce_v11_0.c | 13 ++++++++++--- drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c | 31 +++++++++++++++++++++++++----- drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c | 5 +++++ drivers/gpu/drm/amd/amdgpu/sdma_v3_0.c | 6 ++++++ drivers/gpu/drm/amd/amdgpu/vce_v3_0.c | 5 +++-- drivers/gpu/drm/amd/amdgpu/vi.c | 10 ++++++++++ drivers/gpu/drm/amd/include/amd_shared.h | 1 + 11 files changed, 76 insertions(+), 10 deletions(-) commit 7f4c4f80fd22ec7722e778c1d099e828d2b5dc40 Author: Alex Deucher Date: Mon Dec 19 13:30:13 2016 -0500 MAINTAINERS: Update mailing list for radeon and amdgpu amdgpu and radeon development has moved to this list. Signed-off-by: Alex Deucher MAINTAINERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 219a808fa1829a82a29197561dc8dd12b7005cad Merge: 93e246f 753aacf Author: David S. Miller Date: Fri Jan 6 16:26:19 2017 -0500 Merge tag 'mac80211-for-davem-2017-01-06' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211 Johannes Berg says: ==================== Another single fix, to correctly handle destruction of a single netlink socket having ownership of multiple objects (scheduled scan requests and interfaces.) ==================== Signed-off-by: David S. Miller commit 93e246f783e6bd1bc64fdfbfe68b18161f69b28e Author: David Forster Date: Fri Jan 6 10:27:59 2017 +0000 vti6: fix device register to report IFLA_INFO_KIND vti6 interface is registered before the rtnl_link_ops block is attached. As a result the resulting RTM_NEWLINK is missing IFLA_INFO_KIND. Re-order attachment of rtnl_link_ops block to fix. Signed-off-by: Dave Forster Signed-off-by: David S. Miller net/ipv6/ip6_vti.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 5ca7d1ca77dc23934504b95a96d2660d345f83c2 Author: Grygorii Strashko Date: Thu Jan 5 14:48:07 2017 -0600 net: phy: dp83867: fix irq generation For proper IRQ generation by DP83867 phy the INT/PWDN pin has to be programmed as an interrupt output instead of a Powerdown input in Configuration Register 3 (CFG3), Address 0x001E, bit 7 INT_OE = 1. The current driver doesn't do this and as result IRQs will not be generated by DP83867 phy even if they are properly configured in DT. Hence, fix IRQ generation by properly configuring CFG3.INT_OE bit and ensure that Link Status Change (LINK_STATUS_CHNG_INT) and Auto-Negotiation Complete (AUTONEG_COMP_INT) interrupt are enabled. After this the DP83867 driver will work properly in interrupt enabled mode. Signed-off-by: Grygorii Strashko Reviewed-by: Florian Fainelli Signed-off-by: David S. Miller drivers/net/phy/dp83867.c | 10 ++++++++++ 1 file changed, 10 insertions(+) commit 064c3db9c564cc5be514ac21fb4aa26cc33db746 Author: Arvind Yadav Date: Mon Dec 12 23:13:27 2016 +0530 ata: sata_mv:- Handle return value of devm_ioremap. Here, If devm_ioremap will fail. It will return NULL. Then hpriv->base = NULL - 0x20000; Kernel can run into a NULL-pointer dereference. This error check will avoid NULL pointer dereference. Signed-off-by: Arvind Yadav Signed-off-by: Tejun Heo Cc: stable@vger.kernel.org drivers/ata/sata_mv.c | 3 +++ 1 file changed, 3 insertions(+) commit 2dae99558e86894e9e5dbf097477baaa5eb70134 Author: Damien Le Moal Date: Mon Dec 19 10:17:40 2016 +0900 libata: Fix ATA request sense For an ATA device supporting the sense data reporting feature set, a failed command will trigger the execution of ata_eh_request_sense if the result task file of the failed command has the ATA_SENSE bit set (sense data available bit). ata_eh_request_sense executes the REQUEST SENSE DATA EXT command to retrieve the sense data of the failed command. On success of REQUEST SENSE DATA EXT, the ATA_SENSE bit will NOT be set (the command succeeded) but ata_eh_request_sense nevertheless tests the availability of sense data by testing that bit presence in the result tf of the REQUEST SENSE DATA EXT command. This leads us to falsely assume that request sense data failed and to the warning message: atax.xx: request sense failed stat 50 emask 0 Upon success of REQUEST SENSE DATA EXT, set the ATA_SENSE bit in the result task file command so that sense data can be returned by ata_eh_request_sense. Signed-off-by: Damien Le Moal Signed-off-by: Tejun Heo Cc: stable@vger.kernel.org drivers/ata/libata-core.c | 2 ++ 1 file changed, 2 insertions(+) commit 896b4db685cf06bd7d50ed22c53ebd069e0b90e9 Author: Lendacky, Thomas Date: Wed Jan 4 15:07:16 2017 -0600 amd-xgbe: Fix IRQ processing when running in single IRQ mode When running in single IRQ mode, the additional IRQ routines were being skipped because only the XGMAC interrupt status was being checked. Update the code so that the additional IRQ routines are checked whenever an interrupt is received. Signed-off-by: Tom Lendacky Signed-off-by: David S. Miller drivers/net/ethernet/amd/xgbe/xgbe-drv.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 0f1f9cbc04dbb3cc310f70a11cba0cf1f2109d9c Author: Sergei Shtylyov Date: Thu Jan 5 00:29:32 2017 +0300 sh_eth: R8A7740 supports packet shecksumming The R8A7740 GEther controller supports the packet checksum offloading but the 'hw_crc' (bad name, I'll fix it) flag isn't set in the R8A7740 data, thus CSMR isn't cleared... Fixes: 73a0d907301e ("net: sh_eth: add support R8A7740") Signed-off-by: Sergei Shtylyov Signed-off-by: David S. Miller drivers/net/ethernet/renesas/sh_eth.c | 1 + 1 file changed, 1 insertion(+) commit 978d3639fd13d987950e4ce85c8737ae92154b2c Author: Sergei Shtylyov Date: Wed Jan 4 22:18:24 2017 +0300 sh_eth: fix EESIPR values for SH77{34|63} As the SH77{34|63} manuals are freely available, I've checked the EESIPR values written against the manuals, and they appeared to set the reserved bits 11-15 (which should be 0 on write). Fix those EESIPR values. Fixes: 380af9e390ec ("net: sh_eth: CPU dependency code collect to "struct sh_eth_cpu_data"") Fixes: f5d12767c8fd ("sh_eth: get SH77{34|63} support out of #ifdef") Signed-off-by: Sergei Shtylyov Signed-off-by: David S. Miller drivers/net/ethernet/renesas/sh_eth.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit fd7c99142d77dc4a851879a66715abf12a3193fb Author: Dave Martin Date: Fri Jan 6 17:54:51 2017 +0000 tile/ptrace: Preserve previous registers for short regset write Ensure that if userspace supplies insufficient data to PTRACE_SETREGSET to fill all the registers, the thread's old registers are preserved. Cc: stable@vger.kernel.org Signed-off-by: Dave Martin Signed-off-by: Chris Metcalf arch/tile/kernel/ptrace.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 5824f92463e978f27985b748c69d94ee7caa8230 Merge: 2fd8774 c6ef7fd Author: Linus Torvalds Date: Fri Jan 6 11:19:03 2017 -0800 Merge tag 'vfio-v4.10-rc3' of git://github.com/awilliam/linux-vfio Pull VFIO fixes from Alex Williamson: - Add mtty sample driver properly into build system (Alex Williamson) - Restore type1 mapping performance after mdev (Alex Williamson) - Fix mdev device race (Alex Williamson) - Cleanups to the mdev ABI used by vendor drivers (Alex Williamson) - Build fix for old compilers (Arnd Bergmann) - Fix sample driver error path (Dan Carpenter) - Handle pci_iomap() error (Arvind Yadav) - Fix mdev ioctl return type (Paul Gortmaker) * tag 'vfio-v4.10-rc3' of git://github.com/awilliam/linux-vfio: vfio-mdev: fix non-standard ioctl return val causing i386 build fail vfio-pci: Handle error from pci_iomap vfio-mdev: fix some error codes in the sample code vfio-pci: use 32-bit comparisons for register address for gcc-4.5 vfio-mdev: Make mdev_device private and abstract interfaces vfio-mdev: Make mdev_parent private vfio-mdev: de-polute the namespace, rename parent_device & parent_ops vfio-mdev: Fix remove race vfio/type1: Restore mapping performance with mdev support vfio-mdev: Fix mtty sample driver building commit 2fd8774c79a455a1f12f75208d96f2f0cc3728c9 Merge: 65cdc40 7453c54 Author: Linus Torvalds Date: Fri Jan 6 10:53:21 2017 -0800 Merge branch 'stable/for-linus-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/swiotlb Pull swiotlb fixes from Konrad Rzeszutek Wilk: "This has one fix to make i915 work when using Xen SWIOTLB, and a feature from Geert to aid in debugging of devices that can't do DMA outside the 32-bit address space. The feature from Geert is on top of v4.10 merge window commit (specifically you pulling my previous branch), as his changes were dependent on the Documentation/ movement patches. I figured it would just easier than me trying than to cherry-pick the Documentation patches to satisfy git. The patches have been soaking since 12/20, albeit I updated the last patch due to linux-next catching an compiler error and adding an Tested-and-Reported-by tag" * 'stable/for-linus-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/swiotlb: swiotlb: Export swiotlb_max_segment to users swiotlb: Add swiotlb=noforce debug option swiotlb: Convert swiotlb_force from int to enum x86, swiotlb: Simplify pci_swiotlb_detect_override() commit 65cdc405b37a0f43af9c0fb6cf011304b3959ef8 Merge: 7397e1e 432abf6 Author: Linus Torvalds Date: Fri Jan 6 10:49:36 2017 -0800 Merge tag 'iommu-fixes-v4.10-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu Pull IOMMU fixes from Joerg Roedel: "Three fixes queued up: - fix an issue with command buffer overflow handling in the AMD IOMMU driver - add an additional context entry flush to the Intel VT-d driver to make sure any old context entry from kdump copying is flushed out of the cache - correct the encoding of the PASID table size in the Intel VT-d driver" * tag 'iommu-fixes-v4.10-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu: iommu/amd: Fix the left value check of cmd buffer iommu/vt-d: Fix pasid table size encoding iommu/vt-d: Flush old iommu caches for kdump when the device gets context mapped commit 7397e1e838228a0957043613c265a611e09c05f3 Merge: b937a86 f1dabf0 Author: Linus Torvalds Date: Fri Jan 6 10:40:17 2017 -0800 Merge tag 'acpi-4.10-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull ACPI fixes from Rafael Wysocki: "These fix a device enumeration problem related to _ADR matching and an IOMMU initialization issue related to the DMAR table missing, remove an excessive function call from the core ACPI code, update an error message in the ACPI WDAT watchdog driver and add a way to work around problems with unhandled GPE notifications. Specifics: - Fix a device enumeration issue leading to incorrect associations between ACPI device objects and platform device objects representing physical devices if the given device object has both _ADR and _HID (Rafael Wysocki). - Avoid passing NULL to acpi_put_table() during IOMMU initialization which triggers a (rightful) warning from ACPICA (Rafael Wysocki). - Drop an excessive call to acpi_dma_deconfigure() from the core code that binds ACPI device objects to device objects representing physical devices (Lorenzo Pieralisi). - Update an error message in the ACPI WDAT watchdog driver to make it provide more useful information (Mika Westerberg). - Add a mechanism to work around issues with unhandled GPE notifications that occur during system initialization and cannot be prevented by means of sysfs (Lv Zheng)" * tag 'acpi-4.10-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: ACPI / DMAR: Avoid passing NULL to acpi_put_table() ACPI / scan: Prefer devices without _HID/_CID for _ADR matching ACPI / watchdog: Print out error number when device creation fails ACPI / sysfs: Provide quirk mechanism to prevent GPE flooding ACPI: Drop misplaced acpi_dma_deconfigure() call from acpi_bind_one() commit b937a8697b81e2e385642853b90647e1b4aef85e Merge: 88ba6ca 7e2b9d8 Author: Linus Torvalds Date: Fri Jan 6 10:37:50 2017 -0800 Merge tag 'pm-4.10-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull power management fixes from Rafael Wysocki: "These fix a few issues in the intel_pstate driver, a documetation issue, a false-positive compiler warning in the generic power domains framework and two problems in the devfreq subsystem. They also update the MAINTAINERS entry for devfreq and add a new "compatible" string to the generic cpufreq-dt driver. Specifics: - Fix a few intel_pstate driver issues: add missing locking it two places, avoid exposing a useless debugfs interface and keep the attribute values in sysfs in sync (Rafael Wysocki). - Drop confusing kernel-doc references related to power management and ACPI from the driver API manual (Rafael Wysocki). - Make a false-positive compiler warning in the generic power domains framework go away (Augusto Mecking Caringi). - Fix two initialization issues in the devfreq subsystem and update the MAINTAINERS entry for it (Chanwoo Choi). - Add a new "compatible" string for APM X-Gene 2 to the generic DT cpufreq driver (Hoan Tran)" * tag 'pm-4.10-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: cpufreq: dt: Add support for APM X-Gene 2 PM / devfreq: exynos-bus: Fix the wrong return value PM / devfreq: Fix the bug of devfreq_add_device when governor is NULL MAINTAINERS: Add myself as reviewer for DEVFREQ subsystem support PM / docs: Drop confusing kernel-doc references from infrastructure.rst PM / domains: Fix 'may be used uninitialized' build warning cpufreq: intel_pstate: Always keep all limits settings in sync cpufreq: intel_pstate: Use locking in intel_cpufreq_verify_policy() cpufreq: intel_pstate: Use locking in intel_pstate_resume() cpufreq: intel_pstate: Do not expose PID parameters in passive mode commit 9f169b9f52a4afccdab7a7d2311b0c53a78a1e6b Author: Patrick Lai Date: Sat Dec 31 22:44:39 2016 -0800 ASoC: dpcm: Avoid putting stream state to STOP when FE stream is paused When multiple front-ends are using the same back-end, putting state of a front-end to STOP state upon receiving pause command will result in backend stream getting released by DPCM framework unintentionally. In order to avoid backend to be released when another active front-end stream is present, put the stream state to PAUSED state instead of STOP state. Signed-off-by: Patrick Lai Signed-off-by: Mark Brown sound/soc/soc-pcm.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit bc65a326c579e93a5c2120a65ede72f11369ee5a Author: Jeeja KP Date: Mon Jan 2 09:50:05 2017 +0530 ASoC: Intel: Skylake: Release FW ctx in cleanup Saved firmware ctx was not never released, so release Firmware ctx in cleanup routine. Signed-off-by: Jeeja KP Acked-by: Vinod Koul Signed-off-by: Mark Brown sound/soc/intel/skylake/skl-sst.c | 3 +++ 1 file changed, 3 insertions(+) commit 7453c549f5f6485c0d79cad7844870dcc7d1b34d Author: Konrad Rzeszutek Wilk Date: Tue Dec 20 10:02:02 2016 -0500 swiotlb: Export swiotlb_max_segment to users So they can figure out what is the optimal number of pages that can be contingously stitched together without fear of bounce buffer. We also expose an mechanism for sub-users of SWIOTLB API, such as Xen-SWIOTLB to set the max segment value. And lastly if swiotlb=force is set (which mandates we bounce buffer everything) we set max_segment so at least we can bounce buffer one 4K page instead of a giant 512KB one for which we may not have space. Signed-off-by: Konrad Rzeszutek Wilk Reported-and-Tested-by: Juergen Gross drivers/gpu/drm/i915/i915_gem.c | 11 +---------- drivers/xen/swiotlb-xen.c | 4 ++++ include/linux/swiotlb.h | 3 +++ lib/swiotlb.c | 26 ++++++++++++++++++++++++++ 4 files changed, 34 insertions(+), 10 deletions(-) commit e0edc8c546463f268d41d064d855bcff994c52fa Author: Tejun Heo Date: Fri Jan 6 11:48:50 2017 -0500 libata: apply MAX_SEC_1024 to all CX1-JB*-HP devices Marko reports that CX1-JB512-HP shows the same timeout issues as CX1-JB256-HP. Let's apply MAX_SEC_128 to all devices in the series. Signed-off-by: Tejun Heo Reported-by: Marko Koski-Vähälä Cc: stable@vger.kernel.org # v3.19+ drivers/ata/libata-core.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 657279778af54f35e54b07b6687918f254a2992c Author: Peter Ujfalusi Date: Tue Jan 3 13:22:34 2017 +0200 ARM: OMAP1: DMA: Correct the number of logical channels OMAP1510, OMAP5910 and OMAP310 have only 9 logical channels. OMAP1610, OMAP5912, OMAP1710, OMAP730, and OMAP850 have 16 logical channels available. The wired 17 for the lch_count must have been used to cover the 16 + 1 dedicated LCD channel, in reality we can only use 9 or 16 channels. The d->chan_count is not used by the omap-dma stack, so we can skip the setup. chan_count was configured to the number of logical channels and not the actual number of physical channels anyways. Signed-off-by: Peter Ujfalusi Acked-by: Aaro Koskinen Signed-off-by: Tony Lindgren arch/arm/mach-omap1/dma.c | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) commit 1ebb71143758f45dc0fa76e2f48429e13b16d110 Author: Greg Kroah-Hartman Date: Fri Jan 6 15:33:36 2017 +0100 HID: hid-cypress: validate length of report Make sure we have enough of a report structure to validate before looking at it. Reported-by: Benoit Camredon Tested-by: Benoit Camredon Cc: stable Signed-off-by: Greg Kroah-Hartman Signed-off-by: Jiri Kosina drivers/hid/hid-cypress.c | 3 +++ 1 file changed, 3 insertions(+) commit f1dabf0b0975f9e71344b5c8c0ab39c4d58d9274 Merge: c2a6bba 9c4aa1e c6e2c1e 696c7f8 Author: Rafael J. Wysocki Date: Fri Jan 6 14:36:30 2017 +0100 Merge branches 'acpi-scan', 'acpi-sysfs', 'acpi-wdat' and 'acpi-tables' * acpi-scan: ACPI / scan: Prefer devices without _HID/_CID for _ADR matching ACPI: Drop misplaced acpi_dma_deconfigure() call from acpi_bind_one() * acpi-sysfs: ACPI / sysfs: Provide quirk mechanism to prevent GPE flooding * acpi-wdat: ACPI / watchdog: Print out error number when device creation fails * acpi-tables: ACPI / DMAR: Avoid passing NULL to acpi_put_table() commit 7e2b9d85550ee267ec3b5aba6362fdaeb1559f46 Merge: 3baad65 ab51e6b 6e092c8 32dd773 Author: Rafael J. Wysocki Date: Fri Jan 6 14:35:32 2017 +0100 Merge branches 'pm-domains', 'pm-docs' and 'pm-devfreq' * pm-domains: PM / domains: Fix 'may be used uninitialized' build warning * pm-docs: PM / docs: Drop confusing kernel-doc references from infrastructure.rst * pm-devfreq: PM / devfreq: exynos-bus: Fix the wrong return value PM / devfreq: Fix the bug of devfreq_add_device when governor is NULL MAINTAINERS: Add myself as reviewer for DEVFREQ subsystem support commit 3baad65546b0d6b2695b1de384130125495bc545 Merge: 0c744ea e11b629 Author: Rafael J. Wysocki Date: Fri Jan 6 14:34:52 2017 +0100 Merge branch 'pm-cpufreq' * pm-cpufreq: cpufreq: dt: Add support for APM X-Gene 2 cpufreq: intel_pstate: Always keep all limits settings in sync cpufreq: intel_pstate: Use locking in intel_cpufreq_verify_policy() cpufreq: intel_pstate: Use locking in intel_pstate_resume() cpufreq: intel_pstate: Do not expose PID parameters in passive mode commit a33d331761bc5dd330499ca5ceceb67f0640a8e6 Author: Borislav Petkov Date: Thu Jan 5 10:26:38 2017 +0100 x86/CPU/AMD: Fix Bulldozer topology The following commit: 8196dab4fc15 ("x86/cpu: Get rid of compute_unit_id") ... broke the initial strategy for Bulldozer-based cores' topology, where we consider each thread of a compute unit a standalone core and not a HT or SMT thread. Revert to the firmware-supplied core_id numbering and do not make them thread siblings as we don't consider them for such even if they technically are, more or less. Reported-and-tested-by: Brice Goglin Tested-by: Yazen Ghannam Signed-off-by: Borislav Petkov Cc: # v4.6+ Cc: Andy Lutomirski Cc: Borislav Petkov Cc: Brian Gerst Cc: Denys Vlasenko Cc: H. Peter Anvin Cc: Josh Poimboeuf Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Fixes: 8196dab4fc15 ("x86/cpu: Get rid of compute_unit_id") Link: http://lkml.kernel.org/r/20170105092638.5247-1-bp@alien8.de Signed-off-by: Ingo Molnar arch/x86/kernel/cpu/amd.c | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) commit 88ba6cae15e38f609aba4f3881e1c404c432596c Merge: 6989606 a608a9d Author: Linus Torvalds Date: Thu Jan 5 23:17:41 2017 -0800 Merge tag 'platform-drivers-x86-v4.10-3' of git://git.infradead.org/users/dvhart/linux-platform-drivers-x86 Pull x86 platform driver fixes from Darren Hart: "Just two small fixes for platform drivers x86: - use brightness_set_blocking for LED-setting callbacks on Fujitsu laptops - fix surface3_button build errors" * tag 'platform-drivers-x86-v4.10-3' of git://git.infradead.org/users/dvhart/linux-platform-drivers-x86: platform/x86: fujitsu-laptop: use brightness_set_blocking for LED-setting callbacks platform/x86: fix surface3_button build errors commit 6989606a7224a2d5a925df22a49e4f7a0bfed0d6 Merge: ed40875 be29d20 Author: Linus Torvalds Date: Thu Jan 5 23:06:06 2017 -0800 Merge branch 'stable-4.10' of git://git.infradead.org/users/pcmoore/audit Pull audit fixes from Paul Moore: "Two small fixes relating to audit's use of fsnotify. The first patch plugs a leak and the second fixes some lock shenanigans. The patches are small and I banged on this for an afternoon with our testsuite and didn't see anything odd" * 'stable-4.10' of git://git.infradead.org/users/pcmoore/audit: audit: Fix sleep in atomic fsnotify: Remove fsnotify_duplicate_mark() commit f53345e8cf027d03187b9417f1f8883c516e1a5b Author: Jacob von Chorus Date: Fri Dec 30 14:07:52 2016 -0500 thermal: core: move tz->device.groups cleanup to thermal_release The device_unregister call in thermal_zone_device_unregister causes the thermal_zone_device structure to be freed before the call to free the dynamically allocated attribute groups. This leads to a kernel panic. Furthermore, the 4 calls to free the trip point attribute structures occur before the call to unregister the device, leading to a kernel panic when sysfs attempts to access the attributes to remove them. Here is an example of a kernel panic when the cpu thermal zones are removed upon cpu offline: BUG: unable to handle kernel NULL pointer dereference at (null) IP: strlen+0x0/0x20 Call Trace: ? kernfs_name_hash+0x17/0x80 kernfs_find_ns+0x3f/0xd0 kernfs_remove_by_name_ns+0x36/0xa0 remove_files.isra.1+0x36/0x70 sysfs_remove_group+0x44/0x90 sysfs_remove_groups+0x2e/0x50 device_remove_attrs+0x5e/0x90 device_del+0x1ea/0x350 device_unregister+0x1a/0x60 thermal_zone_device_unregister+0x1f2/0x210 pkg_thermal_cpu_offline+0x14f/0x1a0 [x86_pkg_temp_thermal] ? kzalloc.constprop.2+0x10/0x10 [x86_pkg_temp_thermal] cpuhp_invoke_callback+0x8d/0x3f0 cpuhp_down_callbacks+0x42/0x80 cpuhp_thread_fun+0x8b/0xf0 smpboot_thread_fn+0x110/0x160 kthread+0x101/0x140 ? sort_range+0x30/0x30 ? kthread_park+0x90/0x90 ret_from_fork+0x25/0x30 This patch moves the kfree calls to clean up the dynamic attributes to the thermal_class's thermal_zone_device release function. Cc: Zhang Rui Cc: Eduardo Valentin Cc: linux-pm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Tested-by: Yasuaki Ishimatsu Signed-off-by: Jacob von Chorus Signed-off-by: Zhang Rui drivers/thermal/thermal_core.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) commit 2d1148f0f45079d25a0fa0d67e4fdb2a656d12fb Author: Benjamin Poirier Date: Fri Dec 23 20:40:19 2016 -0800 scsi: bfa: Increase requested firmware version to 3.2.5.1 bna & bfa firmware version 3.2.5.1 was submitted to linux-firmware on Feb 17 19:10:20 2015 -0500 in 0ab54ff1dc ("linux-firmware: Add QLogic BR Series Adapter Firmware"). bna was updated to use the newer firmware on Feb 19 16:02:32 2015 -0500 in 3f307c3d70 ("bna: Update the Driver and Firmware Version") bfa was not updated. I presume this was an oversight but it broke support for bfa+bna cards such as the following 04:00.0 Fibre Channel [0c04]: Brocade Communications Systems, Inc. 1010/1020/1007/1741 10Gbps CNA [1657:0014] (rev 01) 04:00.1 Fibre Channel [0c04]: Brocade Communications Systems, Inc. 1010/1020/1007/1741 10Gbps CNA [1657:0014] (rev 01) 04:00.2 Ethernet controller [0200]: Brocade Communications Systems, Inc. 1010/1020/1007/1741 10Gbps CNA [1657:0014] (rev 01) 04:00.3 Ethernet controller [0200]: Brocade Communications Systems, Inc. 1010/1020/1007/1741 10Gbps CNA [1657:0014] (rev 01) Currently, if the bfa module is loaded first, bna fails to probe the respective devices with [ 215.026787] bna: QLogic BR-series 10G Ethernet driver - version: 3.2.25.1 [ 215.043707] bna 0000:04:00.2: bar0 mapped to ffffc90001fc0000, len 262144 [ 215.060656] bna 0000:04:00.2: initialization failed err=1 [ 215.073893] bna 0000:04:00.3: bar0 mapped to ffffc90002040000, len 262144 [ 215.090644] bna 0000:04:00.3: initialization failed err=1 Whereas if bna is loaded first, bfa fails with [ 249.592109] QLogic BR-series BFA FC/FCOE SCSI driver - version: 3.2.25.0 [ 249.610738] bfa 0000:04:00.0: Running firmware version is incompatible with the driver version [ 249.833513] bfa 0000:04:00.0: bfa init failed [ 249.833919] scsi host6: QLogic BR-series FC/FCOE Adapter, hwpath: 0000:04:00.0 driver: 3.2.25.0 [ 249.841446] bfa 0000:04:00.1: Running firmware version is incompatible with the driver version [ 250.045449] bfa 0000:04:00.1: bfa init failed [ 250.045962] scsi host7: QLogic BR-series FC/FCOE Adapter, hwpath: 0000:04:00.1 driver: 3.2.25.0 Increase bfa's requested firmware version. Also increase the driver version. I only tested that all of the devices probe without error. Reported-by: Tim Ehlers Signed-off-by: Benjamin Poirier Acked-by: Rasesh Mody Signed-off-by: Martin K. Petersen drivers/scsi/bfa/bfad.c | 6 +++--- drivers/scsi/bfa/bfad_drv.h | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) commit 0371adcdaca92912baaa3256ed13e058a016e62d Author: Burak Ok Date: Wed Dec 21 14:45:53 2016 +0100 scsi: snic: Return error code on memory allocation failure If a call to mempool_create_slab_pool() in snic_probe() returns NULL, return -ENOMEM to indicate failure. mempool_creat_slab_pool() only fails if it cannot allocate memory. https://bugzilla.kernel.org/show_bug.cgi?id=189061 Reported-by: bianpan2010@ruc.edu.cn Signed-off-by: Burak Ok Signed-off-by: Andreas Schaertl Acked-by: Narsimhulu Musini Reviewed-by: Ewan D. Milne Signed-off-by: Martin K. Petersen drivers/scsi/snic/snic_main.c | 3 +++ 1 file changed, 3 insertions(+) commit 9698b6f473555a722bf81a3371998427d5d27bde Author: Satish Kharat Date: Wed Dec 14 13:20:41 2016 -0800 scsi: fnic: Avoid sending reset to firmware when another reset is in progress This fix is to avoid calling fnic_fw_reset_handler through fnic_host_reset when a finc reset is alreay in progress. Signed-off-by: Satish Kharat Signed-off-by: Sesidhar Baddela Signed-off-by: Martin K. Petersen drivers/scsi/fnic/fnic.h | 1 + drivers/scsi/fnic/fnic_scsi.c | 16 ++++++++++++++++ 2 files changed, 17 insertions(+) commit ed40875dd4b4c7b5c991db9e06c984180ab0b3ce Merge: c433eb7 2471eb5 Author: Linus Torvalds Date: Thu Jan 5 15:06:02 2017 -0800 Merge tag 'drm-intel-fixes-2017-01-05' of git://anongit.freedesktop.org/git/drm-intel Pull i915 drm fixes from Jani Nikula: "Here's a bunch of drm/i915 fixes for v4.10-rc3. It includes GVT-g fixes. My new year's resolution is to start using signed tags for pulls. If that feels like a déjà vu, it's ((new year's) resolution), not (new (year's resolution))" [ Taking this directly from Jani because Dave Airlie is only partially connected right now. - Linus ] * tag 'drm-intel-fixes-2017-01-05' of git://anongit.freedesktop.org/git/drm-intel: drm/i915: Prevent timeline updates whilst performing reset drm/i915: Silence allocation failure during sg_trim() drm/i915: Don't clflush before release phys object drm/i915: Fix oops in overlay due to frontbuffer tracking drm/i915: Fix oopses in the overlay code due to i915_gem_active stuff drm/i915: Initialize overlay->last_flip properly drm/i915: Move the min_pixclk[] handling to the end of readout drm/i915: Force VDD off on the new power seqeuencer before starting to use it drm/i915/gvt: fix typo in cfg_space range check drm/i915/gvt: fix an issue in emulating cfg space PCI_COMMAND drm/i915/gvt/kvmgt: trival: code cleanup drm/i915/gvt/kvmgt: prevent double-release of vgpu drm/i915/gvt/kvmgt: check returned slot for gfn drm/i915/gvt/kvmgt: dereference the pointer within lock drm/i915/gvt: reset the GGTT entry when vGPU created drm/i915/gvt: fix an error in opregion handling commit 1c3415a06b1016a596bfe59e0cfee56c773aa958 Author: Guenter Roeck Date: Thu Jan 5 14:14:54 2017 -0800 Input: elants_i2c - avoid divide by 0 errors on bad touchscreen data The following crash may be seen if bad data is received from the touchscreen. [ 2189.425150] elants_i2c i2c-ELAN0001:00: unknown packet ff ff ff ff [ 2189.430738] divide error: 0000 [#1] PREEMPT SMP [ 2189.434679] gsmi: Log Shutdown Reason 0x03 [ 2189.434689] Modules linked in: ip6t_REJECT nf_reject_ipv6 rfcomm evdi uinput uvcvideo cmac videobuf2_vmalloc videobuf2_memops snd_hda_codec_hdmi i2c_dev videobuf2_core snd_soc_sst_cht_bsw_rt5645 snd_hda_intel snd_intel_sst_acpi btusb btrtl btbcm btintel bluetooth snd_soc_sst_acpi snd_hda_codec snd_intel_sst_core snd_hwdep snd_soc_sst_mfld_platform snd_hda_core snd_soc_rt5645 memconsole_x86_legacy memconsole zram snd_soc_rl6231 fuse ip6table_filter iwlmvm iwlwifi iwl7000_mac80211 cfg80211 iio_trig_sysfs joydev cros_ec_sensors cros_ec_sensors_core industrialio_triggered_buffer kfifo_buf industrialio snd_seq_midi snd_seq_midi_event snd_rawmidi snd_seq snd_seq_device ppp_async ppp_generic slhc tun [ 2189.434866] CPU: 0 PID: 106 Comm: irq/184-ELAN000 Tainted: G W 3.18.0-13101-g57e8190 #1 [ 2189.434883] Hardware name: GOOGLE Ultima, BIOS Google_Ultima.7287.131.43 07/20/2016 [ 2189.434898] task: ffff88017a0b6d80 ti: ffff88017a2bc000 task.ti: ffff88017a2bc000 [ 2189.434913] RIP: 0010:[] [] elants_i2c_irq+0x190/0x200 [ 2189.434937] RSP: 0018:ffff88017a2bfd98 EFLAGS: 00010293 [ 2189.434948] RAX: 0000000000000000 RBX: ffff88017a967828 RCX: ffff88017a9678e8 [ 2189.434962] RDX: 0000000000000000 RSI: 0000000000000246 RDI: 0000000000000000 [ 2189.434975] RBP: ffff88017a2bfdd8 R08: 00000000000003e8 R09: 0000000000000000 [ 2189.434989] R10: 0000000000000000 R11: 000000000044a2bd R12: ffff88017a991800 [ 2189.435001] R13: ffffffffbe8a2a53 R14: ffff88017a0b6d80 R15: ffff88017a0b6d80 [ 2189.435011] FS: 0000000000000000(0000) GS:ffff88017fc00000(0000) knlGS:0000000000000000 [ 2189.435022] CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b [ 2189.435030] CR2: 00007f678d94b000 CR3: 000000003f41a000 CR4: 00000000001007f0 [ 2189.435039] Stack: [ 2189.435044] ffff88017a2bfda8 ffff88017a9678e8 646464647a2bfdd8 0000000006e09574 [ 2189.435060] 0000000000000000 ffff88017a088b80 ffff88017a921000 ffffffffbe8a2a53 [ 2189.435074] ffff88017a2bfe08 ffffffffbe8a2a73 ffff88017a0b6d80 0000000006e09574 [ 2189.435089] Call Trace: [ 2189.435101] [] ? irq_thread_dtor+0xa9/0xa9 [ 2189.435112] [] irq_thread_fn+0x20/0x40 [ 2189.435123] [] irq_thread+0x14e/0x222 [ 2189.435135] [] ? __schedule+0x3b3/0x57a [ 2189.435145] [] ? wake_threads_waitq+0x2d/0x2d [ 2189.435156] [] ? irq_thread_fn+0x40/0x40 [ 2189.435168] [] kthread+0x10e/0x116 [ 2189.435178] [] ? __kthread_parkme+0x67/0x67 [ 2189.435189] [] ret_from_fork+0x7c/0xb0 [ 2189.435199] [] ? __kthread_parkme+0x67/0x67 [ 2189.435208] Code: ff ff eb 73 0f b6 bb c1 00 00 00 83 ff 03 7e 13 49 8d 7c 24 20 ba 04 00 00 00 48 c7 c6 8a cd 21 bf eb 4d 0f b6 83 c2 00 00 00 99 ff 83 f8 37 75 15 48 6b f7 37 4c 8d a3 c4 00 00 00 4c 8d ac [ 2189.435312] RIP [] elants_i2c_irq+0x190/0x200 [ 2189.435323] RSP [ 2189.435350] ---[ end trace f4945345a75d96dd ]--- [ 2189.443841] Kernel panic - not syncing: Fatal exception [ 2189.444307] Kernel Offset: 0x3d800000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) [ 2189.444519] gsmi: Log Shutdown Reason 0x02 The problem was seen with a 3.18 based kernel, but there is no reason to believe that the upstream code is safe. Fixes: 66aee90088da2 ("Input: add support for Elan eKTH I2C touchscreens") Signed-off-by: Guenter Roeck Cc: stable@vger.kernel.org Signed-off-by: Dmitry Torokhov drivers/input/touchscreen/elants_i2c.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 7738789fba09108a28a5fb4739595d9a0a2f85fe Author: Colin King Date: Tue Dec 27 16:17:21 2016 +0000 selftests: x86/pkeys: fix spelling mistake: "itertation" -> "iteration" Fix spelling mistake in print test pass message. Signed-off-by: Colin Ian King Signed-off-by: Shuah Khan tools/testing/selftests/x86/protection_keys.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 3659f98b5375d195f1870c3e508fe51e52206839 Author: Rolf Eike Beer Date: Wed Dec 14 11:59:57 2016 +0100 selftests: do not require bash to run netsocktests testcase Nothing in this minimal script seems to require bash. We often run these tests on embedded devices where the only shell available is the busybox ash. Use sh instead. Signed-off-by: Rolf Eike Beer Cc: stable@vger.kernel.org Signed-off-by: Shuah Khan tools/testing/selftests/net/run_netsocktests | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d979e13a3fa9067c8cd46e292ed859626d443996 Author: Rolf Eike Beer Date: Wed Dec 14 11:58:20 2016 +0100 selftests: do not require bash to run bpf tests Nothing in this minimal script seems to require bash. We often run these tests on embedded devices where the only shell available is the busybox ash. Use sh instead. Signed-off-by: Rolf Eike Beer Cc: stable@vger.kernel.org Acked-by: Daniel Borkmann Signed-off-by: Shuah Khan tools/testing/selftests/bpf/test_kmod.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit a2b1e8a20c992b01eeb76de00d4f534cbe9f3822 Author: Rolf Eike Beer Date: Wed Dec 14 11:59:34 2016 +0100 selftests: do not require bash for the generated test Nothing in this minimal script seems to require bash. We often run these tests on embedded devices where the only shell available is the busybox ash. Use sh instead. Signed-off-by: Rolf Eike Beer Cc: stable@vger.kernel.org Signed-off-by: Shuah Khan tools/testing/selftests/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 394ed8e4743b0cfc5496fe49059fbfc2bc8eae35 Author: Shaohua Li Date: Wed Jan 4 16:10:19 2017 -0800 md: cleanup mddev flag clear for takeover Commit 6995f0b (md: takeover should clear unrelated bits) clear unrelated bits, but it's quite fragile. To avoid error in the future, define a macro for unsupported mddev flags for each raid type and use it to clear unsupported mddev flags. This should be less error-prone. Suggested-by: NeilBrown Signed-off-by: Shaohua Li drivers/md/md.h | 8 ++++++++ drivers/md/raid0.c | 12 ++++++++---- drivers/md/raid1.c | 8 ++++++-- drivers/md/raid5.c | 5 ++++- 4 files changed, 26 insertions(+), 7 deletions(-) commit 99f17890f04cff0262de7393c60a2f6d9c9c7e71 Author: Colin Ian King Date: Fri Dec 23 00:52:30 2016 +0000 md/r5cache: fix spelling mistake on "recoverying" Trivial fix to spelling mistake "recoverying" to "recovering" in pr_dbg message. Signed-off-by: Colin Ian King Signed-off-by: Shaohua Li drivers/md/raid5-cache.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d2250f105f18a43fdab17421bd80b0ffc9fcc53f Author: Song Liu Date: Wed Dec 14 15:38:02 2016 -0800 md/r5cache: assign conf->log before r5l_load_log() r5l_load_log() calls functions that requires a proper conf->log, for example, r5c_is_writeback(). Therefore, we should set conf->log before calling r5l_load_log(). If r5l_load_log() fails, conf->log is set back to NULL. Signed-off-by: Song Liu Signed-off-by: Shaohua Li drivers/md/raid5-cache.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 3c66abbaaf69671dfd3eb9fa7740b5d7ec688231 Author: Song Liu Date: Wed Dec 14 15:38:01 2016 -0800 md/r5cache: simplify handling of sh->log_start in recovery We only need to update sh->log_start at the end of recovery, which is r5c_recovery_rewrite_data_only_stripes(), so it is not necessary to set it before that. In this patch, log_start is removed from r5c_recovery_alloc_stripe(). After updating all sh->log_start, rewrite_data_only_stripes() also updates log->next_checkpoints to the last sh->log_start. Signed-off-by: Song Liu Signed-off-by: Shaohua Li drivers/md/raid5-cache.c | 27 ++++++++++++--------------- 1 file changed, 12 insertions(+), 15 deletions(-) commit 28ca833ecf89c585a9543fb21aef6b2bdbbaa48a Author: JackieLiu Date: Tue Dec 13 13:55:27 2016 +0800 md/raid5-cache: removes unnecessary write-through mode judgments The write-through mode has been returned in front of the function, do not need to do it again. Signed-off-by: JackieLiu Reviewed-by: Song Liu Signed-off-by: Shaohua Li drivers/md/raid5-cache.c | 3 --- 1 file changed, 3 deletions(-) commit 0a8fd1346254974c3a852338508e4a4cddbb35f1 Author: Alan Stern Date: Mon Dec 19 12:03:41 2016 -0500 USB: fix problems with duplicate endpoint addresses When checking a new device's descriptors, the USB core does not check for duplicate endpoint addresses. This can cause a problem when the sysfs files for those endpoints are created; trying to create multiple files with the same name will provoke a WARNING: WARNING: CPU: 2 PID: 865 at fs/sysfs/dir.c:31 sysfs_warn_dup+0x8a/0xa0 sysfs: cannot create duplicate filename '/devices/platform/dummy_hcd.0/usb2/2-1/2-1:64.0/ep_05' Kernel panic - not syncing: panic_on_warn set ... CPU: 2 PID: 865 Comm: kworker/2:1 Not tainted 4.9.0-rc7+ #34 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 Workqueue: usb_hub_wq hub_event ffff88006bee64c8 ffffffff81f96b8a ffffffff00000001 1ffff1000d7dcc2c ffffed000d7dcc24 0000000000000001 0000000041b58ab3 ffffffff8598b510 ffffffff81f968f8 ffffffff850fee20 ffffffff85cff020 dffffc0000000000 Call Trace: [< inline >] __dump_stack lib/dump_stack.c:15 [] dump_stack+0x292/0x398 lib/dump_stack.c:51 [] panic+0x1cb/0x3a9 kernel/panic.c:179 [] __warn+0x1c4/0x1e0 kernel/panic.c:542 [] warn_slowpath_fmt+0xc5/0x110 kernel/panic.c:565 [] sysfs_warn_dup+0x8a/0xa0 fs/sysfs/dir.c:30 [] sysfs_create_dir_ns+0x178/0x1d0 fs/sysfs/dir.c:59 [< inline >] create_dir lib/kobject.c:71 [] kobject_add_internal+0x227/0xa60 lib/kobject.c:229 [< inline >] kobject_add_varg lib/kobject.c:366 [] kobject_add+0x139/0x220 lib/kobject.c:411 [] device_add+0x353/0x1660 drivers/base/core.c:1088 [] device_register+0x1d/0x20 drivers/base/core.c:1206 [] usb_create_ep_devs+0x163/0x260 drivers/usb/core/endpoint.c:195 [] create_intf_ep_devs+0x13b/0x200 drivers/usb/core/message.c:1030 [] usb_set_configuration+0x1083/0x18d0 drivers/usb/core/message.c:1937 [] generic_probe+0x6e/0xe0 drivers/usb/core/generic.c:172 [] usb_probe_device+0xaa/0xe0 drivers/usb/core/driver.c:263 This patch prevents the problem by checking for duplicate endpoint addresses during enumeration and skipping any duplicates. Signed-off-by: Alan Stern Reported-by: Andrey Konovalov Tested-by: Andrey Konovalov CC: Signed-off-by: Greg Kroah-Hartman drivers/usb/core/config.c | 10 ++++++++++ 1 file changed, 10 insertions(+) commit c433eb70f37de2514f3ae3d43dd7e4a75493fe48 Merge: b400792 1259fed Author: Linus Torvalds Date: Thu Jan 5 10:36:56 2017 -0800 Merge tag 'pinctrl-v4.10-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl Pull pin control fixes from Linus Walleij: "Three small pin control fixes for the v4.10 series. Very little to say about them, just driver fixes. - one fix to the AMD pinctrl ACPI glue - fix requests on the Meson driver - fix bitfield widths on Samsungs Exynos 5433" * tag 'pinctrl-v4.10-2' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl: pinctrl: samsung: Fix the width of PINCFG_TYPE_DRV bitfields for Exynos5433 pinctrl: meson: fix gpio request disabling other modes pinctrl/amd: Set the level based on ACPI tables commit 8f12dc24490bde0d604b8bdfca05ea4b06a624a7 Author: Peter Rosin Date: Thu Dec 22 08:43:55 2016 +0100 usb: ohci-at91: use descriptor-based gpio APIs correctly The gpiod_get* function family does not want the -gpio suffix. Use devm_gpiod_get_index_optional instead of devm_gpiod_get_optional. The descriptor based APIs handle active high/low automatically. The vbus-gpios are output, request enable while getting the gpio. Don't try to get any vbus-gpios for ports outside num-ports. WTF? Big sigh. Fixes: 054d4b7b577d ("usb: ohci-at91: Use descriptor-based gpio APIs") Signed-off-by: Peter Rosin Signed-off-by: Greg Kroah-Hartman drivers/usb/host/ohci-at91.c | 24 ++++++++++-------------- 1 file changed, 10 insertions(+), 14 deletions(-) commit b40079273279999d0a259e78d9ecb53ad82d042f Merge: 383378d 1b9ec81 Author: Linus Torvalds Date: Thu Jan 5 10:32:16 2017 -0800 Merge tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc Pull ARM SoC fixes from Arnd Bergmann: "This is a rather large set of bugfixes, as we just returned from the Christmas break. Most of these are relatively unimportant fixes for regressions introduced during the merge window, and about half of the changes are for mach-omap2. A couple of patches are just cleanups and dead code removal that I would not normally have considered for merging after -rc2, but I decided to take them along with the fixes this time. Notable fixes include: - removing the skeleton.dtsi include broke a number of machines, and we have to put empty /chosen nodes back to be able to pass kernel command lines as before - enabling Samsung platforms no longer hardwires CONFIG_HZ to 200, as it had been for no good reason for a long time" * tag 'armsoc-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (46 commits) MAINTAINERS: extend PSCI entry to cover the newly add PSCI checker code drivers: psci: annotate timer on stack to silence odebug messages ARM64: defconfig: enable DRM_MESON as module ARM64: dts: meson-gx: Add Graphic Controller nodes ARM64: dts: meson-gxl: fix GPIO include ARM: dts: imx6: Disable "weim" node in the dtsi files ARM: dts: qcom: apq8064: Add missing scm clock ARM: davinci: da8xx: Fix sleeping function called from invalid context ARM: davinci: Make __clk_{enable,disable} functions public ARM: davinci: da850: don't add emac clock to lookup table twice ARM: davinci: da850: fix infinite loop in clk_set_rate() ARM: i.MX: remove map_io callback ARM: dts: vf610-zii-dev-rev-b: Add missing newline ARM: dts: imx6qdl-nitrogen6x: remove duplicate iomux entry ARM: dts: imx31: fix AVIC base address ARM: dts: am572x-idk: Add gpios property to control PCIE_RESETn arm64: dts: vexpress: Support GICC_DIR operations ARM: dts: vexpress: Support GICC_DIR operations firmware: arm_scpi: fix reading sensor values on pre-1.0 SCPI firmwares arm64: dts: msm8996: Add required memory carveouts ... commit 383378d115ab6e702d77896071d36056875602db Merge: 9e3596b 0b47a6b Author: Linus Torvalds Date: Thu Jan 5 10:29:40 2017 -0800 Merge tag 'for-linus-4.10-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip Pull xen fixes and cleanups from Juergen Gross: - small fixes for xenbus driver - one fix for xen dom0 boot on huge system - small cleanups * tag 'for-linus-4.10-rc2-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip: Xen: ARM: Zero reserved fields of xatp before making hypervisor call xen: events: Replace BUG() with BUG_ON() xen: remove stale xs_input_avail() from header xen: return xenstore command failures via response instead of rc xen: xenbus driver must not accept invalid transaction ids xen/evtchn: use rb_entry() xen/setup: Don't relocate p2m over existing one commit 421463b80b40e919dc57483f967ebd41674a81ff Author: Stephen Hemminger Date: Thu Jan 5 09:36:26 2017 -0800 hyper-v: Add myself as additional MAINTAINER Update the Hyper-V MAINTAINERS to include myself. Signed-off-by: Stephen Hemminger Acked-by: K. Y. Srinivasan Signed-off-by: Greg Kroah-Hartman MAINTAINERS | 1 + 1 file changed, 1 insertion(+) commit 674aea07e38200ea6f31ff6d5f200f0cf6cdb325 Author: Oliver Neukum Date: Mon Jan 2 15:26:17 2017 +0100 usb: storage: unusual_uas: Add JMicron JMS56x to unusual device This device gives the following error on detection. xhci_hcd 0000:00:11.0: ERROR Transfer event for disabled endpoint or incorrect stream ring The same error is not seen when it is added to unusual_device list with US_FL_NO_REPORT_OPCODES passed. Signed-off-by: George Cherian Signed-off-by: Oliver Neukum CC: stable@vger.kernel.org Signed-off-by: Greg Kroah-Hartman drivers/usb/storage/unusual_devs.h | 7 +++++++ 1 file changed, 7 insertions(+) commit 3bc02bce908c7250781376052248f5cd60a4e3d4 Author: Geert Uytterhoeven Date: Wed Dec 14 15:37:30 2016 +0100 usb: hub: Move hub_port_disable() to fix warning if PM is disabled If CONFIG_PM=n: drivers/usb/core/hub.c:107: warning: ‘hub_usb3_port_prepare_disable’ declared inline after being called drivers/usb/core/hub.c:107: warning: previous declaration of ‘hub_usb3_port_prepare_disable’ was here To fix this, move hub_port_disable() after hub_usb3_port_prepare_disable(), and adjust forward declarations. Fixes: 37be66767e3cae4f ("usb: hub: Fix auto-remount of safely removed or ejected USB-3 devices") Signed-off-by: Geert Uytterhoeven Signed-off-by: Greg Kroah-Hartman drivers/usb/core/hub.c | 59 +++++++++++++++++++++++++------------------------- 1 file changed, 29 insertions(+), 30 deletions(-) commit 5563bb5743cb09bde0d0f4660a5e5b19c26903bf Author: Jérémy Lefaure Date: Tue Jan 3 18:13:52 2017 -0600 usb: musb: blackfin: add bfin_fifo_offset in bfin_ops The function bfin_fifo_offset is defined but not used: drivers/usb/musb/blackfin.c:36:12: warning: ‘bfin_fifo_offset’ defined but not used [-Wunused-function] static u32 bfin_fifo_offset(u8 epnum) ^~~~~~~~~~~~~~~~ Adding bfin_fifo_offset to bfin_ops fixes this warning and allows musb core to call this function instead of default_fifo_offset. Fixes: cc92f6818f6e ("usb: musb: Populate new IO functions for blackfin") Signed-off-by: Jérémy Lefaure Signed-off-by: Bin Liu Signed-off-by: Greg Kroah-Hartman drivers/usb/musb/blackfin.c | 1 + 1 file changed, 1 insertion(+) commit c8bd2ac3b4c6c84c4a7cdceaed626247db698ab2 Author: Jérémy Lefaure Date: Tue Jan 3 18:13:49 2017 -0600 usb: musb: fix compilation warning on unused function The function musb_run_resume_work is called only when CONFIG_PM is enabled. So this function should not be defined when CONFIG_PM is disabled. Otherwise the compiler issues a warning: drivers/usb/musb/musb_core.c:2057:12: error: ‘musb_run_resume_work’ defined but not used [-Werror=unused-function] static int musb_run_resume_work(struct musb *musb) ^~~~~~~~~~~~~~~~~~~~ Signed-off-by: Jérémy Lefaure Signed-off-by: Bin Liu Signed-off-by: Greg Kroah-Hartman drivers/usb/musb/musb_core.c | 2 ++ 1 file changed, 2 insertions(+) commit 8c300fe282fa254ea730c92cb0983e2642dc1fff Author: Tony Lindgren Date: Tue Jan 3 18:13:48 2017 -0600 usb: musb: Fix trying to free already-free IRQ 4 When unloading omap2430, we can get the following splat: WARNING: CPU: 1 PID: 295 at kernel/irq/manage.c:1478 __free_irq+0xa8/0x2c8 Trying to free already-free IRQ 4 ... [] (free_irq) from [] (musbhs_dma_controller_destroy+0x28/0xb0 [musb_hdrc]) [] (musbhs_dma_controller_destroy [musb_hdrc]) from [] (musb_remove+0xf0/0x12c [musb_hdrc]) [] (musb_remove [musb_hdrc]) from [] (platform_drv_remove+0x24/0x3c) ... This is because the irq number in use is 260 nowadays, and the dma controller is using u8 instead of int. Fixes: 6995eb68aab7 ("USB: musb: enable low level DMA operation for Blackfin") Signed-off-by: Tony Lindgren [b-liu@ti.com: added Fixes tag] Signed-off-by: Bin Liu Signed-off-by: Greg Kroah-Hartman drivers/usb/musb/musbhsdma.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit c48400baa02155a5ddad63e8554602e48782278c Author: Bin Liu Date: Tue Jan 3 18:13:47 2017 -0600 usb: musb: dsps: implement clear_ep_rxintr() callback During dma teardown for dequque urb, if musb load is high, musb might generate bogus rx ep interrupt even when the rx fifo is flushed. In such case any of the follow log messages could happen. musb_host_rx 1853: BOGUS RX2 ready, csr 0000, count 0 musb_host_rx 1936: RX3 dma busy, csr 2020 As mentioned in the current inline comment, clearing ep interrupt in the teardown path avoids the bogus interrupt, so implement clear_ep_rxintr() callback. This bug seems to be existing since the initial driver for musb support, but I only validated the fix back to v4.1, so only cc stable for v4.1+. cc: stable@vger.kernel.org # 4.1+ Signed-off-by: Bin Liu Signed-off-by: Greg Kroah-Hartman drivers/usb/musb/musb_dsps.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) commit 6def85a396ce7796bd9f4561c6ae8138833f7a52 Author: Bin Liu Date: Tue Jan 3 18:13:46 2017 -0600 usb: musb: core: add clear_ep_rxintr() to musb_platform_ops During dma teardown for dequque urb, if musb load is high, musb might generate bogus rx ep interrupt even when the rx fifo is flushed. In such case any of the follow log messages could happen. musb_host_rx 1853: BOGUS RX2 ready, csr 0000, count 0 musb_host_rx 1936: RX3 dma busy, csr 2020 As mentioned in the current inline comment, clearing ep interrupt in the teardown path avoids the bogus interrupt. Clearing ep interrupt is platform dependent, so this patch adds a platform callback to allow glue driver to clear the ep interrupt. This bug seems to be existing since the initial driver for musb support, but I only validated the fix back to v4.1, so only cc stable for v4.1+. cc: stable@vger.kernel.org # 4.1+ Signed-off-by: Bin Liu Signed-off-by: Greg Kroah-Hartman drivers/usb/musb/musb_core.h | 7 +++++++ drivers/usb/musb/musb_host.c | 10 ++++------ 2 files changed, 11 insertions(+), 6 deletions(-) commit 9e3596b0c6539e28546ff7c72a06576627068353 Author: Nicholas Piggin Date: Thu Jan 5 20:29:36 2017 +1000 kbuild: initramfs cleanup, set target from Kconfig Rather than keep a list of all possible compression types in the Makefile, set the target explicitly from Kconfig. Reviewed-by: Francisco Blas Izquierdo Riera (klondike) Signed-off-by: Nicholas Piggin Signed-off-by: Linus Torvalds usr/Makefile | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) commit ae30ab4cd711a147cafaf5674c333c5a84fe53fb Author: Nicholas Piggin Date: Thu Jan 5 20:29:35 2017 +1000 kbuild: initramfs fix dependency checking for compressed target When using initramfs compression, the data file compression suffix gets quotes pulled in from Kconfig, e.g., initramfs_data.cpio".gz" which make does not match a target and causes rebuild. Fix this by filtering out quotes from the Kconfig string. Fixes: 35e669e1a254 ("initramfs: select builtin initram compression algorithm on KConfig instead of Makefile") Reviewed-by: Francisco Blas Izquierdo Riera (klondike) Signed-off-by: Nicholas Piggin Signed-off-by: Linus Torvalds usr/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 5bdee5496978c6738dd90869b54c0f30c0344ccf Merge: 0c744ea cf9e167 Author: Brian Norris Date: Thu Jan 5 09:33:26 2017 -0800 Merge tag 'nand/fixes-for-4.10-rc3' of github.com:linux-nand/linux From Boris Brezillon: """ Fixes for 4.10-rc3 - Forbid compiling xway NAND controller driver as a module - Fix tango NAND DT binding and make sure the controller is in a clean state at probe time - Add dependency on HAS_IOMEM to the oxnas NAND driver - Fix irq number validity check in the lpc32xx driver """ commit 6ca36a455e2730a3195a5596d53c900c9cd00838 Author: Lokesh Vutla Date: Wed Jan 4 10:39:40 2017 +0530 ARM: dts: am335x-icev2: Remove the duplicated pinmux setting There is no mmc sd card detect on am335x-ice board. But the spi0_cs1 pin being configured as mmcsd_cd. Removing it fixes the below warning during boot: pinctrl-single 44e10800.pinmux: pin 44e10960.0 already requested by 48030000.spi; cannot claim for 48060000.mmc Signed-off-by: Lokesh Vutla [tony@atomide.com: tidied up commit message] Signed-off-by: Tony Lindgren arch/arm/boot/dts/am335x-icev2.dts | 1 - 1 file changed, 1 deletion(-) commit a3ac350793d90d1da631c8beeee9352387974ed5 Author: Adam Ford Date: Tue Jan 3 11:37:48 2017 -0600 ARM: OMAP2+: Fix WL1283 Bluetooth Baud Rate Commit 485fa1261f78 ("ARM: OMAP2+: LogicPD Torpedo + Wireless: Add Bluetooth") set the wrong baud rate for the UART. The Baud rate was 300,000 and it should be 3,000,000 for WL1283. Signed-off-by: Adam Ford Signed-off-by: Tony Lindgren arch/arm/mach-omap2/pdata-quirks.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d896b3120b3391a2f95b2b8ec636e3f594d7f9c4 Merge: 9b60047 14221cc Author: David S. Miller Date: Thu Jan 5 11:49:57 2017 -0500 Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf Pablo Neira Ayuso says: ==================== Netfilter fixes for net The following patchset contains accumulated Netfilter fixes for your net tree: 1) Ensure quota dump and reset happens iff we can deliver numbers to userspace. 2) Silence splat on incorrect use of smp_processor_id() from nft_queue. 3) Fix an out-of-bound access reported by KASAN in nf_tables_rule_destroy(), patch from Florian Westphal. 4) Fix layer 4 checksum mangling in the nf_tables payload expression with IPv6. 5) Fix a race in the CLUSTERIP target from control plane path when two threads run to add a new configuration object. Serialize invocations of clusterip_config_init() using spin_lock. From Xin Long. 6) Call br_nf_pre_routing_finish_bridge_finish() once we are done with the br_nf_pre_routing_finish() hook. From Artur Molchanov. ==================== Signed-off-by: David S. Miller commit c8d204b38a558d74fafb6915e2593602b7f4b823 Merge: 29fc1aa ef07993 Author: Greg Kroah-Hartman Date: Thu Jan 5 17:41:16 2017 +0100 Merge tag 'usb-serial-4.10-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/johan/usb-serial into usb-linus Johan writes: USB-serial fixes for v4.10-rc3 These fixes address a number of long-standing issues in various USB-serial drivers which would lead to crashes should a malicious device lack the expected endpoints. Included are also a few related fixes, and a couple of unrelated ones that were found during my survey (e.g. a memleak and a sleep-while-atomic). A compiler warning revealed an error-handling issue in the new f81534 driver which is also fixed. Signed-off-by: Johan Hovold commit 9b60047a9c950e3fde186466774ffd1ab1104d4e Author: Zhu Yanjun Date: Thu Jan 5 02:54:27 2017 -0500 r8169: fix the typo in the comment >From the realtek data sheet, the PID0 should be bit 0. Signed-off-by: Zhu Yanjun Signed-off-by: David S. Miller drivers/net/ethernet/realtek/r8169.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 696c7f8e0373026e8bfb29b2d9ff2d0a92059d4d Author: Rafael J. Wysocki Date: Thu Jan 5 02:13:31 2017 +0100 ACPI / DMAR: Avoid passing NULL to acpi_put_table() Linus reported that commit 174cc7187e6f "ACPICA: Tables: Back port acpi_get_table_with_size() and early_acpi_os_unmap_memory() from Linux kernel" added a new warning on his desktop system: ACPI Warning: Table ffffffff9fe6c0a0, Validation count is zero before decrement which turns out to come from the acpi_put_table() in detect_intel_iommu(). This happens if the DMAR table is not present in which case NULL is passed to acpi_put_table() which doesn't check against that and attempts to handle it regardless. For this reason, check the pointer passed to acpi_put_table() before invoking it. Reported-by: Linus Torvalds Tested-by: Paul E. McKenney Fixes: 6b11d1d67713 ("ACPI / osl: Remove acpi_get_table_with_size()/early_acpi_os_unmap_memory() users") Signed-off-by: Rafael J. Wysocki drivers/iommu/dmar.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit 69130ea1e6b9167d2459e2bab521196d0a0c0e68 Author: Jan Dakinevich Date: Fri Dec 23 01:13:53 2016 +0300 KVM: VMX: remove duplicated declaration Declaration of VMX_VPID_EXTENT_SUPPORTED_MASK occures twice in the code. Probably, it was happened after unsuccessful merge. Signed-off-by: Jan Dakinevich Signed-off-by: Radim Krčmář arch/x86/kvm/vmx.c | 6 ------ 1 file changed, 6 deletions(-) commit 32eb12a6c11034867401d56b012e3c15d5f8141e Author: James Hogan Date: Tue Jan 3 17:43:01 2017 +0000 KVM: MIPS: Flush KVM entry code from icache globally Flush the KVM entry code from the icache on all CPUs, not just the one that built the entry code. Signed-off-by: James Hogan Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Ralf Baechle Cc: linux-mips@linux-mips.org Cc: kvm@vger.kernel.org Cc: # 3.16.x- Signed-off-by: Radim Krčmář arch/mips/kvm/mips.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 4c881451d3017033597ea186cf79ae41a73e1ef8 Author: James Hogan Date: Tue Jan 3 17:43:00 2017 +0000 KVM: MIPS: Don't clobber CP0_Status.UX On 64-bit kernels, MIPS KVM will clear CP0_Status.UX to prevent the guest (running in user mode) from accessing the 64-bit memory segments. However the previous value of CP0_Status.UX is never restored when exiting from the guest. If the user process uses 64-bit addressing (the n64 ABI) this can result in address error exceptions from the kernel if it needs to deliver a signal before returning to user mode, as the kernel will need to write a sigframe to high user addresses on the user stack which are disallowed by CP0_Status.UX=0. This is fixed by explicitly setting SX and UX again when exiting from the guest, and explicitly clearing those bits when returning to the guest. Having the SX and UX bits set when handling guest exits (rather than only when exiting to userland) will be helpful when we support VZ, since we shouldn't need to directly read or write guest memory, so it will be valid for cache management IPIs to access host user addresses. Signed-off-by: James Hogan Cc: Paolo Bonzini Cc: "Radim Krčmář" Cc: Ralf Baechle Cc: linux-mips@linux-mips.org Cc: kvm@vger.kernel.org Cc: # 4.8.x- Signed-off-by: Radim Krčmář arch/mips/kvm/entry.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit 08f9572671c8047e7234cbf150869aa3c3d59a97 Author: Jiri Kosina Date: Thu Jan 5 14:25:59 2017 +0100 HID: ignore Petzl USB headlamp This headlamp contains a dummy HID descriptor which pretends to be a mouse-like device, but can't be used as a mouse at all. Reported-by: Lukas Ocilka Signed-off-by: Jiri Kosina drivers/hid/hid-core.c | 1 + drivers/hid/hid-ids.h | 3 +++ 2 files changed, 4 insertions(+) commit 60448b077ed93d227e6c117a9e87db76ff0c1911 Author: Pierre-Louis Bossart Date: Wed Jan 4 15:44:52 2017 -0600 ASoC: Intel: bytcr-rt5640: fix settings in internal clock mode Frequency value of zero did not make sense, use same 24.576MHz setting and only change the clock source in idle mode Suggested-by: Bard Liao Signed-off-by: Pierre-Louis Bossart Signed-off-by: Mark Brown sound/soc/intel/boards/bytcr_rt5640.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit c7858bf16c0b2cc62f475f31e6df28c3a68da1d6 Author: Michal Marek Date: Tue Jan 3 13:49:42 2017 +0100 asm-prototypes: Clear any CPP defines before declaring the functions The asm-prototypes.h file is used to provide dummy function declarations for genksyms, when processing asm files with EXPORT_SYMBOL. Make sure that any architecture defines get out of our way. x86 currently has an issue with memcpy on 64bit with CONFIG_KMEMCHECK=y and with memset/__memset on 32bit: $ cat init/test.c #include $ make -s init/test.o In file included from ./arch/x86/include/asm/string.h:4:0, from ./include/linux/string.h:18, from ./include/linux/bitmap.h:8, from ./include/linux/cpumask.h:11, from ./arch/x86/include/asm/cpumask.h:4, from ./arch/x86/include/asm/msr.h:10, from ./arch/x86/include/asm/processor.h:20, from ./arch/x86/include/asm/cpufeature.h:4, from ./arch/x86/include/asm/thread_info.h:52, from ./include/linux/thread_info.h:25, from ./arch/x86/include/asm/preempt.h:6, from ./include/linux/preempt.h:59, from ./include/linux/spinlock.h:50, from ./include/linux/seqlock.h:35, from ./include/linux/time.h:5, from ./include/uapi/linux/timex.h:56, from ./include/linux/timex.h:56, from ./include/linux/sched.h:19, from ./include/linux/uaccess.h:4, from ./arch/x86/include/asm/asm-prototypes.h:2, from init/test.c:1: ./arch/x86/include/asm/string_64.h:52:47: error: expected declaration specifiers or ‘...’ before ‘(’ token #define memcpy(dst, src, len) __inline_memcpy((dst), (src), (len)) ./include/asm-generic/asm-prototypes.h:6:14: note: in expansion of macro ‘memcpy’ extern void *memcpy(void *, const void *, __kernel_size_t); ^ ... During real build, this manifests itself by genksyms segfaulting. Fixes: 334bb7738764 ("x86/kbuild: enable modversions for symbols exported from asm") Reported-and-tested-by: Borislav Petkov Cc: Adam Borowski Signed-off-by: Michal Marek include/asm-generic/asm-prototypes.h | 6 ++++++ 1 file changed, 6 insertions(+) commit 753aacfd2e95df6a0caf23c03dc309020765bea9 Author: Johannes Berg Date: Thu Jan 5 10:57:14 2017 +0100 nl80211: fix sched scan netlink socket owner destruction A single netlink socket might own multiple interfaces *and* a scheduled scan request (which might belong to another interface), so when it goes away both may need to be destroyed. Remove the schedule_scan_stop indirection to fix this - it's only needed for interface destruction because of the way this works right now, with a single work taking care of all interfaces. Cc: stable@vger.kernel.org Fixes: 93a1e86ce10e4 ("nl80211: Stop scheduled scan if netlink client disappears") Signed-off-by: Johannes Berg net/wireless/nl80211.c | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) commit 74545f63890e38520eb4d1dbedcadaa9c0dbc824 Author: David Carrillo-Cisneros Date: Thu Dec 22 17:17:40 2016 -0800 perf/x86: Set pmu->module in Intel PMU modules The conversion of Intel PMU drivers into modules did not include reference counting. The machine will crash when attempting to access deleted code if an event from a module PMU is started and the module removed before the event is destroyed. i.e. this crashes the machine: $ insmod intel-rapl-perf.ko $ perf stat -e power/energy-cores/ -C 0 & $ rmmod intel-rapl-perf.ko Set THIS_MODULE to pmu->module in Intel module PMUs so that generic code can handle reference counting and deny rmmod while an event still exists. Signed-off-by: David Carrillo-Cisneros Cc: Alexander Shishkin Cc: Arnaldo Carvalho de Melo Cc: Borislav Petkov Cc: Dave Hansen Cc: Jiri Olsa Cc: Kan Liang Cc: Linus Torvalds Cc: Paul Turner Cc: Peter Zijlstra Cc: Srinivas Pandruvada Cc: Stephane Eranian Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/1482455860-116269-1-git-send-email-davidcc@google.com Signed-off-by: Ingo Molnar arch/x86/events/intel/cstate.c | 2 ++ arch/x86/events/intel/rapl.c | 1 + arch/x86/events/intel/uncore.c | 1 + 3 files changed, 4 insertions(+) commit 159d3726db12b3476bc59ea0ab0a702103d466b5 Author: Andy Shevchenko Date: Mon Jan 2 11:24:50 2017 +0200 x86/platform/intel-mid: Rename 'spidev' to 'mrfld_spidev' The current implementation supports only Intel Merrifield platforms. Don't mess with the rest of the Intel MID family by not registering device with wrong properties. Signed-off-by: Andy Shevchenko Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20170102092450.87229-1-andriy.shevchenko@linux.intel.com Signed-off-by: Ingo Molnar arch/x86/platform/intel-mid/device_libs/Makefile | 2 +- .../intel-mid/device_libs/platform_mrfld_spidev.c | 54 ++++++++++++++++++++++ .../intel-mid/device_libs/platform_spidev.c | 50 -------------------- 3 files changed, 55 insertions(+), 51 deletions(-) commit 754c73cf4d2463022b2c9ae208026bf22564ed06 Author: Andy Shevchenko Date: Mon Jan 2 11:22:29 2017 +0200 x86/cpu: Fix typo in the comment for Anniedale The proper spelling of Anniedale SoC with 'e' in the middle. Fix typo in the comment line in intel-family.h header. Signed-off-by: Andy Shevchenko Cc: Dave Hansen Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20170102092229.87036-1-andriy.shevchenko@linux.intel.com Signed-off-by: Ingo Molnar arch/x86/include/asm/intel-family.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit dd853fd216d1485ed3045ff772079cc8689a9a4a Author: Lukasz Odzioba Date: Wed Dec 28 14:55:40 2016 +0100 x86/cpu: Fix bootup crashes by sanitizing the argument of the 'clearcpuid=' command-line option A negative number can be specified in the cmdline which will be used as setup_clear_cpu_cap() argument. With that we can clear/set some bit in memory predceeding boot_cpu_data/cpu_caps_cleared which may cause kernel to misbehave. This patch adds lower bound check to setup_disablecpuid(). Boris Petkov reproduced a crash: [ 1.234575] BUG: unable to handle kernel paging request at ffffffff858bd540 [ 1.236535] IP: memcpy_erms+0x6/0x10 Signed-off-by: Lukasz Odzioba Acked-by: Borislav Petkov Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: andi.kleen@intel.com Cc: bp@alien8.de Cc: dave.hansen@linux.intel.com Cc: luto@kernel.org Cc: slaoub@gmail.com Fixes: ac72e7888a61 ("x86: add generic clearcpuid=... option") Link: http://lkml.kernel.org/r/1482933340-11857-1-git-send-email-lukasz.odzioba@intel.com Signed-off-by: Ingo Molnar arch/x86/kernel/cpu/common.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit e4f34cf6d59160818dcdcf41f4116cc88093ece3 Author: Takashi Sakamoto Date: Thu Jan 5 09:41:31 2017 +0900 Revert "ALSA: firewire-lib: change structure member with proper type" This reverts commit 6b7e95d1336b9eb0d4c6db190ce756480496bd13. This commit is based on a concern about value of the given parameter. It's expected to be ORed value with some enumeration-constants, thus often it can not be one of the enumeration-constants. I understood that this is out of specification and causes implementation-dependent issues. In C language specification, enumerated type can be interpreted as an integer type, in which all of enumeration-constants in corresponding enumerator-list can be stored. Implementations can select one of char, signed int and unsigned int as its type, and this selection is implementation-dependent. In GCC, a signed integer is selected when at least one of enumeration-constants has negative value, else an unsigned integer is selected. This behaviour can be switched by -fshort-enums to short type. Anyway, the type can be decided after scanning all of enumeration-constants. Totally, there's no rules to constrain the value of enumerated type to be one of enumeration-constants. In short, in enumerated type, decision of actual type for the type is the most important and enumeration-constants are just used for the decision, thus it's permitted to have an integer value in a range of enumeration-constants. In our case, actual type for the type is currently deterministic to be either char or unsigned int. Under GCC, it's unsigned int. Signed-off-by: Takashi Sakamoto Signed-off-by: Takashi Iwai sound/firewire/amdtp-stream.c | 2 +- sound/firewire/amdtp-stream.h | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) commit 4e06d4f083d6b485d689948479d5b2052917373d Merge: 0c744ea 8a937a2 Author: Ingo Molnar Date: Thu Jan 5 08:33:02 2017 +0100 Merge tag 'perf-urgent-for-mingo-4.10-20170104' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux into perf/urgent Pull perf/urgent fixes and one improvement from Arnaldo Carvalho de Melo: Fixes: - Fix prev/next_prio formatting for deadline tasks in libtraceevent (Daniel Bristot de Oliveira) - Robustify reading of build-ids from /sys/kernel/note (Arnaldo Carvalho de Melo) - Fix building some sample/bpf in Alpine Linux 3.4 (Arnaldo Carvalho de Melo) - Fix 'make install-bin' to install libtraceevent plugins (Arnaldo Carvalho de Melo) - Fix 'perf record --switch-output' documentation and comment (Jiri Olsa) - Fix 'perf probe' for cross arch probing (Masami Hiramatsu) Improvement: - Show total scheduling time in 'perf sched timehist' (Namhyumg Kim) Signed-off-by: Arnaldo Carvalho de Melo commit 13a6c8328e6056932dc680e447d4c5e8ad9add17 Author: Ioan-Adrian Ratiu Date: Thu Jan 5 00:37:47 2017 +0200 ALSA: usb-audio: test EP_FLAG_RUNNING at urb completion Testing EP_FLAG_RUNNING in snd_complete_urb() before running the completion logic allows us to save a few cpu cycles by returning early, skipping the pending urb in case the stream was stopped; the stop logic handles the urb and sets the completion callbacks to NULL. Signed-off-by: Ioan-Adrian Ratiu Signed-off-by: Takashi Iwai sound/usb/endpoint.c | 3 +++ 1 file changed, 3 insertions(+) commit 1d0f953086f090a022f2c0e1448300c15372db46 Author: Ioan-Adrian Ratiu Date: Thu Jan 5 00:37:46 2017 +0200 ALSA: usb-audio: Fix irq/process data synchronization Commit 16200948d83 ("ALSA: usb-audio: Fix race at stopping the stream") was incomplete causing another more severe kernel panic, so it got reverted. This fixes both the original problem and its fallout kernel race/crash. The original fix is to move the endpoint member NULL clearing logic inside wait_clear_urbs() so the irq triggering the urb completion doesn't call retire_capture/playback_urb() after the NULL clearing and generate a panic. However this creates a new race between snd_usb_endpoint_start()'s call to wait_clear_urbs() and the irq urb completion handler which again calls retire_capture/playback_urb() leading to a new NULL dereference. We keep the EP deactivation code in snd_usb_endpoint_start() because removing it will break the EP reference counting (see [1] [2] for info), however we don't need the "can_sleep" mechanism anymore because a new function was introduced (snd_usb_endpoint_sync_pending_stop()) which synchronizes pending stops and gets called inside the pcm prepare callback. It also makes sense to remove can_sleep because it was also removed from deactivate_urbs() signature in [3] so we benefit from more simplification. [1] commit 015618b90 ("ALSA: snd-usb: Fix URB cancellation at stream start") [2] commit e9ba389c5 ("ALSA: usb-audio: Fix scheduling-while-atomic bug in PCM capture stream") [3] commit ccc1696d5 ("ALSA: usb-audio: simplify endpoint deactivation code") Fixes: f8114f8583bb ("Revert "ALSA: usb-audio: Fix race at stopping the stream"") Signed-off-by: Ioan-Adrian Ratiu Signed-off-by: Takashi Iwai sound/usb/endpoint.c | 17 +++++++---------- sound/usb/endpoint.h | 2 +- sound/usb/pcm.c | 10 +++++----- 3 files changed, 13 insertions(+), 16 deletions(-) commit e02003b515e8d95f40f20f213622bb82510873d2 Merge: 4cf1846 ff97f23 Author: Linus Torvalds Date: Wed Jan 4 18:33:35 2017 -0800 Merge tag 'xfs-for-linus-4.10-rc3' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux Pull xfs fixes from Darrick Wong: - fixes for crashes and double-cleanup errors - XFS maintainership handover - fix to prevent absurdly large block reservations - fix broken sysfs getter/setters * tag 'xfs-for-linus-4.10-rc3' of git://git.kernel.org/pub/scm/fs/xfs/xfs-linux: xfs: fix max_retries _show and _store functions xfs: update MAINTAINERS xfs: fix crash and data corruption due to removal of busy COW extents xfs: use the actual AG length when reserving blocks xfs: fix double-cleanup when CUI recovery fails commit e51d5d02f688c45b6f644f472f0c80fdfa73f0cb Author: Yuriy Kolerov Date: Wed Dec 28 11:46:25 2016 +0300 ARCv2: IRQ: Call entry/exit functions for chained handlers in MCIP It is necessary to call entry/exit functions for parent interrupt controllers for proper masking/unmasking of interrupt lines. Signed-off-by: Yuriy Kolerov Signed-off-by: Vineet Gupta arch/arc/kernel/mcip.c | 4 ++++ 1 file changed, 4 insertions(+) commit 2163266c2704aa44211b6b61924a0fa570fe0d4b Author: Yuriy Kolerov Date: Wed Dec 28 11:46:24 2016 +0300 ARC: IRQ: Use hwirq instead of virq in mask/unmask It is necessary to use hwirq instead of virq when you communicate with an interrupt controller since there is no guaranty that virq numbers match hwirq numbers. Signed-off-by: Yuriy Kolerov Signed-off-by: Vineet Gupta arch/arc/kernel/intc-arcv2.c | 6 +++--- arch/arc/kernel/intc-compact.c | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) commit fa84d7310d19e0b77979019df82e357b1e8443e3 Author: Vineet Gupta Date: Wed Jan 4 12:02:44 2017 -0800 ARC: mmu: clarify the MMUv3 programming model Signed-off-by: Vineet Gupta arch/arc/mm/cache.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) commit e11b6293a8fcd3f29376808910f49bd82f72b69a Author: Hoan Tran Date: Thu Dec 15 14:55:00 2016 -0800 cpufreq: dt: Add support for APM X-Gene 2 Add the compatible string for supporting the generic device tree cpufreq-dt driver on APM's X-Gene 2 SoC. Signed-off-by: Hoan Tran Acked-by: Viresh Kumar Signed-off-by: Rafael J. Wysocki drivers/cpufreq/cpufreq-dt-platdev.c | 2 ++ 1 file changed, 2 insertions(+) commit 4cf184638bcf2bdd1bcbc661f4717b648ad4ce40 Merge: 62f8c40 71eae1c Author: Linus Torvalds Date: Wed Jan 4 14:14:53 2017 -0800 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net Pull networking fixes from David Miller: 1) stmmac_drv_probe() can race with stmmac_open() because we register the netdevice too early. Fix from Florian Fainelli. 2) UFO handling in __ip6_append_data() and ip6_finish_output() use different tests for deciding whether a frame will be fragmented or not, put them in sync. Fix from Zheng Li. 3) The rtnetlink getstats handlers need to validate that the netlink request is large enough, fix from Mathias Krause. 4) Use after free in mlx4 driver, from Jack Morgenstein. 5) Fix setting of garbage UID value in sockets during setattr() calls, from Eric Biggers. 6) Packet drop_monitor doesn't format the netlink messages properly such that nlmsg_next fails to work, fix from Reiter Wolfgang. 7) Fix handling of wildcard addresses in l2tp lookups, from Guillaume Nault. 8) __skb_flow_dissect() can crash on pptp packets, from Ian Kumlien. 9) IGMP code doesn't reset group query timers properly, from Michal Tesar. 10) Fix overzealous MAIN/LOCAL route table combining in ipv4, from Alexander Duyck. 11) vxlan offload check needs to be more strict in be2net driver, from Sabrina Dubroca. 12) Moving l3mdev to packet hooks lost RX stat counters unintentionally, fix from David Ahern. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (52 commits) sh_eth: enable RX descriptor word 0 shift on SH7734 sfc: don't report RX hash keys to ethtool when RSS wasn't enabled dpaa_eth: Initialize CGR structure before init dpaa_eth: cleanup after init_phy() failure net: systemport: Pad packet before inserting TSB net: systemport: Utilize skb_put_padto() LiquidIO VF: s/select/imply/ for PTP_1588_CLOCK libcxgb: fix error check for ip6_route_output() net: usb: asix_devices: add .reset_resume for USB PM net: vrf: Add missing Rx counters drop_monitor: consider inserted data in genlmsg_end benet: stricter vxlan offloading check in be_features_check ipv4: Do not allow MAIN to be alias for new LOCAL w/ custom rules net: macb: Updated resource allocation function calls to new version of API. net: stmmac: dwmac-oxnas: use generic pm implementation net: stmmac: dwmac-oxnas: fix fixed-link-phydev leaks net: stmmac: dwmac-oxnas: fix of-node leak Documentation/networking: fix typo in mpls-sysctl igmp: Make igmp group member RFC 3376 compliant flow_dissector: Update pptp handling to avoid null pointer deref. ... commit 71eae1ca77fd6be218d8a952d97bba827e56516d Author: Sergei Shtylyov Date: Wed Jan 4 23:10:23 2017 +0300 sh_eth: enable RX descriptor word 0 shift on SH7734 The RX descriptor word 0 on SH7734 has the RFS[9:0] field in bits 16-25 (bits 0-15 usually used for that are occupied by the packet checksum). Thus we need to set the 'shift_rd0' field in the SH7734 SoC data... Fixes: f0e81fecd4f8 ("net: sh_eth: Add support SH7734") Signed-off-by: Sergei Shtylyov Signed-off-by: David S. Miller drivers/net/ethernet/renesas/sh_eth.c | 1 + 1 file changed, 1 insertion(+) commit c7efff9284dfde95a11aaa811c9d8ec8167f0f6e Author: Takashi Iwai Date: Wed Jan 4 21:38:16 2017 +0100 ALSA: hda - Apply asus-mode8 fixup to ASUS X71SL Although the old quirk table showed ASUS X71SL with ALC663 codec being compatible with asus-mode3 fixup, the bugzilla reporter explained that asus-model8 fits better for the dual headphone controls. So be it. Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=191781 Cc: Signed-off-by: Takashi Iwai sound/pci/hda/patch_realtek.c | 1 + 1 file changed, 1 insertion(+) commit c6ef7fd40eddad38a8825cbd6bb2ce8bdbba88f5 Author: Paul Gortmaker Date: Wed Jan 4 15:08:15 2017 -0500 vfio-mdev: fix non-standard ioctl return val causing i386 build fail What appears to be a copy and paste error from the line above gets the ioctl a ssize_t return value instead of the traditional "int". The associated sample code used "long" which meant it would compile for x86-64 but not i386, with the latter failing as follows: CC [M] samples/vfio-mdev/mtty.o samples/vfio-mdev/mtty.c:1418:20: error: initialization from incompatible pointer type [-Werror=incompatible-pointer-types] .ioctl = mtty_ioctl, ^ samples/vfio-mdev/mtty.c:1418:20: note: (near initialization for ‘mdev_fops.ioctl’) cc1: some warnings being treated as errors Since in this case, vfio is working with struct file_operations; as such: long (*unlocked_ioctl) (struct file *, unsigned int, unsigned long); long (*compat_ioctl) (struct file *, unsigned int, unsigned long); ...and so here we just standardize on long vs. the normal int that user space typically sees and documents as per "man ioctl" and similar. Fixes: 9d1a546c53b4 ("docs: Sample driver to demonstrate how to use Mediated device framework.") Cc: Kirti Wankhede Cc: Neo Jia Cc: kvm@vger.kernel.org Signed-off-by: Paul Gortmaker Signed-off-by: Alex Williamson include/linux/mdev.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit cf9e1672a66c49ed8903c01b4c380a2f2dc91b40 Author: Vladimir Zapolskiy Date: Mon Dec 5 03:47:10 2016 +0200 mtd: nand: lpc32xx: fix invalid error handling of a requested irq Semantics of NR_IRQS is different on machines with SPARSE_IRQ option disabled or enabled, in the latter case IRQs are allocated starting at least from the value specified by NR_IRQS and going upwards, so the check of (irq >= NR_IRQ) to decide about an error code returned by platform_get_irq() is completely invalid, don't attempt to overrule irq subsystem in the driver. The change fixes LPC32xx NAND MLC driver initialization on boot. Fixes: 8cb17b5ed017 ("irqchip: Add LPC32xx interrupt controller driver") Cc: stable@kernel.org # v4.7+ Signed-off-by: Vladimir Zapolskiy Acked-by: Sylvain Lemieux Signed-off-by: Boris Brezillon drivers/mtd/nand/lpc32xx_mlc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 4fdda95893de776a8efdf661bbf0e338f2f13dcb Author: Edward Cree Date: Wed Jan 4 15:10:56 2017 +0000 sfc: don't report RX hash keys to ethtool when RSS wasn't enabled If we failed to set up RSS on EF10 (e.g. because firmware declared RX_RSS_LIMITED), ethtool --show-nfc $dev rx-flow-hash ... should report no fields, rather than confusingly reporting what fields we _would_ be hashing on if RSS was working. Fixes: dcb4123cbec0 ("sfc: disable RSS when unsupported") Signed-off-by: Edward Cree Signed-off-by: David S. Miller drivers/net/ethernet/sfc/ef10.c | 3 ++- drivers/net/ethernet/sfc/ethtool.c | 2 ++ drivers/net/ethernet/sfc/net_driver.h | 2 ++ drivers/net/ethernet/sfc/siena.c | 1 + 4 files changed, 7 insertions(+), 1 deletion(-) commit aa9773be2ad5afe7acc186aedbf3b4857611d4ed Merge: c030af8 0fbb0f2 Author: David S. Miller Date: Wed Jan 4 13:45:09 2017 -0500 Merge branch 'dpaa_eth-fixes' Madalin Bucur says: ==================== dpaa_eth: a couple of fixes Add cleanup on PHY initialization failure path, avoid using uninitialized memory at CGR init. ==================== Signed-off-by: David S. Miller commit 0fbb0f24dde8759925fc56e9dbc6a5b2cbba99c4 Author: Roy Pledge Date: Wed Jan 4 13:21:30 2017 +0200 dpaa_eth: Initialize CGR structure before init The QBMan CGR options needs to be zeroed before calling the init function Signed-off-by: Roy Pledge Signed-off-by: David S. Miller drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 2 ++ 1 file changed, 2 insertions(+) commit 3fe61f0940d9c7892462c893602fdccfe8b24e8c Author: Madalin Bucur Date: Wed Jan 4 13:21:29 2017 +0200 dpaa_eth: cleanup after init_phy() failure Signed-off-by: Madalin Bucur Signed-off-by: David S. Miller drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit a2dd8af00ca7fff4972425a4a6b19dd1840dc807 Author: Andy Shevchenko Date: Mon Jan 2 13:44:28 2017 +0200 spi: pxa2xx: add missed break The commit 7c7289a40425 ("spi: pxa2xx: Default thresholds to PXA configuration") while splitting up CE4100 code obviously missed a break condition in one chunk. Add it here. Looks like we have no active user of CE4100, though better to fix this later than never. Fixes: commit 7c7289a40425 ("spi: pxa2xx: Default thresholds to PXA configuration") Signed-off-by: Andy Shevchenko Signed-off-by: Mark Brown drivers/spi/spi-pxa2xx.c | 1 + 1 file changed, 1 insertion(+) commit c030af878f04b77011f6876e8c4f0530c26ed6d4 Merge: cd7aeb1 38e5a85 Author: David S. Miller Date: Wed Jan 4 13:33:30 2017 -0500 Merge branch 'systemport-padding-and-TSB-insertion' Florian Fainelli says: ==================== net: systemport: Fix padding vs. TSB insertion This patch series fixes how we pad the packets submitted to the SYSTEMPORT adapter, and how the transmit status block (prepended 8 bytes) fits in the picture. The first patch is not technically a bug fix, but is required for the second path to be applied and to greatly simplify the skb length calculation. ==================== Signed-off-by: David S. Miller commit 38e5a85562a6cd911fc26d951d576551a688574c Author: Florian Fainelli Date: Tue Jan 3 16:34:49 2017 -0800 net: systemport: Pad packet before inserting TSB Inserting the TSB means adding an extra 8 bytes in front the of packet that is going to be used as metadata information by the TDMA engine, but stripped off, so it does not really help with the packet padding. For some odd packet sizes that fall below the 60 bytes payload (e.g: ARP) we can end-up padding them after the TSB insertion, thus making them 64 bytes, but with the TDMA stripping off the first 8 bytes, they could still be smaller than 64 bytes which is required to ingress the switch. Fix this by swapping the padding and TSB insertion, guaranteeing that the packets have the right sizes. Fixes: 80105befdb4b ("net: systemport: add Broadcom SYSTEMPORT Ethernet MAC driver") Signed-off-by: Florian Fainelli Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/bcmsysport.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) commit bb7da333d0a9f3bddc08f84187b7579a3f68fd24 Author: Florian Fainelli Date: Tue Jan 3 16:34:48 2017 -0800 net: systemport: Utilize skb_put_padto() Since we need to pad our packets, utilize skb_put_padto() which increases skb->len by how much we need to pad, allowing us to eliminate the test on skb->len right below. Signed-off-by: Florian Fainelli Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/bcmsysport.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) commit 4ee437fbf626b5ad756889d8bc0fcead3d66dde7 Author: Caleb Crome Date: Tue Jan 3 10:22:57 2017 -0800 ASoC: fsl_ssi: set fifo watermark to more reliable value The fsl_ssi fifo watermark is by default set to 2 free spaces (i.e. activate DMA on FIFO when only 2 spaces are left.) This means the DMA must service the fifo within 2 audio samples, which is just not enough time for many use cases with high data rate. In many configurations the audio channel slips (causing l/r swap in stereo configurations, or channel slipping in multi-channel configurations). This patch gives more breathing room and allows the SSI to operate reliably by changing the fifio refill watermark to 8. There is no change in behavior for older chips (with an 8-deep fifo). Only the newer chips with a 15-deep fifo get the new behavior. I suspect a new fifo depth setting could be optimized on the older chips too, but I have not tested. Signed-off-by: Caleb Crome Reviewed-by: Fabio Estevam Signed-off-by: Mark Brown sound/soc/fsl/fsl_ssi.c | 74 +++++++++++++++++++++++++++++++++++-------------- 1 file changed, 53 insertions(+), 21 deletions(-) commit cd7aeb1f9706b665ad8659df8ff036e7bc0097f4 Author: Nicolas Pitre Date: Tue Jan 3 13:57:00 2017 -0500 LiquidIO VF: s/select/imply/ for PTP_1588_CLOCK Fix a minor fallout from the merge of the timers and the networking trees. The following error may result if the PTP_1588_CLOCK prerequisites are not available: drivers/built-in.o: In function `ptp_clock_unregister': (.text+0x40e0a5): undefined reference to `pps_unregister_source' drivers/built-in.o: In function `ptp_clock_unregister': (.text+0x40e0cc): undefined reference to `posix_clock_unregister' drivers/built-in.o: In function `ptp_clock_event': (.text+0x40e249): undefined reference to `pps_event' drivers/built-in.o: In function `ptp_clock_register': (.text+0x40e5e1): undefined reference to `pps_register_source' drivers/built-in.o: In function `ptp_clock_register': (.text+0x40e62c): undefined reference to `posix_clock_register' drivers/built-in.o: In function `ptp_clock_register': (.text+0x40e68d): undefined reference to `pps_unregister_source' Signed-off-by: Nicolas Pitre Acked-by: Richard Cochran Signed-off-by: David S. Miller drivers/net/ethernet/cavium/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit a9a8cdb368d99bb655b5cdabea560446db0527cc Author: Varun Prakash Date: Tue Jan 3 21:25:48 2017 +0530 libcxgb: fix error check for ip6_route_output() ip6_route_output() never returns NULL so check dst->error instead of !dst. Signed-off-by: Varun Prakash Signed-off-by: David S. Miller drivers/net/ethernet/chelsio/libcxgb/libcxgb_cm.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) commit 63dfb0dac9055145db85ce764355aef2f563739a Author: Peter Chen Date: Tue Jan 3 17:22:20 2017 +0800 net: usb: asix_devices: add .reset_resume for USB PM The USB core may call reset_resume when it fails to resume asix device. And USB core can recovery this abnormal resume at low level driver, the same .resume at asix driver can work too. Add .reset_resume can avoid disconnecting after backing from system resume, and NFS can still be mounted after this commit. Signed-off-by: Peter Chen Signed-off-by: David S. Miller drivers/net/usb/asix_devices.c | 1 + 1 file changed, 1 insertion(+) commit b577fafc4366eb82334518c552912652328c74fa Author: Brian Norris Date: Wed Jan 4 16:18:11 2017 +0000 nvmem: fix nvmem_cell_read() return type doc nvmem_cell_read() returns void *, not char *. This is a cleanup that got left out of commit a6c50912508d ("nvmem: Declare nvmem_cell_read() consistently"). Signed-off-by: Brian Norris Fixes: a6c50912508d ("nvmem: Declare nvmem_cell_read() consistently") Signed-off-by: Srinivas Kandagatla Signed-off-by: Greg Kroah-Hartman drivers/nvmem/core.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 14ba972842f9e84e6d3264bc0302101b8a792288 Author: Daniel Schultz Date: Wed Jan 4 16:18:10 2017 +0000 nvmem: imx-ocotp: Fix wrong register size All i.MX6 SoCs have an OCOTP Controller with 4kbit fuses. The i.MX6SL is an exception and has only 2kbit fuses. In the TRM for the i.MX6DQ (IMX6QDRM - Rev 2, 06/2014) the fuses size is described in chapter 46.1.1 with: "32-bit word restricted program and read to 4Kbits of eFuse OTP(512x8)." In the TRM for the i.MX6SL (IMX6SLRM - Rev 2, 06/2015) the fuses size is described in chapter 34.1.1 with: "32-bit word restricted program and read to 2 kbit of eFuse OTP(128x8)." Since the Freescale Linux kernel OCOTP driver works with a fuses size of 2 kbit for the i.MX6SL, it looks like the TRM is wrong and the formula to calculate the correct fuses size has to be 256x8. Signed-off-by: Daniel Schultz Signed-off-by: Srinivas Kandagatla Signed-off-by: Greg Kroah-Hartman drivers/nvmem/imx-ocotp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 01d0d2c42a14cee8f619d3e9d571ce3469f5ef51 Author: Vivek Gautam Date: Wed Jan 4 16:18:09 2017 +0000 nvmem: qfprom: Allow single byte accesses for read/write The nvmem core driver supports to read and write single byte. So, allow qfprom to support this feature. This change helps in extracting a required value based on bit-offset and number of bits for the required value in the nvmem cell. Signed-off-by: Vivek Gautam Cc: Srinivas Kandagatla Signed-off-by: Srinivas Kandagatla Signed-off-by: Greg Kroah-Hartman drivers/nvmem/qfprom.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) commit e09ee853c92011860a4bd2fbdf6126f60fc16bd3 Author: Alexander Usyskin Date: Wed Dec 14 17:56:52 2016 +0200 mei: move write cb to completion on credentials failures The credentials handling was pushed to the write handlers but error handling wasn't done properly. Move write callbacks to completion queue to destroy them and to notify a blocked writer about the failure Fixes: 136698e535cd1 (mei: push credentials inside the irq write handler) Signed-off-by: Alexander Usyskin Signed-off-by: Tomas Winkler Signed-off-by: Greg Kroah-Hartman drivers/misc/mei/client.c | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) commit 5026c9cb0744a9cd40242743ca91a5d712f468c6 Author: Alexander Usyskin Date: Wed Dec 14 17:56:51 2016 +0200 mei: bus: fix mei_cldev_enable KDoc Adjust function name in KDoc. Fixes: d49dc5e76fc9 (mei: bus: use mei_cldev_ prefix for the API functions) Signed-off-by: Alexander Usyskin Signed-off-by: Tomas Winkler Signed-off-by: Greg Kroah-Hartman drivers/misc/mei/bus.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 62f8c40592172a9c3bc2658e63e6e76ba00b3b45 Merge: 9f74451 7158339 Author: Linus Torvalds Date: Wed Jan 4 09:03:37 2017 -0800 Merge branch 'for-linus' of git://git.kernel.dk/linux-block Pull block layer fixes from Jens Axboe: "A set of fixes for the current series, one fixing a regression with block size < page cache size in the alias series from Jan. Outside of that, two small cleanups for wbt from Bart, a nvme pull request from Christoph, and a few small fixes of documentation updates" * 'for-linus' of git://git.kernel.dk/linux-block: block: fix up io_poll documentation block: Avoid that sparse complains about context imbalance in __wbt_wait() block: Make wbt_wait() definition consistent with declaration clean_bdev_aliases: Prevent cleaning blocks that are not in block range genhd: remove dead and duplicated scsi code block: add back plugging in __blkdev_direct_IO nvmet/fcloop: remove some logically dead code performing redundant ret checks nvmet: fix KATO offset in Set Features nvme/fc: simplify error handling of nvme_fc_create_hw_io_queues nvme/fc: correct some printk information nvme/scsi: Remove START STOP emulation nvme/pci: Delete misleading queue-wrap comment nvme/pci: Fix whitespace problem nvme: simplify stripe quirk nvme: update maintainers information commit 9f7445197a263c99ddb898f3609fed21673ae24c Merge: 99b9be7 4dcd19b Author: Linus Torvalds Date: Wed Jan 4 09:00:57 2017 -0800 Merge tag 'fbdev-v4.10-rc2' of git://github.com/bzolnier/linux Pull fbdev fixes from Bartlomiej Zolnierkiewicz: - bring fbdev subsystem back into Maintained mode - add missing devm_ioremap() error checking to cobalt_lcdfb driver * tag 'fbdev-v4.10-rc2' of git://github.com/bzolnier/linux: video: fbdev: cobalt_lcdfb: Handle return NULL error from devm_ioremap MAINTAINERS: add myself as maintainer of fbdev commit 99b9be77632734363913e5cf22c06bb66d7f71d8 Merge: 0f64df3 81d873a Author: Linus Torvalds Date: Wed Jan 4 08:56:05 2017 -0800 Merge tag 'gcc-plugins-v4.10-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux Pull gcc-plugins fixes from Kees Cook: "Small fixes for gcc-plugins when using certain gcc versions: - update gcc-common.h for gcc 7 (Emese Revfy) - fix latent_entropy type for early gcc on ARM (PaX Team)" * tag 'gcc-plugins-v4.10-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: gcc-plugins: update gcc-common.h for gcc-7 latent_entropy: fix ARM build error on earlier gcc commit 9d84fb27fa135c99c9fe3de33628774a336a70a8 Author: Mark Rutland Date: Tue Jan 3 18:27:01 2017 +0000 arm64: restore get_current() optimisation Commit c02433dd6de32f04 ("arm64: split thread_info from task stack") inverted the relationship between get_current() and current_thread_info(), with sp_el0 now holding the current task_struct rather than the current thead_info. The new implementation of get_current() prevents the compiler from being able to optimize repeated calls to either, resulting in a noticeable penalty in some microbenchmarks. This patch restores the previous optimisation by implementing get_current() in the same way as our old current_thread_info(), using a non-volatile asm statement. Acked-by: Will Deacon Signed-off-by: Mark Rutland Reported-by: Davidlohr Bueso Signed-off-by: Catalin Marinas arch/arm64/include/asm/current.h | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) commit 6ef4fb387d50fa8f3bffdffc868b57e981cdd709 Author: Mark Rutland Date: Tue Jan 3 14:27:26 2017 +0000 arm64: mm: fix show_pte KERN_CONT fallout Recent changes made KERN_CONT mandatory for continued lines. In the absence of KERN_CONT, a newline may be implicit inserted by the core printk code. In show_pte, we (erroneously) use printk without KERN_CONT for continued prints, resulting in output being split across a number of lines, and not matching the intended output, e.g. [ff000000000000] *pgd=00000009f511b003 , *pud=00000009f4a80003 , *pmd=0000000000000000 Fix this by using pr_cont() for all the continuations. Acked-by: Will Deacon Signed-off-by: Mark Rutland Signed-off-by: Catalin Marinas arch/arm64/mm/fault.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 1b9ec81258827001c869f003e0b8dd2ddc104717 Merge: e9b2aef d1df1e0 Author: Arnd Bergmann Date: Wed Jan 4 16:43:00 2017 +0100 Merge tag 'davinci-fixes-for-v4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/nsekhar/linux-davinci into fixes Pull "DaVinci fixes for v4.10" from Sekhar Nori: This pull request contains fixes for the following issues 1) Fix two instances of infinite loop occurring in clock list for DA850. This fixes kernel hangs in some instances and so have been marked for stable kernel. 2) Fix for sleeping function called from atomic context with USB 2.0 clock management code introduced in v4.10 merge window. * tag 'davinci-fixes-for-v4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/nsekhar/linux-davinci: ARM: davinci: da8xx: Fix sleeping function called from invalid context ARM: davinci: Make __clk_{enable,disable} functions public ARM: davinci: da850: don't add emac clock to lookup table twice ARM: davinci: da850: fix infinite loop in clk_set_rate() commit e9b2aefa88c5d9e4ea8fc950da9b105981ad60ec Merge: 5c6ec6a fcdaf1a Author: Arnd Bergmann Date: Wed Jan 4 16:41:18 2017 +0100 Merge tag 'amlogic-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/khilman/linux-amlogic into fixes Pull "Amlogic fixes for v4.10" from Kevin Hilman: - DT: GXL: fix GPIO include - add DT and defconfig for newly merged DRM driver This pull has one real fix, as a couple non-critical ones. The DRM DT/defconfig patches are coming now because I didn't expect the new driver to make it for the v4.10 merge window, but since it did[1], the DT and defconfig should go into the same release. [1] bbbe775ec5b5 drm: Add support for Amlogic Meson Graphic Controller * tag 'amlogic-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/khilman/linux-amlogic: ARM64: defconfig: enable DRM_MESON as module ARM64: dts: meson-gx: Add Graphic Controller nodes ARM64: dts: meson-gxl: fix GPIO include commit 5c6ec6a02c1378ba0e3ac530f8c80523ea74e5de Merge: 46db991 32d53d1 Author: Arnd Bergmann Date: Wed Jan 4 16:38:39 2017 +0100 Merge tag 'psci-fixes-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/lpieralisi/linux into fixes Pull "PSCI fixes for v4.10" from Lorenzo Pieralisi: Two minor fixes following the merge of the PSCI checker: - Annotate the PSCI checker timer on the stack used to wake-up from suspend to prevent warnings when the DEBUG_OBJECTS config option is enabled - Extend the PSCI entry in the maintainers list to also include the PSCI checker code * tag 'psci-fixes-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/lpieralisi/linux: MAINTAINERS: extend PSCI entry to cover the newly add PSCI checker code drivers: psci: annotate timer on stack to silence odebug messages commit 46db9914c3bf9d7aa292bc03eb2061a553a057d7 Merge: f53c1e6 1dff32d Author: Arnd Bergmann Date: Wed Jan 4 16:37:45 2017 +0100 Merge tag 'juno-fixes-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/sudeep.holla/linux into fixes Pull "ARMv8 Juno/VExpress fixes for v4.10" from Sudeep Holla: A simple fix to extend GICv2 CPU interface registers from 4K to 8K on AEMv8 FVP/RTSM models in order to support split priority drop and interrupt deactivation. * tag 'juno-fixes-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/sudeep.holla/linux: arm64: dts: vexpress: Support GICC_DIR operations commit e19f32da5ded958238eac1bbe001192acef191a2 Author: Arvind Yadav Date: Tue Jan 3 17:26:46 2017 +0530 vfio-pci: Handle error from pci_iomap Here, pci_iomap can fail, handle this case release selected pci regions and return -ENOMEM. Signed-off-by: Arvind Yadav Signed-off-by: Alex Williamson drivers/vfio/pci/vfio_pci.c | 4 ++++ 1 file changed, 4 insertions(+) commit f53c1e6464d3c24583be4f1c1668c54813695da3 Merge: 43a8df7 368400e Author: Arnd Bergmann Date: Wed Jan 4 16:33:37 2017 +0100 Merge tag 'vexpress-fixes-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/sudeep.holla/linux into fixes Pull "ARMv7 VExpress fixes for v4.10" from Sudeep Holla: A simple fix to extend GICv2 CPU interface registers from 4K to 8K on VExpress TC1 and TC2 platforms in order to support split priority drop and interrupt deactivation. * tag 'vexpress-fixes-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/sudeep.holla/linux: ARM: dts: vexpress: Support GICC_DIR operations commit d293dbaa540b5800817cc10832d764b17cc211b5 Author: Dan Carpenter Date: Thu Nov 24 14:27:26 2016 +0300 vfio-mdev: fix some error codes in the sample code This is just sample code. We forget to set the error codes in a couple places. Signed-off-by: Dan Carpenter Reported-by: Alexey Khoroshilov Signed-off-by: Alex Williamson samples/vfio-mdev/mtty.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 43a8df78dc1a95c24a08f6b776dc86820c117160 Merge: ad040d8 a766347 Author: Arnd Bergmann Date: Wed Jan 4 16:18:38 2017 +0100 Merge tag 'scpi-fixes-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/sudeep.holla/linux into fixes Pull "SCPI fix for v4.10" from Sudeep Holla: A simple fix for reading only lower 32-bit sensor values on pre-1.0 SCPI firmwares so that upper 32-bit (garbage) value is discarded properly. * tag 'scpi-fixes-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/sudeep.holla/linux: firmware: arm_scpi: fix reading sensor values on pre-1.0 SCPI firmwares commit ad040d8df6eb3a6d4b85ef69448d370d0065843c Merge: fcf14b8 116dad7 Author: Arnd Bergmann Date: Wed Jan 4 16:17:46 2017 +0100 Merge tag 'imx-fixes-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/shawnguo/linux into fixes Pull "i.MX fixes for 4.10" from Shawn Guo: - A format fix for vf610-zii-dev-rev-b.dts, which has a very odd line due to misses a newline. - A fix to imx-weim bus error seen on board which doesn't actually use the bus. - A fix for imx6qdl-nitrogen6x board which has conflicting usage of pad NANDF_CS2. - A cleanup on i.MX1 machine to remove .map_io callback, which also fixes a compiling error for NOMMU build. - Fix AVIC base address in i.MX31 device tree source. The problem was shadowed by the AVIC driver, which takes the correct base address from a SoC specific header file. * tag 'imx-fixes-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/shawnguo/linux: ARM: dts: imx6: Disable "weim" node in the dtsi files ARM: i.MX: remove map_io callback ARM: dts: vf610-zii-dev-rev-b: Add missing newline ARM: dts: imx6qdl-nitrogen6x: remove duplicate iomux entry ARM: dts: imx31: fix AVIC base address commit fcf14b8889d5da38bac9b1fb9718f98706d90e59 Merge: 46a3bf8 542b9f0 Author: Arnd Bergmann Date: Wed Jan 4 16:17:18 2017 +0100 Merge tag 'qcom-arm-fixes-for-4.10-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/agross/linux into fixes Pull "Qualcomm ARM DTS Fixes for v4.10-rc2" from Andy Gross: * Add SCM clock for APQ8064 to fix boot failures * tag 'qcom-arm-fixes-for-4.10-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/agross/linux: ARM: dts: qcom: apq8064: Add missing scm clock commit 46a3bf80712711ac2675bc176b08a95940ed1c42 Merge: d4032cc 1a38de8 Author: Arnd Bergmann Date: Wed Jan 4 16:14:25 2017 +0100 Merge tag 'omap-for-v4.10/fixes-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap into fixes Pull "omap fixes for v4.10-rc cycle" from Tony Lindgren: Fist set of fixes for omaps for v4.10-rc cycle, mostly to deal with various regressions noticed during the merge window and to fix various device tree configurations for boards. Also included is removal of mach-omap2/gpio.c that is now dead code with device tree based booting that should be OK for the early -rc cycle: - A series of fixes to add empty chosen node to fix regressions caused for bootloaders that don't create chosen node as the decompressor needs the chosen node to merge command line and ATAGs into it - Fix missing logicpd-som-lv-37xx-devkit.dtb entry in Makefile - Fix regression for am437x timers - Fix wrong strcat for non-NULL terminated string - A series of changes to fix tps65217 interrupts to not use defines as we don't do that for interrupts - Two patches to fix USB VBUS detection on am57xx-idk and force it to peripheral mode until dwc3 role detection is working - Add missing dra72-evm-tps65917 missing voltage supplies accidentally left out of an earlier patch - Fix n900 eMMC detection when booted on qemu - Remove unwanted pr_err on failed memory allocation for prm_common.c - Remove legacy mach-omap2/gpio.c that now is dead code since we boot mach-omap2 in device tree only mode - Fix am572x-idk pcie1 by adding the missing gpio reset pin * tag 'omap-for-v4.10/fixes-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tmlind/linux-omap: (23 commits) ARM: dts: am572x-idk: Add gpios property to control PCIE_RESETn ARM: OMAP2+: PRM: Delete an error message for a failed memory allocation ARM: dts: n900: Mark eMMC slot with no-sdio and no-sd flags ARM: dts: dra72-evm-tps65917: Add voltage supplies to usb_phy, mmc, dss ARM: dts: am57xx-idk: Put USB2 port in peripheral mode ARM: dts: am57xx-idk: Support VBUS detection on USB2 port dt-bindings: input: Specify the interrupt number of TPS65217 power button dt-bindings: power/supply: Update TPS65217 properties dt-bindings: mfd: Remove TPS65217 interrupts ARM: dts: am335x: Fix the interrupt name of TPS65217 ARM: omap2+: fixing wrong strcat for Non-NULL terminated string ARM: omap2+: am437x: rollback to use omap3_gptimer_timer_init() ARM: dts: omap3: Add DTS for Logic PD SOM-LV 37xx Dev Kit ARM: dts: dra7: Add an empty chosen node to top level DTSI ARM: dts: dm816x: Add an empty chosen node to top level DTSI ARM: dts: dm814x: Add an empty chosen node to top level DTSI ARM: dts: am4372: Add an empty chosen node to top level DTSI ARM: dts: am33xx: Add an empty chosen node to top level DTSI ARM: dts: omap5: Add an empty chosen node to top level DTSI ARM: dts: omap4: Add an empty chosen node to top level DTSI ... commit d4032ccc406f325dbbda637fbb10746e9a441aa4 Merge: cb2cc43 da6b21e Author: Arnd Bergmann Date: Wed Jan 4 16:12:17 2017 +0100 Merge tag 'samsung-soc-4.10-2' of git://git.kernel.org/pub/scm/linux/kernel/git/krzk/linux into fixes Samsung mach/soc update for v4.10: 1. Minor cleanup in smp_operations. 2. Another step in switching s3c24xx to new DMA API. 3. Drop fixed requirement for HZ=200 on Samsung platforms. * tag 'samsung-soc-4.10-2' of git://git.kernel.org/pub/scm/linux/kernel/git/krzk/linux: ARM: Drop fixed 200 Hz timer requirement from Samsung platforms ARM: S3C24XX: Add DMA slave maps for remaining s3c24xx SoCs ARM: EXYNOS: Remove smp_init_cpus hook from platsmp.c commit cb2cc43681dacbd74f3c1f96fde5ee21524fed54 Merge: 84cc8ca e911293 Author: Arnd Bergmann Date: Wed Jan 4 16:10:38 2017 +0100 Merge tag 'qcom-fixes-for-4.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/agross/linux into fixes Qualcomm ARM64 Fixes for v4.10-rc1 * Fix instability in MSM8996 due to incorrect carveouts * tag 'qcom-fixes-for-4.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/agross/linux: arm64: dts: msm8996: Add required memory carveouts commit 84cc8ca1fd7b966830d2d904e914d7d3a33ef02e Merge: 0c744ea 8ebcb40 Author: Arnd Bergmann Date: Wed Jan 4 16:08:28 2017 +0100 Merge tag 'renesas-fixes-for-v4.10' of https://git.kernel.org/pub/scm/linux/kernel/git/horms/renesas into fixes Renesas ARM Based SoC Fixes for v4.10 * Provide sd0_uhs node * tag 'renesas-fixes-for-v4.10' of https://git.kernel.org/pub/scm/linux/kernel/git/horms/renesas: arm64: dts: h3ulcb: Provide sd0_uhs node commit 8a937a25a7e3c19d5fb3f9d92f605cf5fda219d8 Author: Masami Hiramatsu Date: Wed Jan 4 12:30:19 2017 +0900 perf probe: Fix to probe on gcc generated symbols for offline kernel Fix perf-probe to show probe definition on gcc generated symbols for offline kernel (including cross-arch kernel image). gcc sometimes optimizes functions and generate new symbols with suffixes such as ".constprop.N" or ".isra.N" etc. Since those symbol names are not recorded in DWARF, we have to find correct generated symbols from offline ELF binary to probe on it (kallsyms doesn't correct it). For online kernel or uprobes we don't need it because those are rebased on _text, or a section relative address. E.g. Without this: $ perf probe -k build-arm/vmlinux -F __slab_alloc* __slab_alloc.constprop.9 $ perf probe -k build-arm/vmlinux -D __slab_alloc p:probe/__slab_alloc __slab_alloc+0 If you put above definition on target machine, it should fail because there is no __slab_alloc in kallsyms. With this fix, perf probe shows correct probe definition on __slab_alloc.constprop.9: $ perf probe -k build-arm/vmlinux -D __slab_alloc p:probe/__slab_alloc __slab_alloc.constprop.9+0 Signed-off-by: Masami Hiramatsu Cc: Jiri Olsa Cc: Namhyung Kim Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/148350060434.19001.11864836288580083501.stgit@devbox Signed-off-by: Arnaldo Carvalho de Melo tools/perf/util/probe-event.c | 48 ++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 47 insertions(+), 1 deletion(-) commit 432abf68a79332282329286d190e21fe3ac02a31 Author: Huang Rui Date: Mon Dec 12 07:28:26 2016 -0500 iommu/amd: Fix the left value check of cmd buffer The generic command buffer entry is 128 bits (16 bytes), so the offset of tail and head pointer should be 16 bytes aligned and increased with 0x10 per command. When cmd buf is full, head = (tail + 0x10) % CMD_BUFFER_SIZE. So when left space of cmd buf should be able to store only two command, we should be issued one COMPLETE_WAIT additionally to wait all older commands completed. Then the left space should be increased after IOMMU fetching from cmd buf. So left check value should be left <= 0x20 (two commands). Signed-off-by: Huang Rui Fixes: ac0ea6e92b222 ('x86/amd-iommu: Improve handling of full command buffer') Signed-off-by: Joerg Roedel drivers/iommu/amd_iommu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 65ca7f5f7d1cdde6c25172fe6107cd16902f826f Author: Jacob Pan Date: Tue Dec 6 10:14:23 2016 -0800 iommu/vt-d: Fix pasid table size encoding Different encodings are used to represent supported PASID bits and number of PASID table entries. The current code assigns ecap_pss directly to extended context table entry PTS which is wrong and could result in writing non-zero bits to the reserved fields. IOMMU fault reason 11 will be reported when reserved bits are nonzero. This patch converts ecap_pss to extend context entry pts encoding based on VT-d spec. Chapter 9.4 as follows: - number of PASID bits = ecap_pss + 1 - number of PASID table entries = 2^(pts + 5) Software assigned limit of pasid_max value is also respected to match the allocation limitation of PASID table. cc: Mika Kuoppala cc: Ashok Raj Signed-off-by: Jacob Pan Tested-by: Mika Kuoppala Fixes: 2f26e0a9c9860 ('iommu/vt-d: Add basic SVM PASID support') Signed-off-by: Joerg Roedel drivers/iommu/intel-iommu.c | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) commit eebc509b20881b92d62e317b2c073e57c5f200f0 Author: Masami Hiramatsu Date: Wed Jan 4 12:29:05 2017 +0900 perf probe: Fix --funcs to show correct symbols for offline module Fix --funcs (-F) option to show correct symbols for offline module. Since previous perf-probe uses machine__findnew_module_map() for offline module, even if user passes a module file (with full path) which is for other architecture, perf-probe always tries to load symbol map for current kernel module. This fix uses dso__new_map() to load the map from given binary as same as a map for user applications. Signed-off-by: Masami Hiramatsu Cc: Jiri Olsa Cc: Namhyung Kim Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/148350053478.19001.15435255244512631545.stgit@devbox Signed-off-by: Arnaldo Carvalho de Melo tools/perf/util/probe-event.c | 25 ++++++------------------- 1 file changed, 6 insertions(+), 19 deletions(-) commit aec0e86172a79eb5e44aff1055bb953fe4d47c59 Author: Xunlei Pang Date: Mon Dec 5 20:09:07 2016 +0800 iommu/vt-d: Flush old iommu caches for kdump when the device gets context mapped We met the DMAR fault both on hpsa P420i and P421 SmartArray controllers under kdump, it can be steadily reproduced on several different machines, the dmesg log is like: HP HPSA Driver (v 3.4.16-0) hpsa 0000:02:00.0: using doorbell to reset controller hpsa 0000:02:00.0: board ready after hard reset. hpsa 0000:02:00.0: Waiting for controller to respond to no-op DMAR: Setting identity map for device 0000:02:00.0 [0xe8000 - 0xe8fff] DMAR: Setting identity map for device 0000:02:00.0 [0xf4000 - 0xf4fff] DMAR: Setting identity map for device 0000:02:00.0 [0xbdf6e000 - 0xbdf6efff] DMAR: Setting identity map for device 0000:02:00.0 [0xbdf6f000 - 0xbdf7efff] DMAR: Setting identity map for device 0000:02:00.0 [0xbdf7f000 - 0xbdf82fff] DMAR: Setting identity map for device 0000:02:00.0 [0xbdf83000 - 0xbdf84fff] DMAR: DRHD: handling fault status reg 2 DMAR: [DMA Read] Request device [02:00.0] fault addr fffff000 [fault reason 06] PTE Read access is not set hpsa 0000:02:00.0: controller message 03:00 timed out hpsa 0000:02:00.0: no-op failed; re-trying After some debugging, we found that the fault addr is from DMA initiated at the driver probe stage after reset(not in-flight DMA), and the corresponding pte entry value is correct, the fault is likely due to the old iommu caches of the in-flight DMA before it. Thus we need to flush the old cache after context mapping is setup for the device, where the device is supposed to finish reset at its driver probe stage and no in-flight DMA exists hereafter. I'm not sure if the hardware is responsible for invalidating all the related caches allocated in the iommu hardware before, but seems not the case for hpsa, actually many device drivers have problems in properly resetting the hardware. Anyway flushing (again) by software in kdump kernel when the device gets context mapped which is a quite infrequent operation does little harm. With this patch, the problematic machine can survive the kdump tests. CC: Myron Stowe CC: Joseph Szczypek CC: Don Brace CC: Baoquan He CC: Dave Young Fixes: 091d42e43d21 ("iommu/vt-d: Copy translation tables from old kernel") Fixes: dbcd861f252d ("iommu/vt-d: Do not re-use domain-ids from the old kernel") Fixes: cf484d0e6939 ("iommu/vt-d: Mark copied context entries") Signed-off-by: Xunlei Pang Tested-by: Don Brace Signed-off-by: Joerg Roedel drivers/iommu/intel-iommu.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) commit cf1716e9dae5b21b9bbcfe5eb0106c3b0aee37e8 Author: Andy Shevchenko Date: Tue Jan 3 15:48:20 2017 +0200 spi: dw-mid: switch to new dmaengine_terminate_* API (part 2) The commit a3ff9582369e ("spi: dw-mid: switch to new dmaengine_terminate_* API") converted mid_spi_dma_exit() but missed mid_spi_dma_stop(). This is follow up to convert the rest. Fixes: a3ff9582369e ("spi: dw-mid: switch to new dmaengine_terminate_* API") Signed-off-by: Andy Shevchenko Signed-off-by: Mark Brown drivers/spi/spi-dw-mid.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 4dcd19bfabaee8f9f4bcf203afba09b98ccbaf76 Author: Arvind Yadav Date: Tue Dec 13 13:50:52 2016 +0530 video: fbdev: cobalt_lcdfb: Handle return NULL error from devm_ioremap Here, If devm_ioremap will fail. It will return NULL. Kernel can run into a NULL-pointer dereference. This error check will avoid NULL pointer dereference. Signed-off-by: Arvind Yadav Acked-by: Yoichi Yuasa Signed-off-by: Bartlomiej Zolnierkiewicz drivers/video/fbdev/cobalt_lcdfb.c | 5 +++++ 1 file changed, 5 insertions(+) commit 04f6152d9fbad5bb78bccd05e798fa2d66c571e9 Author: Bartlomiej Zolnierkiewicz Date: Wed Jan 4 12:58:44 2017 +0100 MAINTAINERS: add myself as maintainer of fbdev I would like to help with fbdev maintenance. I can dedicate some time for reviewing and handling patches but won't have time for much more. The subsystem will remain in maintenance mode (no new drivers will be added to it). Cc: Tomi Valkeinen Cc: Daniel Vetter Signed-off-by: Bartlomiej Zolnierkiewicz MAINTAINERS | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 5db60ea93d4fbf146c8f7ca286b8b2a091761460 Author: Neil Armstrong Date: Wed Jan 4 10:51:02 2017 +0100 drm/meson: Fix CVBS VDAC disable This commit fixes the VDAC disabling register write values. Fixes: bbbe775ec5b5 ("drm: Add support for Amlogic Meson Graphic Controller") Signed-off-by: Neil Armstrong drivers/gpu/drm/meson/meson_venc_cvbs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 0c931a290cc0377c99a8cd970a49e736dbb23e0e Author: Neil Armstrong Date: Mon Jan 2 16:14:15 2017 +0100 drm/meson: Fix CVBS initialization when HDMI is configured by bootloader When the HDMI output is configured by the bootloader, there is mismatch is the pipeline configuration and the Vsync interrupt fails to trigger. This commit disables the HDMI blocks in the probe phase. Fixes: bbbe775ec5b5 ("drm: Add support for Amlogic Meson Graphic Controller") Signed-off-by: Neil Armstrong drivers/gpu/drm/meson/meson_venc.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) commit 3dda13a8ad787f3d4c4f18c8c05f8eebc7ea135a Merge: 2939e1a c293166 Author: David Sterba Date: Wed Jan 4 11:42:16 2017 +0100 Merge branch 'misc-4.10' into for-chris-4.10-20170104 commit 85bcf96caba8b4a7c0805555638629ba3c67ea0c Author: Takashi Iwai Date: Tue Dec 6 16:20:36 2016 +0100 ALSA: hda - Fix up GPIO for ASUS ROG Ranger ASUS ROG Ranger VIII with ALC1150 codec requires the extra GPIO pin to up for the front panel. Just use the existing fixup for setting up the GPIO pins. Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=189411 Cc: Signed-off-by: Takashi Iwai sound/pci/hda/patch_realtek.c | 1 + 1 file changed, 1 insertion(+) commit aebe55c2d4b998741c0847ace1b4af47d73c763b Author: Laurent Pinchart Date: Tue Jan 3 01:14:27 2017 +0200 drm: Clean up planes in atomic commit helper failure path If waiting for fences fails for blocking commits, planes must be cleaned up before returning. Cc: stable@vger.kernel.org Fixes: f6ce410a59a4 ("drm/fence: allow fence waiting to be interrupted by userspace") Signed-off-by: Laurent Pinchart Signed-off-by: Daniel Vetter Link: http://patchwork.freedesktop.org/patch/msgid/20170102231427.7192-1-laurent.pinchart@ideasonboard.com drivers/gpu/drm/drm_atomic_helper.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit ef079936d3cd09e63612834fe2698eeada0d8e3f Author: Johan Hovold Date: Tue Jan 3 16:40:03 2017 +0100 USB: serial: ti_usb_3410_5052: fix NULL-deref at open Fix NULL-pointer dereference in open() should a malicious device lack the expected endpoints: Unable to handle kernel NULL pointer dereference at virtual address 00000030 .. [] (ti_open [ti_usb_3410_5052]) from [] (serial_port_activate+0x68/0x98 [usbserial]) Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable Signed-off-by: Johan Hovold drivers/usb/serial/ti_usb_3410_5052.c | 7 +++++++ 1 file changed, 7 insertions(+) commit cc0909248258f679c4bb4cd315565d40abaf6bc6 Author: Johan Hovold Date: Tue Jan 3 16:40:02 2017 +0100 USB: serial: spcp8x5: fix NULL-deref at open Fix NULL-pointer dereference in open() should the device lack the expected endpoints: Unable to handle kernel NULL pointer dereference at virtual address 00000030 ... PC is at spcp8x5_open+0x30/0xd0 [spcp8x5] Fixes: 619a6f1d1423 ("USB: add usb-serial spcp8x5 driver") Cc: stable Signed-off-by: Johan Hovold drivers/usb/serial/spcp8x5.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) commit f09d1886a41e9063b43da493ef0e845ac8afd2fa Author: Johan Hovold Date: Tue Jan 3 16:40:01 2017 +0100 USB: serial: quatech2: fix sleep-while-atomic in close The write URB was being killed using the synchronous interface while holding a spin lock in close(). Simply drop the lock and busy-flag update, something which would have been taken care of by the completion handler if the URB was in flight. Fixes: f7a33e608d9a ("USB: serial: add quatech2 usb to serial driver") Cc: stable Signed-off-by: Johan Hovold drivers/usb/serial/quatech2.c | 4 ---- 1 file changed, 4 deletions(-) commit 76ab439ed1b68778e9059c79ecc5d14de76c89a8 Author: Johan Hovold Date: Tue Jan 3 16:40:00 2017 +0100 USB: serial: pl2303: fix NULL-deref at open Fix NULL-pointer dereference in open() should a type-0 or type-1 device lack the expected endpoints: Unable to handle kernel NULL pointer dereference at virtual address 00000030 ... PC is at pl2303_open+0x38/0xec [pl2303] Note that a missing interrupt-in endpoint would have caused open() to fail. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable Signed-off-by: Johan Hovold drivers/usb/serial/pl2303.c | 8 ++++++++ 1 file changed, 8 insertions(+) commit 5afeef2366db14587b65558bbfd5a067542e07fb Author: Johan Hovold Date: Tue Jan 3 16:39:59 2017 +0100 USB: serial: oti6858: fix NULL-deref at open Fix NULL-pointer dereference in open() should the device lack the expected endpoints: Unable to handle kernel NULL pointer dereference at virtual address 00000030 ... PC is at oti6858_open+0x30/0x1d0 [oti6858] Note that a missing interrupt-in endpoint would have caused open() to fail. Fixes: 49cdee0ed0fc ("USB: oti6858 usb-serial driver (in Nokia CA-42 cable)") Cc: stable Signed-off-by: Johan Hovold drivers/usb/serial/oti6858.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) commit a5bc01949e3b19d8a23b5eabc6fc71bb50dc820e Author: Johan Hovold Date: Tue Jan 3 16:39:58 2017 +0100 USB: serial: omninet: fix NULL-derefs at open and disconnect Fix NULL-pointer dereferences at open() and disconnect() should the device lack the expected bulk-out endpoints: Unable to handle kernel NULL pointer dereference at virtual address 000000b4 ... [c0170ff0>] (__lock_acquire) from [] (lock_acquire+0x108/0x264) [] (lock_acquire) from [] (_raw_spin_lock_irqsave+0x58/0x6c) [] (_raw_spin_lock_irqsave) from [] (tty_port_tty_set+0x28/0xa4) [] (tty_port_tty_set) from [] (omninet_open+0x30/0x40 [omninet]) [] (omninet_open [omninet]) from [] (serial_port_activate+0x68/0x98 [usbserial]) Unable to handle kernel NULL pointer dereference at virtual address 00000234 ... [] (omninet_disconnect [omninet]) from [] (usb_serial_disconnect+0xe4/0x100 [usbserial]) Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable Signed-off-by: Johan Hovold drivers/usb/serial/omninet.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) commit 472d7e55d559aa1cbf58c73b14fcfc4651b1a9f5 Author: Johan Hovold Date: Tue Jan 3 16:39:57 2017 +0100 USB: serial: mos7840: fix misleading interrupt-URB comment The interrupt URB is killed at final port close since commit 0de9a7024e7a ("USB: overhaul of mos7840 driver"). Fixes: 0de9a7024e7a ("USB: overhaul of mos7840 driver") Signed-off-by: Johan Hovold drivers/usb/serial/mos7840.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) commit fc43e651bf39ef174a86fde4c4593f796b1474c1 Author: Johan Hovold Date: Tue Jan 3 16:39:56 2017 +0100 USB: serial: mos7840: remove unused write URB Remove code to manage a write URB that was never allocated. Signed-off-by: Johan Hovold drivers/usb/serial/mos7840.c | 8 -------- 1 file changed, 8 deletions(-) commit 5c75633ef751dd4cd8f443dc35152c1ae563162e Author: Johan Hovold Date: Tue Jan 3 16:39:55 2017 +0100 USB: serial: mos7840: fix NULL-deref at open Fix NULL-pointer dereference in open() should the device lack the expected endpoints: Unable to handle kernel NULL pointer dereference at virtual address 00000030 ... PC is at mos7840_open+0x88/0x8dc [mos7840] Note that we continue to treat the interrupt-in endpoint as optional for now. Fixes: 3f5429746d91 ("USB: Moschip 7840 USB-Serial Driver") Cc: stable Signed-off-by: Johan Hovold drivers/usb/serial/mos7840.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) commit 9da049bcedf43e20e8cb77ee00a1239497ed9fa2 Author: Johan Hovold Date: Tue Jan 3 16:39:54 2017 +0100 USB: serial: mos7720: remove obsolete port initialisation Since commit b69578df7e98 ("USB: usbserial: mos7720: add support for parallel port on moschip 7715"), the interrupt urb is no longer submitted at first port open and the endpoint-address initialisation at port-probe is no longer used. Signed-off-by: Johan Hovold drivers/usb/serial/mos7720.c | 5 ----- 1 file changed, 5 deletions(-) commit fde1faf872ed86d88e245191bc15a8e57368cd1c Author: Johan Hovold Date: Tue Jan 3 16:39:53 2017 +0100 USB: serial: mos7720: fix parallel probe A static usb-serial-driver structure that is used to initialise the interrupt URB was modified during probe depending on the currently probed device type, something which could break a parallel probe of a device of a different type. Fix this up by overriding the default completion callback for MCS7715 devices in attach() instead. We may want to use two usb-serial driver instances for the two types later. Fixes: fb088e335d78 ("USB: serial: add support for serial port on the moschip 7715") Cc: stable Signed-off-by: Johan Hovold drivers/usb/serial/mos7720.c | 30 +++++++----------------------- 1 file changed, 7 insertions(+), 23 deletions(-) commit 75dd211e773afcbc264677b0749d1cf7d937ab2d Author: Johan Hovold Date: Tue Jan 3 16:39:52 2017 +0100 USB: serial: mos7720: fix parport use-after-free on probe errors Do not submit the interrupt URB until after the parport has been successfully registered to avoid another use-after-free in the completion handler when accessing the freed parport private data in case of a racing completion. Fixes: b69578df7e98 ("USB: usbserial: mos7720: add support for parallel port on moschip 7715") Cc: stable Signed-off-by: Johan Hovold drivers/usb/serial/mos7720.c | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) commit 91a1ff4d53c5184d383d0baeeaeab6f9736f2ff3 Author: Johan Hovold Date: Tue Jan 3 16:39:51 2017 +0100 USB: serial: mos7720: fix use-after-free on probe errors The interrupt URB was submitted on probe but never stopped on probe errors. This can lead to use-after-free issues in the completion handler when accessing the freed usb-serial struct: Unable to handle kernel paging request at virtual address 6b6b6be7 ... [] (mos7715_interrupt_callback [mos7720]) from [] (__usb_hcd_giveback_urb+0x80/0x140) [] (__usb_hcd_giveback_urb) from [] (usb_hcd_giveback_urb+0x50/0x138) [] (usb_hcd_giveback_urb) from [] (musb_giveback+0xc8/0x1cc) Fixes: b69578df7e98 ("USB: usbserial: mos7720: add support for parallel port on moschip 7715") Cc: stable Signed-off-by: Johan Hovold drivers/usb/serial/mos7720.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) commit b05aebc25fdc5aeeac3ee29f0dc9f58dd07c13cc Author: Johan Hovold Date: Tue Jan 3 16:39:50 2017 +0100 USB: serial: mos7720: fix NULL-deref at open Fix NULL-pointer dereference at port open if a device lacks the expected bulk in and out endpoints. Unable to handle kernel NULL pointer dereference at virtual address 00000030 ... [] (mos7720_open [mos7720]) from [] (serial_port_activate+0x68/0x98 [usbserial]) [] (serial_port_activate [usbserial]) from [] (tty_port_open+0x9c/0xe8) [] (tty_port_open) from [] (serial_open+0x48/0x6c [usbserial]) [] (serial_open [usbserial]) from [] (tty_open+0xcc/0x5cc) Fixes: 0f64478cbc7a ("USB: add USB serial mos7720 driver") Cc: stable Signed-off-by: Johan Hovold drivers/usb/serial/mos7720.c | 5 +++++ 1 file changed, 5 insertions(+) commit 21ce57840243c7b70fbc1ebd3dceeb70bb6e9e09 Author: Johan Hovold Date: Tue Jan 3 16:39:49 2017 +0100 USB: serial: kobil_sct: fix NULL-deref in write Fix NULL-pointer dereference in write() should the device lack the expected interrupt-out endpoint: Unable to handle kernel NULL pointer dereference at virtual address 00000054 ... PC is at kobil_write+0x144/0x2a0 [kobil_sct] Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable Signed-off-by: Johan Hovold drivers/usb/serial/kobil_sct.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) commit 5d9b0f859babe96175cd33d7162a9463a875ffde Author: Johan Hovold Date: Tue Jan 3 16:39:48 2017 +0100 USB: serial: keyspan_pda: verify endpoints at probe Check for the expected endpoints in attach() and fail loudly if not present. Note that failing to do this appears to be benign since da280e348866 ("USB: keyspan_pda: clean up write-urb busy handling") which prevents a NULL-pointer dereference in write() by never marking a non-existent write-urb as free. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable # < v3.3 Signed-off-by: Johan Hovold drivers/usb/serial/keyspan_pda.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) commit 90507d54f712d81b74815ef3a4bbb555cd9fab2f Author: Johan Hovold Date: Tue Jan 3 16:39:47 2017 +0100 USB: serial: iuu_phoenix: fix NULL-deref at open Fix NULL-pointer dereference at open should the device lack a bulk-in or bulk-out endpoint: Unable to handle kernel NULL pointer dereference at virtual address 00000030 ... PC is at iuu_open+0x78/0x59c [iuu_phoenix] Fixes: 07c3b1a10016 ("USB: remove broken usb-serial num_endpoints check") Cc: stable Signed-off-by: Johan Hovold drivers/usb/serial/iuu_phoenix.c | 11 +++++++++++ 1 file changed, 11 insertions(+) commit e35d6d7c4e6532a89732cf4bace0e910ee684c88 Author: Johan Hovold Date: Tue Jan 3 16:39:46 2017 +0100 USB: serial: io_ti: bind to interface after fw download Bind to the interface, but do not register any ports, after having downloaded the firmware. The device will still disconnect and re-enumerate, but this way we avoid an error messages from being logged as part of the process: io_ti: probe of 1-1.3:1.0 failed with error -5 Signed-off-by: Johan Hovold drivers/usb/serial/io_ti.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 2330d0a853da260d8a9834a70df448032b9ff623 Author: Johan Hovold Date: Tue Jan 3 16:39:45 2017 +0100 USB: serial: io_ti: fix I/O after disconnect Cancel the heartbeat work on driver unbind in order to avoid I/O after disconnect in case the port is held open. Note that the cancel in release() is still needed to stop the heartbeat after late probe errors. Fixes: 26c78daade0f ("USB: io_ti: Add heartbeat to keep idle EP/416 ports from disconnecting") Cc: stable Signed-off-by: Johan Hovold drivers/usb/serial/io_ti.c | 3 +++ 1 file changed, 3 insertions(+) commit 4f9785cc99feeb3673993b471f646b4dbaec2cc1 Author: Johan Hovold Date: Tue Jan 3 16:39:44 2017 +0100 USB: serial: io_ti: fix another NULL-deref at open In case a device is left in "boot-mode" we must not register any port devices in order to avoid a NULL-pointer dereference on open due to missing endpoints. This could be used by a malicious device to trigger an OOPS: Unable to handle kernel NULL pointer dereference at virtual address 00000030 ... [] (edge_open [io_ti]) from [] (serial_port_activate+0x68/0x98 [usbserial]) [] (serial_port_activate [usbserial]) from [] (tty_port_open+0x9c/0xe8) [] (tty_port_open) from [] (serial_open+0x48/0x6c [usbserial]) [] (serial_open [usbserial]) from [] (tty_open+0xcc/0x5cc) Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable Signed-off-by: Johan Hovold drivers/usb/serial/io_ti.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) commit a323fefc6f5079844dc62ffeb54f491d0242ca35 Author: Johan Hovold Date: Tue Jan 3 16:39:43 2017 +0100 USB: serial: io_ti: fix NULL-deref at open Fix NULL-pointer dereference when clearing halt at open should a malicious device lack the expected endpoints when in download mode. Unable to handle kernel NULL pointer dereference at virtual address 00000030 ... [] (edge_open [io_ti]) from [] (serial_port_activate+0x68/0x98 [usbserial]) [] (serial_port_activate [usbserial]) from [] (tty_port_open+0x9c/0xe8) [] (tty_port_open) from [] (serial_open+0x48/0x6c [usbserial]) [] (serial_open [usbserial]) from [] (tty_open+0xcc/0x5cc) Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable Signed-off-by: Johan Hovold drivers/usb/serial/io_ti.c | 7 +++++++ 1 file changed, 7 insertions(+) commit 0dd408425eb21ddf26a692b3c8044c9e7d1a7948 Author: Johan Hovold Date: Tue Jan 3 16:39:42 2017 +0100 USB: serial: io_edgeport: fix NULL-deref at open Fix NULL-pointer dereference when initialising URBs at open should a non-EPIC device lack a bulk-in or interrupt-in endpoint. Unable to handle kernel NULL pointer dereference at virtual address 00000028 ... PC is at edge_open+0x24c/0x3e8 [io_edgeport] Note that the EPIC-device probe path has the required sanity checks so this makes those checks partially redundant. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable Signed-off-by: Johan Hovold drivers/usb/serial/io_edgeport.c | 5 +++++ 1 file changed, 5 insertions(+) commit c4ac4496e835b78a45dfbf74f6173932217e4116 Author: Johan Hovold Date: Tue Jan 3 16:39:41 2017 +0100 USB: serial: garmin_gps: fix memory leak on failed URB submit Make sure to free the URB transfer buffer in case submission fails (e.g. due to a disconnect). Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable Signed-off-by: Johan Hovold drivers/usb/serial/garmin_gps.c | 1 + 1 file changed, 1 insertion(+) commit 3dca01114dcecb1cf324534cd8d75fd1306a516b Author: Johan Hovold Date: Tue Jan 3 16:39:40 2017 +0100 USB: serial: cyberjack: fix NULL-deref at open Fix NULL-pointer dereference when clearing halt at open should the device lack a bulk-out endpoint. Unable to handle kernel NULL pointer dereference at virtual address 00000030 ... PC is at cyberjack_open+0x40/0x9c [cyberjack] Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Cc: stable Signed-off-by: Johan Hovold drivers/usb/serial/cyberjack.c | 10 ++++++++++ 1 file changed, 10 insertions(+) commit f97fd383d9a10fd125bcdafba03240685aed5608 Author: Bartosz Golaszewski Date: Mon Dec 19 15:47:14 2016 +0100 drm: tilcdc: simplify the recovery from sync lost error on rev1 Revision 2 of LCDC suffers from an issue where a SYNC_LOST error caused by limited memory bandwidth may leave the picture shifted a couple pixels to the right. This issue has not been observed on revision 1, while the recovery mechanism introduces a different issue, where the END_OF_FRAME interrupt doesn't fire while drm is waiting for vblanks. On rev1: recover from sync lost errors by simply clearing the RASTER_ENABLE bit in the RASTER_CTRL register and re-enabling it again as is suggested by the datasheet. Signed-off-by: Bartosz Golaszewski Reviewed-by: Jyri Sarha Signed-off-by: Jyri Sarha drivers/gpu/drm/tilcdc/tilcdc_crtc.c | 27 ++++++++++++++++++--------- 1 file changed, 18 insertions(+), 9 deletions(-) commit 4ea33ef0f9e95b69db9131d7afd98563713e81b0 Author: Sven Eckelmann Date: Tue Dec 27 08:51:17 2016 +0100 batman-adv: Decrease hardif refcnt on fragmentation send error An error before the hardif is found has to free the skb. But every error after that has to free the skb + put the hard interface. Fixes: 8def0be82dd1 ("batman-adv: Consume skb in batadv_frag_send_packet") Signed-off-by: Sven Eckelmann Signed-off-by: Simon Wunderlich net/batman-adv/fragmentation.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) commit ff97f2399edac1e0fb3fa7851d5fbcbdf04717cf Author: Carlos Maiolino Date: Tue Jan 3 20:34:17 2017 -0800 xfs: fix max_retries _show and _store functions max_retries _show and _store functions should test against cfg->max_retries, not cfg->retry_timeout Signed-off-by: Carlos Maiolino Reviewed-by: Eric Sandeen Signed-off-by: Darrick J. Wong fs/xfs/xfs_sysfs.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 7611fb68062f8d7f416f3272894d1edf7bbff29c Author: Fabio Estevam Date: Tue Dec 27 15:31:49 2016 -0200 thermal: thermal_hwmon: Convert to hwmon_device_register_with_info() Booting Linux on a mx6q based board leads to the following warning: (NULL device *): hwmon_device_register() is deprecated. Please convert the driver to use hwmon_device_register_with_info(). ,so do as suggested. Also, this results in the core taking care of creating the 'name' attribute, so drop the code doing that from the thermal driver. Suggested-by: Guenter Roeck Signed-off-by: Fabio Estevam Signed-off-by: Zhang Rui drivers/thermal/thermal_hwmon.c | 20 +++----------------- 1 file changed, 3 insertions(+), 17 deletions(-) commit 721a0edfbe1f302b93274ce75e0d62843ca63e0d Author: Darrick J. Wong Date: Tue Jan 3 18:39:34 2017 -0800 xfs: update MAINTAINERS I am taking over as XFS maintainer from Dave Chinner[1], so update contact information and git tree pointers. [1] http://lkml.iu.edu/hypermail/linux/kernel/1612.1/04390.html Signed-off-by: Darrick J. Wong MAINTAINERS | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit a1b7a4dea6166cf46be895bce4aac67ea5160fe8 Author: Christoph Hellwig Date: Tue Jan 3 18:39:33 2017 -0800 xfs: fix crash and data corruption due to removal of busy COW extents There is a race window between write_cache_pages calling clear_page_dirty_for_io and XFS calling set_page_writeback, in which the mapping for an inode is tagged neither as dirty, nor as writeback. If the COW shrinker hits in exactly that window we'll remove the delayed COW extents and writepages trying to write it back, which in release kernels will manifest as corruption of the bmap btree, and in debug kernels will trip the ASSERT about now calling xfs_bmapi_write with the COWFORK flag for holes. A complex customer load manages to hit this window fairly reliably, probably by always having COW writeback in flight while the cow shrinker runs. This patch adds another check for having the I_DIRTY_PAGES flag set, which is still set during this race window. While this fixes the problem I'm still not overly happy about the way the COW shrinker works as it still seems a bit fragile. Signed-off-by: Christoph Hellwig Signed-off-by: Darrick J. Wong fs/xfs/xfs_icache.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 20e73b000bcded44a91b79429d8fa743247602ad Author: Darrick J. Wong Date: Tue Jan 3 18:39:33 2017 -0800 xfs: use the actual AG length when reserving blocks We need to use the actual AG length when making per-AG reservations, since we could otherwise end up reserving more blocks out of the last AG than there are actual blocks. Complained-about-by: Brian Foster Signed-off-by: Darrick J. Wong Reviewed-by: Christoph Hellwig fs/xfs/libxfs/xfs_ag_resv.c | 3 +++ fs/xfs/libxfs/xfs_refcount_btree.c | 9 ++++++--- fs/xfs/libxfs/xfs_refcount_btree.h | 3 ++- fs/xfs/libxfs/xfs_rmap_btree.c | 14 +++++++------- fs/xfs/libxfs/xfs_rmap_btree.h | 3 ++- fs/xfs/xfs_fsops.c | 14 ++++++++++++++ 6 files changed, 34 insertions(+), 12 deletions(-) commit 7a21272b088894070391a94fdd1c67014020fa1d Author: Darrick J. Wong Date: Tue Jan 3 18:39:32 2017 -0800 xfs: fix double-cleanup when CUI recovery fails Dan Carpenter reported a double-free of rcur if _defer_finish fails while we're recovering CUI items. Fix the error recovery to prevent this. Reported-by: Dan Carpenter Signed-off-by: Darrick J. Wong fs/xfs/xfs_refcount_item.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 926d93a33e59b2729afdbad357233c17184de9d2 Author: David Ahern Date: Tue Jan 3 09:37:55 2017 -0800 net: vrf: Add missing Rx counters The move from rx-handler to L3 receive handler inadvertantly dropped the rx counters. Restore them. Fixes: 74b20582ac38 ("net: l3mdev: Add hook in ip and ipv6") Reported-by: Dinesh Dutt Signed-off-by: David Ahern Signed-off-by: David S. Miller drivers/net/vrf.c | 3 +++ 1 file changed, 3 insertions(+) commit 7158339d4c1ede786c48fa5c062fa68df366ba94 Author: Jeff Moyer Date: Tue Jan 3 17:51:33 2017 -0500 block: fix up io_poll documentation /sys/block//queue/io_poll is a boolean. Fix the docs. Signed-off-by: Jeff Moyer Signed-off-by: Jens Axboe Documentation/block/queue-sysfs.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit be29d20f3f5db1f0b4e49a4f6eeedf840e2bf9b1 Author: Jan Kara Date: Wed Dec 14 14:40:05 2016 +0100 audit: Fix sleep in atomic Audit tree code was happily adding new notification marks while holding spinlocks. Since fsnotify_add_mark() acquires group->mark_mutex this can lead to sleeping while holding a spinlock, deadlocks due to lock inversion, and probably other fun. Fix the problem by acquiring group->mark_mutex earlier. CC: Paul Moore Signed-off-by: Jan Kara Signed-off-by: Paul Moore kernel/audit_tree.c | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) commit 01427fe7c4b956b878e55e966690624a3624e991 Author: Andy Shevchenko Date: Tue Jan 3 11:51:48 2017 -0800 Input: adxl34x - make it enumerable in ACPI environment The ACPI-enabled platform may contain _DSD method to enable this driver using compatible string. Remove OF specifics to re-use existing code on ACPI-enabled platforms. Suggested-by: Mika Westerberg Signed-off-by: Andy Shevchenko Signed-off-by: Dmitry Torokhov drivers/input/misc/adxl34x-i2c.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) commit 47e3a5edc6538d66e470aaed3b7c57255cb37ca1 Author: Paul Donohue Date: Tue Jan 3 10:39:28 2017 -0800 Input: ALPS - fix TrackStick Y axis handling for SS5 hardware A minus character was lost in commit 23fce365, causing the Y axis to be inverted for SS5 TrackStick events. (Pushing the TrackStick up caused the pointer to move down, and vice versa.) Restore the lost minus. Fixes: 23fce365c6a2 ("Input: ALPS - clean up code for SS5 hardware") Signed-off-by: Paul Donohue Signed-off-by: Dmitry Torokhov drivers/input/mouse/alps.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 81d873a87114b05dbb74d1fbf0c4322ba4bfdee4 Author: Kees Cook Date: Fri Dec 16 11:36:06 2016 -0800 gcc-plugins: update gcc-common.h for gcc-7 This updates gcc-common.h from Emese Revfy for gcc 7. This fixes issues seen by Kugan and Arnd. Build tested with gcc 5.4 and 7 snapshot. Cc: stable@vger.kernel.org Signed-off-by: Kees Cook scripts/gcc-plugins/gcc-common.h | 85 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 85 insertions(+) commit 9988f4d577f42f43b7612d755477585f35424af7 Author: Kees Cook Date: Fri Dec 16 12:59:31 2016 -0800 latent_entropy: fix ARM build error on earlier gcc This fixes build errors seen on gcc-4.9.3 or gcc-5.3.1 for an ARM: arm-soc/init/initramfs.c: In function 'error': arm-soc/init/initramfs.c:50:1: error: unrecognizable insn: } ^ (insn 26 25 27 5 (set (reg:SI 111 [ local_entropy.243 ]) (rotatert:SI (reg:SI 116 [ local_entropy.243 ]) (const_int -30 [0xffffffffffffffe2]))) -1 (nil)) Patch from PaX Team Reported-by: Arnd Bergmann Reported-by: Brad Spengler Cc: stable@vger.kernel.org Signed-off-by: Kees Cook scripts/gcc-plugins/latent_entropy_plugin.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 7934c98a6e04028eb34c1293bfb5a6b0ab630b66 Author: Arnaldo Carvalho de Melo Date: Tue Jan 3 15:19:21 2017 -0300 perf symbols: Robustify reading of build-id from sysfs Markus reported that perf segfaults when reading /sys/kernel/notes from a kernel linked with GNU gold, due to what looks like a gold bug, so do some bounds checking to avoid crashing in that case. Reported-by: Markus Trippelsdorf Report-Link: http://lkml.kernel.org/r/20161219161821.GA294@x4 Cc: Adrian Hunter Cc: David Ahern Cc: Jiri Olsa Cc: Namhyung Kim Cc: Wang Nan Link: http://lkml.kernel.org/n/tip-ryhgs6a6jxvz207j2636w31c@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo tools/perf/util/symbol-elf.c | 6 ++++++ 1 file changed, 6 insertions(+) commit 30a9c6444810429aa2b7cbfbd453ce339baaadbf Author: Arnaldo Carvalho de Melo Date: Tue Jan 3 12:03:59 2017 -0300 perf tools: Install tools/lib/traceevent plugins with install-bin Those are binaries as well, so should be installed by: make -C tools/perf install-bin' too. Cc: Alexander Shishkin Cc: Daniel Bristot de Oliveira Cc: Jiri Olsa Cc: Peter Zijlstra Cc: Steven Rostedt Link: http://lkml.kernel.org/n/tip-3841b37u05evxrs1igkyu6ks@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo tools/perf/Makefile.perf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 074859184d770824f4437dca716bdeb625ae8b1c Author: Daniel Bristot de Oliveira Date: Tue Jan 3 12:42:42 2017 +0100 tools lib traceevent: Fix prev/next_prio for deadline tasks Currently, the sched:sched_switch tracepoint reports deadline tasks with priority -1. But when reading the trace via perf script I've got the following output: # ./d & # (d is a deadline task, see [1]) # perf record -e sched:sched_switch -a sleep 1 # perf script ... swapper 0 [000] 2146.962441: sched:sched_switch: swapper/0:0 [120] R ==> d:2593 [4294967295] d 2593 [000] 2146.972472: sched:sched_switch: d:2593 [4294967295] R ==> g:2590 [4294967295] The task d reports the wrong priority [4294967295]. This happens because the "int prio" is stored in an unsigned long long val. Although it is set as a %lld, as int is shorter than unsigned long long, trace_seq_printf prints it as a positive number. The fix is just to cast the val as an int, and print it as a %d, as in the sched:sched_switch tracepoint's "format". The output with the fix is: # ./d & # perf record -e sched:sched_switch -a sleep 1 # perf script ... swapper 0 [000] 4306.374037: sched:sched_switch: swapper/0:0 [120] R ==> d:10941 [-1] d 10941 [000] 4306.383823: sched:sched_switch: d:10941 [-1] R ==> swapper/0:0 [120] [1] d.c --- #include #include #include #include #include struct sched_attr { __u32 size, sched_policy; __u64 sched_flags; __s32 sched_nice; __u32 sched_priority; __u64 sched_runtime, sched_deadline, sched_period; }; int sched_setattr(pid_t pid, const struct sched_attr *attr, unsigned int flags) { return syscall(__NR_sched_setattr, pid, attr, flags); } int main(void) { struct sched_attr attr = { .size = sizeof(attr), .sched_policy = SCHED_DEADLINE, /* This creates a 10ms/30ms reservation */ .sched_runtime = 10 * 1000 * 1000, .sched_period = attr.sched_deadline = 30 * 1000 * 1000, }; if (sched_setattr(0, &attr, 0) < 0) { perror("sched_setattr"); return -1; } for(;;); } --- Committer notes: Got the program from the provided URL, http://bristot.me/lkml/d.c, trimmed it and included in the cset log above, so that we have everything needed to test it in one place. Signed-off-by: Daniel Bristot de Oliveira Acked-by: Steven Rostedt Tested-by: Arnaldo Carvalho de Melo Cc: Alexander Shishkin Cc: Daniel Bristot de Oliveira Cc: Jiri Olsa Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/866ef75bcebf670ae91c6a96daa63597ba981f0d.1483443552.git.bristot@redhat.com Signed-off-by: Arnaldo Carvalho de Melo tools/lib/traceevent/plugin_sched_switch.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 0f64df30124018de92c7f22a044b975da8dd52cc Merge: c8b4ec8 b4a9eb4 Author: Linus Torvalds Date: Tue Jan 3 10:50:05 2017 -0800 Merge branch 'parisc-4.10-2' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux Pull parisc updates from Helge Deller: - limit usage of processor-internal cr16 clocksource to UP systems only - segfault info lines in syslog were too long, split those up - drop own TIF_RESTORE_SIGMASK flag and switch to generic code * 'parisc-4.10-2' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux: parisc: Add line-break when printing segfault info parisc: Drop TIF_RESTORE_SIGMASK and switch to generic code parisc: Mark cr16 clocksource unstable on SMP systems commit 0b47a6bd1150f4846b1d61925a4cc5a96593a541 Author: Jiandi An Date: Tue Dec 27 18:47:32 2016 -0600 Xen: ARM: Zero reserved fields of xatp before making hypervisor call Ensure all reserved fields of xatp are zero before making hypervisor call to XEN in xen_map_device_mmio(). xenmem_add_to_physmap_one() in XEN fails the mapping request if extra.res reserved field in xatp is not zero for XENMAPSPACE_dev_mmio request. Signed-off-by: Jiandi An Reviewed-by: Stefano Stabellini drivers/xen/arm-device.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) commit 32d53d1baf874caabe66ba565699ed5853fa2b6f Author: Sudeep Holla Date: Tue Jan 3 12:32:48 2017 +0000 MAINTAINERS: extend PSCI entry to cover the newly add PSCI checker code This patch extends the file entry for PSCI so that the newly added PSCI checker module code is also covered. Cc: Mark Rutland Cc: Lorenzo Pieralisi Signed-off-by: Sudeep Holla Signed-off-by: Lorenzo Pieralisi MAINTAINERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 4309cfe334af9c3565d39e1ce3f9c62183cc67e4 Author: Sudeep Holla Date: Tue Jan 3 12:32:47 2017 +0000 drivers: psci: annotate timer on stack to silence odebug messages When DEBUG_OBJECTS config is enabled, we get the below odebug warnings: ODEBUG: object is on stack, but not annotated WARNING: CPU: 3 PID: 1304 at kernel/lib/debugobjects.c:300 __debug_object_init+0x1f0/0x458 CPU: 3 PID: 1304 Comm: psci_suspend_te Tainted: G W 4.9.0-06564-gf80f3f199260 #284 task: ffffe9e1b55a1600 task.stack: ffffe9e1b51c0000 PC is at __debug_object_init+0x1f0/0x458 LR is at __debug_object_init+0x1ec/0x458 Call trace: __debug_object_init+0x1f0/0x458 debug_object_activate+0x150/0x260 mod_timer+0xb4/0x4c0 suspend_test_thread+0x1cc/0x3c0 kthread+0x110/0x140 ret_from_fork+0x10/0x40 This patch annotates the timer on the stack using setup_timer_on_stack function to remove the above warnings. Cc: Kevin Brodsky Cc: Mark Rutland Cc: Lorenzo Pieralisi Signed-off-by: Sudeep Holla Signed-off-by: Lorenzo Pieralisi drivers/firmware/psci_checker.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit fcdaf1a2a7a042a290f4c7de28bcdebd5de18445 Author: Kevin Hilman Date: Thu Dec 8 16:56:23 2016 -0800 ARM64: defconfig: enable DRM_MESON as module Signed-off-by: Kevin Hilman arch/arm64/configs/defconfig | 1 + 1 file changed, 1 insertion(+) commit fafdbdf767891081de5f1063c984a94a59bac3c4 Author: Neil Armstrong Date: Thu Dec 1 10:05:58 2016 +0100 ARM64: dts: meson-gx: Add Graphic Controller nodes Add Video Processing Unit and CVBS Output nodes, and enable CVBS on selected boards. Reviewed-by: Laurent Pinchart Signed-off-by: Neil Armstrong Signed-off-by: Kevin Hilman arch/arm64/boot/dts/amlogic/meson-gx.dtsi | 16 ++++++++++++++++ arch/arm64/boot/dts/amlogic/meson-gxbb-nexbox-a95x.dts | 16 ++++++++++++++++ arch/arm64/boot/dts/amlogic/meson-gxbb-p20x.dtsi | 16 ++++++++++++++++ arch/arm64/boot/dts/amlogic/meson-gxbb.dtsi | 4 ++++ arch/arm64/boot/dts/amlogic/meson-gxl-nexbox-a95x.dts | 16 ++++++++++++++++ arch/arm64/boot/dts/amlogic/meson-gxl.dtsi | 4 ++++ arch/arm64/boot/dts/amlogic/meson-gxm-nexbox-a1.dts | 16 ++++++++++++++++ arch/arm64/boot/dts/amlogic/meson-gxm.dtsi | 4 ++++ 8 files changed, 92 insertions(+) commit 1cf3df8a9ca73e736404e308b099459948c1e902 Author: Kevin Hilman Date: Mon Nov 7 14:35:50 2016 -0800 ARM64: dts: meson-gxl: fix GPIO include Signed-off-by: Kevin Hilman arch/arm64/boot/dts/amlogic/meson-gxl.dtsi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit bb5f1ed70bc3bbbce510907da3432dab267ff508 Author: Robert LeBlanc Date: Mon Dec 5 13:02:58 2016 -0700 md/raid10: Refactor raid10_make_request Refactor raid10_make_request into seperate read and write functions to clean up the code. Shaohua: add the recovery check back to read path Signed-off-by: Robert LeBlanc Signed-off-by: Shaohua Li drivers/md/raid10.c | 245 ++++++++++++++++++++++++++++++---------------------- 1 file changed, 140 insertions(+), 105 deletions(-) commit 3b046a97cbd35a73e1eef968dbfb1a0aac745a77 Author: Robert LeBlanc Date: Mon Dec 5 13:02:57 2016 -0700 md/raid1: Refactor raid1_make_request Refactor raid1_make_request to make read and write code in their own functions to clean up the code. Signed-off-by: Robert LeBlanc Signed-off-by: Shaohua Li drivers/md/raid1.c | 267 ++++++++++++++++++++++++++++------------------------- 1 file changed, 139 insertions(+), 128 deletions(-) commit 29fc1aa454d0603493b47a8e2410ae6e9ab20258 Author: Felipe Balbi Date: Tue Jan 3 18:28:53 2017 +0200 usb: host: xhci: handle COMP_STOP from SETUP phase too Stop Endpoint command can come at any point and we have no control of that. We should make sure to handle COMP_STOP on SETUP phase as well, otherwise urb->actual_length might be set to negative values in some occasions such as below: urb->length = 4; build_control_transfer_td_for(urb, ep); stop_endpoint(ep); COMP_STOP: [...] urb->actual_length = urb->length - trb->length; trb->length is 8 for SETUP stage (8 control request bytes), so actual_length would be set to -4 in this case. While doing that, also make sure to use TRB_TYPE field of the actual TRB instead of matching pointers to figure out in which stage of the control transfer we got our completion event. Cc: Signed-off-by: Felipe Balbi Signed-off-by: Mathias Nyman Signed-off-by: Greg Kroah-Hartman drivers/usb/host/xhci-ring.c | 33 +++++++++++++++++++++------------ 1 file changed, 21 insertions(+), 12 deletions(-) commit 6c97cfc1a097b1e0786c836e92b7a72b4d031e25 Author: Wan Ahmad Zainie Date: Tue Jan 3 18:28:52 2017 +0200 usb: xhci: apply XHCI_PME_STUCK_QUIRK to Intel Apollo Lake Intel Apollo Lake also requires XHCI_PME_STUCK_QUIRK. Adding its PCI ID to quirk. Cc: Signed-off-by: Wan Ahmad Zainie Signed-off-by: Mathias Nyman Signed-off-by: Greg Kroah-Hartman drivers/usb/host/xhci-pci.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 1c111b6c3844a142e03bcfc2fa17bfbdea08e9dc Author: OGAWA Hirofumi Date: Tue Jan 3 18:28:51 2017 +0200 xhci: Fix race related to abort operation Current abort operation has race. xhci_handle_command_timeout() xhci_abort_cmd_ring() xhci_write_64(CMD_RING_ABORT) xhci_handshake(5s) do { check CMD_RING_RUNNING udelay(1) ... COMP_CMD_ABORT event COMP_CMD_STOP event xhci_handle_stopped_cmd_ring() restart cmd_ring CMD_RING_RUNNING become 1 again } while () return -ETIMEDOUT xhci_write_64(CMD_RING_ABORT) /* can abort random command */ To do abort operation correctly, we have to wait both of COMP_CMD_STOP event and negation of CMD_RING_RUNNING. But like above, while timeout handler is waiting negation of CMD_RING_RUNNING, event handler can restart cmd_ring. So timeout handler never be notice negation of CMD_RING_RUNNING, and retry of CMD_RING_ABORT can abort random command (BTW, I guess retry of CMD_RING_ABORT was workaround of this race). To fix this race, this moves xhci_handle_stopped_cmd_ring() to xhci_abort_cmd_ring(). And timeout handler waits COMP_CMD_STOP event. At this point, timeout handler is owner of cmd_ring, and safely restart cmd_ring by using xhci_handle_stopped_cmd_ring(). [FWIW, as bonus, this way would be easily extend to add CMD_RING_PAUSE operation] [locks edited as patch is rebased on other locking fixes -Mathias] Signed-off-by: OGAWA Hirofumi Signed-off-by: Mathias Nyman Signed-off-by: Greg Kroah-Hartman drivers/usb/host/xhci-mem.c | 1 + drivers/usb/host/xhci-ring.c | 168 ++++++++++++++++++++++--------------------- drivers/usb/host/xhci.h | 1 + 3 files changed, 90 insertions(+), 80 deletions(-) commit cb4d5ce588c5ff68e0fdd30370a0e6bc2c0a736b Author: OGAWA Hirofumi Date: Tue Jan 3 18:28:50 2017 +0200 xhci: Use delayed_work instead of timer for command timeout This is preparation to fix abort operation race (See "xhci: Fix race related to abort operation"). To make timeout sleepable, use delayed_work instead of timer. [change a newly added pending timer fix to pending work -Mathias] Signed-off-by: OGAWA Hirofumi Signed-off-by: Mathias Nyman Signed-off-by: Greg Kroah-Hartman drivers/usb/host/xhci-mem.c | 7 +++---- drivers/usb/host/xhci-ring.c | 26 ++++++++++++++++---------- drivers/usb/host/xhci.h | 4 ++-- 3 files changed, 21 insertions(+), 16 deletions(-) commit 4dea70778c0f48b4385c7720c363ec8d37a401b4 Author: Lu Baolu Date: Tue Jan 3 18:28:49 2017 +0200 usb: xhci: hold lock over xhci_abort_cmd_ring() In command timer function, xhci_handle_command_timeout(), xhci->lock is unlocked before call into xhci_abort_cmd_ring(). This might cause race between the timer function and the event handler. The xhci_abort_cmd_ring() function sets the CMD_RING_ABORT bit in the command register and polling it until the setting takes effect. A stop command ring event might be handled between writing the abort bit and polling for it. The event handler will restart the command ring, which causes the failure of polling, and we ever believed that we failed to stop it. As a bonus, this also fixes some issues of calling functions without locking in xhci_handle_command_timeout(). Cc: # 3.7+ Signed-off-by: Lu Baolu Signed-off-by: Mathias Nyman Signed-off-by: Greg Kroah-Hartman drivers/usb/host/xhci-ring.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) commit a5a1b9514154437aa1ed35c291191f82fd3e941a Author: Mathias Nyman Date: Tue Jan 3 18:28:48 2017 +0200 xhci: Handle command completion and timeout race If we get a command completion event at the same time as the command timeout work starts on another cpu we might end up aborting the wrong command. If the command completion takes the xhci lock before the timeout work, it will handle the command, pick the next command, mark it as current_cmd, and re-queue the timeout work. When the timeout work finally gets the lock It will start aborting the wrong command. This case can be resolved by checking if the timeout work is pending inside the timeout function itself. A new timeout work can only be pending if the command completed and a new command was queued. If there are no more commands pending then command completion will set the current_cmd to NULL, which is already handled in the timeout work. Cc: Reported-by: Baolin Wang Signed-off-by: Mathias Nyman Signed-off-by: Greg Kroah-Hartman drivers/usb/host/xhci-ring.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) commit 2a7cfdf37b7c08ac29df4c62ea5ccb01474b6597 Author: Baolin Wang Date: Tue Jan 3 18:28:47 2017 +0200 usb: host: xhci: Fix possible wild pointer when handling abort command When current command was supposed to be aborted, host will free the command in handle_cmd_completion() function. But it might be still referenced by xhci->current_cmd, which need to set NULL. Cc: Signed-off-by: Baolin Wang Signed-off-by: Mathias Nyman Signed-off-by: Greg Kroah-Hartman drivers/usb/host/xhci-ring.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit 2b985467371a58ae44d76c7ba12b0951fee6ed98 Author: Lu Baolu Date: Tue Jan 3 18:28:46 2017 +0200 usb: xhci: fix possible wild pointer handle_cmd_completion() frees a command structure which might be still referenced by xhci->current_cmd. This might cause problem when xhci->current_cmd is accessed after that. A real-life case could be like this. The host takes a very long time to respond to a command, and the command timer is fired at the same time when the command completion event arrives. The command completion handler frees xhci->current_cmd before the timer function can grab xhci->lock. Afterward, timer function grabs the lock and go ahead with checking and setting members of xhci->current_cmd. Cc: # v3.16+ Signed-off-by: Lu Baolu Signed-off-by: Mathias Nyman Signed-off-by: Greg Kroah-Hartman drivers/usb/host/xhci-ring.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) commit 28bedb5ae463b9f7e5195cbc93f1795e374bdef8 Author: Pan Bian Date: Tue Jan 3 18:28:45 2017 +0200 usb: return error code when platform_get_irq fails In function xhci_mtk_probe(), variable ret takes the return value. Its value should be negative on failures. However, when the call to function platform_get_irq() fails, it does not set the error code, and 0 will be returned. 0 indicates no error. As a result, the callers of function xhci_mtk_probe() will not be able to detect the error. This patch fixes the bug by assigning the return value of platform_get_irq() to variable ret if it fails. CC: Signed-off-by: Pan Bian Reviewed-by: Matthias Brugger Signed-off-by: Mathias Nyman Signed-off-by: Greg Kroah-Hartman drivers/usb/host/xhci-mtk.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 90797aee5d6902b49a453c97d83c326408aeb5a8 Author: Lu Baolu Date: Tue Jan 3 18:28:44 2017 +0200 usb: xhci: fix return value of xhci_setup_device() xhci_setup_device() should return failure with correct error number when xhci host has died, removed or halted. During usb device enumeration, if usb host is not accessible (died, removed or halted), the hc_driver->address_device() should return a corresponding error code to usb core. But current xhci driver just returns success. This misleads usb core to continue the enumeration by reading the device descriptor, which will result in failure, and users will get a misleading message like "device descriptor read/8, error -110". Cc: # v4.3+ Signed-off-by: Lu Baolu Signed-off-by: Mathias Nyman Signed-off-by: Greg Kroah-Hartman drivers/usb/host/xhci.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit ee8665e28e8d90ce69d4abe5a469c14a8707ae0e Author: Mathias Nyman Date: Tue Jan 3 18:28:43 2017 +0200 xhci: free xhci virtual devices with leaf nodes first the tt_info provided by a HS hub might be in use to by a child device Make sure we free the devices in the correct order. This is needed in special cases such as when xhci controller is reset when resuming from hibernate, and all virt_devices are freed. Also free the virt_devices starting from max slot_id as children more commonly have higher slot_id than parent. CC: Reported-by: Guenter Roeck Tested-by: Guenter Roeck Signed-off-by: Mathias Nyman Signed-off-by: Greg Kroah-Hartman drivers/usb/host/xhci-mem.c | 38 ++++++++++++++++++++++++++++++++++++-- 1 file changed, 36 insertions(+), 2 deletions(-) commit c2931667c83ded6504b3857e99cc45b21fa496fb Author: Liu Bo Date: Thu Dec 22 17:13:54 2016 -0800 Btrfs: adjust outstanding_extents counter properly when dio write is split Currently how btrfs dio deals with split dio write is not good enough if dio write is split into several segments due to the lack of contiguous space, a large dio write like 'dd bs=1G count=1' can end up with incorrect outstanding_extents counter and endio would complain loudly with an assertion. This fixes the problem by compensating the outstanding_extents counter in inode if a large dio write gets split. Reported-by: Anand Jain Tested-by: Anand Jain Signed-off-by: Liu Bo Signed-off-by: David Sterba fs/btrfs/inode.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) commit e7c9a3d9e432200fd4c17855c2c23ac784d6e833 Author: Florian Fainelli Date: Wed Dec 14 17:13:24 2016 -0800 staging: octeon: Call SET_NETDEV_DEV() The Octeon driver calls into PHYLIB which now checks for net_device->dev.parent, so make sure we do set it before calling into any MDIO/PHYLIB related function. Fixes: ec988ad78ed6 ("phy: Don't increment MDIO bus refcount unless it's a different owner") Reported-by: Aaro Koskinen Cc: stable # 4.9+ Signed-off-by: Florian Fainelli Signed-off-by: Greg Kroah-Hartman drivers/staging/octeon/ethernet.c | 2 ++ 1 file changed, 2 insertions(+) commit 3b48ab2248e61408910e792fe84d6ec466084c1a Author: Reiter Wolfgang Date: Tue Jan 3 01:39:10 2017 +0100 drop_monitor: consider inserted data in genlmsg_end Final nlmsg_len field update must reflect inserted net_dm_drop_point data. This patch depends on previous patch: "drop_monitor: add missing call to genlmsg_end" Signed-off-by: Reiter Wolfgang Acked-by: Neil Horman Signed-off-by: David S. Miller net/core/drop_monitor.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) commit 096de2f83ebc8e0404c5b7e847a4abd27b9739da Author: Sabrina Dubroca Date: Tue Jan 3 16:26:04 2017 +0100 benet: stricter vxlan offloading check in be_features_check When VXLAN offloading is enabled, be_features_check() tries to check if an encapsulated packet is indeed a VXLAN packet. The check is not strict enough, and considers any UDP-encapsulated ethernet frame with a 8-byte tunnel header as being VXLAN. Unfortunately, both GENEVE and VXLAN-GPE have a 8-byte header, so they get through this check. Force the UDP destination port to be the one that has been offloaded to hardware. Without this, GENEVE-encapsulated packets can end up having an incorrect checksum when both a GENEVE and a VXLAN (offloaded) tunnel are configured. This is similar to commit a547224dceed ("mlx4e: Do not attempt to offload VXLAN ports that are unrecognized"). Signed-off-by: Sabrina Dubroca Signed-off-by: David S. Miller drivers/net/ethernet/emulex/benet/be_main.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 5350d54f6cd12eaff623e890744c79b700bd3f17 Author: Alexander Duyck Date: Mon Jan 2 13:32:54 2017 -0800 ipv4: Do not allow MAIN to be alias for new LOCAL w/ custom rules In the case of custom rules being present we need to handle the case of the LOCAL table being intialized after the new rule has been added. To address that I am adding a new check so that we can make certain we don't use an alias of MAIN for LOCAL when allocating a new table. Fixes: 0ddcf43d5d4a ("ipv4: FIB Local/MAIN table collapse") Reported-by: Oliver Brunel Signed-off-by: Alexander Duyck Signed-off-by: David S. Miller net/ipv4/fib_frontend.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 515028fe29d84a15f77d071a13b2d34eb3d137af Author: Bartosz Folta Date: Mon Jan 2 12:41:50 2017 +0000 net: macb: Updated resource allocation function calls to new version of API. Changed function calls of resource allocation to new API. Changed way of setting DMA mask. Removed unnecessary sanity check. This patch is sent in regard to recently applied patch Commit 83a77e9ec4150ee4acc635638f7dedd9da523a26 net: macb: Added PCI wrapper for Platform Driver. Signed-off-by: Bartosz Folta Signed-off-by: David S. Miller drivers/net/ethernet/cadence/macb_pci.c | 27 ++++++++++----------------- 1 file changed, 10 insertions(+), 17 deletions(-) commit a2962b08f414555db46146f207ba9184dc28437f Merge: 4e5da36 a8de4d7 Author: David S. Miller Date: Tue Jan 3 09:33:00 2017 -0500 Merge branch 'dwmac-oxnas-leaks' Johan Hovold says: ==================== net: stmmac: dwmac-oxnas: fix leaks and simplify pm These patches fixes of-node and fixed-phydev leaks in the recently added dwmac-oxnas driver, and ultimately switches over to using the generic pm implementation as the required callbacks are now in place. Note that this series has only been compile tested. ==================== Signed-off-by: David S. Miller commit a8de4d719dfc12bc22192d7daef7c7ae6cfb8b80 Author: Johan Hovold Date: Mon Jan 2 12:56:04 2017 +0100 net: stmmac: dwmac-oxnas: use generic pm implementation Now that we have an exit callback in place, add init as well and get rid of the custom PM callbacks in favour of the generic ones. Signed-off-by: Johan Hovold Signed-off-by: David S. Miller drivers/net/ethernet/stmicro/stmmac/dwmac-oxnas.c | 38 +++-------------------- 1 file changed, 5 insertions(+), 33 deletions(-) commit 6b4c212b95ce6a586473a772fb2d28ab22a38f0e Author: Johan Hovold Date: Mon Jan 2 12:56:03 2017 +0100 net: stmmac: dwmac-oxnas: fix fixed-link-phydev leaks Make sure to deregister and free any fixed-link phy registered during probe on probe errors and on driver unbind by calling the new glue helper function. For driver unbind, use the generic stmmac-platform remove implementation and add an exit callback to disable the clock. Fixes: 5ed7414062e7 ("net: stmmac: Add OXNAS Glue Driver") Signed-off-by: Johan Hovold Signed-off-by: David S. Miller drivers/net/ethernet/stmicro/stmmac/dwmac-oxnas.c | 41 ++++++++++++++--------- 1 file changed, 26 insertions(+), 15 deletions(-) commit 8f87e626b059f1b82b017f53c5ee91fbc4486e36 Author: Johan Hovold Date: Mon Jan 2 12:56:02 2017 +0100 net: stmmac: dwmac-oxnas: fix of-node leak Use the syscon lookup-by-phandle helper so that the reference taken by of_parse_phandle() is released when done with the node. Fixes: 5ed7414062e7 ("net: stmmac: Add OXNAS Glue Driver") Signed-off-by: Johan Hovold Signed-off-by: David S. Miller drivers/net/ethernet/stmicro/stmmac/dwmac-oxnas.c | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) commit 781feef7e6befafd4d9787d1f7ada1f9ccd504e4 Author: Liu Bo Date: Wed Nov 30 16:20:25 2016 -0800 Btrfs: fix lockdep warning about log_mutex While checking INODE_REF/INODE_EXTREF for a corner case, we may acquire a different inode's log_mutex with holding the current inode's log_mutex, and lockdep has complained this with a possilble deadlock warning. Fix this by using mutex_lock_nested() when processing the other inode's log_mutex. Reviewed-by: Filipe Manana Signed-off-by: Liu Bo Signed-off-by: David Sterba fs/btrfs/tree-log.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) commit e321f8a801d7b4c40da8005257b05b9c2b51b072 Author: Liu Bo Date: Wed Nov 30 16:11:04 2016 -0800 Btrfs: use down_read_nested to make lockdep silent If @block_group is not @used_bg, it'll try to get @used_bg's lock without droping @block_group 's lock and lockdep has throwed a scary deadlock warning about it. Fix it by using down_read_nested. Signed-off-by: Liu Bo Reviewed-by: David Sterba Signed-off-by: David Sterba fs/btrfs/extent-tree.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit d0280996437081dd12ed1e982ac8aeaa62835ec4 Author: Jeff Mahoney Date: Tue Dec 20 13:28:28 2016 -0500 btrfs: fix locking when we put back a delayed ref that's too new In __btrfs_run_delayed_refs, when we put back a delayed ref that's too new, we have already dropped the lock on locked_ref when we set ->processing = 0. This patch keeps the lock to cover that assignment. Fixes: d7df2c796d7 (Btrfs: attach delayed ref updates to delayed ref heads) Signed-off-by: Jeff Mahoney Reviewed-by: Liu Bo Signed-off-by: David Sterba fs/btrfs/extent-tree.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit aa7c8da35d1905d80e840d075f07d26ec90144b5 Author: Jeff Mahoney Date: Tue Dec 20 13:28:27 2016 -0500 btrfs: fix error handling when run_delayed_extent_op fails In __btrfs_run_delayed_refs, the error path when run_delayed_extent_op fails sets locked_ref->processing = 0 but doesn't re-increment delayed_refs->num_heads_ready. As a result, we end up triggering the WARN_ON in btrfs_select_ref_head. Fixes: d7df2c796d7 (Btrfs: attach delayed ref updates to delayed ref heads) Reported-by: Jon Nelson Signed-off-by: Jeff Mahoney Reviewed-by: Liu Bo Signed-off-by: David Sterba fs/btrfs/extent-tree.c | 3 +++ 1 file changed, 3 insertions(+) commit 60437ac02f398e0ee0927748d4798dd5534ac90d Author: Jiri Olsa Date: Tue Jan 3 09:19:56 2017 +0100 perf record: Fix --switch-output documentation and comment There's no --signal-trigger option, also adding the code comment into record man page. Signed-off-by: Jiri Olsa Tested-by: Wang Nan Cc: David Ahern Cc: Namhyung Kim Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/1483431600-19887-4-git-send-email-jolsa@kernel.org Signed-off-by: Arnaldo Carvalho de Melo tools/perf/Documentation/perf-record.txt | 4 ++++ tools/perf/builtin-record.c | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) commit efd21307119d5a23ac83ae8fd5a39a5c7aeb8493 Author: Jiri Olsa Date: Tue Jan 3 09:19:55 2017 +0100 perf record: Make __record_options static There's no need for this one to be global. Signed-off-by: Jiri Olsa Tested-by: Wang Nan Cc: David Ahern Cc: Namhyung Kim Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/1483431600-19887-3-git-send-email-jolsa@kernel.org Signed-off-by: Arnaldo Carvalho de Melo tools/perf/builtin-record.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit b66fb1da5a8cac3f5c3cdbe41937c91efc4e76a4 Author: Jiri Olsa Date: Tue Jan 3 09:19:54 2017 +0100 tools lib subcmd: Add OPT_STRING_OPTARG_SET option To allow string options with a default argument and variable set when the option is used. Signed-off-by: Jiri Olsa Tested-by: Wang Nan Cc: David Ahern Cc: Josh Poimboeuf Cc: Namhyung Kim Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/1483431600-19887-2-git-send-email-jolsa@kernel.org Signed-off-by: Arnaldo Carvalho de Melo tools/lib/subcmd/parse-options.c | 3 +++ tools/lib/subcmd/parse-options.h | 5 +++++ 2 files changed, 8 insertions(+) commit f9751a60f17eb09e1d1bd036daaddc3ea3a8bed6 Author: Shyam Saini Date: Sat Dec 24 14:22:46 2016 +0530 xen: events: Replace BUG() with BUG_ON() Replace BUG() with BUG_ON() using coccinelle Signed-off-by: Shyam Saini Reviewed-by: Juergen Gross Signed-off-by: Juergen Gross drivers/xen/events/events_fifo.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 8d6bbff67796262b5296b745989e4c9d9f2b4894 Merge: 0c744ea 43aef5c Author: Greg Kroah-Hartman Date: Tue Jan 3 14:07:14 2017 +0100 Merge tag 'fixes-for-v4.10-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/balbi/usb into usb-linus Felipe writes: usb: fixes for v4.10-rc3 The first set of fixes for v4.10-rc cycle. The most important of which is a big regression on dwc3-pci which prevents it from probing altogether. There's also a fix to avoid Overflow events on DWC3 and another to make sure we don't starve DMA resources. Dummy HCD got some love after a long hiatus and DWC2 got a couple fixes related to DMA usage. Other than these, we have a set of minor fixes here and there. commit 43aef5c2ca90535b3227e97e71604291875444ed Author: David Lechner Date: Mon Jan 2 17:28:39 2017 -0600 usb: gadget: Fix copy/pasted error message This fixes an error message that was probably copied and pasted. The same message is used for both the in and out endpoints, so it makes it impossible to know which one actually failed because both cases say "IN". Make the out endpoint error message say "OUT". Signed-off-by: David Lechner Signed-off-by: Felipe Balbi drivers/usb/gadget/function/f_hid.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 9418ee15f718939aa7e650fd586d73765eb21f20 Author: Roger Quadros Date: Tue Jan 3 14:32:09 2017 +0200 usb: dwc3: gadget: Fix full speed mode DCFG.DEVSPD == 0x3 is not valid and we need to set DCFG.DEVSPD to 0x1 for full speed mode. Same goes for DSTS.CONNECTSPD. Old databooks had 0x3 for full speed in 48MHz mode for USB1.1 transceivers which was never supported. Newer databooks don't mention 0x3 at all. Cc: John Youn Signed-off-by: Roger Quadros Signed-off-by: Felipe Balbi drivers/usb/dwc3/core.h | 6 ++---- drivers/usb/dwc3/gadget.c | 5 ++--- 2 files changed, 4 insertions(+), 7 deletions(-) commit 8043d25b3c0fa0a8f531333707f682f03b6febdb Author: Marc Gonzalez Date: Tue Jan 3 11:01:14 2017 +0100 mtd: nand: tango: Reset pbus to raw mode in probe Linux should not expect the boot loader to properly configure the peripheral bus "pad mode", so reset PBUS_PAD_MODE to raw. Signed-off-by: Marc Gonzalez Signed-off-by: Boris Brezillon drivers/mtd/nand/tango_nand.c | 2 ++ 1 file changed, 2 insertions(+) commit 6b7e95d1336b9eb0d4c6db190ce756480496bd13 Author: Takashi Sakamoto Date: Tue Jan 3 11:58:34 2017 +0900 ALSA: firewire-lib: change structure member with proper type The 'amdtp_stream' structure is initialized by a call of 'amdtp_stream_init()'. Although a parameter of this function is for bit flags of packet attributes, its type is enumerator. This commit changes the type so that it's proper for a bit flags. Signed-off-by: Takashi Sakamoto Signed-off-by: Takashi Iwai sound/firewire/amdtp-stream.c | 2 +- sound/firewire/amdtp-stream.h | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) commit 6a2a2f45560a9cb7bc49820883b042e44f83726c Author: Takashi Sakamoto Date: Tue Jan 3 11:58:33 2017 +0900 ALSA: firewire-tascam: Fix to handle error from initialization of stream data This module has a bug not to return error code in a case that data structure for transmitted packets fails to be initialized. This commit fixes the bug. Fixes: 35efa5c489de ("ALSA: firewire-tascam: add streaming functionality") Signed-off-by: Takashi Sakamoto Signed-off-by: Takashi Iwai sound/firewire/tascam/tascam-stream.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit e2eb31d72156c58b717396383496a7c93aa01b75 Author: Takashi Sakamoto Date: Tue Jan 3 11:58:32 2017 +0900 ALSA: fireworks: fix asymmetric API call at unit removal ALSA fireworks driver has a bug not to call an API to destroy 'cmp_connection' structure for input direction. Currently this causes no issues because it just destroys 'mutex' structure, while it's better to fix it for future work. Fix: d23c2cc4485d ("ALSA: fireworks/bebob/dice/oxfw: allow stream destructor after releasing runtime") Signed-off-by: Takashi Sakamoto Signed-off-by: Takashi Iwai sound/firewire/fireworks/fireworks_stream.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 2471eb5fb6e1433e28426ece235e3730348019ec Author: Chris Wilson Date: Fri Dec 23 14:58:04 2016 +0000 drm/i915: Prevent timeline updates whilst performing reset As the fence may be signaled concurrently from an interrupt on another device, it is possible for the list of requests on the timeline to be modified as we walk it. Take both (the context's timeline and the global timeline) locks to prevent such modifications. Fixes: 80b204bce8f2 ("drm/i915: Enable multiple timelines") Signed-off-by: Chris Wilson Cc: Joonas Lahtinen Cc: Mika Kuoppala Cc: Reviewed-by: Mika Kuoppala Link: http://patchwork.freedesktop.org/patch/msgid/20161223145804.6605-10-chris@chris-wilson.co.uk (cherry picked from commit 00c25e3f40083a6d5f1111955baccd287ee49258) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/i915_gem.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) commit 64d1461ce0c3b8ecc1c6b61f4ad1c1d10ce971a3 Author: Chris Wilson Date: Fri Dec 23 14:57:58 2016 +0000 drm/i915: Silence allocation failure during sg_trim() As trimming the sg table is merely an optimisation that gracefully fails if we cannot allocate a new table, we do not need to report the failure either. Fixes: 0c40ce130e38 ("drm/i915: Trim the object sg table") Signed-off-by: Chris Wilson Cc: Tvrtko Ursulin Reviewed-by: Joonas Lahtinen Link: http://patchwork.freedesktop.org/patch/msgid/20161223145804.6605-4-chris@chris-wilson.co.uk (cherry picked from commit 8bfc478fa455b4908f745df368355b415460c60e) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/i915_gem.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit c3f923b5545306570eff00d11ca051bd67699a23 Author: Chris Wilson Date: Fri Dec 23 14:57:57 2016 +0000 drm/i915: Don't clflush before release phys object When we teardown the backing storage for the phys object, we copy from the coherent contiguous block back to the shmemfs object, clflushing as we go. Trying to clflush the invalid sg beforehand just oops and would be redundant (due to it already being coherent, and clflushed afterwards). Reported-by: Ville Syrjälä Signed-off-by: Chris Wilson Cc: Joonas Lahtinen Cc: Reviewed-by: Joonas Lahtinen Link: http://patchwork.freedesktop.org/patch/msgid/20161223145804.6605-3-chris@chris-wilson.co.uk (cherry picked from commit e5facdf9644f4490520e0489a0252e8feaba3744) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/i915_gem.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) commit 9169757ae67bc927750ae907624e65cc15b4fe5a Author: Ville Syrjälä Date: Wed Dec 7 19:28:03 2016 +0200 drm/i915: Fix oops in overlay due to frontbuffer tracking The vma will be NULL if the overlay was previously off, so dereferencing it will oops. Check for NULL before doing that. Cc: stable@vger.kernel.org Cc: Chris Wilson Cc: Joonas Lahtinen Fixes: 9b3b7841b86d ("drm/i915/overlay: Use VMA as the primary tracker for images") Signed-off-by: Ville Syrjälä Link: http://patchwork.freedesktop.org/patch/msgid/1481131693-27993-2-git-send-email-ville.syrjala@linux.intel.com Reviewed-by: Chris Wilson (cherry picked from commit 4a15cdbbc55463e55a7cdcf33f84ccc742ca9c29) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_overlay.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit b72eb5ffa6d8601d9ba72619d75fb5b27723743a Author: Ville Syrjälä Date: Wed Dec 7 17:56:47 2016 +0000 drm/i915: Fix oopses in the overlay code due to i915_gem_active stuff The i915_gem_active stuff doesn't like a NULL ->retire hook, but the overlay code can set it to NULL. That obviously ends up oopsing. Fix it by introducing a new helper to assign the retirement callback that will switch out the NULL function pointer with i915_gem_retire_noop. Cc: stable@vger.kernel.org Cc: Chris Wilson Cc: Joonas Lahtinen Fixes: 0d9bdd886f29 ("drm/i915: Convert intel_overlay to request tracking") Signed-off-by: Ville Syrjälä Signed-off-by: Chris Wilson Link: http://patchwork.freedesktop.org/patch/msgid/20161207175647.10018-1-chris@chris-wilson.co.uk (cherry picked from commit ecd9caa0522db5a6b03ac8858c42067ef9d8323b) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/i915_gem_request.h | 19 +++++++++++++++++++ drivers/gpu/drm/i915/intel_overlay.c | 3 ++- 2 files changed, 21 insertions(+), 1 deletion(-) commit a6d3e7d35d088b2aabad1688b740e17bfdf566c5 Author: Ville Syrjälä Date: Wed Dec 21 16:45:47 2016 +0200 drm/i915: Initialize overlay->last_flip properly Initialize overlay->last_flip properly instead of leaving it zeroed. Cc: stable@vger.kernel.org Cc: Chris Wilson Fixes: 0d9bdd886f29 ("drm/i915: Convert intel_overlay to request tracking") Reviewed-by: Chris Wilson Signed-off-by: Ville Syrjälä Link: http://patchwork.freedesktop.org/patch/msgid/20161221144547.27319-1-ville.syrjala@linux.intel.com (cherry picked from commit 330afdb1df0f3fb48583105493a8f4f8d9e3af36) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_overlay.c | 2 ++ 1 file changed, 2 insertions(+) commit 00b2b7288299a8c73c0c37b531a075ba5c849e67 Author: Ville Syrjälä Date: Tue Dec 20 17:39:02 2016 +0200 drm/i915: Move the min_pixclk[] handling to the end of readout Trying to determine the pixel rate of the pipe can't be done until we know the clock, which means it can't be done until the encoder .get_config() hooks have been called. So let's move the min_pixclk[] stuff to the end of intel_modeset_readout_hw_state() when we actually have gathered all the required infromation. Cc: Maarten Lankhorst Cc: Mika Kahola Cc: Ander Conselvan de Oliveira Fixes: 565602d7501a ("drm/i915: Do not acquire crtc state to check clock during modeset, v4.") Signed-off-by: Ville Syrjälä Link: http://patchwork.freedesktop.org/patch/msgid/20161220153902.15621-1-ville.syrjala@linux.intel.com Reviewed-by: Ander Conselvan de Oliveira Reviewed-by: Maarten Lankhorst (cherry picked from commit aca1ebf491518910df156f3dab6a66306bb52e28) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_display.c | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) commit 8581f1b5ee0837e55197f036406bc99746ac94b2 Author: Ville Syrjälä Date: Tue Dec 20 18:51:17 2016 +0200 drm/i915: Force VDD off on the new power seqeuencer before starting to use it Apparently some VLV BIOSen like to leave the VDD force bit enabled even for power seqeuncers that aren't properly hooked up to any port. That will result in a imbalance in the AUX power domain refcount when we stat to use said power sequencer as edp_panel_vdd_on() will not grab the power domain reference if it sees that the VDD is already on. To fix this let's make sure we turn off the VDD force bit when we initialize the power sequencer registers. That is, unless it's being done from the init path since there we are actually initializing the registers for the current power sequencer and we don't want to turn VDD off needlessly as that would require waiting for the power cycle delay before we turn it back on. This fixes the following kind of warnings: WARNING: CPU: 0 PID: 123 at ../drivers/gpu/drm/i915/intel_runtime_pm.c:1455 intel_display_power_put+0x13a/0x170 [i915]() WARN_ON(!power_domains->domain_use_count[domain]) ... v2: Fix typos in comment (David) Cc: stable@vger.kernel.org Cc: Matwey V. Kornilov Tested-by: Matwey V. Kornilov Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=98695 Signed-off-by: Ville Syrjälä Link: http://patchwork.freedesktop.org/patch/msgid/20161220165117.24801-1-ville.syrjala@linux.intel.com Reviewed-by: David Weinehall (cherry picked from commit 5d5ab2d26f32bdaa5872b938658e0bf8d341bc4c) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_dp.c | 41 ++++++++++++++++++++++++++++++++++------- 1 file changed, 34 insertions(+), 7 deletions(-) commit dcafc45dcb6d8bb6d159ed0a903bd0f3de597fac Author: Neil Armstrong Date: Mon Jan 2 16:09:59 2017 +0100 drm/meson: Fix plane atomic check when no crtc for the plane When no CRTC is associated with the plane, the meson_plane_atomic_check() call breaks the kernel with an Oops. Fixes: bbbe775ec5b5 ("drm: Add support for Amlogic Meson Graphic Controller") Signed-off-by: Neil Armstrong drivers/gpu/drm/meson/meson_plane.c | 3 +++ 1 file changed, 3 insertions(+) commit 7165b8ad36f8bda42a5a8aa059b9a5071acc2210 Author: Marc Gonzalez Date: Mon Dec 19 15:30:12 2016 +0100 mtd: nand: tango: Update DT binding description Visually separate register ranges (address/size pairs) in reg prop. Change DMA channel name, for consistency with other drivers. Signed-off-by: Marc Gonzalez Signed-off-by: Boris Brezillon Documentation/devicetree/bindings/mtd/tango-nand.txt | 6 +++--- drivers/mtd/nand/tango_nand.c | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) commit 5c9e6c2b2ba3ec3a442e2fb5b4286498f8b4dcb7 Author: Marek Szyprowski Date: Fri Dec 16 11:39:11 2016 +0100 dmaengine: pl330: Fix runtime PM support for terminated transfers PL330 DMA engine driver is leaking a runtime reference after any terminated DMA transactions. This patch fixes this issue by tracking runtime PM state of the device and making additional call to pm_runtime_put() in terminate_all callback if needed. Fixes: ae43b3289186 ("ARM: 8202/1: dmaengine: pl330: Add runtime Power Management support v12") Signed-off-by: Marek Szyprowski Reviewed-by: Krzysztof Kozlowski Signed-off-by: Vinod Koul drivers/dma/pl330.c | 11 +++++++++++ 1 file changed, 11 insertions(+) commit f53243b563e8966fb5a5cd8f27d48b832d3b1c43 Author: Nicolas Ferre Date: Mon Jan 2 17:42:08 2017 +0100 MAINTAINERS: dmaengine: Update + Hand over the at_hdmac driver to Ludovic Hand over the Microchip / Atmel DMA driver handled by at_hdmac driver to Ludovic who is responsible for the newer at_xdmac driver as well. Also update the entry name and position to follow company changes. Signed-off-by: Nicolas Ferre Signed-off-by: Vinod Koul MAINTAINERS | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) commit 836c3ce2566fb8c1754f8d7c9534cad9bc8a6879 Author: Peter Ujfalusi Date: Mon Jan 2 12:07:37 2017 +0200 dmaengine: omap-dma: Fix dynamic lch_map allocation The original patch did not done what it was supposed to be doing and even worst it broke legacy boot (OMAP1). The lch_map size should be the number of available logical channels in sDMA and the od->dma_requests should store the number of available DMA request lines usable in sDMA. In legacy mode we do not have a way to get the DMA request count, in that case we use OMAP_SDMA_REQUESTS (127), despite the fact that OMAP1510 have only 31 DMA request line. Fixes: 2d1a9a946fae ("dmaengine: omap-dma: Dynamically allocate memory for lch_map") Reported-by: Aaro Koskinen Cc: stable@vger.kernel.org # v4.9 Signed-off-by: Peter Ujfalusi Tested-by: Aaro Koskinen Signed-off-by: Vinod Koul drivers/dma/omap-dma.c | 30 +++++++++++++++++++++--------- 1 file changed, 21 insertions(+), 9 deletions(-) commit 116dad7d4339d0965169df8a864fc829f684794d Author: Fabio Estevam Date: Fri Dec 30 08:09:03 2016 -0200 ARM: dts: imx6: Disable "weim" node in the dtsi files Commit 1be81ea5860744520 ("ARM: dts: imx6: Add imx-weim parameters to dtsi's") causes the following probe error when the weim node is not present on the board dts (such as imx6q-sabresd): imx-weim 21b8000.weim: Invalid 'ranges' configuration imx-weim: probe of 21b8000.weim failed with error -22 There is no need to always enable the "weim" node on mx6. Do the same as in the other i.MX dtsi files where "weim" is disabled and only gets enabled on a per dts basis. All the imx6 weim dts users explicitily provide 'status = "okay"', so this change has no impact on current imx6 weim users. If a board does not use the weim driver it will not describe its 'ranges' property, so simply disable the 'weim' node in the imx6 dtsi files to avoid such probe error message. Fixes: 1be81ea5860744520 ("ARM: dts: imx6: Add imx-weim parameters to dtsi's") Signed-off-by: Fabio Estevam Signed-off-by: Shawn Guo arch/arm/boot/dts/imx6qdl.dtsi | 1 + arch/arm/boot/dts/imx6sl.dtsi | 1 + arch/arm/boot/dts/imx6sx.dtsi | 1 + 3 files changed, 3 insertions(+) commit c8b4ec8351d21da3299b045b37920e5cf5590793 Merge: da28756 42d97eb Author: Linus Torvalds Date: Mon Jan 2 18:32:59 2017 -0800 Merge tag 'fscrypt-for-stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/fscrypt Pull fscrypt fixes from Ted Ts'o: "Two fscrypt bug fixes, one of which was unmasked by an update to the crypto tree during the merge window" * tag 'fscrypt-for-stable' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/fscrypt: fscrypt: fix renaming and linking special files fscrypt: fix the test_dummy_encryption mount option commit 32dd7731699765f21dbe6df9020e613d4ed73fc3 Author: Chanwoo Choi Date: Wed Dec 28 20:52:36 2016 +0900 PM / devfreq: exynos-bus: Fix the wrong return value This patch fixes the wrong return value. If devfreq driver requires the wrong and non-available governor, it is fail. So, this patch returns the error insead of -EPROBE_DEFER. Fixes: 403e0689d2a9 (PM / devfreq: exynos: Add support of bus frequency of sub-blocks using passive governor) Signed-off-by: Chanwoo Choi Signed-off-by: Rafael J. Wysocki drivers/devfreq/exynos-bus.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 73613b16cb5c5d5a659fc8832eff99eead3f9afb Author: Chanwoo Choi Date: Wed Dec 28 20:52:35 2016 +0900 PM / devfreq: Fix the bug of devfreq_add_device when governor is NULL This patch fixes the bug of devfreq_add_device(). The devfreq device must have the default governor. If find_devfreq_governor() returns error, devfreq_add_device() fail to add the devfreq instance. Fixes: 1b5c1be2c88e (PM / devfreq: map devfreq drivers to governor using name) Signed-off-by: Chanwoo Choi Signed-off-by: Rafael J. Wysocki drivers/devfreq/devfreq.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) commit 9932ef3ca7f481af59d85cec6023fc7ff1588f04 Author: Chanwoo Choi Date: Wed Dec 28 20:52:34 2016 +0900 MAINTAINERS: Add myself as reviewer for DEVFREQ subsystem support Add myself to the DEVFREQ entry as reviewer, I've been helping reviewing and tesing the devfreq support patches for the couple of years. Also, I'm going to contribute the improvement for devfreq subsystem. It would be easier for me for review if I'm cc'ed for patches. Signed-off-by: Chanwoo Choi Acked-by: MyungJoo Ham Signed-off-by: Rafael J. Wysocki MAINTAINERS | 1 + 1 file changed, 1 insertion(+) commit 6e092c8c04632dde947208f95537ec6eaaa89d8a Author: Rafael J. Wysocki Date: Mon Dec 19 21:36:39 2016 +0100 PM / docs: Drop confusing kernel-doc references from infrastructure.rst The references to drivers/base/power/main.c and drivers/acpi/scan.c from Documentation/driver-api/infrastructure.rst are confusing. They both cause descriptions of functions that are not relevant to device drivers at all to be generated and none of them is sufficient to cover the API in a meaningful way. Drop them for now. Signed-off-by: Rafael J. Wysocki Acked-by: Jonathan Corbet Documentation/driver-api/infrastructure.rst | 15 --------------- 1 file changed, 15 deletions(-) commit c2a6bbaf0c5f90463a7011a295bbdb7e33c80b51 Author: Rafael J. Wysocki Date: Fri Dec 30 02:27:31 2016 +0100 ACPI / scan: Prefer devices without _HID/_CID for _ADR matching The way acpi_find_child_device() works currently is that, if there are two (or more) devices with the same _ADR value in the same namespace scope (which is not specifically allowed by the spec and the OS behavior in that case is not defined), the first one of them found to be present (with the help of _STA) will be returned. This covers the majority of cases, but is not sufficient if some of the devices in question have a _HID (or _CID) returning some valid ACPI/PNP device IDs (which is disallowed by the spec) and the ASL writers' expectation appears to be that the OS will match devices without a valid ACPI/PNP device ID against a given bus address first. To cover this special case as well, modify find_child_checks() to prefer devices without ACPI/PNP device IDs over devices that have them. Suggested-by: Mika Westerberg Signed-off-by: Rafael J. Wysocki Tested-by: Hans de Goede drivers/acpi/glue.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) commit 4e5da369df64628358e25ffedcf80ac43af3793d Author: Alexander Alemayhu Date: Mon Jan 2 18:52:24 2017 +0100 Documentation/networking: fix typo in mpls-sysctl s/utliziation/utilization Signed-off-by: Alexander Alemayhu Signed-off-by: David S. Miller Documentation/networking/mpls-sysctl.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit da2875673660c114dc7d65edcd1f97023d0ed624 Merge: 74e5c26 143fca7 Author: Linus Torvalds Date: Mon Jan 2 12:42:50 2017 -0800 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid Pull HID fixes from Jiri Kosina: - regression fix (caused by me applying a wrong version of patch) for sensor-hub driver, from Srinivas Pandruvada - hid-sony fixes (mostly related to DS4 device) from Roderick Colenbrander - three device-specific quirks-fixes from Alex Wood, Brendan McGrath and Marcel Hasler * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid: HID: sensor-hub: Move the memset to sensor_hub_get_feature() HID: usbhid: Add quirk for Mayflash/Dragonrise DolphinBar. HID: usbhid: Add quirk for the Futaba TOSD-5711BB VFD HID: sony: Ignore DS4 dongle reports when no device is connected HID: sony: Use DS4 MAC address as unique identifier on USB HID: sony: Fix error handling bug when touchpad registration fails HID: asus: Fix keyboard support commit 3ef01c968fbfb21c2f16281445d30a865ee4412c Author: Krzysztof Kozlowski Date: Thu Dec 29 14:41:05 2016 +0200 ARM: s3c2410_defconfig: Fix invalid values for NF_CT_PROTO_* NF_CT_PROTO_DCCP/SCTP/UDPLITE were switched from tristate to boolean so defconfig needs to be adjusted to silence warnings: warning: symbol value 'm' invalid for NF_CT_PROTO_DCCP warning: symbol value 'm' invalid for NF_CT_PROTO_SCTP warning: symbol value 'm' invalid for NF_CT_PROTO_UDPLITE Signed-off-by: Krzysztof Kozlowski arch/arm/configs/s3c2410_defconfig | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit e9572fdd13e299cfba03abbfd2786c84ac055249 Author: Michael Walle Date: Mon Jan 2 17:53:39 2017 +0100 hwmon: (lm90) fix temp1_max_alarm attribute Since commit commit eb1c8f4325d5 ("hwmon: (lm90) Convert to use new hwmon registration API") the temp1_max_alarm and temp1_crit_alarm attributes are mapped to the same alarm bit. Fix the typo. Fixes: eb1c8f4325d5 ("hwmon: (lm90) Convert to use new hwmon registration API") Signed-off-by: Micehael Walle Signed-off-by: Guenter Roeck drivers/hwmon/lm90.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 7ababb782690e03b78657e27bd051e20163af2d6 Author: Michal Tesar Date: Mon Jan 2 14:38:36 2017 +0100 igmp: Make igmp group member RFC 3376 compliant 5.2. Action on Reception of a Query When a system receives a Query, it does not respond immediately. Instead, it delays its response by a random amount of time, bounded by the Max Resp Time value derived from the Max Resp Code in the received Query message. A system may receive a variety of Queries on different interfaces and of different kinds (e.g., General Queries, Group-Specific Queries, and Group-and-Source-Specific Queries), each of which may require its own delayed response. Before scheduling a response to a Query, the system must first consider previously scheduled pending responses and in many cases schedule a combined response. Therefore, the system must be able to maintain the following state: o A timer per interface for scheduling responses to General Queries. o A per-group and interface timer for scheduling responses to Group- Specific and Group-and-Source-Specific Queries. o A per-group and interface list of sources to be reported in the response to a Group-and-Source-Specific Query. When a new Query with the Router-Alert option arrives on an interface, provided the system has state to report, a delay for a response is randomly selected in the range (0, [Max Resp Time]) where Max Resp Time is derived from Max Resp Code in the received Query message. The following rules are then used to determine if a Report needs to be scheduled and the type of Report to schedule. The rules are considered in order and only the first matching rule is applied. 1. If there is a pending response to a previous General Query scheduled sooner than the selected delay, no additional response needs to be scheduled. 2. If the received Query is a General Query, the interface timer is used to schedule a response to the General Query after the selected delay. Any previously pending response to a General Query is canceled. --8<-- Currently the timer is rearmed with new random expiration time for every incoming query regardless of possibly already pending report. Which is not aligned with the above RFE. It also might happen that higher rate of incoming queries can postpone the report after the expiration time of the first query causing group membership loss. Now the per interface general query timer is rearmed only when there is no pending report already scheduled on that interface or the newly selected expiration time is before the already pending scheduled report. Signed-off-by: Michal Tesar Signed-off-by: David S. Miller net/ipv4/igmp.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) commit d0af683407a26a4437d8fa6e283ea201f2ae8146 Author: Ian Kumlien Date: Mon Jan 2 09:18:35 2017 +0100 flow_dissector: Update pptp handling to avoid null pointer deref. __skb_flow_dissect can be called with a skb or a data packet, either can be NULL. All calls seems to have been moved to __skb_header_pointer except the pptp handling which is still calling skb_header_pointer. skb_header_pointer will use skb->data and thus: [ 109.556866] BUG: unable to handle kernel NULL pointer dereference at 0000000000000080 [ 109.557102] IP: [] __skb_flow_dissect+0xa88/0xce0 [ 109.557263] PGD 0 [ 109.557338] [ 109.557484] Oops: 0000 [#1] SMP [ 109.557562] Modules linked in: chaoskey [ 109.557783] CPU: 2 PID: 0 Comm: swapper/2 Not tainted 4.9.0 #79 [ 109.557867] Hardware name: Supermicro A1SRM-LN7F/LN5F/A1SRM-LN7F-2758, BIOS 1.0c 11/04/2015 [ 109.557957] task: ffff94085c27bc00 task.stack: ffffb745c0068000 [ 109.558041] RIP: 0010:[] [] __skb_flow_dissect+0xa88/0xce0 [ 109.558203] RSP: 0018:ffff94087fc83d40 EFLAGS: 00010206 [ 109.558286] RAX: 0000000000000130 RBX: ffffffff8975bf80 RCX: ffff94084fab6800 [ 109.558373] RDX: 0000000000000010 RSI: 000000000000000c RDI: 0000000000000000 [ 109.558460] RBP: 0000000000000b88 R08: 0000000000000000 R09: 0000000000000022 [ 109.558547] R10: 0000000000000008 R11: ffff94087fc83e04 R12: 0000000000000000 [ 109.558763] R13: ffff94084fab6800 R14: ffff94087fc83e04 R15: 000000000000002f [ 109.558979] FS: 0000000000000000(0000) GS:ffff94087fc80000(0000) knlGS:0000000000000000 [ 109.559326] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 109.559539] CR2: 0000000000000080 CR3: 0000000281809000 CR4: 00000000001026e0 [ 109.559753] Stack: [ 109.559957] 000000000000000c ffff94084fab6822 0000000000000001 ffff94085c2b5fc0 [ 109.560578] 0000000000000001 0000000000002000 0000000000000000 0000000000000000 [ 109.561200] 0000000000000000 0000000000000000 0000000000000000 0000000000000000 [ 109.561820] Call Trace: [ 109.562027] [ 109.562108] [] ? eth_get_headlen+0x7a/0xf0 [ 109.562522] [] ? igb_poll+0x96a/0xe80 [ 109.562737] [] ? net_rx_action+0x20b/0x350 [ 109.562953] [] ? __do_softirq+0xe8/0x280 [ 109.563169] [] ? irq_exit+0xaa/0xb0 [ 109.563382] [] ? do_IRQ+0x4b/0xc0 [ 109.563597] [] ? common_interrupt+0x7f/0x7f [ 109.563810] [ 109.563890] [] ? cpuidle_enter_state+0x130/0x2c0 [ 109.564304] [] ? cpuidle_enter_state+0x120/0x2c0 [ 109.564520] [] ? cpu_startup_entry+0x19f/0x1f0 [ 109.564737] [] ? start_secondary+0x12a/0x140 [ 109.564950] Code: 83 e2 20 a8 80 0f 84 60 01 00 00 c7 04 24 08 00 00 00 66 85 d2 0f 84 be fe ff ff e9 69 fe ff ff 8b 34 24 89 f2 83 c2 04 66 85 c0 <41> 8b 84 24 80 00 00 00 0f 49 d6 41 8d 31 01 d6 41 2b 84 24 84 [ 109.569959] RIP [] __skb_flow_dissect+0xa88/0xce0 [ 109.570245] RSP [ 109.570453] CR2: 0000000000000080 Fixes: ab10dccb1160 ("rps: Inspect PPTP encapsulated by GRE to get flow hash") Signed-off-by: Ian Kumlien Signed-off-by: David S. Miller net/core/flow_dissector.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 94ba998b63c41e92da1b2f0cd8679e038181ef48 Merge: eb7903b 35f432a Author: David S. Miller Date: Mon Jan 2 12:28:00 2017 -0500 Merge tag 'mac80211-for-davem-2017-01-02' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211 Johannes Berg says: ==================== A single fix to avoid loading an skb->cb pointer too early. ==================== Signed-off-by: David S. Miller commit 1f2ed153b916c95a49a1ca9d7107738664224b7f Author: Masami Hiramatsu Date: Tue Jan 3 00:20:49 2017 +0900 perf probe: Fix to get correct modname from elf header Since 'perf probe' supports cross-arch probes, it is possible to analyze different arch kernel image which has different bits-per-long. In that case, it fails to get the module name because it uses the MOD_NAME_OFFSET macro based on the host machine bits-per-long, instead of the target arch bits-per-long. This fixes above issue by changing modname-offset based on the target archs bit width. This is ok because linux kernel uses LP64 model on 64bit arch. E.g. without this (on x86_64, and target module is arm32): $ perf probe -m build-arm/fs/configfs/configfs.ko -D configfs_lookup p:probe/configfs_lookup :configfs_lookup+0 ^-Here is an empty module name. With this fix, you can see correct module name: $ perf probe -m build-arm/fs/configfs/configfs.ko -D configfs_lookup p:probe/configfs_lookup configfs:configfs_lookup+0 Signed-off-by: Masami Hiramatsu Cc: Jiri Olsa Cc: Namhyung Kim Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/148337043836.6752.383495516397005695.stgit@devbox Signed-off-by: Arnaldo Carvalho de Melo tools/perf/util/probe-event.c | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) commit 74e5c265a4955d6a01adc40783346b716271170b Merge: 71a332e cabab3f Author: Linus Torvalds Date: Mon Jan 2 09:08:45 2017 -0800 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux Pull s390 fixes from Martin Schwidefsky: "Two bug fixes for 4.10-rc3" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux: s390/kbuild: enable modversions for symbols exported from asm s390/vtime: correct system time accounting commit b4a9eb4cd5966c8aad3d007d206a2cbda97d6928 Author: Helge Deller Date: Mon Jan 2 17:43:15 2017 +0100 parisc: Add line-break when printing segfault info Add a leading line break else printed line gets too long. Signed-off-by: Helge Deller Cc: # v4.9 arch/parisc/mm/fault.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 71a332e5603e000b907e66d172eae0e7a8c2c653 Merge: 0c744ea 086cc1c Author: Linus Torvalds Date: Mon Jan 2 09:00:59 2017 -0800 Merge tag 'openrisc-for-linus' of git://github.com/openrisc/linux Pull Openrisc fix from Stafford Horne: "There was nothing much interesting here except a build fix pointed out by the test robots. Highlight: - Defined _text symbol to fix build error" * tag 'openrisc-for-linus' of git://github.com/openrisc/linux: openrisc: Add _text symbol to fix ksym build error commit 9eca53508a157c6b6fdb6e06796902cf8a920d29 Author: Bart Van Assche Date: Mon Jan 2 09:48:47 2017 -0700 block: Avoid that sparse complains about context imbalance in __wbt_wait() This patch does not change any functionality. Fixes: e34cbd307477 ("blk-wbt: add general throttling mechanism") Signed-off-by: Bart Van Assche Signed-off-by: Jens Axboe block/blk-wbt.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) commit 542b9f0759ed74ca0f1a9f3ff090c95ea73eba91 Author: Bjorn Andersson Date: Thu Dec 29 04:06:11 2016 -0800 ARM: dts: qcom: apq8064: Add missing scm clock As per the device tree binding the apq8064 scm node requires the core clock to be specified, so add this. Signed-off-by: Bjorn Andersson Signed-off-by: Andy Gross arch/arm/boot/dts/qcom-apq8064.dtsi | 4 ++++ 1 file changed, 4 insertions(+) commit f2e0a0b292682dd94274d6793d76656b41526147 Author: Bart Van Assche Date: Mon Jan 2 09:46:15 2017 -0700 block: Make wbt_wait() definition consistent with declaration Fixes: e34cbd307477 ("blk-wbt: add general throttling mechanism") Signed-off-by: Bart Van Assche Signed-off-by: Jens Axboe block/blk-wbt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 6c006a9d94bfb5cbcc5150e8fd7f45d3f92f3ee8 Author: Chandan Rajendra Date: Sun Dec 25 19:01:03 2016 +0530 clean_bdev_aliases: Prevent cleaning blocks that are not in block range The first block to be cleaned may start at a non-zero page offset. In such a scenario clean_bdev_aliases() will end up cleaning blocks that do not fall in the range of blocks to be cleaned. This commit fixes the issue by skipping blocks that do not fall in valid block range. Signed-off-by: Chandan Rajendra Reviewed-by: Jan Kara Reviewed-by: Eryu Guan Signed-off-by: Jens Axboe fs/buffer.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 890b73af6b008a7d59bdbab2dd59bd7b212dbc60 Merge: 0c744ea 65e4345 Author: Greg Kroah-Hartman Date: Mon Jan 2 16:59:44 2017 +0100 Merge tag 'iio-fixes-for-4.10a' of git://git.kernel.org/pub/scm/linux/kernel/git/jic23/iio into staging-linus Jonathan writes: First round of IIO fixes for the 4.10 cycle. * 104-quad-8 - Fix selecting wrong register when the index control register is desired. - Fix an off by one error when addressing the input/output control register. - Fix inverted logic on the active high / low control * bmi160 - Sleep for worst case rather than best case amount of time after cmd execution begins. * max44000 - typo fix in illuminance_integration_time_available listing. * st-sensors - Fix channel data passing. This one took a while to get tested on 24bit parts. Definitely one for stable asap as the bug broke quite a few parts. - lis3lv02 needs a data alignment bit set and the scaling was wrong. * ti_am335x - depend on HAS_DMA commit c415f9e8304a1d235ef118d912f374ee2e46c45d Author: Moritz Fischer Date: Thu Dec 22 09:19:25 2016 -0800 ARM64: zynqmp: Fix i2c node's compatible string The Zynq Ultrascale MP uses version 1.4 of the Cadence IP core which fixes some silicon bugs that needed software workarounds in Version 1.0 that was used on Zynq systems. Signed-off-by: Moritz Fischer Cc: Michal Simek Cc: Sören Brinkmann Cc: Rob Herring Acked-by: Sören Brinkmann Signed-off-by: Michal Simek arch/arm64/boot/dts/xilinx/zynqmp.dtsi | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 4ea2a6be9565455f152c12f80222af1582ede0c7 Author: Michal Simek Date: Tue Nov 15 14:53:13 2016 +0100 ARM64: zynqmp: Fix W=1 dtc 1.4 warnings The patch removes these warnings reported by dtc 1.4: Warning (unit_address_vs_reg): Node /amba_apu has a reg or ranges property, but no unit name Warning (unit_address_vs_reg): Node /memory has a reg or ranges property, but no unit name Signed-off-by: Michal Simek arch/arm64/boot/dts/xilinx/zynqmp-ep108.dts | 2 +- arch/arm64/boot/dts/xilinx/zynqmp.dtsi | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) commit 143fca77cce906d35f7a60ccef648e888df589f2 Author: Srinivas Pandruvada Date: Tue Dec 27 08:57:59 2016 -0800 HID: sensor-hub: Move the memset to sensor_hub_get_feature() While applying patch d443a0aa3a29: "HID: hid-sensor-hub: clear memory to avoid random data", there was some issues in applying correct version of the patch. This resulted in the breakage of sensor functions as all request like power-up will be reset by the memset() in the function sensor_hub_set_feature(). The reset of caller buffer should be in the function sensor_hub_get_feature(), not in the sensor_hub_set_feature(). Fixes: d443a0aa3a29 ("HID: hid-sensor-hub: clear memory to avoid random data") Cc: Stable # 4.9+ Signed-off-by: Srinivas Pandruvada Signed-off-by: Jiri Kosina drivers/hid/hid-sensor-hub.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 8aa2cc7e747881d1fd52db28261b201d4e3e5565 Author: Marcel Hasler Date: Tue Dec 20 22:08:13 2016 +0100 HID: usbhid: Add quirk for Mayflash/Dragonrise DolphinBar. The DolphinBar by Mayflash (identified as Dragonrise) needs HID_QUIRK_MULTI_INPUT to split it up into four input devices. Without this quirk the adapter is falsely recognized as a tablet. See also bug 115841 (https://bugzilla.kernel.org/show_bug.cgi?id=115841). Signed-off-by: Marcel Hasler Signed-off-by: Jiri Kosina drivers/hid/hid-ids.h | 1 + drivers/hid/usbhid/hid-quirks.c | 1 + 2 files changed, 2 insertions(+) commit f83f90cf7ba68deb09406ea9da80852a64c4db29 Author: Alex Wood Date: Fri Dec 23 12:50:13 2016 +0000 HID: usbhid: Add quirk for the Futaba TOSD-5711BB VFD The Futaba TOSD-5711BB VFD crashes when the initial HID report is requested, register the display in hid-ids and tell hid-quirks to not do the init. Signed-off-by: Alex Wood Signed-off-by: Jiri Kosina drivers/hid/hid-ids.h | 3 +++ drivers/hid/usbhid/hid-quirks.c | 1 + 2 files changed, 4 insertions(+) commit d1df1e01af1d7c91e48204b9eb8b9f20cdb90700 Author: Alexandre Bailon Date: Fri Dec 9 17:59:33 2016 +0100 ARM: davinci: da8xx: Fix sleeping function called from invalid context Everytime the usb20 phy is enabled, there is a "sleeping function called from invalid context" BUG. In addition, there is a recursive locking happening because of the recurse call to clk_enable(). clk_enable() from arch/arm/mach-davinci/clock.c uses spin_lock_irqsave() before to invoke the callback usb20_phy_clk_enable(). usb20_phy_clk_enable() uses clk_get() and clk_enable_prepapre() which may sleep. Replace clk_prepare_enable() by davinci_clk_enable(). Signed-off-by: Alexandre Bailon Suggested-by: David Lechner [nsekhar@ti.com: minor commit description adjustment] Signed-off-by: Sekhar Nori arch/arm/mach-davinci/usb-da8xx.c | 34 +++++++++++++++------------------- 1 file changed, 15 insertions(+), 19 deletions(-) commit 48cd30b49527f04078ef7de217cc188157f76ba6 Author: Alexandre Bailon Date: Fri Dec 9 17:59:32 2016 +0100 ARM: davinci: Make __clk_{enable,disable} functions public In some cases, there is a need to enable a clock as part of clock enable callback of a different clock. For example, USB 2.0 PHY clock enable requires USB 2.0 clock to be enabled. In this case, it is safe to instead call __clk_enable() since the clock framework lock is already taken. Calling clk_enable() causes recursive locking error. A similar case arises in the clock disable path. To enable such usage, make __clk_{enable,disable} functions publicly available outside of clock.c. Also, call them davinci_clk_{enable|disable} now to be consistent with how other davinci-specific clock functions are named. Note that these functions are not exported to drivers. They are meant for usage in platform specific clock management code. Signed-off-by: Alexandre Bailon Suggested-by: David Lechner Signed-off-by: Sekhar Nori arch/arm/mach-davinci/clock.c | 12 ++++++------ arch/arm/mach-davinci/clock.h | 2 ++ 2 files changed, 8 insertions(+), 6 deletions(-) commit 35f432a03e41d3bf08c51ede917f94e2288fbe8c Author: Johannes Berg Date: Mon Jan 2 11:19:29 2017 +0100 mac80211: initialize fast-xmit 'info' later In ieee80211_xmit_fast(), 'info' is initialized to point to the skb that's passed in, but that skb may later be replaced by a clone (if it was shared), leading to an invalid pointer. This can lead to use-after-free and also later crashes since the real SKB's info->hw_queue doesn't get initialized properly. Fix this by assigning info only later, when it's needed, after the skb replacement (may have) happened. Cc: stable@vger.kernel.org Reported-by: Ben Greear Signed-off-by: Johannes Berg net/mac80211/tx.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 427157631648c980e8bba4d73a21508b9e1a47ec Author: Geert Uytterhoeven Date: Sun Dec 18 10:19:28 2016 +0100 USB: serial: f81534: detect errors from f81534_logic_to_phy_port() With gcc 4.1.2: drivers/usb/serial/f81534.c: In function ‘f81534_port_probe’: drivers/usb/serial/f81534.c:1250: warning: comparison is always false due to limited range of data type f81534_logic_to_phy_port() may return a negative error value, which is ignored by assigning it to u8 f81534_port_private.phy_num. Use an intermediate variable of type int to fix this. While at it, forward the actual error code instead of converting it to -ENODEV, and drop the useless check for F81534_NUM_PORT, as the callee always returns a valid port number in case of success. Fixes: 0c9bd6004d258d46 ("USB: serial: add Fintek F81532/534 driver") Signed-off-by: Geert Uytterhoeven Signed-off-by: Johan Hovold drivers/usb/serial/f81534.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) commit ef37427ac5677331145ab27a17e6f5f1b43f0c11 Author: Bartosz Golaszewski Date: Wed Dec 7 16:22:16 2016 +0100 ARM: davinci: da850: don't add emac clock to lookup table twice Similarly to the aemif clock - this screws up the linked list of clock children. Create a separate clock for mdio inheriting the rate from emac_clk. Cc: # 3.12.x- Signed-off-by: Bartosz Golaszewski [nsekhar@ti.com: add a comment over mdio_clk to explaing its existence + commit headline updates] Signed-off-by: Sekhar Nori arch/arm/mach-davinci/da850.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) commit 5d45b011c14a791ef23555a59ff7a3e6d213530f Author: Bartosz Golaszewski Date: Wed Dec 7 16:22:15 2016 +0100 ARM: davinci: da850: fix infinite loop in clk_set_rate() The aemif clock is added twice to the lookup table in da850.c. This breaks the children list of pll0_sysclk3 as we're using the same list links in struct clk. When calling clk_set_rate(), we get stuck in propagate_rate(). Create a separate clock for nand, inheriting the rate of the aemif clock and retrieve it in the davinci_nand module. Cc: # 4.9.x Signed-off-by: Bartosz Golaszewski Signed-off-by: Sekhar Nori arch/arm/mach-davinci/da850.c | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) commit f0fcdc506b76e924c60fa607bba5872ca4745476 Author: Randy Dunlap Date: Sun Jan 1 18:58:27 2017 -0800 mtd: nand: oxnas_nand: fix build errors on arch/um, require HAS_IOMEM Fix build errors on arch/um, which does not support HAS_IOMEM, while the oxnas_nand.c driver uses interfaces that are supplied by HAS_IOMEM. (loadable module build:) ERROR: "devm_ioremap_resource" [drivers/mtd/nand/oxnas_nand.ko] undefined! or (built-in build:) drivers/built-in.o: In function `oxnas_nand_probe': drivers/mtd/nand/oxnas_nand.c:102: undefined reference to `devm_ioremap_resource' Fixes: 668592492409 ("mtd: nand: Add OX820 NAND Support") Signed-off-by: Randy Dunlap Reported-by: kbuild test robot Acked-by: Neil Armstrong Signed-off-by: Boris Brezillon drivers/mtd/nand/Kconfig | 1 + 1 file changed, 1 insertion(+) commit 7b01738112608ce47083178ae2b9ebadf02d32cc Author: Felix Hädicke Date: Thu Dec 29 23:02:11 2016 +0100 usb: gadget: udc: core: fix return code of usb_gadget_probe_driver() This fixes a regression which was introduced by commit f1bddbb, by reverting a small fragment of commit 855ed04. If the following conditions were met, usb_gadget_probe_driver() returned 0, although the call was unsuccessful: 1. A particular UDC was specified by thge gadget driver (using member "udc_name" of struct usb_gadget_driver). 2. The UDC with this name is available. 3. Another gadget driver is already bound to this gadget. 4. The gadget driver has the "match_existing_only" flag set. In this case, the return code variable "ret" is set to 0, the return code of a strcmp() call (to check for the second condition). This also fixes an oops which could occur in the following scenario: 1. Two usb gadget instances were configured using configfs. 2. The first gadget configuration was bound to a UDC (using the configfs attribute "UDC"). 3. It was tried to bind the second gadget configuration to the same UDC in the same way. This operation was then wrongly reported as being successful. 4. The second gadget configuration's "UDC" attribute is cleared, to unbind the (not really bound) second gadget configuration from the UDC. ] __list_del_entry+0x29/0xc0 PGD 41b4c5067 PUD 41a598067 PMD 0 Oops: 0000 [#1] SMP Modules linked in: cdc_acm usb_f_fs usb_f_serial usb_f_acm u_serial libcomposite configfs dummy_hcd bnep intel_rapl x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm snd_hda_codec_hdmi irqbypass crct10dif_pclmul crc32_pclmul ghash_clmulni_intel aesni_intel aes_x86_64 lrw gf128mul glue_helper ablk_helper cryptd snd_hda_codec_realtek snd_hda_codec_generic serio_raw uvcvideo videobuf2_vmalloc btusb snd_usb_audio snd_hda_intel videobuf2_memops btrtl snd_hda_codec snd_hda_core snd_usbmidi_lib btbcm videobuf2_v4l2 btintel snd_hwdep videobuf2_core snd_seq_midi bluetooth snd_seq_midi_event videodev xpad efi_pstore snd_pcm_oss rfkill joydev media crc16 ff_memless snd_mixer_oss snd_rawmidi nls_ascii snd_pcm snd_seq snd_seq_device nls_cp437 mei_me snd_timer vfat sg udc_core lpc_ich fat efivars mfd_core mei snd soundcore battery nuvoton_cir rc_core evdev intel_smartconnect ie31200_edac edac_core shpchp tpm_tis tpm_tis_core tpm parport_pc ppdev lp parport efivarfs autofs4 btrfs xor raid6_pq hid_logitech_hidpp hid_logitech_dj hid_generic usbhid hid uas usb_storage sr_mod cdrom sd_mod ahci libahci nouveau i915 crc32c_intel i2c_algo_bit psmouse ttm xhci_pci libata scsi_mod ehci_pci drm_kms_helper xhci_hcd ehci_hcd r8169 mii usbcore drm nvme nvme_core fjes button [last unloaded: net2280] CPU: 5 PID: 829 Comm: bash Not tainted 4.9.0-rc7 #1 Hardware name: To Be Filled By O.E.M. To Be Filled By O.E.M./Z77 Extreme3, BIOS P1.50 07/11/2013 task: ffff880419ce4040 task.stack: ffffc90002ed4000 RIP: 0010:[] [] __list_del_entry+0x29/0xc0 RSP: 0018:ffffc90002ed7d68 EFLAGS: 00010207 RAX: 0000000000000000 RBX: ffff88041787ec30 RCX: dead000000000200 RDX: 0000000000000000 RSI: ffff880417482002 RDI: ffff88041787ec30 RBP: ffffc90002ed7d68 R08: 0000000000000000 R09: 0000000000000010 R10: 0000000000000000 R11: ffff880419ce4040 R12: ffff88041787eb68 R13: ffff88041787eaa8 R14: ffff88041560a2c0 R15: 0000000000000001 FS: 00007fe4e49b8700(0000) GS:ffff88042f340000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 000000041b4c4000 CR4: 00000000001406e0 Stack: ffffc90002ed7d80 ffffffff94f5e68d ffffffffc0ae5ef0 ffffc90002ed7da0 ffffffffc0ae22aa ffff88041787e800 ffff88041787e800 ffffc90002ed7dc0 ffffffffc0d7a727 ffffffff952273fa ffff88041aba5760 ffffc90002ed7df8 Call Trace: [] list_del+0xd/0x30 [] usb_gadget_unregister_driver+0xaa/0xc0 [udc_core] [] unregister_gadget+0x27/0x60 [libcomposite] [] ? mutex_lock+0x1a/0x30 [] gadget_dev_desc_UDC_store+0x88/0xe0 [libcomposite] [] configfs_write_file+0xa0/0x100 [configfs] [] __vfs_write+0x37/0x160 [] ? __fd_install+0x30/0xd0 [] ? _raw_spin_unlock+0xe/0x10 [] vfs_write+0xb8/0x1b0 [] SyS_write+0x58/0xc0 [] ? __close_fd+0x94/0xc0 [] entry_SYSCALL_64_fastpath+0x1e/0xad Code: 66 90 55 48 8b 07 48 b9 00 01 00 00 00 00 ad de 48 8b 57 08 48 89 e5 48 39 c8 74 29 48 b9 00 02 00 00 00 00 ad de 48 39 ca 74 3a <4c> 8b 02 4c 39 c7 75 52 4c 8b 40 08 4c 39 c7 75 66 48 89 50 08 RIP [] __list_del_entry+0x29/0xc0 RSP CR2: 0000000000000000 ---[ end trace 99fc090ab3ff6cbc ]--- Fixes: f1bddbb ("usb: gadget: Fix binding to UDC via configfs interface") Signed-off-by: Felix Hädicke Tested-by: Krzysztof Opasiak Signed-off-by: Felipe Balbi drivers/usb/gadget/udc/core.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) commit 8f8983a5683623b62b339d159573f95a1fce44f3 Author: Heikki Krogerus Date: Fri Apr 1 17:13:12 2016 +0300 usb: dwc3: pci: add Intel Gemini Lake PCI ID Intel Gemini Lake SoC has the same DWC3 than Broxton. Add the new ID to the supported Devices. Signed-off-by: Heikki Krogerus Signed-off-by: Felipe Balbi drivers/usb/dwc3/dwc3-pci.c | 2 ++ 1 file changed, 2 insertions(+) commit 86e881e7d769f40bd5ed08677e503bc15d89dec6 Author: Marek Szyprowski Date: Thu Dec 1 10:02:11 2016 +0100 usb: dwc2: fix flags for DMA descriptor allocation in dwc2_hsotg_ep_enable dwc2_hsotg_ep_enable can be called from interrupt context, so all allocations should be done with GFP_ATOMIC flags. This fixes following issue on ARM architecture: [] (unwind_backtrace) from [] (show_stack+0x10/0x14) [] (show_stack) from [] (dump_stack+0x74/0x94) [] (dump_stack) from [] (__warn+0xd4/0x100) [] (__warn) from [] (warn_slowpath_null+0x20/0x28) [] (warn_slowpath_null) from [] (smp_call_function_many+0xcc/0x2a4) [] (smp_call_function_many) from [] (on_each_cpu_mask+0x38/0xa8) [] (on_each_cpu_mask) from [] (start_isolate_page_range+0x134/0x1b8) [] (start_isolate_page_range) from [] (alloc_contig_range+0xac/0x2f8) [] (alloc_contig_range) from [] (cma_alloc+0xe0/0x1a8) [] (cma_alloc) from [] (__alloc_from_contiguous+0x38/0xe0) [] (__alloc_from_contiguous) from [] (cma_allocator_alloc+0x30/0x38) [] (cma_allocator_alloc) from [] (__dma_alloc+0x1c0/0x2c8) [] (__dma_alloc) from [] (arm_dma_alloc+0x3c/0x48) [] (arm_dma_alloc) from [] (dwc2_hsotg_ep_enable+0xec/0x46c) [] (dwc2_hsotg_ep_enable) from [] (usb_ep_enable+0x2c/0x3c) [] (usb_ep_enable) from [] (ecm_set_alt+0xa8/0x154) [] (ecm_set_alt) from [] (composite_setup+0xd74/0x1540) [] (composite_setup) from [] (dwc2_hsotg_complete_setup+0xb8/0x370) [] (dwc2_hsotg_complete_setup) from [] (usb_gadget_giveback_request+0xc/0x10) [] (usb_gadget_giveback_request) from [] (dwc2_hsotg_complete_request+0x78/0x128) [] (dwc2_hsotg_complete_request) from [] (dwc2_hsotg_epint+0x69c/0x81c) [] (dwc2_hsotg_epint) from [] (dwc2_hsotg_irq+0xfc/0x748) [] (dwc2_hsotg_irq) from [] (__handle_irq_event_percpu+0x58/0x140) [] (__handle_irq_event_percpu) from [] (handle_irq_event_percpu+0x1c/0x58) [] (handle_irq_event_percpu) from [] (handle_irq_event+0x38/0x5c) [] (handle_irq_event) from [] (handle_fasteoi_irq+0xc4/0x19c) [] (handle_fasteoi_irq) from [] (generic_handle_irq+0x18/0x28) [] (generic_handle_irq) from [] (__handle_domain_irq+0x6c/0xe4) [] (__handle_domain_irq) from [] (gic_handle_irq+0x50/0x9c) [] (gic_handle_irq) from [] (__irq_svc+0x6c/0xa8) Fixes: 5f54c54b0ba83 ("usb: dwc2: gadget: Add DDMA chain pointers to dwc2_hsotg_ep structure") Acked-by: John Youn Signed-off-by: Marek Szyprowski Signed-off-by: Felipe Balbi drivers/usb/dwc2/gadget.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 0eae2fde164caaa013a3f7341fd3e7e36e8e2865 Author: John Youn Date: Mon Nov 28 16:30:58 2016 -0800 usb: dwc3: pci: Add "linux,sysdev_is_parent" property Calling platform_device_add_properties() replaces existing properties so the "linux,sysdev_is_parent" property doesn't get set. Add this property to each platform. Fixes: d64ff406e51e ("usb: dwc3: use bus->sysdev for DMA configuration") Signed-off-by: John Youn Signed-off-by: Felipe Balbi drivers/usb/dwc3/dwc3-pci.c | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) commit 12a7f17fac5b370bec87259e4c718faf563ce900 Author: Grygorii Strashko Date: Mon Dec 12 13:37:52 2016 -0600 usb: dwc3: omap: fix race of pm runtime with irq handler in probe Now races can happen between interrupt handler execution and PM runtime in error handling code path in probe and in dwc3_omap_remove() which will lead to system crash: in probe: ... err1: pm_runtime_put_sync(dev); ^^ PM runtime can race with IRQ handler when deferred probing happening due to extcon pm_runtime_disable(dev); return ret; in dwc3_omap_remove: ... dwc3_omap_disable_irqs(omap); ^^ IRQs are disabled in HW, but handler may still run of_platform_depopulate(omap->dev); pm_runtime_put_sync(&pdev->dev); ^^ PM runtime can race with IRQ handler pm_runtime_disable(&pdev->dev); return 0; So, OMAP DWC3 IRQ need to be disabled before calling pm_runtime_put() in probe and in dwc3_omap_remove(). Acked-by: Tony Lindgren Signed-off-by: Grygorii Strashko Signed-off-by: Felipe Balbi drivers/usb/dwc3/dwc3-omap.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit 890e6c236dcda6d45c5f0bdd23665636376f6831 Author: Alan Stern Date: Fri Dec 9 15:25:15 2016 -0500 USB: gadgetfs: remove unnecessary assignment The dev_config() routine in gadgetfs has a check that dev->dev->bNumConfigurations is equal to 1, and then contains a redundant line of code setting the value to 1. This patch removes the unnecessary assignment. Signed-off-by: Alan Stern Signed-off-by: Felipe Balbi drivers/usb/gadget/legacy/inode.c | 1 - 1 file changed, 1 deletion(-) commit 1c069b057dcf64fada952eaa868d35f02bb0cfc2 Author: Alan Stern Date: Fri Dec 9 15:24:24 2016 -0500 USB: gadgetfs: fix checks of wTotalLength in config descriptors Andrey Konovalov's fuzz testing of gadgetfs showed that we should improve the driver's checks for valid configuration descriptors passed in by the user. In particular, the driver needs to verify that the wTotalLength value in the descriptor is not too short (smaller than USB_DT_CONFIG_SIZE). And the check for whether wTotalLength is too large has to be changed, because the driver assumes there is always enough room remaining in the buffer to hold a device descriptor (at least USB_DT_DEVICE_SIZE bytes). This patch adds the additional check and fixes the existing check. It may do a little more than strictly necessary, but one extra check won't hurt. Signed-off-by: Alan Stern CC: Andrey Konovalov CC: Signed-off-by: Felipe Balbi drivers/usb/gadget/legacy/inode.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) commit add333a81a16abbd4f106266a2553677a165725f Author: Alan Stern Date: Fri Dec 9 15:18:43 2016 -0500 USB: gadgetfs: fix use-after-free bug Andrey Konovalov reports that fuzz testing with syzkaller causes a KASAN use-after-free bug report in gadgetfs: BUG: KASAN: use-after-free in gadgetfs_setup+0x208a/0x20e0 at addr ffff88003dfe5bf2 Read of size 2 by task syz-executor0/22994 CPU: 3 PID: 22994 Comm: syz-executor0 Not tainted 4.9.0-rc7+ #16 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 ffff88006df06a18 ffffffff81f96aba ffffffffe0528500 1ffff1000dbe0cd6 ffffed000dbe0cce ffff88006df068f0 0000000041b58ab3 ffffffff8598b4c8 ffffffff81f96828 1ffff1000dbe0ccd ffff88006df06708 ffff88006df06748 Call Trace: [ 201.343209] [< inline >] __dump_stack lib/dump_stack.c:15 [ 201.343209] [] dump_stack+0x292/0x398 lib/dump_stack.c:51 [] kasan_object_err+0x1c/0x70 mm/kasan/report.c:159 [< inline >] print_address_description mm/kasan/report.c:197 [] kasan_report_error+0x1f0/0x4e0 mm/kasan/report.c:286 [< inline >] kasan_report mm/kasan/report.c:306 [] __asan_report_load_n_noabort+0x3a/0x40 mm/kasan/report.c:337 [< inline >] config_buf drivers/usb/gadget/legacy/inode.c:1298 [] gadgetfs_setup+0x208a/0x20e0 drivers/usb/gadget/legacy/inode.c:1368 [] dummy_timer+0x11f0/0x36d0 drivers/usb/gadget/udc/dummy_hcd.c:1858 [] call_timer_fn+0x241/0x800 kernel/time/timer.c:1308 [< inline >] expire_timers kernel/time/timer.c:1348 [] __run_timers+0xa06/0xec0 kernel/time/timer.c:1641 [] run_timer_softirq+0x21/0x80 kernel/time/timer.c:1654 [] __do_softirq+0x2fb/0xb63 kernel/softirq.c:284 The cause of the bug is subtle. The dev_config() routine gets called twice by the fuzzer. The first time, the user data contains both a full-speed configuration descriptor and a high-speed config descriptor, causing dev->hs_config to be set. But it also contains an invalid device descriptor, so the buffer containing the descriptors is deallocated and dev_config() returns an error. The second time dev_config() is called, the user data contains only a full-speed config descriptor. But dev->hs_config still has the stale pointer remaining from the first call, causing the routine to think that there is a valid high-speed config. Later on, when the driver dereferences the stale pointer to copy that descriptor, we get a use-after-free access. The fix is simple: Clear dev->hs_config if the passed-in data does not contain a high-speed config descriptor. Signed-off-by: Alan Stern Reported-by: Andrey Konovalov Tested-by: Andrey Konovalov CC: Signed-off-by: Felipe Balbi drivers/usb/gadget/legacy/inode.c | 2 ++ 1 file changed, 2 insertions(+) commit faab50984fe6636e616c7cc3d30308ba391d36fd Author: Alan Stern Date: Fri Dec 9 15:17:46 2016 -0500 USB: gadgetfs: fix unbounded memory allocation bug Andrey Konovalov reports that fuzz testing with syzkaller causes a KASAN warning in gadgetfs: BUG: KASAN: slab-out-of-bounds in dev_config+0x86f/0x1190 at addr ffff88003c47e160 Write of size 65537 by task syz-executor0/6356 CPU: 3 PID: 6356 Comm: syz-executor0 Not tainted 4.9.0-rc7+ #19 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 ffff88003c107ad8 ffffffff81f96aba ffffffff3dc11ef0 1ffff10007820eee ffffed0007820ee6 ffff88003dc11f00 0000000041b58ab3 ffffffff8598b4c8 ffffffff81f96828 ffffffff813fb4a0 ffff88003b6eadc0 ffff88003c107738 Call Trace: [< inline >] __dump_stack lib/dump_stack.c:15 [] dump_stack+0x292/0x398 lib/dump_stack.c:51 [] kasan_object_err+0x1c/0x70 mm/kasan/report.c:159 [< inline >] print_address_description mm/kasan/report.c:197 [] kasan_report_error+0x1f0/0x4e0 mm/kasan/report.c:286 [] kasan_report+0x35/0x40 mm/kasan/report.c:306 [< inline >] check_memory_region_inline mm/kasan/kasan.c:308 [] check_memory_region+0x139/0x190 mm/kasan/kasan.c:315 [] kasan_check_write+0x14/0x20 mm/kasan/kasan.c:326 [< inline >] copy_from_user arch/x86/include/asm/uaccess.h:689 [< inline >] ep0_write drivers/usb/gadget/legacy/inode.c:1135 [] dev_config+0x86f/0x1190 drivers/usb/gadget/legacy/inode.c:1759 [] __vfs_write+0x5d5/0x760 fs/read_write.c:510 [] vfs_write+0x170/0x4e0 fs/read_write.c:560 [< inline >] SYSC_write fs/read_write.c:607 [] SyS_write+0xfb/0x230 fs/read_write.c:599 [] entry_SYSCALL_64_fastpath+0x1f/0xc2 Indeed, there is a comment saying that the value of len is restricted to a 16-bit integer, but the code doesn't actually do this. This patch fixes the warning. It replaces the comment with a computation that forces the amount of data copied from the user in ep0_write() to be no larger than the wLength size for the control transfer, which is a 16-bit quantity. Signed-off-by: Alan Stern Reported-by: Andrey Konovalov Tested-by: Andrey Konovalov CC: Signed-off-by: Felipe Balbi drivers/usb/gadget/legacy/inode.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit b3ce3ce02d146841af012d08506b4071db8ffde3 Author: Baolin Wang Date: Thu Dec 8 19:55:22 2016 +0800 usb: gadget: f_fs: Fix possibe deadlock When system try to close /dev/usb-ffs/adb/ep0 on one core, at the same time another core try to attach new UDC, which will cause deadlock as below scenario. Thus we should release ffs lock before issuing unregister_gadget_item(). [ 52.642225] c1 ====================================================== [ 52.642228] c1 [ INFO: possible circular locking dependency detected ] [ 52.642236] c1 4.4.6+ #1 Tainted: G W O [ 52.642241] c1 ------------------------------------------------------- [ 52.642245] c1 usb ffs open/2808 is trying to acquire lock: [ 52.642270] c0 (udc_lock){+.+.+.}, at: [] usb_gadget_unregister_driver+0x3c/0xc8 [ 52.642272] c1 but task is already holding lock: [ 52.642283] c0 (ffs_lock){+.+.+.}, at: [] ffs_data_clear+0x30/0x140 [ 52.642285] c1 which lock already depends on the new lock. [ 52.642287] c1 the existing dependency chain (in reverse order) is: [ 52.642295] c0 -> #1 (ffs_lock){+.+.+.}: [ 52.642307] c0 [] __lock_acquire+0x20f0/0x2238 [ 52.642314] c0 [] lock_acquire+0xe4/0x298 [ 52.642322] c0 [] mutex_lock_nested+0x7c/0x3cc [ 52.642328] c0 [] ffs_func_bind+0x504/0x6e8 [ 52.642334] c0 [] usb_add_function+0x84/0x184 [ 52.642340] c0 [] configfs_composite_bind+0x264/0x39c [ 52.642346] c0 [] udc_bind_to_driver+0x58/0x11c [ 52.642352] c0 [] usb_udc_attach_driver+0x90/0xc8 [ 52.642358] c0 [] gadget_dev_desc_UDC_store+0xd4/0x128 [ 52.642369] c0 [] configfs_write_file+0xd0/0x13c [ 52.642376] c0 [] vfs_write+0xb8/0x214 [ 52.642381] c0 [] SyS_write+0x54/0xb0 [ 52.642388] c0 [] el0_svc_naked+0x24/0x28 [ 52.642395] c0 -> #0 (udc_lock){+.+.+.}: [ 52.642401] c0 [] print_circular_bug+0x84/0x2e4 [ 52.642407] c0 [] __lock_acquire+0x2138/0x2238 [ 52.642412] c0 [] lock_acquire+0xe4/0x298 [ 52.642420] c0 [] mutex_lock_nested+0x7c/0x3cc [ 52.642427] c0 [] usb_gadget_unregister_driver+0x3c/0xc8 [ 52.642432] c0 [] unregister_gadget_item+0x28/0x44 [ 52.642439] c0 [] ffs_data_clear+0x138/0x140 [ 52.642444] c0 [] ffs_data_reset+0x20/0x6c [ 52.642450] c0 [] ffs_data_closed+0xac/0x12c [ 52.642454] c0 [] ffs_ep0_release+0x20/0x2c [ 52.642460] c0 [] __fput+0xb0/0x1f4 [ 52.642466] c0 [] ____fput+0x20/0x2c [ 52.642473] c0 [] task_work_run+0xb4/0xe8 [ 52.642482] c0 [] do_exit+0x360/0xb9c [ 52.642487] c0 [] do_group_exit+0x4c/0xb0 [ 52.642494] c0 [] get_signal+0x380/0x89c [ 52.642501] c0 [] do_signal+0x154/0x518 [ 52.642507] c0 [] do_notify_resume+0x70/0x78 [ 52.642512] c0 [] work_pending+0x1c/0x20 [ 52.642514] c1 other info that might help us debug this: [ 52.642517] c1 Possible unsafe locking scenario: [ 52.642518] c1 CPU0 CPU1 [ 52.642520] c1 ---- ---- [ 52.642525] c0 lock(ffs_lock); [ 52.642529] c0 lock(udc_lock); [ 52.642533] c0 lock(ffs_lock); [ 52.642537] c0 lock(udc_lock); [ 52.642539] c1 *** DEADLOCK *** [ 52.642543] c1 1 lock held by usb ffs open/2808: [ 52.642555] c0 #0: (ffs_lock){+.+.+.}, at: [] ffs_data_clear+0x30/0x140 [ 52.642557] c1 stack backtrace: [ 52.642563] c1 CPU: 1 PID: 2808 Comm: usb ffs open Tainted: G [ 52.642565] c1 Hardware name: Spreadtrum SP9860g Board (DT) [ 52.642568] c1 Call trace: [ 52.642573] c1 [] dump_backtrace+0x0/0x170 [ 52.642577] c1 [] show_stack+0x20/0x28 [ 52.642583] c1 [] dump_stack+0xa8/0xe0 [ 52.642587] c1 [] print_circular_bug+0x1fc/0x2e4 [ 52.642591] c1 [] __lock_acquire+0x2138/0x2238 [ 52.642595] c1 [] lock_acquire+0xe4/0x298 [ 52.642599] c1 [] mutex_lock_nested+0x7c/0x3cc [ 52.642604] c1 [] usb_gadget_unregister_driver+0x3c/0xc8 [ 52.642608] c1 [] unregister_gadget_item+0x28/0x44 [ 52.642613] c1 [] ffs_data_clear+0x138/0x140 [ 52.642618] c1 [] ffs_data_reset+0x20/0x6c [ 52.642621] c1 [] ffs_data_closed+0xac/0x12c [ 52.642625] c1 [] ffs_ep0_release+0x20/0x2c [ 52.642629] c1 [] __fput+0xb0/0x1f4 [ 52.642633] c1 [] ____fput+0x20/0x2c [ 52.642636] c1 [] task_work_run+0xb4/0xe8 [ 52.642640] c1 [] do_exit+0x360/0xb9c [ 52.642644] c1 [] do_group_exit+0x4c/0xb0 [ 52.642647] c1 [] get_signal+0x380/0x89c [ 52.642651] c1 [] do_signal+0x154/0x518 [ 52.642656] c1 [] do_notify_resume+0x70/0x78 [ 52.642659] c1 [] work_pending+0x1c/0x20 Acked-by: Michal Nazarewicz Signed-off-by: Baolin Wang Signed-off-by: Felipe Balbi drivers/usb/gadget/function/f_fs.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) commit d7fd41c6dbcc547578a8a56cc52d6f2d36e505bc Author: Janusz Dziedzic Date: Thu Dec 8 10:57:34 2016 +0100 usb: dwc3: skip interrupt when ep disabled In case EP disabled pass only EPCPLT command to be handled. In other case we could hit Bug like below. BUG: unable to handle kernel NULL pointer dereference at 0000000000000003 IP: [] dwc3_thread_interrupt+0x11c8/0x1790 while dep->endpoint.desc is NULL. Signed-off-by: Janusz Dziedzic Signed-off-by: Felipe Balbi drivers/usb/dwc3/gadget.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) commit 0994b0a257557e18ee8f0b7c5f0f73fe2b54eec1 Author: Greg Kroah-Hartman Date: Tue Dec 6 08:36:29 2016 +0100 usb: gadgetfs: restrict upper bound on device configuration size Andrey Konovalov reported that we were not properly checking the upper limit before of a device configuration size before calling memdup_user(), which could cause some problems. So set the upper limit to PAGE_SIZE * 4, which should be good enough for all devices. Reported-by: Andrey Konovalov Cc: stable Signed-off-by: Greg Kroah-Hartman Signed-off-by: Felipe Balbi drivers/usb/gadget/legacy/inode.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit bcdbeb844773333d2d1c08004f3b3e25921040e5 Author: Alan Stern Date: Wed Dec 14 14:55:56 2016 -0500 USB: dummy-hcd: fix bug in stop_activity (handle ep0) The stop_activity() routine in dummy-hcd is supposed to unlink all active requests for every endpoint, among other things. But it doesn't handle ep0. As a result, fuzz testing can generate a WARNING like the following: WARNING: CPU: 0 PID: 4410 at drivers/usb/gadget/udc/dummy_hcd.c:672 dummy_free_request+0x153/0x170 Modules linked in: CPU: 0 PID: 4410 Comm: syz-executor Not tainted 4.9.0-rc7+ #32 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 ffff88006a64ed10 ffffffff81f96b8a ffffffff41b58ab3 1ffff1000d4c9d35 ffffed000d4c9d2d ffff880065f8ac00 0000000041b58ab3 ffffffff8598b510 ffffffff81f968f8 0000000041b58ab3 ffffffff859410e0 ffffffff813f0590 Call Trace: [< inline >] __dump_stack lib/dump_stack.c:15 [] dump_stack+0x292/0x398 lib/dump_stack.c:51 [] __warn+0x19f/0x1e0 kernel/panic.c:550 [] warn_slowpath_null+0x2c/0x40 kernel/panic.c:585 [] dummy_free_request+0x153/0x170 drivers/usb/gadget/udc/dummy_hcd.c:672 [] usb_ep_free_request+0xc0/0x420 drivers/usb/gadget/udc/core.c:195 [] gadgetfs_unbind+0x131/0x190 drivers/usb/gadget/legacy/inode.c:1612 [] usb_gadget_remove_driver+0x10f/0x2b0 drivers/usb/gadget/udc/core.c:1228 [] usb_gadget_unregister_driver+0x154/0x240 drivers/usb/gadget/udc/core.c:1357 This patch fixes the problem by iterating over all the endpoints in the driver's ep array instead of iterating over the gadget's ep_list, which explicitly leaves out ep0. Signed-off-by: Alan Stern Reported-by: Andrey Konovalov CC: Signed-off-by: Felipe Balbi drivers/usb/gadget/udc/dummy_hcd.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 354bc45bf329494ef6051f3229ef50b9e2a7ea2a Author: Vincent Pelletier Date: Thu Dec 15 12:47:42 2016 +0000 usb: gadget: f_fs: Fix ExtCompat descriptor validation Reserved1 is documented as expected to be set to 0, but this test fails when it it set to 0. Reverse the condition. Signed-off-by: Vincent Pelletier Signed-off-by: Felipe Balbi drivers/usb/gadget/function/f_fs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 96a420d2d37cc019d0fbb95c9f0e965fa1080e1f Author: Vincent Pelletier Date: Thu Dec 15 12:47:41 2016 +0000 usb: gadget: f_fs: Document eventfd effect on descriptor format. When FUNCTIONFS_EVENTFD flag is set, __ffs_data_got_descs reads a 32bits, little-endian value right after the fixed structure header, and passes it to eventfd_ctx_fdget. Document this. Also, rephrase a comment to be affirmative about the role of string descriptor at index 0. Ref: USB 2.0 spec paragraph "9.6.7 String", and also checked to still be current in USB 3.0 spec paragraph "9.6.9 String". Signed-off-by: Vincent Pelletier Signed-off-by: Felipe Balbi drivers/usb/gadget/function/f_fs.c | 4 ++-- include/uapi/linux/usb/functionfs.h | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) commit 7e4da3fcf7c9fe042f2f7cb7bf23861a899b4a8f Author: Krzysztof Opasiak Date: Tue Dec 20 19:52:16 2016 +0100 usb: gadget: composite: Test get_alt() presence instead of set_alt() By convention (according to doc) if function does not provide get_alt() callback composite framework should assume that it has only altsetting 0 and should respond with error if host tries to set other one. After commit dd4dff8b035f ("USB: composite: Fix bug: should test set_alt function pointer before use it") we started checking set_alt() callback instead of get_alt(). This check is useless as we check if set_alt() is set inside usb_add_function() and fail if it's NULL. Let's fix this check and move comment about why we check the get method instead of set a little bit closer to prevent future false fixes. Fixes: dd4dff8b035f ("USB: composite: Fix bug: should test set_alt function pointer before use it") Cc: stable Signed-off-by: Krzysztof Opasiak Signed-off-by: Felipe Balbi drivers/usb/gadget/composite.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) commit 51c1685d956221576e165dd88a20063b169bae5a Author: Hans de Goede Date: Tue Dec 27 13:13:42 2016 +0200 usb: dwc3: pci: Fix dr_mode misspelling usb_get_dr_mode() expects the device-property to be spelled "dr_mode" not "dr-mode". Spelling it properly fixes the following warning showing up in dmesg: [ 8704.500545] dwc3 dwc3.2.auto: Configuration mismatch. dr_mode forced to gadget Signed-off-by: Hans de Goede drivers/usb/dwc3/dwc3-pci.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit e71d363d9c611c99fb78f53bfee99616e7fe352c Author: Felipe Balbi Date: Fri Dec 23 14:40:40 2016 +0200 usb: dwc3: core: avoid Overflow events Now that we're handling so many transfers at a time and for some dwc3 revisions LPM events *must* be enabled, we can fall into a situation where too many events fire and we start receiving Overflow events. Let's do what XHCI does and allocate a full page for the Event Ring, this will avoid any future issues. Cc: # v4.9 Signed-off-by: Felipe Balbi drivers/usb/dwc3/core.h | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) commit d62145929992f331fdde924d5963ab49588ccc7d Author: Felipe Balbi Date: Tue Dec 20 14:14:40 2016 +0200 usb: dwc3: gadget: always unmap EP0 requests commit 0416e494ce7d ("usb: dwc3: ep0: correct cache sync issue in case of ep0_bounced") introduced a bug where we would leak DMA resources which would cause us to starve the system of them resulting in failing DMA transfers. Fix the bug by making sure that we always unmap EP0 requests since those are *always* mapped. Fixes: 0416e494ce7d ("usb: dwc3: ep0: correct cache sync issue in case of ep0_bounced") Cc: Tested-by: Tomasz Medrek Reported-by: Janusz Dziedzic Signed-off-by: Felipe Balbi drivers/usb/dwc3/gadget.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 19ec31230eb3084431bc2e565fd085f79f564274 Author: Felipe Balbi Date: Tue Dec 20 14:08:48 2016 +0200 usb: dwc3: ep0: explicitly call dwc3_ep0_prepare_one_trb() Let's call dwc3_ep0_prepare_one_trb() explicitly because there are occasions where we will need more than one TRB to handle an EP0 transfer. A follow-up patch will fix one bug related to multiple-TRB Data Phases when it comes to mapping/unmapping requests for DMA. Cc: Reported-by: Janusz Dziedzic Signed-off-by: Felipe Balbi drivers/usb/dwc3/ep0.c | 28 +++++++++++++++------------- 1 file changed, 15 insertions(+), 13 deletions(-) commit 7931ec86c1b738e4e90e58c6d95e5f720d45ee56 Author: Felipe Balbi Date: Tue Dec 20 13:57:32 2016 +0200 usb: dwc3: ep0: add dwc3_ep0_prepare_one_trb() For now this is just a cleanup patch, no functional changes. We will be using the new function to fix a bug introduced long ago by commit 0416e494ce7d ("usb: dwc3: ep0: correct cache sync issue in case of ep0_bounced") and further worsened by commit c0bd5456a470 ("usb: dwc3: ep0: handle non maxpacket aligned transfers > 512") Cc: Reported-by: Janusz Dziedzic Signed-off-by: Felipe Balbi drivers/usb/dwc3/ep0.c | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) commit efc95b2ca42424de222119a3a260624f3a050f8e Author: Stefan Wahren Date: Sun Nov 20 21:26:05 2016 +0000 usb: dwc2: gadget: fix default value for gadget-dma-desc The current default for gadget DMA descriptor results on bcm2835 in a unnecessary error message: Invalid value 1 for param gadget-dma-desc So fix this by using hw->dma_desc_enable as default value. Fixes: dec4b55677e ("usb: dwc2: gadget: Add descriptor DMA parameter") Acked-by: John Youn Signed-off-by: Stefan Wahren Signed-off-by: Felipe Balbi drivers/usb/dwc2/params.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 6118d0647b10eaca06b278dee2022602d8f2f07a Author: Stefan Wahren Date: Sun Nov 20 21:26:04 2016 +0000 usb: dwc2: fix default value for DMA support The current defaults for DMA results on a non-DMA platform in a unnecessary error message: Invalid value 0 for param gadget-dma So fix this by using dma_capable as default value. Fixes: 9962b62f1be ("usb: dwc2: Deprecate g-use-dma binding") Acked-by: John Youn Signed-off-by: Stefan Wahren Signed-off-by: Felipe Balbi drivers/usb/dwc2/params.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit de02238d6a7982a71682fe8da2996993a5a5eee7 Author: Stefan Wahren Date: Sun Nov 20 21:26:03 2016 +0000 usb: dwc2: fix dwc2_get_device_property for u8 and u16 According to the Devicetree ePAPR [1] the datatypes u8 and u16 are not defined. So using device_property_read_u16() would result in a partial read of a 32-bit big-endian integer which is not intended. So we better read the complete 32-bit value. This fixes a regression on bcm2835 where the values for g-rx-fifo-size and g-np-tx-fifo-size always read as zero: Invalid value 0 for param g-rx-fifo-size Invalid value 0 for param g-np-tx-fifo-size [1] - http://elinux.org/images/c/cf/Power_ePAPR_APPROVED_v1.1.pdf Fixes: 05ee799f202 ("usb: dwc2: Move gadget settings into core_params") Acked-by: John Youn Signed-off-by: Stefan Wahren Signed-off-by: Felipe Balbi drivers/usb/dwc2/params.c | 12 ------------ 1 file changed, 12 deletions(-) commit f3419735279564d40467ebe4147d8a41cef00685 Author: Stefan Wahren Date: Sun Nov 20 21:26:02 2016 +0000 usb: dwc2: Do not set host parameter in peripheral mode Since commit "usb: dwc2: Improve handling of host and device hwparams" the host mode specific hardware parameter aren't initialized in peripheral mode from the register settings anymore. So we better do not set them in this case which avoids the following warnings on bcm2835: 256 invalid for host_nperio_tx_fifo_size. Check HW configuration. 512 invalid for host_perio_tx_fifo_size. Check HW configuration. Fixes: 55e1040e424b ("usb: dwc2: Improve handling of host and device hwparams") Acked-by: John Youn Signed-off-by: Stefan Wahren Signed-off-by: Felipe Balbi drivers/usb/dwc2/params.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) commit a2724663494f7313f53da10d8c0a729c5e3c4dea Author: Hauke Mehrtens Date: Mon Dec 5 22:14:37 2016 +0100 mtd: nand: xway: fix build because of module functions Remove the usage of modules functions to make this driver compile again. Otherwise an include of linux/modules.h would be needed. Fixes: 024366750c2e ("mtd: nand: xway: convert to normal platform driver") Cc: Signed-off-by: Hauke Mehrtens Signed-off-by: Boris Brezillon drivers/mtd/nand/xway_nand.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) commit 73529c872a189c747bdb528ce9b85b67b0e28dec Author: Hauke Mehrtens Date: Mon Dec 5 22:14:36 2016 +0100 mtd: nand: xway: disable module support The xway_nand driver accesses the ltq_ebu_membase symbol which is not exported. This also should not get exported and we should handle the EBU interface in a better way later. This quick fix just deactivated support for building as module. Fixes: 99f2b107924c ("mtd: lantiq: Add NAND support on Lantiq XWAY SoC.") Cc: Signed-off-by: Hauke Mehrtens Signed-off-by: Boris Brezillon drivers/mtd/nand/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d7da1ccfa2c26d54230ee6aae28902dd10b325a7 Author: Vladimir Murzin Date: Fri Dec 2 15:05:38 2016 +0000 ARM: i.MX: remove map_io callback There is no need to define map_io only for debug_ll_io_init() since it is already called in devicemaps_init() if map_io is NULL. Apart from that, for NOMMU build debug_ll_io_init() is a nop which leads to following error: CC arch/arm/mach-imx/mach-imx1.o arch/arm/mach-imx/mach-imx1.c:40:13: error: 'debug_ll_io_init' undeclared here (not in a function) .map_io = debug_ll_io_init, ^ make[1]: *** [arch/arm/mach-imx/mach-imx1.o] Error 1 Cc: Alexander Shiyan Cc: Sascha Hauer Cc: Fabio Estevam Signed-off-by: Vladimir Murzin Signed-off-by: Shawn Guo arch/arm/mach-imx/mach-imx1.c | 1 - 1 file changed, 1 deletion(-) commit 4c51de4570d6881e2a4a7f56d55385336de0bd51 Author: Andreas Färber Date: Sun Nov 27 20:54:44 2016 +0100 ARM: dts: vf610-zii-dev-rev-b: Add missing newline Found while reviewing Marvell dsa bindings usage. Fixes: f283745b3caf ("arm: vf610: zii devel b: Add support for switch interrupts") Cc: Andrew Lunn Cc: David S. Miller Signed-off-by: Andreas Färber Reviewed-by: Andrew Lunn Signed-off-by: Shawn Guo arch/arm/boot/dts/vf610-zii-dev-rev-b.dts | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit db9e188674ec53fe7bf7d9322ffb0256974c8ec7 Author: Gary Bisson Date: Fri Nov 25 00:42:47 2016 +0100 ARM: dts: imx6qdl-nitrogen6x: remove duplicate iomux entry The NANDF_CS2 pad is also part of the wlan-vmmcgrp iomux group. Removing is from the usdhc2grp group avoids the following error: imx6q-pinctrl 20e0000.iomuxc: pin MX6Q_PAD_NANDF_CS2 already requested by regulators:regulator@4; cannot claim for 2194000.usdhc imx6q-pinctrl 20e0000.iomuxc: pin-187 (2194000.usdhc) status -22 imx6q-pinctrl 20e0000.iomuxc: could not request pin 187 (MX6Q_PAD_NANDF_CS2) from group usdhc2grp on device 20e0000.iomuxc Signed-off-by: Gary Bisson Signed-off-by: Shawn Guo arch/arm/boot/dts/imx6qdl-nitrogen6x.dtsi | 1 - 1 file changed, 1 deletion(-) commit af92305e567b7f4c9cf48b9e46c1f48ec9ffb1fb Author: Vladimir Zapolskiy Date: Thu Nov 17 03:30:51 2016 +0200 ARM: dts: imx31: fix AVIC base address On i.MX31 AVIC interrupt controller base address is at 0x68000000. The problem was shadowed by the AVIC driver, which takes the correct base address from a SoC specific header file. Fixes: d2a37b3d91f4 ("ARM i.MX31: Add devicetree support") Signed-off-by: Vladimir Zapolskiy Reviewed-by: Fabio Estevam Signed-off-by: Shawn Guo arch/arm/boot/dts/imx31.dtsi | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 75bdc7f31a3a6e9a12e218b31a44a1f54a91554c Author: Christophe JAILLET Date: Mon Dec 19 06:33:51 2016 +0100 dmaengine: ti-dma-crossbar: Add some 'of_node_put()' in error path. Add some missing 'of_node_put()' in early exit error path. Signed-off-by: Christophe JAILLET Signed-off-by: Vinod Koul drivers/dma/ti-dma-crossbar.c | 2 ++ 1 file changed, 2 insertions(+) commit 57b5a32135c813f2ab669039fb4ec16b30cb3305 Author: M'boumba Cedric Madianga Date: Tue Dec 13 14:40:46 2016 +0100 dmaengine: stm32-dma: Fix null pointer dereference in stm32_dma_tx_status chan->desc is always set to NULL when a DMA transfer is complete. As a DMA transfer could be complete during the call of stm32_dma_tx_status, we need to be sure that chan->desc is not NULL before using this variable to avoid a null pointer deference issue. Signed-off-by: M'boumba Cedric Madianga Reviewed-by: Ludovic BARRE Signed-off-by: Vinod Koul drivers/dma/stm32-dma.c | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) commit 7e96304d99477de1f70db42035071e56439da817 Author: M'boumba Cedric Madianga Date: Tue Dec 13 14:40:43 2016 +0100 dmaengine: stm32-dma: Set correct args number for DMA request from DT This patch sets the right number of arguments to be used for DMA clients which request channels from DT. Signed-off-by: M'boumba Cedric Madianga Reviewed-by: Ludovic BARRE Signed-off-by: Vinod Koul drivers/dma/stm32-dma.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) commit eb7903bb83cc1db31a9124d4cc8a1bddebe26e33 Merge: 4200462 a9b2dff Author: David S. Miller Date: Sun Jan 1 22:07:25 2017 -0500 Merge branch 'l2tp-socket-lookup-fixes' Guillaume Nault says: ==================== l2tp: socket lookup fixes for l2tp_ip and l2tp_ip6 There are still some cases that aren't correctly handled in the socket lookup functions of l2tp_ip and l2tp_ip6. This series fixes lookups for connected sockets and for sockets bound to the IPv6 unspecified address. bind() and connect() should now work as expected on IPPROTO_L2TP sockets. Extra features, like SO_REUSEADDR, remain unsupported. The matching conditions in __l2tp_ip6_bind_lookup() and __l2tp_ip_bind_lookup() are getting hard to read. I've kept the single test approach to make the intend of the patches clear. I'll split the conditionals once these fixes reach net-next. ==================== Signed-off-by: David S. Miller commit a9b2dff80be979432484afaf7f8d8e73f9e8838a Author: Guillaume Nault Date: Fri Dec 30 19:48:20 2016 +0100 l2tp: take remote address into account in l2tp_ip and l2tp_ip6 socket lookups For connected sockets, __l2tp_ip{,6}_bind_lookup() needs to check the remote IP when looking for a matching socket. Otherwise a connected socket can receive traffic not originating from its peer. Drop l2tp_ip_bind_lookup() and l2tp_ip6_bind_lookup() instead of updating their prototype, as these functions aren't used. Signed-off-by: Guillaume Nault Signed-off-by: David S. Miller net/l2tp/l2tp_ip.c | 19 ++++++------------- net/l2tp/l2tp_ip6.c | 20 ++++++-------------- 2 files changed, 12 insertions(+), 27 deletions(-) commit 97b84fd6d91766ea57dcc350d78f42639e011c30 Author: Guillaume Nault Date: Fri Dec 30 19:48:19 2016 +0100 l2tp: consider '::' as wildcard address in l2tp_ip6 socket lookup An L2TP socket bound to the unspecified address should match with any address. If not, it can't receive any packet and __l2tp_ip6_bind_lookup() can't prevent another socket from binding on the same device/tunnel ID. While there, rename the 'addr' variable to 'sk_laddr' (local addr), to make following patch clearer. Signed-off-by: Guillaume Nault Signed-off-by: David S. Miller net/l2tp/l2tp_ip6.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 4200462d88f47f3759bdf4705f87e207b0f5b2e4 Author: Reiter Wolfgang Date: Sat Dec 31 21:11:57 2016 +0100 drop_monitor: add missing call to genlmsg_end Update nlmsg_len field with genlmsg_end to enable userspace processing using nlmsg_next helper. Also adds error handling. Signed-off-by: Reiter Wolfgang Acked-by: Neil Horman Signed-off-by: David S. Miller net/core/drop_monitor.c | 33 ++++++++++++++++++++++++--------- 1 file changed, 24 insertions(+), 9 deletions(-) commit 1032471b3ec823bce7687034ac5af78a8ac99a9c Author: Jean Delvare Date: Thu Dec 15 11:43:30 2016 +0100 dmaengine: dw: fix typo in Kconfig platfroms -> platforms Signed-off-by: Jean Delvare Fixes: fed42c198b45 ("dma: dw: add PCI part of the driver") Cc: Viresh Kumar Acked-by: Andy Shevchenko Signed-off-by: Vinod Koul drivers/dma/dw/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 34a31f0af84158955a9747fb5c6712da5bbb5331 Author: Dave Jiang Date: Tue Dec 13 11:15:27 2016 -0700 dmaengine: ioatdma: workaround SKX ioatdma version The Skylake ioatdma is technically CBDMA 3.2+ and contains the same hardware bits with some additional 3.3 features, but it's not really 3.3 where the driver is concerned. Signed-off-by: Dave Jiang Signed-off-by: Vinod Koul drivers/dma/ioat/init.c | 2 ++ 1 file changed, 2 insertions(+) commit 1594c18fd297a8edcc72bc4b161f3f52603ebb92 Author: Dave Jiang Date: Tue Dec 13 11:15:21 2016 -0700 dmaengine: ioatdma: Add Skylake PCI Dev ID Adding Skylake Xeon PCI device ids for ioatdma and related bits. Signed-off-by: Dave Jiang Signed-off-by: Vinod Koul drivers/dma/ioat/hw.h | 2 ++ drivers/dma/ioat/init.c | 9 ++++++++- 2 files changed, 10 insertions(+), 1 deletion(-) commit 086cc1c31a0ec075dac02425367c871bb65bc2c9 Author: Stafford Horne Date: Wed Dec 14 21:27:57 2016 +0900 openrisc: Add _text symbol to fix ksym build error The build robot reports: .tmp_kallsyms1.o: In function `kallsyms_relative_base': >> (.rodata+0x8a18): undefined reference to `_text' This is when using 'make alldefconfig'. Adding this _text symbol to mark the start of the kernel as in other architecture fixes this. Signed-off-by: Stafford Horne Acked-by: Jonas Bonn arch/openrisc/kernel/vmlinux.lds.S | 2 ++ 1 file changed, 2 insertions(+) commit 0c744ea4f77d72b3dcebb7a8f2684633ec79be88 Author: Linus Torvalds Date: Sun Jan 1 14:31:53 2017 -0800 Linux 4.10-rc2 Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 4759d386d55fef452d692bf101167914437e848e Merge: 238d1d0 1db1754 Author: Linus Torvalds Date: Sun Jan 1 12:27:05 2017 -0800 Merge branch 'libnvdimm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm Pull DAX updates from Dan Williams: "The completion of Jan's DAX work for 4.10. As I mentioned in the libnvdimm-for-4.10 pull request, these are some final fixes for the DAX dirty-cacheline-tracking invalidation work that was merged through the -mm, ext4, and xfs trees in -rc1. These patches were prepared prior to the merge window, but we waited for 4.10-rc1 to have a stable merge base after all the prerequisites were merged. Quoting Jan on the overall changes in these patches: "So I'd like all these 6 patches to go for rc2. The first three patches fix invalidation of exceptional DAX entries (a bug which is there for a long time) - without these patches data loss can occur on power failure even though user called fsync(2). The other three patches change locking of DAX faults so that ->iomap_begin() is called in a more relaxed locking context and we are safe to start a transaction there for ext4" These have received a build success notification from the kbuild robot, and pass the latest libnvdimm unit tests. There have not been any -next releases since -rc1, so they have not appeared there" * 'libnvdimm-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm: ext4: Simplify DAX fault path dax: Call ->iomap_begin without entry lock during dax fault dax: Finish fault completely when loading holes dax: Avoid page invalidation races and unnecessary radix tree traversals mm: Invalidate DAX radix tree entries only if appropriate ext2: Return BH_New buffers for zeroed blocks commit e1a3a60a2ebe991605acb14cd58e39c0545e174e Author: Eric Biggers Date: Fri Dec 30 17:42:32 2016 -0600 net: socket: don't set sk_uid to garbage value in ->setattr() ->setattr() was recently implemented for socket files to sync the socket inode's uid to the new 'sk_uid' member of struct sock. It does this by copying over the ia_uid member of struct iattr. However, ia_uid is actually only valid when ATTR_UID is set in ia_valid, indicating that the uid is being changed, e.g. by chown. Other metadata operations such as chmod or utimes leave ia_uid uninitialized. Therefore, sk_uid could be set to a "garbage" value from the stack. Fix this by only copying the uid over when ATTR_UID is set. Fixes: 86741ec25462 ("net: core: Add a UID field to struct sock.") Signed-off-by: Eric Biggers Tested-by: Lorenzo Colitti Acked-by: Lorenzo Colitti Signed-off-by: David S. Miller net/socket.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit ab51e6ba0059f92036a08e41ba5cc70e77ce02df Author: Augusto Mecking Caringi Date: Fri Dec 30 11:34:08 2016 +0000 PM / domains: Fix 'may be used uninitialized' build warning This patch fixes the following gcc warning: drivers/base/power/domain.c: In function ‘genpd_runtime_resume’: drivers/base/power/domain.c:642:14: warning: ‘time_start’ may be used uninitialized in this function [-Wmaybe-uninitialized] elapsed_ns = ktime_to_ns(ktime_sub(ktime_get(), time_start) The same problem (in another function in this same file) was fixed in commit d33d5a6c88fc (avoid spurious "may be used uninitialized" warning) Signed-off-by: Augusto Mecking Caringi Signed-off-by: Rafael J. Wysocki drivers/base/power/domain.c | 1 + 1 file changed, 1 insertion(+) commit 111b8b3fe4fae35d4a85e9f524b077f5c4951e65 Author: Rafael J. Wysocki Date: Fri Dec 30 15:58:21 2016 +0100 cpufreq: intel_pstate: Always keep all limits settings in sync Make intel_pstate update per-logical-CPU limits when the global settings are changed to ensure that they are always in sync and users will not see confusing values in per-logical-CPU sysfs attributes. This also fixes the problem that setting the "no_turbo" global attribute to 1 in the "passive" mode (ie. when intel_pstate acts as a regular cpufreq driver) when scaling_governor is set to "performance" has no effect. Signed-off-by: Rafael J. Wysocki Acked-by: Srinivas Pandruvada drivers/cpufreq/intel_pstate.c | 30 ++++++++++++++---------------- 1 file changed, 14 insertions(+), 16 deletions(-) commit cad30467963267509d5b0d7d3c9bd1af3b91e720 Author: Rafael J. Wysocki Date: Fri Dec 30 15:57:11 2016 +0100 cpufreq: intel_pstate: Use locking in intel_cpufreq_verify_policy() Race conditions are possible if intel_cpufreq_verify_policy() is executed in parallel with global limits updates from sysfs, so the invocation of intel_pstate_update_perf_limits() in it should be carried out under intel_pstate_limits_lock. Make that happen. Signed-off-by: Rafael J. Wysocki Acked-by: Srinivas Pandruvada drivers/cpufreq/intel_pstate.c | 4 ++++ 1 file changed, 4 insertions(+) commit aa439248ab71bcd2d26a01708dead4dd56616499 Author: Rafael J. Wysocki Date: Fri Dec 30 15:56:14 2016 +0100 cpufreq: intel_pstate: Use locking in intel_pstate_resume() Theoretically, intel_pstate_resume() may be executed in parallel with intel_pstate_set_policy(), if the latter is invoked via cpufreq_update_policy() as a result of a notification, so use intel_pstate_limits_lock in there too to avoid race conditions. Signed-off-by: Rafael J. Wysocki Acked-by: Srinivas Pandruvada drivers/cpufreq/intel_pstate.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) commit 88e20c74ee020f9e0c99dfce0dd9aa61c3f0cca0 Author: Stefan Wahren Date: Tue Dec 27 18:29:57 2016 +0000 irqchip/mxs: Enable SKIP_SET_WAKE and MASK_ON_SUSPEND The ICOLL controller doesn't provide any facility to configure the wakeup sources. That's the reason why this implementation lacks the irq_set_wake implementation. But this prevent us from properly entering power management states like "suspend to idle". So enable the flags IRQCHIP_SKIP_SET_WAKE and IRQCHIP_MASK_ON_SUSPEND to let the irqchip core allows and handles the power management. Signed-off-by: Stefan Wahren Reviewed-by: Fabio Estevam Link: https://lkml.kernel.org/r/1482863397-11400-1-git-send-email-stefan.wahren@i2se.com Signed-off-by: Jason Cooper drivers/irqchip/irq-mxs.c | 4 ++++ 1 file changed, 4 insertions(+) commit a1792cda51300e15b03549cccf0b09f3be82e697 Author: John Hsu Date: Tue Dec 20 12:03:09 2016 +0800 ASoC: nau8825: fix invalid configuration in Pre-Scalar of FLL The clk_ref_div is not configured in the correct position of the register. The patch fixes that clk_ref_div, Pre-Scalar, is assigned the wrong value. Signed-off-by: John Hsu Signed-off-by: Mark Brown sound/soc/codecs/nau8825.c | 3 ++- sound/soc/codecs/nau8825.h | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) commit a33b56a6a824fa5cd89c74f85cbeb9af1dcef87e Author: John Hsu Date: Tue Dec 20 16:47:06 2016 +0800 ASoC: nau8825: correct the function name of register Change to correct name of the register function. Signed-off-by: John Hsu Signed-off-by: Mark Brown sound/soc/codecs/nau8825.c | 6 +++--- sound/soc/codecs/nau8825.h | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) commit 91ce54978ccece323aa6df930249ff84a7d233c7 Author: G Kranthi Date: Tue Dec 20 12:46:45 2016 +0530 ASoC: Intel: Skylake: Fix to fail safely if module not available in path If a module is not available in a pipeline, fail safely rather than causing oops. Signed-off-by: G Kranthi Signed-off-by: Subhransu S. Prusty Signed-off-by: Mark Brown sound/soc/intel/skylake/skl-pcm.c | 3 +++ 1 file changed, 3 insertions(+) commit 13288bdf4adbaa6bd1267f10044c1bc25d90ce7f Author: Phil Reid Date: Thu Dec 22 17:18:12 2016 +0800 spi: dw: Make debugfs name unique between instances Some system have multiple dw devices. Currently the driver uses a fixed name for the debugfs dir. Append dev name to the debugfs dir name to make it unique. Signed-off-by: Phil Reid Signed-off-by: Mark Brown drivers/spi/spi-dw.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit 63c3194b82530bd71fd49db84eb7ab656b8d404a Author: Peter Ujfalusi Date: Fri Dec 23 11:21:10 2016 +0200 ASoC: tlv320aic3x: Mark the RESET register as volatile The RESET register only have one self clearing bit and it should not be cached. If it is cached, when we sync the registers back to the chip we will initiate a software reset as well, which is not desirable. Signed-off-by: Peter Ujfalusi Reviewed-by: Jarkko Nikula Signed-off-by: Mark Brown sound/soc/codecs/tlv320aic3x.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) commit 2f884e6e688a0deb69e6c9552e51aef8b7e3f5f1 Author: Strashko, Grygorii Date: Thu Dec 8 17:33:10 2016 -0600 irqchip/keystone: Fix "scheduling while atomic" on rt The below call chain generates "scheduling while atomic" backtrace and causes system crash when Keystone 2 IRQ chip driver is used with RT-kernel: gic_handle_irq() |-__handle_domain_irq() |-generic_handle_irq() |-keystone_irq_handler() |-regmap_read() |-regmap_lock_spinlock() |-rt_spin_lock() The reason is that Keystone driver dispatches IRQ using chained IRQ handler and accesses I/O memory through syscon->regmap(mmio) which is implemented as fast_io regmap and uses regular spinlocks for synchronization, but spinlocks transformed to rt_mutexes on RT. Hence, convert Keystone 2 IRQ driver to use generic irq handler instead of chained IRQ handler. This way it will be compatible with RT kernel where it will be forced thread IRQ handler while in non-RT kernel it still will be executed in HW IRQ context. Cc: Suman Anna Signed-off-by: Grygorii Strashko Tested-by: Suman Anna Link: https://lkml.kernel.org/r/20161208233310.10329-1-grygorii.strashko@ti.com Signed-off-by: Jason Cooper drivers/irqchip/irq-keystone.c | 28 +++++++++++++++++++--------- 1 file changed, 19 insertions(+), 9 deletions(-) commit d2e3a1358c37cd82eef92b5e908b4f0472194481 Author: Sylwester Nawrocki Date: Thu Dec 29 14:11:21 2016 +0100 ASoC: Fix binding and probing of auxiliary components Currently binding of auxiliary devices doesn't work as in soc_bind_aux_dev() function a bound component is not being added to any list and in soc_probe_aux_devices() we are trying to walk the component_dev_list list to probe auxiliary components but at that time this list doesn't contain any auxiliary components since they are being added to the card only in soc_probe_component(). This patch adds a list to the card where are stored bound but not probed auxiliary devices, so that all aux devices can be probed. Fixes: 1a653aa44725 "ASoC: core: replace aux_comp_list to component_dev_list" Signed-off-by: Sylwester Nawrocki Signed-off-by: Mark Brown include/sound/soc.h | 3 +++ sound/soc/soc-core.c | 10 +++++----- 2 files changed, 8 insertions(+), 5 deletions(-) commit 65e4345c8ef8811bbb4860fe5f2df10646b7f2e1 Author: Linus Walleij Date: Fri Dec 30 23:54:18 2016 +0100 iio: accel: st_accel: fix LIS3LV02 reading and scaling The LIS3LV02 has a special bit that need to be set to get the read values left aligned. Before this patch we get gibberish like this: iio_generic_buffer -a -c10 -n lis3lv02dl_accel (...) 0.000000 -0.010042 -0.642688 19155832931907 0.000000 -0.010042 -0.642688 19155858751073 Which is because we read a raw value for 1g as 64 which is the nominal 1024 for 1g shifted 4 bits to the left by being right-aligned rather than left aligned. Since all other sensors are left aligned, add some code to set the special DAS (data alignment setting) bit to 1 so that the right value is now read like this: iio_generic_buffer -a -c10 -n lis3lv02dl_accel (...) 0.000000 -0.147095 -10.120135 24761614364956 -0.029419 -0.176514 -10.120135 24761631624540 The scaling was weird as well: we have a gain of 1000 for 1g and 3000 for 6g. I don't even remember how I came up with the old values but they are wrong. Fixes: 3acddf74f807 ("iio: st-sensors: add support for lis3lv02d accelerometer") Cc: Lorenzo Bianconi Cc: Giuseppe Barba Cc: Denis Ciocca Signed-off-by: Linus Walleij Signed-off-by: Jonathan Cameron drivers/iio/accel/st_accel_core.c | 12 ++++++++++-- drivers/iio/common/st_sensors/st_sensors_core.c | 9 +++++++++ include/linux/iio/common/st_sensors.h | 12 ++++++++++++ 3 files changed, 31 insertions(+), 2 deletions(-) commit 65c8aea07de11b6507efa175edb44bd8b4488218 Author: Lorenzo Bianconi Date: Wed Nov 16 22:15:28 2016 +0100 iio: common: st_sensors: fix channel data parsing Using realbits as i2c/spi read len, when that value is not byte aligned (e.g 12 bits), lead to skip msb part of out data registers. Fix this taking into account scan_type.shift in addition to scan_type.realbits as read length: read_len = DIV_ROUND_UP(realbits + shift, 8) This fix has been tested on 8, 12, 16, 24 bit sensors Fixes: e7385de5291e ("iio:st_sensors: align on storagebits boundaries") Signed-off-by: Lorenzo Bianconi Tested-by: Linus Walleij Cc: Signed-off-by: Jonathan Cameron drivers/iio/common/st_sensors/st_sensors_buffer.c | 4 +++- drivers/iio/common/st_sensors/st_sensors_core.c | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) commit 42d97eb0ade31e1bc537d086842f5d6e766d9d51 Author: Eric Biggers Date: Mon Dec 19 14:20:13 2016 -0800 fscrypt: fix renaming and linking special files Attempting to link a device node, named pipe, or socket file into an encrypted directory through rename(2) or link(2) always failed with EPERM. This happened because fscrypt_has_permitted_context() saw that the file was unencrypted and forbid creating the link. This behavior was unexpected because such files are never encrypted; only regular files, directories, and symlinks can be encrypted. To fix this, make fscrypt_has_permitted_context() always return true on special files. This will be covered by a test in my encryption xfstests patchset. Fixes: 9bd8212f981e ("ext4 crypto: add encryption policy and password salt support") Signed-off-by: Eric Biggers Reviewed-by: Richard Weinberger Cc: stable@vger.kernel.org Signed-off-by: Theodore Ts'o fs/crypto/policy.c | 5 +++++ 1 file changed, 5 insertions(+) commit b4e8a0eb718749455601fa7b283febc42cca8957 Author: Akinobu Mita Date: Thu Dec 29 02:16:36 2016 +0900 iio: max44000: correct value in illuminance_integration_time_available According to the datasheet, the shortest available integration time for ALS ADC conversion is 1.5625ms but illuminance_integration_time_available sysfs file shows wrong value. Cc: Crestez Dan Leonard Cc: Jonathan Cameron Cc: Hartmut Knaack Cc: Lars-Peter Clausen Cc: Peter Meerwald-Stadler Signed-off-by: Akinobu Mita Fixes: d5d8f49b6 ("max44000: Expose ambient sensor scaling") Cc: Signed-off-by: Jonathan Cameron drivers/iio/light/max44000.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 1a38de880992764d4bd5bccbd306b87d860e377d Author: Kishon Vijay Abraham I Date: Fri Dec 30 13:37:20 2016 +0530 ARM: dts: am572x-idk: Add gpios property to control PCIE_RESETn Add 'gpios' property to pcie1 dt node and populate it with GPIO3_23 in order to drive PCIE_RESETn high. This gets PCIe cards to be detected in AM572X IDK board. Signed-off-by: Kishon Vijay Abraham I Signed-off-by: Tony Lindgren arch/arm/boot/dts/am572x-idk.dts | 4 ++++ 1 file changed, 4 insertions(+) commit 238d1d0f79f619d75c2cc741d6770fb0986aef24 Merge: f3de082 36f671b Author: Linus Torvalds Date: Fri Dec 30 09:32:26 2016 -0800 Merge tag 'docs-4.10-rc1-fix' of git://git.lwn.net/linux Pull documentation fixes from Jonathan Corbet: "Two small fixes: - A merge error on my part broke the DocBook build. I've requisitioned one of tglx's frozen sharks for appropriate disciplinary action and resolved to be more careful about testing the DocBook stuff as long as it's still around. - Fix an error in unaligned-memory-access.txt" * tag 'docs-4.10-rc1-fix' of git://git.lwn.net/linux: Documentation/unaligned-memory-access.txt: fix incorrect comparison operator docs: Fix build failure commit f3de082c12e5e9ff43c58a7561f6ec3272d03a48 Merge: 98473f9 02608e0 Author: Linus Torvalds Date: Fri Dec 30 09:29:50 2016 -0800 Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 Pull crypto fix from Herbert Xu: "This fixes a boot failure on some platforms when crypto self test is enabled along with the new acomp interface" * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: crypto: testmgr - Use heap buffer for acomp test input commit 14221cc45caad2fcab3a8543234bb7eda9b540d5 Author: Artur Molchanov Date: Fri Dec 30 19:46:36 2016 +0300 bridge: netfilter: Fix dropping packets that moving through bridge interface Problem: br_nf_pre_routing_finish() calls itself instead of br_nf_pre_routing_finish_bridge(). Due to this bug reverse path filter drops packets that go through bridge interface. User impact: Local docker containers with bridge network can not communicate with each other. Fixes: c5136b15ea36 ("netfilter: bridge: add and use br_nf_hook_thresh") Signed-off-by: Artur Molchanov Acked-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso net/bridge/br_netfilter_hooks.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit b1448ea9cd95868e3e91313b643818d18917b382 Author: Geert Uytterhoeven Date: Wed Dec 14 13:30:24 2016 +0100 iio: adc: TI_AM335X_ADC should depend on HAS_DMA If NO_DMA=y: ERROR: "bad_dma_ops" [drivers/iio/adc/ti_am335x_adc.ko] undefined! Add a dependency on HAS_DMA to fix this. Signed-off-by: Geert Uytterhoeven Fixes: f438b9da (" drivers: iio: ti_am335x_adc: add dma support") Cc: Signed-off-by: Jonathan Cameron drivers/iio/adc/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 1dff32d7df7ff5d80194ebce7ab5755b32564e13 Author: Sudeep Holla Date: Tue Dec 13 14:24:53 2016 +0000 arm64: dts: vexpress: Support GICC_DIR operations The GICv2 CPU interface registers span across 8K, not 4K as indicated in the DT. Only the GICC_DIR register is located after the initial 4K boundary, leaving a functional system but without support for separately EOI'ing and deactivating interrupts. After this change the system supports split priority drop and interrupt deactivation. This patch is based on similar one from Christoffer Dall: commit 368400e242dc ("ARM: dts: vexpress: Support GICC_DIR operations") Signed-off-by: Sudeep Holla arch/arm64/boot/dts/arm/rtsm_ve-aemv8a.dts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 45e869714489431625c569d21fc952428d761476 Author: Arnd Bergmann Date: Fri Dec 30 08:13:47 2016 -0700 vfio-pci: use 32-bit comparisons for register address for gcc-4.5 Using ancient compilers (gcc-4.5 or older) on ARM, we get a link failure with the vfio-pci driver: ERROR: "__aeabi_lcmp" [drivers/vfio/pci/vfio-pci.ko] undefined! The reason is that the compiler tries to do a comparison of a 64-bit range. This changes it to convert to a 32-bit number explicitly first, as newer compilers do for themselves. Signed-off-by: Arnd Bergmann Signed-off-by: Alex Williamson drivers/vfio/pci/vfio_pci_rdwr.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit 99e3123e3d72616a829dad6d25aa005ef1ef9b13 Author: Alex Williamson Date: Fri Dec 30 08:13:44 2016 -0700 vfio-mdev: Make mdev_device private and abstract interfaces Abstract access to mdev_device so that we can define which interfaces are public rather than relying on comments in the structure. Cc: Zhenyu Wang Cc: Zhi Wang Signed-off-by: Alex Williamson Reviewed-by: Jike Song Reviewed by: Kirti Wankhede drivers/gpu/drm/i915/gvt/kvmgt.c | 18 +++++++++--------- drivers/vfio/mdev/mdev_core.c | 30 ++++++++++++++++++++++++++++++ drivers/vfio/mdev/mdev_private.h | 13 +++++++++++++ include/linux/mdev.h | 31 ++++++------------------------- samples/vfio-mdev/mtty.c | 24 +++++++++++++----------- 5 files changed, 71 insertions(+), 45 deletions(-) commit 9372e6feaafb65d88f667ffb5b7b425f8568344f Author: Alex Williamson Date: Fri Dec 30 08:13:41 2016 -0700 vfio-mdev: Make mdev_parent private Rather than hoping for good behavior by marking some elements internal, enforce it by making the entire structure private and creating an accessor function for the one useful external field. Cc: Zhenyu Wang Cc: Zhi Wang Cc: Jike Song Signed-off-by: Alex Williamson Reviewed by: Kirti Wankhede Documentation/vfio-mediated-device.txt | 3 +++ drivers/gpu/drm/i915/gvt/kvmgt.c | 2 +- drivers/vfio/mdev/mdev_core.c | 6 ++++++ drivers/vfio/mdev/mdev_private.h | 10 ++++++++++ include/linux/mdev.h | 15 ++------------- samples/vfio-mdev/mtty.c | 2 +- 6 files changed, 23 insertions(+), 15 deletions(-) commit 42930553a7c11f06351bc08b889808d0f6020f08 Author: Alex Williamson Date: Fri Dec 30 08:13:38 2016 -0700 vfio-mdev: de-polute the namespace, rename parent_device & parent_ops Add an mdev_ prefix so we're not poluting the namespace so much. Cc: Zhenyu Wang Cc: Zhi Wang Cc: Jike Song Signed-off-by: Alex Williamson Reviewed by: Kirti Wankhede Documentation/vfio-mediated-device.txt | 24 ++++++++++++------------ drivers/gpu/drm/i915/gvt/kvmgt.c | 2 +- drivers/vfio/mdev/mdev_core.c | 28 ++++++++++++++-------------- drivers/vfio/mdev/mdev_private.h | 6 +++--- drivers/vfio/mdev/mdev_sysfs.c | 8 ++++---- drivers/vfio/mdev/vfio_mdev.c | 12 ++++++------ include/linux/mdev.h | 16 ++++++++-------- samples/vfio-mdev/mtty.c | 2 +- 8 files changed, 49 insertions(+), 49 deletions(-) commit 49550787a90b5bfa44d8dc424d11824dbe21473d Author: Alex Williamson Date: Fri Dec 30 08:13:33 2016 -0700 vfio-mdev: Fix remove race Using the mtty mdev sample driver we can generate a remove race by starting one shell that continuously creates mtty devices and several other shells all attempting to remove devices, in my case four remove shells. The fault occurs in mdev_remove_sysfs_files() where the passed type arg is NULL, which suggests we've received a struct device in mdev_device_remove() but it's in some sort of teardown state. The solution here is to make use of the accidentally unused list_head on the mdev_device such that the mdev core keeps a list of all the mdev devices. This allows us to validate that we have a valid mdev before we start removal, remove it from the list to prevent others from working on it, and if the vendor driver refuses to remove, we can re-add it to the list. Cc: Kirti Wankhede Signed-off-by: Alex Williamson drivers/vfio/mdev/mdev_core.c | 36 ++++++++++++++++++++++++++++++++++-- 1 file changed, 34 insertions(+), 2 deletions(-) commit 6c38c055cc4c0a5da31873d173b2de3085f43f33 Author: Alex Williamson Date: Fri Dec 30 08:13:31 2016 -0700 vfio/type1: Restore mapping performance with mdev support As part of the mdev support, type1 now gets a task reference per vfio_dma and uses that to get an mm reference for the task while working on accounting. That's correct, but it's not fast. For some paths, like vfio_pin_pages_remote(), we know we're only called from user context, so we can restore the lighter weight calls. In other cases, we're effectively already testing whether we're in the stored task context elsewhere, extend this vfio_lock_acct() as well. Signed-off-by: Alex Williamson Reviewed by: Kirti Wankhede drivers/vfio/vfio_iommu_type1.c | 98 +++++++++++++++++++++-------------------- 1 file changed, 51 insertions(+), 47 deletions(-) commit 08c1a4ef7cccd5632526be923c5b6eaca59d8b01 Author: Alex Williamson Date: Fri Dec 30 08:13:30 2016 -0700 vfio-mdev: Fix mtty sample driver building This sample driver was originally under Documentation/ and was moved to samples, but build support was never adjusted for the new location. Signed-off-by: Alex Williamson Reviewed-by: Eric Auger Tested-by: Eric Auger Reviewed-by: Kirti Wankhede samples/Kconfig | 7 +++++++ samples/Makefile | 3 ++- samples/vfio-mdev/Makefile | 14 +------------- 3 files changed, 10 insertions(+), 14 deletions(-) commit 368400e242dc04963ca5ff0b70654f1470344a0a Author: Christoffer Dall Date: Sat Dec 10 21:13:51 2016 +0100 ARM: dts: vexpress: Support GICC_DIR operations The GICv2 CPU interface registers span across 8K, not 4K as indicated in the DT. Only the GICC_DIR register is located after the initial 4K boundary, leaving a functional system but without support for separately EOI'ing and deactivating interrupts. After this change the system supports split priority drop and interrupt deactivation. Acked-by: Marc Zyngier Signed-off-by: Christoffer Dall [sudeep.holla@arm.com: included same fix for tc1 platform too] Signed-off-by: Sudeep Holla arch/arm/boot/dts/vexpress-v2p-ca15-tc1.dts | 2 +- arch/arm/boot/dts/vexpress-v2p-ca15_a7.dts | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) commit a766347b15c01507db9bf01f9b7021be5a776691 Author: Martin Blumenstingl Date: Sun Dec 11 22:14:32 2016 +0100 firmware: arm_scpi: fix reading sensor values on pre-1.0 SCPI firmwares The pre-1.0 SCPI firmwares are using single __le32 as sensor value, while the SCPI v1.0 protocol uses two __le32 as sensor values(64bit) split into 32bit upper and 32bit lower value. Using an "struct sensor_value" to read the sensor value on a pre-1.0 SCPI firmware gives garbage in the "hi_val" field. This patch fixes the issue by reading only the lower 32-bit value for all pre-1.0 SCPI versions. Suggested-by: Sudeep Holla Signed-off-by: Martin Blumenstingl [sudeep.holla@arm.com: updated the commit log to reflect the implementation] Signed-off-by: Sudeep Holla drivers/firmware/arm_scpi.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) commit 60f59ce0278557f7896d5158ae6d12a4855a72cc Author: Larry Finger Date: Wed Dec 21 11:18:55 2016 -0600 rtlwifi: rtl_usb: Fix missing entry in USB driver's private data These drivers need to be able to reference "struct ieee80211_hw" from the driver's private data, and vice versa. The USB driver failed to store the address of ieee80211_hw in the private data. Although this bug has been present for a long time, it was not exposed until commit ba9f93f82aba ("rtlwifi: Fix enter/exit power_save"). Fixes: ba9f93f82aba ("rtlwifi: Fix enter/exit power_save") Signed-off-by: Larry Finger Signed-off-by: Kalle Valo drivers/net/wireless/realtek/rtlwifi/usb.c | 1 + 1 file changed, 1 insertion(+) commit 1259feddd0f83649d5c48d730c140b4f7f3fa288 Author: Chanwoo Choi Date: Fri Dec 30 13:14:18 2016 +0900 pinctrl: samsung: Fix the width of PINCFG_TYPE_DRV bitfields for Exynos5433 This patch fixes the wrong width of PINCFG_TYPE_DRV bitfields for Exynos5433 because PINCFG_TYPE_DRV of Exynos5433 has 4bit fields in the *_DRV registers. Usually, other Exynos have 2bit field for PINCFG_TYPE_DRV. Fixes: 3c5ecc9ed353 ("pinctrl: exynos: Add support for Exynos5433") Cc: stable@vger.kernel.org Cc: Tomasz Figa Cc: Krzysztof Kozlowski Cc: Sylwester Nawrocki Cc: Linus Walleij Cc: Kukjin Kim Cc: Javier Martinez Canillas Signed-off-by: Chanwoo Choi Signed-off-by: Linus Walleij drivers/pinctrl/samsung/pinctrl-exynos.c | 91 ++++++++++++++++++-------------- drivers/pinctrl/samsung/pinctrl-exynos.h | 31 +++++++++++ 2 files changed, 82 insertions(+), 40 deletions(-) commit 570b90fa230b8021f51a67fab2245fe8df6fe37d Author: Andrew Lutomirski Date: Mon Dec 12 12:55:55 2016 -0800 orinoco: Use shash instead of ahash for MIC calculations Eric Biggers pointed out that the orinoco driver pointed scatterlists at the stack. Fix it by switching from ahash to shash. The result should be simpler, faster, and more correct. kvalo: cherry picked from commit 1fef293b8a9850cfa124a53c1d8878d355010403 as I accidentally applied this patch to wireless-drivers-next when I was supposed to apply this wireless-drivers Cc: stable@vger.kernel.org # 4.9 only Reported-by: Eric Biggers Signed-off-by: Andy Lutomirski Signed-off-by: Kalle Valo drivers/net/wireless/intersil/orinoco/mic.c | 44 +++++++++++++++---------- drivers/net/wireless/intersil/orinoco/mic.h | 3 +- drivers/net/wireless/intersil/orinoco/orinoco.h | 4 +-- 3 files changed, 30 insertions(+), 21 deletions(-) commit a0c10687ec9506b5e14fe3dd47832a77f2f2500c Author: Bjorn Andersson Date: Fri Dec 30 03:21:38 2016 -0800 Revert "remoteproc: Merge table_ptr and cached_table pointers" Following any fw_rsc_vdev entries in the resource table are two variable length arrays, the first one reference vring resources and the second one is the virtio config space. The virtio config space is used by virtio to communicate status and configuration changes and must as such be shared with the remote. The reverted commit incorrectly made any changes to the virtio config space only affect the local copy, in an attempt to allowing memory protection of the shared resource table. This reverts commit cda8529346935fc86f476999ac4fbfe4e17abf11. Signed-off-by: Bjorn Andersson drivers/remoteproc/remoteproc_core.c | 26 ++++++++++++++++---------- include/linux/remoteproc.h | 4 +++- 2 files changed, 19 insertions(+), 11 deletions(-) commit c81c0e0710f031cb09eb7cbf0e75e6754d1d8346 Author: Loic Pallardy Date: Wed Dec 14 16:11:00 2016 +0100 remoteproc: fix vdev reference management Commit 2b45cef5868a ("remoteproc: Further extend the vdev life cycle") extends kref support for vdev management. It introduces a regression when following sequence is executed: rproc_boot --> rproc_shutdown --> rproc_boot Second rproc_boot call crashes on register_virtio_device as device is already existing. Issue is previous vdev is never released when rproc is stop because associated refcount is too high. kref_get introduces is not needed as kref_init already initializes krefcount to 1 because it considers associated variable as used. This introduces a misalignment between kref_get and kref_put calls. Fixes: 2b45cef5868a ("remoteproc: Further extend the vdev life cycle") Signed-off-by: Loic Pallardy Signed-off-by: Bjorn Andersson drivers/remoteproc/remoteproc_core.c | 3 --- 1 file changed, 3 deletions(-) commit 63447646ac657fde00bb658ce21a3431940ae0ad Author: Loic Pallardy Date: Thu Dec 15 15:49:56 2016 +0100 rpmsg: virtio_rpmsg_bus: fix channel creation Since commit 4dffed5b3ac796b ("rpmsg: Name rpmsg devices based on channel id"), it is no more possible for a firmware to register twice a service (on different endpoints). rpmsg_register_device function is failing when calling device_add for the second time as second device has the same name as first one already register. It is because name is based only on service name and so is not more unique. Previously name was unique thanks to the use of rpmsg_dev_index. This patch adds destination and source endpoint numbers device name to create an unique identifier. Fixes: 4dffed5b3ac7 ("rpmsg: Name rpmsg devices based on channel id") Acked-by: Peter Griffin Signed-off-by: Loic Pallardy [bjorn: flipped name and address in device name] Signed-off-by: Bjorn Andersson drivers/rpmsg/rpmsg_core.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 01d1f7a99e457952aa51849ed7c1cc4ced7bca4b Author: Marcin Niestroj Date: Thu Dec 8 15:22:58 2016 +0100 iio: bmi160: Fix time needed to sleep after command execution Datasheet specifies typical and maximum execution times for which CMD register is occupied after previous command execution. We took these values as minimum and maximum time for usleep_range() call before making a new command execution. To be sure, that the CMD register is no longer occupied we need to wait *at least* the maximum time specified by datasheet. Signed-off-by: Marcin Niestroj Cc: Signed-off-by: Jonathan Cameron drivers/iio/imu/bmi160/bmi160_core.c | 25 ++++++------------------- 1 file changed, 6 insertions(+), 19 deletions(-) commit 07825f0acd85dd8b7481d5ef0eb024b05364d892 Author: Herbert Xu Date: Thu Dec 29 17:44:15 2016 +0800 crypto: aesni - Fix failure when built-in with modular pcbc If aesni is built-in but pcbc is built as a module, then aesni will fail completely because when it tries to register the pcbc variant of aes the pcbc template is not available. This patch fixes this by modifying the pcbc presence test so that if aesni is built-in then pcbc must also be built-in for it to be used by aesni. Fixes: 85671860caac ("crypto: aesni - Convert to skcipher") Reported-by: Stephan Müller Signed-off-by: Herbert Xu arch/x86/crypto/aesni-intel_glue.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 5018ada69a04c8ac21d74bd682fceb8e42dc0f96 Author: Geert Uytterhoeven Date: Mon Dec 19 18:29:23 2016 +0100 gpio: Move freeing of GPIO hogs before numbing of the device When removing a gpiochip that uses GPIO hogging (e.g. by unloading the chip's DT overlay), a warning is printed: gpio gpiochip8: REMOVING GPIOCHIP WITH GPIOS STILL REQUESTED This happens because gpiochip_free_hogs() is called after the gdev->chip pointer is reset to NULL. Hence __gpiod_free() cannot determine the chip in use, and cannot clear flags nor call the optional chip-specific .free() callback. Move the call to gpiochip_free_hogs() up to fix this. Cc: stable@vger.kernel.org Fixes: ff2b135922992756 ("gpio: make the gpiochip a real device") Signed-off-by: Geert Uytterhoeven Signed-off-by: Linus Walleij drivers/gpio/gpiolib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit abc8d5832fd142d565fbfca163348f33b08bc1fe Author: Arnd Bergmann Date: Fri Dec 16 10:08:14 2016 +0100 gpio: mxs: remove __init annotation Building with an old toolchain, I ran into this warning: WARNING: vmlinux.o(.text+0x63eef0): Section mismatch in reference from the function mxs_gpio_probe() to the function .init.text:mxs_gpio_init_gc() Clearly the annotation is wrong, since the function is called from the non-init probe, so let's remove it. Signed-off-by: Arnd Bergmann Signed-off-by: Linus Walleij drivers/gpio/gpio-mxs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit f5a0aab84b74de68523599817569c057c7ac1622 Author: David Ahern Date: Thu Dec 29 15:29:03 2016 -0800 net: ipv4: dst for local input routes should use l3mdev if relevant IPv4 output routes already use l3mdev device instead of loopback for dst's if it is applicable. Change local input routes to do the same. This fixes icmp responses for unreachable UDP ports which are directed to the wrong table after commit 9d1a6c4ea43e4 because local_input routes use the loopback device. Moving from ingress device to loopback loses the L3 domain causing responses based on the dst to get to lost. Fixes: 9d1a6c4ea43e4 ("net: icmp_route_lookup should use rt dev to determine L3 domain") Signed-off-by: David Ahern Signed-off-by: David S. Miller net/ipv4/route.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 2344ef3c86a7fe41f97bf66c7936001b6132860b Author: Sergei Shtylyov Date: Fri Dec 30 00:07:38 2016 +0300 sh_eth: fix branch prediction in sh_eth_interrupt() IIUC, likely()/unlikely() should apply to the whole *if* statement's expression, not a part of it -- fix such expression in sh_eth_interrupt() accordingly... Fixes: 283e38db65e7 ("sh_eth: Fix serialisation of interrupt disable with interrupt & NAPI handlers") Signed-off-by: Sergei Shtylyov Signed-off-by: David S. Miller drivers/net/ethernet/renesas/sh_eth.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 98473f9f3f9bd404873cd1178c8be7d6d619f0d1 Author: Olof Johansson Date: Thu Dec 29 14:16:07 2016 -0800 mm/filemap: fix parameters to test_bit() mm/filemap.c: In function 'clear_bit_unlock_is_negative_byte': mm/filemap.c:933:9: error: too few arguments to function 'test_bit' return test_bit(PG_waiters); ^~~~~~~~ Fixes: b91e1302ad9b ('mm: optimize PageWaiters bit use for unlock_page()') Signed-off-by: Olof Johansson Brown-paper-bag-by: Linus Torvalds Signed-off-by: Linus Torvalds mm/filemap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 1fe0a7e0bc52024a445945c9e7691551aba97390 Author: Helge Deller Date: Tue Dec 27 18:03:50 2016 +0100 parisc: Drop TIF_RESTORE_SIGMASK and switch to generic code Commit 7e7814180b33 ("signal: consolidate {TS,TLF}_RESTORE_SIGMASK code") introduced code with which the "restore sigmask" flag lives in task_struct instead of ti->flags. Let's use this optimization on parisc too. Signed-off-by: Helge Deller arch/parisc/include/asm/thread_info.h | 1 - 1 file changed, 1 deletion(-) commit 41744213602a206f24adcb4a2b7551db3c700e72 Author: Helge Deller Date: Mon Dec 26 12:46:01 2016 +0100 parisc: Mark cr16 clocksource unstable on SMP systems The cr16 interval timer of each CPU is not syncronized to other cr16 timers in other CPUs in a SMP system. So, delay the registration of the cr16 clocksource until all CPUs have been detected and then - if we are on a SMP machine - mark the cr16 clocksource as unstable and lower it's rating before registering it at the clocksource framework. This patch fixes the stalled CPU warnings which we have seen since introduction of the cr16 clocksource. Signed-off-by: Helge Deller Cc: # v4.8+ arch/parisc/kernel/time.c | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) commit f24d311f92b516a8aadef5056424ccabb4068e7b Author: Neil Armstrong Date: Tue Dec 6 15:08:16 2016 +0100 pinctrl: meson: fix gpio request disabling other modes The pinctrl_gpio_request is called with the "full" gpio number, already containing the base, then meson_pmx_request_gpio is then called with the final pin number. Remove the base addition when calling meson_pmx_disable_other_groups. Fixes: 6ac730951104 ("pinctrl: add driver for Amlogic Meson SoCs") CC: Beniamino Galvani Signed-off-by: Neil Armstrong Acked-by: Kevin Hilman Acked-by: Beniamino Galvani Signed-off-by: Linus Walleij drivers/pinctrl/meson/pinctrl-meson.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 2983f296f2327bc517e3b29344fce82271160197 Author: Shyam Sundar S K Date: Thu Dec 8 17:31:14 2016 +0530 pinctrl/amd: Set the level based on ACPI tables In the function amd_gpio_irq_set_type, read the values from the ACPI table to set the level and drop the settings passed by the client. Cc: # 4.8.x+ Reviewed-by: Pankaj Sen Reviewed-by: Nitesh Kumar Agrawal Reviewed-by: Shah, Nehal-bakulchandra Signed-off-by: Shyam-sundar S-k Signed-off-by: Linus Walleij drivers/pinctrl/pinctrl-amd.c | 19 +++++++------------ 1 file changed, 7 insertions(+), 12 deletions(-) commit a6cb3b864b21b7345f824a4faa12b723c8aaf099 Author: Jordan Crouse Date: Tue Dec 20 08:54:31 2016 -0700 drm/msm: Verify that MSM_SUBMIT_BO_FLAGS are set For every submission buffer object one of MSM_SUBMIT_BO_WRITE and MSM_SUBMIT_BO_READ must be set (and nothing else). If we allowed zero then the buffer object would never get queued to be unreferenced. Signed-off-by: Jordan Crouse Signed-off-by: Rob Clark drivers/gpu/drm/msm/msm_gem_submit.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 6490abc4bc35fa4f3bdb9c7e49096943c50e29ea Author: Jordan Crouse Date: Tue Dec 20 08:54:30 2016 -0700 drm/msm: Put back the vaddr in submit_reloc() The error cases in submit_reloc() need to put back the virtual address of the bo before failling. Add a single failure path for the function. Signed-off-by: Jordan Crouse Signed-off-by: Rob Clark drivers/gpu/drm/msm/msm_gem_submit.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) commit 88b333b0ed790f9433ff542b163bf972953b74d3 Author: Jordan Crouse Date: Tue Dec 20 08:54:29 2016 -0700 drm/msm: Ensure that the hardware write pointer is valid Currently the value written to CP_RB_WPTR is calculated on the fly as (rb->next - rb->start). But as the code is designed rb->next is wrapped before writing the commands so if a series of commands happened to fit perfectly in the ringbuffer, rb->next would end up being equal to rb->size / 4 and thus result in an out of bounds address to CP_RB_WPTR. The easiest way to fix this is to mask WPTR when writing it to the hardware; it makes the hardware happy and the rest of the ringbuffer math appears to work and there isn't any point in upsetting anything. Signed-off-by: Jordan Crouse [squash in is_power_of_2() check] Signed-off-by: Rob Clark drivers/gpu/drm/msm/adreno/adreno_gpu.c | 9 ++++++++- drivers/gpu/drm/msm/msm_ringbuffer.c | 3 ++- 2 files changed, 10 insertions(+), 2 deletions(-) commit e400b7977e7c014bc0c298b2d834311770a777ac Merge: f0c16ba 10b1c04 Author: David S. Miller Date: Thu Dec 29 14:17:42 2016 -0500 Merge branch 'mlx4-misc-fixes' Tariq Toukan says: ==================== mlx4 misc fixes This patchset contains several bug fixes from the team to the mlx4 Eth and Core drivers. Series generated against net commit: 60133867f1f1 'net: wan: slic_ds26522: fix spelling mistake: "configurated" -> "configured"' ==================== Signed-off-by: David S. Miller commit 10b1c04e92229ebeb38ccd0dcf2b6d3ec73c0575 Author: Jack Morgenstein Date: Thu Dec 29 18:37:13 2016 +0200 net/mlx4_core: Fix raw qp flow steering rules under SRIOV Demoting simple flow steering rule priority (for DPDK) was achieved by wrapping FW commands MLX4_QP_FLOW_STEERING_ATTACH/DETACH for the PF as well, and forcing the priority to MLX4_DOMAIN_NIC in the wrapper function for the PF and all VFs. In function mlx4_ib_create_flow(), this change caused the main rule creation for the PF to be wrapped, while it left the associated tunnel steering rule creation unwrapped for the PF. This mismatch caused rule deletion failures in mlx4_ib_destroy_flow() for the PF when the detach wrapper function did not find the associated tunnel-steering rule (since creation of that rule for the PF did not go through the wrapper function). Fix this by setting MLX4_QP_FLOW_STEERING_ATTACH/DETACH to be "native" (so that the PF invocation does not go through the wrapper), and perform the required priority demotion for the PF in the mlx4_ib_create_flow() code path. Fixes: 48564135cba8 ("net/mlx4_core: Demote simple multicast and broadcast flow steering rules") Signed-off-by: Jack Morgenstein Signed-off-by: Tariq Toukan Signed-off-by: David S. Miller drivers/infiniband/hw/mlx4/main.c | 14 ++++++++++++-- drivers/net/ethernet/mellanox/mlx4/main.c | 18 ++++++++++++++++++ .../net/ethernet/mellanox/mlx4/resource_tracker.c | 22 +--------------------- include/linux/mlx4/device.h | 2 ++ 4 files changed, 33 insertions(+), 23 deletions(-) commit 61b6034c6cfdcb265bb453505c3d688e7567727a Author: Slava Shwartsman Date: Thu Dec 29 18:37:12 2016 +0200 net/mlx4_en: Fix type mismatch for 32-bit systems is_power_of_2 expects unsigned long and we pass u64 max_val_cycles, this will be truncated on 32 bit systems, and the result is not what we were expecting. div_u64 expects u32 as a second argument and we pass max_val_cycles_rounded which is u64 hence it will always be truncated. Fix was tested on both 64 and 32 bit systems and got same results for max_val_cycles and max_val_cycles_rounded. Fixes: 4850cf458157 ("net/mlx4_en: Resolve dividing by zero in 32-bit system") Signed-off-by: Slava Shwartsman Signed-off-by: Tariq Toukan Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx4/en_clock.c | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) commit c1d5f8ff80ea84768f5fae1ca9d1abfbb5e6bbaa Author: Leon Romanovsky Date: Thu Dec 29 18:37:11 2016 +0200 net/mlx4: Remove BUG_ON from ICM allocation routine This patch removes BUG_ON() macro from mlx4_alloc_icm_coherent() by checking DMA address alignment in advance and performing proper folding in case of error. Fixes: 5b0bf5e25efe ("mlx4_core: Support ICM tables in coherent memory") Reported-by: Ozgur Karatas Signed-off-by: Leon Romanovsky Signed-off-by: Tariq Toukan Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx4/icm.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) commit 6496bbf0ec481966ef9ffe5b6660d8d1b55c60cc Author: Eugenia Emantayev Date: Thu Dec 29 18:37:10 2016 +0200 net/mlx4_en: Fix bad WQE issue Single send WQE in RX buffer should be stamped with software ownership in order to prevent the flow of QP in error in FW once UPDATE_QP is called. Fixes: 9f519f68cfff ('mlx4_en: Not using Shared Receive Queues') Signed-off-by: Eugenia Emantayev Signed-off-by: Tariq Toukan Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx4/en_rx.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) commit 3b01fe7f91c8e4f9afc4fae3c5af72c14958d2d8 Author: Jack Morgenstein Date: Thu Dec 29 18:37:09 2016 +0200 net/mlx4_core: Use-after-free causes a resource leak in flow-steering detach mlx4_QP_FLOW_STEERING_DETACH_wrapper first removes the steering rule (which results in freeing the rule structure), and then references a field in this struct (the qp number) when releasing the busy-status on the rule's qp. Since this memory was freed, it could reallocated and changed. Therefore, the qp number in the struct may be incorrect, so that we are releasing the incorrect qp. This leaves the rule's qp in the busy state (and could possibly release an incorrect qp as well). Fix this by saving the qp number in a local variable, for use after removing the steering rule. Fixes: 2c473ae7e582 ("net/mlx4_core: Disallow releasing VF QPs which have steering rules") Signed-off-by: Jack Morgenstein Signed-off-by: Tariq Toukan Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx4/resource_tracker.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit f0c16ba8933ed217c2688b277410b2a37ba81591 Author: Wei Zhang Date: Thu Dec 29 16:45:04 2016 +0800 net: fix incorrect original ingress device index in PKTINFO When we send a packet for our own local address on a non-loopback interface (e.g. eth0), due to the change had been introduced from commit 0b922b7a829c ("net: original ingress device index in PKTINFO"), the original ingress device index would be set as the loopback interface. However, the packet should be considered as if it is being arrived via the sending interface (eth0), otherwise it would break the expectation of the userspace application (e.g. the DHCPRELEASE message from dhcp_release binary would be ignored by the dnsmasq daemon, since it come from lo which is not the interface dnsmasq bind to) Fixes: 0b922b7a829c ("net: original ingress device index in PKTINFO") Acked-by: David Ahern Signed-off-by: Wei Zhang Signed-off-by: David S. Miller net/ipv4/ip_sockglue.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) commit 4775cc1f2d5abca894ac32774eefc22c45347d1c Author: Mathias Krause Date: Wed Dec 28 17:52:15 2016 +0100 rtnl: stats - add missing netlink message size checks We miss to check if the netlink message is actually big enough to contain a struct if_stats_msg. Add a check to prevent userland from sending us short messages that would make us access memory beyond the end of the message. Fixes: 10c9ead9f3c6 ("rtnetlink: add new RTM_GETSTATS message to dump...") Signed-off-by: Mathias Krause Cc: Roopa Prabhu Signed-off-by: David S. Miller net/core/rtnetlink.c | 6 ++++++ 1 file changed, 6 insertions(+) commit b91e1302ad9b80c174a4855533f7e3aa2873355e Author: Linus Torvalds Date: Tue Dec 27 11:40:38 2016 -0800 mm: optimize PageWaiters bit use for unlock_page() In commit 62906027091f ("mm: add PageWaiters indicating tasks are waiting for a page bit") Nick Piggin made our page locking no longer unconditionally touch the hashed page waitqueue, which not only helps performance in general, but is particularly helpful on NUMA machines where the hashed wait queues can bounce around a lot. However, the "clear lock bit atomically and then test the waiters bit" sequence turns out to be much more expensive than it needs to be, because you get a nasty stall when trying to access the same word that just got updated atomically. On architectures where locking is done with LL/SC, this would be trivial to fix with a new primitive that clears one bit and tests another atomically, but that ends up not working on x86, where the only atomic operations that return the result end up being cmpxchg and xadd. The atomic bit operations return the old value of the same bit we changed, not the value of an unrelated bit. On x86, we could put the lock bit in the high bit of the byte, and use "xadd" with that bit (where the overflow ends up not touching other bits), and look at the other bits of the result. However, an even simpler model is to just use a regular atomic "and" to clear the lock bit, and then the sign bit in eflags will indicate the resulting state of the unrelated bit #7. So by moving the PageWaiters bit up to bit #7, we can atomically clear the lock bit and test the waiters bit on x86 too. And architectures with LL/SC (which is all the usual RISC suspects), the particular bit doesn't matter, so they are fine with this approach too. This avoids the extra access to the same atomic word, and thus avoids the costly stall at page unlock time. The only downside is that the interface ends up being a bit odd and specialized: clear a bit in a byte, and test the sign bit. Nick doesn't love the resulting name of the new primitive, but I'd rather make the name be descriptive and very clear about the limitation imposed by trying to work across all relevant architectures than make it be some generic thing that doesn't make the odd semantics explicit. So this introduces the new architecture primitive clear_bit_unlock_is_negative_byte(); and adds the trivial implementation for x86. We have a generic non-optimized fallback (that just does a "clear_bit()"+"test_bit(7)" combination) which can be overridden by any architecture that can do better. According to Nick, Power has the same hickup x86 has, for example, but some other architectures may not even care. All these optimizations mean that my page locking stress-test (which is just executing a lot of small short-lived shell scripts: "make test" in the git source tree) no longer makes our page locking look horribly bad. Before all these optimizations, just the unlock_page() costs were just over 3% of all CPU overhead on "make test". After this, it's down to 0.66%, so just a quarter of the cost it used to be. (The difference on NUMA is bigger, but there this micro-optimization is likely less noticeable, since the big issue on NUMA was not the accesses to 'struct page', but the waitqueue accesses that were already removed by Nick's earlier commit). Acked-by: Nick Piggin Cc: Dave Hansen Cc: Bob Peterson Cc: Steven Whitehouse Cc: Andrew Lutomirski Cc: Andreas Gruenbacher Cc: Peter Zijlstra Cc: Mel Gorman Signed-off-by: Linus Torvalds arch/x86/include/asm/bitops.h | 13 +++++++++++++ include/linux/page-flags.h | 2 +- mm/filemap.c | 36 +++++++++++++++++++++++++++++++----- 3 files changed, 45 insertions(+), 6 deletions(-) commit 72f0991354b24b9860ddc57b12d5c39bd8e3c962 Merge: b6fc513 d7ddad0 Author: Dmitry Torokhov Date: Thu Dec 29 10:08:49 2016 -0800 Merge branch 'synaptics-rmi4' into for-linus This brings in fix for F03 build error when serio is module. commit b2eb09af7370fedc6b9d9f05762f01625438467a Author: Florian Fainelli Date: Wed Dec 28 15:44:41 2016 -0800 net: stmmac: Fix error path after register_netdev move Commit 5701659004d6 ("net: stmmac: Fix race between stmmac_drv_probe and stmmac_open") re-ordered how the MDIO bus registration and the network device are registered, but missed to unwind the MDIO bus registration in case we fail to register the network device. Fixes: 5701659004d6 ("net: stmmac: Fix race between stmmac_drv_probe and stmmac_open") Signed-off-by: Florian Fainelli Acked-by: Kweh, Hock Leong Signed-off-by: David S. Miller drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) commit e4c5e13aa45c23692e4acf56f0b3533f328199b2 Author: Zheng Li Date: Wed Dec 28 23:23:46 2016 +0800 ipv6: Should use consistent conditional judgement for ip6 fragment between __ip6_append_data and ip6_finish_output There is an inconsistent conditional judgement between __ip6_append_data and ip6_finish_output functions, the variable length in __ip6_append_data just include the length of application's payload and udp6 header, don't include the length of ipv6 header, but in ip6_finish_output use (skb->len > ip6_skb_dst_mtu(skb)) as judgement, and skb->len include the length of ipv6 header. That causes some particular application's udp6 payloads whose length are between (MTU - IPv6 Header) and MTU were fragmented by ip6_fragment even though the rst->dev support UFO feature. Add the length of ipv6 header to length in __ip6_append_data to keep consistent conditional judgement as ip6_finish_output for ip6 fragment. Signed-off-by: Zheng Li Signed-off-by: David S. Miller net/ipv6/ip6_output.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit e9112936f240856c925321fd2bd91adc7c00399c Author: Stephen Boyd Date: Wed Dec 21 16:03:42 2016 -0600 arm64: dts: msm8996: Add required memory carveouts This patch adds required memory carveouts so that the kernel does not access memory that is in use or has been reserved for use by other remote processors. Signed-off-by: Andy Gross Signed-off-by: Stephen Boyd arch/arm64/boot/dts/qcom/msm8996.dtsi | 10 ++++++++++ 1 file changed, 10 insertions(+) commit 60133867f1f111aaf3a8c00375b8026142a9a591 Author: Colin Ian King Date: Wed Dec 28 16:44:23 2016 +0000 net: wan: slic_ds26522: fix spelling mistake: "configurated" -> "configured" trivial fix to spelling mistake in pr_info message Signed-off-by: Colin Ian King Signed-off-by: David S. Miller drivers/net/wan/slic_ds26522.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 9dd0f896d2cc5815d859e945db90915071cd44b3 Author: Augusto Mecking Caringi Date: Wed Dec 28 16:02:05 2016 +0000 net: atm: Fix warnings in net/atm/lec.c when !CONFIG_PROC_FS This patch fixes the following warnings when CONFIG_PROC_FS is not set: linux/net/atm/lec.c: In function ‘lane_module_cleanup’: linux/net/atm/lec.c:1062:27: error: ‘atm_proc_root’ undeclared (first use in this function) remove_proc_entry("lec", atm_proc_root); ^ linux/net/atm/lec.c:1062:27: note: each undeclared identifier is reported only once for each function it appears in Signed-off-by: Augusto Mecking Caringi Signed-off-by: David S. Miller net/atm/lec.c | 2 ++ 1 file changed, 2 insertions(+) commit 4b52416a3f15df80af46d97d41f32ef5dde6e5fb Merge: 0df0f20 37f304d1 Author: David S. Miller Date: Wed Dec 28 14:36:54 2016 -0500 Merge branch 'mlx5-fixes' Saeed Mahameed says: ==================== Mellanox 100G mlx5 fixes 28-12-2016 Some fixes for mlx5 core and ethernet driver. for -stable: net/mlx5: Check FW limitations on log_max_qp before setting it net/mlx5: Cancel recovery work in remove flow net/mlx5: Avoid shadowing numa_node net/mlx5: Mask destination mac value in ethtool steering rules net/mlx5: Prevent setting multicast macs for VFs net/mlx5e: Don't sync netdev state when not registered net/mlx5e: Disable netdev after close ==================== Signed-off-by: David S. Miller commit 37f304d10030bb425c19099e7b955d9c3ec4cba3 Author: Saeed Mahameed Date: Wed Dec 28 14:58:42 2016 +0200 net/mlx5e: Disable netdev after close Disable netdev should come after it was closed, although no harm of doing it before -hence the MLX5E_STATE_DESTROYING bit- but it is more natural this way. Fixes: 26e59d8077a3 ("net/mlx5e: Implement mlx5e interface attach/detach callbacks") Signed-off-by: Saeed Mahameed Reviewed-by: Mohamad Haj Yahia Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 610e89e05c3f28a7394935aa6b91f99548c4fd3c Author: Saeed Mahameed Date: Wed Dec 28 14:58:41 2016 +0200 net/mlx5e: Don't sync netdev state when not registered Skip setting netdev vxlan ports and netdev rx_mode on driver load when netdev is not yet registered. Synchronizing with netdev state is needed only on reset flow where the netdev remains registered for the whole reset period. This also fixes an access before initialization of net_device.addr_list_lock - which for some reason initialized on register_netdev - where we queued set_rx_mode work on driver load before netdev registration. Fixes: 26e59d8077a3 ("net/mlx5e: Implement mlx5e interface attach/detach callbacks") Signed-off-by: Saeed Mahameed Reported-by: Sebastian Ott Reviewed-by: Mohamad Haj Yahia Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) commit 4525a45bfad55a00ef218c5fbe5d98a3d8170bf5 Author: Huy Nguyen Date: Wed Dec 28 14:58:40 2016 +0200 net/mlx5e: Check ets capability before initializing ets settings During the initial setup, the ets command is sent to firmware without checking if the HCA supports ets. This causes the invalid command error. Add the ets capiblity check before sending firmware command to initialize ets settings. Fixes: e207b7e99176 ("net/mlx5e: ConnectX-4 firmware support for DCBX") Signed-off-by: Huy Nguyen Signed-off-by: Saeed Mahameed Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/en_dcbnl.c | 3 +++ 1 file changed, 3 insertions(+) commit 1efbd205b3cc5882a8c386c58a57134044e9d5ba Author: Gal Pressman Date: Wed Dec 28 14:58:39 2016 +0200 Revert "net/mlx5: Add MPCNT register infrastructure" This reverts commit 7f503169cabd70c1f13b9279c50eca7dfb9a7d51. Fixes: 7f503169cabd ("net/mlx5: Add MPCNT register infrastructure") Signed-off-by: Gal Pressman Reported-by: Jesper Dangaard Brouer Signed-off-by: Saeed Mahameed Signed-off-by: David S. Miller include/linux/mlx5/device.h | 5 --- include/linux/mlx5/driver.h | 1 - include/linux/mlx5/mlx5_ifc.h | 93 ------------------------------------------- 3 files changed, 99 deletions(-) commit 465db5dab86d6688fa5132edd1237102f4a20e84 Author: Gal Pressman Date: Wed Dec 28 14:58:38 2016 +0200 Revert "net/mlx5e: Expose PCIe statistics to ethtool" This reverts commit 9c7262399ba12825f3ca4b00a76d8d5e77c720f5. PCIe counters were introduced in a new firmware version, as a result users with old firmware encountered a syndrome every 200ms due to update stats work. This feature will be re-introduced later with appropriate capabilities infrastructure. Fixes: 9c7262399ba1 ("net/mlx5e: Expose PCIe statistics to ethtool") Signed-off-by: Gal Pressman Reported-by: Jesper Dangaard Brouer Signed-off-by: Saeed Mahameed Signed-off-by: David S. Miller .../net/ethernet/mellanox/mlx5/core/en_ethtool.c | 17 ------------ drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 24 ---------------- drivers/net/ethernet/mellanox/mlx5/core/en_stats.h | 32 +--------------------- 3 files changed, 1 insertion(+), 72 deletions(-) commit ccce1700263d8b5b219359d04180492a726cea16 Author: Mohamad Haj Yahia Date: Wed Dec 28 14:58:37 2016 +0200 net/mlx5: Prevent setting multicast macs for VFs Need to check that VF mac address entered by the admin user is either zero or unicast mac. Multicast mac addresses are prohibited. Fixes: 77256579c6b4 ('net/mlx5: E-Switch, Introduce Vport administration functions') Signed-off-by: Mohamad Haj Yahia Signed-off-by: Saeed Mahameed Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 9b8c514291a83e53c073b473bdca6267f17a02c2 Author: Maor Gottlieb Date: Wed Dec 28 14:58:36 2016 +0200 net/mlx5: Release FTE lock in error flow Release the FTE lock when adding rule to the FTE has failed. Fixes: 0fd758d6112f ('net/mlx5: Don't unlock fte while still using it') Signed-off-by: Maor Gottlieb Reviewed-by: Mark Bloch Signed-off-by: Saeed Mahameed Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/fs_core.c | 1 + 1 file changed, 1 insertion(+) commit 077b1e8069b9b74477b01d28f6b83774dc19a142 Author: Maor Gottlieb Date: Wed Dec 28 14:58:35 2016 +0200 net/mlx5: Mask destination mac value in ethtool steering rules We need to mask the destination mac value with the destination mac mask when adding steering rule via ethtool. Fixes: 1174fce8d1410 ('net/mlx5e: Support l3/l4 flow type specs in ethtool flow steering') Signed-off-by: Maor Gottlieb Signed-off-by: Saeed Mahameed Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/en_fs_ethtool.c | 1 + 1 file changed, 1 insertion(+) commit d151d73dcc99de87c63bdefebcc4cb69de1cdc40 Author: Eli Cohen Date: Wed Dec 28 14:58:34 2016 +0200 net/mlx5: Avoid shadowing numa_node Avoid using a local variable named numa_node to avoid shadowing a public one. Fixes: db058a186f98 ('net/mlx5_core: Set irq affinity hints') Signed-off-by: Eli Cohen Signed-off-by: Saeed Mahameed Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/main.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 689a248df83b6032edc57e86267b4e5cc8d7174e Author: Daniel Jurgens Date: Wed Dec 28 14:58:33 2016 +0200 net/mlx5: Cancel recovery work in remove flow If there is pending delayed work for health recovery it must be canceled if the device is being unloaded. Fixes: 05ac2c0b7438 ("net/mlx5: Fix race between PCI error handlers and health work") Signed-off-by: Daniel Jurgens Signed-off-by: Saeed Mahameed Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/main.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 883371c453b937f9eb581fb4915210865982736f Author: Noa Osherovich Date: Wed Dec 28 14:58:32 2016 +0200 net/mlx5: Check FW limitations on log_max_qp before setting it When setting HCA capabilities, set log_max_qp to be the minimum between the selected profile's value and the HCA limitation. Fixes: 938fe83c8dcb ('net/mlx5_core: New device capabilities...') Signed-off-by: Noa Osherovich Signed-off-by: Saeed Mahameed Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/main.c | 7 +++++++ 1 file changed, 7 insertions(+) commit 9da34cd34e85aacc55af8774b81b1f23e86014f9 Author: Or Gerlitz Date: Wed Dec 28 14:58:31 2016 +0200 net/mlx5: Disable RoCE on the e-switch management port under switchdev mode Under the switchdev/offloads mode, packets that don't match any e-switch steering rule are sent towards the e-switch management port. We use a NIC HW steering rule set per vport (uplink and VFs) to make them be received into the host OS through the respective vport representor netdevice. Currnetly such missed RoCE packets will not get to this NIC steering rule, and hence VF RoCE will not work over the slow path of the offloads mode. This is b/c these packets will be matched by a steering rule added by the firmware that serves RoCE traffic set on the PF NIC vport which is also the e-switch management port under SRIOV. Disabling RoCE on the e-switch management vport when we are in the offloads mode, will signal to the firmware to remove their RoCE rule, and then the missed RoCE packets will be matched by the representor NIC steering rule as any other missed packets. To achieve that, we disable RoCE on the PF vport. We do that by removing (hot-unplugging) the IB device instance associated with the PF. This is also required by our current model where the PF serves as the uplink representor and hence only SW switching (TC, bridge, OVS) applications and slow path vport mlx5e net-device should be running over that vport. Fixes: c930a3ad7453 ('net/mlx5e: Add devlink based SRIOV mode changes') Signed-off-by: Or Gerlitz Reviewed-by: Hadar Hen Zion Signed-off-by: Saeed Mahameed Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/eswitch_offloads.c | 11 +++++++++++ 1 file changed, 11 insertions(+) commit 0df0f207aab4f42e5c96a807adf9a6845b69e984 Author: Paul Blakey Date: Wed Dec 28 14:54:47 2016 +0200 net/sched: cls_flower: Fix missing addr_type in classify Since we now use a non zero mask on addr_type, we are matching on its value (IPV4/IPV6). So before this fix, matching on enc_src_ip/enc_dst_ip failed in SW/classify path since its value was zero. This patch sets the proper value of addr_type for encapsulated packets. Fixes: 970bfcd09791 ('net/sched: cls_flower: Use mask for addr_type') Signed-off-by: Paul Blakey Reviewed-by: Hadar Hen Zion Acked-by: Jiri Pirko Signed-off-by: David S. Miller net/sched/cls_flower.c | 4 ++++ 1 file changed, 4 insertions(+) commit 6f96d639915f9f2bc43b538aedd4bffacd24ceeb Author: Krzysztof Kozlowski Date: Wed Dec 7 19:18:35 2016 +0200 MAINTAINERS: Add Patchwork URL to Samsung Exynos entry I use Patchwork for handling incoming patches. Put its address here so submitters could know what is in the queue. Signed-off-by: Krzysztof Kozlowski Reviewed-by: Javier Martinez Canillas Acked-by: Kukjin Kim MAINTAINERS | 1 + 1 file changed, 1 insertion(+) commit b6f4c66704b875aba9b8c912532323e3cc89824c Author: Arnaldo Carvalho de Melo Date: Wed Dec 28 10:47:13 2016 -0300 samples/bpf trace_output_user: Remove duplicate sys/ioctl.h include Cc: Alexei Starovoitov Cc: Daniel Borkmann Cc: Joe Stringer Cc: Wang Nan Link: http://lkml.kernel.org/n/tip-3awp0nv8tpnblatojmwjww7z@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo samples/bpf/trace_output_user.c | 1 - 1 file changed, 1 deletion(-) commit a608a9d52fa4168efd478d684039ed545a69dbcd Author: Micha? K?pie? Date: Fri Dec 23 10:00:08 2016 +0100 platform/x86: fujitsu-laptop: use brightness_set_blocking for LED-setting callbacks All LED-setting functions in fujitsu-laptop are currently assigned to the brightness_set callback, which is incorrect because they can sleep (due to their use of call_fext_func(), which in turn issues ACPI calls) and the documentation (in include/linux/leds.h) clearly states they must not. Assign them to brightness_set_blocking instead and change them to match the expected function prototype. This change makes it possible to use Fujitsu-specific LEDs with "heavy" triggers, like disk-activity or phy0rx. Fixes: 3a407086090b ("fujitsu-laptop: Add BL power, LED control and radio state information") Fixes: 4f62568c1fcf ("fujitsu-laptop: Support radio LED") Fixes: d6b88f64b0d4 ("fujitsu-laptop: Add support for eco LED") Signed-off-by: Michał Kępień Acked-by: Jonathan Woithe Signed-off-by: Andy Shevchenko drivers/platform/x86/fujitsu-laptop.c | 42 +++++++++++++++++------------------ 1 file changed, 21 insertions(+), 21 deletions(-) commit f6c5c1f96d976e1fb9d71fb824629c450ee0a122 Author: Randy Dunlap Date: Tue Dec 27 14:28:51 2016 -0800 platform/x86: fix surface3_button build errors Fix build errors when I2C=m and SURFACE_3_BUTTON=y. The driver uses i2c interfaces so it should depend on I2C. drivers/built-in.o: In function `surface3_driver_init': surface3_button.c:(.init.text+0x75cb0): undefined reference to `i2c_register_driver' drivers/built-in.o: In function `surface3_driver_exit': surface3_button.c:(.exit.text+0x31a8): undefined reference to `i2c_del_driver' Fixes: 1a64b719d3ae (platform/x86: Introduce button support for the Surface 3) Signed-off-by: Randy Dunlap Reported-by: kbuild test robot Cc: Benjamin Tissoires Cc: platform-driver-x86@vger.kernel.org Cc: Darren Hart Signed-off-by: Andy Shevchenko drivers/platform/x86/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit abfb7b686a3e5be27bf81db62f9c5c895b76f5d1 Author: Ard Biesheuvel Date: Sat Dec 24 13:59:23 2016 +0000 efi/libstub/arm*: Pass latest memory map to the kernel As reported by James Morse, the current libstub code involving the annotated memory map only works somewhat correctly by accident, due to the fact that a pool allocation happens to be reused immediately, retaining its former contents on most implementations of the UEFI boot services. Instead of juggling memory maps, which makes the code more complex than it needs to be, simply put placeholder values into the FDT for the memory map parameters, and only write the actual values after ExitBootServices() has been called. Reported-by: James Morse Signed-off-by: Ard Biesheuvel Cc: Cc: Jeffrey Hugo Cc: Linus Torvalds Cc: Matt Fleming Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-arm-kernel@lists.infradead.org Cc: linux-efi@vger.kernel.org Fixes: ed9cc156c42f ("efi/libstub: Use efi_exit_boot_services() in FDT") Link: http://lkml.kernel.org/r/1482587963-20183-2-git-send-email-ard.biesheuvel@linaro.org Signed-off-by: Ingo Molnar drivers/firmware/efi/libstub/efistub.h | 8 ---- drivers/firmware/efi/libstub/fdt.c | 87 ++++++++++++++++++++++------------ 2 files changed, 56 insertions(+), 39 deletions(-) commit 5701659004d68085182d2fd4199c79172165fa65 Author: Florian Fainelli Date: Tue Dec 27 18:23:06 2016 -0800 net: stmmac: Fix race between stmmac_drv_probe and stmmac_open There is currently a small window during which the network device registered by stmmac can be made visible, yet all resources, including and clock and MDIO bus have not had a chance to be set up, this can lead to the following error to occur: [ 473.919358] stmmaceth 0000:01:00.0 (unnamed net_device) (uninitialized): stmmac_dvr_probe: warning: cannot get CSR clock [ 473.919382] stmmaceth 0000:01:00.0: no reset control found [ 473.919412] stmmac - user ID: 0x10, Synopsys ID: 0x42 [ 473.919429] stmmaceth 0000:01:00.0: DMA HW capability register supported [ 473.919436] stmmaceth 0000:01:00.0: RX Checksum Offload Engine supported [ 473.919443] stmmaceth 0000:01:00.0: TX Checksum insertion supported [ 473.919451] stmmaceth 0000:01:00.0 (unnamed net_device) (uninitialized): Enable RX Mitigation via HW Watchdog Timer [ 473.921395] libphy: PHY stmmac-1:00 not found [ 473.921417] stmmaceth 0000:01:00.0 eth0: Could not attach to PHY [ 473.921427] stmmaceth 0000:01:00.0 eth0: stmmac_open: Cannot attach to PHY (error: -19) [ 473.959710] libphy: stmmac: probed [ 473.959724] stmmaceth 0000:01:00.0 eth0: PHY ID 01410cc2 at 0 IRQ POLL (stmmac-1:00) active [ 473.959728] stmmaceth 0000:01:00.0 eth0: PHY ID 01410cc2 at 1 IRQ POLL (stmmac-1:01) [ 473.959731] stmmaceth 0000:01:00.0 eth0: PHY ID 01410cc2 at 2 IRQ POLL (stmmac-1:02) [ 473.959734] stmmaceth 0000:01:00.0 eth0: PHY ID 01410cc2 at 3 IRQ POLL (stmmac-1:03) Fix this by making sure that register_netdev() is the last thing being done, which guarantees that the clock and the MDIO bus are available. Fixes: 4bfcbd7abce2 ("stmmac: Move the mdio_register/_unregister in probe/remove") Reported-by: Kweh, Hock Leong Signed-off-by: Florian Fainelli Signed-off-by: David S. Miller drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) commit 2d706e790f0508dff4fb72eca9b4892b79757feb Merge: 8f18e4d 8759fec Author: Linus Torvalds Date: Tue Dec 27 17:51:36 2016 -0800 Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 Pull crypto fix from Herbert Xu: "This fixes a hash corruption bug in the marvell driver" * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: crypto: marvell - Copy IVDIG before launching partial DMA ahash requests commit ee12996c9d392ec61241ab6c74d257bc2122e0bc Author: Arnaldo Carvalho de Melo Date: Tue Dec 27 21:49:17 2016 -0300 samples/bpf sock_example: Avoid getting ethhdr from two includes To avoid the following build failure on Alpine Linux 3.4, that has clang-3.8 with the bpf target: HOSTCC samples/bpf/sock_example.o In file included from /usr/include/net/ethernet.h:10:0, from /git/linux/samples/bpf/sock_example.h:7, from /git/linux/samples/bpf/sock_example.c:30: /usr/include/netinet/if_ether.h:96:8: error: redefinition of 'struct ethhdr' struct ethhdr { ^ In file included from /git/linux/samples/bpf/sock_example.c:26:0: ./usr/include/linux/if_ether.h:144:8: note: originally defined here struct ethhdr { ^ scripts/Makefile.host:124: recipe for target 'samples/bpf/sock_example.o' failed make[2]: *** [samples/bpf/sock_example.o] Error 1 /git/linux/Makefile:1658: recipe for target 'samples/bpf/' failed So include net/if_ether.h for the needs of sock_example.h, using the same include that sock_example.c uses. Cc: Alexei Starovoitov Cc: Daniel Borkmann Cc: Joe Stringer Cc: Wang Nan Link: http://lkml.kernel.org/n/tip-m9avekl1b651qe1r1zd5tzz9@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo samples/bpf/sock_example.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 9396c9cb0d9534ca67bda8a34b2413a2ca1c67e9 Author: Namhyung Kim Date: Thu Dec 22 15:03:50 2016 +0900 perf sched timehist: Show total scheduling time Show length of analyzed sample time and rate of idle task running. This also takes care of time range given by --time option. $ perf sched timehist -sI | tail Samples do not have callchains. Idle stats: CPU 0 idle for 930.316 msec ( 92.93%) CPU 1 idle for 963.614 msec ( 96.25%) CPU 2 idle for 885.482 msec ( 88.45%) CPU 3 idle for 938.635 msec ( 93.76%) Total number of unique tasks: 118 Total number of context switches: 2337 Total run time (msec): 3718.048 Total scheduling time (msec): 1001.131 (x 4) Suggested-by: David Ahern Signed-off-by: Namhyung Kim Cc: Jiri Olsa Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/20161222060350.17655-3-namhyung@kernel.org Signed-off-by: Arnaldo Carvalho de Melo tools/perf/builtin-sched.c | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) commit fe4f6c801c03bc13113d0dc32f02d4ea8ed89ffd Author: Theodore Ts'o Date: Tue Dec 27 19:46:27 2016 -0500 fscrypt: fix the test_dummy_encryption mount option Commit f1c131b45410a: "crypto: xts - Convert to skcipher" now fails the setkey operation if the AES key is the same as the tweak key. Previously this check was only done if FIPS mode is enabled. Now this check is also done if weak key checking was requested. This is reasonable, but since we were using the dummy key which was a constant series of 0x42 bytes, it now caused dummy encrpyption test mode to fail. Fix this by using 0x42... and 0x24... for the two keys, so they are different. Fixes: f1c131b45410a202eb45cc55980a7a9e4e4b4f40 Cc: stable@vger.kernel.org Signed-off-by: Theodore Ts'o fs/crypto/keyinfo.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 8f18e4d03ed8fa5e4a300c94550533bd8ce4ff9a Merge: 0dad3a3 5799fc9 Author: Linus Torvalds Date: Tue Dec 27 16:04:37 2016 -0800 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net Pull networking fixes from David Miller: 1) Various ipvlan fixes from Eric Dumazet and Mahesh Bandewar. The most important is to not assume the packet is RX just because the destination address matches that of the device. Such an assumption causes problems when an interface is put into loopback mode. 2) If we retry when creating a new tc entry (because we dropped the RTNL mutex in order to load a module, for example) we end up with -EAGAIN and then loop trying to replay the request. But we didn't reset some state when looping back to the top like this, and if another thread meanwhile inserted the same tc entry we were trying to, we re-link it creating an enless loop in the tc chain. Fix from Daniel Borkmann. 3) There are two different WRITE bits in the MDIO address register for the stmmac chip, depending upon the chip variant. Due to a bug we could set them both, fix from Hock Leong Kweh. 4) Fix mlx4 bug in XDP_TX handling, from Tariq Toukan. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: net: stmmac: fix incorrect bit set in gmac4 mdio addr register r8169: add support for RTL8168 series add-on card. net: xdp: remove unused bfp_warn_invalid_xdp_buffer() openvswitch: upcall: Fix vlan handling. ipv4: Namespaceify tcp_tw_reuse knob net: korina: Fix NAPI versus resources freeing net, sched: fix soft lockup in tc_classify net/mlx4_en: Fix user prio field in XDP forward tipc: don't send FIN message from connectionless socket ipvlan: fix multicast processing ipvlan: fix various issues in ipvlan_process_multicast() commit d7ddad0acc4add42567f7879b116a0b9eea31860 Author: Dmitry Torokhov Date: Tue Dec 27 11:32:55 2016 -0800 Input: synaptics-rmi4 - fix F03 build error when serio is module Since F03 is a boolean, "depends" on symbols that can be modules do not work quite right. We can enable F03 if SERIO is built-in or if both RMI core and SERIO core are modules. If SERIO core is module, but RMI is built-in, we'll get: drivers/built-in.o: In function `rmi_f03_attention': rmi_f03.c:(.text+0xf8ef8): undefined reference to `serio_interrupt' rmi_f03.c:(.text+0xf8fbd): undefined reference to `serio_interrupt' drivers/built-in.o: In function `rmi_f03_remove': rmi_f03.c:(.text+0xf9082): undefined reference to `serio_unregister_port' drivers/built-in.o: In function `rmi_f03_probe': rmi_f03.c:(.text+0xf9260): undefined reference to `__serio_register_port' Reported-by: Randy Dunlap Reviewed-by: Guenter Roeck Signed-off-by: Dmitry Torokhov drivers/input/rmi4/Kconfig | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit b6fc513da50c5dbc457a8ad6b58b046a6a68fd9d Author: Pavel Rojtberg Date: Tue Dec 27 11:44:51 2016 -0800 Input: xpad - use correct product id for x360w controllers currently the controllers get the same product id as the wireless receiver. However the controllers actually have their own product id. The patch makes the driver expose the same product id as the windows driver. This improves compatibility when running applications with WINE. see https://github.com/paroj/xpad/issues/54 Signed-off-by: Pavel Rojtberg Signed-off-by: Dmitry Torokhov drivers/input/joystick/xpad.c | 6 ++++++ 1 file changed, 6 insertions(+) commit 36f671be1db1b17d3d4ab0c8b47f81ccb1efcb75 Author: Cihangir Akturk Date: Sat Dec 17 19:42:17 2016 +0200 Documentation/unaligned-memory-access.txt: fix incorrect comparison operator In the actual implementation ether_addr_equal function tests for equality to 0 when returning. It seems in commit 0d74c4 it is somehow overlooked to change this operator to reflect the actual function. Signed-off-by: Cihangir Akturk Signed-off-by: Jonathan Corbet Documentation/unaligned-memory-access.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 66115335fbb411365c23349b2fbe7e041eabbaf2 Author: John Brooks Date: Fri Dec 23 00:53:10 2016 +0000 docs: Fix build failure The 80211.tmpl DocBook file was removed in commit 819bf593767c ("docs-rst: sphinxify 802.11 documentation"), but the 80211.xml target was re-added to the Makefile by commit 7ddedebb03b7 ("ALSA: doc: ReSTize writing-an-alsa-driver document"), leading to a failure when building the documentation: *** No rule to make target 'Documentation/DocBook/80211.xml', needed by 'Documentation/DocBook/80211.aux.xml'. cc: stable@vger.kernel.org Signed-off-by: John Brooks Mea-culpa-by: Jonathan Corbet Signed-off-by: Jonathan Corbet Documentation/DocBook/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 54ab6db0909061ab7ee07233d3cab86d29f86e6c Merge: 217e2bfa 7ce7d89 Author: Jonathan Corbet Date: Tue Dec 27 12:53:44 2016 -0700 Merge tag 'v4.10-rc1' into docs-next Linux 4.10-rc1 commit 4bbc84ffd137fe43d68aa633d317b0a96de8a828 Author: Mike Kravetz Date: Mon Dec 19 19:17:08 2016 -0800 sparc: use symbolic names for tsb indexing Use symbolic names MM_TSB_BASE and MM_TSB_HUGE instead of numeric values 0 and 1 in __tsb_context_switch. Code cleanup only, no functional change. Suggested-by: Sam Ravnborg Signed-off-by: Mike Kravetz Acked-by: Sam Ravnborg Signed-off-by: David S. Miller arch/sparc/include/asm/mmu_context_64.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 74de7126fc53fff311c5e213f896a56dbabc9149 Merge: 9a6b6f7 1494493 Author: Tony Lindgren Date: Tue Dec 27 10:29:24 2016 -0800 Merge branch 'omap-for-v4.10/legacy' into omap-for-v4.10/fixes commit 9a6b6f75d9daa892ae8f6e5ed6ae0ab49b9586cb Author: Markus Elfring Date: Sat Dec 3 21:46:02 2016 +0100 ARM: OMAP2+: PRM: Delete an error message for a failed memory allocation Omit an extra message for a memory allocation failure in this function. Link: http://events.linuxfoundation.org/sites/events/files/slides/LCJ16-Refactor_Strings-WSang_0.pdf Signed-off-by: Markus Elfring Signed-off-by: Tony Lindgren arch/arm/mach-omap2/prm_common.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) commit 4cf48f1d7520a4d325af58eded4d8090e1b40be7 Author: Pali Rohár Date: Wed Dec 14 22:29:44 2016 +0100 ARM: dts: n900: Mark eMMC slot with no-sdio and no-sd flags Trying to initialize eMMC slot as SDIO or SD cause failure in n900 port of qemu. eMMC itself is not detected and is not working. Real Nokia N900 harware does not have this problem. As eMMC is really not SDIO or SD based such change is harmless and will fix support for qemu. Signed-off-by: Pali Rohár Acked-by: Pavel Machek Signed-off-by: Tony Lindgren arch/arm/boot/dts/omap3-n900.dts | 2 ++ 1 file changed, 2 insertions(+) commit 1a177cf72b3a6226f01652df8292d07edf67e7af Author: Lokesh Vutla Date: Wed Dec 14 14:27:03 2016 +0530 ARM: dts: dra72-evm-tps65917: Add voltage supplies to usb_phy, mmc, dss Commit 5d080aa30681 ("ARM: dts: dra72: Add separate dtsi for tps65917") added a separate dtsi for dra72-evm-tps65917 moving all the voltage supplies to this file. But it missed adding voltage supplies to usb_phy, mmc, dss and deleted from dra72-evm-common.dtsi. Adding the voltage supply phandles to these nodes in dra72-evm-tps65917.dtsi Fixes: 5d080aa30681 ("ARM: dts: dra72: Add separate dtsi for tps65917") Reported-by: Carlos Hernandez Signed-off-by: Roger Quadros Signed-off-by: Lokesh Vutla Signed-off-by: Tony Lindgren arch/arm/boot/dts/dra72-evm-tps65917.dtsi | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) commit 5acd016c88937be3667ba4e6b60f0f74455b5e80 Author: Roger Quadros Date: Mon Dec 12 11:58:05 2016 +0200 ARM: dts: am57xx-idk: Put USB2 port in peripheral mode USB2 port can be operated in dual-role mode but till we have dual-role support in dwc3 driver let's limit this port to peripheral mode. If we don't do so it defaults to host mode. USB1 port is meant for host only operation and we don't want both ports in host only mode. Signed-off-by: Roger Quadros Signed-off-by: Tony Lindgren arch/arm/boot/dts/am57xx-idk-common.dtsi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 10d27dfaf6b6ce3bd7598b1e20e58446c5697a50 Author: Roger Quadros Date: Mon Dec 12 11:58:04 2016 +0200 ARM: dts: am57xx-idk: Support VBUS detection on USB2 port VBUS detection is available on the board via the palmas PMIC. Use extcon-palmas driver instead of extcon-gpio-usb driver. Signed-off-by: Roger Quadros Signed-off-by: Tony Lindgren arch/arm/boot/dts/am571x-idk.dts | 10 +++++----- arch/arm/boot/dts/am572x-idk.dts | 10 +++++----- arch/arm/boot/dts/am57xx-idk-common.dtsi | 7 +++++++ 3 files changed, 17 insertions(+), 10 deletions(-) commit 820381572fc015baa4f5744f5d4583ec0c0f1b82 Author: Milo Kim Date: Fri Dec 9 15:28:33 2016 +0900 dt-bindings: input: Specify the interrupt number of TPS65217 power button Specify the power button interrupt number which is from the datasheet. Signed-off-by: Milo Kim Acked-by: Rob Herring Signed-off-by: Tony Lindgren Documentation/devicetree/bindings/input/tps65218-pwrbutton.txt | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 81d7358d7038dd1001547950087e5b0641732f3f Author: Milo Kim Date: Fri Dec 9 15:28:32 2016 +0900 dt-bindings: power/supply: Update TPS65217 properties Add interrupt specifiers for USB and AC charger input. Interrupt numbers are from the datasheet. Fix wrong property for compatible string. Signed-off-by: Milo Kim Acked-by: Rob Herring Signed-off-by: Tony Lindgren .../devicetree/bindings/power/supply/tps65217_charger.txt | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) commit be53e38f0df21c3d45cdf4cede37ee73554cdbb8 Author: Milo Kim Date: Fri Dec 9 15:28:31 2016 +0900 dt-bindings: mfd: Remove TPS65217 interrupts Interrupt numbers are from the datasheet, so no need to keep them in the ABI. Use the number in the DT file. Signed-off-by: Milo Kim Acked-by: Rob Herring Signed-off-by: Tony Lindgren arch/arm/boot/dts/am335x-bone-common.dtsi | 8 +++----- include/dt-bindings/mfd/tps65217.h | 26 -------------------------- 2 files changed, 3 insertions(+), 31 deletions(-) commit 30aa2e48962c6e4cd5258840f55f2f413b0bdbb4 Author: Milo Kim Date: Fri Dec 9 15:28:30 2016 +0900 ARM: dts: am335x: Fix the interrupt name of TPS65217 Use 'interrupt-names' for getting the charger interrupt number. Fixes: 1934e89a769b ("ARM: dts: am335x: Add the charger interrupt") Signed-off-by: Milo Kim Signed-off-by: Tony Lindgren arch/arm/boot/dts/am335x-bone-common.dtsi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 5066d5296ff2db20625e5f46e7338872c90c649f Author: Maninder Singh Date: Thu Dec 8 09:40:30 2016 +0530 ARM: omap2+: fixing wrong strcat for Non-NULL terminated string Issue caught with static analysis tool: "Dangerous usage of 'name' (strncpy doesn't always 0-terminate it)" Use strlcpy _includes_ the NUL terminator, and strlcat() which ensures that it won't overflow the buffer. Reported-by: Maninder Singh Signed-off-by: Vaneet Narang CC: Russell King Signed-off-by: Tony Lindgren arch/arm/mach-omap2/omap_hwmod.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit f86a2c875fd146d9b82c8fdd86d31084507bcf4c Author: Grygorii Strashko Date: Mon Dec 5 09:27:44 2016 +0530 ARM: omap2+: am437x: rollback to use omap3_gptimer_timer_init() The commit 55ee7017ee31 ("arm: omap2: board-generic: use omap4_local_timer_init for AM437x") unintentionally changes the clocksource devices for AM437x from OMAP GP Timer to SyncTimer32K. Unfortunately, the SyncTimer32K is starving from frequency deviation as mentioned in commit 5b5c01359152 ("ARM: OMAP2+: AM43x: Use gptimer as clocksource") and, as reported by Franklin [1], even its monotonic nature is under question (most probably there is a HW issue, but it's still under investigation). Taking into account above facts It's reasonable to rollback to the use of omap3_gptimer_timer_init(). [1] http://www.spinics.net/lists/linux-omap/msg127425.html Fixes: 55ee7017ee31 ("arm: omap2: board-generic: use omap4_local_timer_init for AM437x") Reported-by: Cooper Jr., Franklin Signed-off-by: Grygorii Strashko Signed-off-by: Lokesh Vutla Signed-off-by: Keerthy Signed-off-by: Tony Lindgren arch/arm/mach-omap2/board-generic.c | 2 +- arch/arm/mach-omap2/timer.c | 9 +++++---- 2 files changed, 6 insertions(+), 5 deletions(-) commit 7245f67f86e847769f41dacad26bb8f5b5d74bf4 Author: Adam Ford Date: Sat Dec 3 04:57:23 2016 -0600 ARM: dts: omap3: Add DTS for Logic PD SOM-LV 37xx Dev Kit Fixes: ("ab8dd3aed011 ARM: DTS: Add minimal Support for Logic PD DM3730 SOM-LV") This adds the dts file into the Makefile. This should have been included in the original patch. V2: Update patch description - same source code V1: Original patch Reviewed-by: Javier Martinez Canillas Signed-off-by: Adam Ford Signed-off-by: Tony Lindgren arch/arm/boot/dts/Makefile | 1 + 1 file changed, 1 insertion(+) commit 7f6c857b12911ed56b2056f9d5491e16b5fc95ea Author: Javier Martinez Canillas Date: Mon Dec 19 11:44:41 2016 -0300 ARM: dts: dra7: Add an empty chosen node to top level DTSI Commit 55871eb6e2cc ("ARM: dts: dra7: Remove skeleton.dtsi usage") removed the skeleton.dtsi usage since we want to get rid of it. But this can cause issues when booting a kernel with a boot-loader that doesn't create a chosen node if this isn't present in the DTB since the decompressor relies on a pre-existing chosen node to be available to insert the command line and merge other ATAGS info. Fixes: 55871eb6e2cc ("ARM: dts: dra7: Remove skeleton.dtsi usage") Reported-by: Pali Rohar Signed-off-by: Javier Martinez Canillas Signed-off-by: Tony Lindgren arch/arm/boot/dts/dra7.dtsi | 1 + 1 file changed, 1 insertion(+) commit 6ed80b3a232e61da6d0189bbbe2b2b9afaefe3b3 Author: Javier Martinez Canillas Date: Mon Dec 19 11:44:40 2016 -0300 ARM: dts: dm816x: Add an empty chosen node to top level DTSI Commit 06bfb9c19957 ("ARM: dts: dm816x: Remove skeleton.dtsi usage") removed the skeleton.dtsi usage since we want to get rid of it. But this can cause issues when booting a kernel with a boot-loader that doesn't create a chosen node if this isn't present in the DTB since the decompressor relies on a pre-existing chosen node to be available to insert the command line and merge other ATAGS info. Fixes: 06bfb9c19957 ("ARM: dts: dm816x: Remove skeleton.dtsi usage") Reported-by: Pali Rohar Signed-off-by: Javier Martinez Canillas Signed-off-by: Tony Lindgren arch/arm/boot/dts/dm816x.dtsi | 1 + 1 file changed, 1 insertion(+) commit 9536fd30d41ae4f30d04762676e5f5f602e16aa8 Author: Javier Martinez Canillas Date: Mon Dec 19 11:44:39 2016 -0300 ARM: dts: dm814x: Add an empty chosen node to top level DTSI Commit 76155b378c59 ("ARM: dts: dm814x: Remove skeleton.dtsi usage") removed the skeleton.dtsi usage since we want to get rid of it. But this can cause issues when booting a kernel with a boot-loader that doesn't create a chosen node if this isn't present in the DTB since the decompressor relies on a pre-existing chosen node to be available to insert the command line and merge other ATAGS info. Fixes: 76155b378c59 ("ARM: dts: dm814x: Remove skeleton.dtsi usage") Reported-by: Pali Rohar Signed-off-by: Javier Martinez Canillas Signed-off-by: Tony Lindgren arch/arm/boot/dts/dm814x.dtsi | 1 + 1 file changed, 1 insertion(+) commit 5799fc905930f866c7d32aaf81b31f8027297506 Author: Kweh, Hock Leong Date: Wed Dec 28 04:07:41 2016 +0800 net: stmmac: fix incorrect bit set in gmac4 mdio addr register Fixing the gmac4 mdio write access to use MII_GMAC4_WRITE only instead of OR together with MII_WRITE. Signed-off-by: Kweh, Hock Leong Acked-By: Joao Pinto Signed-off-by: David S. Miller drivers/net/ethernet/stmicro/stmmac/stmmac_mdio.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 610c908773d30907c950ca3b2ee8ac4b2813537b Author: Chun-Hao Lin Date: Tue Dec 27 16:29:43 2016 +0800 r8169: add support for RTL8168 series add-on card. This chip is the same as RTL8168, but its device id is 0x8161. Signed-off-by: Chun-Hao Lin Signed-off-by: David S. Miller drivers/net/ethernet/realtek/r8169.c | 1 + 1 file changed, 1 insertion(+) commit be26727772cd86979255dfaf1eea967338dc0c9b Author: Jason Wang Date: Tue Dec 27 10:49:54 2016 +0800 net: xdp: remove unused bfp_warn_invalid_xdp_buffer() After commit 73b62bd085f4737679ea9afc7867fa5f99ba7d1b ("virtio-net: remove the warning before XDP linearizing"), there's no users for bpf_warn_invalid_xdp_buffer(), so remove it. This is a revert for commit f23bc46c30ca5ef58b8549434899fcbac41b2cfc. Cc: Daniel Borkmann Cc: John Fastabend Signed-off-by: Jason Wang Acked-by: Daniel Borkmann Signed-off-by: David S. Miller include/linux/filter.h | 1 - net/core/filter.c | 6 ------ 2 files changed, 7 deletions(-) commit df30f7408b187929dbde72661c7f7c615268f1d0 Author: pravin shelar Date: Mon Dec 26 08:31:27 2016 -0800 openvswitch: upcall: Fix vlan handling. Networking stack accelerate vlan tag handling by keeping topmost vlan header in skb. This works as long as packet remains in OVS datapath. But during OVS upcall vlan header is pushed on to the packet. When such packet is sent back to OVS datapath, core networking stack might not handle it correctly. Following patch avoids this issue by accelerating the vlan tag during flow key extract. This simplifies datapath by bringing uniform packet processing for packets from all code paths. Fixes: 5108bbaddc ("openvswitch: add processing of L3 packets"). CC: Jarno Rajahalme CC: Jiri Benc Signed-off-by: Pravin B Shelar Signed-off-by: David S. Miller net/openvswitch/datapath.c | 1 - net/openvswitch/flow.c | 54 +++++++++++++++++++++++----------------------- 2 files changed, 27 insertions(+), 28 deletions(-) commit 56ab6b93007e5000a8812985aec1833c4a6a9ce0 Author: Haishuang Yan Date: Sun Dec 25 14:33:16 2016 +0800 ipv4: Namespaceify tcp_tw_reuse knob Different namespaces might have different requirements to reuse TIME-WAIT sockets for new connections. This might be required in cases where different namespace applications are in place which require TIME_WAIT socket connections to be reduced independently of the host. Signed-off-by: Haishuang Yan Signed-off-by: David S. Miller include/net/netns/ipv4.h | 1 + include/net/tcp.h | 1 - net/ipv4/sysctl_net_ipv4.c | 14 +++++++------- net/ipv4/tcp_ipv4.c | 4 ++-- 4 files changed, 10 insertions(+), 10 deletions(-) commit ce95077d0cdfcc8e40dea10a1680249831ccec77 Author: Javier Martinez Canillas Date: Mon Dec 19 11:44:38 2016 -0300 ARM: dts: am4372: Add an empty chosen node to top level DTSI Commit 75813028bbd7 ("ARM: dts: am4372: Remove skeleton.dtsi usage") removed the skeleton.dtsi usage since we want to get rid of it. But this can cause issues when booting a kernel with a boot-loader that doesn't create a chosen node if this isn't present in the DTB since the decompressor relies on a pre-existing chosen node to be available to insert the command line and merge other ATAGS info. Fixes: 75813028bbd7 ("ARM: dts: am4372: Remove skeleton.dtsi usage") Reported-by: Pali Rohar Signed-off-by: Javier Martinez Canillas Signed-off-by: Tony Lindgren arch/arm/boot/dts/am4372.dtsi | 1 + 1 file changed, 1 insertion(+) commit 1d8d6d3f2f7d553c479f24ab93767974a8c2dfad Author: Javier Martinez Canillas Date: Mon Dec 19 11:44:37 2016 -0300 ARM: dts: am33xx: Add an empty chosen node to top level DTSI Commit f8bf01611c99 ("ARM: dts: am33xx: Remove skeleton.dtsi usage") removed the skeleton.dtsi usage since we want to get rid of it. But this can cause issues when booting a kernel with a boot-loader that doesn't create a chosen node if this isn't present in the DTB since the decompressor relies on a pre-existing chosen node to be available to insert the command line and merge other ATAGS info. Fixes: f8bf01611c99 ("ARM: dts: am33xx: Remove skeleton.dtsi usage") Reported-by: Pali Rohar Signed-off-by: Javier Martinez Canillas Signed-off-by: Tony Lindgren arch/arm/boot/dts/am33xx.dtsi | 1 + 1 file changed, 1 insertion(+) commit c9faa84cb9c34852ad70cb175457ae21fc06f39b Author: Javier Martinez Canillas Date: Mon Dec 19 11:44:36 2016 -0300 ARM: dts: omap5: Add an empty chosen node to top level DTSI Commit 76a8548ea987 ("ARM: dts: omap5: Remove skeleton.dtsi usage") removed the skeleton.dtsi usage since we want to get rid of it. But this can cause issues when booting a kernel with a boot-loader that doesn't create a chosen node if this isn't present in the DTB since the decompressor relies on a pre-existing chosen node to be available to insert the command line and merge other ATAGS info. Fixes: 76a8548ea987 ("ARM: dts: omap5: Remove skeleton.dtsi usage") Reported-by: Pali Rohar Signed-off-by: Javier Martinez Canillas Signed-off-by: Tony Lindgren arch/arm/boot/dts/omap5.dtsi | 1 + 1 file changed, 1 insertion(+) commit 6c565d1a63ce241a0100f5d327c48dde87b4df76 Author: Javier Martinez Canillas Date: Mon Dec 19 11:44:35 2016 -0300 ARM: dts: omap4: Add an empty chosen node to top level DTSI Commit da6269e7e3dd ("ARM: dts: omap4: Remove skeleton.dtsi usage") removed the skeleton.dtsi usage since we want to get rid of it. But this can cause issues when booting a kernel with a boot-loader that doesn't create a chosen node if this isn't present in the DTB since the decompressor relies on a pre-existing chosen node to be available to insert the command line and merge other ATAGS info. Fixes: da6269e7e3dd ("ARM: dts: omap4: Remove skeleton.dtsi usage") Reported-by: Pali Rohar Signed-off-by: Javier Martinez Canillas Signed-off-by: Tony Lindgren arch/arm/boot/dts/omap4.dtsi | 1 + 1 file changed, 1 insertion(+) commit 23ab4c6183ac0679d80888b5c4cc1d528fcc21c2 Author: Javier Martinez Canillas Date: Mon Dec 19 11:44:34 2016 -0300 ARM: dts: omap3: Add an empty chosen node to top level DTSI Commit 008a2ebcd677 ("ARM: dts: omap3: Remove skeleton.dtsi usage") removed the skeleton.dtsi usage since we want to get rid of it. But this can cause issues when booting a kernel with a boot-loader that doesn't create a chosen node if this isn't present in the DTB since the decompressor relies on a pre-existing chosen node to be available to insert the command line and merge other ATAGS info. Fixes: 008a2ebcd677 ("ARM: dts: omap3: Remove skeleton.dtsi usage") Reported-by: Pali Rohar Signed-off-by: Javier Martinez Canillas Signed-off-by: Tony Lindgren arch/arm/boot/dts/omap3.dtsi | 1 + 1 file changed, 1 insertion(+) commit 3d37d41a148c32389ed360e10a9f8a7cd37ce166 Author: Javier Martinez Canillas Date: Mon Dec 19 11:44:33 2016 -0300 ARM: dts: omap2: Add an empty chosen node to top level DTSI Commit d1f3156fc8c7 ("ARM: dts: omap2: Remove skeleton.dtsi usage") removed the skeleton.dtsi usage since we want to get rid of it. But this can cause issues when booting a kernel with a boot-loader that doesn't create a chosen node if this isn't present in the DTB since the decompressor relies on a pre-existing chosen node to be available to insert the command line and merge other ATAGS info. Fixes: d1f3156fc8c7 ("ARM: dts: omap2: Remove skeleton.dtsi usage") Reported-by: Pali Rohar Signed-off-by: Javier Martinez Canillas Signed-off-by: Tony Lindgren arch/arm/boot/dts/omap2.dtsi | 1 + 1 file changed, 1 insertion(+) commit ade4d4410f8b8816a8e9d85bfdb4bdcc9464065a Merge: 7ce7d89 4e0203b Author: Jani Nikula Date: Tue Dec 27 12:59:38 2016 +0200 Merge tag 'gvt-fixes-2016-12-26' of https://github.com/01org/gvt-linux into drm-intel-fixes From Zhenyu, "This is current GVT-g device model fixes for 4.10. I need to base on v4.10-rc1 for merged vfio and KVMGT support." Signed-off-by: Jani Nikula commit 7e164ce4e8ecd7e9a58a83750bd3ee03125df154 Author: Sedat Dilek Date: Mon Dec 26 11:05:11 2016 +0100 perf/x86/amd/ibs: Fix typo after cleanup state names in cpu/hotplug Fix a small typo after cleanup state names in cpu/hotplug. The new convention is 'subsys/xxx/yyy:state' where "state" here is called "starting" not "STARTING". Fixes: 73c1b41e63f0 ("cpu/hotplug: Cleanup state names") Signed-off-by: Sedat Dilek Cc: Peter Zijlstra Cc: Borislav Petkov Cc: Paul Gortmaker Link: http://lkml.kernel.org/r/20161226100511.8662-1-sedat.dilek@gmail.com Signed-off-by: Thomas Gleixner arch/x86/events/amd/ibs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 02608e02fbec04fccf2eb0cc8d8082f65c0a4286 Author: Laura Abbott Date: Wed Dec 21 12:32:54 2016 -0800 crypto: testmgr - Use heap buffer for acomp test input Christopher Covington reported a crash on aarch64 on recent Fedora kernels: kernel BUG at ./include/linux/scatterlist.h:140! Internal error: Oops - BUG: 0 [#1] PREEMPT SMP Modules linked in: CPU: 2 PID: 752 Comm: cryptomgr_test Not tainted 4.9.0-11815-ge93b1cc #162 Hardware name: linux,dummy-virt (DT) task: ffff80007c650080 task.stack: ffff800008910000 PC is at sg_init_one+0xa0/0xb8 LR is at sg_init_one+0x24/0xb8 ... [] sg_init_one+0xa0/0xb8 [] test_acomp+0x10c/0x438 [] alg_test_comp+0xb0/0x118 [] alg_test+0x17c/0x2f0 [] cryptomgr_test+0x44/0x50 [] kthread+0xf8/0x128 [] ret_from_fork+0x10/0x50 The test vectors used for input are part of the kernel image. These inputs are passed as a buffer to sg_init_one which eventually blows up with BUG_ON(!virt_addr_valid(buf)). On arm64, virt_addr_valid returns false for the kernel image since virt_to_page will not return the correct page. Fix this by copying the input vectors to heap buffer before setting up the scatterlist. Reported-by: Christopher Covington Fixes: d7db7a882deb ("crypto: acomp - update testmgr with support for acomp") Signed-off-by: Laura Abbott Signed-off-by: Herbert Xu crypto/testmgr.c | 30 ++++++++++++++++++++++++++++-- 1 file changed, 28 insertions(+), 2 deletions(-) commit db27edf80c894e89b9710d20a8d0f02327f36ca0 Merge: 7ce7d89 7961d53 Author: James Bottomley Date: Mon Dec 26 20:32:48 2016 -0800 Merge remote-tracking branch 'mkp-scsi/4.10/scsi-fixes' into fixes commit 1db175428ee374489448361213e9c3b749d14900 Author: Jan Kara Date: Fri Oct 21 11:33:49 2016 +0200 ext4: Simplify DAX fault path Now that dax_iomap_fault() calls ->iomap_begin() without entry lock, we can use transaction starting in ext4_iomap_begin() and thus simplify ext4_dax_fault(). It also provides us proper retries in case of ENOSPC. Signed-off-by: Jan Kara Signed-off-by: Dan Williams fs/ext4/file.c | 48 ++++++++++-------------------------------------- 1 file changed, 10 insertions(+), 38 deletions(-) commit 9f141d6ef6258a3a37a045842d9ba7e68f368956 Author: Jan Kara Date: Wed Oct 19 14:34:31 2016 +0200 dax: Call ->iomap_begin without entry lock during dax fault Currently ->iomap_begin() handler is called with entry lock held. If the filesystem held any locks between ->iomap_begin() and ->iomap_end() (such as ext4 which will want to hold transaction open), this would cause lock inversion with the iomap_apply() from standard IO path which first calls ->iomap_begin() and only then calls ->actor() callback which grabs entry locks for DAX (if it faults when copying from/to user provided buffers). Fix the problem by nesting grabbing of entry lock inside ->iomap_begin() - ->iomap_end() pair. Reviewed-by: Ross Zwisler Signed-off-by: Jan Kara Signed-off-by: Dan Williams fs/dax.c | 121 ++++++++++++++++++++++++++++++++++----------------------------- 1 file changed, 66 insertions(+), 55 deletions(-) commit f449b936f1aff7696b24a338f493d5cee8d48d55 Author: Jan Kara Date: Wed Oct 19 14:48:38 2016 +0200 dax: Finish fault completely when loading holes The only case when we do not finish the page fault completely is when we are loading hole pages into a radix tree. Avoid this special case and finish the fault in that case as well inside the DAX fault handler. It will allow us for easier iomap handling. Reviewed-by: Ross Zwisler Signed-off-by: Jan Kara Signed-off-by: Dan Williams fs/dax.c | 27 ++++++++++++++++++--------- 1 file changed, 18 insertions(+), 9 deletions(-) commit e3fce68cdbed297d927e993b3ea7b8b1cee545da Author: Jan Kara Date: Wed Aug 10 17:10:28 2016 +0200 dax: Avoid page invalidation races and unnecessary radix tree traversals Currently dax_iomap_rw() takes care of invalidating page tables and evicting hole pages from the radix tree when write(2) to the file happens. This invalidation is only necessary when there is some block allocation resulting from write(2). Furthermore in current place the invalidation is racy wrt page fault instantiating a hole page just after we have invalidated it. So perform the page invalidation inside dax_iomap_actor() where we can do it only when really necessary and after blocks have been allocated so nobody will be instantiating new hole pages anymore. Reviewed-by: Christoph Hellwig Reviewed-by: Ross Zwisler Signed-off-by: Jan Kara Signed-off-by: Dan Williams fs/dax.c | 28 +++++++++++----------------- 1 file changed, 11 insertions(+), 17 deletions(-) commit c6dcf52c23d2d3fb5235cec42d7dd3f786b87d55 Author: Jan Kara Date: Wed Aug 10 17:22:44 2016 +0200 mm: Invalidate DAX radix tree entries only if appropriate Currently invalidate_inode_pages2_range() and invalidate_mapping_pages() just delete all exceptional radix tree entries they find. For DAX this is not desirable as we track cache dirtiness in these entries and when they are evicted, we may not flush caches although it is necessary. This can for example manifest when we write to the same block both via mmap and via write(2) (to different offsets) and fsync(2) then does not properly flush CPU caches when modification via write(2) was the last one. Create appropriate DAX functions to handle invalidation of DAX entries for invalidate_inode_pages2_range() and invalidate_mapping_pages() and wire them up into the corresponding mm functions. Acked-by: Johannes Weiner Reviewed-by: Ross Zwisler Signed-off-by: Jan Kara Signed-off-by: Dan Williams fs/dax.c | 71 +++++++++++++++++++++++++++++++++++++++++++------- include/linux/dax.h | 3 +++ mm/truncate.c | 75 +++++++++++++++++++++++++++++++++++++++++++---------- 3 files changed, 125 insertions(+), 24 deletions(-) commit e568df6b84ff05a22467503afc11bee7a6ba0700 Author: Jan Kara Date: Wed Aug 10 16:42:53 2016 +0200 ext2: Return BH_New buffers for zeroed blocks So far we did not return BH_New buffers from ext2_get_blocks() when we allocated and zeroed-out a block for DAX inode to avoid racy zeroing in DAX code. This zeroing is gone these days so we can remove the workaround. Reviewed-by: Ross Zwisler Reviewed-by: Christoph Hellwig Signed-off-by: Jan Kara Signed-off-by: Dan Williams fs/ext2/inode.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 366430b5c2f61a75d45b9fc00886ffff12f395ab Author: Rafael J. Wysocki Date: Sat Dec 24 00:29:56 2016 +0100 cpufreq: intel_pstate: Do not expose PID parameters in passive mode If intel_pstate works in the passive mode in which it acts as a regular cpufreq driver and collaborates with generic cpufreq governors, the PID parameters are not used, so do not expose them via debugfs in that case. Signed-off-by: Rafael J. Wysocki drivers/cpufreq/intel_pstate.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) commit 0dad3a3014a0b9e72521ff44f17e0054f43dcdea Author: Thomas Gleixner Date: Mon Dec 26 22:58:20 2016 +0100 x86/mce/AMD: Make the init code more robust If mce_device_init() fails then the mce device pointer is NULL and the AMD mce code happily dereferences it. Add a sanity check. Reported-by: Markus Trippelsdorf Reported-by: Boris Ostrovsky Signed-off-by: Thomas Gleixner Signed-off-by: Linus Torvalds arch/x86/kernel/cpu/mcheck/mce_amd.c | 3 +++ 1 file changed, 3 insertions(+) commit b9d9d6911bd5c370ad4b3aa57d758c093d17aed5 Author: Thomas Gleixner Date: Mon Dec 26 22:58:19 2016 +0100 smp/hotplug: Undo tglxs brainfart The attempt to prevent overwriting an active state resulted in a disaster which effectively disables all dynamically allocated hotplug states. Cleanup the mess. Fixes: dc280d936239 ("cpu/hotplug: Prevent overwriting of callbacks") Reported-by: Markus Trippelsdorf Reported-by: Boris Ostrovsky Signed-off-by: Thomas Gleixner Signed-off-by: Linus Torvalds kernel/cpu.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) commit c6e2c1e1138fa5cb5bb99381132855bbaf712029 Author: Mika Westerberg Date: Thu Dec 22 13:17:07 2016 +0300 ACPI / watchdog: Print out error number when device creation fails If the platform device creation fails for whichever reason the driver prints out something like: [ 0.978837] ACPI: watchdog: Failed to create platform device However, that is quite confusing and does not include any information why it failed. To make it more understandable, reword it like: [ 0.978837] ACPI: watchdog: Device creation failed: -16 Which tells that we failed to create the watchdog device because some of the resources were already reserved (-EBUSY). Signed-off-by: Mika Westerberg Signed-off-by: Rafael J. Wysocki drivers/acpi/acpi_watchdog.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 9c4aa1eecb48cfac18ed5e3aca9d9ae58fbafc11 Author: Lv Zheng Date: Fri Dec 16 12:07:57 2016 +0800 ACPI / sysfs: Provide quirk mechanism to prevent GPE flooding Sometimes, the users may require a quirk to be provided from ACPI subsystem core to prevent a GPE from flooding. Normally, if a GPE cannot be dispatched, ACPICA core automatically prevents the GPE from firing. But there are cases the GPE is dispatched by _Lxx/_Exx provided via AML table, and OSPM is lacking of the knowledge to get _Lxx/_Exx correctly executed to handle the GPE, thus the GPE flooding may still occur. The existing quirk mechanism can be enabled/disabled using the following commands to prevent such kind of GPE flooding during runtime: # echo mask > /sys/firmware/acpi/interrupts/gpe00 # echo unmask > /sys/firmware/acpi/interrupts/gpe00 To avoid GPE flooding during boot, we need a boot stage mechanism. This patch provides such a boot stage quirk mechanism to stop this kind of GPE flooding. This patch doesn't fix any feature gap but since the new feature gaps could be found in the future endlessly, and can disappear if the feature gaps are filled, providing a boot parameter rather than a DMI table should suffice. Link: https://bugzilla.kernel.org/show_bug.cgi?id=53071 Link: https://bugzilla.kernel.org/show_bug.cgi?id=117481 Link: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/887793 Signed-off-by: Lv Zheng Signed-off-by: Rafael J. Wysocki Documentation/admin-guide/kernel-parameters.txt | 10 +++++ drivers/acpi/internal.h | 1 + drivers/acpi/scan.c | 1 + drivers/acpi/sysfs.c | 56 +++++++++++++++++++++++++ 4 files changed, 68 insertions(+) commit 709f94ff018a4403d0bb32643254058d5d9cfa24 Author: Lorenzo Pieralisi Date: Fri Dec 16 14:43:56 2016 +0000 ACPI: Drop misplaced acpi_dma_deconfigure() call from acpi_bind_one() The acpi_bind_one() error return path can be hit either on physical node allocation failure or if the device being configured is already associated with an ACPI node and its ACPI companion does not match the one acpi_bind_one() is setting it up with. In both cases the error return path is executed before DMA is configured for a device therefore there is no need to call acpi_dma_deconfigure() on the function error return path. Furthermore, if acpi_bind_one() does configure DMA for a device (ie it successfully executes acpi_dma_configure()) acpi_bind_one() always completes execution successfully hence there is no need to add an exit path to deconfigure the DMA set-up (ie by calling acpi_dma_deconfigure()). Remove the misplaced acpi_dma_deconfigure() in acpi_bind_one() to reinstate its correct error return path behaviour. Fixes: d760a1baf20e (ACPI: Implement acpi_dma_configure) Signed-off-by: Lorenzo Pieralisi Signed-off-by: Rafael J. Wysocki drivers/acpi/glue.c | 1 - 1 file changed, 1 deletion(-) commit b4b8664d291ac1998e0f0bcdc96b6397f0fe68b3 Author: Al Viro Date: Mon Dec 26 04:10:19 2016 -0500 arm64: don't pull uaccess.h into *.S Split asm-only parts of arm64 uaccess.h into a new header and use that from *.S. Signed-off-by: Al Viro arch/arm64/include/asm/asm-uaccess.h | 65 ++++++++++++++++++++++++++++++++++++ arch/arm64/include/asm/uaccess.h | 64 ----------------------------------- arch/arm64/kernel/entry.S | 2 +- arch/arm64/lib/clear_user.S | 2 +- arch/arm64/lib/copy_from_user.S | 2 +- arch/arm64/lib/copy_in_user.S | 2 +- arch/arm64/lib/copy_to_user.S | 2 +- arch/arm64/mm/cache.S | 2 +- arch/arm64/xen/hypercall.S | 2 +- 9 files changed, 72 insertions(+), 71 deletions(-) commit e6afb1ad88feddf2347ea779cfaf4d03d3cd40b6 Author: Florian Fainelli Date: Fri Dec 23 19:56:56 2016 -0800 net: korina: Fix NAPI versus resources freeing Commit beb0babfb77e ("korina: disable napi on close and restart") introduced calls to napi_disable() that were missing before, unfortunately this leaves a small window during which NAPI has a chance to run, yet we just freed resources since korina_free_ring() has been called: Fix this by disabling NAPI first then freeing resource, and make sure that we also cancel the restart task before doing the resource freeing. Fixes: beb0babfb77e ("korina: disable napi on close and restart") Reported-by: Alexandros C. Couloumbis Signed-off-by: Florian Fainelli Signed-off-by: David S. Miller drivers/net/ethernet/korina.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 628185cfddf1dfb701c4efe2cfd72cf5b09f5702 Author: Daniel Borkmann Date: Wed Dec 21 18:04:11 2016 +0100 net, sched: fix soft lockup in tc_classify Shahar reported a soft lockup in tc_classify(), where we run into an endless loop when walking the classifier chain due to tp->next == tp which is a state we should never run into. The issue only seems to trigger under load in the tc control path. What happens is that in tc_ctl_tfilter(), thread A allocates a new tp, initializes it, sets tp_created to 1, and calls into tp->ops->change() with it. In that classifier callback we had to unlock/lock the rtnl mutex and returned with -EAGAIN. One reason why we need to drop there is, for example, that we need to request an action module to be loaded. This happens via tcf_exts_validate() -> tcf_action_init/_1() meaning after we loaded and found the requested action, we need to redo the whole request so we don't race against others. While we had to unlock rtnl in that time, thread B's request was processed next on that CPU. Thread B added a new tp instance successfully to the classifier chain. When thread A returned grabbing the rtnl mutex again, propagating -EAGAIN and destroying its tp instance which never got linked, we goto replay and redo A's request. This time when walking the classifier chain in tc_ctl_tfilter() for checking for existing tp instances we had a priority match and found the tp instance that was created and linked by thread B. Now calling again into tp->ops->change() with that tp was successful and returned without error. tp_created was never cleared in the second round, thus kernel thinks that we need to link it into the classifier chain (once again). tp and *back point to the same object due to the match we had earlier on. Thus for thread B's already public tp, we reset tp->next to tp itself and link it into the chain, which eventually causes the mentioned endless loop in tc_classify() once a packet hits the data path. Fix is to clear tp_created at the beginning of each request, also when we replay it. On the paths that can cause -EAGAIN we already destroy the original tp instance we had and on replay we really need to start from scratch. It seems that this issue was first introduced in commit 12186be7d2e1 ("net_cls: fix unconfigured struct tcf_proto keeps chaining and avoid kernel panic when we use cls_cgroup"). Fixes: 12186be7d2e1 ("net_cls: fix unconfigured struct tcf_proto keeps chaining and avoid kernel panic when we use cls_cgroup") Reported-by: Shahar Klein Signed-off-by: Daniel Borkmann Cc: Cong Wang Acked-by: Eric Dumazet Tested-by: Shahar Klein Signed-off-by: David S. Miller net/sched/cls_api.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 0e0694ff1a7791274946b7f51bae692da0001a08 Merge: 65390ea c739c0a Author: Mauro Carvalho Chehab Date: Mon Dec 26 14:09:28 2016 -0200 Merge branch 'patchwork' into v4l_for_linus * patchwork: [media] s5k4ecgx: select CRC32 helper [media] dvb: avoid warning in dvb_net [media] v4l: tvp5150: Don't override output pinmuxing at stream on/off time [media] v4l: tvp5150: Fix comment regarding output pin muxing [media] v4l: tvp5150: Reset device at probe time, not in get/set format handlers [media] pctv452e: move buffer to heap, no mutex [media] media/cobalt: use pci_irq_allocate_vectors [media] cec: fix race between configuring and unconfiguring [media] cec: move cec_report_phys_addr into cec_config_thread_func [media] cec: replace cec_report_features by cec_fill_msg_report_features [media] cec: update log_addr[] before finishing configuration [media] cec: CEC_MSG_GIVE_FEATURES should abort for CEC version < 2 [media] cec: when canceling a message, don't overwrite old status info [media] cec: fix report_current_latency [media] smiapp: Make suspend and resume functions __maybe_unused [media] smiapp: Implement power-on and power-off sequences without runtime PM commit 4e0203ba11e735694600d7c704d7d56f069f9eb6 Author: Pei Zhang Date: Fri Dec 23 23:55:08 2016 +0800 drm/i915/gvt: fix typo in cfg_space range check PCI basic config space's size is 256 bytes. When check if access crosses space range, should use "> 256". Signed-off-by: Pei Zhang Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/cfg_space.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 34700631bd465de3e555e5964f36a0919c466aa8 Author: Min He Date: Wed Dec 21 14:54:48 2016 +0800 drm/i915/gvt: fix an issue in emulating cfg space PCI_COMMAND There's an issue in current cfg space emulation for PCI_COMMAND (offset 0x4): when guest changes some bits other than PCI_COMMAND_MEMORY, this write operation will not be written to virutal cfg space successfully. This patch is to fix the wrong behavior above. Signed-off-by: Min He Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/cfg_space.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 8ff842fd9eab69f8cf99fdd21ce25a5a0411473e Author: Jike Song Date: Fri Dec 16 10:51:07 2016 +0800 drm/i915/gvt/kvmgt: trival: code cleanup Don't introduce local variables unless necessary. Signed-off-by: Jike Song Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/kvmgt.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) commit 364fb6b789ffce44c1b5429086c47b0df6c36aff Author: Jike Song Date: Fri Dec 16 10:51:06 2016 +0800 drm/i915/gvt/kvmgt: prevent double-release of vgpu The release action might be triggered from either user's closing mdev or the detaching event of kvm and vfio_group, so this patch introduces an atomic to prevent double-release. Signed-off-by: Jike Song Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/gvt.h | 1 + drivers/gpu/drm/i915/gvt/kvmgt.c | 24 +++++++++++++++++++++--- 2 files changed, 22 insertions(+), 3 deletions(-) commit faaaa53bdc6750c438887d44f99b60ad97ec74b4 Author: Jike Song Date: Fri Dec 16 10:51:05 2016 +0800 drm/i915/gvt/kvmgt: check returned slot for gfn gfn_to_memslot() may return NULL if the gfn is mmio or invalid. A malicious user might input a bad gfn to panic the host if we don't check it. Signed-off-by: Jike Song Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/kvmgt.c | 8 ++++++++ 1 file changed, 8 insertions(+) commit bfeca3e5716a16b95a1fb7104e477ca3bd5ed59e Author: Jike Song Date: Fri Dec 16 10:51:04 2016 +0800 drm/i915/gvt/kvmgt: dereference the pointer within lock Though there is no issue exposed yet, it's possible that another thread releases the entry while our trying to deref it out of the lock. Fit it by moving the dereference within lock. Signed-off-by: Jike Song Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/kvmgt.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) commit d650ac06023796ade7cb5ec4d5650c67dc494ed0 Author: Ping Gao Date: Thu Dec 8 10:14:48 2016 +0800 drm/i915/gvt: reset the GGTT entry when vGPU created The GGTT space is partitioned between vGPUs, it could be reused by next vGPU after previous one is release, the stale entries need point to scratch page when vGPU created. v2: Reset logic move to vGPU create. v3: Correct the commit msg. v4: Move the reset function to vGPU init gtt function, as result it's no need explicitly in vGPU reset logic as vGPU init gtt called during reset. Signed-off-by: Ping Gao Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/gtt.c | 55 ++++++++++++++++++++++++++++++++++++++++++ drivers/gpu/drm/i915/gvt/gtt.h | 4 +++ 2 files changed, 59 insertions(+) commit b8395cc7a454efc616e335c22af22d8513abdafc Author: Min He Date: Mon Dec 5 10:53:25 2016 +0800 drm/i915/gvt: fix an error in opregion handling It should be vgpu_opregion(vgpu)->va, not vgpu_opregion(vgpu). Signed-off-by: Min He Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/opregion.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 7ce7d89f48834cefece7804d38fc5d85382edf77 Author: Linus Torvalds Date: Sun Dec 25 16:13:08 2016 -0800 Linux 4.10-rc1 Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 8ae679c4bc2ea2d16d92620da8e3e9332fa4039f Author: Larry Finger Date: Thu Dec 22 21:06:53 2016 -0600 powerpc: Fix build warning on 32-bit PPC I am getting the following warning when I build kernel 4.9-git on my PowerBook G4 with a 32-bit PPC processor: AS arch/powerpc/kernel/misc_32.o arch/powerpc/kernel/misc_32.S:299:7: warning: "CONFIG_FSL_BOOKE" is not defined [-Wundef] This problem is evident after commit 989cea5c14be ("kbuild: prevent lib-ksyms.o rebuilds"); however, this change in kbuild only exposes an error that has been in the code since 2005 when this source file was created. That was with commit 9994a33865f4 ("powerpc: Introduce entry_{32,64}.S, misc_{32,64}.S, systbl.S"). The offending line does not make a lot of sense. This error does not seem to cause any errors in the executable, thus I am not recommending that it be applied to any stable versions. Thanks to Nicholas Piggin for suggesting this solution. Fixes: 9994a33865f4 ("powerpc: Introduce entry_{32,64}.S, misc_{32,64}.S, systbl.S") Signed-off-by: Larry Finger Cc: Nicholas Piggin Cc: Benjamin Herrenschmidt Cc: Paul Mackerras Cc: Michael Ellerman Cc: linuxppc-dev@lists.ozlabs.org Signed-off-by: Linus Torvalds arch/powerpc/kernel/misc_32.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d33d5a6c88fcd53fec329a1521010f1bc55fa191 Author: Linus Torvalds Date: Sun Dec 25 14:56:58 2016 -0800 avoid spurious "may be used uninitialized" warning The timer type simplifications caused a new gcc warning: drivers/base/power/domain.c: In function ‘genpd_runtime_suspend’: drivers/base/power/domain.c:562:14: warning: ‘time_start’ may be used uninitialized in this function [-Wmaybe-uninitialized] elapsed_ns = ktime_to_ns(ktime_sub(ktime_get(), time_start)); despite the actual use of "time_start" not having changed in any way. It appears that simply changing the type of ktime_t from a union to a plain scalar type made gcc check the use. The variable wasn't actually used uninitialized, but gcc apparently failed to notice that the conditional around the use was exactly the same as the conditional around the initialization of that variable. Add an unnecessary initialization just to shut up the compiler. Signed-off-by: Linus Torvalds drivers/base/power/domain.c | 1 + 1 file changed, 1 insertion(+) commit 3ddc76dfc786cc6f87852693227fb0b1f124f807 Merge: b272f73 1f3a8e4 Author: Linus Torvalds Date: Sun Dec 25 14:30:04 2016 -0800 Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull timer type cleanups from Thomas Gleixner: "This series does a tree wide cleanup of types related to timers/timekeeping. - Get rid of cycles_t and use a plain u64. The type is not really helpful and caused more confusion than clarity - Get rid of the ktime union. The union has become useless as we use the scalar nanoseconds storage unconditionally now. The 32bit timespec alike storage got removed due to the Y2038 limitations some time ago. That leaves the odd union access around for no reason. Clean it up. Both changes have been done with coccinelle and a small amount of manual mopping up" * 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: ktime: Get rid of ktime_equal() ktime: Cleanup ktime_set() usage ktime: Get rid of the union clocksource: Use a plain u64 instead of cycle_t commit b272f732f888d4cf43c943a40c9aaa836f9b7431 Merge: 10bbe75 008b69e Author: Linus Torvalds Date: Sun Dec 25 14:05:56 2016 -0800 Merge branch 'smp-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull SMP hotplug notifier removal from Thomas Gleixner: "This is the final cleanup of the hotplug notifier infrastructure. The series has been reintgrated in the last two days because there came a new driver using the old infrastructure via the SCSI tree. Summary: - convert the last leftover drivers utilizing notifiers - fixup for a completely broken hotplug user - prevent setup of already used states - removal of the notifiers - treewide cleanup of hotplug state names - consolidation of state space There is a sphinx based documentation pending, but that needs review from the documentation folks" * 'smp-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: irqchip/armada-xp: Consolidate hotplug state space irqchip/gic: Consolidate hotplug state space coresight/etm3/4x: Consolidate hotplug state space cpu/hotplug: Cleanup state names cpu/hotplug: Remove obsolete cpu hotplug register/unregister functions staging/lustre/libcfs: Convert to hotplug state machine scsi/bnx2i: Convert to hotplug state machine scsi/bnx2fc: Convert to hotplug state machine cpu/hotplug: Prevent overwriting of callbacks x86/msr: Remove bogus cleanup from the error path bus: arm-ccn: Prevent hotplug callback leak perf/x86/intel/cstate: Prevent hotplug callback leak ARM/imx/mmcd: Fix broken cpu hotplug handling scsi: qedi: Convert to hotplug state machine commit 10bbe7599e2755d3f3e100103967788b8b5a4bce Merge: 6290602 6886fee Author: Linus Torvalds Date: Sun Dec 25 14:01:28 2016 -0800 Merge branch 'turbostat' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux Pull turbostat updates from Len Brown. * 'turbostat' of git://git.kernel.org/pub/scm/linux/kernel/git/lenb/linux: tools/power turbostat: remove obsolete -M, -m, -C, -c options tools/power turbostat: Make extensible via the --add parameter tools/power turbostat: Denverton uses a 25 MHz crystal, not 19.2 MHz tools/power turbostat: line up headers when -M is used tools/power turbostat: fix SKX PKG_CSTATE_LIMIT decoding tools/power turbostat: Support Knights Mill (KNM) tools/power turbostat: Display HWP OOB status tools/power turbostat: fix Denverton BCLK tools/power turbostat: use intel-family.h model strings tools/power/turbostat: Add Denverton RAPL support tools/power/turbostat: Add Denverton support tools/power/turbostat: split core MSR support into status + limit tools/power turbostat: fix error case overflow read of slm_freq_table[] tools/power turbostat: Allocate correct amount of fd and irq entries tools/power turbostat: switch to tab delimited output tools/power turbostat: Gracefully handle ACPI S3 tools/power turbostat: tidy up output on Joule counter overflow commit 62906027091f1d02de44041524f0769f60bb9cf3 Author: Nicholas Piggin Date: Sun Dec 25 13:00:30 2016 +1000 mm: add PageWaiters indicating tasks are waiting for a page bit Add a new page flag, PageWaiters, to indicate the page waitqueue has tasks waiting. This can be tested rather than testing waitqueue_active which requires another cacheline load. This bit is always set when the page has tasks on page_waitqueue(page), and is set and cleared under the waitqueue lock. It may be set when there are no tasks on the waitqueue, which will cause a harmless extra wakeup check that will clears the bit. The generic bit-waitqueue infrastructure is no longer used for pages. Instead, waitqueues are used directly with a custom key type. The generic code was not flexible enough to have PageWaiters manipulation under the waitqueue lock (which simplifies concurrency). This improves the performance of page lock intensive microbenchmarks by 2-3%. Putting two bits in the same word opens the opportunity to remove the memory barrier between clearing the lock bit and testing the waiters bit, after some work on the arch primitives (e.g., ensuring memory operand widths match and cover both bits). Signed-off-by: Nicholas Piggin Cc: Dave Hansen Cc: Bob Peterson Cc: Steven Whitehouse Cc: Andrew Lutomirski Cc: Andreas Gruenbacher Cc: Peter Zijlstra Cc: Mel Gorman Signed-off-by: Linus Torvalds include/linux/mm.h | 2 + include/linux/page-flags.h | 9 ++ include/linux/pagemap.h | 23 +++--- include/linux/writeback.h | 1 - include/trace/events/mmflags.h | 1 + init/main.c | 3 +- mm/filemap.c | 181 +++++++++++++++++++++++++++++++++-------- mm/internal.h | 2 + mm/swap.c | 2 + 9 files changed, 174 insertions(+), 50 deletions(-) commit 6326fec1122cde256bd2a8c63f2606e08e44ce1d Author: Nicholas Piggin Date: Sun Dec 25 13:00:29 2016 +1000 mm: Use owner_priv bit for PageSwapCache, valid when PageSwapBacked A page is not added to the swap cache without being swap backed, so PageSwapBacked mappings can use PG_owner_priv_1 for PageSwapCache. Signed-off-by: Nicholas Piggin Acked-by: Hugh Dickins Cc: Dave Hansen Cc: Bob Peterson Cc: Steven Whitehouse Cc: Andrew Lutomirski Cc: Andreas Gruenbacher Cc: Peter Zijlstra Cc: Mel Gorman Signed-off-by: Linus Torvalds include/linux/page-flags.h | 24 ++++++++++++++++-------- include/trace/events/mmflags.h | 1 - mm/memory-failure.c | 4 +--- mm/migrate.c | 14 ++++++++------ 4 files changed, 25 insertions(+), 18 deletions(-) commit 1f3a8e49d8f28f498b8694464623ac20aebfe62a Author: Thomas Gleixner Date: Sun Dec 25 12:43:07 2016 +0100 ktime: Get rid of ktime_equal() No point in going through loops and hoops instead of just comparing the values. Signed-off-by: Thomas Gleixner Cc: Peter Zijlstra fs/dlm/lock.c | 5 ++--- fs/nfs/flexfilelayout/flexfilelayout.c | 2 +- include/linux/ktime.h | 15 --------------- net/ipv6/mip6.c | 2 +- 4 files changed, 4 insertions(+), 20 deletions(-) commit 8b0e195314fabd58a331c4f7b6db75a1565535d7 Author: Thomas Gleixner Date: Sun Dec 25 12:30:41 2016 +0100 ktime: Cleanup ktime_set() usage ktime_set(S,N) was required for the timespec storage type and is still useful for situations where a Seconds and Nanoseconds part of a time value needs to be converted. For anything where the Seconds argument is 0, this is pointless and can be replaced with a simple assignment. Signed-off-by: Thomas Gleixner Cc: Peter Zijlstra arch/powerpc/kvm/book3s_hv.c | 3 +-- arch/powerpc/oprofile/cell/spu_profiler.c | 4 ++-- arch/s390/kvm/interrupt.c | 2 +- arch/x86/kvm/lapic.c | 4 ++-- block/blk-mq.c | 2 +- drivers/base/power/main.c | 2 +- drivers/base/power/wakeup.c | 2 +- drivers/block/null_blk.c | 2 +- drivers/dma/dmatest.c | 4 ++-- drivers/gpu/drm/amd/amdgpu/dce_virtual.c | 6 +++--- drivers/gpu/drm/i915/intel_uncore.c | 2 +- drivers/gpu/drm/nouveau/nouveau_fence.c | 2 +- drivers/gpu/drm/tilcdc/tilcdc_crtc.c | 2 +- drivers/iio/trigger/iio-trig-hrtimer.c | 5 ++--- drivers/input/joystick/walkera0701.c | 2 +- drivers/mailbox/mailbox.c | 3 +-- drivers/media/dvb-core/dmxdev.c | 2 +- drivers/media/pci/cx88/cx88-input.c | 6 ++---- drivers/media/pci/pt3/pt3.c | 2 +- drivers/net/can/softing/softing_fw.c | 4 ++-- drivers/net/can/softing/softing_main.c | 2 +- drivers/net/ethernet/ec_bhf.c | 5 ++--- drivers/net/ethernet/marvell/mvpp2.c | 2 +- drivers/net/ethernet/tile/tilegx.c | 4 ++-- drivers/net/ieee802154/at86rf230.c | 9 ++++----- drivers/net/usb/cdc_ncm.c | 2 +- drivers/net/wireless/ralink/rt2x00/rt2800usb.c | 4 ++-- drivers/pci/quirks.c | 2 +- drivers/platform/x86/msi-wmi.c | 2 +- drivers/power/reset/ltc2952-poweroff.c | 2 +- drivers/rtc/interface.c | 8 ++++---- drivers/s390/crypto/ap_bus.c | 4 ++-- drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c | 2 +- drivers/scsi/scsi_debug.c | 2 +- drivers/scsi/ufs/ufshcd.c | 4 ++-- drivers/usb/gadget/function/f_ncm.c | 3 +-- drivers/usb/host/ehci-timer.c | 3 +-- drivers/usb/host/fotg210-hcd.c | 3 +-- drivers/usb/musb/musb_cppi41.c | 9 ++++----- fs/dlm/lock.c | 2 +- fs/gfs2/glock.c | 2 +- fs/timerfd.c | 2 +- include/linux/skbuff.h | 2 +- kernel/sched/core.c | 2 +- kernel/time/alarmtimer.c | 4 ++-- kernel/time/hrtimer.c | 2 +- kernel/time/posix-timers.c | 2 +- kernel/time/tick-common.c | 4 ++-- net/can/bcm.c | 4 ++-- net/mac802154/util.c | 4 ++-- net/sched/sch_cbq.c | 2 +- net/sctp/transport.c | 2 +- net/xfrm/xfrm_state.c | 2 +- sound/drivers/pcsp/pcsp_lib.c | 2 +- sound/firewire/lib.c | 6 +++--- sound/sh/sh_dac_audio.c | 2 +- 56 files changed, 84 insertions(+), 95 deletions(-) commit 2456e855354415bfaeb7badaa14e11b3e02c8466 Author: Thomas Gleixner Date: Sun Dec 25 11:38:40 2016 +0100 ktime: Get rid of the union ktime is a union because the initial implementation stored the time in scalar nanoseconds on 64 bit machine and in a endianess optimized timespec variant for 32bit machines. The Y2038 cleanup removed the timespec variant and switched everything to scalar nanoseconds. The union remained, but become completely pointless. Get rid of the union and just keep ktime_t as simple typedef of type s64. The conversion was done with coccinelle and some manual mopping up. Signed-off-by: Thomas Gleixner Cc: Peter Zijlstra drivers/base/power/wakeup.c | 2 +- drivers/media/rc/ir-rx51.c | 2 +- drivers/rtc/interface.c | 8 ++-- drivers/usb/chipidea/otg_fsm.c | 14 +++---- drivers/usb/host/ehci-timer.c | 2 +- drivers/usb/host/fotg210-hcd.c | 2 +- fs/aio.c | 4 +- fs/nfs/flexfilelayout/flexfilelayout.c | 3 +- fs/ocfs2/cluster/heartbeat.c | 2 +- fs/timerfd.c | 26 ++++++------- include/linux/futex.h | 4 +- include/linux/hrtimer.h | 12 +++--- include/linux/ktime.h | 68 ++++++++++++---------------------- include/linux/tick.h | 4 +- include/linux/wait.h | 2 +- include/net/red.h | 4 +- include/net/sock.h | 4 +- include/trace/events/alarmtimer.h | 6 +-- include/trace/events/timer.h | 16 ++++---- kernel/futex.c | 4 +- kernel/signal.c | 6 +-- kernel/time/alarmtimer.c | 20 +++++----- kernel/time/clockevents.c | 6 +-- kernel/time/hrtimer.c | 52 +++++++++++++------------- kernel/time/itimer.c | 10 ++--- kernel/time/ntp.c | 2 +- kernel/time/posix-timers.c | 20 +++++----- kernel/time/tick-broadcast-hrtimer.c | 2 +- kernel/time/tick-broadcast.c | 24 ++++++------ kernel/time/tick-oneshot.c | 2 +- kernel/time/tick-sched.c | 22 +++++------ kernel/time/timekeeping.c | 6 +-- lib/timerqueue.c | 4 +- net/can/bcm.c | 28 +++++++------- net/can/gw.c | 2 +- net/core/dev.c | 4 +- net/core/skbuff.c | 2 +- net/ipv4/tcp_output.c | 4 +- net/ipv6/exthdrs.c | 2 +- net/ipx/af_ipx.c | 2 +- net/netfilter/nf_conntrack_core.c | 2 +- net/netfilter/nfnetlink_log.c | 2 +- net/netfilter/nfnetlink_queue.c | 4 +- net/netfilter/xt_time.c | 2 +- net/sched/sch_netem.c | 2 +- net/socket.c | 2 +- net/sunrpc/svcsock.c | 2 +- sound/core/hrtimer.c | 2 +- 48 files changed, 200 insertions(+), 227 deletions(-) commit a5a1d1c2914b5316924c7893eb683a5420ebd3be Author: Thomas Gleixner Date: Wed Dec 21 20:32:01 2016 +0100 clocksource: Use a plain u64 instead of cycle_t There is no point in having an extra type for extra confusion. u64 is unambiguous. Conversion was done with the following coccinelle script: @rem@ @@ -typedef u64 cycle_t; @fix@ typedef cycle_t; @@ -cycle_t +u64 Signed-off-by: Thomas Gleixner Cc: Peter Zijlstra Cc: John Stultz arch/alpha/kernel/time.c | 4 +- arch/arm/mach-davinci/time.c | 2 +- arch/arm/mach-ep93xx/timer-ep93xx.c | 4 +- arch/arm/mach-footbridge/dc21285-timer.c | 2 +- arch/arm/mach-ixp4xx/common.c | 2 +- arch/arm/mach-mmp/time.c | 2 +- arch/arm/mach-omap2/timer.c | 4 +- arch/arm/plat-iop/time.c | 2 +- arch/avr32/kernel/time.c | 4 +- arch/blackfin/kernel/time-ts.c | 4 +- arch/c6x/kernel/time.c | 2 +- arch/hexagon/kernel/time.c | 4 +- arch/ia64/kernel/cyclone.c | 4 +- arch/ia64/kernel/fsyscall_gtod_data.h | 6 +-- arch/ia64/kernel/time.c | 6 +-- arch/ia64/sn/kernel/sn2/timer.c | 4 +- arch/m68k/68000/timers.c | 2 +- arch/m68k/coldfire/dma_timer.c | 2 +- arch/m68k/coldfire/pit.c | 2 +- arch/m68k/coldfire/sltimers.c | 2 +- arch/m68k/coldfire/timers.c | 2 +- arch/microblaze/kernel/timer.c | 6 +-- arch/mips/alchemy/common/time.c | 2 +- arch/mips/cavium-octeon/csrc-octeon.c | 2 +- arch/mips/jz4740/time.c | 2 +- arch/mips/kernel/cevt-txx9.c | 2 +- arch/mips/kernel/csrc-bcm1480.c | 4 +- arch/mips/kernel/csrc-ioasic.c | 2 +- arch/mips/kernel/csrc-r4k.c | 2 +- arch/mips/kernel/csrc-sb1250.c | 4 +- arch/mips/loongson32/common/time.c | 4 +- arch/mips/loongson64/common/cs5536/cs5536_mfgpt.c | 4 +- arch/mips/loongson64/loongson-3/hpet.c | 4 +- arch/mips/mti-malta/malta-time.c | 2 +- arch/mips/netlogic/common/time.c | 4 +- arch/mips/sgi-ip27/ip27-timer.c | 2 +- arch/mn10300/kernel/csrc-mn10300.c | 2 +- arch/nios2/kernel/time.c | 2 +- arch/openrisc/kernel/time.c | 4 +- arch/parisc/kernel/time.c | 2 +- arch/powerpc/kernel/time.c | 14 +++--- arch/s390/kernel/time.c | 2 +- arch/sparc/kernel/time_32.c | 2 +- arch/sparc/kernel/time_64.c | 2 +- arch/um/kernel/time.c | 2 +- arch/unicore32/kernel/time.c | 2 +- arch/x86/entry/vdso/vclock_gettime.c | 8 +-- arch/x86/include/asm/kvm_host.h | 2 +- arch/x86/include/asm/pvclock.h | 7 ++- arch/x86/include/asm/tsc.h | 2 +- arch/x86/include/asm/vgtod.h | 4 +- arch/x86/kernel/apb_timer.c | 4 +- arch/x86/kernel/cpu/mshyperv.c | 4 +- arch/x86/kernel/hpet.c | 14 +++--- arch/x86/kernel/kvmclock.c | 10 ++-- arch/x86/kernel/pvclock.c | 4 +- arch/x86/kernel/tsc.c | 6 +-- arch/x86/kvm/x86.c | 14 +++--- arch/x86/lguest/boot.c | 2 +- arch/x86/platform/uv/uv_time.c | 8 +-- arch/x86/xen/time.c | 6 +-- arch/x86/xen/xen-ops.h | 2 +- arch/xtensa/kernel/time.c | 4 +- drivers/char/hpet.c | 4 +- drivers/clocksource/acpi_pm.c | 14 +++--- drivers/clocksource/arc_timer.c | 12 ++--- drivers/clocksource/arm_arch_timer.c | 4 +- drivers/clocksource/arm_global_timer.c | 2 +- drivers/clocksource/cadence_ttc_timer.c | 4 +- drivers/clocksource/clksrc-dbx500-prcmu.c | 2 +- drivers/clocksource/dw_apb_timer.c | 8 +-- drivers/clocksource/em_sti.c | 12 ++--- drivers/clocksource/exynos_mct.c | 6 +-- drivers/clocksource/h8300_timer16.c | 2 +- drivers/clocksource/h8300_tpu.c | 2 +- drivers/clocksource/i8253.c | 4 +- drivers/clocksource/jcore-pit.c | 2 +- drivers/clocksource/metag_generic.c | 2 +- drivers/clocksource/mips-gic-timer.c | 2 +- drivers/clocksource/mmio.c | 18 +++---- drivers/clocksource/mxs_timer.c | 2 +- drivers/clocksource/qcom-timer.c | 2 +- drivers/clocksource/samsung_pwm_timer.c | 2 +- drivers/clocksource/scx200_hrt.c | 4 +- drivers/clocksource/sh_cmt.c | 2 +- drivers/clocksource/sh_tmu.c | 2 +- drivers/clocksource/tcb_clksrc.c | 4 +- drivers/clocksource/time-pistachio.c | 4 +- drivers/clocksource/timer-atlas7.c | 2 +- drivers/clocksource/timer-atmel-pit.c | 2 +- drivers/clocksource/timer-atmel-st.c | 2 +- drivers/clocksource/timer-nps.c | 4 +- drivers/clocksource/timer-prima2.c | 2 +- drivers/clocksource/timer-sun5i.c | 2 +- drivers/clocksource/timer-ti-32k.c | 4 +- drivers/clocksource/vt8500_timer.c | 4 +- drivers/hv/hv.c | 8 +-- drivers/irqchip/irq-mips-gic.c | 16 +++--- drivers/net/ethernet/amd/xgbe/xgbe-ptp.c | 2 +- drivers/net/ethernet/broadcom/bnx2x/bnx2x_main.c | 2 +- drivers/net/ethernet/freescale/fec_ptp.c | 2 +- drivers/net/ethernet/intel/e1000e/netdev.c | 18 +++---- drivers/net/ethernet/intel/e1000e/ptp.c | 4 +- drivers/net/ethernet/intel/igb/igb_ptp.c | 4 +- drivers/net/ethernet/intel/ixgbe/ixgbe_ptp.c | 4 +- drivers/net/ethernet/mellanox/mlx4/en_clock.c | 2 +- drivers/net/ethernet/mellanox/mlx4/main.c | 4 +- drivers/net/ethernet/mellanox/mlx5/core/en_clock.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/main.c | 4 +- .../net/ethernet/mellanox/mlx5/core/mlx5_core.h | 2 +- drivers/net/ethernet/ti/cpts.c | 2 +- include/kvm/arm_arch_timer.h | 4 +- include/linux/clocksource.h | 22 ++++----- include/linux/dw_apb_timer.h | 2 +- include/linux/irqchip/mips-gic.h | 8 +-- include/linux/mlx4/device.h | 2 +- include/linux/timecounter.h | 12 ++--- include/linux/timekeeper_internal.h | 10 ++-- include/linux/timekeeping.h | 4 +- include/linux/types.h | 3 -- kernel/time/clocksource.c | 2 +- kernel/time/jiffies.c | 4 +- kernel/time/timecounter.c | 6 +-- kernel/time/timekeeping.c | 57 ++++++++++------------ kernel/time/timekeeping_internal.h | 6 +-- kernel/trace/ftrace.c | 4 +- kernel/trace/trace.c | 6 +-- kernel/trace/trace.h | 8 +-- kernel/trace/trace_irqsoff.c | 4 +- kernel/trace/trace_sched_wakeup.c | 4 +- sound/hda/hdac_stream.c | 6 +-- virt/kvm/arm/arch_timer.c | 6 +-- 132 files changed, 320 insertions(+), 327 deletions(-) commit 008b69e4d52f2cbee3ed0d0502edd78155000b1a Author: Thomas Gleixner Date: Wed Dec 21 20:19:57 2016 +0100 irqchip/armada-xp: Consolidate hotplug state space The mpic is either the main interrupt controller or is cascaded behind a GIC. The mpic is single instance and the modes are mutually exclusive, so there is no reason to have seperate cpu hotplug states. Signed-off-by: Thomas Gleixner Cc: Peter Zijlstra Cc: Thomas Petazzoni Cc: Sebastian Siewior Cc: Marc Zyngier Link: http://lkml.kernel.org/r/20161221192112.333161745@linutronix.de Signed-off-by: Thomas Gleixner drivers/irqchip/irq-armada-370-xp.c | 2 +- include/linux/cpuhotplug.h | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) commit 6896bcd198df04777820cab4acc70142e87d5ce0 Author: Thomas Gleixner Date: Wed Dec 21 20:19:56 2016 +0100 irqchip/gic: Consolidate hotplug state space Even if both drivers are compiled in only one instance can run on a given system depending on the available GIC version. So having seperate hotplug states for them is pointless. Signed-off-by: Thomas Gleixner Cc: Peter Zijlstra Cc: Marc Zyngier Cc: Sebastian Siewior Link: http://lkml.kernel.org/r/20161221192112.252416267@linutronix.de Signed-off-by: Thomas Gleixner drivers/irqchip/irq-gic-v3.c | 2 +- include/linux/cpuhotplug.h | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) commit 36e5b0e39194b09a10f19697fb9ea4ccc44eb166 Author: Thomas Gleixner Date: Wed Dec 21 20:19:55 2016 +0100 coresight/etm3/4x: Consolidate hotplug state space Even if both drivers are compiled in only one instance can run on a given system depending on the available tracer cell. So having seperate hotplug states for them is pointless. Signed-off-by: Thomas Gleixner Cc: Peter Zijlstra Cc: Sebastian Siewior Cc: Mathieu Poirier Link: http://lkml.kernel.org/r/20161221192112.162765484@linutronix.de Signed-off-by: Thomas Gleixner drivers/hwtracing/coresight/coresight-etm4x.c | 4 ++-- include/linux/cpuhotplug.h | 1 - 2 files changed, 2 insertions(+), 3 deletions(-) commit 73c1b41e63f040e92669e61a02c7893933bfe743 Author: Thomas Gleixner Date: Wed Dec 21 20:19:54 2016 +0100 cpu/hotplug: Cleanup state names When the state names got added a script was used to add the extra argument to the calls. The script basically converted the state constant to a string, but the cleanup to convert these strings into meaningful ones did not happen. Replace all the useless strings with 'subsys/xxx/yyy:state' strings which are used in all the other places already. Signed-off-by: Thomas Gleixner Cc: Peter Zijlstra Cc: Sebastian Siewior Link: http://lkml.kernel.org/r/20161221192112.085444152@linutronix.de Signed-off-by: Thomas Gleixner arch/arm/kernel/smp_twd.c | 2 +- arch/arm/mach-mvebu/coherency.c | 2 +- arch/arm/mm/cache-l2x0-pmu.c | 2 +- arch/arm/mm/cache-l2x0.c | 2 +- arch/arm/vfp/vfpmodule.c | 2 +- arch/arm/xen/enlighten.c | 2 +- arch/arm64/kernel/armv8_deprecated.c | 2 +- arch/arm64/kernel/debug-monitors.c | 2 +- arch/arm64/kernel/hw_breakpoint.c | 2 +- arch/blackfin/kernel/perf_event.c | 2 +- arch/metag/kernel/perf/perf_event.c | 2 +- arch/mips/kernel/pm-cps.c | 2 +- arch/mips/oprofile/op_model_loongson3.c | 2 +- arch/powerpc/mm/numa.c | 2 +- arch/powerpc/perf/core-book3s.c | 2 +- arch/s390/kernel/perf_cpum_cf.c | 2 +- arch/s390/kernel/perf_cpum_sf.c | 2 +- arch/x86/entry/vdso/vma.c | 2 +- arch/x86/events/amd/ibs.c | 2 +- arch/x86/events/amd/power.c | 2 +- arch/x86/events/amd/uncore.c | 6 +++--- arch/x86/events/core.c | 6 +++--- arch/x86/events/intel/cqm.c | 4 ++-- arch/x86/events/intel/rapl.c | 4 ++-- arch/x86/events/intel/uncore.c | 10 +++++----- arch/x86/kernel/apb_timer.c | 2 +- arch/x86/kernel/apic/x2apic_cluster.c | 2 +- arch/x86/kernel/hpet.c | 4 ++-- arch/x86/kernel/tboot.c | 2 +- arch/x86/kvm/x86.c | 2 +- arch/x86/xen/enlighten.c | 4 ++-- arch/xtensa/kernel/perf_event.c | 2 +- drivers/bus/arm-cci.c | 2 +- drivers/bus/arm-ccn.c | 2 +- drivers/clocksource/arc_timer.c | 2 +- drivers/clocksource/arm_arch_timer.c | 2 +- drivers/clocksource/arm_global_timer.c | 2 +- drivers/clocksource/dummy_timer.c | 2 +- drivers/clocksource/exynos_mct.c | 2 +- drivers/clocksource/jcore-pit.c | 2 +- drivers/clocksource/metag_generic.c | 2 +- drivers/clocksource/mips-gic-timer.c | 4 ++-- drivers/clocksource/qcom-timer.c | 2 +- drivers/clocksource/time-armada-370-xp.c | 2 +- drivers/clocksource/timer-atlas7.c | 2 +- drivers/hwtracing/coresight/coresight-etm3x.c | 4 ++-- drivers/hwtracing/coresight/coresight-etm4x.c | 4 ++-- drivers/irqchip/irq-armada-370-xp.c | 4 ++-- drivers/irqchip/irq-bcm2836.c | 2 +- drivers/irqchip/irq-gic-v3.c | 4 ++-- drivers/irqchip/irq-gic.c | 2 +- drivers/irqchip/irq-hip04.c | 2 +- drivers/leds/trigger/ledtrig-cpu.c | 2 +- drivers/net/virtio_net.c | 4 ++-- drivers/perf/arm_pmu.c | 2 +- drivers/xen/events/events_fifo.c | 2 +- virt/kvm/arm/arch_timer.c | 2 +- virt/kvm/arm/vgic/vgic-init.c | 2 +- virt/kvm/kvm_main.c | 2 +- 59 files changed, 77 insertions(+), 77 deletions(-) commit 530e9b76ae8f863dfdef4a6ad0b38613d32e8c3f Author: Thomas Gleixner Date: Wed Dec 21 20:19:53 2016 +0100 cpu/hotplug: Remove obsolete cpu hotplug register/unregister functions hotcpu_notifier(), cpu_notifier(), __hotcpu_notifier(), __cpu_notifier(), register_hotcpu_notifier(), register_cpu_notifier(), __register_hotcpu_notifier(), __register_cpu_notifier(), unregister_hotcpu_notifier(), unregister_cpu_notifier(), __unregister_hotcpu_notifier(), __unregister_cpu_notifier() are unused now. Remove them and all related code. Remove also the now pointless cpu notifier error injection mechanism. The states can be executed step by step and error rollback is the same as cpu down, so any state transition can be tested w/o requiring the notifier error injection. Some CPU hotplug states are kept as they are (ab)used for hotplug state tracking. Signed-off-by: Sebastian Andrzej Siewior Signed-off-by: Thomas Gleixner Cc: Peter Zijlstra Cc: rt@linutronix.de Link: http://lkml.kernel.org/r/20161221192112.005642358@linutronix.de Signed-off-by: Thomas Gleixner include/linux/cpu.h | 90 -------------------------- include/linux/cpuhotplug.h | 3 - kernel/cpu.c | 139 +--------------------------------------- lib/Kconfig.debug | 24 ------- lib/Makefile | 1 - lib/cpu-notifier-error-inject.c | 84 ------------------------ 6 files changed, 1 insertion(+), 340 deletions(-) commit 7b737965b33188bd3dbb44e938535c4006d97fbb Author: Anna-Maria Gleixner Date: Wed Dec 21 20:19:52 2016 +0100 staging/lustre/libcfs: Convert to hotplug state machine Install the callbacks via the state machine. No functional change. Signed-off-by: Anna-Maria Gleixner Signed-off-by: Sebastian Andrzej Siewior Cc: devel@driverdev.osuosl.org Cc: Andreas Dilger Cc: Peter Zijlstra Cc: Greg Kroah-Hartman Cc: Oleg Drokin Cc: rt@linutronix.de Cc: lustre-devel@lists.lustre.org Link: http://lkml.kernel.org/r/20161202110027.htzzeervzkoc4muv@linutronix.de Link: http://lkml.kernel.org/r/20161221192111.922872524@linutronix.de Signed-off-by: Thomas Gleixner .../staging/lustre/lnet/libcfs/linux/linux-cpu.c | 85 ++++++++++++---------- include/linux/cpuhotplug.h | 1 + 2 files changed, 46 insertions(+), 40 deletions(-) commit e210faa2359f92eb2e417cd8462eb980a4dbb172 Author: Sebastian Andrzej Siewior Date: Wed Dec 21 20:19:51 2016 +0100 scsi/bnx2i: Convert to hotplug state machine Install the callbacks via the state machine. No functional change. This is the minimal fixup so we can remove the hotplug notifier mess completely. The real rework of this driver to use work queues is still stuck in review/testing on the SCSI mailing list. Signed-off-by: Sebastian Andrzej Siewior Cc: "James E.J. Bottomley" Cc: linux-scsi@vger.kernel.org Cc: "Martin K. Petersen" Cc: Peter Zijlstra Cc: Chad Dupuis Cc: QLogic-Storage-Upstream@qlogic.com Cc: Johannes Thumshirn Cc: Christoph Hellwig Link: http://lkml.kernel.org/r/20161221192111.836895753@linutronix.de Signed-off-by: Thomas Gleixner drivers/scsi/bnx2i/bnx2i_init.c | 78 ++++++++++++++++------------------------- include/linux/cpuhotplug.h | 1 + 2 files changed, 31 insertions(+), 48 deletions(-) commit c53b005dd64bdcf5acac00bd55ecf94dda22dc4f Author: Sebastian Andrzej Siewior Date: Wed Dec 21 20:19:50 2016 +0100 scsi/bnx2fc: Convert to hotplug state machine Install the callbacks via the state machine. No functional change. This is the minimal fixup so we can remove the hotplug notifier mess completely. The real rework of this driver to use work queues is still stuck in review/testing on the SCSI mailing list. Signed-off-by: Sebastian Andrzej Siewior Cc: "James E.J. Bottomley" Cc: linux-scsi@vger.kernel.org Cc: "Martin K. Petersen" Cc: Peter Zijlstra Cc: Chad Dupuis Cc: QLogic-Storage-Upstream@qlogic.com Cc: Johannes Thumshirn Cc: Christoph Hellwig Link: http://lkml.kernel.org/r/20161221192111.757309869@linutronix.de Signed-off-by: Thomas Gleixner drivers/scsi/bnx2fc/bnx2fc_fcoe.c | 79 ++++++++++++++++----------------------- include/linux/cpuhotplug.h | 1 + 2 files changed, 34 insertions(+), 46 deletions(-) commit dc280d93623927570da279e99393879dbbab39e7 Author: Thomas Gleixner Date: Wed Dec 21 20:19:49 2016 +0100 cpu/hotplug: Prevent overwriting of callbacks Developers manage to overwrite states blindly without thought. That's fatal and hard to debug. Add sanity checks to make it fail. This requries to restructure the code so that the dynamic state allocation happens in the same lock protected section as the actual store. Otherwise the previous assignment of 'Reserved' to the name field would trigger the overwrite check. Signed-off-by: Thomas Gleixner Cc: Peter Zijlstra Cc: Sebastian Siewior Link: http://lkml.kernel.org/r/20161221192111.675234535@linutronix.de Signed-off-by: Thomas Gleixner kernel/cpu.c | 96 +++++++++++++++++++++++++++++++----------------------------- 1 file changed, 50 insertions(+), 46 deletions(-) commit 59fefd0890f12716b39de1d4e5482fd739316262 Author: Thomas Gleixner Date: Thu Dec 22 10:32:38 2016 +0100 x86/msr: Remove bogus cleanup from the error path The error cleanup which is invoked when the hotplug state setup failed tries to remove the failed state, which is broken. Fixes: 8fba38c937cd ("x86/msr: Convert to hotplug state machine") Reported-by: kernel test robot Signed-off-by: Thomas Gleixner Cc: Sebastian Siewior arch/x86/kernel/msr.c | 1 - 1 file changed, 1 deletion(-) commit 26242b330093fd14c2e94fb6cbdf0f482ab26576 Author: Thomas Gleixner Date: Thu Dec 22 11:14:06 2016 +0100 bus: arm-ccn: Prevent hotplug callback leak In case the driver registration fails, the hotplug callback is leaked. Not fatal, because it's never invoked as there are no instances registered, but wrong nevertheless. Fixes: fdc15a36d84e ("bus/arm-ccn: Convert to hotplug statemachine") Signed-off-by: Thomas Gleixner Cc: Sebastian Andrzej Siewior Cc: Mark Rutland Cc: Pawel Moll Cc: Suzuki K Poulose Cc: Peter Zijlstra Cc: Will Deacon drivers/bus/arm-ccn.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit 834fcd298003c10ce450e66960c78893cb1cc4b5 Author: Thomas Gleixner Date: Thu Dec 22 11:02:08 2016 +0100 perf/x86/intel/cstate: Prevent hotplug callback leak If the pmu registration fails the registered hotplug callbacks are not removed. Wrong in any case, but fatal in case of a modular driver. Replace the nonsensical state names with proper ones while at it. Fixes: 77c34ef1c319 ("perf/x86/intel/cstate: Convert Intel CSTATE to hotplug state machine") Signed-off-by: Thomas Gleixner Cc: Sebastian Siewior Cc: Peter Zijlstra Cc: stable@vger.kernel.org arch/x86/events/intel/cstate.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) commit a051f220d6b9bf9367695e2c319ccc3712b631ee Author: Thomas Gleixner Date: Wed Dec 21 20:19:48 2016 +0100 ARM/imx/mmcd: Fix broken cpu hotplug handling The cpu hotplug support of this perf driver is broken in several ways: 1) It adds a instance before setting up the state. 2) The state for the instance is different from the state of the callback. It's just a randomly chosen state. 3) The instance registration is not error checked so nobody noticed that the call can never succeed. 4) The state for the multi install callbacks is chosen randomly and overwrites existing state. This is now prevented by the core code so the call is guaranteed to fail. 5) The error exit path in the init function leaves the instance registered and then frees the memory which contains the enqueued hlist node. 6) The remove function is removing the state and not the instance. Fix it by: - Setting up the state before adding instances. Use a dynamically allocated state for it. - Installing instances after the state has been set up - Removing the instance in the error path before freeing memory - Removing the instance not the state in the driver remove callback While at is use raw_cpu_processor_id(), because cpu_processor_id() cannot be used in preemptible context, and set the driver data after successful registration of the pmu. Signed-off-by: Thomas Gleixner Acked-by: Shawn Guo Cc: Peter Zijlstra Cc: Sebastian Siewior Cc: Frank Li Cc: Zhengyu Shen Link: http://lkml.kernel.org/r/20161221192111.596204211@linutronix.de Signed-off-by: Thomas Gleixner arch/arm/mach-imx/mmdc.c | 34 ++++++++++++++++++++++------------ 1 file changed, 22 insertions(+), 12 deletions(-) commit a98d1a0ca6d3fd6197f18749972d4cc21195b724 Author: Thomas Gleixner Date: Sat Dec 24 12:34:02 2016 +0100 scsi: qedi: Convert to hotplug state machine The CPU hotplug code is a trainwreck. It leaks a notifier in case of driver registration error and the per cpu loop is racy against cpu hotplug. Aside of that the driver should have been written and merged with the new state machine interfaces in the first place. Mop up the mess and Convert it to the hotplug state machine. Signed-off-by: Thomas Grumpy Gleixner Cc: Nilesh Javali Cc: Adheer Chandravanshi Cc: Chad Dupuis Cc: Saurav Kashyap Cc: Arun Easi Cc: Manish Rangankar Cc: Johannes Thumshirn Cc: Hannes Reinecke Cc: Martin K. Petersen Cc: James Bottomley drivers/scsi/qedi/qedi_main.c | 96 +++++++++++++++---------------------------- 1 file changed, 32 insertions(+), 64 deletions(-) commit 6886fee4d7a3afaf905a8e0bec62dc8fdc39878d Author: Len Brown Date: Sat Dec 24 15:18:37 2016 -0500 tools/power turbostat: remove obsolete -M, -m, -C, -c options The new --add option has replaced the -M, -m, -C, -c options Eg. -M 0x10 is now --add msr0x10,raw -m 0x10 is now --add msr0x10,raw,u32 -C 0x10 is now --add msr0x10,delta -c 0x10 is now --add msr0x10,delta,u32 The --add option can be repeated to add any number of counters, while the previous options were limited to adding one of each type. In addition, the --add option can accept a column label, and can also display a counter as a percentage of elapsed cycles. Eg. --add msr0x3fe,core,percent,MY_CC3 Signed-off-by: Len Brown tools/power/x86/turbostat/turbostat.8 | 8 --- tools/power/x86/turbostat/turbostat.c | 104 +--------------------------------- 2 files changed, 2 insertions(+), 110 deletions(-) commit 388e9c8134be6bbc3751ba7072f5fa9bc8ecbe01 Author: Len Brown Date: Thu Dec 22 23:57:55 2016 -0500 tools/power turbostat: Make extensible via the --add parameter Create the "--add" parameter. This can be used to teach an existing turbostat binary about any number of any type of counter. turbostat(8) details the syntax for --add. Signed-off-by: Len Brown tools/power/x86/turbostat/turbostat.8 | 22 ++ tools/power/x86/turbostat/turbostat.c | 396 +++++++++++++++++++++++++++++++++- 2 files changed, 409 insertions(+), 9 deletions(-) commit 7c0f6ba682b9c7632072ffbedf8d328c8f3c42ba Author: Linus Torvalds Date: Sat Dec 24 11:46:01 2016 -0800 Replace with globally This was entirely automated, using the script by Al: PATT='^[[:blank:]]*#[[:blank:]]*include[[:blank:]]*' sed -i -e "s!$PATT!#include !" \ $(git grep -l "$PATT"|grep -v ^include/linux/uaccess.h) to do the replacement at the end of the merge window. Requested-by: Al Viro Signed-off-by: Linus Torvalds arch/alpha/boot/misc.c | 2 +- arch/alpha/kernel/irq.c | 2 +- arch/alpha/kernel/osf_sys.c | 2 +- arch/alpha/kernel/process.c | 2 +- arch/alpha/kernel/ptrace.c | 2 +- arch/alpha/kernel/setup.c | 2 +- arch/alpha/kernel/signal.c | 2 +- arch/alpha/kernel/srm_env.c | 2 +- arch/alpha/kernel/srmcons.c | 2 +- arch/alpha/kernel/time.c | 2 +- arch/alpha/kernel/traps.c | 2 +- arch/alpha/lib/csum_partial_copy.c | 2 +- arch/alpha/math-emu/math.c | 2 +- arch/alpha/mm/init.c | 2 +- arch/arm/common/bL_switcher_dummy_if.c | 2 +- arch/arm/kernel/swp_emulate.c | 2 +- arch/arm/kvm/arm.c | 2 +- arch/arm/kvm/guest.c | 2 +- arch/arm/mach-iop13xx/irq.c | 2 +- arch/arm/mach-ixp4xx/common.c | 2 +- arch/arm/mach-rpc/dma.c | 2 +- arch/arm/plat-iop/time.c | 2 +- arch/arm64/include/asm/word-at-a-time.h | 2 +- arch/arm64/kernel/armv8_deprecated.c | 2 +- arch/arm64/kernel/entry.S | 2 +- arch/arm64/kernel/probes/kprobes.c | 2 +- arch/arm64/kernel/signal32.c | 2 +- arch/arm64/kvm/guest.c | 2 +- arch/arm64/lib/clear_user.S | 2 +- arch/arm64/lib/copy_from_user.S | 2 +- arch/arm64/lib/copy_in_user.S | 2 +- arch/arm64/lib/copy_to_user.S | 2 +- arch/arm64/mm/cache.S | 2 +- arch/arm64/xen/hypercall.S | 2 +- arch/avr32/kernel/avr32_ksyms.c | 2 +- arch/avr32/kernel/ptrace.c | 2 +- arch/avr32/kernel/signal.c | 2 +- arch/avr32/mm/cache.c | 2 +- arch/blackfin/kernel/bfin_dma.c | 2 +- arch/blackfin/kernel/kgdb_test.c | 2 +- arch/blackfin/kernel/module.c | 2 +- arch/c6x/mm/init.c | 2 +- arch/cris/arch-v10/drivers/eeprom.c | 2 +- arch/cris/arch-v10/drivers/sync_serial.c | 2 +- arch/cris/arch-v10/kernel/ptrace.c | 2 +- arch/cris/arch-v10/kernel/signal.c | 2 +- arch/cris/arch-v10/kernel/traps.c | 2 +- arch/cris/arch-v10/lib/usercopy.c | 2 +- arch/cris/arch-v10/mm/fault.c | 2 +- arch/cris/arch-v32/drivers/cryptocop.c | 2 +- arch/cris/arch-v32/kernel/ptrace.c | 2 +- arch/cris/arch-v32/kernel/signal.c | 2 +- arch/cris/arch-v32/kernel/traps.c | 2 +- arch/cris/arch-v32/lib/usercopy.c | 2 +- arch/cris/kernel/crisksyms.c | 2 +- arch/cris/kernel/process.c | 2 +- arch/cris/kernel/profile.c | 2 +- arch/cris/kernel/ptrace.c | 2 +- arch/cris/kernel/sys_cris.c | 2 +- arch/cris/kernel/traps.c | 2 +- arch/frv/include/asm/futex.h | 2 +- arch/frv/kernel/irq.c | 2 +- arch/frv/kernel/pm-mb93093.c | 2 +- arch/frv/kernel/pm.c | 2 +- arch/frv/kernel/process.c | 2 +- arch/frv/kernel/ptrace.c | 2 +- arch/frv/kernel/signal.c | 2 +- arch/frv/kernel/sys_frv.c | 2 +- arch/frv/kernel/sysctl.c | 2 +- arch/frv/kernel/traps.c | 2 +- arch/frv/kernel/uaccess.c | 2 +- arch/frv/mm/dma-alloc.c | 2 +- arch/frv/mm/extable.c | 2 +- arch/h8300/boot/compressed/misc.c | 2 +- arch/h8300/kernel/process.c | 2 +- arch/h8300/kernel/signal.c | 2 +- arch/hexagon/kernel/hexagon_ksyms.c | 2 +- arch/hexagon/kernel/signal.c | 2 +- arch/hexagon/mm/uaccess.c | 2 +- arch/hexagon/mm/vm_fault.c | 2 +- arch/ia64/kernel/brl_emu.c | 2 +- arch/ia64/kernel/crash_dump.c | 2 +- arch/ia64/kernel/init_task.c | 2 +- arch/ia64/kernel/irq.c | 2 +- arch/ia64/kernel/kprobes.c | 2 +- arch/ia64/kernel/perfmon.c | 2 +- arch/ia64/kernel/process.c | 2 +- arch/ia64/kernel/ptrace.c | 2 +- arch/ia64/kernel/salinfo.c | 2 +- arch/ia64/kernel/signal.c | 2 +- arch/ia64/kernel/sys_ia64.c | 2 +- arch/ia64/kernel/traps.c | 2 +- arch/ia64/kernel/unaligned.c | 2 +- arch/ia64/kernel/unwind.c | 2 +- arch/ia64/lib/csum_partial_copy.c | 2 +- arch/ia64/mm/extable.c | 2 +- arch/ia64/mm/init.c | 2 +- arch/ia64/sn/kernel/sn2/sn_hwperf.c | 2 +- arch/ia64/sn/kernel/sn2/sn_proc_fs.c | 2 +- arch/ia64/sn/kernel/tiocx.c | 2 +- arch/m32r/kernel/align.c | 2 +- arch/m32r/kernel/irq.c | 2 +- arch/m32r/kernel/m32r_ksyms.c | 2 +- arch/m32r/kernel/process.c | 2 +- arch/m32r/kernel/ptrace.c | 2 +- arch/m32r/kernel/signal.c | 2 +- arch/m32r/kernel/sys_m32r.c | 2 +- arch/m32r/kernel/traps.c | 2 +- arch/m32r/lib/csum_partial_copy.c | 2 +- arch/m32r/lib/usercopy.c | 2 +- arch/m32r/mm/extable.c | 2 +- arch/m32r/mm/fault-nommu.c | 2 +- arch/m68k/bvme6000/rtc.c | 2 +- arch/m68k/kernel/process.c | 2 +- arch/m68k/kernel/ptrace.c | 2 +- arch/m68k/kernel/signal.c | 2 +- arch/m68k/kernel/sys_m68k.c | 2 +- arch/m68k/kernel/traps.c | 2 +- arch/m68k/lib/uaccess.c | 2 +- arch/m68k/mac/misc.c | 2 +- arch/m68k/mm/init.c | 2 +- arch/m68k/mm/motorola.c | 2 +- arch/m68k/mm/sun3mmu.c | 2 +- arch/m68k/mvme16x/rtc.c | 2 +- arch/m68k/sun3/mmu_emu.c | 2 +- arch/metag/kernel/irq.c | 2 +- arch/mips/alchemy/common/power.c | 2 +- arch/mips/dec/kn01-berr.c | 2 +- arch/mips/include/asm/checksum.h | 2 +- arch/mips/include/asm/compat-signal.h | 2 +- arch/mips/include/asm/r4kcache.h | 2 +- arch/mips/include/asm/termios.h | 2 +- arch/mips/jazz/jazzdma.c | 2 +- arch/mips/kernel/branch.c | 2 +- arch/mips/kernel/cpu-probe.c | 2 +- arch/mips/kernel/crash_dump.c | 2 +- arch/mips/kernel/irq.c | 2 +- arch/mips/kernel/kgdb.c | 2 +- arch/mips/kernel/linux32.c | 2 +- arch/mips/kernel/mips-mt-fpaff.c | 2 +- arch/mips/kernel/mips-r2-to-r6-emul.c | 2 +- arch/mips/kernel/mips_ksyms.c | 2 +- arch/mips/kernel/process.c | 2 +- arch/mips/kernel/ptrace.c | 2 +- arch/mips/kernel/ptrace32.c | 2 +- arch/mips/kernel/signal32.c | 2 +- arch/mips/kernel/signal_n32.c | 2 +- arch/mips/kernel/syscall.c | 2 +- arch/mips/kernel/traps.c | 2 +- arch/mips/kernel/unaligned.c | 2 +- arch/mips/math-emu/cp1emu.c | 2 +- arch/mips/math-emu/dsemul.c | 2 +- arch/mips/mm/extable.c | 2 +- arch/mips/mm/sc-debugfs.c | 2 +- arch/mips/oprofile/op_model_loongson3.c | 2 +- arch/mips/sgi-ip22/ip28-berr.c | 2 +- arch/mips/sgi-ip27/ip27-berr.c | 2 +- arch/mips/sgi-ip32/ip32-berr.c | 2 +- arch/mips/sibyte/common/sb_tbprof.c | 2 +- arch/mn10300/kernel/fpu.c | 2 +- arch/mn10300/kernel/mn10300_ksyms.c | 2 +- arch/mn10300/kernel/process.c | 2 +- arch/mn10300/kernel/ptrace.c | 2 +- arch/mn10300/kernel/setup.c | 2 +- arch/mn10300/kernel/signal.c | 2 +- arch/mn10300/kernel/sys_mn10300.c | 2 +- arch/mn10300/lib/checksum.c | 2 +- arch/mn10300/mm/cache-smp.c | 2 +- arch/mn10300/mm/cache.c | 2 +- arch/mn10300/mm/extable.c | 2 +- arch/mn10300/mm/init.c | 2 +- arch/mn10300/mm/misalignment.c | 2 +- arch/mn10300/proc-mn2ws0050/proc-init.c | 2 +- arch/nios2/kernel/traps.c | 2 +- arch/openrisc/kernel/or32_ksyms.c | 2 +- arch/openrisc/kernel/process.c | 2 +- arch/openrisc/kernel/signal.c | 2 +- arch/openrisc/kernel/traps.c | 2 +- arch/openrisc/mm/fault.c | 2 +- arch/parisc/kernel/asm-offsets.c | 2 +- arch/parisc/kernel/parisc_ksyms.c | 2 +- arch/parisc/kernel/pci-dma.c | 2 +- arch/parisc/kernel/perf.c | 2 +- arch/parisc/kernel/ptrace.c | 2 +- arch/parisc/kernel/signal.c | 2 +- arch/parisc/kernel/signal32.c | 2 +- arch/parisc/kernel/sys_parisc.c | 2 +- arch/parisc/kernel/time.c | 2 +- arch/parisc/kernel/unaligned.c | 2 +- arch/parisc/kernel/unwind.c | 2 +- arch/parisc/lib/checksum.c | 2 +- arch/powerpc/include/asm/asm-prototypes.h | 2 +- arch/powerpc/kernel/align.c | 2 +- arch/powerpc/kernel/crash_dump.c | 2 +- arch/powerpc/kernel/hw_breakpoint.c | 2 +- arch/powerpc/kernel/irq.c | 2 +- arch/powerpc/kernel/kprobes.c | 2 +- arch/powerpc/kernel/module.c | 2 +- arch/powerpc/kernel/nvram_64.c | 2 +- arch/powerpc/kernel/pci_32.c | 2 +- arch/powerpc/kernel/proc_powerpc.c | 2 +- arch/powerpc/kernel/ptrace.c | 2 +- arch/powerpc/kernel/ptrace32.c | 2 +- arch/powerpc/kernel/rtas-proc.c | 2 +- arch/powerpc/kernel/rtas.c | 2 +- arch/powerpc/kernel/rtas_flash.c | 2 +- arch/powerpc/kernel/rtasd.c | 2 +- arch/powerpc/kernel/setup_32.c | 2 +- arch/powerpc/kernel/signal.c | 2 +- arch/powerpc/kernel/signal_32.c | 2 +- arch/powerpc/kernel/signal_64.c | 2 +- arch/powerpc/kernel/sys_ppc32.c | 2 +- arch/powerpc/kernel/syscalls.c | 2 +- arch/powerpc/kernel/time.c | 2 +- arch/powerpc/kernel/traps.c | 2 +- arch/powerpc/kernel/vecemu.c | 2 +- arch/powerpc/kvm/book3s.c | 2 +- arch/powerpc/kvm/book3s_hv.c | 2 +- arch/powerpc/kvm/book3s_pr.c | 2 +- arch/powerpc/kvm/book3s_pr_papr.c | 2 +- arch/powerpc/kvm/book3s_rtas.c | 2 +- arch/powerpc/kvm/book3s_xics.c | 2 +- arch/powerpc/kvm/booke.c | 2 +- arch/powerpc/kvm/mpic.c | 2 +- arch/powerpc/kvm/powerpc.c | 2 +- arch/powerpc/lib/checksum_wrappers.c | 2 +- arch/powerpc/lib/code-patching.c | 2 +- arch/powerpc/lib/sstep.c | 2 +- arch/powerpc/lib/usercopy_64.c | 2 +- arch/powerpc/math-emu/fabs.c | 2 +- arch/powerpc/math-emu/fadd.c | 2 +- arch/powerpc/math-emu/fadds.c | 2 +- arch/powerpc/math-emu/fcmpo.c | 2 +- arch/powerpc/math-emu/fcmpu.c | 2 +- arch/powerpc/math-emu/fctiw.c | 2 +- arch/powerpc/math-emu/fctiwz.c | 2 +- arch/powerpc/math-emu/fdiv.c | 2 +- arch/powerpc/math-emu/fdivs.c | 2 +- arch/powerpc/math-emu/fmadd.c | 2 +- arch/powerpc/math-emu/fmadds.c | 2 +- arch/powerpc/math-emu/fmr.c | 2 +- arch/powerpc/math-emu/fmsub.c | 2 +- arch/powerpc/math-emu/fmsubs.c | 2 +- arch/powerpc/math-emu/fmul.c | 2 +- arch/powerpc/math-emu/fmuls.c | 2 +- arch/powerpc/math-emu/fnabs.c | 2 +- arch/powerpc/math-emu/fneg.c | 2 +- arch/powerpc/math-emu/fnmadd.c | 2 +- arch/powerpc/math-emu/fnmadds.c | 2 +- arch/powerpc/math-emu/fnmsub.c | 2 +- arch/powerpc/math-emu/fnmsubs.c | 2 +- arch/powerpc/math-emu/fre.c | 2 +- arch/powerpc/math-emu/fres.c | 2 +- arch/powerpc/math-emu/frsp.c | 2 +- arch/powerpc/math-emu/frsqrte.c | 2 +- arch/powerpc/math-emu/frsqrtes.c | 2 +- arch/powerpc/math-emu/fsel.c | 2 +- arch/powerpc/math-emu/fsqrt.c | 2 +- arch/powerpc/math-emu/fsqrts.c | 2 +- arch/powerpc/math-emu/fsub.c | 2 +- arch/powerpc/math-emu/fsubs.c | 2 +- arch/powerpc/math-emu/lfd.c | 2 +- arch/powerpc/math-emu/lfs.c | 2 +- arch/powerpc/math-emu/math.c | 2 +- arch/powerpc/math-emu/math_efp.c | 2 +- arch/powerpc/math-emu/mcrfs.c | 2 +- arch/powerpc/math-emu/mffs.c | 2 +- arch/powerpc/math-emu/mtfsb0.c | 2 +- arch/powerpc/math-emu/mtfsb1.c | 2 +- arch/powerpc/math-emu/mtfsf.c | 2 +- arch/powerpc/math-emu/mtfsfi.c | 2 +- arch/powerpc/math-emu/stfd.c | 2 +- arch/powerpc/math-emu/stfiwx.c | 2 +- arch/powerpc/math-emu/stfs.c | 2 +- arch/powerpc/mm/40x_mmu.c | 2 +- arch/powerpc/mm/fsl_booke_mmu.c | 2 +- arch/powerpc/mm/hash_utils_64.c | 2 +- arch/powerpc/mm/init_64.c | 2 +- arch/powerpc/mm/subpage-prot.c | 2 +- arch/powerpc/platforms/cell/spufs/coredump.c | 2 +- arch/powerpc/platforms/cell/spufs/file.c | 2 +- arch/powerpc/platforms/cell/spufs/inode.c | 2 +- arch/powerpc/platforms/cell/spufs/syscalls.c | 2 +- arch/powerpc/platforms/chrp/nvram.c | 2 +- arch/powerpc/platforms/powernv/opal-elog.c | 2 +- arch/powerpc/platforms/powernv/opal-lpc.c | 2 +- arch/powerpc/platforms/powernv/opal-prd.c | 2 +- arch/powerpc/platforms/pseries/cmm.c | 2 +- arch/powerpc/platforms/pseries/dlpar.c | 2 +- arch/powerpc/platforms/pseries/dtl.c | 2 +- arch/powerpc/platforms/pseries/lparcfg.c | 2 +- arch/powerpc/platforms/pseries/nvram.c | 2 +- arch/powerpc/platforms/pseries/reconfig.c | 2 +- arch/powerpc/platforms/pseries/scanlog.c | 2 +- arch/powerpc/sysdev/scom.c | 2 +- arch/powerpc/sysdev/tsi108_pci.c | 2 +- arch/s390/appldata/appldata_base.c | 2 +- arch/s390/boot/compressed/misc.c | 2 +- arch/s390/crypto/prng.c | 2 +- arch/s390/include/asm/checksum.h | 2 +- arch/s390/include/asm/idals.h | 2 +- arch/s390/include/asm/mmu_context.h | 2 +- arch/s390/kernel/compat_linux.c | 2 +- arch/s390/kernel/compat_signal.c | 2 +- arch/s390/kernel/debug.c | 2 +- arch/s390/kernel/dis.c | 2 +- arch/s390/kernel/kprobes.c | 2 +- arch/s390/kernel/ptrace.c | 2 +- arch/s390/kernel/signal.c | 2 +- arch/s390/kernel/sys_s390.c | 2 +- arch/s390/kernel/time.c | 2 +- arch/s390/kernel/traps.c | 2 +- arch/s390/kvm/interrupt.c | 2 +- arch/s390/mm/init.c | 2 +- arch/score/include/asm/checksum.h | 2 +- arch/score/kernel/ptrace.c | 2 +- arch/score/kernel/traps.c | 2 +- arch/score/lib/checksum_copy.c | 2 +- arch/sh/boards/mach-landisk/gio.c | 2 +- arch/sh/boot/compressed/misc.c | 2 +- arch/sh/include/asm/mmu_context.h | 2 +- arch/sh/kernel/cpu/init.c | 2 +- arch/sh/kernel/cpu/shmobile/cpuidle.c | 2 +- arch/sh/kernel/cpu/shmobile/pm.c | 2 +- arch/sh/kernel/crash_dump.c | 2 +- arch/sh/kernel/io_trapped.c | 2 +- arch/sh/kernel/irq.c | 2 +- arch/sh/kernel/kprobes.c | 2 +- arch/sh/kernel/process_32.c | 2 +- arch/sh/kernel/process_64.c | 2 +- arch/sh/kernel/ptrace_32.c | 2 +- arch/sh/kernel/ptrace_64.c | 2 +- arch/sh/kernel/setup.c | 2 +- arch/sh/kernel/sh_ksyms_64.c | 2 +- arch/sh/kernel/signal_32.c | 2 +- arch/sh/kernel/signal_64.c | 2 +- arch/sh/kernel/sys_sh.c | 2 +- arch/sh/kernel/sys_sh32.c | 2 +- arch/sh/kernel/traps_64.c | 2 +- arch/sh/math-emu/math.c | 2 +- arch/sh/mm/cache-debugfs.c | 2 +- arch/sh/mm/cache-sh3.c | 2 +- arch/sh/mm/cache-sh5.c | 2 +- arch/sh/mm/cache-sh7705.c | 2 +- arch/sh/mm/extable_32.c | 2 +- arch/sh/mm/extable_64.c | 2 +- arch/sh/mm/nommu.c | 2 +- arch/sh/mm/pmb.c | 2 +- arch/sh/mm/tlb-sh3.c | 2 +- arch/sh/mm/tlbex_64.c | 2 +- arch/sh/mm/tlbflush_64.c | 2 +- arch/sh/oprofile/backtrace.c | 2 +- arch/sparc/include/asm/checksum_32.h | 2 +- arch/sparc/include/asm/checksum_64.h | 2 +- arch/sparc/kernel/apc.c | 2 +- arch/sparc/kernel/irq_64.c | 2 +- arch/sparc/kernel/kprobes.c | 2 +- arch/sparc/kernel/mdesc.c | 2 +- arch/sparc/kernel/pci.c | 2 +- arch/sparc/kernel/pcic.c | 2 +- arch/sparc/kernel/pmc.c | 2 +- arch/sparc/kernel/process_32.c | 2 +- arch/sparc/kernel/process_64.c | 2 +- arch/sparc/kernel/ptrace_32.c | 2 +- arch/sparc/kernel/ptrace_64.c | 2 +- arch/sparc/kernel/signal32.c | 2 +- arch/sparc/kernel/signal_32.c | 2 +- arch/sparc/kernel/signal_64.c | 2 +- arch/sparc/kernel/smp_64.c | 2 +- arch/sparc/kernel/sys_sparc32.c | 2 +- arch/sparc/kernel/sys_sparc_32.c | 2 +- arch/sparc/kernel/sys_sparc_64.c | 2 +- arch/sparc/kernel/time_64.c | 2 +- arch/sparc/kernel/traps_64.c | 2 +- arch/sparc/kernel/unaligned_32.c | 2 +- arch/sparc/kernel/unaligned_64.c | 2 +- arch/sparc/kernel/uprobes.c | 2 +- arch/sparc/kernel/visemul.c | 2 +- arch/sparc/kernel/windows.c | 2 +- arch/sparc/math-emu/math_32.c | 2 +- arch/sparc/math-emu/math_64.c | 2 +- arch/sparc/mm/extable.c | 2 +- arch/sparc/mm/init_64.c | 2 +- arch/tile/kernel/process.c | 2 +- arch/tile/kernel/single_step.c | 2 +- arch/tile/kernel/unaligned.c | 2 +- arch/um/drivers/harddog_kern.c | 2 +- arch/um/drivers/hostaudio_kern.c | 2 +- arch/um/drivers/mconsole_kern.c | 2 +- arch/um/drivers/mmapper_kern.c | 2 +- arch/um/drivers/random.c | 2 +- arch/um/kernel/exec.c | 2 +- arch/um/kernel/exitcode.c | 2 +- arch/um/kernel/process.c | 2 +- arch/um/kernel/ptrace.c | 2 +- arch/um/kernel/syscall.c | 2 +- arch/x86/entry/common.c | 2 +- arch/x86/ia32/ia32_aout.c | 2 +- arch/x86/ia32/ia32_signal.c | 2 +- arch/x86/ia32/sys_ia32.c | 2 +- arch/x86/include/asm/asm-prototypes.h | 2 +- arch/x86/include/asm/checksum_64.h | 2 +- arch/x86/include/asm/xen/page.h | 2 +- arch/x86/kernel/apm_32.c | 2 +- arch/x86/kernel/cpu/mcheck/mce-severity.c | 2 +- arch/x86/kernel/crash_dump_32.c | 2 +- arch/x86/kernel/doublefault.c | 2 +- arch/x86/kernel/kprobes/core.c | 2 +- arch/x86/kernel/kprobes/opt.c | 2 +- arch/x86/kernel/process.c | 2 +- arch/x86/kernel/ptrace.c | 2 +- arch/x86/kernel/test_nx.c | 2 +- arch/x86/kernel/tls.c | 2 +- arch/x86/kernel/vm86_32.c | 2 +- arch/x86/lib/usercopy_32.c | 2 +- arch/x86/math-emu/errors.c | 2 +- arch/x86/math-emu/fpu_entry.c | 2 +- arch/x86/math-emu/get_address.c | 2 +- arch/x86/math-emu/load_store.c | 2 +- arch/x86/math-emu/reg_ld_str.c | 2 +- arch/x86/mm/extable.c | 2 +- arch/x86/mm/init_32.c | 2 +- arch/x86/mm/init_64.c | 2 +- arch/x86/mm/pageattr.c | 2 +- arch/x86/um/ptrace_32.c | 2 +- arch/x86/um/ptrace_64.c | 2 +- arch/x86/um/signal.c | 2 +- arch/x86/um/tls_32.c | 2 +- arch/x86/xen/p2m.c | 2 +- arch/xtensa/include/asm/checksum.h | 2 +- arch/xtensa/include/asm/segment.h | 2 +- arch/xtensa/kernel/asm-offsets.c | 2 +- arch/xtensa/kernel/irq.c | 2 +- arch/xtensa/kernel/process.c | 2 +- arch/xtensa/kernel/ptrace.c | 2 +- arch/xtensa/kernel/signal.c | 2 +- arch/xtensa/kernel/stacktrace.c | 2 +- arch/xtensa/kernel/syscall.c | 2 +- arch/xtensa/kernel/traps.c | 2 +- arch/xtensa/kernel/xtensa_ksyms.c | 2 +- arch/xtensa/platforms/iss/console.c | 2 +- arch/xtensa/platforms/iss/simdisk.c | 2 +- block/ioctl.c | 2 +- block/partitions/ibm.c | 2 +- block/scsi_ioctl.c | 2 +- drivers/acpi/acpi_video.c | 2 +- drivers/acpi/battery.c | 2 +- drivers/acpi/osl.c | 2 +- drivers/acpi/proc.c | 2 +- drivers/acpi/processor_thermal.c | 2 +- drivers/acpi/processor_throttling.c | 2 +- drivers/acpi/thermal.c | 2 +- drivers/atm/adummy.c | 2 +- drivers/atm/atmtcp.c | 2 +- drivers/atm/eni.c | 2 +- drivers/atm/firestream.c | 2 +- drivers/atm/fore200e.c | 2 +- drivers/atm/he.c | 2 +- drivers/atm/horizon.c | 2 +- drivers/atm/idt77105.c | 2 +- drivers/atm/idt77252.c | 2 +- drivers/atm/iphase.c | 2 +- drivers/atm/nicstar.c | 2 +- drivers/atm/suni.c | 2 +- drivers/atm/uPD98402.c | 2 +- drivers/atm/zatm.c | 2 +- drivers/base/memory.c | 2 +- drivers/block/DAC960.c | 2 +- drivers/block/amiflop.c | 2 +- drivers/block/brd.c | 2 +- drivers/block/cciss.c | 2 +- drivers/block/cryptoloop.c | 2 +- drivers/block/hd.c | 2 +- drivers/block/loop.c | 2 +- drivers/block/nbd.c | 2 +- drivers/block/paride/pcd.c | 2 +- drivers/block/paride/pd.c | 2 +- drivers/block/paride/pf.c | 2 +- drivers/block/paride/pg.c | 2 +- drivers/block/paride/pt.c | 2 +- drivers/block/pktcdvd.c | 2 +- drivers/block/swim3.c | 2 +- drivers/block/sx8.c | 2 +- drivers/block/umem.c | 2 +- drivers/cdrom/cdrom.c | 2 +- drivers/char/agp/compat_ioctl.c | 2 +- drivers/char/agp/frontend.c | 2 +- drivers/char/applicom.c | 2 +- drivers/char/bfin-otp.c | 2 +- drivers/char/ds1620.c | 2 +- drivers/char/dtlk.c | 2 +- drivers/char/generic_nvram.c | 2 +- drivers/char/hangcheck-timer.c | 2 +- drivers/char/hw_random/core.c | 2 +- drivers/char/ipmi/ipmi_watchdog.c | 2 +- drivers/char/lp.c | 2 +- drivers/char/mbcs.c | 2 +- drivers/char/mmtimer.c | 2 +- drivers/char/mwave/3780i.c | 2 +- drivers/char/mwave/mwavedd.h | 2 +- drivers/char/nsc_gpio.c | 2 +- drivers/char/nwbutton.c | 2 +- drivers/char/nwflash.c | 2 +- drivers/char/pc8736x_gpio.c | 2 +- drivers/char/pcmcia/cm4040_cs.c | 2 +- drivers/char/pcmcia/synclink_cs.c | 2 +- drivers/char/random.c | 2 +- drivers/char/raw.c | 2 +- drivers/char/scx200_gpio.c | 2 +- drivers/char/sonypi.c | 2 +- drivers/char/tlclk.c | 2 +- drivers/char/toshiba.c | 2 +- drivers/char/xilinx_hwicap/xilinx_hwicap.c | 2 +- drivers/cpufreq/ia64-acpi-cpufreq.c | 2 +- drivers/cpuidle/governors/ladder.c | 2 +- drivers/dio/dio.c | 2 +- drivers/edac/edac_device.c | 2 +- drivers/edac/edac_mc.c | 2 +- drivers/edac/edac_pci.c | 2 +- drivers/i2c/i2c-core.c | 2 +- drivers/ide/hpt366.c | 2 +- drivers/ide/ide-disk.c | 2 +- drivers/ide/ide-io.c | 2 +- drivers/ide/ide-iops.c | 2 +- drivers/ide/ide-probe.c | 2 +- drivers/ide/ide-proc.c | 2 +- drivers/infiniband/core/ucm.c | 2 +- drivers/infiniband/core/user_mad.c | 2 +- drivers/infiniband/core/uverbs_cmd.c | 2 +- drivers/infiniband/core/uverbs_main.c | 2 +- drivers/infiniband/ulp/ipoib/ipoib_vlan.c | 2 +- drivers/infiniband/ulp/iser/iscsi_iser.c | 2 +- drivers/input/input-compat.c | 2 +- drivers/input/misc/atlas_btns.c | 2 +- drivers/input/mouse/amimouse.c | 2 +- drivers/input/mouse/atarimouse.c | 2 +- drivers/input/mouse/trackpoint.c | 2 +- drivers/input/serio/hp_sdc.c | 2 +- drivers/input/serio/q40kbd.c | 2 +- drivers/input/serio/serport.c | 2 +- drivers/input/tablet/aiptek.c | 2 +- drivers/input/tablet/gtco.c | 2 +- drivers/isdn/capi/kcapi.c | 2 +- drivers/isdn/hardware/avm/b1.c | 2 +- drivers/isdn/hardware/avm/b1dma.c | 2 +- drivers/isdn/hardware/avm/c4.c | 2 +- drivers/isdn/hardware/eicon/capimain.c | 2 +- drivers/isdn/hardware/eicon/divamnt.c | 2 +- drivers/isdn/hardware/eicon/divasi.c | 2 +- drivers/isdn/hardware/eicon/divasmain.c | 2 +- drivers/isdn/hardware/eicon/divasproc.c | 2 +- drivers/isdn/hysdn/hysdn_boot.c | 2 +- drivers/lguest/core.c | 2 +- drivers/lguest/page_tables.c | 2 +- drivers/lguest/x86/core.c | 2 +- drivers/macintosh/ans-lcd.c | 2 +- drivers/macintosh/smu.c | 2 +- drivers/macintosh/via-pmu.c | 2 +- drivers/macintosh/via-pmu68k.c | 2 +- drivers/md/dm-ioctl.c | 2 +- drivers/media/dvb-core/dmxdev.c | 2 +- drivers/media/dvb-core/dvb_demux.c | 2 +- drivers/media/dvb-core/dvb_net.c | 2 +- drivers/media/dvb-core/dvb_ringbuffer.c | 2 +- drivers/media/i2c/adv7170.c | 2 +- drivers/media/i2c/adv7175.c | 2 +- drivers/media/i2c/bt856.c | 2 +- drivers/media/i2c/bt866.c | 2 +- drivers/media/i2c/cs53l32a.c | 2 +- drivers/media/i2c/m52790.c | 2 +- drivers/media/i2c/saa6588.c | 2 +- drivers/media/i2c/saa7110.c | 2 +- drivers/media/i2c/saa7185.c | 2 +- drivers/media/i2c/tlv320aic23b.c | 2 +- drivers/media/i2c/vp27smpx.c | 2 +- drivers/media/i2c/vpx3220.c | 2 +- drivers/media/i2c/wm8739.c | 2 +- drivers/media/i2c/wm8775.c | 2 +- drivers/media/pci/ivtv/ivtv-driver.h | 2 +- drivers/media/pci/meye/meye.c | 2 +- drivers/media/pci/zoran/videocodec.c | 2 +- drivers/media/pci/zoran/zoran_driver.c | 2 +- drivers/media/platform/arv.c | 2 +- drivers/media/usb/pvrusb2/pvrusb2-ioread.c | 2 +- drivers/media/usb/pwc/pwc-ctrl.c | 2 +- drivers/media/v4l2-core/v4l2-common.c | 2 +- drivers/media/v4l2-core/v4l2-dev.c | 2 +- drivers/message/fusion/mptctl.c | 2 +- drivers/message/fusion/mptlan.h | 2 +- drivers/misc/ibmasm/ibmasmfs.c | 2 +- drivers/mmc/core/block.c | 2 +- drivers/mmc/host/android-goldfish.c | 2 +- drivers/mtd/devices/pmc551.c | 2 +- drivers/mtd/devices/slram.c | 2 +- drivers/mtd/ftl.c | 2 +- drivers/mtd/inftlcore.c | 2 +- drivers/mtd/inftlmount.c | 2 +- drivers/mtd/maps/sun_uflash.c | 2 +- drivers/mtd/mtd_blkdevs.c | 2 +- drivers/mtd/mtdchar.c | 2 +- drivers/mtd/nftlcore.c | 2 +- drivers/net/appletalk/ipddp.c | 2 +- drivers/net/eql.c | 2 +- drivers/net/ethernet/3com/3c509.c | 2 +- drivers/net/ethernet/3com/3c515.c | 2 +- drivers/net/ethernet/3com/3c574_cs.c | 2 +- drivers/net/ethernet/3com/3c59x.c | 2 +- drivers/net/ethernet/3com/typhoon.c | 2 +- drivers/net/ethernet/8390/axnet_cs.c | 2 +- drivers/net/ethernet/8390/ne2k-pci.c | 2 +- drivers/net/ethernet/8390/pcnet_cs.c | 2 +- drivers/net/ethernet/adaptec/starfire.c | 2 +- drivers/net/ethernet/alteon/acenic.c | 2 +- drivers/net/ethernet/amd/amd8111e.c | 2 +- drivers/net/ethernet/amd/nmclan_cs.c | 2 +- drivers/net/ethernet/broadcom/b44.c | 2 +- drivers/net/ethernet/chelsio/cxgb/cxgb2.c | 2 +- drivers/net/ethernet/chelsio/cxgb3/cxgb3_main.c | 2 +- drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 2 +- drivers/net/ethernet/dec/tulip/de2104x.c | 2 +- drivers/net/ethernet/dec/tulip/de4x5.c | 2 +- drivers/net/ethernet/dec/tulip/dmfe.c | 2 +- drivers/net/ethernet/dec/tulip/tulip_core.c | 2 +- drivers/net/ethernet/dec/tulip/uli526x.c | 2 +- drivers/net/ethernet/dec/tulip/winbond-840.c | 2 +- drivers/net/ethernet/dec/tulip/xircom_cb.c | 2 +- drivers/net/ethernet/dlink/dl2k.h | 2 +- drivers/net/ethernet/dlink/sundance.c | 2 +- drivers/net/ethernet/fealnx.c | 2 +- drivers/net/ethernet/freescale/fs_enet/fs_enet-main.c | 2 +- drivers/net/ethernet/freescale/fs_enet/mac-fcc.c | 2 +- drivers/net/ethernet/freescale/fs_enet/mac-fec.c | 2 +- drivers/net/ethernet/freescale/fs_enet/mac-scc.c | 2 +- drivers/net/ethernet/freescale/fs_enet/mii-fec.c | 2 +- drivers/net/ethernet/freescale/gianfar.c | 2 +- drivers/net/ethernet/freescale/gianfar.h | 2 +- drivers/net/ethernet/freescale/gianfar_ethtool.c | 2 +- drivers/net/ethernet/freescale/ucc_geth.c | 2 +- drivers/net/ethernet/freescale/ucc_geth_ethtool.c | 2 +- drivers/net/ethernet/fujitsu/fmvj18x_cs.c | 2 +- drivers/net/ethernet/ibm/emac/core.c | 2 +- drivers/net/ethernet/intel/ixgb/ixgb_ethtool.c | 2 +- drivers/net/ethernet/natsemi/natsemi.c | 2 +- drivers/net/ethernet/natsemi/ns83820.c | 2 +- drivers/net/ethernet/packetengines/hamachi.c | 2 +- drivers/net/ethernet/packetengines/yellowfin.c | 2 +- drivers/net/ethernet/realtek/8139cp.c | 2 +- drivers/net/ethernet/sgi/ioc3-eth.c | 2 +- drivers/net/ethernet/sis/sis900.c | 2 +- drivers/net/ethernet/smsc/epic100.c | 2 +- drivers/net/ethernet/smsc/smc91c92_cs.c | 2 +- drivers/net/ethernet/sun/cassini.c | 2 +- drivers/net/ethernet/sun/sungem.c | 2 +- drivers/net/ethernet/sun/sunhme.c | 2 +- drivers/net/ethernet/via/via-rhine.c | 2 +- drivers/net/ethernet/xircom/xirc2ps_cs.c | 2 +- drivers/net/fddi/skfp/skfddi.c | 2 +- drivers/net/hamradio/6pack.c | 2 +- drivers/net/hamradio/baycom_epp.c | 2 +- drivers/net/hamradio/baycom_par.c | 2 +- drivers/net/hamradio/baycom_ser_fdx.c | 2 +- drivers/net/hamradio/baycom_ser_hdx.c | 2 +- drivers/net/hamradio/bpqether.c | 2 +- drivers/net/hamradio/dmascc.c | 2 +- drivers/net/hamradio/hdlcdrv.c | 2 +- drivers/net/hamradio/mkiss.c | 2 +- drivers/net/hamradio/scc.c | 2 +- drivers/net/hamradio/yam.c | 2 +- drivers/net/hippi/rrunner.c | 2 +- drivers/net/irda/irtty-sir.c | 2 +- drivers/net/irda/kingsun-sir.c | 2 +- drivers/net/irda/ks959-sir.c | 2 +- drivers/net/irda/ksdazzle-sir.c | 2 +- drivers/net/irda/mcs7780.c | 2 +- drivers/net/irda/vlsi_ir.c | 2 +- drivers/net/loopback.c | 2 +- drivers/net/phy/davicom.c | 2 +- drivers/net/phy/icplus.c | 2 +- drivers/net/phy/lxt.c | 2 +- drivers/net/phy/qsemi.c | 2 +- drivers/net/ppp/ppp_async.c | 2 +- drivers/net/ppp/ppp_synctty.c | 2 +- drivers/net/ppp/pppoe.c | 2 +- drivers/net/ppp/pppox.c | 2 +- drivers/net/sb1000.c | 2 +- drivers/net/slip/slhc.c | 2 +- drivers/net/slip/slip.c | 2 +- drivers/net/tun.c | 2 +- drivers/net/usb/catc.c | 2 +- drivers/net/usb/kaweth.c | 2 +- drivers/net/usb/pegasus.c | 2 +- drivers/net/usb/rtl8150.c | 2 +- drivers/net/wan/dlci.c | 2 +- drivers/net/wan/dscc4.c | 2 +- drivers/net/wan/farsync.c | 2 +- drivers/net/wan/hd64570.c | 2 +- drivers/net/wan/hd64572.c | 2 +- drivers/net/wan/lapbether.c | 2 +- drivers/net/wan/lmc/lmc_main.c | 2 +- drivers/net/wan/lmc/lmc_media.c | 2 +- drivers/net/wan/sbni.c | 2 +- drivers/net/wan/sdla.c | 2 +- drivers/net/wireless/atmel/atmel.c | 2 +- drivers/net/wireless/intel/ipw2x00/ipw2100.c | 2 +- drivers/net/wireless/intel/ipw2x00/libipw_geo.c | 2 +- drivers/net/wireless/intel/ipw2x00/libipw_module.c | 2 +- drivers/net/wireless/intel/ipw2x00/libipw_rx.c | 2 +- drivers/net/wireless/intel/ipw2x00/libipw_tx.c | 2 +- drivers/net/wireless/intersil/hostap/hostap_hw.c | 2 +- drivers/net/wireless/intersil/hostap/hostap_main.c | 2 +- drivers/net/wireless/intersil/prism54/isl_38xx.c | 2 +- drivers/net/wireless/intersil/prism54/isl_ioctl.c | 2 +- drivers/net/wireless/ray_cs.c | 2 +- drivers/net/wireless/wl3501_cs.c | 2 +- drivers/nubus/proc.c | 2 +- drivers/oprofile/event_buffer.c | 2 +- drivers/oprofile/oprofilefs.c | 2 +- drivers/parisc/ccio-dma.c | 2 +- drivers/parisc/ccio-rm-dma.c | 2 +- drivers/parisc/eisa_eeprom.c | 2 +- drivers/parisc/eisa_enumerator.c | 2 +- drivers/parisc/led.c | 2 +- drivers/parisc/pdc_stable.c | 2 +- drivers/parport/daisy.c | 2 +- drivers/parport/ieee1284_ops.c | 2 +- drivers/parport/parport_gsc.c | 2 +- drivers/parport/probe.c | 2 +- drivers/parport/procfs.c | 2 +- drivers/pci/hotplug/acpiphp_ibm.c | 2 +- drivers/pci/hotplug/cpqphp_core.c | 2 +- drivers/pci/hotplug/cpqphp_nvram.c | 2 +- drivers/pci/hotplug/pci_hotplug_core.c | 2 +- drivers/pci/proc.c | 2 +- drivers/pci/syscall.c | 2 +- drivers/platform/x86/sony-laptop.c | 2 +- drivers/platform/x86/thinkpad_acpi.c | 2 +- drivers/pnp/interface.c | 2 +- drivers/pnp/pnpbios/proc.c | 2 +- drivers/s390/block/dasd_devmap.c | 2 +- drivers/s390/block/dasd_eckd.c | 2 +- drivers/s390/block/dasd_eer.c | 2 +- drivers/s390/block/dasd_erp.c | 2 +- drivers/s390/block/dasd_genhd.c | 2 +- drivers/s390/block/dasd_ioctl.c | 2 +- drivers/s390/block/dasd_proc.c | 2 +- drivers/s390/block/xpram.c | 2 +- drivers/s390/char/con3215.c | 2 +- drivers/s390/char/keyboard.c | 2 +- drivers/s390/char/monreader.c | 2 +- drivers/s390/char/monwriter.c | 2 +- drivers/s390/char/sclp_rw.c | 2 +- drivers/s390/char/sclp_tty.c | 2 +- drivers/s390/char/sclp_vt220.c | 2 +- drivers/s390/char/tape_char.c | 2 +- drivers/s390/char/tty3270.c | 2 +- drivers/s390/char/vmcp.c | 2 +- drivers/s390/char/vmlogrdr.c | 2 +- drivers/s390/char/vmur.c | 2 +- drivers/s390/char/zcore.c | 2 +- drivers/s390/cio/blacklist.c | 2 +- drivers/s390/crypto/zcrypt_api.c | 2 +- drivers/s390/crypto/zcrypt_cex2a.c | 2 +- drivers/s390/crypto/zcrypt_pcixcc.c | 2 +- drivers/s390/net/netiucv.c | 2 +- drivers/sbus/char/display7seg.c | 2 +- drivers/sbus/char/envctrl.c | 2 +- drivers/sbus/char/flash.c | 2 +- drivers/sbus/char/jsflash.c | 2 +- drivers/sbus/char/openprom.c | 2 +- drivers/scsi/3w-9xxx.c | 2 +- drivers/scsi/3w-sas.c | 2 +- drivers/scsi/3w-xxxx.c | 2 +- drivers/scsi/aacraid/aachba.c | 2 +- drivers/scsi/aacraid/commctrl.c | 2 +- drivers/scsi/arcmsr/arcmsr_hba.c | 2 +- drivers/scsi/bfa/bfad.c | 2 +- drivers/scsi/dpt_i2o.c | 2 +- drivers/scsi/gdth.c | 2 +- drivers/scsi/hptiop.c | 2 +- drivers/scsi/ips.h | 2 +- drivers/scsi/megaraid.c | 2 +- drivers/scsi/megaraid/megaraid_mm.h | 2 +- drivers/scsi/megaraid/megaraid_sas_base.c | 2 +- drivers/scsi/osst.c | 2 +- drivers/scsi/qla2xxx/qla_sup.c | 2 +- drivers/scsi/scsi_ioctl.c | 2 +- drivers/scsi/scsi_proc.c | 2 +- drivers/scsi/sd.c | 2 +- drivers/scsi/sr.c | 2 +- drivers/scsi/sr_ioctl.c | 2 +- drivers/scsi/st.c | 2 +- drivers/tty/amiserial.c | 2 +- drivers/tty/hvc/hvc_console.c | 2 +- drivers/tty/hvc/hvcs.c | 2 +- drivers/tty/hvc/hvsi.c | 2 +- drivers/tty/moxa.c | 2 +- drivers/tty/mxser.c | 2 +- drivers/tty/n_hdlc.c | 2 +- drivers/tty/n_r3964.c | 2 +- drivers/tty/serial/icom.c | 2 +- drivers/tty/serial/serial_core.c | 2 +- drivers/tty/synclink.c | 2 +- drivers/tty/synclink_gt.c | 2 +- drivers/tty/synclinkmp.c | 2 +- drivers/tty/tty_ioctl.c | 2 +- drivers/tty/vt/consolemap.c | 2 +- drivers/tty/vt/selection.c | 2 +- drivers/tty/vt/vc_screen.c | 2 +- drivers/tty/vt/vt_ioctl.c | 2 +- drivers/usb/atm/usbatm.c | 2 +- drivers/usb/core/hub.c | 2 +- drivers/usb/gadget/legacy/inode.c | 2 +- drivers/usb/host/uhci-hcd.c | 2 +- drivers/usb/misc/ftdi-elan.c | 2 +- drivers/usb/misc/idmouse.c | 2 +- drivers/usb/misc/ldusb.c | 2 +- drivers/usb/misc/legousbtower.c | 2 +- drivers/usb/mon/mon_bin.c | 2 +- drivers/usb/mon/mon_stat.c | 2 +- drivers/usb/mon/mon_text.c | 2 +- drivers/usb/musb/musb_debugfs.c | 2 +- drivers/video/console/newport_con.c | 2 +- drivers/video/fbdev/68328fb.c | 2 +- drivers/video/fbdev/hitfb.c | 2 +- drivers/video/fbdev/hpfb.c | 2 +- drivers/video/fbdev/mx3fb.c | 2 +- drivers/video/fbdev/q40fb.c | 2 +- drivers/video/fbdev/sm501fb.c | 2 +- drivers/video/fbdev/stifb.c | 2 +- drivers/video/fbdev/w100fb.c | 2 +- drivers/zorro/proc.c | 2 +- fs/9p/vfs_file.c | 2 +- fs/afs/proc.c | 2 +- fs/aio.c | 2 +- fs/anon_inodes.c | 2 +- fs/bfs/inode.c | 2 +- fs/binfmt_aout.c | 2 +- fs/binfmt_elf.c | 2 +- fs/binfmt_elf_fdpic.c | 2 +- fs/block_dev.c | 2 +- fs/cifs/cifs_debug.c | 2 +- fs/cifs/cifssmb.c | 2 +- fs/cifs/connect.c | 2 +- fs/cifs/transport.c | 2 +- fs/compat.c | 2 +- fs/compat_ioctl.c | 2 +- fs/configfs/file.c | 2 +- fs/coredump.c | 2 +- fs/dcache.c | 2 +- fs/dcookies.c | 2 +- fs/dlm/dlm_internal.h | 2 +- fs/efs/efs.h | 2 +- fs/eventpoll.c | 2 +- fs/exec.c | 2 +- fs/ext2/ioctl.c | 2 +- fs/ext2/super.c | 2 +- fs/ext4/extents.c | 2 +- fs/ext4/ioctl.c | 2 +- fs/ext4/super.c | 2 +- fs/fcntl.c | 2 +- fs/fhandle.c | 2 +- fs/filesystems.c | 2 +- fs/gfs2/file.c | 2 +- fs/gfs2/glock.c | 2 +- fs/gfs2/inode.c | 2 +- fs/gfs2/sys.c | 2 +- fs/gfs2/util.c | 2 +- fs/gfs2/xattr.c | 2 +- fs/hfs/hfs_fs.h | 2 +- fs/hfsplus/ioctl.c | 2 +- fs/hugetlbfs/inode.c | 2 +- fs/jbd2/journal.c | 2 +- fs/jfs/ioctl.c | 2 +- fs/jfs/jfs_debug.c | 2 +- fs/jfs/super.c | 2 +- fs/libfs.c | 2 +- fs/locks.c | 2 +- fs/namei.c | 2 +- fs/ncpfs/dir.c | 2 +- fs/ncpfs/file.c | 2 +- fs/ncpfs/inode.c | 2 +- fs/ncpfs/ioctl.c | 2 +- fs/ncpfs/mmap.c | 2 +- fs/ncpfs/ncplib_kernel.h | 2 +- fs/ncpfs/sock.c | 2 +- fs/ncpfs/symlink.c | 2 +- fs/nfs/direct.c | 2 +- fs/nfs/file.c | 2 +- fs/nfs/getroot.c | 2 +- fs/nfs/inode.c | 2 +- fs/nfs/super.c | 2 +- fs/nfs/write.c | 2 +- fs/nfsd/fault_inject.c | 2 +- fs/nfsd/vfs.c | 2 +- fs/ntfs/file.c | 2 +- fs/ocfs2/cluster/masklog.c | 2 +- fs/ocfs2/cluster/tcp.c | 2 +- fs/ocfs2/dlmfs/dlmfs.c | 2 +- fs/ocfs2/stack_user.c | 2 +- fs/open.c | 2 +- fs/openpromfs/inode.c | 2 +- fs/pipe.c | 2 +- fs/proc/base.c | 2 +- fs/proc/generic.c | 2 +- fs/proc/inode.c | 2 +- fs/proc/kcore.c | 2 +- fs/proc/kmsg.c | 2 +- fs/proc/nommu.c | 2 +- fs/proc/page.c | 2 +- fs/proc/proc_net.c | 2 +- fs/proc/proc_tty.c | 2 +- fs/proc/root.c | 2 +- fs/proc/task_mmu.c | 2 +- fs/proc/vmcore.c | 2 +- fs/ramfs/file-nommu.c | 2 +- fs/ramfs/inode.c | 2 +- fs/read_write.c | 2 +- fs/readdir.c | 2 +- fs/select.c | 2 +- fs/seq_file.c | 2 +- fs/stat.c | 2 +- fs/ufs/inode.c | 2 +- fs/ufs/super.c | 2 +- fs/utimes.c | 2 +- fs/xattr.c | 2 +- fs/xfs/xfs_ioctl32.c | 2 +- fs/xfs/xfs_linux.h | 2 +- include/asm-generic/termios-base.h | 2 +- include/asm-generic/termios.h | 2 +- include/drm/drmP.h | 2 +- include/linux/isdnif.h | 2 +- include/linux/pagemap.h | 2 +- include/linux/poll.h | 2 +- include/net/checksum.h | 2 +- include/net/sctp/sctp.h | 2 +- include/rdma/ib_verbs.h | 2 +- init/init_task.c | 2 +- kernel/capability.c | 2 +- kernel/compat.c | 2 +- kernel/configs.c | 2 +- kernel/cpuset.c | 2 +- kernel/exit.c | 2 +- kernel/extable.c | 2 +- kernel/fork.c | 2 +- kernel/futex_compat.c | 2 +- kernel/groups.c | 2 +- kernel/kmod.c | 2 +- kernel/kprobes.c | 2 +- kernel/locking/lockdep_proc.c | 2 +- kernel/module.c | 2 +- kernel/power/snapshot.c | 2 +- kernel/power/user.c | 2 +- kernel/printk/printk.c | 2 +- kernel/profile.c | 2 +- kernel/signal.c | 2 +- kernel/sys.c | 2 +- kernel/sysctl.c | 2 +- kernel/time/hrtimer.c | 2 +- kernel/time/itimer.c | 2 +- kernel/time/posix-cpu-timers.c | 2 +- kernel/time/posix-timers.c | 2 +- kernel/time/time.c | 2 +- kernel/time/timer.c | 2 +- kernel/time/timer_list.c | 2 +- kernel/time/timer_stats.c | 2 +- kernel/uid16.c | 2 +- lib/extable.c | 2 +- lib/kstrtox.c | 2 +- mm/memcontrol.c | 2 +- mm/memory.c | 2 +- mm/mempolicy.c | 2 +- mm/mincore.c | 2 +- mm/mmap.c | 2 +- mm/mprotect.c | 2 +- mm/nommu.c | 2 +- mm/shmem.c | 2 +- mm/util.c | 2 +- mm/vmalloc.c | 2 +- net/802/fc.c | 2 +- net/802/hippi.c | 2 +- net/8021q/vlan.c | 2 +- net/ax25/af_ax25.c | 2 +- net/ax25/ax25_addr.c | 2 +- net/ax25/ax25_dev.c | 2 +- net/ax25/ax25_ds_in.c | 2 +- net/ax25/ax25_ds_subr.c | 2 +- net/ax25/ax25_ds_timer.c | 2 +- net/ax25/ax25_iface.c | 2 +- net/ax25/ax25_in.c | 2 +- net/ax25/ax25_ip.c | 2 +- net/ax25/ax25_out.c | 2 +- net/ax25/ax25_route.c | 2 +- net/ax25/ax25_std_in.c | 2 +- net/ax25/ax25_std_subr.c | 2 +- net/ax25/ax25_std_timer.c | 2 +- net/ax25/ax25_subr.c | 2 +- net/ax25/ax25_timer.c | 2 +- net/ax25/ax25_uid.c | 2 +- net/bridge/br_device.c | 2 +- net/bridge/br_ioctl.c | 2 +- net/bridge/br_netfilter_hooks.c | 2 +- net/bridge/br_netfilter_ipv6.c | 2 +- net/bridge/netfilter/ebtables.c | 2 +- net/compat.c | 2 +- net/core/datagram.c | 2 +- net/core/dev.c | 2 +- net/core/filter.c | 2 +- net/core/gen_estimator.c | 2 +- net/core/rtnetlink.c | 2 +- net/core/scm.c | 2 +- net/core/skbuff.c | 2 +- net/core/sock.c | 2 +- net/core/utils.c | 2 +- net/decnet/dn_dev.c | 2 +- net/decnet/dn_fib.c | 2 +- net/decnet/dn_table.c | 2 +- net/decnet/sysctl_net_decnet.c | 2 +- net/ipv4/af_inet.c | 2 +- net/ipv4/devinet.c | 2 +- net/ipv4/fib_frontend.c | 2 +- net/ipv4/fib_semantics.c | 2 +- net/ipv4/fib_trie.c | 2 +- net/ipv4/icmp.c | 2 +- net/ipv4/igmp.c | 2 +- net/ipv4/ip_gre.c | 2 +- net/ipv4/ip_options.c | 2 +- net/ipv4/ip_output.c | 2 +- net/ipv4/ip_sockglue.c | 2 +- net/ipv4/ipconfig.c | 2 +- net/ipv4/ipip.c | 2 +- net/ipv4/ipmr.c | 2 +- net/ipv4/netfilter/arp_tables.c | 2 +- net/ipv4/netfilter/ip_tables.c | 2 +- net/ipv4/raw.c | 2 +- net/ipv4/route.c | 2 +- net/ipv4/tcp.c | 2 +- net/ipv4/udp.c | 2 +- net/ipv6/af_inet6.c | 2 +- net/ipv6/datagram.c | 2 +- net/ipv6/icmp.c | 2 +- net/ipv6/ip6_flowlabel.c | 2 +- net/ipv6/ip6_tunnel.c | 2 +- net/ipv6/ip6mr.c | 2 +- net/ipv6/ipv6_sockglue.c | 2 +- net/ipv6/netfilter/ip6_tables.c | 2 +- net/ipv6/route.c | 2 +- net/ipv6/sit.c | 2 +- net/ipv6/udp.c | 2 +- net/ipx/af_ipx.c | 2 +- net/irda/af_irda.c | 2 +- net/irda/ircomm/ircomm_tty.c | 2 +- net/irda/ircomm/ircomm_tty_ioctl.c | 2 +- net/irda/irda_device.c | 2 +- net/irda/irnet/irnet.h | 2 +- net/lapb/lapb_iface.c | 2 +- net/lapb/lapb_in.c | 2 +- net/lapb/lapb_out.c | 2 +- net/lapb/lapb_subr.c | 2 +- net/lapb/lapb_timer.c | 2 +- net/netfilter/ipvs/ip_vs_ctl.c | 2 +- net/netfilter/nfnetlink.c | 2 +- net/netlink/af_netlink.c | 2 +- net/packet/af_packet.c | 2 +- net/rose/af_rose.c | 2 +- net/rose/rose_route.c | 2 +- net/sctp/ipv6.c | 2 +- net/socket.c | 2 +- net/sunrpc/auth_gss/auth_gss.c | 2 +- net/sunrpc/cache.c | 2 +- net/sunrpc/svcsock.c | 2 +- net/sunrpc/sysctl.c | 2 +- net/unix/af_unix.c | 2 +- net/x25/af_x25.c | 2 +- net/x25/x25_link.c | 2 +- net/xfrm/xfrm_state.c | 2 +- net/xfrm/xfrm_user.c | 2 +- security/keys/keyctl.c | 2 +- security/keys/process_keys.c | 2 +- security/keys/request_key_auth.c | 2 +- security/keys/user_defined.c | 2 +- sound/oss/dmasound/dmasound_atari.c | 2 +- sound/oss/dmasound/dmasound_core.c | 2 +- sound/oss/dmasound/dmasound_paula.c | 2 +- sound/oss/dmasound/dmasound_q40.c | 2 +- sound/oss/msnd.c | 2 +- sound/oss/os.h | 2 +- sound/oss/swarm_cs4297a.c | 2 +- virt/kvm/kvm_main.c | 2 +- 1088 files changed, 1088 insertions(+), 1088 deletions(-) commit 1dd5c6b15372c7c127c509afa9a816bad5feed3b Merge: 3a77fa8 374402a Author: Linus Torvalds Date: Sat Dec 24 11:37:18 2016 -0800 Merge branch 'for-next' of git://git.samba.org/sfrench/cifs-2.6 Pull cifs fixes from Steve French: "This ncludes various cifs/smb3 bug fixes, mostly for stable as well. In the next week I expect that Germano will have some reconnection fixes, and also I expect to have the remaining pieces of the snapshot enablement and SMB3 ACLs, but wanted to get this set of bug fixes in" * 'for-next' of git://git.samba.org/sfrench/cifs-2.6: cifs_get_root shouldn't use path with tree name Fix default behaviour for empty domains and add domainauto option cifs: use %16phN for formatting md5 sum cifs: Fix smbencrypt() to stop pointing a scatterlist at the stack CIFS: Fix a possible double locking of mutex during reconnect CIFS: Fix a possible memory corruption during reconnect CIFS: Fix a possible memory corruption in push locks CIFS: Fix missing nls unload in smb2_reconnect() CIFS: Decrease verbosity of ioctl call SMB3: parsing for new snapshot timestamp mount parm commit 3a77fa854477a12fc543a69d00ff8a42adefc586 Merge: 01e0d60 0671612 Author: Linus Torvalds Date: Sat Dec 24 11:27:45 2016 -0800 Merge tag 'watchdog-for-linus-v4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging Pull watchdog updates from Wim Van Sebroeck and Guenter Roeck: - new driver for Add Loongson1 SoC - minor cleanup and fixes in various drivers * tag 'watchdog-for-linus-v4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging: watchdog: it87_wdt: add IT8620E ID watchdog: mpc8xxx: Remove unneeded linux/miscdevice.h include watchdog: octeon: Remove unneeded linux/miscdevice.h include watchdog: bcm2835_wdt: set WDOG_HW_RUNNING bit when appropriate watchdog: loongson1: Add Loongson1 SoC watchdog driver watchdog: cpwd: remove memory allocate failure message watchdog: da9062/61: watchdog driver intel-mid_wdt: Error code is just an integer intel-mid_wdt: make sure watchdog is not running at startup watchdog: mei_wdt: request stop on reboot to prevent false positive event watchdog: hpwdt: changed maintainer information watchdog: jz4740: Fix modular build watchdog: qcom: fix kernel panic due to external abort on non-linefetch watchdog: davinci: add support for deferred probing watchdog: meson: Remove unneeded platform MODULE_ALIAS watchdog: Standardize leading tabs and spaces in Kconfig file watchdog: max77620_wdt: fix module autoload watchdog: bcm7038_wdt: fix module autoload commit 01e0d6037de687fd3bb8b45ab1376e8322c1fcc9 Merge: 6ac3bb1 dfb7d24 Author: Linus Torvalds Date: Sat Dec 24 11:23:24 2016 -0800 Merge tag 'ntb-4.10' of git://github.com/jonmason/ntb Pull NTB update from Jon Mason: - NTB bug fixes for removing an unnecessary call to ntb_peer_spad_read, and correcting a free_irq inconsistency - add Intel SKX support - change the AMD NTB maintainer, and fix some bugs present there * tag 'ntb-4.10' of git://github.com/jonmason/ntb: ntb_transport: Remove unnecessary call to ntb_peer_spad_read NTB: Fix 'request_irq()' and 'free_irq()' inconsistancy ntb: fix SKX NTB config space size register offsets NTB: correct ntb_peer_spad_read for case when callback is not supplied. MAINTAINERS: Change in maintainer for AMD NTB ntb_transport: Limit memory windows based on available, scratchpads NTB: Register and offset values fix for memory window NTB: add support for hotplug feature ntb: Adding Skylake Xeon NTB support commit 6ef4e07ecd2db21025c446327ecf34414366498b Author: Xiao Guangrong Date: Sat Dec 24 10:00:42 2016 +0100 KVM: x86: reset MMU on KVM_SET_VCPU_EVENTS Otherwise, mismatch between the smm bit in hflags and the MMU role can cause a NULL pointer dereference. Cc: stable@vger.kernel.org Signed-off-by: Xiao Guangrong Signed-off-by: Paolo Bonzini arch/x86/kvm/x86.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) commit 6ac3bb167fed0b3d02b4fd3daa0d819841d5f6f4 Merge: eb3e8d9 c280f77 Author: Linus Torvalds Date: Fri Dec 23 16:54:46 2016 -0800 Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 fixes from Ingo Molnar: "There's a number of fixes: - a round of fixes for CPUID-less legacy CPUs - a number of microcode loader fixes - i8042 detection robustization fixes - stack dump/unwinder fixes - x86 SoC platform driver fixes - a GCC 7 warning fix - virtualization related fixes" * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (24 commits) Revert "x86/unwind: Detect bad stack return address" x86/paravirt: Mark unused patch_default label x86/microcode/AMD: Reload proper initrd start address x86/platform/intel/quark: Add printf attribute to imr_self_test_result() x86/platform/intel-mid: Switch MPU3050 driver to IIO x86/alternatives: Do not use sync_core() to serialize I$ x86/topology: Document cpu_llc_id x86/hyperv: Handle unknown NMIs on one CPU when unknown_nmi_panic x86/asm: Rewrite sync_core() to use IRET-to-self x86/microcode/intel: Replace sync_core() with native_cpuid() Revert "x86/boot: Fail the boot if !M486 and CPUID is missing" x86/asm/32: Make sync_core() handle missing CPUID on all 32-bit kernels x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6 x86/tools: Fix gcc-7 warning in relocs.c x86/unwind: Dump stack data on warnings x86/unwind: Adjust last frame check for aligned function stacks x86/init: Fix a couple of comment typos x86/init: Remove i8042_detect() from platform ops Input: i8042 - Trust firmware a bit more when probing on X86 x86/init: Add i8042 state to the platform data ... commit eb3e8d9de28a5385f75e5c42eba5fb5b0c7625be Merge: 00198da c9435f3 Author: Linus Torvalds Date: Fri Dec 23 16:51:16 2016 -0800 Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull timer fix from Ingo Molnar: "ARM/MOXA SoC clocksource driver fixes" * 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: clocksource/drivers/moxart: Plug memory and mapping leaks commit 00198dab3b825ab264424a052beea5acb859754f Merge: 9004fda 3705b97 Author: Linus Torvalds Date: Fri Dec 23 16:49:12 2016 -0800 Merge branch 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull perf fixes from Ingo Molnar: "On the kernel side there's two x86 PMU driver fixes and a uprobes fix, plus on the tooling side there's a number of fixes and some late updates" * 'perf-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (36 commits) perf sched timehist: Fix invalid period calculation perf sched timehist: Remove hardcoded 'comm_width' check at print_summary perf sched timehist: Enlarge default 'comm_width' perf sched timehist: Honour 'comm_width' when aligning the headers perf/x86: Fix overlap counter scheduling bug perf/x86/pebs: Fix handling of PEBS buffer overflows samples/bpf: Move open_raw_sock to separate header samples/bpf: Remove perf_event_open() declaration samples/bpf: Be consistent with bpf_load_program bpf_insn parameter tools lib bpf: Add bpf_prog_{attach,detach} samples/bpf: Switch over to libbpf perf diff: Do not overwrite valid build id perf annotate: Don't throw error for zero length symbols perf bench futex: Fix lock-pi help string perf trace: Check if MAP_32BIT is defined (again) samples/bpf: Make perf_event_read() static uprobes: Fix uprobes on MIPS, allow for a cache flush after ixol breakpoint creation samples/bpf: Make samples more libbpf-centric tools lib bpf: Add flags to bpf_create_map() tools lib bpf: use __u32 from linux/types.h ... commit 9004fda59577d439564d44d6d1db52d262fe3f99 Merge: 50b17cf f357563 Author: Linus Torvalds Date: Fri Dec 23 16:47:25 2016 -0800 Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull irq fix from Ingo Molnar: "A build warning fix with certain .config's" * 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: irqchip/st: Mark st_irq_syscfg_resume() __maybe_unused commit eb9def61be7197669cab51f43789b53aa7a69509 Author: Tariq Toukan Date: Thu Dec 22 14:32:58 2016 +0200 net/mlx4_en: Fix user prio field in XDP forward The user prio field is wrong (and overflows) in the XDP forward flow. This is a result of a bad value for num_tx_rings_p_up, which should account all XDP TX rings, as they operate for the same user prio. Signed-off-by: Tariq Toukan Reported-by: Martin KaFai Lau Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx4/en_netdev.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 693c56491fb720087437a635e6eaf440659b922f Author: Jon Paul Maloy Date: Thu Dec 22 07:22:29 2016 -0500 tipc: don't send FIN message from connectionless socket In commit 6f00089c7372 ("tipc: remove SS_DISCONNECTING state") the check for socket type is in the wrong place, causing a closing socket to always send out a FIN message even when the socket was never connected. This is normally harmless, since the destination node for such messages most often is zero, and the message will be dropped, but it is still a wrong and confusing behavior. We fix this in this commit. Reviewed-by: Parthasarathy Bhuvaragan Signed-off-by: Jon Maloy Signed-off-by: David S. Miller net/tipc/socket.c | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) commit e252536068efd1578c6e23e7323527c5e6e980bd Author: Mahesh Bandewar Date: Wed Dec 21 17:30:16 2016 -0800 ipvlan: fix multicast processing In an IPvlan setup when master is set in loopback mode e.g. ethtool -K eth0 set loopback on where eth0 is master device for IPvlan setup. The failure is caused by the faulty logic that determines if the packet is from TX-path vs. RX-path by just looking at the mac- addresses on the packet while processing multicast packets. In the loopback-mode where this crash was happening, the packets that are sent out are reflected by the NIC and are processed on the RX path, but mac-address check tricks into thinking this packet is from TX path and falsely uses dev_forward_skb() to pass packets to the slave (virtual) devices. This patch records the path while queueing packets and eliminates logic of looking at mac-addresses for the same decision. ------------[ cut here ]------------ kernel BUG at include/linux/skbuff.h:1737! Call Trace: [] dev_forward_skb+0x92/0xd0 [] ipvlan_process_multicast+0x395/0x4c0 [ipvlan] [] ? ipvlan_process_multicast+0xd7/0x4c0 [ipvlan] [] ? process_one_work+0x147/0x660 [] process_one_work+0x1a9/0x660 [] ? process_one_work+0x147/0x660 [] worker_thread+0x11d/0x360 [] ? rescuer_thread+0x350/0x350 [] kthread+0xdb/0xe0 [] ? _raw_spin_unlock_irq+0x30/0x50 [] ? flush_kthread_worker+0xc0/0xc0 [] ret_from_fork+0x9a/0xd0 [] ? flush_kthread_worker+0xc0/0xc0 Fixes: ba35f8588f47 ("ipvlan: Defer multicast / broadcast processing to a work-queue") Signed-off-by: Mahesh Bandewar CC: Eric Dumazet Signed-off-by: David S. Miller drivers/net/ipvlan/ipvlan.h | 5 +++++ drivers/net/ipvlan/ipvlan_core.c | 26 +++++++++++++++----------- 2 files changed, 20 insertions(+), 11 deletions(-) commit b1227d019fa98c43381ad8827baf7efbe2923ed1 Author: Eric Dumazet Date: Wed Dec 21 18:00:24 2016 -0800 ipvlan: fix various issues in ipvlan_process_multicast() 1) netif_rx() / dev_forward_skb() should not be called from process context. 2) ipvlan_count_rx() should be called with preemption disabled. 3) We should check if ipvlan->dev is up before feeding packets to netif_rx() 4) We need to prevent device from disappearing if some packets are in the multicast backlog. 5) One kfree_skb() should be a consume_skb() eventually Fixes: ba35f8588f47 ("ipvlan: Defer multicast / broadcast processing to a work-queue") Signed-off-by: Eric Dumazet Cc: Mahesh Bandewar Signed-off-by: David S. Miller drivers/net/ipvlan/ipvlan_core.c | 38 +++++++++++++++++++++++++------------- drivers/net/ipvlan/ipvlan_main.c | 7 ++++++- 2 files changed, 31 insertions(+), 14 deletions(-) commit e3ba730702af370563f66cb610b71aa0ca67955e Author: Jan Kara Date: Thu Dec 22 10:15:20 2016 +0100 fsnotify: Remove fsnotify_duplicate_mark() There are only two calls sites of fsnotify_duplicate_mark(). Those are in kernel/audit_tree.c and both are bogus. Vfsmount pointer is unused for audit tree, inode pointer and group gets set in fsnotify_add_mark_locked() later anyway, mask and free_mark are already set in alloc_chunk(). In fact, calling fsnotify_duplicate_mark() is actively harmful because following fsnotify_add_mark_locked() will leak group reference by overwriting the group pointer. So just remove the two calls to fsnotify_duplicate_mark() and the function. Signed-off-by: Jan Kara [PM: line wrapping to fit in 80 chars] Signed-off-by: Paul Moore fs/notify/mark.c | 12 ------------ include/linux/fsnotify_backend.h | 2 -- kernel/audit_tree.c | 8 ++++---- 3 files changed, 4 insertions(+), 18 deletions(-) commit dfb7d24c5ad5c986f2417f52784738b67cfedd4d Author: Steve Wahl Date: Wed Dec 21 11:45:22 2016 -0500 ntb_transport: Remove unnecessary call to ntb_peer_spad_read The results were previously ignored, anyway. Signed-off-by: Steve Wahl Fixes: e26a5843f7f5014ae4460030ca4de029a3ac35d3 Acked-by: Allen Hubbe Signed-off-by: Jon Mason drivers/ntb/ntb_transport.c | 1 - 1 file changed, 1 deletion(-) commit 28734e8f69395de4c2aea50fcb74d87720e8537b Author: Christophe JAILLET Date: Mon Dec 19 06:52:55 2016 +0100 NTB: Fix 'request_irq()' and 'free_irq()' inconsistancy 'request_irq()' and 'free_irq()' should have the same 'dev_id'. Signed-off-by: Christophe JAILLET Acked-by: Dave Jiang Signed-off-by: Jon Mason drivers/ntb/hw/amd/ntb_hw_amd.c | 2 +- drivers/ntb/hw/intel/ntb_hw_intel.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) commit 09e71a6f13445974fe9b70b6d4b68ac362cd68b6 Author: Dave Jiang Date: Tue Dec 13 09:03:13 2016 -0700 ntb: fix SKX NTB config space size register offsets The offsets for the SZ registers are wrong. Updated. Signed-off-by: Dave Jiang Reported-by: Sandeep Mann Tested-by: Zachary Ross Signed-off-by: Jon Mason drivers/ntb/hw/intel/ntb_hw_intel.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 5c43c52d5fb6163120ae5d9a281c3b757ca6119c Author: Steven Wahl Date: Thu Dec 8 17:02:28 2016 +0000 NTB: correct ntb_peer_spad_read for case when callback is not supplied. Correct ntb_peer_spad_read for case when callback is not supplied Signed-off-by: Steve Wahl Acked-by: Allen Hubbe Signed-off-by: Jon Mason include/linux/ntb.h | 3 +++ 1 file changed, 3 insertions(+) commit bc034e52627a242bcf4343b791cbd263f65cfdcc Author: Shyam Sundar S K Date: Wed Dec 7 22:48:39 2016 +0530 MAINTAINERS: Change in maintainer for AMD NTB I would like to take maintainership for AMD NTB Signed-off-by: Shyam Sundar S K Signed-off-by: Xiangliang Yu Acked-by: Xiangliang Yu Signed-off-by: Jon Mason MAINTAINERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit b17faba03fc72091f4d040b879def004316952ec Author: Shyam Sundar S K Date: Wed Dec 7 22:37:05 2016 +0530 ntb_transport: Limit memory windows based on available, scratchpads When the underlying NTB H/W driver advertises more memory windows than the number of scratchpads available to setup MW's, it is likely that we may end up filling the remaining memory windows with garbage. So to avoid that, lets limit the memory windows that transport driver can setup based on the available scratchpads. Signed-off-by: Shyam Sundar S K Acked-by: Allen Hubbe Signed-off-by: Jon Mason drivers/ntb/ntb_transport.c | 28 ++++++++++++++++------------ 1 file changed, 16 insertions(+), 12 deletions(-) commit 872deb21038e90903a40ab6a29b9d0652a6ebc8d Author: Shyam Sundar S K Date: Fri Dec 2 00:44:28 2016 +0530 NTB: Register and offset values fix for memory window Due to incorrect limit and translation register values, NTB link was going down when the memory window was setup. Made appropriate changes as per spec. Fix limit register values for BAR1, which was overlapping with the BAR23 address. Signed-off-by: Shyam Sundar S K Acked-by: Allen Hubbe Signed-off-by: Jon Mason drivers/ntb/hw/amd/ntb_hw_amd.c | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) commit e5b0d2d1ba92a8e424e7395537a96e8a373d0267 Author: Xiangliang Yu Date: Fri Nov 18 14:51:41 2016 +0530 NTB: add support for hotplug feature AMD NTB support hotplug under B2B mode. NTB will trigger link up/down interrupt event when doing plug add/remove, this patch implements the two interrupt event to support B2B hotplug function. Signed-off-by: Xiangliang Yu Signed-off-by: Shyam Sundar S K Acked-by: Allen Hubbe Signed-off-by: Jon Mason drivers/ntb/hw/amd/ntb_hw_amd.c | 9 ++++++++- drivers/ntb/hw/amd/ntb_hw_amd.h | 5 ++++- 2 files changed, 12 insertions(+), 2 deletions(-) commit 783dfa6cc41b710b8b0c1979c6100417d0d6c3b2 Author: Dave Jiang Date: Wed Nov 16 14:03:38 2016 -0700 ntb: Adding Skylake Xeon NTB support The Skylake Xeon NTB hardware has made some changes to the register name, offset, and the way doorbells work. Adding driver support for the new hardware. Signed-off-by: Dave Jiang Acked-by: Allen Hubbe Signed-off-by: Jon Mason drivers/ntb/hw/intel/ntb_hw_intel.c | 660 +++++++++++++++++++++++++++++++++++- drivers/ntb/hw/intel/ntb_hw_intel.h | 48 +++ 2 files changed, 703 insertions(+), 5 deletions(-) commit c280f7736ab26a601932b1ce017a3840dbedcfdc Author: Josh Poimboeuf Date: Thu Dec 22 09:02:49 2016 -0600 Revert "x86/unwind: Detect bad stack return address" Revert the following commit: b6959a362177 ("x86/unwind: Detect bad stack return address") ... because Andrey Konovalov reported an unwinder warning: WARNING: unrecognized kernel stack return address ffffffffa0000001 at ffff88006377fa18 in a.out:4467 The unwind was initiated from an interrupt which occurred while running in the generated code for a kprobe. The unwinder printed the warning because it expected regs->ip to point to a valid text address, but instead it pointed to the generated code. Eventually we may want come up with a way to identify generated kprobe code so the unwinder can know that it's a valid return address. Until then, just remove the warning. Reported-by: Andrey Konovalov Signed-off-by: Josh Poimboeuf Cc: Andy Lutomirski Cc: Borislav Petkov Cc: Brian Gerst Cc: Denys Vlasenko Cc: H. Peter Anvin Cc: Linus Torvalds Cc: Masami Hiramatsu Cc: Peter Zijlstra Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/02f296848fbf49fb72dfeea706413ecbd9d4caf6.1482418739.git.jpoimboe@redhat.com Signed-off-by: Ingo Molnar arch/x86/kernel/unwind_frame.c | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) commit 3705b97505bcbf6440f38119c0e7d6058f585b54 Merge: 1134c2b bdd7572 Author: Ingo Molnar Date: Fri Dec 23 20:23:29 2016 +0100 Merge tag 'perf-urgent-for-mingo-20161222' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux into perf/urgent Pull perf/urgent fixes from Arnaldo Carvalho de Melo: Fixes for 'perf sched timehist': (Namhyung Kim) - Define a larger initial alignment value for the COMM column and make it be more consistently honoured, for instance in the header. - Fix invalid period calculation when using the --time option to select a time slice, when events outside that slice were being considered for the per cpu idle stats summary. Signed-off-by: Arnaldo Carvalho de Melo Signed-off-by: Ingo Molnar commit 50b17cfb1917b207612327d354e9043dbcbde431 Merge: a307d0a 1636098 Author: Linus Torvalds Date: Fri Dec 23 11:23:25 2016 -0800 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net Pull networking fixes from David Miller: 1) We have to be careful to not try and place a checksum after the end of a rawv6 packet, fix from Dave Jones with help from Hannes Frederic Sowa. 2) Missing memory barriers in tcp_tasklet_func() lead to crashes, from Eric Dumazet. 3) Several bug fixes for the new XDP support in virtio_net, from Jason Wang. 4) Increase headroom in RX skbs in be2net driver to accomodate encapsulations such as geneve. From Kalesh A P. 5) Fix SKB frag unmapping on TX in mvpp2, from Thomas Petazzoni. 6) Pre-pulling UDP headers created a regression in RECVORIGDSTADDR socket option support, from Willem de Bruijn. 7) UID based routing added a potential OOPS in ip_do_redirect() when we see an SKB without a socket attached. We just need it for the network namespace which we can get from skb->dev instead. Fix from Lorenzo Colitti. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (30 commits) sctp: fix recovering from 0 win with small data chunks sctp: do not loose window information if in rwnd_over virtio-net: XDP support for small buffers virtio-net: remove big packet XDP codes virtio-net: forbid XDP when VIRTIO_NET_F_GUEST_UFO is support virtio-net: make rx buf size estimation works for XDP virtio-net: unbreak csumed packets for XDP_PASS virtio-net: correctly handle XDP_PASS for linearized packets virtio-net: fix page miscount during XDP linearizing virtio-net: correctly xmit linearized page on XDP_TX virtio-net: remove the warning before XDP linearizing mlxsw: spectrum_router: Correctly remove nexthop groups mlxsw: spectrum_router: Don't reflect dead neighs neigh: Send netevent after marking neigh as dead ipv6: handle -EFAULT from skb_copy_bits inet: fix IP(V6)_RECVORIGDSTADDR for udp sockets net/sched: cls_flower: Mandate mask when matching on flags net/sched: act_tunnel_key: Fix setting UDP dst port in metadata under IPv6 stmmac: CSR clock configuration fix net: ipv4: Don't crash if passing a null sk to ip_do_redirect. ... commit 61033e089cde41464f820c8c381ce170d89470f0 Author: Juergen Gross Date: Thu Dec 22 08:19:48 2016 +0100 xen: remove stale xs_input_avail() from header In drivers/xen/xenbus/xenbus_comms.h there is a stale declaration of xs_input_avail(). Remove it. Signed-off-by: Juergen Gross Reviewed-by: Boris Ostrovsky Signed-off-by: Juergen Gross drivers/xen/xenbus/xenbus_comms.h | 1 - 1 file changed, 1 deletion(-) commit 9a6161fe73bdd3ae4a1e18421b0b20cb7141f680 Author: Juergen Gross Date: Thu Dec 22 08:19:47 2016 +0100 xen: return xenstore command failures via response instead of rc When the xenbus driver does some special handling for a Xenstore command any error condition related to the command should be returned via an error response instead of letting the related write operation fail. Otherwise the user land handler might take wrong decisions assuming the connection to Xenstore is broken. While at it try to return the same error values xenstored would return for those cases. Signed-off-by: Juergen Gross Reviewed-by: Boris Ostrovsky Signed-off-by: Juergen Gross drivers/xen/xenbus/xenbus_dev_frontend.c | 47 ++++++++++++++++++-------------- 1 file changed, 27 insertions(+), 20 deletions(-) commit 639b08810d6ad74ded2c5f6e233c4fcb9d147168 Author: Juergen Gross Date: Thu Dec 22 08:19:46 2016 +0100 xen: xenbus driver must not accept invalid transaction ids When accessing Xenstore in a transaction the user is specifying a transaction id which he normally obtained from Xenstore when starting the transaction. Xenstore is validating a transaction id against all known transaction ids of the connection the request came in. As all requests of a domain not being the one where Xenstore lives share one connection, validation of transaction ids of different users of Xenstore in that domain should be done by the kernel of that domain being the multiplexer between the Xenstore users in that domain and Xenstore. In order to prohibit one Xenstore user "hijacking" a transaction from another user the xenbus driver has to verify a given transaction id against all known transaction ids of the user before forwarding it to Xenstore. Signed-off-by: Juergen Gross Reviewed-by: Boris Ostrovsky Signed-off-by: Juergen Gross drivers/xen/xenbus/xenbus_dev_frontend.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 1636098c46ac52c7fec384fe629144e8e03487b1 Author: Marcelo Ricardo Leitner Date: Fri Dec 23 14:29:37 2016 -0200 sctp: fix recovering from 0 win with small data chunks Currently if SCTP closes the receive window with window pressure, mostly caused by excessive skb overhead on payload/overheads ratio, SCTP will close the window abruptly while saving the delta on rwnd_press. It will start recovering rwnd as the chunks are consumed by the application and the rwnd_press will be only recovered after rwnd reach the same value as of rwnd_press, mostly to prevent silly window syndrome. Thing is, this is very inefficient with small data chunks, as with those it will never reach back that value, and thus it will never recover from such pressure. This means that we will not issue window updates when recovering from 0 window and will rely on a sender retransmit to notice it. The fix here is to remove such threshold, as no value is good enough: it depends on the (avg) chunk sizes being used. Test with netperf -t SCTP_STREAM -- -m 1, and trigger 0 window by sending SIGSTOP to netserver, sleep 1.2, and SIGCONT. Rate limited to 845kbps, for visibility. Capture done at netserver side. Previously: 01.500751 IP B.48277 > A.36925: sctp (1) [SACK] [cum ack 632372996] [a_rwnd 99153] [ 01.500752 IP A.36925 > B.48277: sctp (1) [DATA] (B)(E) [TSN: 632372997] [SID: 0] [SS 01.517471 IP A.36925 > B.48277: sctp (1) [DATA] (B)(E) [TSN: 632373010] [SID: 0] [SS 01.517483 IP B.48277 > A.36925: sctp (1) [SACK] [cum ack 632373009] [a_rwnd 0] [#gap 01.517485 IP A.36925 > B.48277: sctp (1) [DATA] (B)(E) [TSN: 632373083] [SID: 0] [SS 01.517488 IP B.48277 > A.36925: sctp (1) [SACK] [cum ack 632373009] [a_rwnd 0] [#gap 01.534168 IP A.36925 > B.48277: sctp (1) [DATA] (B)(E) [TSN: 632373096] [SID: 0] [SS 01.534180 IP B.48277 > A.36925: sctp (1) [SACK] [cum ack 632373009] [a_rwnd 0] [#gap 01.534181 IP A.36925 > B.48277: sctp (1) [DATA] (B)(E) [TSN: 632373169] [SID: 0] [SS 01.534185 IP B.48277 > A.36925: sctp (1) [SACK] [cum ack 632373009] [a_rwnd 0] [#gap 02.525978 IP A.36925 > B.48277: sctp (1) [DATA] (B)(E) [TSN: 632373010] [SID: 0] [SS 02.526021 IP B.48277 > A.36925: sctp (1) [SACK] [cum ack 632373009] [a_rwnd 0] [#gap (window update missed) 04.573807 IP A.36925 > B.48277: sctp (1) [DATA] (B)(E) [TSN: 632373010] [SID: 0] [SS 04.779370 IP B.48277 > A.36925: sctp (1) [SACK] [cum ack 632373082] [a_rwnd 859] [#g 04.789162 IP A.36925 > B.48277: sctp (1) [DATA] (B)(E) [TSN: 632373083] [SID: 0] [SS 04.789323 IP A.36925 > B.48277: sctp (1) [DATA] (B)(E) [TSN: 632373156] [SID: 0] [SS 04.789372 IP B.48277 > A.36925: sctp (1) [SACK] [cum ack 632373228] [a_rwnd 786] [#g After: 02.568957 IP B.50536 > A.55173: sctp (1) [SACK] [cum ack 2490098728] [a_rwnd 99153] 02.568961 IP A.55173 > B.50536: sctp (1) [DATA] (B)(E) [TSN: 2490098729] [SID: 0] [S 02.585631 IP A.55173 > B.50536: sctp (1) [DATA] (B)(E) [TSN: 2490098742] [SID: 0] [S 02.585666 IP B.50536 > A.55173: sctp (1) [SACK] [cum ack 2490098741] [a_rwnd 0] [#ga 02.585671 IP A.55173 > B.50536: sctp (1) [DATA] (B)(E) [TSN: 2490098815] [SID: 0] [S 02.585683 IP B.50536 > A.55173: sctp (1) [SACK] [cum ack 2490098741] [a_rwnd 0] [#ga 02.602330 IP A.55173 > B.50536: sctp (1) [DATA] (B)(E) [TSN: 2490098828] [SID: 0] [S 02.602359 IP B.50536 > A.55173: sctp (1) [SACK] [cum ack 2490098741] [a_rwnd 0] [#ga 02.602363 IP A.55173 > B.50536: sctp (1) [DATA] (B)(E) [TSN: 2490098901] [SID: 0] [S 02.602372 IP B.50536 > A.55173: sctp (1) [SACK] [cum ack 2490098741] [a_rwnd 0] [#ga 03.600788 IP A.55173 > B.50536: sctp (1) [DATA] (B)(E) [TSN: 2490098742] [SID: 0] [S 03.600830 IP B.50536 > A.55173: sctp (1) [SACK] [cum ack 2490098741] [a_rwnd 0] [#ga 03.619455 IP B.50536 > A.55173: sctp (1) [SACK] [cum ack 2490098741] [a_rwnd 13508] 03.619479 IP B.50536 > A.55173: sctp (1) [SACK] [cum ack 2490098741] [a_rwnd 27017] 03.619497 IP B.50536 > A.55173: sctp (1) [SACK] [cum ack 2490098741] [a_rwnd 40526] 03.619516 IP B.50536 > A.55173: sctp (1) [SACK] [cum ack 2490098741] [a_rwnd 54035] 03.619533 IP B.50536 > A.55173: sctp (1) [SACK] [cum ack 2490098741] [a_rwnd 67544] 03.619552 IP B.50536 > A.55173: sctp (1) [SACK] [cum ack 2490098741] [a_rwnd 81053] 03.619570 IP B.50536 > A.55173: sctp (1) [SACK] [cum ack 2490098741] [a_rwnd 94562] (following data transmission triggered by window updates above) 03.633504 IP A.55173 > B.50536: sctp (1) [DATA] (B)(E) [TSN: 2490098742] [SID: 0] [S 03.836445 IP B.50536 > A.55173: sctp (1) [SACK] [cum ack 2490098814] [a_rwnd 100000] 03.843125 IP A.55173 > B.50536: sctp (1) [DATA] (B)(E) [TSN: 2490098815] [SID: 0] [S 03.843285 IP A.55173 > B.50536: sctp (1) [DATA] (B)(E) [TSN: 2490098888] [SID: 0] [S 03.843345 IP B.50536 > A.55173: sctp (1) [SACK] [cum ack 2490098960] [a_rwnd 99894] 03.856546 IP A.55173 > B.50536: sctp (1) [DATA] (B)(E) [TSN: 2490098961] [SID: 0] [S 03.866450 IP A.55173 > B.50536: sctp (1) [DATA] (B)(E) [TSN: 2490099011] [SID: 0] [S Signed-off-by: Marcelo Ricardo Leitner Signed-off-by: David S. Miller net/sctp/associola.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 58b94d88deb9ac913740e7778f2005f3ce6d0443 Author: Marcelo Ricardo Leitner Date: Fri Dec 23 14:29:02 2016 -0200 sctp: do not loose window information if in rwnd_over It's possible that we receive a packet that is larger than current window. If it's the first packet in this way, it will cause it to increase rwnd_over. Then, if we receive another data chunk (specially as SCTP allows you to have one data chunk in flight even during 0 window), rwnd_over will be overwritten instead of added to. In the long run, this could cause the window to grow bigger than its initial size, as rwnd_over would be charged only for the last received data chunk while the code will try open the window for all packets that were received and had its value in rwnd_over overwritten. This, then, can lead to the worsening of payload/buffer ratio and cause rwnd_press to kick in more often. The fix is to sum it too, same as is done for rwnd_press, so that if we receive 3 chunks after closing the window, we still have to release that same amount before re-opening it. Log snippet from sctp_test exhibiting the issue: [ 146.209232] sctp: sctp_assoc_rwnd_decrease: asoc:ffff88013928e000 rwnd decreased by 1 to (0, 1, 114221) [ 146.209232] sctp: sctp_assoc_rwnd_decrease: association:ffff88013928e000 has asoc->rwnd:0, asoc->rwnd_over:1! [ 146.209232] sctp: sctp_assoc_rwnd_decrease: asoc:ffff88013928e000 rwnd decreased by 1 to (0, 1, 114221) [ 146.209232] sctp: sctp_assoc_rwnd_decrease: association:ffff88013928e000 has asoc->rwnd:0, asoc->rwnd_over:1! [ 146.209232] sctp: sctp_assoc_rwnd_decrease: asoc:ffff88013928e000 rwnd decreased by 1 to (0, 1, 114221) [ 146.209232] sctp: sctp_assoc_rwnd_decrease: association:ffff88013928e000 has asoc->rwnd:0, asoc->rwnd_over:1! [ 146.209232] sctp: sctp_assoc_rwnd_decrease: asoc:ffff88013928e000 rwnd decreased by 1 to (0, 1, 114221) Signed-off-by: Marcelo Ricardo Leitner Signed-off-by: David S. Miller net/sctp/associola.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit a307d0a0074c18bcbea5dec368c9f047be9dade3 Merge: fc26901 faf0dce Author: Linus Torvalds Date: Fri Dec 23 10:52:43 2016 -0800 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs Pull final vfs updates from Al Viro: "Assorted cleanups and fixes all over the place" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: sg_write()/bsg_write() is not fit to be called under KERNEL_DS ufs: fix function declaration for ufs_truncate_blocks fs: exec: apply CLOEXEC before changing dumpable task flags seq_file: reset iterator to first record for zero offset vfs: fix isize/pos/len checks for reflink & dedupe [iov_iter] fix iterate_all_kinds() on empty iterators move aio compat to fs/aio.c reorganize do_make_slave() clone_private_mount() doesn't need to touch namespace_sem remove a bogus claim about namespace_sem being held by callers of mnt_alloc_id() commit e57cbe48a6b7a9a05a058aee5336d25407ad1c2c Merge: d3a51d6 bb91acc Author: David S. Miller Date: Fri Dec 23 13:48:56 2016 -0500 Merge branch 'virtio-net-xdp-fixes' Jason Wang says: ==================== several fixups for virtio-net XDP Merry Xmas and a Happy New year to all: This series tries to fixes several issues for virtio-net XDP which could be categorized into several parts: - fix several issues during XDP linearizing - allow csumed packet to work for XDP_PASS - make EWMA rxbuf size estimation works for XDP - forbid XDP when GUEST_UFO is support - remove big packet XDP support - add XDP support or small buffer Please see individual patches for details. ==================== Signed-off-by: David S. Miller commit bb91accf27335c6dc460e202991ca140fa21e1b5 Author: Jason Wang Date: Fri Dec 23 22:37:32 2016 +0800 virtio-net: XDP support for small buffers Commit f600b6905015 ("virtio_net: Add XDP support") leaves the case of small receive buffer untouched. This will confuse the user who want to set XDP but use small buffers. Other than forbid XDP in small buffer mode, let's make it work. XDP then can only work at skb->data since virtio-net create skbs during refill, this is sub optimal which could be optimized in the future. Cc: John Fastabend Signed-off-by: Jason Wang Acked-by: John Fastabend Signed-off-by: David S. Miller drivers/net/virtio_net.c | 112 ++++++++++++++++++++++++++++++++++++----------- 1 file changed, 87 insertions(+), 25 deletions(-) commit c47a43d3004ad6ff2a94a670cb3274cd6338d41e Author: Jason Wang Date: Fri Dec 23 22:37:31 2016 +0800 virtio-net: remove big packet XDP codes Now we in fact don't allow XDP for big packets, remove its codes. Cc: John Fastabend Signed-off-by: Jason Wang Signed-off-by: David S. Miller drivers/net/virtio_net.c | 44 +++----------------------------------------- 1 file changed, 3 insertions(+), 41 deletions(-) commit 92502fe86c7c9b3f8543f29641a3c71805e82757 Author: Jason Wang Date: Fri Dec 23 22:37:30 2016 +0800 virtio-net: forbid XDP when VIRTIO_NET_F_GUEST_UFO is support When VIRTIO_NET_F_GUEST_UFO is negotiated, host could still send UFO packet that exceeds a single page which could not be handled correctly by XDP. So this patch forbids setting XDP when GUEST_UFO is supported. While at it, forbid XDP for ECN (which comes only from GRO) too to prevent user from misconfiguration. Cc: John Fastabend Signed-off-by: Jason Wang Acked-by: John Fastabend Signed-off-by: David S. Miller drivers/net/virtio_net.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 5c33474d41af09f09c98f1df70f267920587bec0 Author: Jason Wang Date: Fri Dec 23 22:37:29 2016 +0800 virtio-net: make rx buf size estimation works for XDP We don't update ewma rx buf size in the case of XDP. This will lead underestimation of rx buf size which causes host to produce more than one buffers. This will greatly increase the possibility of XDP page linearization. Cc: John Fastabend Signed-off-by: Jason Wang Acked-by: John Fastabend Signed-off-by: David S. Miller drivers/net/virtio_net.c | 3 +++ 1 file changed, 3 insertions(+) commit b00f70b0dacb3d2e009afce860ebc90219072f5c Author: Jason Wang Date: Fri Dec 23 22:37:28 2016 +0800 virtio-net: unbreak csumed packets for XDP_PASS We drop csumed packet when do XDP for packets. This breaks XDP_PASS when GUEST_CSUM is supported. Fix this by allowing csum flag to be set. With this patch, simple TCP works for XDP_PASS. Cc: John Fastabend Signed-off-by: Jason Wang Acked-by: John Fastabend Signed-off-by: David S. Miller drivers/net/virtio_net.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 1830f8935f3b173d229b86e9927b3b6d599aa1f6 Author: Jason Wang Date: Fri Dec 23 22:37:27 2016 +0800 virtio-net: correctly handle XDP_PASS for linearized packets When XDP_PASS were determined for linearized packets, we try to get new buffers in the virtqueue and build skbs from them. This is wrong, we should create skbs based on existed buffers instead. Fixing them by creating skb based on xdp_page. With this patch "ping 192.168.100.4 -s 3900 -M do" works for XDP_PASS. Cc: John Fastabend Signed-off-by: Jason Wang Acked-by: John Fastabend Signed-off-by: David S. Miller drivers/net/virtio_net.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) commit 56a86f84b8332afe8c6fcb4b09d09d9bf094e2db Author: Jason Wang Date: Fri Dec 23 22:37:26 2016 +0800 virtio-net: fix page miscount during XDP linearizing We don't put page during linearizing, the would cause leaking when xmit through XDP_TX or the packet exceeds PAGE_SIZE. Fix them by put page accordingly. Also decrease the number of buffers during linearizing to make sure caller can free buffers correctly when packet exceeds PAGE_SIZE. With this patch, we won't get OOM after linearize huge number of packets. Cc: John Fastabend Signed-off-by: Jason Wang Acked-by: John Fastabend Signed-off-by: David S. Miller drivers/net/virtio_net.c | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) commit 275be061b33b945cfb120ee8a570f78c3ccafe56 Author: Jason Wang Date: Fri Dec 23 22:37:25 2016 +0800 virtio-net: correctly xmit linearized page on XDP_TX After we linearize page, we should xmit this page instead of the page of first buffer which may lead unexpected result. With this patch, we can see correct packet during XDP_TX. Cc: John Fastabend Signed-off-by: Jason Wang Acked-by: John Fastabend Signed-off-by: David S. Miller drivers/net/virtio_net.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 73b62bd085f4737679ea9afc7867fa5f99ba7d1b Author: Jason Wang Date: Fri Dec 23 22:37:24 2016 +0800 virtio-net: remove the warning before XDP linearizing Since we use EWMA to estimate the size of rx buffer. When rx buffer size is underestimated, it's usual to have a packet with more than one buffers. Consider this is not a bug, remove the warning and correct the comment before XDP linearizing. Cc: John Fastabend Signed-off-by: Jason Wang Signed-off-by: David S. Miller drivers/net/virtio_net.c | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) commit fc26901b12f1deedc351bbe9fd9a018d61485c57 Merge: 01302aa ac632f5 Author: Linus Torvalds Date: Fri Dec 23 10:46:15 2016 -0800 Merge tag 'befs-v4.10-rc1' of git://github.com/luisbg/linux-befs Pull befs updates from Luis de Bethencourt: "A series of small fixes and adding NFS export support" * tag 'befs-v4.10-rc1' of git://github.com/luisbg/linux-befs: befs: add NFS export support befs: remove trailing whitespaces befs: remove signatures from comments befs: fix style issues in header files befs: fix style issues in linuxvfs.c befs: fix typos in linuxvfs.c befs: fix style issues in io.c befs: fix style issues in inode.c befs: fix style issues in debug.c commit 01302aac12c782bf7cadfd9d902cd382359dca93 Merge: 2969159 4a401ce Author: Linus Torvalds Date: Fri Dec 23 10:41:53 2016 -0800 Merge tag 'drm-fixes-for-4.10-rc1' of git://people.freedesktop.org/~airlied/linux Pull drm fixes from Dave Airlie: "Some fixes came in while I was out, mostly intel and amdgpu ones, with one ast fix" Daniel Vetter says: "This should also shut up the WARN_ON(!intel_dp->lane_count) noise" * tag 'drm-fixes-for-4.10-rc1' of git://people.freedesktop.org/~airlied/linux: (35 commits) drm/amdgpu: update tile table for oland/hainan drm/amdgpu: update tile table for verde drm/amdgpu: update rev id for verde drm/amdgpu: update golden setting for verde drm/amdgpu: update rev id for oland drm/amdgpu: update golden setting for oland drm/amdgpu: update rev id for hainan drm/amdgpu: update golden setting for hainan drm/amdgpu: update rev id for pitcairn drm/amdgpu: update golden setting for pitcairn drm/amdgpu: update golden setting/tiling table of tahiti drm/i915: skip the first 4k of stolen memory on everything >= gen8 drm/i915: Fallback to single PAGE_SIZE segments for DMA remapping drm/i915: Fix use after free in logical_render_ring_init drm/i915: disable PSR by default on HSW/BDW drm/i915: Fix setting of boost freq tunable drm/i915: tune down the fast link training vs boot fail drm/i915: Reorder phys backing storage release drm/i915/gen9: Fix PCODE polling during SAGV disabling drm/i915/gen9: Fix PCODE polling during CDCLK change notification ... commit 296915912d89d1ed2f47472b67fc594b15383d71 Merge: f290cba 5cc8fab Author: Linus Torvalds Date: Fri Dec 23 10:38:48 2016 -0800 Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma Pull rdma fixes from Doug Ledford: "First round of -rc fixes for 4.10 kernel: - a series of qedr fixes - a series of rxe fixes - one i40iw fix - one cma fix - one cxgb4 fix" * tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma: IB/rxe: Don't check for null ptr in send() IB/rxe: Drop future atomic/read packets rather than retrying IB/rxe: Use BTH_PSN_MASK when ACKing duplicate sends qedr: Always notify the verb consumer of flushed CQEs qedr: clear the vendor error field in the work completion qedr: post_send/recv according to QP state qedr: ignore inline flag in read verbs qedr: modify QP state to error when destroying it qedr: return correct value on modify qp qedr: return error if destroy CQ failed qedr: configure the number of CQEs on CQ creation i40iw: Set 128B as the only supported RQ WQE size IB/cma: Fix a race condition in iboe_addr_get_sgid() IB/rxe: Fix a memory leak in rxe_qp_cleanup() iw_cxgb4: set correct FetchBurstMax for QPs commit f290cbacb697b7bc8fc67d3988e330bec0e502ea Merge: 42e0372 3eff4c7 Author: Linus Torvalds Date: Fri Dec 23 10:36:19 2016 -0800 Merge tag 'scsi-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi Pull late SCSI updates from James Bottomley: "This is mostly stuff which missed the initial pull. There's a new driver: qedi, and some ufs, ibmvscsis and ncr5380 updates plus some assorted driver fixes and also a fix for the bug where if a device goes into a blocked state between configuration and sysfs device add (which can be a long time under async probing) it would become permanently blocked" * tag 'scsi-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: (30 commits) scsi: avoid a permanent stop of the scsi device's request queue scsi: mpt3sas: Recognize and act on iopriority info scsi: qla2xxx: Fix Target mode handling with Multiqueue changes. scsi: qla2xxx: Add Block Multi Queue functionality. scsi: qla2xxx: Add multiple queue pair functionality. scsi: qla2xxx: Utilize pci_alloc_irq_vectors/pci_free_irq_vectors calls. scsi: qla2xxx: Only allow operational MBX to proceed during RESET. scsi: hpsa: remove memory allocate failure message scsi: Update 3ware driver email addresses scsi: zfcp: fix rport unblock race with LUN recovery scsi: zfcp: do not trace pure benign residual HBA responses at default level scsi: zfcp: fix use-after-"free" in FC ingress path after TMF scsi: libcxgbi: return error if interface is not up scsi: cxgb4i: libcxgbi: add missing module_put() scsi: cxgb4i: libcxgbi: cxgb4: add T6 iSCSI completion feature scsi: cxgb4i: libcxgbi: add active open cmd for T6 adapters scsi: cxgb4i: use cxgb4_tp_smt_idx() to get smt_idx scsi: qedi: Add QLogic FastLinQ offload iSCSI driver framework. scsi: aacraid: remove wildcard for series 9 controllers scsi: ibmvscsi: add write memory barrier to CRQ processing ... commit 42e0372c0e7ea3617a4ab28c7f83ce66cb0f868d Merge: 50f6584 08fe007 Author: Linus Torvalds Date: Fri Dec 23 10:22:47 2016 -0800 Merge tag 'arc-4.10-rc1-part2' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc Pull more ARC updates from Vineet Gupta: - Fix for aliasing VIPT dcache in old ARC700 cores - micro-optimization in ARC700 ProtV handler - Enable SG_CHAIN [Vladimir] - ARC HS38 core intc default to prio 1 * tag 'arc-4.10-rc1-part2' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc: ARC: mm: arc700: Don't assume 2 colours for aliasing VIPT dcache ARC: mm: No need to save cache version in @cpuinfo ARC: enable SG chaining ARCv2: intc: default all interrupts to priority 1 ARCv2: entry: document intr disable in hard isr ARC: ARCompact entry: elide re-reading ECR in ProtV handler commit d3a51d6cbc8a31bf924be1fe116e461138b1cddc Merge: a98f917 5831212 Author: David S. Miller Date: Fri Dec 23 12:31:20 2016 -0500 Merge branch 'mlxsw-router-fixes' Jiri Pirko says: ==================== mlxsw: Router fixes Ido says: First two patches ensure we remove from the device's table neighbours that are considered to be dead by the neighbour core. The last patch removes nexthop groups from the device when they are no longer valid. ==================== Signed-off-by: David S. Miller commit 58312125da5806308bd69e075fedae30f8cf7794 Author: Ido Schimmel Date: Fri Dec 23 09:32:50 2016 +0100 mlxsw: spectrum_router: Correctly remove nexthop groups At the end of the nexthop initialization process we determine whether the nexthop should be offloaded or not based on the NUD state of the neighbour representing it. After all the nexthops were initialized we refresh the nexthop group and potentially offload it to the device, in case some of the nexthops were resolved. Make the destruction of a nexthop group symmetric with its creation by marking all nexthops as invalid and then refresh the nexthop group to make sure it was removed from the device's tables. Fixes: b2157149b0b0 ("mlxsw: spectrum_router: Add the nexthop neigh activity update") Signed-off-by: Ido Schimmel Signed-off-by: Jiri Pirko Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c | 3 +++ 1 file changed, 3 insertions(+) commit 93a87e5e794fb71a51f97fbde6c0010680b62d70 Author: Ido Schimmel Date: Fri Dec 23 09:32:49 2016 +0100 mlxsw: spectrum_router: Don't reflect dead neighs When a neighbour is considered to be dead, we should remove it from the device's table regardless of its NUD state. Without this patch, after setting a port to be administratively down we get the following errors when we periodically try to update the kernel about neighbours activity: [ 461.947268] mlxsw_spectrum 0000:03:00.0 sw1p3: Failed to find matching neighbour for IP=192.168.100.2 Fixes: a6bf9e933daf ("mlxsw: spectrum_router: Offload neighbours based on NUD state change") Signed-off-by: Ido Schimmel Signed-off-by: Jiri Pirko Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlxsw/spectrum_router.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) commit 53f800e3baf980827c197a9332f63effe80d4809 Author: Ido Schimmel Date: Fri Dec 23 09:32:48 2016 +0100 neigh: Send netevent after marking neigh as dead neigh_cleanup_and_release() is always called after marking a neighbour as dead, but it only notifies user space and not in-kernel listeners of the netevent notification chain. This can cause multiple problems. In my specific use case, it causes the listener (a switch driver capable of L3 offloads) to believe a neighbour entry is still valid, and is thus erroneously kept in the device's table. Fix that by sending a netevent after marking the neighbour as dead. Fixes: a6bf9e933daf ("mlxsw: spectrum_router: Offload neighbours based on NUD state change") Signed-off-by: Ido Schimmel Signed-off-by: Jiri Pirko Signed-off-by: David S. Miller net/core/neighbour.c | 1 + 1 file changed, 1 insertion(+) commit a98f91758995cb59611e61318dddd8a6956b52c3 Author: Dave Jones Date: Thu Dec 22 11:16:22 2016 -0500 ipv6: handle -EFAULT from skb_copy_bits By setting certain socket options on ipv6 raw sockets, we can confuse the length calculation in rawv6_push_pending_frames triggering a BUG_ON. RIP: 0010:[] [] rawv6_sendmsg+0xc30/0xc40 RSP: 0018:ffff881f6c4a7c18 EFLAGS: 00010282 RAX: 00000000fffffff2 RBX: ffff881f6c681680 RCX: 0000000000000002 RDX: ffff881f6c4a7cf8 RSI: 0000000000000030 RDI: ffff881fed0f6a00 RBP: ffff881f6c4a7da8 R08: 0000000000000000 R09: 0000000000000009 R10: ffff881fed0f6a00 R11: 0000000000000009 R12: 0000000000000030 R13: ffff881fed0f6a00 R14: ffff881fee39ba00 R15: ffff881fefa93a80 Call Trace: [] ? unmap_page_range+0x693/0x830 [] inet_sendmsg+0x67/0xa0 [] sock_sendmsg+0x38/0x50 [] SYSC_sendto+0xef/0x170 [] SyS_sendto+0xe/0x10 [] do_syscall_64+0x50/0xa0 [] entry_SYSCALL64_slow_path+0x25/0x25 Handle by jumping to the failure path if skb_copy_bits gets an EFAULT. Reproducer: #include #include #include #include #include #include #include #define LEN 504 int main(int argc, char* argv[]) { int fd; int zero = 0; char buf[LEN]; memset(buf, 0, LEN); fd = socket(AF_INET6, SOCK_RAW, 7); setsockopt(fd, SOL_IPV6, IPV6_CHECKSUM, &zero, 4); setsockopt(fd, SOL_IPV6, IPV6_DSTOPTS, &buf, LEN); sendto(fd, buf, 1, 0, (struct sockaddr *) buf, 110); } Signed-off-by: Dave Jones Signed-off-by: David S. Miller net/ipv6/raw.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) commit 39b2dd765e0711e1efd1d1df089473a8dd93ad48 Author: Willem de Bruijn Date: Thu Dec 22 18:19:16 2016 -0500 inet: fix IP(V6)_RECVORIGDSTADDR for udp sockets Socket cmsg IP(V6)_RECVORIGDSTADDR checks that port range lies within the packet. For sockets that have transport headers pulled, transport offset can be negative. Use signed comparison to avoid overflow. Fixes: e6afc8ace6dd ("udp: remove headers from UDP packets before queueing") Reported-by: Nisar Jagabar Signed-off-by: Willem de Bruijn Signed-off-by: David S. Miller net/ipv4/ip_sockglue.c | 2 +- net/ipv6/datagram.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) commit 9aa340a5c36eafa847861336db446886a5ed1962 Merge: 567be78 d972477 Author: David S. Miller Date: Fri Dec 23 11:59:57 2016 -0500 Merge branch 'cls_flower-act_tunnel_key-fixes' Or Gerlitz says: ==================== net/sched fixes for cls_flower and act_tunnel_key This small series contain a fix to the matching flags support in flower and to the tunnel key action MD prep for IPv6. ==================== Signed-off-by: David S. Miller commit d9724772e69cb8076231202292665ca74eec13e1 Author: Or Gerlitz Date: Thu Dec 22 14:28:15 2016 +0200 net/sched: cls_flower: Mandate mask when matching on flags When matching on flags, we should require the user to provide the mask and avoid using an all-ones mask. Not doing so causes matching on flags provided w.o mask to hit on the value being unset for all flags, which may not what the user wanted to happen. Fixes: faa3ffce7829 ('net/sched: cls_flower: Add support for matching on flags') Signed-off-by: Or Gerlitz Reported-by: Paul Blakey Acked-by: Jiri Pirko Signed-off-by: David S. Miller net/sched/cls_flower.c | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) commit dc594ecd4185831031d3fef2853ee76908428107 Author: Or Gerlitz Date: Thu Dec 22 14:28:14 2016 +0200 net/sched: act_tunnel_key: Fix setting UDP dst port in metadata under IPv6 The UDP dst port was provided to the helper function which sets the IPv6 IP tunnel meta-data under a wrong param order, fix that. Fixes: 75bfbca01e48 ('net/sched: act_tunnel_key: Add UDP dst port option') Signed-off-by: Or Gerlitz Reviewed-by: Hadar Hen Zion Signed-off-by: David S. Miller net/sched/act_tunnel_key.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 567be786597ca24b13906a552ad2159316c6fe7d Author: jpinto Date: Fri Dec 23 10:15:59 2016 +0000 stmmac: CSR clock configuration fix When testing stmmac with my QoS reference design I checked a problem in the CSR clock configuration that was impossibilitating the phy discovery, since every read operation returned 0x0000ffff. This patch fixes the issue. Signed-off-by: Joao Pinto Signed-off-by: David S. Miller drivers/net/ethernet/stmicro/stmmac/dwmac1000_core.c | 2 +- drivers/net/ethernet/stmicro/stmmac/dwmac100_core.c | 2 +- drivers/net/ethernet/stmicro/stmmac/stmmac_mdio.c | 8 ++++---- 3 files changed, 6 insertions(+), 6 deletions(-) commit 6c5d5cfbe3c59429e6d6f66477a7609aacf69751 Author: Xin Long Date: Tue Dec 20 19:14:34 2016 +0800 netfilter: ipt_CLUSTERIP: check duplicate config when initializing Now when adding an ipt_CLUSTERIP rule, it only checks duplicate config in clusterip_config_find_get(). But after that, there may be still another thread to insert a config with the same ip, then it leaves proc_create_data to do duplicate check. It's more reasonable to check duplicate config by ipt_CLUSTERIP itself, instead of checking it by proc fs duplicate file check. Before, when proc fs allowed duplicate name files in a directory, It could even crash kernel because of use-after-free. This patch is to check duplicate config under the protection of clusterip net lock when initializing a new config and correct the return err. Note that it also moves proc file node creation after adding new config, as proc_create_data may sleep, it couldn't be called under the clusterip_net lock. clusterip_config_find_get returns NULL if c->pde is null to make sure it can't be used until the proc file node creation is done. Suggested-by: Marcelo Ricardo Leitner Signed-off-by: Xin Long Signed-off-by: Pablo Neira Ayuso net/ipv4/netfilter/ipt_CLUSTERIP.c | 34 +++++++++++++++++++++++----------- 1 file changed, 23 insertions(+), 11 deletions(-) commit faf0dcebd7b387187f29ff811d47df465ea4c9f9 Merge: 128394e 5235d44 Author: Al Viro Date: Thu Dec 22 23:04:31 2016 -0500 Merge branch 'work.namespace' into for-linus commit 128394eff343fc6d2f32172f03e24829539c5835 Author: Al Viro Date: Fri Dec 16 13:42:06 2016 -0500 sg_write()/bsg_write() is not fit to be called under KERNEL_DS Both damn things interpret userland pointers embedded into the payload; worse, they are actually traversing those. Leaving aside the bad API design, this is very much _not_ safe to call with KERNEL_DS. Bail out early if that happens. Cc: stable@vger.kernel.org Signed-off-by: Al Viro block/bsg.c | 3 +++ drivers/scsi/sg.c | 3 +++ 2 files changed, 6 insertions(+) commit f698cccbc89e33cda4795a375e47daaa3689485e Author: Jeff Layton Date: Tue Dec 20 10:56:28 2016 -0500 ufs: fix function declaration for ufs_truncate_blocks sparse says: fs/ufs/inode.c:1195:6: warning: symbol 'ufs_truncate_blocks' was not declared. Should it be static? Note that the forward declaration in the file is already marked static. Signed-off-by: Jeff Layton Signed-off-by: Al Viro fs/ufs/inode.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 613cc2b6f272c1a8ad33aefa21cad77af23139f7 Author: Aleksa Sarai Date: Wed Dec 21 16:26:24 2016 +1100 fs: exec: apply CLOEXEC before changing dumpable task flags If you have a process that has set itself to be non-dumpable, and it then undergoes exec(2), any CLOEXEC file descriptors it has open are "exposed" during a race window between the dumpable flags of the process being reset for exec(2) and CLOEXEC being applied to the file descriptors. This can be exploited by a process by attempting to access /proc//fd/... during this window, without requiring CAP_SYS_PTRACE. The race in question is after set_dumpable has been (for get_link, though the trace is basically the same for readlink): [vfs] -> proc_pid_link_inode_operations.get_link -> proc_pid_get_link -> proc_fd_access_allowed -> ptrace_may_access(task, PTRACE_MODE_READ_FSCREDS); Which will return 0, during the race window and CLOEXEC file descriptors will still be open during this window because do_close_on_exec has not been called yet. As a result, the ordering of these calls should be reversed to avoid this race window. This is of particular concern to container runtimes, where joining a PID namespace with file descriptors referring to the host filesystem can result in security issues (since PRCTL_SET_DUMPABLE doesn't protect against access of CLOEXEC file descriptors -- file descriptors which may reference filesystem objects the container shouldn't have access to). Cc: dev@opencontainers.org Cc: # v3.2+ Reported-by: Michael Crosby Signed-off-by: Aleksa Sarai Signed-off-by: Al Viro fs/exec.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) commit e522751d605d99a81508e58390a8f51ee96fb662 Author: Tomasz Majchrzak Date: Tue Nov 29 15:18:20 2016 +0100 seq_file: reset iterator to first record for zero offset If kernfs file is empty on a first read, successive read operations using the same file descriptor will return no data, even when data is available. Default kernfs 'seq_next' implementation advances iterator position even when next object is not there. Kernfs 'seq_start' for following requests will not return iterator as position is already on the second object. This defect doesn't allow to monitor badblocks sysfs files from MD raid. They are initially empty but if data appears at some stage, userspace is not able to read it. Signed-off-by: Tomasz Majchrzak Signed-off-by: Miklos Szeredi Signed-off-by: Al Viro fs/seq_file.c | 7 +++++++ 1 file changed, 7 insertions(+) commit 22725ce4e4a00fbc37694e25dc5c8acef8ad1c28 Author: Darrick J. Wong Date: Mon Dec 19 15:13:26 2016 -0800 vfs: fix isize/pos/len checks for reflink & dedupe Strengthen the checking of pos/len vs. i_size, clarify the return values for the clone prep function, and remove pointless code. Reviewed-by: Christoph Hellwig Signed-off-by: Darrick J. Wong Signed-off-by: Al Viro fs/ocfs2/refcounttree.c | 2 +- fs/read_write.c | 18 +++++++++++------- fs/xfs/xfs_reflink.c | 2 +- 3 files changed, 13 insertions(+), 9 deletions(-) commit 33844e665104b169a3a7732bdcddb40e4f82b335 Author: Al Viro Date: Wed Dec 21 21:55:02 2016 -0500 [iov_iter] fix iterate_all_kinds() on empty iterators Problem similar to ones dealt with in "fold checks into iterate_and_advance()" and followups, except that in this case we really want to do nothing when asked for zero-length operation - unlike zero-length iterate_and_advance(), zero-length iterate_all_kinds() has no side effects, and callers are simpler that way. That got exposed when copy_from_iter_full() had been used by tipc, which builds an msghdr with zero payload and (now) feeds it to a primitive based on iterate_all_kinds() instead of iterate_and_advance(). Reported-by: Jon Maloy Tested-by: Jon Maloy Signed-off-by: Al Viro lib/iov_iter.c | 55 ++++++++++++++++++++++++++----------------------------- 1 file changed, 26 insertions(+), 29 deletions(-) commit c00d2c7e89880036f288a764599b2b8b87c0a364 Author: Al Viro Date: Tue Dec 20 07:04:57 2016 -0500 move aio compat to fs/aio.c ... and fix the minor buglet in compat io_submit() - native one kills ioctx as cleanup when put_user() fails. Get rid of bogus compat_... in !CONFIG_AIO case, while we are at it - they should simply fail with ENOSYS, same as for native counterparts. Signed-off-by: Al Viro fs/aio.c | 97 +++++++++++++++++++++++++++++++++++++++++++++++++++-- fs/compat.c | 75 ----------------------------------------- include/linux/aio.h | 5 --- kernel/sys_ni.c | 3 ++ 4 files changed, 98 insertions(+), 82 deletions(-) commit 3eff4c782857d284dc3b11c6db0cab4a263427b7 Merge: d2a1452 ae2aae2 Author: James Bottomley Date: Thu Dec 22 12:32:33 2016 -0800 Merge branch 'misc' into for-linus commit bdd75729e5d279d734e8d3fb41ef4818ac1598ab Author: Namhyung Kim Date: Thu Dec 22 15:03:49 2016 +0900 perf sched timehist: Fix invalid period calculation When --time option is given with a value outside recorded time, the last sample time (tprev) was set to that value and run time calculation might be incorrect. This is a problem of the first samples for each cpus since it would skip the runtime update when tprev is 0. But with --time option it had non-zero (which is invalid) value so the calculation is also incorrect. For example, let's see the followging: $ perf sched timehist time cpu task name wait time sch delay run time [tid/pid] (msec) (msec) (msec) --------------- ------ ------------------------------ --------- --------- --------- 3195.968367 [0003] 0.000 0.000 0.000 3195.968386 [0002] Timer[4306/4277] 0.000 0.000 0.018 3195.968397 [0002] Web Content[4277] 0.000 0.000 0.000 3195.968595 [0001] JS Helper[4302/4277] 0.000 0.000 0.000 3195.969217 [0000] 0.000 0.000 0.621 3195.969251 [0001] kworker/1:1H[291] 0.000 0.000 0.033 The sample starts at 3195.968367 but when I gave a time interval from 3194 to 3196 (in sec) it will calculate the whole 2 second as runtime. In below, 2 cpus accounted it as runtime, other 2 cpus accounted it as idle time. Before: $ perf sched timehist --time 3194,3196 -s | tail Idle stats: CPU 0 idle for 1995.991 msec CPU 1 idle for 20.793 msec CPU 2 idle for 30.191 msec CPU 3 idle for 1999.852 msec Total number of unique tasks: 23 Total number of context switches: 128 Total run time (msec): 3724.940 After: $ perf sched timehist --time 3194,3196 -s | tail Idle stats: CPU 0 idle for 10.811 msec CPU 1 idle for 20.793 msec CPU 2 idle for 30.191 msec CPU 3 idle for 18.337 msec Total number of unique tasks: 23 Total number of context switches: 128 Total run time (msec): 18.139 Committer notes: Further testing: Before: Idle stats: CPU 0 idle for 229.785 msec CPU 1 idle for 937.944 msec CPU 2 idle for 188.931 msec CPU 3 idle for 986.185 msec After: # perf sched timehist --time 40602,40603 -s | tail Idle stats: CPU 0 idle for 229.785 msec CPU 1 idle for 175.407 msec CPU 2 idle for 188.931 msec CPU 3 idle for 223.657 msec Total number of unique tasks: 68 Total number of context switches: 814 Total run time (msec): 97.688 # for cpu in `seq 0 3` ; do echo -n "CPU $cpu idle for " ; perf sched timehist --time 40602,40603 | grep "\[000${cpu}\].*\" | tr -s ' ' | cut -d' ' -f7 | awk '{entries++ ; s+=$1} END {print s " msec (entries: " entries ")"}' ; done CPU 0 idle for 229.721 msec (entries: 123) CPU 1 idle for 175.381 msec (entries: 65) CPU 2 idle for 188.903 msec (entries: 56) CPU 3 idle for 223.61 msec (entries: 102) Difference due to the idle stats being accounted at nanoseconds precision while the entries in 'perf sched timehist' are trucated at msec.usec. Signed-off-by: Namhyung Kim Tested-by: Arnaldo Carvalho de Melo Cc: David Ahern Cc: Jiri Olsa Cc: Peter Zijlstra Fixes: 853b74071110 ("perf sched timehist: Add option to specify time window of interest") Link: http://lkml.kernel.org/r/20161222060350.17655-2-namhyung@kernel.org Signed-off-by: Arnaldo Carvalho de Melo tools/perf/builtin-sched.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 4fa0d1aa2711a5053fb2422331bdf6bce99b5f87 Author: Namhyung Kim Date: Thu Dec 22 15:03:48 2016 +0900 perf sched timehist: Remove hardcoded 'comm_width' check at print_summary Now that the default 'comm_width' value is 30, no need to check that at print_summary, Signed-off-by: Namhyung Kim Cc: David Ahern Cc: Jiri Olsa Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/20161222060350.17655-1-namhyung@kernel.org [ Split from a larger patch ] Signed-off-by: Arnaldo Carvalho de Melo tools/perf/builtin-sched.c | 3 --- 1 file changed, 3 deletions(-) commit 9b8087d72086b249ff744cee237ad12cc5e9255d Author: Namhyung Kim Date: Thu Dec 22 15:03:48 2016 +0900 perf sched timehist: Enlarge default 'comm_width' Current default value is 20 but it's easily changed to a bigger value as task has a long name and different tid and pid. And it makes the output not aligned. So change it to have a large value as summary shows. Committer notes: Before: # perf sched record ^C # perf sched timehist 40602.770537 [0001] rcuos/2[29] 7.970 0.002 0.020 40602.771512 [0003] 0.003 0.000 0.986 40602.771586 [0001] 0.020 0.000 1.049 40602.771606 [0001] qemu-system-x86[3593/3510] 0.000 0.002 0.020 40602.771629 [0003] qemu-system-x86[3510] 0.000 0.003 0.116 40602.771776 [0000] 0.001 0.000 1.892 After: # perf sched timehist 40602.770537 [0001] rcuos/2[29] 7.970 0.002 0.020 40602.771512 [0003] 0.003 0.000 0.986 40602.771586 [0001] 0.020 0.000 1.049 40602.771606 [0001] qemu-system-x86[3593/3510] 0.000 0.002 0.020 40602.771629 [0003] qemu-system-x86[3510] 0.000 0.003 0.116 Signed-off-by: Namhyung Kim Tested-by: Arnaldo Carvalho de Melo Cc: David Ahern Cc: Jiri Olsa Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/20161222060350.17655-1-namhyung@kernel.org [ Split from a larger patch ] Signed-off-by: Arnaldo Carvalho de Melo tools/perf/builtin-sched.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 0e6758e8231d5905c2e267566e9bd679a68a7b00 Author: Namhyung Kim Date: Thu Dec 22 15:03:48 2016 +0900 perf sched timehist: Honour 'comm_width' when aligning the headers Current default value is 20, but that may change in the future, so make places where we have 20 hardcoded use 'comm_width'. Signed-off-by: Namhyung Kim Cc: David Ahern Cc: Jiri Olsa Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/20161222060350.17655-1-namhyung@kernel.org [ Split from a larger patch ] Signed-off-by: Arnaldo Carvalho de Melo tools/perf/builtin-sched.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) commit 4a401ceeef7bf3bc55f5e913cbf19d6038cf83c6 Merge: d043835 6ba0566 Author: Dave Airlie Date: Fri Dec 23 05:28:02 2016 +1000 Merge tag 'drm-intel-next-fixes-2016-12-22' of git://anongit.freedesktop.org/git/drm-intel into drm-fixes First set of i915 fixes for code in next. * tag 'drm-intel-next-fixes-2016-12-22' of git://anongit.freedesktop.org/git/drm-intel: drm/i915: skip the first 4k of stolen memory on everything >= gen8 drm/i915: Fallback to single PAGE_SIZE segments for DMA remapping drm/i915: Fix use after free in logical_render_ring_init drm/i915: disable PSR by default on HSW/BDW drm/i915: Fix setting of boost freq tunable drm/i915: tune down the fast link training vs boot fail drm/i915: Reorder phys backing storage release drm/i915/gen9: Fix PCODE polling during SAGV disabling drm/i915/gen9: Fix PCODE polling during CDCLK change notification drm/i915/dsi: Fix chv_exec_gpio disabling the GPIOs it is setting drm/i915/dsi: Fix swapping of MIPI_SEQ_DEASSERT_RESET / MIPI_SEQ_ASSERT_RESET drm/i915/dsi: Do not clear DPOUNIT_CLOCK_GATE_DISABLE from vlv_init_display_clock_gating drm/i915: drop the struct_mutex when wedged or trying to reset commit d043835d08b297a41275e4dd499a33dd57243dee Merge: 6df383c 298360a Author: Dave Airlie Date: Fri Dec 23 05:26:55 2016 +1000 Merge tag 'drm-misc-fixes-2016-12-22' of git://anongit.freedesktop.org/git/drm-misc into drm-fixes Here's the one lonely bugfix I talked about on irc. * tag 'drm-misc-fixes-2016-12-22' of git://anongit.freedesktop.org/git/drm-misc: drivers/gpu/drm/ast: Fix infinite loop if read fails commit 6df383cf9010feed788bf8ce555d77bcc03ed3a8 Merge: 50f6584 f8d9422 Author: Dave Airlie Date: Fri Dec 23 05:25:12 2016 +1000 Merge branch 'drm-next-4.10' of git://people.freedesktop.org/~agd5f/linux into drm-fixes - fix display regression on DCE6/8 - Powergating fixes for GFX8 - amdgpu SI fixes (golden settings, proper rev id setup, etc.) * 'drm-next-4.10' of git://people.freedesktop.org/~agd5f/linux: (21 commits) drm/amdgpu: update tile table for oland/hainan drm/amdgpu: update tile table for verde drm/amdgpu: update rev id for verde drm/amdgpu: update golden setting for verde drm/amdgpu: update rev id for oland drm/amdgpu: update golden setting for oland drm/amdgpu: update rev id for hainan drm/amdgpu: update golden setting for hainan drm/amdgpu: update rev id for pitcairn drm/amdgpu: update golden setting for pitcairn drm/amdgpu: update golden setting/tiling table of tahiti drm/amdgpu: fix cursor setting of dce6/dce8 drm/amdgpu: refine set clock gating for tonga/polaris drm/amdgpu: initialize cg flags for tonga/polaris10/polaris11. drm/amdgpu: add new gfx cg flags. drm/amdgpu: fix pg can't be disabled by PG mask. drm/amdgpu: always initialize gfx pg for gfx_v8.0. drm/amdgpu: enable AMD_PG_SUPPORT_CP in Carrizo/Stoney. drm/amdgpu: fix init save/restore list in gfx_v8.0 drm/amdgpu: fix enable_cp_power_gating in gfx_v8.0. ... commit 8e5d31eb02c08d94262e1281adc8574134af65fd Merge: 72c5296 7c3a23b Author: Jens Axboe Date: Thu Dec 22 11:54:46 2016 -0700 Merge branch 'nvme-4.10' of git://git.infradead.org/nvme into for-linus Christoph writes: The most significant one is that we've agreed on shared maintaince and a common repository for the PCIe NVMe driver and NVMe over Fabrics. The target code still only has a subset of the maintainers but goes through the same tree as well. Keith, Sagi and me will take turns at collecting patches and sending you pull requests. commit 72c5296f9d64d8f5f27c2133e5f108a45a353d71 Author: Jon Derrick Date: Tue Dec 20 14:38:14 2016 -0700 genhd: remove dead and duplicated scsi code blk_scsi_cmd_filter use was deprecated by 4beab5c6 and the SCSI macros are duplicated in blkdev.h, both likely reintroduced by a bad merge from 540eed56. Signed-off-by: Jon Derrick Reviewed-by: Christoph Hellwig Signed-off-by: Jens Axboe include/linux/genhd.h | 9 --------- 1 file changed, 9 deletions(-) commit 64d656a162d7ba49d6d1863e41407b0f95e19258 Author: Christoph Hellwig Date: Thu Dec 22 19:20:45 2016 +0100 block: add back plugging in __blkdev_direct_IO This allows sending larger than 1 MB requests to devices that support large I/O sizes. Signed-off-by: Christoph Hellwig Reported-by: Laurence Oberman Signed-off-by: Jens Axboe fs/block_dev.c | 3 +++ 1 file changed, 3 insertions(+) commit 50f6584e4c626b8fa39edb66f33fec27bab3996c Merge: af22941 305335b Author: Linus Torvalds Date: Thu Dec 22 10:31:30 2016 -0800 Merge tag 'leds_for_4.10_email_update' of git://git.kernel.org/pub/scm/linux/kernel/git/j.anaszewski/linux-leds Pull LED maintainer email update from Jacek Anaszewski: "Update Jacek Anaszewski's email address" * tag 'leds_for_4.10_email_update' of git://git.kernel.org/pub/scm/linux/kernel/git/j.anaszewski/linux-leds: MAINTAINERS: Update Jacek Anaszewski's email address commit af22941ae126b528a80c7e1149fa22b31815c826 Merge: 9be962d 633395b Author: Linus Torvalds Date: Thu Dec 22 10:23:39 2016 -0800 Merge branch 'for-linus' of git://git.kernel.dk/linux-block Pull block layer fixes from Jens Axboe: "Just a set of small fixes that have either been queued up after the original pull for this merge window, or just missed the original pull request. - a few bcache fixes/changes from Eric and Kent - add WRITE_SAME to the command filter whitelist frm Mauricio - kill an unused struct member from Ritesh - partition IO alignment fix from Stefan - nvme sysfs printf fix from Stephen" * 'for-linus' of git://git.kernel.dk/linux-block: block: check partition alignment nvme : Use correct scnprintf in cmb show block: allow WRITE_SAME commands with the SG_IO ioctl block: Remove unused member (busy) from struct blk_queue_tag bcache: partition support: add 16 minors per bcacheN device bcache: Make gc wakeup sane, remove set_task_state() commit 9be962d5258ebb5a0f1edd3ede26bfd847c4ebe6 Merge: 85ba70b c8e008e Author: Linus Torvalds Date: Thu Dec 22 10:19:32 2016 -0800 Merge tag 'acpi-extra-4.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull more ACPI updates from Rafael Wysocki: "Here are new versions of two ACPICA changes that were deferred previously due to a problem they had introduced, two cleanups on top of them and the removal of a useless warning message from the ACPI core. Specifics: - Move some Linux-specific functionality to upstream ACPICA and update the in-kernel users of it accordingly (Lv Zheng) - Drop a useless warning (triggered by the lack of an optional object) from the ACPI namespace scanning code (Zhang Rui)" * tag 'acpi-extra-4.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: ACPI / osl: Remove deprecated acpi_get_table_with_size()/early_acpi_os_unmap_memory() ACPI / osl: Remove acpi_get_table_with_size()/early_acpi_os_unmap_memory() users ACPICA: Tables: Allow FADT to be customized with virtual address ACPICA: Tables: Back port acpi_get_table_with_size() and early_acpi_os_unmap_memory() from Linux kernel ACPI: do not warn if _BQC does not exist commit 85ba70b6ceff7a2880f29b94e789cee436bc572f Merge: 8d86cf8 7b99f1a Author: Linus Torvalds Date: Thu Dec 22 10:15:05 2016 -0800 Merge tag 'pm-fixes-4.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull power management fixes from Rafael Wysocki: "They fix one bug introduced recently, a build warning and a kerneldoc function description. Specifics: - Prevent the acpi-cpufreq driver from crashing on exit by fixing a check against the __cpuhp_setup_state() return value and fix the kerneldoc description of that function to make it clear that it may return positive numbers on success too (Boris Ostrovsky) - Drop an incorrect __init annotation of a function in the s3c64xx cpufreq driver and fix a build warning generated (by older compilers) because of it (Arnd Bergmann)" * tag 'pm-fixes-4.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: cpufreq: s3c64xx: remove incorrect __init annotation cpufreq: Remove CPU hotplug callbacks only if they were initialized CPU/hotplug: Clarify description of __cpuhp_setup_state() return value commit 8d86cf8879e374fb395f6b15150dd702275ca989 Merge: 6732714 e85baa8 Author: Linus Torvalds Date: Thu Dec 22 10:13:04 2016 -0800 Merge tag 'mmc-v4.10-3' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc Pull MMC fixes from Ulf Hansson: "MMC core: - further fix thread wake-up for requests - use a bounce buffer to fix DMA issue for SSR register read MMC host: - sdhci: Fix a regression for runtime PM - sdhci-cadence: Add a proper SoC specific DT compatible" * tag 'mmc-v4.10-3' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc: mmc: sd: Meet alignment requirements for raw_ssr DMA mmc: core: Further fix thread wake-up mmc: sdhci: Fix to handle MMC_POWER_UNDEFINED mmc: sdhci-cadence: add Socionext UniPhier specific compatible string commit 67327145c4af673d9c4ef06537ca8c5818f97668 Merge: eb254f3 bfc5e3a Author: Linus Torvalds Date: Thu Dec 22 10:03:52 2016 -0800 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security Pull SElinux fix from James Morris: "From Paul: 'A small SELinux patch to fix some clang/llvm compiler warnings and ensure the tools under scripts work well in the face of kernel changes'" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: selinux: use the kernel headers when building scripts/selinux commit eb254f323bd50ab7e3cc385f2fc641a595cc8b37 Merge: f79f7b1 76ae054 Author: Linus Torvalds Date: Thu Dec 22 09:25:45 2016 -0800 Merge branch 'x86-cache-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 cache allocation interface from Thomas Gleixner: "This provides support for Intel's Cache Allocation Technology, a cache partitioning mechanism. The interface is odd, but the hardware interface of that CAT stuff is odd as well. We tried hard to come up with an abstraction, but that only allows rather simple partitioning, but no way of sharing and dealing with the per package nature of this mechanism. In the end we decided to expose the allocation bitmaps directly so all combinations of the hardware can be utilized. There are two ways of associating a cache partition: - Task A task can be added to a resource group. It uses the cache partition associated to the group. - CPU All tasks which are not member of a resource group use the group to which the CPU they are running on is associated with. That allows for simple CPU based partitioning schemes. The main expected user sare: - Virtualization so a VM can only trash only the associated part of the cash w/o disturbing others - Real-Time systems to seperate RT and general workloads. - Latency sensitive enterprise workloads - In theory this also can be used to protect against cache side channel attacks" [ Intel RDT is "Resource Director Technology". The interface really is rather odd and very specific, which delayed this pull request while I was thinking about it. The pull request itself came in early during the merge window, I just delayed it until things had calmed down and I had more time. But people tell me they'll use this, and the good news is that it is _so_ specific that it's rather independent of anything else, and no user is going to depend on the interface since it's pretty rare. So if push comes to shove, we can just remove the interface and nothing will break ] * 'x86-cache-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (31 commits) x86/intel_rdt: Implement show_options() for resctrlfs x86/intel_rdt: Call intel_rdt_sched_in() with preemption disabled x86/intel_rdt: Update task closid immediately on CPU in rmdir and unmount x86/intel_rdt: Fix setting of closid when adding CPUs to a group x86/intel_rdt: Update percpu closid immeditately on CPUs affected by changee x86/intel_rdt: Reset per cpu closids on unmount x86/intel_rdt: Select KERNFS when enabling INTEL_RDT_A x86/intel_rdt: Prevent deadlock against hotplug lock x86/intel_rdt: Protect info directory from removal x86/intel_rdt: Add info files to Documentation x86/intel_rdt: Export the minimum number of set mask bits in sysfs x86/intel_rdt: Propagate error in rdt_mount() properly x86/intel_rdt: Add a missing #include MAINTAINERS: Add maintainer for Intel RDT resource allocation x86/intel_rdt: Add scheduler hook x86/intel_rdt: Add schemata file x86/intel_rdt: Add tasks files x86/intel_rdt: Add cpus file x86/intel_rdt: Add mkdir to resctrl file system x86/intel_rdt: Add "info" files to resctrl file system ... commit 305335b9079426e4619de175ea8d35c669426567 Author: Jacek Anaszewski Date: Thu Dec 22 18:03:25 2016 +0100 MAINTAINERS: Update Jacek Anaszewski's email address My previous email address is no longer valid. From now on, jacek.anaszewski@gmail.com should be used instead. Signed-off-by: Jacek Anaszewski MAINTAINERS | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 1134c2b5cb840409ffd966d8c2a9468f64e6a494 Author: Peter Zijlstra Date: Wed Nov 9 16:51:53 2016 +0100 perf/x86: Fix overlap counter scheduling bug Jiri reported the overlap scheduling exceeding its max stack. Looking at the constraint that triggered this, it turns out the overlap marker isn't needed. The comment with EVENT_CONSTRAINT_OVERLAP states: "This is the case if the counter mask of such an event is not a subset of any other counter mask of a constraint with an equal or higher weight". Esp. that latter part is of interest here I think, our overlapping mask is 0x0e, that has 3 bits set and is the highest weight mask in on the PMU, therefore it will be placed last. Can we still create a scenario where we would need to rewind that? The scenario for AMD Fam15h is we're having masks like: 0x3F -- 111111 0x38 -- 111000 0x07 -- 000111 0x09 -- 001001 And we mark 0x09 as overlapping, because it is not a direct subset of 0x38 or 0x07 and has less weight than either of those. This means we'll first try and place the 0x09 event, then try and place 0x38/0x07 events. Now imagine we have: 3 * 0x07 + 0x09 and the initial pick for the 0x09 event is counter 0, then we'll fail to place all 0x07 events. So we'll pop back, try counter 4 for the 0x09 event, and then re-try all 0x07 events, which will now work. The masks on the PMU in question are: 0x01 - 0001 0x03 - 0011 0x0e - 1110 0x0c - 1100 But since all the masks that have overlap (0xe -> {0xc,0x3}) and (0x3 -> 0x1) are of heavier weight, it should all work out. Reported-by: Jiri Olsa Tested-by: Jiri Olsa Signed-off-by: Peter Zijlstra (Intel) Cc: Alexander Shishkin Cc: Arnaldo Carvalho de Melo Cc: Jiri Olsa Cc: Liang Kan Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Robert Richter Cc: Stephane Eranian Cc: Thomas Gleixner Cc: Vince Weaver Cc: Vince Weaver Link: http://lkml.kernel.org/r/20161109155153.GQ3142@twins.programming.kicks-ass.net Signed-off-by: Ingo Molnar arch/x86/events/intel/uncore_snbep.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit daa864b8f8e34477bde817f26d736d89dc6032f3 Author: Stephane Eranian Date: Thu Dec 22 00:29:26 2016 -0800 perf/x86/pebs: Fix handling of PEBS buffer overflows This patch solves a race condition between PEBS and the PMU handler. In case multiple PEBS events are sampled at the same time, it is possible to have GLOBAL_STATUS bit 62 set indicating PEBS buffer overflow and also seeing at most 3 PEBS counters having their bits set in the status register. This is a sign that there was at least one PEBS record pending at the time of the PMU interrupt. PEBS counters must only be processed via the drain_pebs() calls, and not via the regular sample processing loop coming after that the function, otherwise phony regular samples may be generated in the sampling buffer not marked with the EXACT tag. Another possibility is to have one PEBS event and at least one non-PEBS event whic hoverflows while PEBS has armed. In this case, bit 62 of GLOBAL_STATUS will not be set, yet the overflow status bit for the PEBS counter will be on Skylake. To avoid this problem, we systematically ignore the PEBS-enabled counters from the GLOBAL_STATUS mask and we always process PEBS events via drain_pebs(). The problem manifested itself by having non-exact samples when sampling only PEBS events, i.e., the PERF_SAMPLE_RECORD would not have the EXACT flag set. Note that this problem is only present on Skylake processor. This fix is harmless on older processors. Reported-by: Peter Zijlstra Signed-off-by: Stephane Eranian Signed-off-by: Peter Zijlstra (Intel) Cc: Alexander Shishkin Cc: Arnaldo Carvalho de Melo Cc: Jiri Olsa Cc: Linus Torvalds Cc: Thomas Gleixner Cc: Vince Weaver Link: http://lkml.kernel.org/r/1482395366-8992-1-git-send-email-eranian@google.com Signed-off-by: Ingo Molnar arch/x86/events/intel/core.c | 30 +++++++++++++++++++++--------- 1 file changed, 21 insertions(+), 9 deletions(-) commit cef4402d7627f14a08571e7c816b199edf8cc24b Author: Peter Zijlstra Date: Fri Dec 16 10:51:50 2016 +0100 x86/paravirt: Mark unused patch_default label A bugfix commit: 45dbea5f55c0 ("x86/paravirt: Fix native_patch()") ... introduced a harmless warning: arch/x86/kernel/paravirt_patch_32.c: In function 'native_patch': arch/x86/kernel/paravirt_patch_32.c:71:1: error: label 'patch_default' defined but not used [-Werror=unused-label] Fix it by annotating the label as __maybe_unused. Reported-by: Arnd Bergmann Reported-by: Piotr Gregor Signed-off-by: Peter Zijlstra (Intel) Cc: Andy Lutomirski Cc: Borislav Petkov Cc: Brian Gerst Cc: Denys Vlasenko Cc: H. Peter Anvin Cc: Josh Poimboeuf Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Fixes: 45dbea5f55c0 ("x86/paravirt: Fix native_patch()") Signed-off-by: Ingo Molnar arch/x86/kernel/paravirt_patch_32.c | 2 +- arch/x86/kernel/paravirt_patch_64.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) commit 5cc8fabc5e4c588c75a5ec21423e7c3425f69f48 Author: Andrew Boyer Date: Thu Dec 22 08:54:38 2016 -0500 IB/rxe: Don't check for null ptr in send() pkt->qp was already dereferenced earlier in the function. Fixes Smatch complaint: drivers/infiniband/sw/rxe/rxe_net.c:458 send() warn: variable dereferenced before check 'pkt->qp' (see line 441) Signed-off-by: Andrew Boyer Signed-off-by: Doug Ledford drivers/infiniband/sw/rxe/rxe_net.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit cbf1f9a46c9c5903e34b0b110ca40b1e7d4b2ab1 Author: Andrew Boyer Date: Thu Dec 22 08:54:37 2016 -0500 IB/rxe: Drop future atomic/read packets rather than retrying If the completer is in the middle of a large read operation, one lost packet can cause havoc. Going to COMPST_ERROR_RETRY will cause the requester to resend the request. After that, any packet from the first attempt still in the receive queue will be interpreted as an error, restarting the error/retry sequence. The transfer will quickly exhaust its retries. This behavior is very noticeable when doing 512KB reads on a QEMU system configured with 1500B MTU. Also, a resent request here will prompt the responder on the other side to immediately start resending, but the resent packets will get stuck in the already-loaded receive queue and will never be processed. Rather than erroring out every time an unexpected future packet arrives, just drop it. Eventually the retry timer will send a duplicate request; the completer will be able to make progress since the queue will start relatively empty. Signed-off-by: Andrew Boyer Signed-off-by: Doug Ledford drivers/infiniband/sw/rxe/rxe_comp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 37b36193946e4fe7af2c3965e394eb311ab6601d Author: Andrew Boyer Date: Thu Dec 22 08:54:36 2016 -0500 IB/rxe: Use BTH_PSN_MASK when ACKing duplicate sends Signed-off-by: Andrew Boyer Signed-off-by: Doug Ledford drivers/infiniband/sw/rxe/rxe_resp.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 74c3875c3d9aad356ae27fc4f4176d4dc89c457b Author: Amrani, Ram Date: Thu Dec 22 14:40:40 2016 +0200 qedr: Always notify the verb consumer of flushed CQEs Signed-off-by: Ram Amrani Reviewed-by: Michal Kalderon Signed-off-by: Doug Ledford drivers/infiniband/hw/qedr/verbs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 27035a1b37fc284b59a2bca4cf2f910ebf03717f Author: Amrani, Ram Date: Thu Dec 22 14:40:39 2016 +0200 qedr: clear the vendor error field in the work completion We clear the vendor error field in the work completion so that if a work completion is erroneous the field won't confuse the caller. Signed-off-by: Ram Amrani Reviewed-by: Michal Kalderon Signed-off-by: Doug Ledford drivers/infiniband/hw/qedr/verbs.c | 3 +++ 1 file changed, 3 insertions(+) commit 922d9a40d3baeb30bfecb59b2c083ccec4b349d7 Author: Amrani, Ram Date: Thu Dec 22 14:40:38 2016 +0200 qedr: post_send/recv according to QP state Enable posting to SQ only in RTS, ERR and SQD QP state. Enable posting to RQ in ERR QP state. Signed-off-by: Ram Amrani Reviewed-by: Michal Kalderon Signed-off-by: Doug Ledford drivers/infiniband/hw/qedr/verbs.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 8b0cabc650a95a4f44de99aae6e8c128d70a40cd Author: Amrani, Ram Date: Thu Dec 22 14:40:37 2016 +0200 qedr: ignore inline flag in read verbs In the current implementation a read verb with IB_SEND_INLINE may be illegally configured. In this fix we ignore the inline bit in the case of a read verb. Signed-off-by: Ram Amrani Reviewed-by: Michal Kalderon Signed-off-by: Doug Ledford drivers/infiniband/hw/qedr/verbs.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit b4c2cc48aa0be767281669bff9f230e81ef27c56 Author: Amrani, Ram Date: Thu Dec 22 14:40:36 2016 +0200 qedr: modify QP state to error when destroying it Current code didn't modify the QP state to error because it queried the QP state as a bitmap while it isn't. So the code never got executed. This patch fixes this and queries for each QP state respectively and not at once via a bitmask. Signed-off-by: Ram Amrani Reviewed-by: Michal Kalderon Signed-off-by: Doug Ledford drivers/infiniband/hw/qedr/verbs.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit d6ebbf29c3015bdccef388a860ac4ef6772531f8 Author: Amrani, Ram Date: Thu Dec 22 14:40:35 2016 +0200 qedr: return correct value on modify qp Signed-off-by: Ram Amrani Reviewed-by: Michal Kalderon Signed-off-by: Doug Ledford drivers/infiniband/hw/qedr/verbs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit a121135973ca816821f4ff07aed523df82a91b8e Author: Amrani, Ram Date: Thu Dec 22 14:40:34 2016 +0200 qedr: return error if destroy CQ failed Signed-off-by: Ram Amrani Reviewed-by: Michal Kalderon Signed-off-by: Doug Ledford drivers/infiniband/hw/qedr/verbs.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) commit c7eb3bced78fe83119b90d730ab58a572eb80e29 Author: Amrani, Ram Date: Thu Dec 22 14:40:33 2016 +0200 qedr: configure the number of CQEs on CQ creation Configure ibcq->cqe when a CQ is created. Signed-off-by: Ram Amrani Reviewed-by: Michal Kalderon Signed-off-by: Doug Ledford drivers/infiniband/hw/qedr/verbs.c | 3 +++ 1 file changed, 3 insertions(+) commit 61f51b7b20f631ef8fe744bc0412d4eb5194b6a9 Author: Chien Tin Tung Date: Wed Dec 21 08:53:46 2016 -0600 i40iw: Set 128B as the only supported RQ WQE size RQ WQE size other than 128B is not supported. Correct RQ size calculation to use 128B only. Since this breaks ABI, add additional code to provide compatibility with v4 user provider, libi40iw. Signed-off-by: Chien Tin Tung Signed-off-by: Henry Orosco Signed-off-by: Doug Ledford drivers/infiniband/hw/i40iw/i40iw_ctrl.c | 25 ++++++++++++++++++++----- drivers/infiniband/hw/i40iw/i40iw_puda.c | 2 +- drivers/infiniband/hw/i40iw/i40iw_type.h | 4 +++- drivers/infiniband/hw/i40iw/i40iw_ucontext.h | 4 ++-- drivers/infiniband/hw/i40iw/i40iw_uk.c | 17 ++++++++++++----- drivers/infiniband/hw/i40iw/i40iw_user.h | 4 +++- drivers/infiniband/hw/i40iw/i40iw_verbs.c | 21 +++++++++++---------- drivers/infiniband/hw/i40iw/i40iw_verbs.h | 1 + 8 files changed, 53 insertions(+), 25 deletions(-) commit fba332b079029c2f4f7e84c1c1cd8e3867310c90 Author: Bart Van Assche Date: Mon Dec 19 18:00:05 2016 +0100 IB/cma: Fix a race condition in iboe_addr_get_sgid() Code that dereferences the struct net_device ip_ptr member must be protected with an in_dev_get() / in_dev_put() pair. Hence insert calls to these functions. Fixes: commit 7b85627b9f02 ("IB/cma: IBoE (RoCE) IP-based GID addressing") Signed-off-by: Bart Van Assche Reviewed-by: Moni Shoua Cc: Or Gerlitz Cc: Roland Dreier Cc: Signed-off-by: Doug Ledford include/rdma/ib_addr.h | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit 2e3d5fa44f0f6e71ada2c4ed212ac23ca7ff0064 Merge: 7d99569 22b68b9 Author: David S. Miller Date: Thu Dec 22 11:15:53 2016 -0500 Merge tag 'wireless-drivers-for-davem-2016-12-22' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers Kalle Valo says: ==================== wireless-drivers fixes for 4.10 All small fixes this time, especially important are the regression fixes for rtlwifi and ath9k. ==================== Signed-off-by: David S. Miller commit 7d99569460eae28b187d574aec930a4cf8b90441 Author: Lorenzo Colitti Date: Fri Dec 23 00:33:57 2016 +0900 net: ipv4: Don't crash if passing a null sk to ip_do_redirect. Commit e2d118a1cb5e ("net: inet: Support UID-based routing in IP protocols.") made ip_do_redirect call sock_net(sk) to determine the network namespace of the passed-in socket. This crashes if sk is NULL. Fix this by getting the network namespace from the skb instead. Fixes: e2d118a1cb5e ("net: inet: Support UID-based routing in IP protocols.") Signed-off-by: Lorenzo Colitti Signed-off-by: David S. Miller net/ipv4/route.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 7b99f1aeed37196ad54099c30c2f154a7d6e91e0 Merge: 7ae123e adec57c Author: Rafael J. Wysocki Date: Thu Dec 22 14:34:55 2016 +0100 Merge branch 'pm-cpufreq' * pm-cpufreq: cpufreq: s3c64xx: remove incorrect __init annotation cpufreq: Remove CPU hotplug callbacks only if they were initialized CPU/hotplug: Clarify description of __cpuhp_setup_state() return value commit c8e008e2a6f9ec007a0e22e18eeb5bace5bf16c8 Merge: 7ae123e 8d3523f 7020bcb Author: Rafael J. Wysocki Date: Thu Dec 22 14:34:24 2016 +0100 Merge branches 'acpica' and 'acpi-scan' * acpica: ACPI / osl: Remove deprecated acpi_get_table_with_size()/early_acpi_os_unmap_memory() ACPI / osl: Remove acpi_get_table_with_size()/early_acpi_os_unmap_memory() users ACPICA: Tables: Allow FADT to be customized with virtual address ACPICA: Tables: Back port acpi_get_table_with_size() and early_acpi_os_unmap_memory() from Linux kernel * acpi-scan: ACPI: do not warn if _BQC does not exist commit ac632f5b6301c4beb19f9ea984ce0dc67b6e5874 Author: Luis de Bethencourt Date: Fri Nov 4 15:23:12 2016 +0000 befs: add NFS export support Implement mandatory export_operations, so it is possible to export befs via nfs. Signed-off-by: Luis de Bethencourt fs/befs/linuxvfs.c | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) commit e60f749b60979e333764b8e9143aad7a7bdea0fa Author: Luis de Bethencourt Date: Thu Nov 10 11:25:36 2016 +0000 befs: remove trailing whitespaces Removing all trailing whitespaces in befs. I was skeptic about tainting the history with this, but whitespace changes can be ignored by using 'git blame -w' and 'git log -w'. Signed-off-by: Luis de Bethencourt fs/befs/befs_fs_types.h | 4 ++-- fs/befs/btree.c | 48 ++++++++++++++++++++++++------------------------ fs/befs/btree.h | 2 +- fs/befs/datastream.c | 6 +++--- fs/befs/inode.h | 2 +- fs/befs/io.h | 1 - fs/befs/linuxvfs.c | 32 ++++++++++++++++---------------- 7 files changed, 47 insertions(+), 48 deletions(-) commit 50b00fc468ddf9cb47a00b62c25fcbf86fcce56f Author: Luis de Bethencourt Date: Sun Aug 14 18:41:30 2016 +0100 befs: remove signatures from comments No idea why some comments have signatures. These predate git. Removing them since they add noise and no information. Signed-off-by: Luis de Bethencourt fs/befs/datastream.c | 2 -- fs/befs/io.c | 3 +-- fs/befs/linuxvfs.c | 3 --- 3 files changed, 1 insertion(+), 7 deletions(-) commit 12ecb38d03cff0c6d09262f0334f4ded3242ae87 Author: Luis de Bethencourt Date: Sun Aug 14 18:31:38 2016 +0100 befs: fix style issues in header files Fixing checkpatch.pl issues in befs header files: WARNING: Missing a blank line after declarations + befs_inode_addr iaddr; + iaddr.allocation_group = blockno >> BEFS_SB(sb)->ag_shift; WARNING: space prohibited between function name and open parenthesis '(' + return BEFS_SB(sb)->block_size / sizeof (befs_disk_inode_addr); ERROR: "foo * bar" should be "foo *bar" + const char *key, befs_off_t * value); ERROR: Macros with complex values should be enclosed in parentheses +#define PACKED __attribute__ ((__packed__)) Signed-off-by: Luis de Bethencourt fs/befs/befs.h | 3 ++- fs/befs/befs_fs_types.h | 8 ++++---- fs/befs/btree.h | 6 ++---- fs/befs/datastream.h | 5 ++--- fs/befs/inode.h | 3 +-- fs/befs/super.h | 4 +--- 6 files changed, 12 insertions(+), 17 deletions(-) commit 62b80719dfe126f73e417d7011dfb5ef53c6a203 Author: Luis de Bethencourt Date: Sun Aug 14 17:59:11 2016 +0100 befs: fix style issues in linuxvfs.c Fix the following type of checkpatch.pl issues: WARNING: line over 80 characters +static struct dentry *befs_lookup(struct inode *, struct dentry *, unsigned int); ERROR: code indent should use tabs where possible + if (!bi)$ WARNING: please, no spaces at the start of a line + if (!bi)$ WARNING: labels should not be indented + unacquire_bh: WARNING: space prohibited between function name and open parenthesis '(' + sizeof (struct befs_inode_info), WARNING: braces {} are not necessary for single statement blocks + if (!*out) { + return -ENOMEM; + } WARNING: Block comments use a trailing */ on a separate line + * in special cases */ WARNING: Missing a blank line after declarations + int token; + if (!*p) ERROR: do not use assignment in if condition + if (!(bh = sb_bread(sb, sb_block))) { ERROR: space prohibited after that open parenthesis '(' + if( befs_sb->num_blocks > ~((sector_t)0) ) { ERROR: space prohibited before that close parenthesis ')' + if( befs_sb->num_blocks > ~((sector_t)0) ) { ERROR: space required before the open parenthesis '(' + if( befs_sb->num_blocks > ~((sector_t)0) ) { Signed-off-by: Luis de Bethencourt fs/befs/linuxvfs.c | 49 ++++++++++++++++++++++++++----------------------- 1 file changed, 26 insertions(+), 23 deletions(-) commit 1ca7087e59cba48a58bf5e6594a67e8ccbead7e2 Author: Luis de Bethencourt Date: Sun Aug 14 17:48:47 2016 +0100 befs: fix typos in linuxvfs.c Signed-off-by: Luis de Bethencourt fs/befs/linuxvfs.c | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) commit 4c7df6455923ac9bc78379ed07f34477f7ef1b4d Author: Luis de Bethencourt Date: Sun Aug 14 17:32:33 2016 +0100 befs: fix style issues in io.c Fixing the two following checkpatch.pl issues: ERROR: trailing whitespace + * Based on portions of file.c and inode.c $ WARNING: labels should not be indented + error: Signed-off-by: Luis de Bethencourt fs/befs/io.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 85a06b302a9dbe06e4bcfed715875e42b07531f6 Author: Luis de Bethencourt Date: Sun Aug 14 17:29:47 2016 +0100 befs: fix style issues in inode.c Fixing the following checkpatch.pl errors and warning: ERROR: trailing whitespace + * $ WARNING: Block comments use * on subsequent lines +/* + Validates the correctness of the befs inode ERROR: "foo * bar" should be "foo *bar" +befs_check_inode(struct super_block *sb, befs_inode * raw_inode, Signed-off-by: Luis de Bethencourt fs/befs/inode.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) commit a83179a8e95ec70a84d3a9a04b6062fa1884aebf Author: Luis de Bethencourt Date: Sun Aug 14 17:26:43 2016 +0100 befs: fix style issues in debug.c Fix all checkpatch.pl errors and warnings in debug.c: ERROR: trailing whitespace + * $ WARNING: Missing a blank line after declarations + va_list args; + va_start(args, fmt); ERROR: "foo * bar" should be "foo *bar" +befs_dump_inode(const struct super_block *sb, befs_inode * inode) ERROR: "foo * bar" should be "foo *bar" +befs_dump_super_block(const struct super_block *sb, befs_super_block * sup) ERROR: "foo * bar" should be "foo *bar" +befs_dump_small_data(const struct super_block *sb, befs_small_data * sd) WARNING: line over 80 characters +befs_dump_index_entry(const struct super_block *sb, befs_disk_btree_super * super) ERROR: "foo * bar" should be "foo *bar" +befs_dump_index_entry(const struct super_block *sb, befs_disk_btree_super * super) ERROR: "foo * bar" should be "foo *bar" +befs_dump_index_node(const struct super_block *sb, befs_btree_nodehead * node) Signed-off-by: Luis de Bethencourt fs/befs/debug.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) commit 2f60b28831c7e63759b59113898e6fe4dc90dd43 Author: Geliang Tang Date: Tue Dec 20 22:02:20 2016 +0800 xen/evtchn: use rb_entry() To make the code clearer, use rb_entry() instead of container_of() to deal with rbtree. Signed-off-by: Geliang Tang Reviewed-by: Juergen Gross Signed-off-by: Juergen Gross drivers/xen/evtchn.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 7ecec8503af37de6be4f96b53828d640a968705f Author: Ross Lagerwall Date: Mon Dec 12 14:35:13 2016 +0000 xen/setup: Don't relocate p2m over existing one When relocating the p2m, take special care not to relocate it so that is overlaps with the current location of the p2m/initrd. This is needed since the full extent of the current location is not marked as a reserved region in the e820. This was seen to happen to a dom0 with a large initial p2m and a small reserved region in the middle of the initial p2m. Signed-off-by: Ross Lagerwall Reviewed-by: Juergen Gross Signed-off-by: Juergen Gross arch/x86/xen/setup.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 3868f132cce6abab089fd6b12d6a7333712ade83 Author: Gabriel Fernandez Date: Wed Dec 14 15:22:28 2016 +0100 clk: stm32f4: Use CLK_OF_DECLARE_DRIVER initialization method Clock and reset controller use same compatible strings (same IP). Since commit 989eafd0b609 ("clk: core: Avoid double initialization of clocks") the OF core flags clock controllers registered with the CLK_OF_DECLARE() macro as OF_POPULATED, so platform devices with the same compatible string will not be registered. Signed-off-by: Gabriel Fernandez Signed-off-by: Stephen Boyd drivers/clk/clk-stm32f4.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit e2a33c34ddff22ee208d80abdd12b88a98d6cb60 Author: Chris Brandt Date: Thu Dec 15 12:00:27 2016 -0500 clk: renesas: mstp: Support 8-bit registers for r7s72100 The RZ/A1 is different than the other Renesas SOCs because the MSTP registers are 8-bit instead of 32-bit and if you try writing values as 32-bit nothing happens...meaning this driver never worked for r7s72100. Fixes: b6face404f38 ("ARM: shmobile: r7s72100: add essential clock nodes to dtsi") Signed-off-by: Chris Brandt Reviewed-by: Geert Uytterhoeven Tested-by: Geert Uytterhoeven Acked-by: Kuninori Morimoto Signed-off-by: Stephen Boyd drivers/clk/renesas/clk-mstp.c | 27 ++++++++++++++++++++++----- 1 file changed, 22 insertions(+), 5 deletions(-) commit f79f7b1b4f910e03fa20092759c79fc2e53f2eff Author: Gertjan van Wingerde Date: Wed Dec 21 23:35:24 2016 +0100 CREDITS: Remove outdated address information This address hasn't been accurate for several years now. Simply remove it. Signed-off-by: Gertjan van Wingerde Signed-off-by: Linus Torvalds CREDITS | 2 -- 1 file changed, 2 deletions(-) commit 551cde192343a10c8fbd57c4cc8f0c4b6cd307e4 Author: Colin Ian King Date: Wed Dec 21 16:03:23 2016 +0000 net: fddi: skfp: use %p format specifier for addresses rather than %x Trivial fix: Addresses should be printed using the %p format specifier rather than using %x. Signed-off-by: Colin Ian King Signed-off-by: David S. Miller drivers/net/fddi/skfp/hwmtm.c | 12 ++++++------ drivers/net/fddi/skfp/pmf.c | 2 +- drivers/net/fddi/skfp/smt.c | 2 +- 3 files changed, 8 insertions(+), 8 deletions(-) commit 0a9648f1293966c838dc570da73c15a76f4c89d6 Author: Eric Dumazet Date: Wed Dec 21 05:42:43 2016 -0800 tcp: add a missing barrier in tcp_tasklet_func() Madalin reported crashes happening in tcp_tasklet_func() on powerpc64 Before TSQ_QUEUED bit is cleared, we must ensure the changes done by list_del(&tp->tsq_node); are committed to memory, otherwise corruption might happen, as an other cpu could catch TSQ_QUEUED clearance too soon. We can notice that old kernels were immune to this bug, because TSQ_QUEUED was cleared after a bh_lock_sock(sk)/bh_unlock_sock(sk) section, but they could have missed a kick to write additional bytes, when NIC interrupts for a given flow are spread to multiple cpus. Affected TCP flows would need an incoming ACK or RTO timer to add more packets to the pipe. So overall situation should be better now. Fixes: b223feb9de2a ("tcp: tsq: add shortcut in tcp_tasklet_func()") Signed-off-by: Eric Dumazet Reported-by: Madalin Bucur Tested-by: Madalin Bucur Tested-by: Xing Lei Signed-off-by: David S. Miller net/ipv4/tcp_output.c | 1 + 1 file changed, 1 insertion(+) commit 52bce91165e5f2db422b2b972e83d389e5e4725c Author: Linus Torvalds Date: Wed Dec 21 10:59:34 2016 -0800 splice: reinstate SIGPIPE/EPIPE handling Commit 8924feff66f3 ("splice: lift pipe_lock out of splice_to_pipe()") caused a regression when there were no more readers left on a pipe that was being spliced into: rather than the expected SIGPIPE and -EPIPE return value, the writer would end up waiting forever for space to free up (which obviously was not going to happen with no readers around). Fixes: 8924feff66f3 ("splice: lift pipe_lock out of splice_to_pipe()") Reported-and-tested-by: Andreas Schwab Debugged-by: Al Viro Cc: stable@kernel.org # v4.9 Signed-off-by: Linus Torvalds fs/splice.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) commit 0c961c5511fe48834c73215d2203bdac3353dcae Merge: bc1ecd6 160494d Author: Linus Torvalds Date: Wed Dec 21 10:47:13 2016 -0800 Merge branch 'parisc-4.10-1' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux Pull parisc updates from Helge Deller: - add Kernel address space layout randomization support - re-enable interrupts earlier now that we have a working IRQ stack - optimize the timer interrupt function to better cope with missed timer irqs - fix error return code in parisc perf code (by Dan Carpenter) - fix PAT debug code * 'parisc-4.10-1' of git://git.kernel.org/pub/scm/linux/kernel/git/deller/parisc-linux: parisc: Optimize timer interrupt function parisc: perf: return -EFAULT on error parisc: Enhance CPU detection code on PAT machines parisc: Re-enable interrupts early parisc: Enable KASLR commit bc1ecd626bedfa6b8cb09bacd56756ad18aed08f Merge: d5db84a8 8ac2b422 Author: Linus Torvalds Date: Wed Dec 21 10:40:30 2016 -0800 Merge tag 'nfs-for-4.10-2' of git://git.linux-nfs.org/projects/trondmy/linux-nfs Pull more NFS client updates from Trond Myklebust: "Highlights include: - further attribute cache improvements to make revalidation more fine grained - NFSv4 locking improvements Bugfixes: - nfs4_fl_prepare_ds must be careful about reporting success in files layout - pNFS/flexfiles: Instead of marking a device inactive, remove it from the cache" * tag 'nfs-for-4.10-2' of git://git.linux-nfs.org/projects/trondmy/linux-nfs: NFSv4: Retry the DELEGRETURN if the embedded GETATTR is rejected with EACCES NFS: Retry the CLOSE if the embedded GETATTR is rejected with EACCES NFSv4: Place the GETATTR operation before the CLOSE NFSv4: Also ask for attributes when downgrading to a READ-only state NFS: Don't abuse NFS_INO_REVAL_FORCED in nfs_post_op_update_inode_locked() pNFS: Return RW layouts on OPEN_DOWNGRADE NFSv4: Add encode/decode of the layoutreturn op in OPEN_DOWNGRADE NFS: Don't disconnect open-owner on NFS4ERR_BAD_SEQID NFSv4: ensure __nfs4_find_lock_state returns consistent result. NFSv4.1: nfs4_fl_prepare_ds must be careful about reporting success. pNFS/flexfiles: delete deviceid, don't mark inactive NFS: Clean up nfs_attribute_timeout() NFS: Remove unused function nfs_revalidate_inode_rcu() NFS: Fix and clean up the access cache validity checking NFS: Only look at the change attribute cache state in nfs_weak_revalidate() NFS: Clean up cache validity checking NFS: Don't revalidate the file on close if we hold a delegation NFSv4: Don't discard the attributes returned by asynchronous DELEGRETURN NFSv4: Update the attribute cache info in update_changeattr commit 8354491c9d5b06709384cea91d13019bf5e61449 Author: Thomas Petazzoni Date: Wed Dec 21 11:28:49 2016 +0100 net: mvpp2: fix dma unmapping of TX buffers for fragments Since commit 71ce391dfb784 ("net: mvpp2: enable proper per-CPU TX buffers unmapping"), we are not correctly DMA unmapping TX buffers for fragments. Indeed, the mvpp2_txq_inc_put() function only stores in the txq_cpu->tx_buffs[] array the physical address of the buffer to be DMA-unmapped when skb != NULL. In addition, when DMA-unmapping, we use skb_headlen(skb) to get the size to be unmapped. Both of this works fine for TX descriptors that are associated directly to a SKB, but not the ones that are used for fragments, with a NULL pointer as skb: - We have a NULL physical address when calling DMA unmap - skb_headlen(skb) crashes because skb is NULL This causes random crashes when fragments are used. To solve this problem, we need to: - Store the physical address of the buffer to be unmapped unconditionally, regardless of whether it is tied to a SKB or not. - Store the length of the buffer to be unmapped, which requires a new field. Instead of adding a third array to store the length of the buffer to be unmapped, and as suggested by David Miller, this commit refactors the tx_buffs[] and tx_skb[] arrays of 'struct mvpp2_txq_pcpu' into a separate structure 'mvpp2_txq_pcpu_buf', to which a 'size' field is added. Therefore, instead of having three arrays to allocate/free, we have a single one, which also improve data locality, reducing the impact on the CPU cache. Fixes: 71ce391dfb784 ("net: mvpp2: enable proper per-CPU TX buffers unmapping") Reported-by: Raphael G Cc: Raphael G Cc: stable@vger.kernel.org Signed-off-by: Thomas Petazzoni Signed-off-by: David S. Miller drivers/net/ethernet/marvell/mvpp2.c | 59 ++++++++++++++++++------------------ 1 file changed, 30 insertions(+), 29 deletions(-) commit f217bfde24077b6684e625dd618e3a522e6f272a Author: Heiko Stübner Date: Tue Dec 20 17:17:06 2016 +0100 net: ethernet: stmmac: dwmac-rk: make clk enablement first in powerup Right now the dwmac-rk tries to set up the GRF-specific speed and link options before enabling clocks, phys etc and on previous socs this works because the GRF is supplied on the whole by one clock. On the rk3399 however the GRF (General Register Files) clock-supply has been split into multiple clocks and while there is no specific grf-gmac clock like for other sub-blocks, it seems the mac-specific portions are actually supplied by the general mac clock. This results in hangs on rk3399 boards if the driver is build as module. When built in te problem of course doesn't surface, as the clocks are of course still on at the stage before clock_disable_unused. To solve this, simply move the clock enablement to the first position in the powerup callback. This is also a good idea in general to enable clocks before everything else. Tested on rk3288, rk3368 and rk3399 the dwmac still works on all of them. Signed-off-by: Heiko Stuebner Signed-off-by: David S. Miller drivers/net/ethernet/stmicro/stmmac/dwmac-rk.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 76b15923b777aa2660029629179550124c1fc40e Author: Kalesh A P Date: Tue Dec 20 10:14:30 2016 -0500 be2net: Increase skb headroom size to 256 bytes The driver currently allocates 128 bytes of skb headroom. This was found to be insufficient with some configurations like Geneve tunnels, which resulted in skb head reallocations. Increase the headroom to 256 bytes to fix this. Signed-off-by: Kalesh A P Signed-off-by: Suresh Reddy Signed-off-by: David S. Miller drivers/net/ethernet/emulex/benet/be.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d5db84a871f815968e4d2933b9dd6f8ab83f80d1 Merge: f8114f8 83337e5 Author: Linus Torvalds Date: Wed Dec 21 10:16:05 2016 -0800 Merge branch 'scsi-target-for-v4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/bvanassche/linux Pull scsi target cleanups from Bart Van Assche: "The changes here are: - a few small bug fixes for the iSCSI and user space target drivers. - minimize the target build time by about 30% by rearranging #include directives - fix the second argument passed to percpu_ida_alloc() - reduce the number of false positive warnings reported by sparse These patches pass Wu Fengguang's build bot tests and also the linux-next tests" * 'scsi-target-for-v4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/bvanassche/linux: iscsi-target: Return error if unable to add network portal target: Fix spelling mistake and unwrap multi-line text target/iscsi: Fix double free in lio_target_tiqn_addtpg() target/user: Fix use-after-free of tcmu_cmds if they are expired target: Minimize #include directives target/user: Add an #include directive cxgbit: Add an #include directive ibmvscsi_tgt: Add two #include directives sbp-target: Add an #include directive qla2xxx: Add an #include directive configfs: Minimize #include directives usb: gadget: Fix second argument of percpu_ida_alloc() sbp-target: Fix second argument of percpu_ida_alloc() target/user: Fix a data type in tcmu_queue_cmd() target: Use NULL instead of 0 to represent a pointer commit b428018a065b62191b9f8a3f553ebf4423017a78 Author: David Matlack Date: Mon Dec 19 12:48:41 2016 -0800 KVM: nVMX: fix instruction skipping during emulated vm-entry kvm_skip_emulated_instruction() should not be called after emulating a VM-entry failure during or after loading guest state (nested_vmx_entry_failure()). Otherwise the L1 hypervisor is resumed some number of bytes past vmcs->host_rip. Fixes: eb2775621701e6ee3ea2a474437d04e93ccdcb2f Signed-off-by: David Matlack Signed-off-by: Paolo Bonzini arch/x86/kvm/vmx.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit f8114f8583bb18a467c04ddc1e8978330e445801 Author: Takashi Iwai Date: Wed Dec 21 11:28:28 2016 +0100 Revert "ALSA: usb-audio: Fix race at stopping the stream" This reverts commit 16200948d8353fe29a473a394d7d26790deae0e7. The commit was intended to cover the race condition, but it introduced yet another regression for devices with the implicit feedback, leading to a kernel panic due to NULL-dereference in an irq context. As the race condition that was addressed by the commit is very rare and the regression is much worse, let's revert the commit for rc1, and fix the issue properly in a later patch. Fixes: 16200948d835 ("ALSA: usb-audio: Fix race at stopping the stream") Reported-by: Ioan-Adrian Ratiu Cc: Signed-off-by: Takashi Iwai Signed-off-by: Linus Torvalds sound/usb/endpoint.c | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) commit bfc5e3a6af397dcf9c99a6c1872458e7867c4680 Author: Paul Moore Date: Wed Dec 21 10:39:25 2016 -0500 selinux: use the kernel headers when building scripts/selinux Commit 3322d0d64f4e ("selinux: keep SELinux in sync with new capability definitions") added a check on the defined capabilities without explicitly including the capability header file which caused problems when building genheaders for users of clang/llvm. Resolve this by using the kernel headers when building genheaders, which is arguably the right thing to do regardless, and explicitly including the kernel's capability.h header file in classmap.h. We also update the mdp build, even though it wasn't causing an error we really should be using the headers from the kernel we are building. Reported-by: Nicolas Iooss Signed-off-by: Paul Moore scripts/selinux/genheaders/Makefile | 4 +++- scripts/selinux/genheaders/genheaders.c | 4 ++++ scripts/selinux/mdp/Makefile | 4 +++- scripts/selinux/mdp/mdp.c | 4 ++++ security/selinux/include/classmap.h | 2 ++ 5 files changed, 16 insertions(+), 2 deletions(-) commit 22b68b93ae2506bd56ee3bf232a51bc8ab955b56 Author: Larry Finger Date: Mon Dec 19 20:38:12 2016 -0600 rtlwifi: Fix kernel oops introduced with commit e49656147359 With commit e49656147359 {"rtlwifi: Use dev_kfree_skb_irq instead of kfree_skb"), the method used to free an skb was changed because the kfree_skb() was inside a spinlock. What was forgotten is that kfree_skb() guards against a NULL value for the argument. Routine dev_kfree_skb_irq() does not, and a test is needed to prevent kernel panics. Fixes: e49656147359 ("rtlwifi: Use dev_kfree_skb_irq instead of kfree_skb") Signed-off-by: Larry Finger Cc: Stable # 4.9+ Cc: Wei Yongjun Signed-off-by: Kalle Valo drivers/net/wireless/realtek/rtlwifi/core.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit d1f1c0e289e1bc46cd6873ba6dd6c627f459e7fa Author: Tobias Klausmann Date: Tue Dec 13 18:08:07 2016 +0100 ath9k: do not return early to fix rcu unlocking Starting with commit d94a461d7a7d ("ath9k: use ieee80211_tx_status_noskb where possible") the driver uses rcu_read_lock() && rcu_read_unlock(), yet on returning early in ath_tx_edma_tasklet() the unlock is missing leading to stalls and suspicious RCU usage: =============================== [ INFO: suspicious RCU usage. ] 4.9.0-rc8 #11 Not tainted ------------------------------- kernel/rcu/tree.c:705 Illegal idle entry in RCU read-side critical section.! other info that might help us debug this: RCU used illegally from idle CPU! rcu_scheduler_active = 1, debug_locks = 0 RCU used illegally from extended quiescent state! 1 lock held by swapper/7/0: #0: ( rcu_read_lock ){......} , at: [] ath_tx_edma_tasklet+0x0/0x450 [ath9k] stack backtrace: CPU: 7 PID: 0 Comm: swapper/7 Not tainted 4.9.0-rc8 #11 Hardware name: Acer Aspire V3-571G/VA50_HC_CR, BIOS V2.21 12/16/2013 ffff88025efc3f38 ffffffff8132b1e5 ffff88017ede4540 0000000000000001 ffff88025efc3f68 ffffffff810a25f7 ffff88025efcee60 ffff88017edebdd8 ffff88025eeb5400 0000000000000091 ffff88025efc3f88 ffffffff810c3cd4 Call Trace: [] dump_stack+0x68/0x93 [] lockdep_rcu_suspicious+0xd7/0x110 [] rcu_eqs_enter_common.constprop.85+0x154/0x200 [] rcu_irq_exit+0x44/0xa0 [] irq_exit+0x61/0xd0 [] do_IRQ+0x65/0x110 [] common_interrupt+0x89/0x89 [] ? cpuidle_enter_state+0x151/0x200 [] cpuidle_enter+0x12/0x20 [] call_cpuidle+0x1e/0x40 [] cpu_startup_entry+0x146/0x220 [] start_secondary+0x148/0x170 Signed-off-by: Tobias Klausmann Fixes: d94a461d7a7d ("ath9k: use ieee80211_tx_status_noskb where possible") Cc: # v4.9 Acked-by: Felix Fietkau Acked-by: Paul E. McKenney Tested-by: Gabriel Craciunescu Signed-off-by: Kalle Valo drivers/net/wireless/ath/ath9k/xmit.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 7c3a23b85cac5f3caa531f369c1e3a5f1a8b555f Author: Colin Ian King Date: Fri Dec 9 14:59:47 2016 +0000 nvmet/fcloop: remove some logically dead code performing redundant ret checks The check to see if ret is non-zero and return this rather than count is redundant in two occassions. It is redundant because prior to this check, the return code ret is already checked for a non-zero error return value and we return from the function at that point. Signed-off-by: Colin Ian King Reviewed-off-by: James Smart Signed-off-by: Christoph Hellwig drivers/nvme/target/fcloop.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 6c73f949300f17851f53fa80c9d1611ccd6909d3 Author: Daniel Verkamp Date: Fri Dec 9 12:59:46 2016 -0700 nvmet: fix KATO offset in Set Features The Set Features implementation for Keep Alive Timer was using the wrong structure when retrieving the KATO value; it was treating the Set Features command as a Property Set command. The NVMe spec defines the Keep Alive Timer feature as having one input in CDW11 (4 bytes at offset 44 in the command) whereas the code was reading 8 bytes at offset 48. Since the Linux NVMe over Fabrics host never sets this feature, this code has presumably never been tested. Signed-off-by: Daniel Verkamp Signed-off-by: Christoph Hellwig drivers/nvme/target/admin-cmd.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) commit 17a1ec08ce7074f05795e5c32a3e5bc9a797bbf8 Author: Johannes Thumshirn Date: Thu Dec 15 14:20:48 2016 +0100 nvme/fc: simplify error handling of nvme_fc_create_hw_io_queues Simplify the error handling of nvme_fc_create_hw_io_queues(), this saves us one variable and one level of indentation. Signed-off-by: Johannes Thumshirn Reviwed-by: James Smart Signed-off-by: Christoph Hellwig drivers/nvme/host/fc.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) commit c703489885218900579279cec4b4ab8e7fce383b Author: James Smart Date: Tue Dec 20 11:06:08 2016 -0800 nvme/fc: correct some printk information Dan Carpenters's tool caught a pointer reference - should have been just ptr, not &ptr. Don't bother. Remove the pointer value in the printf. Its irrelevant. Signed-off-by: James Smart Reported-by: Dan Carpenter Signed-off-by: Christoph Hellwig drivers/nvme/host/fc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 2c473a9d02fbe881506d5d43bc7edb776f2f46f5 Author: Andy Lutomirski Date: Tue Dec 6 10:14:35 2016 -0800 nvme/scsi: Remove START STOP emulation Now that the broken power state control is gone, it appears to serve no purpose. Just delete it. NVME devices don't have a concept of started vs stopped anyway. Signed-off-by: Andy Lutomirski Reviewed-by: Keith Busch Signed-off-by: Christoph Hellwig drivers/nvme/host/scsi.c | 27 --------------------------- 1 file changed, 27 deletions(-) commit ff13b39ecf726715a96fcd3c23e50eb792ef6516 Author: Keith Busch Date: Fri Dec 9 12:08:58 2016 -0500 nvme/pci: Delete misleading queue-wrap comment It is not theoretically possible for this driver to wrap twice while processing completions. The driver allocates only 'queue_depth - 1' tags, so there can never be more than that to reap when processing a completion queue. Removing this misleading comment makes it a little less likely people with broken controllers will blame the driver for their spurious interrupts. Signed-off-by: Keith Busch Signed-off-by: Christoph Hellwig drivers/nvme/host/pci.c | 7 ------- 1 file changed, 7 deletions(-) commit 9fa196e7fc7a0f12329d5346164abb27f026991c Author: Max Gurtovoy Date: Mon Dec 19 16:18:24 2016 +0200 nvme/pci: Fix whitespace problem Convert to tabs and remove unneeded whitespaces. Signed-off-by: Max Gurtovoy Signed-off-by: Christoph Hellwig drivers/nvme/host/pci.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit e6282aef7b89a11d26e731060c4409b7aac278bf Author: Keith Busch Date: Mon Dec 19 11:37:50 2016 -0500 nvme: simplify stripe quirk Some OEMs believe they own the Identify Controller vendor specific region and will repurpose it with their own values. While not common, we can't rely on the PCI VID:DID to tell use how to decode the field we reserved for this as the stripe size so we need to do something else for the list of devices using this quirk. The field was supposed to allow flexibility on the device's back-end striping, but it turned out that never materialized; the chunk is always the same as MDTS in the products subscribing to this quirk, so this patch removes the stripe_size field and sets the chunk to the max hw transfer size for the devices using this quirk. Signed-off-by: Keith Busch Signed-off-by: Christoph Hellwig drivers/nvme/host/core.c | 17 ++--------------- drivers/nvme/host/nvme.h | 1 - 2 files changed, 2 insertions(+), 16 deletions(-) commit b508fc354f6d168ec18673d99d3bce9d6c1d9475 Author: Christoph Hellwig Date: Wed Dec 21 11:20:45 2016 +0100 nvme: update maintainers information Switch the new, shared nvme git repository, which is co-maintained by everyone involved with NVMe. Also add the nvme_ioctl.h UAPI header to the files list. Signed-off-by: Christoph Hellwig MAINTAINERS | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) commit 8877ebdd3f9a3ffc84c4b67562d257c5f553bc49 Author: Borislav Petkov Date: Tue Dec 20 11:54:30 2016 +0100 x86/microcode/AMD: Reload proper initrd start address When we switch to virtual addresses and, especially after reserve_initrd()->relocate_initrd() have run, we have the updated initrd address in initrd_start. Use initrd_start then instead of the address which has been passed to us through boot params. (That still gets used when we're running the very early routines on the BSP). Reported-and-tested-by: Boris Ostrovsky Signed-off-by: Borislav Petkov Link: http://lkml.kernel.org/r/20161220144012.lc4cwrg6dphqbyqu@pd.tnic Signed-off-by: Thomas Gleixner arch/x86/kernel/cpu/microcode/core.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) commit c739c0a7c3c2472d7562b8f802cdce44d2597c8b Author: Arnd Bergmann Date: Fri Dec 9 09:41:29 2016 -0200 [media] s5k4ecgx: select CRC32 helper A rare randconfig build failure shows up in this driver when the CRC32 helper is not there: drivers/media/built-in.o: In function `s5k4ecgx_s_power': s5k4ecgx.c:(.text+0x9eb4): undefined reference to `crc32_le' This adds the 'select' that all other users of this function have. Fixes: 8b99312b7214 ("[media] Add v4l2 subdev driver for S5K4ECGX sensor") Signed-off-by: Arnd Bergmann Signed-off-by: Mauro Carvalho Chehab drivers/media/i2c/Kconfig | 1 + 1 file changed, 1 insertion(+) commit 4dd19196c5539c377beaa9850fac30c18318c7a1 Author: Arnd Bergmann Date: Fri Dec 9 09:36:29 2016 -0200 [media] dvb: avoid warning in dvb_net With gcc-5 or higher on x86, we can get a bogus warning in the dvb-net code: drivers/media/dvb-core/dvb_net.c: In function 'dvb_net_ule': arch/x86/include/asm/string_32.h:78:22: error: '*((void *)&dest_addr+4)' may be used uninitialized in this function [-Werror=maybe-uninitialized] The problem here is that gcc doesn't track all of the conditions to prove it can't end up copying uninitialized data. This changes the logic around so we zero out the destination address earlier when we determine that it is not set here. This allows the compiler to figure it out. Signed-off-by: Arnd Bergmann Signed-off-by: Mauro Carvalho Chehab drivers/media/dvb-core/dvb_net.c | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) commit 79d6205a3f741c9fb89cfc47dfa0eddb1526726d Author: Laurent Pinchart Date: Fri Dec 9 09:47:19 2016 -0200 [media] v4l: tvp5150: Don't override output pinmuxing at stream on/off time The s_stream() handler incorrectly writes the whole MISC_CTL register to enable or disable the outputs, overriding the output pinmuxing configuration. Fix it to only touch the output enable bits. The CONF_SHARED_PIN register is also written by the same function, resulting in muxing the INTREQ signal instead of the VBLK/GPCL signal on the INTREQ/GPCL/VBLK pin. As the driver doesn't support interrupts this is obviously incorrect, and breaks operation on other devices. Fix it by removing the write. Cc: stable@vger.kernel.org # For Kernel 4.5 and upper Signed-off-by: Laurent Pinchart Signed-off-by: Mauro Carvalho Chehab drivers/media/i2c/tvp5150.c | 33 +++++++++++++++++++-------------- 1 file changed, 19 insertions(+), 14 deletions(-) commit b4b2de386bbb6589d81596999d4a924928dc119b Author: Laurent Pinchart Date: Fri Dec 9 09:47:18 2016 -0200 [media] v4l: tvp5150: Fix comment regarding output pin muxing The FID/GLCO/VLK/HVLK and INTREQ/GPCL/VBLK pins are muxed differently depending on whether the input is an S-Video or composite signal. The comment that explains the logic doesn't reflect the code. It appears that the comment is incorrect, as disabling the output data bus in composite mode makes no sense. Update the comment to match the code. While at it define macros for the MISC_CTL register bits, the code is too confusing with numerical values. Cc: stable@vger.kernel.org # For Kernel 4.5 and upper Signed-off-by: Laurent Pinchart Signed-off-by: Mauro Carvalho Chehab drivers/media/i2c/tvp5150.c | 24 +++++++++++++++++------- drivers/media/i2c/tvp5150_reg.h | 9 +++++++++ 2 files changed, 26 insertions(+), 7 deletions(-) commit aff808e813fc2d311137754165cf53d4ee6ddcc2 Author: Laurent Pinchart Date: Fri Dec 9 09:47:17 2016 -0200 [media] v4l: tvp5150: Reset device at probe time, not in get/set format handlers The tvp5150 doesn't support format setting through the subdev pad API and thus implements the set format handler as a get format operation. The single handler, tvp5150_fill_fmt(), resets the device by calling tvp5150_reset(). This causes malfunction as the device can be reset at will, possibly from userspace when the subdev userspace API is enabled. The reset call was added in commit ec2c4f3f93cb ("[media] media: tvp5150: Add mbus_fmt callbacks"), probably as an attempt to set the device to a known state before detecting the current TV standard. However, the get format handler doesn't access the hardware to get the TV standard since commit 963ddc63e20d ("[media] media: tvp5150: Add cropping support"). There is thus no need to reset the device when getting the format. However, removing the tvp5150_reset() from the get/set format handlers results in the function not being called at all if the bridge driver doesn't use the .reset() operation. The operation is nowadays abused and shouldn't be used, so shouldn't expect bridge drivers to call it. To make sure the device is properly initialize, move the reset call from the format handlers to the probe function. Cc: stable@vger.kernel.org # For Kernel 4.5 and upper Signed-off-by: Laurent Pinchart Signed-off-by: Mauro Carvalho Chehab drivers/media/i2c/tvp5150.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) commit 48775cb73c2e26b7ca9d679875a6e570c8b8e124 Author: Max Kellermann Date: Thu Dec 15 19:51:07 2016 -0200 [media] pctv452e: move buffer to heap, no mutex commit 73d5c5c864f4 ("[media] pctv452e: don't do DMA on stack") caused a NULL pointer dereference which occurs when dvb_usb_init() calls dvb_usb_device_power_ctrl() for the first time, before the frontend has been attached. It also caused a recursive deadlock because tt3650_ci_msg_locked() has already locked the mutex. So, partially revert it, but move the buffer to the heap (DMA capable), not to the stack (may not be DMA capable). Instead of sharing one buffer which needs mutex protection, do a new heap allocation for each call. Fixes: commit 73d5c5c864f4 ("[media] pctv452e: don't do DMA on stack") Cc: stable@vger.kernel.org # For Kernel 4.9 Signed-off-by: Max Kellermann Signed-off-by: Mauro Carvalho Chehab drivers/media/usb/dvb-usb/pctv452e.c | 133 +++++++++++++++++++---------------- 1 file changed, 72 insertions(+), 61 deletions(-) commit 78ccbf9ff89bd7a20d36be039cb3eab71081648c Author: Christoph Hellwig Date: Sun Sep 11 10:31:28 2016 -0300 [media] media/cobalt: use pci_irq_allocate_vectors Simply the interrupt setup by using the new PCI layer helpers. Despite using pci_enable_msi_range, this driver was only requesting a single MSI vector anyway. Signed-off-by: Christoph Hellwig Signed-off-by: Hans Verkuil Signed-off-by: Mauro Carvalho Chehab drivers/media/pci/cobalt/cobalt-driver.c | 8 ++------ drivers/media/pci/cobalt/cobalt-driver.h | 2 -- 2 files changed, 2 insertions(+), 8 deletions(-) commit f60f35609f89ef4fee73776bc1ef697923251995 Author: Hans Verkuil Date: Fri Dec 9 12:00:49 2016 -0200 [media] cec: fix race between configuring and unconfiguring This race was discovered by running cec-compliance -A with the cec module debug parameter set to 2: suddenly the test would fail. It turns out that this happens when the test configures the adapter in non-blocking mode, then it waits for the CEC_EVENT_STATE_CHANGE event and once the event is received it unconfigures the adapter. What happened was that the unconfigure was executed while the configure was still transmitting the Report Features and Report Physical Address messages. This messed up the internal state of the cec_adapter. The fix is to transmit those messages with the adap->lock mutex held (this will just queue them up in the internal transmit queue, and not actually transmit anything yet). Only unlock the mutex once everything is done. The main thread will dequeue the messages from the internal transmit queue and transmit them one by one, unless an unconfigure was done, and in that case any messages are just dropped. Signed-off-by: Hans Verkuil Signed-off-by: Mauro Carvalho Chehab drivers/media/cec/cec-adap.c | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) commit d3d64bc7408f1ff0b0ff8354056e2a48eda5886d Author: Hans Verkuil Date: Fri Dec 9 11:48:34 2016 -0200 [media] cec: move cec_report_phys_addr into cec_config_thread_func It's only a small function and this makes it easier to switch to transmitting the message with adap->lock held in the next patch. Signed-off-by: Hans Verkuil Signed-off-by: Mauro Carvalho Chehab drivers/media/cec/cec-adap.c | 25 +++++++------------------ 1 file changed, 7 insertions(+), 18 deletions(-) commit 52bc30fda9622f492427d484bd4dd8ee42cc4667 Author: Hans Verkuil Date: Fri Dec 9 11:36:03 2016 -0200 [media] cec: replace cec_report_features by cec_fill_msg_report_features The fill function just fills in the cec_msg struct, it doesn't transmit the message. This is now done explicitly. This makes it possible to switch to transmitting this message with adap->lock held. Signed-off-by: Hans Verkuil Signed-off-by: Mauro Carvalho Chehab drivers/media/cec/cec-adap.c | 48 ++++++++++++++++++++++++-------------------- 1 file changed, 26 insertions(+), 22 deletions(-) commit 7af26f889eb67db272021a939f7d4a57e96dd961 Author: Hans Verkuil Date: Fri Dec 9 11:54:06 2016 -0200 [media] cec: update log_addr[] before finishing configuration The loop that sets the unused logical addresses to INVALID should be done before 'configured' is set to true. This ensures that cec_log_addrs is consistent before it will be used. Signed-off-by: Hans Verkuil Signed-off-by: Mauro Carvalho Chehab drivers/media/cec/cec-adap.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit a24f56d47930492c94ef6875bf45adf7607ca1a4 Author: Hans Verkuil Date: Fri Dec 9 11:28:19 2016 -0200 [media] cec: CEC_MSG_GIVE_FEATURES should abort for CEC version < 2 This is a 2.0 only message, so it should return Feature Abort if the adapter is configured for CEC version 1.4. Right now it does nothing, which means that the sender will time out. Signed-off-by: Hans Verkuil Signed-off-by: Mauro Carvalho Chehab drivers/media/cec/cec-adap.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 120476123646ba3619c90db7bcbc6f8eea53c990 Author: Hans Verkuil Date: Fri Dec 9 11:14:32 2016 -0200 [media] cec: when canceling a message, don't overwrite old status info When a pending message was canceled (e.g. due to a timeout), then the old tx_status info was overwritten instead of ORed. The same happened with the tx_error_cnt field. So just modify them instead of overwriting them. Signed-off-by: Hans Verkuil Signed-off-by: Mauro Carvalho Chehab drivers/media/cec/cec-adap.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit f3854973f196baad5be6b62d8f5ea24b0346b63f Author: Hans Verkuil Date: Tue Dec 6 11:17:12 2016 -0200 [media] cec: fix report_current_latency In the (very) small print of the REPORT_CURRENT_LATENCY message there is a line that says that the last byte of the message (audio out delay) is only present if the 'audio out compensated' value is 3. I missed this, and so if this message was sent with a total length of 6 (i.e. without the audio out delay byte), then it was rejected by the framework since a minimum length of 7 was expected. Fix this minimum length check and update the wrappers in cec-funcs.h to do the right thing based on the message length. Signed-off-by: Hans Verkuil Signed-off-by: Mauro Carvalho Chehab drivers/media/cec/cec-adap.c | 2 +- include/uapi/linux/cec-funcs.h | 10 +++++++--- 2 files changed, 8 insertions(+), 4 deletions(-) commit 4bfb934b0067b7f6a24470682c5f7254fd4d8282 Author: Sakari Ailus Date: Sat Nov 19 19:50:10 2016 -0200 [media] smiapp: Make suspend and resume functions __maybe_unused The smiapp_suspend() and smiapp_resume() functions will end up being unused if CONFIG_PM is enabled but CONFIG_PM_SLEEP is disabled, causing a compiler warning from both of the function definitions. Fix this by marking the functions with __maybe_unused. Suggested-by: Arnd Bergmann Signed-off-by: Sakari Ailus Signed-off-by: Mauro Carvalho Chehab drivers/media/i2c/smiapp/smiapp-core.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 9447082ae666fbf3adbe9c9152117daa31a8b737 Author: Sakari Ailus Date: Wed Nov 16 12:21:19 2016 -0200 [media] smiapp: Implement power-on and power-off sequences without runtime PM Power on the sensor when the module is loaded and power it off when it is removed. Signed-off-by: Sakari Ailus Signed-off-by: Mauro Carvalho Chehab drivers/media/i2c/smiapp/smiapp-core.c | 29 ++++++++++------------------- 1 file changed, 10 insertions(+), 19 deletions(-) commit e85baa8868b016513c0f5738362402495b1a66a5 Author: Paul Burton Date: Fri Nov 11 14:22:36 2016 +0000 mmc: sd: Meet alignment requirements for raw_ssr DMA The mmc_read_ssr() function results in DMA to the raw_ssr member of struct mmc_card, which is not guaranteed to be cache line aligned & thus might not meet the requirements set out in Documentation/DMA-API.txt: Warnings: Memory coherency operates at a granularity called the cache line width. In order for memory mapped by this API to operate correctly, the mapped region must begin exactly on a cache line boundary and end exactly on one (to prevent two separately mapped regions from sharing a single cache line). Since the cache line size may not be known at compile time, the API will not enforce this requirement. Therefore, it is recommended that driver writers who don't take special care to determine the cache line size at run time only map virtual regions that begin and end on page boundaries (which are guaranteed also to be cache line boundaries). On some systems where DMA is non-coherent this can lead to us losing data that shares cache lines with the raw_ssr array. Fix this by kmalloc'ing a temporary buffer to perform DMA into. kmalloc will ensure the buffer is suitably aligned, allowing the DMA to be performed without any loss of data. Signed-off-by: Paul Burton Fixes: 5275a652d296 ("mmc: sd: Export SD Status via “ssr” device attribute") Cc: Signed-off-by: Ulf Hansson drivers/mmc/core/sd.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) commit adec57c61c2421d9d06c1fa8dd1ff7ed4fd2ca1b Author: Arnd Bergmann Date: Fri Dec 16 10:06:15 2016 +0100 cpufreq: s3c64xx: remove incorrect __init annotation s3c64xx_cpufreq_config_regulator is incorrectly annotated as __init, since the caller is also not init: WARNING: vmlinux.o(.text+0x92fe1c): Section mismatch in reference from the function s3c64xx_cpufreq_driver_init() to the function .init.text:s3c64xx_cpufreq_config_regulator() With modern gcc versions, the function gets inline, so we don't see the warning, this only happens with gcc-4.6 and older. Signed-off-by: Arnd Bergmann Reviewed-by: Krzysztof Kozlowski Signed-off-by: Rafael J. Wysocki drivers/cpufreq/s3c64xx-cpufreq.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 2a8fa123d9a1d2ca391eefc81fea747108a5081f Author: Boris Ostrovsky Date: Thu Dec 15 10:00:58 2016 -0500 cpufreq: Remove CPU hotplug callbacks only if they were initialized Since CPU hotplug callbacks are requested for CPUHP_AP_ONLINE_DYN state, successful callback initialization will result in cpuhp_setup_state() returning a positive value. Therefore acpi_cpufreq_online being zero indicates that callbacks have not been installed. This means that acpi_cpufreq_boost_exit() should only remove them if acpi_cpufreq_online is positive. Trying to call cpuhp_remove_state_nocalls(0) will cause a BUG(). Signed-off-by: Boris Ostrovsky Reviewed-by: Thomas Gleixner Signed-off-by: Rafael J. Wysocki drivers/cpufreq/acpi-cpufreq.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 1358e038fac2628730842c817c7c156647166461 Author: Boris Ostrovsky Date: Thu Dec 15 10:00:57 2016 -0500 CPU/hotplug: Clarify description of __cpuhp_setup_state() return value When ivoked with CPUHP_AP_ONLINE_DYN state __cpuhp_setup_state() is expected to return positive value which is the hotplug state that the routine assigns. Signed-off-by: Boris Ostrovsky Signed-off-by: Rafael J. Wysocki kernel/cpu.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) commit 8d3523fb3b727478ac528b307cb84460faa1c39e Author: Lv Zheng Date: Wed Dec 14 15:04:46 2016 +0800 ACPI / osl: Remove deprecated acpi_get_table_with_size()/early_acpi_os_unmap_memory() Since all users are cleaned up, remove the 2 deprecated APIs due to no users. As a Linux variable rather than an ACPICA variable, acpi_gbl_permanent_mmap is renamed to acpi_permanent_mmap to have a consistent coding style across entire Linux ACPI subsystem. Signed-off-by: Lv Zheng Signed-off-by: Rafael J. Wysocki arch/arm64/include/asm/acpi.h | 2 +- drivers/acpi/bus.c | 2 +- drivers/acpi/osl.c | 50 +++++-------------------------------------- include/acpi/acpi_io.h | 2 ++ include/acpi/acpixf.h | 13 ----------- 5 files changed, 9 insertions(+), 60 deletions(-) commit 6b11d1d677132816252004426ef220ccd3c92d2f Author: Lv Zheng Date: Wed Dec 14 15:04:39 2016 +0800 ACPI / osl: Remove acpi_get_table_with_size()/early_acpi_os_unmap_memory() users This patch removes the users of the deprectated APIs: acpi_get_table_with_size() early_acpi_os_unmap_memory() The following APIs should be used instead of: acpi_get_table() acpi_put_table() The deprecated APIs are invented to be a replacement of acpi_get_table() during the early stage so that the early mapped pointer will not be stored in ACPICA core and thus the late stage acpi_get_table() won't return a wrong pointer. The mapping size is returned just because it is required by early_acpi_os_unmap_memory() to unmap the pointer during early stage. But as the mapping size equals to the acpi_table_header.length (see acpi_tb_init_table_descriptor() and acpi_tb_validate_table()), when such a convenient result is returned, driver code will start to use it instead of accessing acpi_table_header to obtain the length. Thus this patch cleans up the drivers by replacing returned table size with acpi_table_header.length, and should be a no-op. Reported-by: Dan Williams Signed-off-by: Lv Zheng Signed-off-by: Rafael J. Wysocki arch/arm64/kernel/acpi.c | 7 +++---- drivers/acpi/nfit/core.c | 3 ++- drivers/acpi/processor_core.c | 8 +++----- drivers/acpi/spcr.c | 8 +++----- drivers/acpi/tables.c | 17 +++++++---------- drivers/gpu/drm/amd/amdgpu/amdgpu_bios.c | 3 ++- drivers/gpu/drm/radeon/radeon_bios.c | 3 ++- drivers/iommu/amd_iommu_init.c | 10 ++++------ drivers/iommu/dmar.c | 7 ++----- drivers/mailbox/pcc.c | 5 +---- 10 files changed, 29 insertions(+), 42 deletions(-) commit 66360faa4333babc53836c7b59a0cff68cb0a9c6 Author: Lv Zheng Date: Wed Dec 14 15:04:33 2016 +0800 ACPICA: Tables: Allow FADT to be customized with virtual address ACPICA commit d98de9ca14891130efc5dcdc871b97eb27b4b0f5 FADT parsing code requires FADT to be installed as ACPI_TABLE_ORIGIN_INTERNAL_PHYSICAL, using new acpi_tb_get_table()/acpi_tb_put_table(), other address types can also be allowed, thus facilitates FADT customization with virtual address. Lv Zheng. Link: https://github.com/acpica/acpica/commit/d98de9ca Signed-off-by: Lv Zheng Signed-off-by: Bob Moore Signed-off-by: Rafael J. Wysocki drivers/acpi/acpica/tbfadt.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) commit 174cc7187e6f088942c8e74daa7baff7b44b33c9 Author: Lv Zheng Date: Wed Dec 14 15:04:25 2016 +0800 ACPICA: Tables: Back port acpi_get_table_with_size() and early_acpi_os_unmap_memory() from Linux kernel ACPICA commit cac6790954d4d752a083e6122220b8a22febcd07 This patch back ports Linux acpi_get_table_with_size() and early_acpi_os_unmap_memory() into ACPICA upstream to reduce divergences. The 2 APIs are used by Linux as table management APIs for long time, it contains a hidden logic that during the early stage, the mapped tables should be unmapped before the early stage ends. During the early stage, tables are handled by the following sequence: acpi_get_table_with_size(); parse the table early_acpi_os_unmap_memory(); During the late stage, tables are handled by the following sequence: acpi_get_table(); parse the table Linux uses acpi_gbl_permanent_mmap to distinguish the early stage and the late stage. The reasoning of introducing acpi_get_table_with_size() is: ACPICA will remember the early mapped pointer in acpi_get_table() and Linux isn't able to prevent ACPICA from using the wrong early mapped pointer during the late stage as there is no API provided from ACPICA to be an inverse of acpi_get_table() to forget the early mapped pointer. But how ACPICA can work with the early/late stage requirement? Inside of ACPICA, tables are ensured to be remained in "INSTALLED" state during the early stage, and they are carefully not transitioned to "VALIDATED" state until the late stage. So the same logic is in fact implemented inside of ACPICA in a different way. The gap is only that the feature is not provided to the OSPMs in an accessible external API style. It then is possible to fix the gap by providing an inverse of acpi_get_table() from ACPICA, so that the two Linux sequences can be combined: acpi_get_table(); parse the table acpi_put_table(); In order to work easier with the current Linux code, acpi_get_table() and acpi_put_table() is implemented in a usage counting based style: 1. When the usage count of the table is increased from 0 to 1, table is mapped and .Pointer is set with the mapping address (VALIDATED); 2. When the usage count of the table is decreased from 1 to 0, .Pointer is unset and the mapping address is unmapped (INVALIDATED). So that we can deploy the new APIs to Linux with minimal effort by just invoking acpi_get_table() in acpi_get_table_with_size() and invoking acpi_put_table() in early_acpi_os_unmap_memory(). Lv Zheng. Link: https://github.com/acpica/acpica/commit/cac67909 Signed-off-by: Lv Zheng Signed-off-by: Bob Moore Signed-off-by: Rafael J. Wysocki drivers/acpi/acpica/actables.h | 6 ++ drivers/acpi/acpica/tbutils.c | 85 +++++++++++++++++++++++++ drivers/acpi/acpica/tbxface.c | 130 ++++++++++++++++++++++++-------------- drivers/acpi/osl.c | 39 +++++++++++- include/acpi/acpixf.h | 12 +++- include/acpi/actbl.h | 1 + include/acpi/platform/aclinuxex.h | 1 - 7 files changed, 220 insertions(+), 54 deletions(-) commit f8d9422ef80c5126112284493e69c88753c56ad1 Author: Flora Cui Date: Thu Dec 15 16:29:31 2016 +0800 drm/amdgpu: update tile table for oland/hainan Signed-off-by: Flora Cui Reviewed-by: Junwei Zhang Reviewed-by: Alex Deucher Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org drivers/gpu/drm/amd/amdgpu/gfx_v6_0.c | 330 ++++++++++++++++++++-------------- 1 file changed, 191 insertions(+), 139 deletions(-) commit 3548f9a829738db1df2643c1db1a134d84b00fc4 Author: Flora Cui Date: Thu Dec 15 16:26:58 2016 +0800 drm/amdgpu: update tile table for verde Signed-off-by: Flora Cui Reviewed-by: Junwei Zhang Reviewed-by: Alex Deucher Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org drivers/gpu/drm/amd/amdgpu/gfx_v6_0.c | 295 +++++++++++++++++++++++++++++++++- 1 file changed, 293 insertions(+), 2 deletions(-) commit f815b29cea0968df400f8c9f8b770ec02ec66906 Author: Flora Cui Date: Thu Dec 15 15:27:51 2016 +0800 drm/amdgpu: update rev id for verde Signed-off-by: Flora Cui Reviewed-by: Junwei Zhang Reviewed-by: Alex Deucher Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org drivers/gpu/drm/amd/amdgpu/si.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit dae5c2985da969074df03b9ff5226432be9e3293 Author: Flora Cui Date: Thu Dec 15 15:26:22 2016 +0800 drm/amdgpu: update golden setting for verde Signed-off-by: Flora Cui Reviewed-by: Junwei Zhang Reviewed-by: Alex Deucher Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org drivers/gpu/drm/amd/amdgpu/si.c | 304 +++++++++++++++++++--------------------- 1 file changed, 142 insertions(+), 162 deletions(-) commit 8fd74cb4a0e563b2025b521accc7a5963f60cdb1 Author: Flora Cui Date: Thu Dec 15 15:04:39 2016 +0800 drm/amdgpu: update rev id for oland Signed-off-by: Flora Cui Reviewed-by: Junwei Zhang Reviewed-by: Alex Deucher Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org drivers/gpu/drm/amd/amdgpu/si.c | 1 + 1 file changed, 1 insertion(+) commit 6b7985efc3b56dba3a49221464e7ef65688cda76 Author: Flora Cui Date: Thu Dec 15 15:03:43 2016 +0800 drm/amdgpu: update golden setting for oland Signed-off-by: Flora Cui Reviewed-by: Junwei Zhang Reviewed-by: Alex Deucher Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org drivers/gpu/drm/amd/amdgpu/si.c | 32 +++++++++++++++++++------------- 1 file changed, 19 insertions(+), 13 deletions(-) commit 05319478dad476841282a0eab66a00da425e0914 Author: Flora Cui Date: Thu Dec 15 14:58:28 2016 +0800 drm/amdgpu: update rev id for hainan Signed-off-by: Flora Cui Reviewed-by: Junwei Zhang Reviewed-by: Alex Deucher Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org drivers/gpu/drm/amd/amdgpu/si.c | 1 + 1 file changed, 1 insertion(+) commit bd27b678c26ea9f6d6efdbea139f38fba426aaac Author: Flora Cui Date: Thu Dec 15 14:58:12 2016 +0800 drm/amdgpu: update golden setting for hainan Signed-off-by: Flora Cui Reviewed-by: Junwei Zhang Reviewed-by: Alex Deucher Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org drivers/gpu/drm/amd/amdgpu/si.c | 37 +++++++++++++++++++++++-------------- 1 file changed, 23 insertions(+), 14 deletions(-) commit e285a9a64d64e65a10e97c6ae1e9385c9595b563 Author: Flora Cui Date: Thu Dec 15 15:29:54 2016 +0800 drm/amdgpu: update rev id for pitcairn Signed-off-by: Flora Cui Reviewed-by: Junwei Zhang Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org drivers/gpu/drm/amd/amdgpu/si.c | 1 + 1 file changed, 1 insertion(+) commit 1245a694617ebc39342f12d55ed3e6561fcb9f4a Author: Flora Cui Date: Thu Dec 15 15:29:38 2016 +0800 drm/amdgpu: update golden setting for pitcairn Signed-off-by: Flora Cui Reviewed-by: Junwei Zhang Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org drivers/gpu/drm/amd/amdgpu/si.c | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) commit 7c0a705e0326a7eed2149eb0b7b30e23897becda Author: Flora Cui Date: Wed Dec 14 14:35:49 2016 +0800 drm/amdgpu: update golden setting/tiling table of tahiti Signed-off-by: Flora Cui Reviewed-by: Hawking Zhang Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org drivers/gpu/drm/amd/amdgpu/gfx_v6_0.c | 344 +++++++++++++++++++--------------- drivers/gpu/drm/amd/amdgpu/si.c | 38 ++-- 2 files changed, 221 insertions(+), 161 deletions(-) commit ba6d973f78eb62ffebb32f6ef3334fc9a3b33d22 Merge: 3eb8625 a763f78 Author: Linus Torvalds Date: Tue Dec 20 15:48:34 2016 -0800 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net Pull networking fixes and cleanups from David Miller: 1) Use rb_entry() instead of hardcoded container_of(), from Geliang Tang. 2) Use correct memory barriers in stammac driver, from Pavel Machek. 3) Fix assoc bind address handling in SCTP, from Xin Long. 4) Make the length check for UFO handling consistent between __ip_append_data() and ip_finish_output(), from Zheng Li. 5) HSI driver compatible strings were busted fro hix5hd2, from Dongpo Li. 6) Handle devm_ioremap() errors properly in cavium driver, from Arvind Yadav. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (22 commits) RDS: use rb_entry() net_sched: sch_netem: use rb_entry() net_sched: sch_fq: use rb_entry() net/mlx5: use rb_entry() ethernet: sfc: Add Kconfig entry for vendor Solarflare sctp: not copying duplicate addrs to the assoc's bind address list sctp: reduce indent level in sctp_copy_local_addr_list ARM: dts: hix5hd2: don't change the existing compatible string net: hix5hd2_gmac: fix compatible strings name openvswitch: Add a missing break statement. net: netcp: ethss: fix 10gbe host port tx pri map configuration net: netcp: ethss: fix errors in ethtool ops fsl/fman: enable compilation on ARM64 fsl/fman: A007273 only applies to PPC SoCs powerpc: fsl/fman: remove fsl,fman from of_device_ids[] fsl/fman: fix 1G support for QSGMII interfaces dt: bindings: net: use boolean dt properties for eee broken modes net: phy: use boolean dt properties for eee broken modes net: phy: fix sign type error in genphy_config_eee_advert ipv4: Should use consistent conditional judgement for ip fragment in __ip_append_data and ip_finish_output ... commit 3eb86259eca6a363ed7bb13ecea5cda809f7b97d Merge: f95adbc 50f4d9b Author: Linus Torvalds Date: Tue Dec 20 15:24:32 2016 -0800 Merge branch 'akpm' (patches from Andrew) Merge final set of updates from Andrew Morton: - a series to make IMA play better across kexec - a handful of random fixes * emailed patches from Andrew Morton : printk: fix typo in CONSOLE_LOGLEVEL_DEFAULT help text ratelimit: fix WARN_ON_RATELIMIT return value kcov: make kcov work properly with KASLR enabled arm64: setup: introduce kaslr_offset() mm: fadvise: avoid expensive remote LRU cache draining after FADV_DONTNEED ima: platform-independent hash value ima: define a canonical binary_runtime_measurements list format ima: support restoring multiple template formats ima: store the builtin/custom template definitions in a list ima: on soft reboot, save the measurement list powerpc: ima: send the kexec buffer to the next kernel ima: maintain memory size needed for serializing the measurement list ima: permit duplicate measurement list entries ima: on soft reboot, restore the measurement list powerpc: ima: get the kexec buffer passed by the previous kernel commit f95adbc1f7cef521d1d6b9146691d5971a660614 Merge: 74f65bb db4d22c Author: Linus Torvalds Date: Tue Dec 20 15:22:01 2016 -0800 Merge branch 'mailbox-for-next' of git://git.linaro.org/landing-teams/working/fujitsu/integration Pull mailbox updates from Jassi Brar: - new features (poll and SRAM usage) added to the mailbox-test driver - major update of Broadcom's PDC controller driver - minor fix for auto-loading test and STI driver modules * 'mailbox-for-next' of git://git.linaro.org/landing-teams/working/fujitsu/integration: mailbox: mailbox-test: allow reserved areas in SRAM mailbox: mailbox-test: add support for fasync/poll mailbox: bcm-pdc: Remove unnecessary void* casts mailbox: bcm-pdc: Simplify interrupt handler logic mailbox: bcm-pdc: Performance improvements mailbox: bcm-pdc: Don't use iowrite32 to write DMA descriptors mailbox: bcm-pdc: Convert from threaded IRQ to tasklet mailbox: bcm-pdc: Try to improve branch prediction mailbox: bcm-pdc: streamline rx code mailbox: bcm-pdc: Convert from interrupts to poll for tx done mailbox: bcm-pdc: PDC driver leaves debugfs files after removal mailbox: bcm-pdc: Changes so mbox client can be removed / re-inserted mailbox: bcm-pdc: Use octal permissions rather than symbolic mailbox: sti: Fix module autoload for OF registration mailbox: mailbox-test: Fix module autoload commit 74f65bbf46da4f32ddeab221e2de6d6e15f806bd Merge: 1351522 649ac63 Author: Linus Torvalds Date: Tue Dec 20 15:19:55 2016 -0800 Merge branch 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux Pull i2c fixes from Wolfram Sang. * 'i2c/for-current' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux: i2c: mux: mlxcpld: fix i2c mux selection caching i2c: designware: fix wrong Tx/Rx FIFO for ACPI i2c: xgene: Fix missing code of DTB support i2c: mux: pca954x: fix i2c mux selection caching i2c: octeon: thunderx: Limit register access retries commit 1351522b5f627f06e44e781805b5bd5c01566cf3 Merge: d5379e5 217e2bfa Author: Linus Torvalds Date: Tue Dec 20 15:17:55 2016 -0800 Merge tag 'doc-4.10-3' of git://git.lwn.net/linux Pull documentation fix from Jonathan Corbet: "A single fix for the build system. It would appear that the docutils developers, in their wisdom, broke the API in the 0.13 release. This fix detects the breakage and allows the docs to be built with both the old and new versions" * tag 'doc-4.10-3' of git://git.lwn.net/linux: docs: sphinx-extensions: make rstFlatTable work with docutils 0.13 commit d5379e5eddc09f8d172d9d6aa0e5a269a89dc60a Merge: ec92b88 3400606 Author: Linus Torvalds Date: Tue Dec 20 15:16:00 2016 -0800 Merge tag 'microblaze-4.10-rc1' of git://git.monstr.eu/linux-2.6-microblaze Pull arch/microblaze updates from Michal Simek: - wire-up new syscalls - add new codes and fpga families - fix a return value * tag 'microblaze-4.10-rc1' of git://git.monstr.eu/linux-2.6-microblaze: microblaze: Add new fpga families microblaze: Add missing release version code v9.6 and v10 microblaze: Add missing syscalls microblaze: Fix return value from xilinx_timer_init commit 7961d53d22375bb9e8ae8063533b9059102ed39d Author: Randy Dunlap Date: Tue Dec 20 08:43:30 2016 -0800 scsi: qedi: fix build, depends on UIO Fix build of SCSI qedi driver. It uses uio interfaces so it should depend on UIO. ERROR: "uio_unregister_device" [drivers/scsi/qedi/qedi.ko] undefined! ERROR: "uio_event_notify" [drivers/scsi/qedi/qedi.ko] undefined! ERROR: "__uio_register_device" [drivers/scsi/qedi/qedi.ko] undefined! Signed-off-by: Randy Dunlap Cc: QLogic-Storage-Upstream@cavium.com Signed-off-by: Martin K. Petersen drivers/scsi/qedi/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit ec92b88c3c05dd9bc75379014858c504ebb9ecbc Merge: e93b1cc 30b5070 Author: Linus Torvalds Date: Tue Dec 20 14:48:53 2016 -0800 Merge tag 'xtensa-20161219' of git://github.com/jcmvbkbc/linux-xtensa Pull Xtensa updates from Max Filippov: - enable HAVE_DMA_CONTIGUOUS, configure shared DMA pool reservation in kc705 DTS - update xtensa DMA-related Documentation/features entries - clean up arch/xtensa/kernel/setup.c: move S32C1I self-test out of it, remove unused declarations, fix screen_info definition * tag 'xtensa-20161219' of git://github.com/jcmvbkbc/linux-xtensa: xtensa: update DMA-related Documentation/features entries xtensa: configure shared DMA pool reservation in kc705 DTS xtensa: enable HAVE_DMA_CONTIGUOUS xtensa: move S32C1I self-test to a separate file xtensa: fix screen_info, clean up unused declarations in setup.c commit 7dbbf0fa1bf14c17900bb8057986b06db3822239 Author: Bart Van Assche Date: Tue Nov 22 16:17:50 2016 -0800 scsi: scsi-mq: Wait for .queue_rq() if necessary Ensure that if scsi-mq is enabled that scsi_internal_device_block() waits until ongoing shost->hostt->queuecommand() calls have finished. Signed-off-by: Bart Van Assche Reviewed-by: Sagi Grimberg Reviewed-by: Martin K. Petersen Cc: James Bottomley Cc: Christoph Hellwig Cc: Doug Ledford Signed-off-by: Martin K. Petersen drivers/scsi/scsi_lib.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 160494d381373cfa21208484aea4e5db2d3cb0a8 Author: Helge Deller Date: Tue Dec 20 20:51:10 2016 +0100 parisc: Optimize timer interrupt function Restructure the timer interrupt function to better cope with missed timer irqs. Optimize the calculation when the next interrupt should happen and skip irqs if they would happen too shortly after exit of the irq function. The update_process_times() call is done anyway at every timer irq, so we can safely drop the prof_counter and prof_multiplier variables from the per_cpu structure. Signed-off-by: Helge Deller arch/parisc/include/asm/processor.h | 4 -- arch/parisc/kernel/processor.c | 5 -- arch/parisc/kernel/time.c | 112 ++++++++++-------------------------- 3 files changed, 29 insertions(+), 92 deletions(-) commit a763f78cea845c91b8d91f93dabf70c407635dc5 Author: Geliang Tang Date: Tue Dec 20 22:02:18 2016 +0800 RDS: use rb_entry() To make the code clearer, use rb_entry() instead of container_of() to deal with rbtree. Signed-off-by: Geliang Tang Reviewed-by: Leon Romanovsky Acked-by: Santosh Shilimkar Signed-off-by: David S. Miller net/rds/rdma.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 7f7cd56c33937c6afa8a3d1f10a804c314e5b308 Author: Geliang Tang Date: Tue Dec 20 22:02:16 2016 +0800 net_sched: sch_netem: use rb_entry() To make the code clearer, use rb_entry() instead of container_of() to deal with rbtree. Signed-off-by: Geliang Tang Signed-off-by: David S. Miller net/sched/sch_netem.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit e124557d60ccefacbda79934af816526cc08aeb7 Author: Geliang Tang Date: Tue Dec 20 22:02:15 2016 +0800 net_sched: sch_fq: use rb_entry() To make the code clearer, use rb_entry() instead of container_of() to deal with rbtree. Signed-off-by: Geliang Tang Acked-by: Eric Dumazet Signed-off-by: David S. Miller net/sched/sch_fq.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) commit f7fb138389aac97fe165c9b8fe4dcfeb97a78d06 Author: Geliang Tang Date: Tue Dec 20 22:02:14 2016 +0800 net/mlx5: use rb_entry() To make the code clearer, use rb_entry() instead of container_of() to deal with rbtree. Signed-off-by: Geliang Tang Acked-by: Leon Romanovsky Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/fs_counters.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit ae99b639ce79f73fe4d1c44da8aa2d96b0f13253 Author: Tobias Klauser Date: Tue Dec 20 14:38:26 2016 +0100 ethernet: sfc: Add Kconfig entry for vendor Solarflare Since commit 5a6681e22c14 ("sfc: separate out SFC4000 ("Falcon") support into new sfc-falcon driver") there are two drivers for Solarflare devices, but both still show up directly beneath "Ethernet driver support" in the Kconfig. Follow the pattern of other vendors and group them beneath an own vendor Kconfig entry for Solarflare. Cc: Edward Cree Signed-off-by: Tobias Klauser Acked-by: Edward Cree Signed-off-by: David S. Miller drivers/net/ethernet/Kconfig | 1 - drivers/net/ethernet/sfc/Kconfig | 21 +++++++++++++++++++++ 2 files changed, 21 insertions(+), 1 deletion(-) commit b794e252f5c1c640097348566dd85d463698ce90 Merge: 92f9532 b860780 Author: David S. Miller Date: Tue Dec 20 14:15:45 2016 -0500 Merge branch 'sctp-fixes' Xin Long says: ==================== sctp: fix the issue that may copy duplicate addrs into assoc's bind address list Patch 1/2 is to fix some indent level. Given that we have kernels out there with this issue, patch 2/2 also fix sctp_raw_to_bind_addrs. v1 -> v2: Explain why we didn't filter the duplicate addresses when global address list gets updated in patch 2/2 changelog. ==================== Signed-off-by: David S. Miller commit b8607805dd157d5f93372f338b3f3b9018c507d7 Author: Xin Long Date: Tue Dec 20 13:49:50 2016 +0800 sctp: not copying duplicate addrs to the assoc's bind address list sctp.local_addr_list is a global address list that is supposed to include all the local addresses. sctp updates this list according to NETDEV_UP/ NETDEV_DOWN notifications. However, if multiple NICs have the same address, the global list would have duplicate addresses. Even if for one NIC, promote secondaries in __inet_del_ifa can also lead to accumulating duplicate addresses. When sctp binds address 'ANY' and creates a connection, it copies all the addresses from global list into asoc's bind addr list, which makes sctp pack the duplicate addresses into INIT/INIT_ACK packets. This patch is to filter the duplicate addresses when copying the addrs from global list in sctp_copy_local_addr_list and unpacking addr_param from cookie in sctp_raw_to_bind_addrs to asoc's bind addr list. Note that we can't filter the duplicate addrs when global address list gets updated, As NETDEV_DOWN event may remove an addr that still exists in another NIC. Signed-off-by: Xin Long Acked-by: Marcelo Ricardo Leitner Signed-off-by: David S. Miller net/sctp/bind_addr.c | 3 +++ net/sctp/protocol.c | 3 +++ 2 files changed, 6 insertions(+) commit 165f2cf6405a9e2153b69302845c7d5c9f3cb23b Author: Xin Long Date: Tue Dec 20 13:49:49 2016 +0800 sctp: reduce indent level in sctp_copy_local_addr_list This patch is to reduce indent level by using continue when the addr is not allowed, and also drop end_copy by using break. Signed-off-by: Xin Long Acked-by: Marcelo Ricardo Leitner Signed-off-by: David S. Miller net/sctp/protocol.c | 37 +++++++++++++++++++------------------ 1 file changed, 19 insertions(+), 18 deletions(-) commit 037569172083a59c0cc5b66c5e1cf80dcf27ebb7 Merge: 297e765 9899694 Author: Ingo Molnar Date: Tue Dec 20 20:13:37 2016 +0100 Merge tag 'perf-core-for-mingo-20161220' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux into perf/urgent Pull perf/core improvements and fixes: New features: - Introduce 'perf sched timehist --idle', to analyse processes going to/from idle state (Namhyung Kim) Fixes: - Allow 'perf record -u user' to continue when facing races with threads going away after having scanned them via /proc (Jiri Olsa) - Fix 'perf mem' --all-user/--all-kernel options (Jiri Olsa) - Support jumps with multiple arguments (Ravi Bangoria) - Fix jumps to before the function where they are located (Ravi Bangoria) - Fix lock-pi help string (Davidlohr Bueso) - Fix build of 'perf trace' in odd systems such as a RHEL PPC one (Jiri Olsa) - Do not overwrite valid build id in 'perf diff' (Kan Liang) - Don't throw error for zero length symbols, allowing the use of the TUI in PowerPC, where such symbols became more common recently (Ravi Bangoria) Infrastructure changes: - Switch of samples/bpf/ to use tools/lib/bpf, removing libbpf duplication (Joe Stringer) - Move headers check into bash script (Jiri Olsa) Signed-off-by: Arnaldo Carvalho de Melo commit 92f95322c65fef330cc0a6bb6ed3e7966f8635d5 Merge: 87e159c 48fed73 Author: David S. Miller Date: Tue Dec 20 14:12:30 2016 -0500 Merge branch 'hix5hd2_gmac-compatible-string' Dongpo Li says: ==================== net: hix5hd2_gmac: keep the compatible string not changed This patch series fix the patch: d0fb6ba75dc0 ("net: hix5hd2_gmac: add generic compatible string") The SoC hix5hd2 compatible string has the suffix "-gmac" and we should not change its compatible string. So we should name all the compatible string with the suffix "-gmac". Creating a new name suffix "-gemac" is unnecessary. ==================== Signed-off-by: David S. Miller commit 48fed73ab6d2ef59d266e362afaabb73d9b1a2d6 Author: Dongpo Li Date: Tue Dec 20 10:09:29 2016 +0800 ARM: dts: hix5hd2: don't change the existing compatible string The SoC hix5hd2 compatible string has the suffix "-gmac" and we should not change it. We should only add the generic compatible string "hisi-gmac-v1". Fixes: 0855950ba580 ("ARM: dts: hix5hd2: add gmac generic compatible and clock names") Signed-off-by: Dongpo Li Signed-off-by: David S. Miller arch/arm/boot/dts/hisi-x5hd2.dtsi | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit f7ca8e3b945366259e82ed50961809ad4262933f Author: Dongpo Li Date: Tue Dec 20 10:09:28 2016 +0800 net: hix5hd2_gmac: fix compatible strings name The SoC hix5hd2 compatible string has the suffix "-gmac" and we should not change its compatible string. So we should name all the compatible string with the suffix "-gmac". Creating a new name suffix "-gemac" is unnecessary. We also add another SoC compatible string in dt binding documentation and describe which generic version the SoC belongs to. Fixes: d0fb6ba75dc0 ("net: hix5hd2_gmac: add generic compatible string") Signed-off-by: Dongpo Li Signed-off-by: David S. Miller .../devicetree/bindings/net/hisilicon-hix5hd2-gmac.txt | 13 ++++++++----- drivers/net/ethernet/hisilicon/hix5hd2_gmac.c | 13 +++++++------ 2 files changed, 15 insertions(+), 11 deletions(-) commit 87e159c59d9f325d571689d4027115617adb32e6 Author: Jarno Rajahalme Date: Mon Dec 19 17:06:33 2016 -0800 openvswitch: Add a missing break statement. Add a break statement to prevent fall-through from OVS_KEY_ATTR_ETHERNET to OVS_KEY_ATTR_TUNNEL. Without the break actions setting ethernet addresses fail to validate with log messages complaining about invalid tunnel attributes. Fixes: 0a6410fbde ("openvswitch: netlink: support L3 packets") Signed-off-by: Jarno Rajahalme Acked-by: Pravin B Shelar Acked-by: Jiri Benc Signed-off-by: David S. Miller net/openvswitch/flow_netlink.c | 1 + 1 file changed, 1 insertion(+) commit 4c0ef2319a6cc3506db2a546b9e6294ec635eb90 Author: WingMan Kwok Date: Mon Dec 19 17:55:57 2016 -0500 net: netcp: ethss: fix 10gbe host port tx pri map configuration This patch adds the missing 10gbe host port tx priority map configurations. Signed-off-by: WingMan Kwok Signed-off-by: Murali Karicheri Signed-off-by: Sekhar Nori Signed-off-by: David S. Miller drivers/net/ethernet/ti/netcp_ethss.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit e9838ef2d6f3f3ccb058514d4ac03a6f6155ecc2 Author: WingMan Kwok Date: Mon Dec 19 17:55:56 2016 -0500 net: netcp: ethss: fix errors in ethtool ops In ethtool ops, it needs to retrieve the corresponding ethss module (gbe or xgbe) from the net_device structure. Prior to this patch, the retrieving procedure only checks for the gbe module. This patch fixes the issue by checking the xgbe module if the net_device structure does not correspond to the gbe module. Signed-off-by: WingMan Kwok Signed-off-by: Murali Karicheri Signed-off-by: Sekhar Nori Signed-off-by: David S. Miller drivers/net/ethernet/ti/netcp_ethss.c | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) commit 04fddde37642dd270ecb430b879f311536cfd6a5 Merge: fb3dc5b 2e3db5a Author: David S. Miller Date: Tue Dec 20 13:55:35 2016 -0500 Merge branch 'fsl-fixes' Madalin Bucur says: ==================== fsl/fman: fixes for ARM The patch set fixes advertised speeds for QSGMII interfaces, disables A007273 erratum workaround on non-PowerPC platforms where it does not apply, enables compilation on ARM64 and addresses a probing issue on non PPC platforms. Changes from v3: removed redundant comment, added ack by Scott Changes from v2: merged fsl/fman changes to avoid a point of failure Changes from v1: unifying probing on all supported platforms ==================== Signed-off-by: David S. Miller commit 2e3db5a4b9ee704f841d6356a32428830c7079e6 Author: Madalin Bucur Date: Mon Dec 19 22:42:46 2016 +0200 fsl/fman: enable compilation on ARM64 Signed-off-by: Madalin Bucur Signed-off-by: David S. Miller drivers/net/ethernet/freescale/fman/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 1e33099540b1e13d0e9674bc97c15d3fac050f6f Author: Madalin Bucur Date: Mon Dec 19 22:42:45 2016 +0200 fsl/fman: A007273 only applies to PPC SoCs Signed-off-by: Madalin Bucur Reviewed-by: Camelia Groza Signed-off-by: David S. Miller drivers/net/ethernet/freescale/fman/fman.c | 8 ++++++++ 1 file changed, 8 insertions(+) commit ae6021d4fc2bcc9e3193a007b2c9d31392ac641b Author: Madalin Bucur Date: Mon Dec 19 22:42:44 2016 +0200 powerpc: fsl/fman: remove fsl,fman from of_device_ids[] The fsl/fman drivers will use of_platform_populate() on all supported platforms. Call of_platform_populate() to probe the FMan sub-nodes. Signed-off-by: Igal Liberman Signed-off-by: Madalin Bucur Acked-by: Scott Wood Signed-off-by: David S. Miller arch/powerpc/platforms/85xx/corenet_generic.c | 3 --- drivers/net/ethernet/freescale/fman/fman.c | 7 +++++++ 2 files changed, 7 insertions(+), 3 deletions(-) commit 606987b04e6c0dd8027ea331f2eeae35a5f4413c Author: Madalin Bucur Date: Mon Dec 19 22:42:43 2016 +0200 fsl/fman: fix 1G support for QSGMII interfaces QSGMII ports were not advertising 1G speed. Signed-off-by: Madalin Bucur Reviewed-by: Camelia Groza Signed-off-by: David S. Miller drivers/net/ethernet/freescale/fman/mac.c | 1 + 1 file changed, 1 insertion(+) commit fb3dc5b8adef1b05e2ca2a48db9fcf1a35ae9a1e Merge: 0a28cfd 308d316 Author: David S. Miller Date: Tue Dec 20 13:50:51 2016 -0500 Merge branch 'phy-broken-modes' Jerome Brunet says: ==================== phy: Fix integration of eee-broken-modes The purpose of this series is to fix the integration of the ethernet phy property "eee-broken-modes" [0] The v3 of this series has been merged, missing a fix (error reported by kbuild robot) available in the v4 [1] More importantly, Florian opposed adding a DT property mapping a device register this directly [2]. The concern was that the property could be abused to implement platform configuration policy. After discussing it, I think we agreed that such information about the HW (defect) should appear in the platform DT. However, the preferred way is to add a boolean property for each EEE broken mode. [0]: http://lkml.kernel.org/r/1480326409-25419-1-git-send-email-jbrunet@baylibre.com [1]: http://lkml.kernel.org/r/1480348229-25672-1-git-send-email-jbrunet@baylibre.com [2]: http://lkml.kernel.org/r/e14a3b0c-dc34-be14-48b3-518a0ad0c080@gmail.com ==================== Signed-off-by: David S. Miller commit 308d3165d8b2b98d3dc3d97d6662062735daea67 Author: jbrunet Date: Mon Dec 19 16:05:38 2016 +0100 dt: bindings: net: use boolean dt properties for eee broken modes The patches regarding eee-broken-modes was merged before all people involved could find an agreement on the best way to move forward. While we agreed on having a DT property to mark particular modes as broken, the value used for eee-broken-modes mapped the phy register in very direct way. Because of this, the concern is that it could be used to implement configuration policies instead of describing a broken HW. In the end, having a boolean property for each mode seems to be preferred over one bit field value mapping the register (too) directly. Cc: Florian Fainelli Signed-off-by: Jerome Brunet Signed-off-by: David S. Miller Documentation/devicetree/bindings/net/phy.txt | 10 ++++++++-- include/dt-bindings/net/mdio.h | 19 ------------------- 2 files changed, 8 insertions(+), 21 deletions(-) commit 57f3986231bb2c69a55ccab1d2b30a00818027ac Author: jbrunet Date: Mon Dec 19 16:05:37 2016 +0100 net: phy: use boolean dt properties for eee broken modes The patches regarding eee-broken-modes was merged before all people involved could find an agreement on the best way to move forward. While we agreed on having a DT property to mark particular modes as broken, the value used for eee-broken-modes mapped the phy register in very direct way. Because of this, the concern is that it could be used to implement configuration policies instead of describing a broken HW. In the end, having a boolean property for each mode seems to be preferred over one bit field value mapping the register (too) directly. Cc: Florian Fainelli Signed-off-by: Jerome Brunet Signed-off-by: David S. Miller drivers/net/phy/phy_device.c | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) commit 3bb9ab63276696988d8224f52db20e87194deb4b Author: jbrunet Date: Mon Dec 19 16:05:36 2016 +0100 net: phy: fix sign type error in genphy_config_eee_advert In genphy_config_eee_advert, the return value of phy_read_mmd_indirect is checked to know if the register could be accessed but the result is assigned to a 'u32'. Changing to 'int' to correctly get errors from phy_read_mmd_indirect. Fixes: d853d145ea3e ("net: phy: add an option to disable EEE advertisement") Reported-by: Julia Lawall Signed-off-by: Jerome Brunet Signed-off-by: David S. Miller drivers/net/phy/phy_device.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 50f4d9bda9f8510db1392b4e832fca95c56295a1 Author: Borislav Petkov Date: Mon Dec 19 16:23:15 2016 -0800 printk: fix typo in CONSOLE_LOGLEVEL_DEFAULT help text s/prink/printk/ Link: http://lkml.kernel.org/r/20161215170111.19075-1-bp@alien8.de Signed-off-by: Borislav Petkov Cc: Olof Johansson Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds lib/Kconfig.debug | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 1b011e2f13fcf37e1e577fed25b295808d6c83b9 Author: Jiri Slaby Date: Mon Dec 19 16:23:12 2016 -0800 ratelimit: fix WARN_ON_RATELIMIT return value The macro is to be used similarly as WARN_ON as: if (WARN_ON_RATELIMIT(condition, state)) do_something(); One would expect only 'condition' to affect the 'if', but WARN_ON_RATELIMIT does internally only: WARN_ON((condition) && __ratelimit(state)) So the 'if' is affected by the ratelimiting state too. Fix this by returning 'condition' in any case. Note that nobody uses WARN_ON_RATELIMIT yet, so there is nothing to worry about. But I was about to use it and was a bit surprised. Link: http://lkml.kernel.org/r/20161215093224.23126-1-jslaby@suse.cz Signed-off-by: Jiri Slaby Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/ratelimit.h | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) commit 4983f0ab7ffaad1e534b21975367429736475205 Author: Alexander Popov Date: Mon Dec 19 16:23:09 2016 -0800 kcov: make kcov work properly with KASLR enabled Subtract KASLR offset from the kernel addresses reported by kcov. Tested on x86_64 and AArch64 (Hikey LeMaker). Link: http://lkml.kernel.org/r/1481417456-28826-3-git-send-email-alex.popov@linux.com Signed-off-by: Alexander Popov Cc: Catalin Marinas Cc: Will Deacon Cc: Ard Biesheuvel Cc: Mark Rutland Cc: Rob Herring Cc: Kefeng Wang Cc: AKASHI Takahiro Cc: Jon Masters Cc: David Daney Cc: Ganapatrao Kulkarni Cc: Dmitry Vyukov Cc: Nicolai Stange Cc: James Morse Cc: Andrey Ryabinin Cc: Andrey Konovalov Cc: Alexander Popov Cc: syzkaller Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds kernel/kcov.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) commit 7ede8665f27cde7da69e8b2fbeaa1ed0664879c5 Author: Alexander Popov Date: Mon Dec 19 16:23:06 2016 -0800 arm64: setup: introduce kaslr_offset() Introduce kaslr_offset() similar to x86_64 to fix kcov. [ Updated by Will Deacon ] Link: http://lkml.kernel.org/r/1481417456-28826-2-git-send-email-alex.popov@linux.com Signed-off-by: Alexander Popov Cc: Catalin Marinas Cc: Ard Biesheuvel Cc: Mark Rutland Cc: Rob Herring Cc: Kefeng Wang Cc: AKASHI Takahiro Cc: Jon Masters Cc: David Daney Cc: Ganapatrao Kulkarni Cc: Dmitry Vyukov Cc: Nicolai Stange Cc: James Morse Cc: Andrey Ryabinin Cc: Andrey Konovalov Cc: Alexander Popov Cc: syzkaller Signed-off-by: Andrew Morton Signed-off-by: Will Deacon Signed-off-by: Linus Torvalds arch/arm64/include/asm/memory.h | 5 +++++ arch/arm64/kernel/setup.c | 8 ++++---- 2 files changed, 9 insertions(+), 4 deletions(-) commit 4dd72b4a47a5309333c8ddf9ec7df3380dede30d Author: Johannes Weiner Date: Mon Dec 19 16:23:03 2016 -0800 mm: fadvise: avoid expensive remote LRU cache draining after FADV_DONTNEED When FADV_DONTNEED cannot drop all pages in the range, it observes that some pages might still be on per-cpu LRU caches after recent instantiation and so initiates remote calls to all CPUs to flush their local caches. However, in most cases, the fadvise happens from the same context that instantiated the pages, and any pre-LRU pages in the specified range are most likely sitting on the local CPU's LRU cache, and so in many cases this results in unnecessary remote calls, which, in a loaded system, can hold up the fadvise() call significantly. [ I didn't record it in the extreme case we observed at Facebook, unfortunately. We had a slow-to-respond system and noticed it lru_add_drain_all() leading the profile during fadvise calls. This patch came out of thinking about the code and how we commonly call FADV_DONTNEED. FWIW, I wrote a silly directory tree walker/searcher that recurses through /usr to read and FADV_DONTNEED each file it finds. On a 2 socket 40 ht machine, over 1% is spent in lru_add_drain_all(). With the patch, that cost is gone; the local drain cost shows at 0.09%. ] Try to avoid the remote call by flushing the local LRU cache before even attempting to invalidate anything. It's a cheap operation, and the local LRU cache is the most likely to hold any pre-LRU pages in the specified fadvise range. Link: http://lkml.kernel.org/r/20161214210017.GA1465@cmpxchg.org Signed-off-by: Johannes Weiner Acked-by: Vlastimil Babka Acked-by: Mel Gorman Acked-by: Hillf Danton Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/fadvise.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) commit 98e1d55d033eed2a474924c94fc2051ab20de402 Author: Andreas Steffen Date: Mon Dec 19 16:23:00 2016 -0800 ima: platform-independent hash value For remote attestion it is important for the ima measurement values to be platform-independent. Therefore integer fields to be hashed must be converted to canonical format. Link: http://lkml.kernel.org/r/1480554346-29071-11-git-send-email-zohar@linux.vnet.ibm.com Signed-off-by: Andreas Steffen Signed-off-by: Mimi Zohar Cc: Thiago Jung Bauermann Cc: "Eric W. Biederman" Cc: Dmitry Kasatkin Cc: Josh Sklar Cc: Dave Young Cc: Vivek Goyal Cc: Baoquan He Cc: Michael Ellerman Cc: Benjamin Herrenschmidt Cc: Paul Mackerras Cc: Stewart Smith Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds security/integrity/ima/ima_crypto.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit d68a6fe9fccfd00589c61df672b449d66ba3183f Author: Mimi Zohar Date: Mon Dec 19 16:22:57 2016 -0800 ima: define a canonical binary_runtime_measurements list format The IMA binary_runtime_measurements list is currently in platform native format. To allow restoring a measurement list carried across kexec with a different endianness than the targeted kernel, this patch defines little-endian as the canonical format. For big endian systems wanting to save/restore the measurement list from a system with a different endianness, a new boot command line parameter named "ima_canonical_fmt" is defined. Considerations: use of the "ima_canonical_fmt" boot command line option will break existing userspace applications on big endian systems expecting the binary_runtime_measurements list to be in platform native format. Link: http://lkml.kernel.org/r/1480554346-29071-10-git-send-email-zohar@linux.vnet.ibm.com Signed-off-by: Mimi Zohar Acked-by: Dmitry Kasatkin Cc: Thiago Jung Bauermann Cc: "Eric W. Biederman" Cc: Andreas Steffen Cc: Josh Sklar Cc: Dave Young Cc: Vivek Goyal Cc: Baoquan He Cc: Michael Ellerman Cc: Benjamin Herrenschmidt Cc: Paul Mackerras Cc: Stewart Smith Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Documentation/admin-guide/kernel-parameters.txt | 4 ++++ security/integrity/ima/ima.h | 6 ++++++ security/integrity/ima/ima_fs.c | 28 ++++++++++++++++++------- security/integrity/ima/ima_kexec.c | 11 ++++++++-- security/integrity/ima/ima_template.c | 23 ++++++++++++++++++-- security/integrity/ima/ima_template_lib.c | 7 +++++-- 6 files changed, 66 insertions(+), 13 deletions(-) commit c7d09367702e2f4faebc6176d24df72dd5066c3e Author: Mimi Zohar Date: Mon Dec 19 16:22:54 2016 -0800 ima: support restoring multiple template formats The configured IMA measurement list template format can be replaced at runtime on the boot command line, including a custom template format. This patch adds support for restoring a measuremement list containing multiple builtin/custom template formats. Link: http://lkml.kernel.org/r/1480554346-29071-9-git-send-email-zohar@linux.vnet.ibm.com Signed-off-by: Mimi Zohar Acked-by: Dmitry Kasatkin Cc: Thiago Jung Bauermann Cc: "Eric W. Biederman" Cc: Andreas Steffen Cc: Josh Sklar Cc: Dave Young Cc: Vivek Goyal Cc: Baoquan He Cc: Michael Ellerman Cc: Benjamin Herrenschmidt Cc: Paul Mackerras Cc: Stewart Smith Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds security/integrity/ima/ima_template.c | 52 +++++++++++++++++++++++++++++++++-- 1 file changed, 49 insertions(+), 3 deletions(-) commit 3f23d624de73252e27603361aa357289d9459a2e Author: Mimi Zohar Date: Mon Dec 19 16:22:51 2016 -0800 ima: store the builtin/custom template definitions in a list The builtin and single custom templates are currently stored in an array. In preparation for being able to restore a measurement list containing multiple builtin/custom templates, this patch stores the builtin and custom templates as a linked list. This will permit defining more than one custom template per boot. Link: http://lkml.kernel.org/r/1480554346-29071-8-git-send-email-zohar@linux.vnet.ibm.com Signed-off-by: Mimi Zohar Acked-by: Dmitry Kasatkin Cc: Thiago Jung Bauermann Cc: "Eric W. Biederman" Cc: Andreas Steffen Cc: Josh Sklar Cc: Dave Young Cc: Vivek Goyal Cc: Baoquan He Cc: Michael Ellerman Cc: Benjamin Herrenschmidt Cc: Paul Mackerras Cc: Stewart Smith Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds security/integrity/ima/ima.h | 2 ++ security/integrity/ima/ima_main.c | 1 + security/integrity/ima/ima_template.c | 51 +++++++++++++++++++++++++++-------- 3 files changed, 43 insertions(+), 11 deletions(-) commit 7b8589cc29e7c35dcfd2d5138979f17b48f90110 Author: Mimi Zohar Date: Mon Dec 19 16:22:48 2016 -0800 ima: on soft reboot, save the measurement list The TPM PCRs are only reset on a hard reboot. In order to validate a TPM's quote after a soft reboot (eg. kexec -e), the IMA measurement list of the running kernel must be saved and restored on boot. This patch uses the kexec buffer passing mechanism to pass the serialized IMA binary_runtime_measurements to the next kernel. Link: http://lkml.kernel.org/r/1480554346-29071-7-git-send-email-zohar@linux.vnet.ibm.com Signed-off-by: Thiago Jung Bauermann Signed-off-by: Mimi Zohar Acked-by: "Eric W. Biederman" Acked-by: Dmitry Kasatkin Cc: Andreas Steffen Cc: Josh Sklar Cc: Dave Young Cc: Vivek Goyal Cc: Baoquan He Cc: Michael Ellerman Cc: Benjamin Herrenschmidt Cc: Paul Mackerras Cc: Stewart Smith Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/ima.h | 12 ++++ kernel/kexec_file.c | 4 ++ security/integrity/ima/ima.h | 1 + security/integrity/ima/ima_fs.c | 2 +- security/integrity/ima/ima_kexec.c | 117 +++++++++++++++++++++++++++++++++++++ 5 files changed, 135 insertions(+), 1 deletion(-) commit ab6b1d1fc4aae6b8bd6fb1422405568094c9b40f Author: Thiago Jung Bauermann Date: Mon Dec 19 16:22:45 2016 -0800 powerpc: ima: send the kexec buffer to the next kernel The IMA kexec buffer allows the currently running kernel to pass the measurement list via a kexec segment to the kernel that will be kexec'd. This is the architecture-specific part of setting up the IMA kexec buffer for the next kernel. It will be used in the next patch. Link: http://lkml.kernel.org/r/1480554346-29071-6-git-send-email-zohar@linux.vnet.ibm.com Signed-off-by: Thiago Jung Bauermann Signed-off-by: Mimi Zohar Acked-by: "Eric W. Biederman" Cc: Andreas Steffen Cc: Dmitry Kasatkin Cc: Josh Sklar Cc: Dave Young Cc: Vivek Goyal Cc: Baoquan He Cc: Michael Ellerman Cc: Benjamin Herrenschmidt Cc: Paul Mackerras Cc: Stewart Smith Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/powerpc/include/asm/ima.h | 16 +++++ arch/powerpc/include/asm/kexec.h | 14 ++++- arch/powerpc/kernel/ima_kexec.c | 91 +++++++++++++++++++++++++++++ arch/powerpc/kernel/kexec_elf_64.c | 2 +- arch/powerpc/kernel/machine_kexec_file_64.c | 12 +++- 5 files changed, 129 insertions(+), 6 deletions(-) commit d158847ae89a25615f3d8757ad8c6f50fc816db5 Author: Mimi Zohar Date: Mon Dec 19 16:22:42 2016 -0800 ima: maintain memory size needed for serializing the measurement list In preparation for serializing the binary_runtime_measurements, this patch maintains the amount of memory required. Link: http://lkml.kernel.org/r/1480554346-29071-5-git-send-email-zohar@linux.vnet.ibm.com Signed-off-by: Mimi Zohar Acked-by: Dmitry Kasatkin Cc: Thiago Jung Bauermann Cc: "Eric W. Biederman" Cc: Andreas Steffen Cc: Josh Sklar Cc: Dave Young Cc: Vivek Goyal Cc: Baoquan He Cc: Michael Ellerman Cc: Benjamin Herrenschmidt Cc: Paul Mackerras Cc: Stewart Smith Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds security/integrity/ima/Kconfig | 12 +++++++++ security/integrity/ima/ima.h | 1 + security/integrity/ima/ima_queue.c | 53 ++++++++++++++++++++++++++++++++++++-- 3 files changed, 64 insertions(+), 2 deletions(-) commit dcfc56937b62bf720f99a4d9aabfd243194322be Author: Mimi Zohar Date: Mon Dec 19 16:22:38 2016 -0800 ima: permit duplicate measurement list entries Measurements carried across kexec need to be added to the IMA measurement list, but should not prevent measurements of the newly booted kernel from being added to the measurement list. This patch adds support for allowing duplicate measurements. The "boot_aggregate" measurement entry is the delimiter between soft boots. Link: http://lkml.kernel.org/r/1480554346-29071-4-git-send-email-zohar@linux.vnet.ibm.com Signed-off-by: Mimi Zohar Acked-by: Dmitry Kasatkin Cc: Thiago Jung Bauermann Cc: "Eric W. Biederman" Cc: Andreas Steffen Cc: Josh Sklar Cc: Dave Young Cc: Vivek Goyal Cc: Baoquan He Cc: Michael Ellerman Cc: Benjamin Herrenschmidt Cc: Paul Mackerras Cc: Stewart Smith Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds security/integrity/ima/ima_queue.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) commit 94c3aac567a9ddb9e868a7fae3c927c08b51b7c6 Author: Mimi Zohar Date: Mon Dec 19 16:22:35 2016 -0800 ima: on soft reboot, restore the measurement list The TPM PCRs are only reset on a hard reboot. In order to validate a TPM's quote after a soft reboot (eg. kexec -e), the IMA measurement list of the running kernel must be saved and restored on boot. This patch restores the measurement list. Link: http://lkml.kernel.org/r/1480554346-29071-3-git-send-email-zohar@linux.vnet.ibm.com Signed-off-by: Mimi Zohar Acked-by: Dmitry Kasatkin Cc: Thiago Jung Bauermann Cc: "Eric W. Biederman" Cc: Andreas Steffen Cc: Josh Sklar Cc: Dave Young Cc: Vivek Goyal Cc: Baoquan He Cc: Michael Ellerman Cc: Benjamin Herrenschmidt Cc: Paul Mackerras Cc: Stewart Smith Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds security/integrity/ima/Makefile | 1 + security/integrity/ima/ima.h | 21 ++++ security/integrity/ima/ima_init.c | 2 + security/integrity/ima/ima_kexec.c | 44 +++++++++ security/integrity/ima/ima_queue.c | 10 ++ security/integrity/ima/ima_template.c | 177 ++++++++++++++++++++++++++++++++++ 6 files changed, 255 insertions(+) commit 467d27824920e866af148132f555d40ca1fb199e Author: Thiago Jung Bauermann Date: Mon Dec 19 16:22:32 2016 -0800 powerpc: ima: get the kexec buffer passed by the previous kernel Patch series "ima: carry the measurement list across kexec", v8. The TPM PCRs are only reset on a hard reboot. In order to validate a TPM's quote after a soft reboot (eg. kexec -e), the IMA measurement list of the running kernel must be saved and then restored on the subsequent boot, possibly of a different architecture. The existing securityfs binary_runtime_measurements file conveniently provides a serialized format of the IMA measurement list. This patch set serializes the measurement list in this format and restores it. Up to now, the binary_runtime_measurements was defined as architecture native format. The assumption being that userspace could and would handle any architecture conversions. With the ability of carrying the measurement list across kexec, possibly from one architecture to a different one, the per boot architecture information is lost and with it the ability of recalculating the template digest hash. To resolve this problem, without breaking the existing ABI, this patch set introduces the boot command line option "ima_canonical_fmt", which is arbitrarily defined as little endian. The need for this boot command line option will be limited to the existing version 1 format of the binary_runtime_measurements. Subsequent formats will be defined as canonical format (eg. TPM 2.0 support for larger digests). A simplified method of Thiago Bauermann's "kexec buffer handover" patch series for carrying the IMA measurement list across kexec is included in this patch set. The simplified method requires all file measurements be taken prior to executing the kexec load, as subsequent measurements will not be carried across the kexec and restored. This patch (of 10): The IMA kexec buffer allows the currently running kernel to pass the measurement list via a kexec segment to the kernel that will be kexec'd. The second kernel can check whether the previous kernel sent the buffer and retrieve it. This is the architecture-specific part which enables IMA to receive the measurement list passed by the previous kernel. It will be used in the next patch. The change in machine_kexec_64.c is to factor out the logic of removing an FDT memory reservation so that it can be used by remove_ima_buffer. Link: http://lkml.kernel.org/r/1480554346-29071-2-git-send-email-zohar@linux.vnet.ibm.com Signed-off-by: Thiago Jung Bauermann Signed-off-by: Mimi Zohar Acked-by: "Eric W. Biederman" Cc: Andreas Steffen Cc: Dmitry Kasatkin Cc: Josh Sklar Cc: Dave Young Cc: Vivek Goyal Cc: Baoquan He Cc: Michael Ellerman Cc: Benjamin Herrenschmidt Cc: Paul Mackerras Cc: Stewart Smith Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/Kconfig | 3 + arch/powerpc/Kconfig | 1 + arch/powerpc/include/asm/ima.h | 13 +++ arch/powerpc/include/asm/kexec.h | 1 + arch/powerpc/kernel/Makefile | 4 + arch/powerpc/kernel/ima_kexec.c | 132 ++++++++++++++++++++++++++++ arch/powerpc/kernel/machine_kexec_file_64.c | 5 +- 7 files changed, 158 insertions(+), 1 deletion(-) commit 0a28cfd51e17f4f0a056bcf66bfbe492c3b99f38 Author: zheng li Date: Mon Dec 12 09:56:05 2016 +0800 ipv4: Should use consistent conditional judgement for ip fragment in __ip_append_data and ip_finish_output There is an inconsistent conditional judgement in __ip_append_data and ip_finish_output functions, the variable length in __ip_append_data just include the length of application's payload and udp header, don't include the length of ip header, but in ip_finish_output use (skb->len > ip_skb_dst_mtu(skb)) as judgement, and skb->len include the length of ip header. That causes some particular application's udp payload whose length is between (MTU - IP Header) and MTU were fragmented by ip_fragment even though the rst->dev support UFO feature. Add the length of ip header to length in __ip_append_data to keep consistent conditional judgement as ip_finish_output for ip fragment. Signed-off-by: Zheng Li Signed-off-by: David S. Miller net/ipv4/ip_output.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d4166b8b33650d9dc89715c9540ba0f261490d4d Author: Ben Greear Date: Thu Dec 15 11:23:19 2016 +0200 ath10k: free host-mem with DMA_BIRECTIONAL flag Hopefully this fixes the problem reported by Kalle: Noticed this in my log, but I don't have time to investigate this in detail right now: [ 413.795346] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready [ 414.158755] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 477.439659] ath10k_pci 0000:02:00.0: could not get mac80211 beacon [ 481.666630] ------------[ cut here ]------------ [ 481.666669] WARNING: CPU: 0 PID: 1978 at lib/dma-debug.c:1155 check_unmap+0x320/0x8e0 [ 481.666688] ath10k_pci 0000:02:00.0: DMA-API: device driver frees DMA memory with different direction [device address=0x000000002d130000] [size=63800 bytes] [mapped with DMA_BIDIRECTIONAL] [unmapped with DMA_TO_DEVICE] [ 481.666703] Modules linked in: ctr ccm ath10k_pci(E-) ath10k_core(E) ath(E) mac80211(E) cfg80211(E) snd_hda_codec_hdmi snd_hda_codec_idt snd_hda_codec_generic snd_hda_intel snd_hda_codec snd_hda_core snd_hwdep snd_pcm snd_seq_midi arc4 snd_rawmidi snd_seq_midi_event snd_seq btusb btintel snd_seq_device joydev coret [ 481.671468] CPU: 0 PID: 1978 Comm: rmmod Tainted: G E 4.9.0-rc7-wt+ #54 [ 481.671478] Hardware name: Hewlett-Packard HP ProBook 6540b/1722, BIOS 68CDD Ver. F.04 01/27/2010 [ 481.671489] ef49dcec c842ee92 c8b5830e ef49dd34 ef49dd20 c80850f5 c8b5a13c ef49dd50 [ 481.671560] 000007ba c8b5830e 00000483 c8461830 c8461830 00000483 ef49ddcc f34e64b8 [ 481.671641] c8b58360 ef49dd3c c80851bb 00000009 00000000 ef49dd34 c8b5a13c ef49dd50 [ 481.671716] Call Trace: [ 481.671731] [] dump_stack+0x76/0xb4 [ 481.671745] [] __warn+0xe5/0x100 [ 481.671757] [] ? check_unmap+0x320/0x8e0 [ 481.671769] [] ? check_unmap+0x320/0x8e0 [ 481.671780] [] warn_slowpath_fmt+0x3b/0x40 [ 481.671791] [] check_unmap+0x320/0x8e0 [ 481.671804] [] debug_dma_unmap_page+0x84/0xa0 [ 481.671835] [] ath10k_wmi_free_host_mem+0x9a/0xe0 [ath10k_core] [ 481.671861] [] ath10k_core_destroy+0x50/0x60 [ath10k_core] [ 481.671875] [] ath10k_pci_remove+0x79/0xa0 [ath10k_pci] [ 481.671889] [] pci_device_remove+0x38/0xb0 [ 481.671901] [] __device_release_driver+0x7b/0x110 [ 481.671913] [] driver_detach+0x97/0xa0 [ 481.671923] [] bus_remove_driver+0x4b/0xb0 [ 481.671934] [] driver_unregister+0x2a/0x60 [ 481.671949] [] pci_unregister_driver+0x18/0x70 [ 481.671965] [] ath10k_pci_exit+0xd/0x25f [ath10k_pci] [ 481.671979] [] SyS_delete_module+0xf4/0x180 [ 481.671995] [] ? __might_fault+0x8b/0xa0 [ 481.672009] [] do_fast_syscall_32+0xa0/0x1e0 [ 481.672025] [] sysenter_past_esp+0x45/0x74 [ 481.672037] ---[ end trace 3fd23759e17e1622 ]--- [ 481.672049] Mapped at: [ 481.672060] [ 481.672072] [] debug_dma_map_page.part.25+0x1c/0xf0 [ 481.672083] [ 481.672095] [] debug_dma_map_page+0x99/0xc0 [ 481.672106] [ 481.672132] [] ath10k_wmi_alloc_chunk+0x12c/0x1f0 [ath10k_core] [ 481.672142] [ 481.672168] [] ath10k_wmi_event_service_ready_work+0x304/0x540 [ath10k_core] [ 481.672178] [ 481.672190] [] process_one_work+0x1c3/0x670 [ 482.137134] ath10k_pci 0000:02:00.0: pci irq msi oper_irq_mode 2 irq_mode 0 reset_mode 0 [ 482.313144] ath10k_pci 0000:02:00.0: Direct firmware load for ath10k/pre-cal-pci-0000:02:00.0.bin failed with error -2 [ 482.313274] ath10k_pci 0000:02:00.0: Direct firmware load for ath10k/cal-pci-0000:02:00.0.bin failed with error -2 [ 482.313768] ath10k_pci 0000:02:00.0: qca988x hw2.0 target 0x4100016c chip_id 0x043202ff sub 0000:0000 [ 482.313777] ath10k_pci 0000:02:00.0: kconfig debug 1 debugfs 1 tracing 1 dfs 0 testmode 1 [ 482.313974] ath10k_pci 0000:02:00.0: firmware ver 10.2.4.70.59-2 api 5 features no-p2p,raw-mode,mfp,allows-mesh-bcast crc32 4159f498 [ 482.369858] ath10k_pci 0000:02:00.0: Direct firmware load for ath10k/QCA988X/hw2.0/board-2.bin failed with error -2 [ 482.370011] ath10k_pci 0000:02:00.0: board_file api 1 bmi_id N/A crc32 bebc7c08 [ 483.596770] ath10k_pci 0000:02:00.0: htt-ver 2.1 wmi-op 5 htt-op 2 cal otp max-sta 128 raw 0 hwcrypto 1 [ 483.701686] ath: EEPROM regdomain: 0x0 [ 483.701706] ath: EEPROM indicates default country code should be used [ 483.701713] ath: doing EEPROM country->regdmn map search [ 483.701721] ath: country maps to regdmn code: 0x3a [ 483.701730] ath: Country alpha2 being used: US [ 483.701737] ath: Regpair used: 0x3a Reported-by: Kalle Valo Signed-off-by: Ben Greear Signed-off-by: Kalle Valo drivers/net/wireless/ath/ath10k/wmi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 9899694a7f67714216665b87318eb367e2c5c901 Author: Joe Stringer Date: Thu Dec 8 18:46:20 2016 -0800 samples/bpf: Move open_raw_sock to separate header This function was declared in libbpf.c and was the only remaining function in this library, but has nothing to do with BPF. Shift it out into a new header, sock_example.h, and include it from the relevant samples. Signed-off-by: Joe Stringer Cc: Alexei Starovoitov Cc: Daniel Borkmann Cc: Wang Nan Link: http://lkml.kernel.org/r/20161209024620.31660-8-joe@ovn.org Signed-off-by: Arnaldo Carvalho de Melo samples/bpf/Makefile | 2 +- samples/bpf/fds_example.c | 1 + samples/bpf/libbpf.c | 36 ------------------------------------ samples/bpf/libbpf.h | 3 --- samples/bpf/sock_example.c | 1 + samples/bpf/sock_example.h | 35 +++++++++++++++++++++++++++++++++++ samples/bpf/sockex1_user.c | 1 + samples/bpf/sockex2_user.c | 1 + samples/bpf/sockex3_user.c | 1 + 9 files changed, 41 insertions(+), 40 deletions(-) commit 205c8ada314f78e6637342089e5b585a051d6cf5 Author: Joe Stringer Date: Thu Dec 8 18:46:19 2016 -0800 samples/bpf: Remove perf_event_open() declaration This declaration was made in samples/bpf/libbpf.c for convenience, but there's already one in tools/perf/perf-sys.h. Reuse that one. Committer notes: Testing it: $ make -j4 O=../build/v4.9.0-rc8+ samples/bpf/ make[1]: Entering directory '/home/build/v4.9.0-rc8+' CHK include/config/kernel.release GEN ./Makefile CHK include/generated/uapi/linux/version.h Using /home/acme/git/linux as source for kernel CHK include/generated/utsrelease.h CHK include/generated/timeconst.h CHK include/generated/bounds.h CHK include/generated/asm-offsets.h CALL /home/acme/git/linux/scripts/checksyscalls.sh HOSTCC samples/bpf/test_verifier.o HOSTCC samples/bpf/libbpf.o HOSTCC samples/bpf/../../tools/lib/bpf/bpf.o HOSTCC samples/bpf/test_maps.o HOSTCC samples/bpf/sock_example.o HOSTCC samples/bpf/bpf_load.o HOSTLD samples/bpf/trace_event HOSTLD samples/bpf/sampleip HOSTLD samples/bpf/tc_l2_redirect make[1]: Leaving directory '/home/build/v4.9.0-rc8+' $ Also tested the offwaketime resulting from the rebuild, seems to work as before. Signed-off-by: Joe Stringer Tested-by: Arnaldo Carvalho de Melo Cc: Alexei Starovoitov Cc: Daniel Borkmann Cc: Wang Nan Link: http://lkml.kernel.org/r/20161209024620.31660-7-joe@ovn.org [ Use -I$(srctree)/tools/lib/ to support out of source code tree builds ] Signed-off-by: Arnaldo Carvalho de Melo samples/bpf/Makefile | 2 ++ samples/bpf/bpf_load.c | 3 ++- samples/bpf/libbpf.c | 7 ------- samples/bpf/libbpf.h | 3 --- samples/bpf/sampleip_user.c | 3 ++- samples/bpf/trace_event_user.c | 9 +++++---- samples/bpf/trace_output_user.c | 3 ++- samples/bpf/tracex6_user.c | 3 ++- 8 files changed, 15 insertions(+), 18 deletions(-) commit 811b4f0d785d33eabfff5d0ea60596b6b8bdc825 Author: Arnaldo Carvalho de Melo Date: Tue Dec 20 11:03:13 2016 -0300 samples/bpf: Be consistent with bpf_load_program bpf_insn parameter Only one of the examples declare the bpf_insn bpf proggie as a const: $ grep 'struct bpf_insn [a-z]' samples/bpf/*.c samples/bpf/fds_example.c: static const struct bpf_insn insns[] = { samples/bpf/sock_example.c: struct bpf_insn prog[] = { samples/bpf/test_cgrp2_attach2.c: struct bpf_insn prog[] = { samples/bpf/test_cgrp2_attach.c: struct bpf_insn prog[] = { samples/bpf/test_cgrp2_sock.c: struct bpf_insn prog[] = { $ Which causes this warning: [root@f5065a7d6272 linux]# make -j4 O=/tmp/build/linux samples/bpf/ HOSTCC samples/bpf/fds_example.o /git/linux/samples/bpf/fds_example.c: In function 'bpf_prog_create': /git/linux/samples/bpf/fds_example.c:63:6: warning: passing argument 2 of 'bpf_load_program' discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers] insns, insns_cnt, "GPL", 0, ^~~~~ In file included from /git/linux/samples/bpf/libbpf.h:5:0, from /git/linux/samples/bpf/bpf_load.h:4, from /git/linux/samples/bpf/fds_example.c:15: /git/linux/tools/lib/bpf/bpf.h:31:5: note: expected 'struct bpf_insn *' but argument is of type 'const struct bpf_insn *' int bpf_load_program(enum bpf_prog_type type, struct bpf_insn *insns, ^~~~~~~~~~~~~~~~ HOSTCC samples/bpf/sockex1_user.o So just ditch that 'const' to reduce build noise, leaving changing the bpf_load_program() bpf_insn parameter to const to a later patch, if deemed adequate. Cc: Joe Stringer Cc: Alexei Starovoitov Cc: Daniel Borkmann Cc: Wang Nan Link: http://lkml.kernel.org/n/tip-1z5xee8n3oa66jf62bpv16ed@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo samples/bpf/fds_example.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 5dc880de6e7c8566fbc8bc5dfc3a922d2d1c5ee3 Author: Joe Stringer Date: Wed Dec 14 14:05:26 2016 -0800 tools lib bpf: Add bpf_prog_{attach,detach} Commit d8c5b17f2bc0 ("samples: bpf: add userspace example for attaching eBPF programs to cgroups") added these functions to samples/libbpf, but during this merge all of the samples libbpf functionality is shifting to tools/lib/bpf. Shift these functions there. Committer notes: Use bzero + attr.FIELD = value instead of 'attr = { .FIELD = value, just like the other wrapper calls to sys_bpf with bpf_attr to make this build in older toolchais, such as the ones in CentOS 5 and 6. Signed-off-by: Joe Stringer Cc: Alexei Starovoitov Cc: Daniel Borkmann Cc: Wang Nan Link: http://lkml.kernel.org/n/tip-au2zvtsh55vqeo3v3uw7jr4c@git.kernel.org Link: https://github.com/joestringer/linux/commit/353e6f298c3d0a92fa8bfa61ff898c5050261a12.patch Signed-off-by: Arnaldo Carvalho de Melo samples/bpf/libbpf.c | 21 --------------------- samples/bpf/libbpf.h | 3 --- tools/lib/bpf/bpf.c | 23 +++++++++++++++++++++++ tools/lib/bpf/bpf.h | 3 +++ 4 files changed, 26 insertions(+), 24 deletions(-) commit 43371c83f382bd495a2294e91a32f30763cfdbef Author: Joe Stringer Date: Wed Dec 14 14:43:39 2016 -0800 samples/bpf: Switch over to libbpf Now that libbpf under tools/lib/bpf/* is synced with the version from samples/bpf, we can get rid most of the libbpf library here. Committer notes: Built it in a docker fedora rawhide container and ran it in the f25 host, seems to work just like it did before this patch, i.e. the switch to tools/lib/bpf/ doesn't seem to have introduced problems and Joe said he tested it with all the entries in samples/bpf/ and other code he found: [root@f5065a7d6272 linux]# make -j4 O=/tmp/build/linux headers_install [root@f5065a7d6272 linux]# rm -rf /tmp/build/linux/samples/bpf/ [root@f5065a7d6272 linux]# make -j4 O=/tmp/build/linux samples/bpf/ make[1]: Entering directory '/tmp/build/linux' CHK include/config/kernel.release HOSTCC scripts/basic/fixdep GEN ./Makefile CHK include/generated/uapi/linux/version.h Using /git/linux as source for kernel CHK include/generated/utsrelease.h HOSTCC scripts/basic/bin2c HOSTCC arch/x86/tools/relocs_32.o HOSTCC arch/x86/tools/relocs_64.o LD samples/bpf/built-in.o HOSTCC samples/bpf/fds_example.o HOSTCC samples/bpf/sockex1_user.o /git/linux/samples/bpf/fds_example.c: In function 'bpf_prog_create': /git/linux/samples/bpf/fds_example.c:63:6: warning: passing argument 2 of 'bpf_load_program' discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers] insns, insns_cnt, "GPL", 0, ^~~~~ In file included from /git/linux/samples/bpf/libbpf.h:5:0, from /git/linux/samples/bpf/bpf_load.h:4, from /git/linux/samples/bpf/fds_example.c:15: /git/linux/tools/lib/bpf/bpf.h:31:5: note: expected 'struct bpf_insn *' but argument is of type 'const struct bpf_insn *' int bpf_load_program(enum bpf_prog_type type, struct bpf_insn *insns, ^~~~~~~~~~~~~~~~ HOSTCC samples/bpf/sockex2_user.o HOSTCC samples/bpf/xdp_tx_iptunnel_user.o clang -nostdinc -isystem /usr/lib/gcc/x86_64-redhat-linux/6.2.1/include -I/git/linux/arch/x86/include -I./arch/x86/include/generated/uapi -I./arch/x86/include/generated -I/git/linux/include -I./include -I/git/linux/arch/x86/include/uapi -I/git/linux/include/uapi -I./include/generated/uapi -include /git/linux/include/linux/kconfig.h \ -D__KERNEL__ -D__ASM_SYSREG_H -Wno-unused-value -Wno-pointer-sign \ -Wno-compare-distinct-pointer-types \ -Wno-gnu-variable-sized-type-not-at-end \ -Wno-address-of-packed-member -Wno-tautological-compare \ -O2 -emit-llvm -c /git/linux/samples/bpf/sockex1_kern.c -o -| llc -march=bpf -filetype=obj -o samples/bpf/sockex1_kern.o HOSTLD samples/bpf/tc_l2_redirect HOSTLD samples/bpf/lwt_len_hist HOSTLD samples/bpf/xdp_tx_iptunnel make[1]: Leaving directory '/tmp/build/linux' [root@f5065a7d6272 linux]# And then, in the host: [root@jouet bpf]# mount | grep "docker.*devicemapper\/" /dev/mapper/docker-253:0-1705076-9bd8aa1e0af33adce89ff42090847868ca676932878942be53941a06ec5923f9 on /var/lib/docker/devicemapper/mnt/9bd8aa1e0af33adce89ff42090847868ca676932878942be53941a06ec5923f9 type xfs (rw,relatime,context="system_u:object_r:container_file_t:s0:c73,c276",nouuid,attr2,inode64,sunit=1024,swidth=1024,noquota) [root@jouet bpf]# cd /var/lib/docker/devicemapper/mnt/9bd8aa1e0af33adce89ff42090847868ca676932878942be53941a06ec5923f9/rootfs/tmp/build/linux/samples/bpf/ [root@jouet bpf]# file offwaketime offwaketime: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=f423d171e0487b2f802b6a792657f0f3c8f6d155, not stripped [root@jouet bpf]# readelf -SW offwaketime offwaketime offwaketime_kern.o offwaketime_user.o [root@jouet bpf]# readelf -SW offwaketime_kern.o There are 11 section headers, starting at offset 0x700: Section Headers: [Nr] Name Type Address Off Size ES Flg Lk Inf Al [ 0] NULL 0000000000000000 000000 000000 00 0 0 0 [ 1] .strtab STRTAB 0000000000000000 000658 0000a8 00 0 0 1 [ 2] .text PROGBITS 0000000000000000 000040 000000 00 AX 0 0 4 [ 3] kprobe/try_to_wake_up PROGBITS 0000000000000000 000040 0000d8 00 AX 0 0 8 [ 4] .relkprobe/try_to_wake_up REL 0000000000000000 0005a8 000020 10 10 3 8 [ 5] tracepoint/sched/sched_switch PROGBITS 0000000000000000 000118 000318 00 AX 0 0 8 [ 6] .reltracepoint/sched/sched_switch REL 0000000000000000 0005c8 000090 10 10 5 8 [ 7] maps PROGBITS 0000000000000000 000430 000050 00 WA 0 0 4 [ 8] license PROGBITS 0000000000000000 000480 000004 00 WA 0 0 1 [ 9] version PROGBITS 0000000000000000 000484 000004 00 WA 0 0 4 [10] .symtab SYMTAB 0000000000000000 000488 000120 18 1 4 8 Key to Flags: W (write), A (alloc), X (execute), M (merge), S (strings) I (info), L (link order), G (group), T (TLS), E (exclude), x (unknown) O (extra OS processing required) o (OS specific), p (processor specific) [root@jouet bpf]# ./offwaketime | head -3 qemu-system-x86;entry_SYSCALL_64_fastpath;sys_ppoll;do_sys_poll;poll_schedule_timeout;schedule_hrtimeout_range;schedule_hrtimeout_range_clock;schedule;__schedule;-;try_to_wake_up;hrtimer_wakeup;__hrtimer_run_queues;hrtimer_interrupt;local_apic_timer_interrupt;smp_apic_timer_interrupt;__irqentry_text_start;cpuidle_enter_state;cpuidle_enter;call_cpuidle;cpu_startup_entry;rest_init;start_kernel;x86_64_start_reservations;x86_64_start_kernel;start_cpu;;swapper/0 4 firefox;entry_SYSCALL_64_fastpath;sys_poll;do_sys_poll;poll_schedule_timeout;schedule_hrtimeout_range;schedule_hrtimeout_range_clock;schedule;__schedule;-;try_to_wake_up;pollwake;__wake_up_common;__wake_up_sync_key;pipe_write;__vfs_write;vfs_write;sys_write;entry_SYSCALL_64_fastpath;;Timer 1 swapper/2;start_cpu;start_secondary;cpu_startup_entry;schedule_preempt_disabled;schedule;__schedule;-;---;; 61 [root@jouet bpf]# Signed-off-by: Joe Stringer Tested-by: Arnaldo Carvalho de Melo Cc: Alexei Starovoitov Cc: Daniel Borkmann Cc: Wang Nan Cc: netdev@vger.kernel.org Link: https://github.com/joestringer/linux/commit/5c40f54a52b1f437123c81e21873f4b4b1f9bd55.patch Link: http://lkml.kernel.org/n/tip-xr8twtx7sjh5821g8qw47yxk@git.kernel.org [ Use -I$(srctree)/tools/lib/ to support out of source code tree builds, as noticed by Wang Nan ] Signed-off-by: Arnaldo Carvalho de Melo samples/bpf/Makefile | 68 +++++++++++++----------- samples/bpf/README.rst | 4 +- samples/bpf/bpf_load.c | 3 +- samples/bpf/fds_example.c | 3 +- samples/bpf/libbpf.c | 111 --------------------------------------- samples/bpf/libbpf.h | 19 +------ samples/bpf/sock_example.c | 3 +- samples/bpf/test_cgrp2_attach.c | 3 +- samples/bpf/test_cgrp2_attach2.c | 3 +- samples/bpf/test_cgrp2_sock.c | 3 +- 10 files changed, 52 insertions(+), 168 deletions(-) commit ed6c166cc7dc329736cace3affd2df984fb22ec8 Author: Kan Liang Date: Tue Dec 13 10:29:44 2016 -0500 perf diff: Do not overwrite valid build id Fixes a perf diff regression issue which was introduced by commit 5baecbcd9c9a ("perf symbols: we can now read separate debug-info files based on a build ID") The binary name could be same when perf diff different binaries. Build id is used to distinguish between them. However, the previous patch assumes the same binary name has same build id. So it overwrites the build id according to the binary name, regardless of whether the build id is set or not. Check the has_build_id in dso__load. If the build id is already set, use it. Before the fix: $ perf diff 1.perf.data 2.perf.data # Event 'cycles' # # Baseline Delta Shared Object Symbol # ........ ....... ................ ............................. # 99.83% -99.80% tchain_edit [.] f2 0.12% +99.81% tchain_edit [.] f3 0.02% -0.01% [ixgbe] [k] ixgbe_read_reg After the fix: $ perf diff 1.perf.data 2.perf.data # Event 'cycles' # # Baseline Delta Shared Object Symbol # ........ ....... ................ ............................. # 99.83% +0.10% tchain_edit [.] f3 0.12% -0.08% tchain_edit [.] f2 Signed-off-by: Kan Liang Cc: Andi Kleen CC: Dima Kogan Cc: Jiri Olsa Cc: Namhyung Kim Fixes: 5baecbcd9c9a ("perf symbols: we can now read separate debug-info files based on a build ID") Link: http://lkml.kernel.org/r/1481642984-13593-1-git-send-email-kan.liang@intel.com Signed-off-by: Arnaldo Carvalho de Melo tools/perf/util/symbol.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit edee44be59190bf22d5c6e521f3852b7ff16862f Author: Ravi Bangoria Date: Tue Nov 22 14:10:50 2016 +0530 perf annotate: Don't throw error for zero length symbols 'perf report --tui' exits with error when it finds a sample of zero length symbol (i.e. addr == sym->start == sym->end). Actually these are valid samples. Don't exit TUI and show report with such symbols. Reported-and-Tested-by: Anton Blanchard Link: https://lkml.org/lkml/2016/10/8/189 Signed-off-by: Ravi Bangoria Cc: Alexander Shishkin Cc: Benjamin Herrenschmidt Cc: Chris Riyder Cc: linuxppc-dev@lists.ozlabs.org Cc: Masami Hiramatsu Cc: Michael Ellerman Cc: Nicholas Piggin Cc: Paul Mackerras Cc: Peter Zijlstra Cc: stable@kernel.org # v4.9+ Link: http://lkml.kernel.org/r/1479804050-5028-1-git-send-email-ravi.bangoria@linux.vnet.ibm.com Signed-off-by: Arnaldo Carvalho de Melo tools/perf/util/annotate.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 6ba0566cf2afcdb17bff882e3a95cbbcb22c4a83 Author: Paulo Zanoni Date: Wed Dec 14 12:55:37 2016 -0200 drm/i915: skip the first 4k of stolen memory on everything >= gen8 BSpec got updated and this workaround is now listed as standard required programming for all subsequent projects. This is confirmed to fix Skylake screen flickering issues (probably caused by the fact that we initialized a ring in the first page of stolen, but I didn't 100% confirm this theory). v2: this is the patch that fixes the screen flickering, document it. Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=94605 Cc: stable@vger.kernel.org Tested-by: Dominik Klementowski Signed-off-by: Paulo Zanoni Acked-by: Chris Wilson Reviewed-by: Daniel Vetter Link: http://patchwork.freedesktop.org/patch/msgid/1481727338-9901-1-git-send-email-paulo.r.zanoni@intel.com (cherry picked from commit d43537610470d8829ebd17cd7842f47176e35ebd) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/i915_gem_stolen.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) commit abb0deacb5a6713b918ac6395182cb27bb88be69 Author: Chris Wilson Date: Mon Dec 19 12:43:45 2016 +0000 drm/i915: Fallback to single PAGE_SIZE segments for DMA remapping If we at first do not succeed with attempting to remap our physical pages using a coalesced scattergather list, try again with one scattergather entry per page. This should help with swiotlb as it uses a limited buffer size and only searches for contiguous chunks within its buffer aligned up to the next boundary - i.e. we may prematurely cause a failure as we are unable to utilize the unused space between large chunks and trigger an error such as: i915 0000:00:02.0: swiotlb buffer is full (sz: 1630208 bytes) Reported-by: Juergen Gross Tested-by: Juergen Gross Fixes: 871dfbd67d4e ("drm/i915: Allow compaction upto SWIOTLB max segment size") Signed-off-by: Chris Wilson Cc: Tvrtko Ursulin Cc: Imre Deak Cc: Link: http://patchwork.freedesktop.org/patch/msgid/20161219124346.550-1-chris@chris-wilson.co.uk Reviewed-by: Daniel Vetter (cherry picked from commit d766ef53006c2c38a7fe2bef0904105a793383f2) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/i915_gem.c | 26 ++++++++++++++++++++++---- 1 file changed, 22 insertions(+), 4 deletions(-) commit d8953c8326d87a337763ca547ad7db034a94ddb1 Author: Tvrtko Ursulin Date: Fri Dec 16 13:18:42 2016 +0000 drm/i915: Fix use after free in logical_render_ring_init Commit 3b3f1650b1ca ("drm/i915: Allocate intel_engine_cs structure only for the enabled engines") introduced the dynanically allocated engine instances and created an potential use after free scenario in logical_render_ring_init where lrc_destroy_wa_ctx_obj could be called after the engine instance has been freed. This can only happen during engine setup/init error handling which luckily does not happen ever in practice. Fix is to not call lrc_destroy_wa_ctx_obj since it would have already been executed from the preceding engine cleanup. Signed-off-by: Tvrtko Ursulin Reported-by: Dan Carpenter Fixes: 3b3f1650b1ca ("drm/i915: Allocate intel_engine_cs structure only for the enabled engines") Cc: Chris Wilson Cc: Joonas Lahtinen Cc: Tvrtko Ursulin Cc: Daniel Vetter Cc: Jani Nikula Reviewed-by: Chris Wilson Link: http://patchwork.freedesktop.org/patch/msgid/1481894322-2145-1-git-send-email-tvrtko.ursulin@linux.intel.com (cherry picked from commit d038fc7e4fff14d6b026130007faef35cbf5e956) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_lrc.c | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) commit 1c4672ce4eeaeaadeea8adabaad21262b7172607 Author: Paulo Zanoni Date: Tue Dec 13 18:57:44 2016 -0200 drm/i915: disable PSR by default on HSW/BDW We've been ignoring the poor bugzilla reporters that say PSR causes system lockups and all other sorts of problems. The earliest bug report is from April, so I think we can use the "revert the offending commit if no fixes are presented within 8 months" rule here. Fixes: 9b58e352b463 ("drm/i915: Enable PSR by default on Haswell and Broadwell.") Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=97602 Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=97515 Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=96736 Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=96704 Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=96569 Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=95176 Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=94985 Cc: # v4.6+ Cc: Rodrigo Vivi Cc: Jim Bride Signed-off-by: Paulo Zanoni Acked-by: Rodrigo Vivi Reviewed-by: Rodrigo Vivi Acked-by: Jani Nikula Link: http://patchwork.freedesktop.org/patch/msgid/1481662664-18986-1-git-send-email-paulo.r.zanoni@intel.com (cherry picked from commit 2ee7dc497e348eecbb82adbb1ea9e9a7e29fe921) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_psr.c | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) commit b1b7ec985805e005055d1d471ca586a715ffc10a Author: Mika Kuoppala Date: Wed Dec 14 14:26:20 2016 +0200 drm/i915: Fix setting of boost freq tunable For limiting the max frequency of gpu, the max freq tunable is not enough to hard limit the max gap. We now have also per client boost max freq. When this tunable was introduced, it was mistakenly made read only. Allow user to gain control by setting it writable. Fixes: 29ecd78d3b79 ("drm/i915: Define a separate variable and control for RPS waitboost frequency") Cc: # v4.9+ Cc: Chris Wilson Cc: Mika Kuoppala Cc: Daniel Vetter Cc: Jani Nikula Reviewed-by: Chris Wilson Signed-off-by: Mika Kuoppala Link: http://patchwork.freedesktop.org/patch/msgid/1481718380-9170-1-git-send-email-mika.kuoppala@intel.com (cherry picked from commit 73a798711314b54cbd4fe224e24db92c306a8d8c) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/i915_sysfs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 2c57b18adb93fc070039538f1ce375d3d3e99bbb Author: Daniel Vetter Date: Tue Dec 13 20:54:14 2016 +0100 drm/i915: tune down the fast link training vs boot fail It's been unfixed since a while and no one is immediately working on this. And we have the FIXME already. And now also a task in the DP team's backlog. Cc: Linus Torvalds Cc: stable@vger.kernel.org Cc: Ville Syrjälä References: https://lists.freedesktop.org/archives/intel-gfx/2016-July/101951.html Acked-by: Ville Syrjälä [danvet: Adjust comment per Ville's feedback.] Signed-off-by: Daniel Vetter Link: http://patchwork.freedesktop.org/patch/msgid/20161213195414.28923-1-daniel.vetter@ffwll.ch (cherry picked from commit 2dd85aeb5bc99e3763dd192cdb95ff405a102c8a) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_dp.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 057f803ff10742addd19a7c2fb6fb83940059a6c Author: Chris Wilson Date: Wed Dec 7 13:34:11 2016 +0000 drm/i915: Reorder phys backing storage release In commit a4f5ea64f0a8 ("drm/i915: Refactor object page API"), I reordered the object->pages teardown to be more friendly wrt to a separate obj->mm.lock. However, I overlooked the phys object and left it with a dangling use-after-free of its phys_handle. Move the allocation of the phys handle to get_pages and it release to put_pages to prevent the invalid access and to improve symmetry. v2: Add commentary about always aligning to page size. Testcase: igt/drv_selftest/objects Reported-by: Ville Syrjälä Fixes: a4f5ea64f0a8 ("drm/i915: Refactor object page API") Signed-off-by: Chris Wilson Cc: Ville Syrjälä Cc: Tvrtko Ursulin Cc: Joonas Lahtinen Reviewed-by: Joonas Lahtinen Link: http://patchwork.freedesktop.org/patch/msgid/20161207133411.8028-1-chris@chris-wilson.co.uk (cherry picked from commit dbb4351bab0a8440f6b02895c142bce6c30b7097) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/i915_gem.c | 53 ++++++++++++++++++++++++++--------------- 1 file changed, 34 insertions(+), 19 deletions(-) commit dccf82ad1775f2b9c36ec85e25e39d88c7e86818 Author: Imre Deak Date: Mon Dec 5 18:27:38 2016 +0200 drm/i915/gen9: Fix PCODE polling during SAGV disabling According to the previous patch, it's possible atm that we call intel_do_sagv_disable() only once during the 1ms period and time out if that call fails. As opposed to this the spec says that we need to keep retrying this request for a 1ms duration, so let's do this similarly to the CDCLK change notification request. v4-5: - Rebased on the reply_mask, reply change. v6: - Remove w/s change. (Lyude) - Rebased on the timeout_base argument change. Cc: Lyude Cc: Ville Syrjälä Cc: Chris Wilson Fixes: 656d1b89e5ff ("drm/i915/skl: Add support for the SAGV, fix underrun hangs") Signed-off-by: Imre Deak Reviewed-by: Lyude (v4) Link: http://patchwork.freedesktop.org/patch/msgid/1480955258-26311-2-git-send-email-imre.deak@intel.com (cherry picked from commit b3b8e99984a4eace91bc097e8f8cec71441cae16) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_pm.c | 34 +++++++++------------------------- 1 file changed, 9 insertions(+), 25 deletions(-) commit 2c7d0602c815277f7cb7c932b091288710d8aba7 Author: Imre Deak Date: Mon Dec 5 18:27:37 2016 +0200 drm/i915/gen9: Fix PCODE polling during CDCLK change notification commit 848496e5902833600f7992f4faa82dc1546051ba Author: Ville Syrjälä Date: Wed Jul 13 16:32:03 2016 +0300 drm/i915: Wait up to 3ms for the pcu to ack the cdclk change request on SKL increased the timeout to match the spec, but we still see a timeout on at least one SKL. A CDCLK change request following the failed one will succeed nevertheless. I could reproduce this problem easily by running kms_pipe_crc_basic in a loop. In all failure cases _wait_for() was pre-empted for >3ms and so in the worst case - when the pre-emption happened right after calculating timeout__ in _wait_for() - we called skl_cdclk_wait_for_pcu_ready() only once which failed and so _wait_for() timed out. As opposed to this the spec says to keep retrying the request for at most a 3ms period. To fix this send the first request explicitly to guarantee that there is 3ms between the first and last request. Though this matches the spec, I noticed that in rare cases this can still time out if we sent only a few requests (in the worst case 2) _and_ PCODE is busy for some reason even after a previous request and a 3ms delay. To work around this retry the polling with pre-emption disabled to maximize the number of requests. Also increase the timeout to 10ms to account for interrupts that could reduce the number of requests. With this change I couldn't trigger the problem. v2: - Use 1ms poll period instead of 10us. (Chris) v3: - Poll with pre-emption disabled to increase the number of request attempts. (Ville, Chris) - Factor out a helper to poll, it's also needed by the next patch. v4: - Pass reply_mask, reply to skl_pcode_request(), instead of assuming the reply is generic. (Ville) v5: - List the request specific timeout values as code comment. (Ville) v6: - Try the poll first with preemption enabled. - Add code comment about first request being queued by PCODE. (Art) - Add timeout_base_ms argument. (Ville) v7: - Clarify code comment about first queued request. (Chris) Cc: Ville Syrjälä Cc: Chris Wilson Cc: Art Runyan Cc: # v4.2- : 3b2c171 : drm/i915: Wait up to 3ms Cc: # v4.2- Fixes: 5d96d8afcfbb ("drm/i915/skl: Deinit/init the display at suspend/resume") Reference: https://bugs.freedesktop.org/show_bug.cgi?id=97929 Testcase: igt/kms_pipe_crc_basic/suspend-read-crc-pipe-B Signed-off-by: Imre Deak Reviewed-by: Chris Wilson Link: http://patchwork.freedesktop.org/patch/msgid/1480955258-26311-1-git-send-email-imre.deak@intel.com (cherry picked from commit a0b8a1fe34430c3a82258e8cb45f5968bdf31afd) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/i915_drv.h | 2 + drivers/gpu/drm/i915/intel_display.c | 31 +++++---------- drivers/gpu/drm/i915/intel_pm.c | 75 ++++++++++++++++++++++++++++++++++++ 3 files changed, 87 insertions(+), 21 deletions(-) commit 22ca0d4991169b76e753d767a45f1105c356bbb8 Author: Hans de Goede Date: Thu Dec 1 21:29:09 2016 +0100 drm/i915/dsi: Fix chv_exec_gpio disabling the GPIOs it is setting Set the CHV_GPIO_GPIOEN bit when updating GPIOs from chv_exec_gpio. Fixes: a0a6d4ffd2ad ("drm/i915/dsi: add support for gpio elements on CHV") Cc: stable@vger.kernel.org Cc: Jani Nikula Cc: Ville Syrjälä Signed-off-by: Hans de Goede Reviewed-by: Ville Syrjälä Link: http://patchwork.freedesktop.org/patch/msgid/20161201202925.12220-3-hdegoede@redhat.com Signed-off-by: Ville Syrjälä (cherry picked from commit b2b45fcd921e864a5e9bbc7aa55dee96d5e11c06) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_dsi_panel_vbt.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 25e23bc57e737a0d81dc6b03c610789866858b35 Author: Hans de Goede Date: Fri Dec 2 16:01:28 2016 +0100 drm/i915/dsi: Fix swapping of MIPI_SEQ_DEASSERT_RESET / MIPI_SEQ_ASSERT_RESET Looking at the ADF code from the Android kernel sources for a cherrytrail tablet I noticed that it is calling the MIPI_SEQ_ASSERT_RESET sequence from the panel prepare hook. Until commit b1cb1bd29189 ("drm/i915/dsi: update reset and power sequences in panel prepare/unprepare hooks") the mainline i915 code was doing the same. That commits effectively swaps the calling of MIPI_SEQ_ASSERT_RESET / MIPI_SEQ_DEASSERT_RESET. Looking at the naming of the sequences that is the right thing to do, but the problem is, that the old mainline code and the ADF code was actually calling the right sequence (tested on a cube iwork8 air tablet), and the swapping of the calling breaks things. This breakage was likely not noticed in testing because on cherrytrail, currently chv_exec_gpio ends up disabling the gpio pins rather then setting them (this is fixed in the next patch in this patch-set). This commit fixes the swapping by fixing MIPI_SEQ_ASSERT/DEASSERT_RESET's places in the enum defining them, so that their (new) names match their actual use. Changes in v2: -Add a comment to the enum explaining that the assert/reassert names are swapped in the spec Fixes: b1cb1bd29189 ("drm/i915/dsi: update reset and power sequences...") Cc: Jani Nikula Cc: Ville Syrjälä Signed-off-by: Hans de Goede Acked-by: Jani Nikula Link: http://patchwork.freedesktop.org/patch/msgid/20161202150128.29871-1-hdegoede@redhat.com Signed-off-by: Ville Syrjälä (cherry picked from commit 2b8208ac93be2783edc627fc02d9ca50cc479923) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_bios.h | 12 +++++++++--- drivers/gpu/drm/i915/intel_dsi_panel_vbt.c | 4 ++-- 2 files changed, 11 insertions(+), 5 deletions(-) commit bb98e72adaf9d19719aba35f802d4836f5d5176c Author: Hans de Goede Date: Fri Dec 2 15:29:04 2016 +0100 drm/i915/dsi: Do not clear DPOUNIT_CLOCK_GATE_DISABLE from vlv_init_display_clock_gating On my Cherrytrail CUBE iwork8 Air tablet PIPE-A would get stuck on loading i915 at boot 1 out of every 3 boots, resulting in a non functional LCD. Once the i915 driver has successfully loaded, the panel can be disabled / enabled without hitting this issue. The getting stuck is caused by vlv_init_display_clock_gating() clearing the DPOUNIT_CLOCK_GATE_DISABLE bit in DSPCLK_GATE_D when called from chv_pipe_power_well_ops.enable() on driver load, while a pipe is enabled driving the DSI LCD by the BIOS. Clearing this bit while DSI is in use is a known issue and intel_dsi_pre_enable() / intel_dsi_post_disable() already set / clear it as appropriate. This commit modifies vlv_init_display_clock_gating() to leave the DPOUNIT_CLOCK_GATE_DISABLE bit alone fixing the pipe getting stuck. Changes in v2: -Replace PIPE-A with "a pipe" or "the pipe" in the commit msg and comment Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=97330 Cc: stable@vger.kernel.org Signed-off-by: Hans de Goede Reviewed-by: Ville Syrjälä Link: http://patchwork.freedesktop.org/patch/msgid/20161202142904.25613-1-hdegoede@redhat.com Signed-off-by: Ville Syrjälä (cherry picked from commit 721d484563e1a51ada760089c490cbc47e909756) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_runtime_pm.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) commit 35f6c2336b1a5007ec837623f771d2d56dfba5c2 Author: Matthew Auld Date: Mon Nov 28 10:36:48 2016 +0000 drm/i915: drop the struct_mutex when wedged or trying to reset We grab the struct_mutex in intel_crtc_page_flip, but if we are wedged or a reset is in progress we bail early but never seem to actually release the lock. Fixes: 7f1847ebf48b ("drm/i915: Simplify checking of GPU reset_counter in display pageflips") Cc: Chris Wilson Signed-off-by: Matthew Auld Link: http://patchwork.freedesktop.org/patch/msgid/20161128103648.9235-1-matthew.auld@intel.com Reviewed-by: Joonas Lahtinen Reviewed-by: Chris Wilson Signed-off-by: Chris Wilson Cc: # v4.7+ (cherry picked from commit ddbb271aea87fc6004d3c8bcdb0710e980c7ec85) Signed-off-by: Jani Nikula (cherry picked from commit e411072d5740a49cdc9d0713798c30440757e451) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_display.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit cabab3f9f5ca077535080b3252e6168935b914af Author: Heiko Carstens Date: Tue Dec 20 12:58:10 2016 +0100 s390/kbuild: enable modversions for symbols exported from asm s390 version of commit 334bb7738764 ("x86/kbuild: enable modversions for symbols exported from asm") so we get also rid of all these warnings: WARNING: EXPORT symbol "_mcount" [vmlinux] version generation failed, symbol will not be versioned. WARNING: EXPORT symbol "memcpy" [vmlinux] version generation failed, symbol will not be versioned. WARNING: EXPORT symbol "memmove" [vmlinux] version generation failed, symbol will not be versioned. WARNING: EXPORT symbol "memset" [vmlinux] version generation failed, symbol will not be versioned. WARNING: EXPORT symbol "save_fpu_regs" [vmlinux] version generation failed, symbol will not be versioned. WARNING: EXPORT symbol "sie64a" [vmlinux] version generation failed, symbol will not be versioned. WARNING: EXPORT symbol "sie_exit" [vmlinux] version generation failed, symbol will not be versioned. Signed-off-by: Heiko Carstens Signed-off-by: Martin Schwidefsky arch/s390/include/asm/asm-prototypes.h | 8 ++++++++ 1 file changed, 8 insertions(+) commit 8f2b468aadc81ca0fc78e41696b648e30d91ba5c Author: Martin Schwidefsky Date: Tue Dec 20 07:27:59 2016 +0100 s390/vtime: correct system time accounting There is a slight misaccounting of system time in vtime_account_user. This function is called once per HZ tick in interrupt context. The irq_enter function already accounted the system time up to the point of the irq_enter call. The system time from irq_enter until vtime_account_user/do_account_vtime is reached is irq time but it is accounted to the previous context. Just drop the hardirq offset from arch/s390/kernel/vtime.c. Reported-by: Frederic Weisbecker Signed-off-by: Martin Schwidefsky arch/s390/kernel/vtime.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 2b66325d5ea7c2a39ac69ed83b6979afe480d81a Author: Arend Van Spriel Date: Fri Dec 9 11:34:14 2016 +0000 brcmfmac: fix uninitialized field in scheduled scan ssid configuration The scheduled scan ssid configuration in firmware has a flags field that was not initialized resulting in unexpected behaviour. Fixes: e3bdb7cc0300 ("brcmfmac: fix handling ssids in .sched_scan_start() callback") Reviewed-by: Hante Meuleman Reviewed-by: Pieter-Paul Giesberts Reviewed-by: Franky Lin Signed-off-by: Arend van Spriel Signed-off-by: Kalle Valo drivers/net/wireless/broadcom/brcm80211/brcmfmac/pno.c | 1 + 1 file changed, 1 insertion(+) commit cb853da3a368c40300a0e940f86be582037bb082 Author: Arend Van Spriel Date: Fri Dec 9 11:34:13 2016 +0000 brcmfmac: fix memory leak in brcmf_cfg80211_attach() In brcmf_cfg80211_attach() there was one error path not properly handled as it leaked memory allocated in brcmf_btcoex_attach(). Reviewed-by: Hante Meuleman Reviewed-by: Pieter-Paul Giesberts Reviewed-by: Franky Lin Signed-off-by: Arend van Spriel Signed-off-by: Kalle Valo drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) commit 9de3ffa1b714e6b8ebc1723f71bc9172a4470f7d Author: Davidlohr Bueso Date: Thu Dec 15 11:36:24 2016 -0800 perf bench futex: Fix lock-pi help string Obvious copy/paste typo from the requeue program. Signed-off-by: Davidlohr Bueso Cc: Davidlohr Bueso Link: http://lkml.kernel.org/r/1481830584-30909-1-git-send-email-dave@stgolabs.net Signed-off-by: Arnaldo Carvalho de Melo tools/perf/bench/futex-lock-pi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 2bd42f3aaa53ebe78b9be6f898b7945dd61f9773 Author: Jiri Olsa Date: Thu Dec 15 20:56:54 2016 +0100 perf trace: Check if MAP_32BIT is defined (again) There might be systems where MAP_32BIT is not defined, like some some RHEL7 powerpc versions. Signed-off-by: Jiri Olsa Cc: David Ahern Cc: Kyle McMartin Cc: Namhyung Kim Cc: Peter Zijlstra Fixes: 256763b01741 ("perf trace beauty mmap: Add more conditional defines") Link: http://lkml.kernel.org/r/1481831814-23683-1-git-send-email-jolsa@kernel.org [ Changed the Fixme cset to the one removing the conditional switch case for MAP_32BIT ] Signed-off-by: Arnaldo Carvalho de Melo tools/perf/trace/beauty/mmap.c | 2 ++ 1 file changed, 2 insertions(+) commit 96c2fb69b92fcf6006dfb3017d6d887f8321407b Author: Arnaldo Carvalho de Melo Date: Thu Dec 15 12:29:27 2016 -0300 samples/bpf: Make perf_event_read() static While testing Joe's conversion of samples/bpf/ to use tools/lib/bpf/ I noticed some warnings building samples/bpf/ on a Fedora Rawhide container, with clang/llvm 3.9 I noticed this: [root@1e797fdfbf4f linux]# make -j4 O=/tmp/build/linux/ samples/bpf/ make[1]: Entering directory '/tmp/build/linux' CHK include/config/kernel.release GEN ./Makefile CHK include/generated/uapi/linux/version.h Using /git/linux as source for kernel HOSTCC samples/bpf/trace_output_user.o /git/linux/samples/bpf/trace_output_user.c:64:6: warning: no previous prototype for 'perf_event_read' [-Wmissing-prototypes] void perf_event_read(print_fn fn) ^~~~~~~~~~~~~~~ HOSTLD samples/bpf/trace_output make[1]: Leaving directory '/tmp/build/linux' Shut up the compiler by making that function static. Acked-by: Daniel Borkmann Cc: Alexei Starovoitov Cc: Joe Stringer Cc: Wang Nan Link: http://lkml.kernel.org/r/20161215152927.GC6866@kernel.org Signed-off-by: Arnaldo Carvalho de Melo samples/bpf/trace_output_user.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 264c3e8de4fbda1d1342213c78fb3788a43cfd41 Author: Simon Horman Date: Tue Dec 20 11:21:16 2016 +0100 spi: sh-msiof: Do not use C++ style comment 4286db8456f4 ("spi: sh-msiof: Add R-Car Gen 2 and 3 fallback bindings") added a C++ style comment. This is not in keeping with the style used for comments elsewhere in this fine. Update it accordingly. Signed-off-by: Simon Horman Signed-off-by: Mark Brown drivers/spi/spi-sh-msiof.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 1cab2a84f470e15ecc8e5143bfe9398c6e888032 Author: Richard Fitzgerald Date: Tue Dec 20 10:29:12 2016 +0000 ASoC: wm_adsp: Don't overrun firmware file buffer when reading region data Protect against corrupt firmware files by ensuring that the length we get for the data in a region actually lies within the available firmware file data buffer. Signed-off-by: Richard Fitzgerald Signed-off-by: Mark Brown sound/soc/codecs/wm_adsp.c | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) commit 15520111500c33a012aeec28ece8c5f2dcbf6b5e Author: Adrian Hunter Date: Mon Dec 19 15:57:34 2016 +0200 mmc: core: Further fix thread wake-up Commit e0097cf5f2f1 ("mmc: queue: Fix queue thread wake-up") did not go far enough. mmc_wait_for_data_req_done() still contains some problems and can be further simplified. First it should not touch context_info->is_waiting_last_req because that is a wake-up control used by the owner of the context. Secondly, it should always return when one of its wake-up conditions is met because, again, that is contolled by the owner of the context. While the current block driver does not have an issue, these problems were exposed during testing of the Software Command Queue patches. Fixes: e0097cf5f2f1 ("mmc: queue: Fix queue thread wake-up") Signed-off-by: Adrian Hunter Tested-by: Harjani Ritesh Signed-off-by: Ulf Hansson drivers/mmc/core/core.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) commit 84ec048ba133c2a570273e90622d8fac4930553e Author: Adrian Hunter Date: Mon Dec 19 15:33:11 2016 +0200 mmc: sdhci: Fix to handle MMC_POWER_UNDEFINED Since commit c2c24819b280 ("mmc: core: Don't power off the card when starting the host"), the power state can still be MMC_POWER_UNDEFINED after mmc_start_host() is called. That can trigger a warning in SDHCI during runtime resume as it tries to restore the I/O state. Handle MMC_POWER_UNDEFINED simply by not updating the I/O state in that case. Fixes: c2c24819b280 ("mmc: core: Don't power off the card when starting the host") Signed-off-by: Adrian Hunter Signed-off-by: Ulf Hansson drivers/mmc/host/sdhci.c | 33 +++++++++++++++++++-------------- 1 file changed, 19 insertions(+), 14 deletions(-) commit 5b311c1519c658bf06f7a08a2ddc2648e4c9cd5c Author: Masahiro Yamada Date: Wed Dec 14 11:10:46 2016 +0900 mmc: sdhci-cadence: add Socionext UniPhier specific compatible string Add a Socionext SoC specific compatible (suggested by Rob Herring). No SoC specific data are associated with the compatible strings for now, but other SoC vendors may use this IP and want to differentiate IP variants in the future. Signed-off-by: Masahiro Yamada Acked-by: Rob Herring Signed-off-by: Ulf Hansson Documentation/devicetree/bindings/mmc/sdhci-cadence.txt | 6 ++++-- drivers/mmc/host/sdhci-cadence.c | 1 + 2 files changed, 5 insertions(+), 2 deletions(-) commit 9120cf4fd9ae77245ce9137869bcbd16575cc633 Author: Nicolas Iooss Date: Mon Dec 19 14:21:44 2016 +0100 x86/platform/intel/quark: Add printf attribute to imr_self_test_result() __printf() attributes help detecting issues in printf() format strings at compile time. Even though imr_selftest.c is only compiled with CONFIG_DEBUG_IMR_SELFTEST=y, GCC complains about a missing format attribute when compiling allmodconfig with -Wmissing-format-attribute. Silence this warning by adding the attribute. Signed-off-by: Nicolas Iooss Acked-by: Bryan O'Donoghue Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20161219132144.4108-1-nicolas.iooss_linux@m4x.org Signed-off-by: Ingo Molnar arch/x86/platform/intel-quark/imr_selftest.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 634b847b6d232f861abd5a03a1f75677f541b156 Author: Linus Walleij Date: Wed Dec 14 14:39:54 2016 +0100 x86/platform/intel-mid: Switch MPU3050 driver to IIO The Intel Mid goes in and creates a I2C device for the MPU3050 if the input driver for MPU-3050 is activated. As of commit: 3904b28efb2c ("iio: gyro: Add driver for the MPU-3050 gyroscope") .. there is a proper and fully featured IIO driver for this device, so deprecate the use of the incomplete input driver by augmenting the device population code to react to the presence of the IIO driver's Kconfig symbol instead. Signed-off-by: Linus Walleij Acked-by: Andy Shevchenko Cc: Dmitry Torokhov Cc: Jonathan Cameron Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/1481722794-4348-1-git-send-email-linus.walleij@linaro.org Signed-off-by: Ingo Molnar arch/x86/platform/intel-mid/device_libs/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 34bfab0eaf0fb5c6fb14c6b4013b06cdc7984466 Author: Borislav Petkov Date: Sat Dec 3 16:02:58 2016 +0100 x86/alternatives: Do not use sync_core() to serialize I$ We use sync_core() in the alternatives code to stop speculative execution of prefetched instructions because we are potentially changing them and don't want to execute stale bytes. What it does on most machines is call CPUID which is a serializing instruction. And that's expensive. However, the instruction cache is serialized when we're on the local CPU and are changing the data through the same virtual address. So then, we don't need the serializing CPUID but a simple control flow change. Last being accomplished with a CALL/RET which the noinline causes. Suggested-by: Linus Torvalds Signed-off-by: Borislav Petkov Reviewed-by: Andy Lutomirski Cc: Andrew Cooper Cc: Andy Lutomirski Cc: Brian Gerst Cc: Henrique de Moraes Holschuh Cc: Matthew Whitehead Cc: One Thousand Gnomes Cc: Peter Zijlstra Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20161203150258.vwr5zzco7ctgc4pe@pd.tnic Signed-off-by: Ingo Molnar arch/x86/kernel/alternative.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) commit a268b5f1d6e4639fa6d78fc8bdddaebaa032ab24 Author: Borislav Petkov Date: Thu Nov 17 10:45:57 2016 +0100 x86/topology: Document cpu_llc_id It means different things on Intel and AMD so write it down so that there's no confusion. Signed-off-by: Borislav Petkov Cc: Peter Zijlstra Cc: Yazen Ghannam Link: http://lkml.kernel.org/r/20161117094557.jm6hwzdd52h7iwnj@pd.tnic Signed-off-by: Thomas Gleixner Signed-off-by: Ingo Molnar Documentation/x86/topology.txt | 9 +++++++++ 1 file changed, 9 insertions(+) commit 59107e2f48831daedc46973ce4988605ab066de3 Author: Vitaly Kuznetsov Date: Fri Dec 2 11:07:20 2016 +0100 x86/hyperv: Handle unknown NMIs on one CPU when unknown_nmi_panic There is a feature in Hyper-V ('Debug-VM --InjectNonMaskableInterrupt') which injects NMI to the guest. We may want to crash the guest and do kdump on this NMI by enabling unknown_nmi_panic. To make kdump succeed we need to allow the kdump kernel to re-establish VMBus connection so it will see VMBus devices (storage, network,..). To properly unload VMBus making it possible to start over during kdump we need to do the following: - Send an 'unload' message to the hypervisor. This can be done on any CPU so we do this the crashing CPU. - Receive the 'unload finished' reply message. WS2012R2 delivers this message to the CPU which was used to establish VMBus connection during module load and this CPU may differ from the CPU sending 'unload'. Receiving a VMBus message means the following: - There is a per-CPU slot in memory for one message. This slot can in theory be accessed by any CPU. - We get an interrupt on the CPU when a message was placed into the slot. - When we read the message we need to clear the slot and signal the fact to the hypervisor. In case there are more messages to this CPU pending the hypervisor will deliver the next message. The signaling is done by writing to an MSR so this can only be done on the appropriate CPU. To avoid doing cross-CPU work on crash we have vmbus_wait_for_unload() function which checks message slots for all CPUs in a loop waiting for the 'unload finished' messages. However, there is an issue which arises when these conditions are met: - We're crashing on a CPU which is different from the one which was used to initially contact the hypervisor. - The CPU which was used for the initial contact is blocked with interrupts disabled and there is a message pending in the message slot. In this case we won't be able to read the 'unload finished' message on the crashing CPU. This is reproducible when we receive unknown NMIs on all CPUs simultaneously: the first CPU entering panic() will proceed to crash and all other CPUs will stop themselves with interrupts disabled. The suggested solution is to handle unknown NMIs for Hyper-V guests on the first CPU which gets them only. This will allow us to rely on VMBus interrupt handler being able to receive the 'unload finish' message in case it is delivered to a different CPU. The issue is not reproducible on WS2016 as Debug-VM delivers NMI to the boot CPU only, WS2012R2 and earlier Hyper-V versions are affected. Signed-off-by: Vitaly Kuznetsov Acked-by: K. Y. Srinivasan Cc: devel@linuxdriverproject.org Cc: Haiyang Zhang Link: http://lkml.kernel.org/r/20161202100720.28121-1-vkuznets@redhat.com Signed-off-by: Thomas Gleixner Signed-off-by: Ingo Molnar arch/x86/kernel/cpu/mshyperv.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) commit 8ac2b42238f549241a4755de40fd161fba3de438 Author: Trond Myklebust Date: Mon Dec 19 10:23:10 2016 -0500 NFSv4: Retry the DELEGRETURN if the embedded GETATTR is rejected with EACCES If our DELEGRETURN RPC call is rejected with an EACCES call, then we should remove the GETATTR call from the compound RPC and retry. This could potentially happen when there is a conflict between an ACL denying attribute reads and our use of SP4_MACH_CRED. Signed-off-by: Trond Myklebust fs/nfs/nfs4proc.c | 8 ++++++++ fs/nfs/nfs4xdr.c | 11 +++++++---- 2 files changed, 15 insertions(+), 4 deletions(-) commit f07d4a31ccd7dbe3ca49bedc8298245d6877a43e Author: Trond Myklebust Date: Mon Dec 19 10:34:14 2016 -0500 NFS: Retry the CLOSE if the embedded GETATTR is rejected with EACCES If our CLOSE RPC call is rejected with an EACCES call, then we should remove the GETATTR call from the compound RPC and retry. This could potentially happen when there is a conflict between an ACL denying attribute reads and our use of SP4_MACH_CRED. Signed-off-by: Trond Myklebust fs/nfs/nfs4proc.c | 10 ++++++++++ 1 file changed, 10 insertions(+) commit d8d849835eb2082ea17655538a83fa467633927f Author: Trond Myklebust Date: Mon Dec 19 12:14:44 2016 -0500 NFSv4: Place the GETATTR operation before the CLOSE In order to benefit from the DENY share lock protection, we should put the GETATTR operation before the CLOSE. Otherwise, we might race with a Windows machine that thinks it is now safe to modify the file. Signed-off-by: Trond Myklebust fs/nfs/nfs4proc.c | 8 ++++++-- fs/nfs/nfs4xdr.c | 16 ++++++---------- 2 files changed, 12 insertions(+), 12 deletions(-) commit 9413a1a1bf5d58db610e3d9ba500f4150afa55ad Author: Trond Myklebust Date: Mon Dec 19 11:36:41 2016 -0500 NFSv4: Also ask for attributes when downgrading to a READ-only state If we're downgrading from a READ+WRITE mode to a READ-only mode, then ask for cache consistency attributes so that we avoid the revalidation in nfs_close_context() Fixes: 3947b74d0f9d ("NFSv4: Don't request a GETATTR on open_downgrade.") Signed-off-by: Trond Myklebust fs/nfs/nfs4proc.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit a5f925bccce7b0dc083f0c5a8652600881cc38ab Author: Trond Myklebust Date: Mon Dec 19 09:47:32 2016 -0500 NFS: Don't abuse NFS_INO_REVAL_FORCED in nfs_post_op_update_inode_locked() The NFS_INO_REVAL_FORCED flag now really only has meaning for the case when we've just been handed a delegation for a file that was already cached, and we're unsure about that cache. Signed-off-by: Trond Myklebust fs/nfs/inode.c | 7 ------- 1 file changed, 7 deletions(-) commit e71708d4df1d4b81427badb9ac4bc4a813338b17 Author: Trond Myklebust Date: Mon Nov 21 10:56:38 2016 -0500 pNFS: Return RW layouts on OPEN_DOWNGRADE If the client holds no more writeable open state, and does not hold a write delegation, then send a layoutreturn as part of the OPEN_DOWNGRADE. We do this only for writes, since some layout drivers may require you to also hold a read layout if you are doing a R/W workload. Signed-off-by: Trond Myklebust fs/nfs/pnfs.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) commit b6808145ad2aa625b962fc55f30484091d5e8fe7 Author: Trond Myklebust Date: Sun Nov 20 13:34:16 2016 -0500 NFSv4: Add encode/decode of the layoutreturn op in OPEN_DOWNGRADE While we do not need to return the RW layout when downgrading from a read/write open state to read-only, we might want to do so in order to reduce the burden on the metadataserver so that it does not need to check for changed data when responding to GETATTR requests. Signed-off-by: Trond Myklebust fs/nfs/nfs4xdr.c | 10 ++++++++++ 1 file changed, 10 insertions(+) commit 86cfb0418537460baf0de0b5e9253784be27a6f9 Author: NeilBrown Date: Mon Dec 19 11:48:23 2016 +1100 NFS: Don't disconnect open-owner on NFS4ERR_BAD_SEQID When an NFS4ERR_BAD_SEQID is received the open-owner is removed from the ->state_owners rbtree so that it will no longer be used. If any stateids attached to this open-owner are still in use, and if a request using one gets an NFS4ERR_BAD_STATEID reply, this can for bad. The state is marked as needing recovery and the nfs4_state_manager() is scheduled to clean up. nfs4_state_manager() finds states to be recovered by walking the state_owners rbtree. As the open-owner is not in the rbtree, the bad state is not found so nfs4_state_manager() completes having done nothing. The request is then retried, with a predicatable result (indefinite retries). If the stateid is for a delegation, this open_owner will be used to open files when the delegation is returned. For that to work, a new open-owner needs to be presented to the server. This patch changes NFS4ERR_BAD_SEQID handling to leave the open-owner in the rbtree but updates the 'create_time' so it looks like a new open-owner. With this the indefinite retries no longer happen. Signed-off-by: NeilBrown Signed-off-by: Trond Myklebust fs/nfs/nfs4state.c | 29 +++++++++++++---------------- 1 file changed, 13 insertions(+), 16 deletions(-) commit 3f8f25489fa62437530f654041504936d377d204 Author: NeilBrown Date: Mon Dec 19 11:33:13 2016 +1100 NFSv4: ensure __nfs4_find_lock_state returns consistent result. If a file has both flock locks and OFD locks, then it is possible that two different nfs4 lock states could apply to file accesses from a single process. It is not possible to know, efficiently, which one is "correct". Presumably the state which represents a lock that covers the region undergoing IO would be the "correct" one to use, but finding that has a non-trivial cost and would provide miniscule value. Currently we just return whichever is first in the list, which could result in inconsistent behaviour if an application ever put it self in this position. As consistent behaviour is preferable (when perfectly correct behaviour is not available), change the search to return a consistent result in this circumstance. Specifically: if there is both a flock and OFD lock state, always return the flock one. Reviewed-by: Jeff Layton Signed-off-by: NeilBrown Signed-off-by: Trond Myklebust fs/nfs/nfs4state.c | 28 ++++++++++++++++++++-------- 1 file changed, 20 insertions(+), 8 deletions(-) commit cfd278c280f997cf2fe4662e0acab0fe465f637b Author: NeilBrown Date: Mon Dec 19 11:19:31 2016 +1100 NFSv4.1: nfs4_fl_prepare_ds must be careful about reporting success. Various places assume that if nfs4_fl_prepare_ds() turns a non-NULL 'ds', then ds->ds_clp will also be non-NULL. This is not necessasrily true in the case when the process received a fatal signal while nfs4_pnfs_ds_connect is waiting in nfs4_wait_ds_connect(). In that case ->ds_clp may not be set, and the devid may not recently have been marked unavailable. So add a test for ds_clp == NULL and return NULL in that case. Fixes: c23266d532b4 ("NFS4.1 Fix data server connection race") Signed-off-by: NeilBrown Acked-by: Olga Kornievskaia Acked-by: Adamson, Andy Signed-off-by: Trond Myklebust fs/nfs/filelayout/filelayoutdev.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 1c48cee83bc2631ab8533311d594aaafe81d8aa9 Author: Weston Andros Adamson Date: Wed Dec 14 16:31:55 2016 -0500 pNFS/flexfiles: delete deviceid, don't mark inactive Instead of marking a device inactive, remove it from the cache entirely. Flexfiles has a way to report errors back to the server, so we don't want to stop devices from being tried again for 120 seconds. Signed-off-by: Weston Andros Adamson Signed-off-by: Trond Myklebust fs/nfs/flexfilelayout/flexfilelayout.c | 6 ++++-- fs/nfs/flexfilelayout/flexfilelayoutdev.c | 2 +- 2 files changed, 5 insertions(+), 3 deletions(-) commit 187e593d2779fb92ae1de06f873d6e192ba35d88 Author: Trond Myklebust Date: Fri Dec 16 18:51:15 2016 -0500 NFS: Clean up nfs_attribute_timeout() It can be made static. Signed-off-by: Trond Myklebust fs/nfs/inode.c | 14 +++++++------- include/linux/nfs_fs.h | 1 - 2 files changed, 7 insertions(+), 8 deletions(-) commit 3f642a13359468181f29db3d8926ba36530be85e Author: Trond Myklebust Date: Fri Dec 16 18:49:38 2016 -0500 NFS: Remove unused function nfs_revalidate_inode_rcu() Signed-off-by: Trond Myklebust fs/nfs/inode.c | 9 --------- include/linux/nfs_fs.h | 1 - 2 files changed, 10 deletions(-) commit 21c3ba7e5dcdba23094fb50f6d1198faed94dac4 Author: Trond Myklebust Date: Fri Dec 16 18:40:03 2016 -0500 NFS: Fix and clean up the access cache validity checking The access cache needs to check whether or not the mode bits, ownership, or ACL has changed or the cache has timed out. Signed-off-by: Trond Myklebust fs/nfs/dir.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) commit 9cdd1d3f1a8cea9cfe7953f45fae9ff51c37afa3 Author: Trond Myklebust Date: Fri Dec 16 18:04:47 2016 -0500 NFS: Only look at the change attribute cache state in nfs_weak_revalidate() Just like in nfs_check_verifier(), we want to use nfs_mapping_need_revalidate_inode() to check our knowledge of the change attribute is up to date. Signed-off-by: Trond Myklebust fs/nfs/dir.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 61540bf6bb40ddfa3e766de91cedca2e1afd24eb Author: Trond Myklebust Date: Thu Dec 8 18:18:38 2016 -0500 NFS: Clean up cache validity checking Consolidate the open-coded checking of NFS_I(inode)->cache_validity into a couple of helper functions. Signed-off-by: Trond Myklebust fs/nfs/file.c | 12 +----------- fs/nfs/inode.c | 43 ++++++++++++++++++++++++++++++++----------- fs/nfs/internal.h | 1 + 3 files changed, 34 insertions(+), 22 deletions(-) commit 58ff41842c7b8b8a79752e3d040188ebddb95194 Author: Trond Myklebust Date: Fri Dec 16 17:39:58 2016 -0500 NFS: Don't revalidate the file on close if we hold a delegation If we're holding a delegation, we can skip sending the close-to-open GETATTR until we're returning that delegation. Signed-off-by: Trond Myklebust fs/nfs/inode.c | 2 ++ 1 file changed, 2 insertions(+) commit 0bc2c9b4dca9668a236fde48ebb15e5f0735cbff Author: Trond Myklebust Date: Fri Dec 16 19:48:09 2016 -0500 NFSv4: Don't discard the attributes returned by asynchronous DELEGRETURN DELEGRETURN will always carry a reference to the inode except when the latter is being freed, so let's ensure that we always use that inode information to ensure close-to-open cache consistency, even when the DELEGRETURN call is asynchronous. Signed-off-by: Trond Myklebust fs/nfs/nfs4proc.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) commit e603a4c1b5c2b9d24139eeb1769c5ac600318c07 Author: Trond Myklebust Date: Fri Dec 16 16:55:55 2016 -0500 NFSv4: Update the attribute cache info in update_changeattr If we successfully updated the change attribute, we should timestamp the cache. While we do know that the other attributes are not completely up to date, we have the NFS_INO_INVALID_ATTR flag that let us know that, so it is valid to say that the cache has not timed out. We can also clear NFS_INO_REVAL_PAGECACHE, since our change attribute is now known to be valid. Conversely, if the change attribute did not match, we should make sure to also revalidate the access and ACL caches. Signed-off-by: Trond Myklebust fs/nfs/nfs4proc.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) commit a1f49cc179ce6b7b7758ae3ff5cdb138d0ee0f56 Author: Flora Cui Date: Wed Dec 14 14:36:42 2016 +0800 drm/amdgpu: fix cursor setting of dce6/dce8 Fixes: 7c83d7abc999 ("drm/amdgpu: Only update the CUR_SIZE register when necessary") Signed-off-by: Flora Cui Reviewed-by: Michel Dänzer Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/dce_v6_0.c | 6 +----- drivers/gpu/drm/amd/amdgpu/dce_v8_0.c | 2 -- 2 files changed, 1 insertion(+), 7 deletions(-) commit 08fe007968b2b45e831daf74899f79a54d73f773 Author: Vineet Gupta Date: Mon Dec 19 11:38:38 2016 -0800 ARC: mm: arc700: Don't assume 2 colours for aliasing VIPT dcache An ARC700 customer reported linux boot crashes when upgrading to bigger L1 dcache (64K from 32K). Turns out they had an aliasing VIPT config and current code only assumed 2 colours, while theirs had 4. So default to 4 colours and complain if there are fewer. Ideally this needs to be a Kconfig option, but heck that's too much of hassle for a single user. Cc: stable@vger.kernel.org Signed-off-by: Vineet Gupta arch/arc/include/asm/cacheflush.h | 6 ++++-- arch/arc/mm/cache.c | 13 +++++++++---- 2 files changed, 13 insertions(+), 6 deletions(-) commit f64915be2d8c629e7b55ad37f90bd8db2713426e Author: Vineet Gupta Date: Mon Dec 19 11:24:08 2016 -0800 ARC: mm: No need to save cache version in @cpuinfo Historical MMU revisions have been paired with Cache revision updates which are captured in MMU and Cache Build Configuration Registers respectively. This was used in boot code to check for configurations mismatches, speically in simulations (such as running with non existent caches, non pairing MMU and Cache version etc). This can instead be inferred from other cache params such as line size. So remove @ver from post processed @cpuinfo which could be used later to save soem other interesting info. Signed-off-by: Vineet Gupta arch/arc/include/asm/arcregs.h | 2 +- arch/arc/mm/cache.c | 15 ++++----------- 2 files changed, 5 insertions(+), 12 deletions(-) commit 73ba39ab9307340dc98ec3622891314bbc09cc2e Author: Pan Bian Date: Sun Dec 4 12:51:53 2016 +0800 btrfs: return the actual error value from from btrfs_uuid_tree_iterate In function btrfs_uuid_tree_iterate(), errno is assigned to variable ret on errors. However, it directly returns 0. It may be better to return ret. This patch also removes the warning, because the caller already prints a warning. Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=188731 Signed-off-by: Pan Bian Reviewed-by: Omar Sandoval [ edited subject ] Signed-off-by: David Sterba fs/btrfs/uuid-tree.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) commit e93b1cc8a8965da137ffea0b88e5f62fa1d2a9e6 Merge: 45d3690 2700e60 Author: Linus Torvalds Date: Mon Dec 19 08:23:53 2016 -0800 Merge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs Pull quota, fsnotify and ext2 updates from Jan Kara: "Changes to locking of some quota operations from dedicated quota mutex to s_umount semaphore, a fsnotify fix and a simple ext2 fix" * 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs: quota: Fix bogus warning in dquot_disable() fsnotify: Fix possible use-after-free in inode iteration on umount ext2: reject inodes with negative size quota: Remove dqonoff_mutex ocfs2: Use s_umount for quota recovery protection quota: Remove dqonoff_mutex from dquot_scan_active() ocfs2: Protect periodic quota syncing with s_umount semaphore quota: Use s_umount protection for quota operations quota: Hold s_umount in exclusive mode when enabling / disabling quotas fs: Provide function to get superblock with exclusive s_umount commit 45d36906e256fe9f8e976461b4c559722c3cbe2a Merge: f1e9132 ef85b67 Author: Linus Torvalds Date: Mon Dec 19 08:21:29 2016 -0800 Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm Pull KVM fixes from Paolo Bonzini: "Early fixes for x86. Instead of the (botched) revert, the lockdep/might_sleep splat has a real fix provided by Andrea" * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: kvm: nVMX: Allow L1 to intercept software exceptions (#BP and #OF) kvm: take srcu lock around kvm_steal_time_set_preempted() kvm: fix schedule in atomic in kvm_steal_time_set_preempted() KVM: hyperv: fix locking of struct kvm_hv fields KVM: x86: Expose Intel AVX512IFMA/AVX512VBMI/SHA features to guest. kvm: nVMX: Correct a VMX instruction error code for VMPTRLD commit 633395b67bb222f85bb8f825c7751a54b9ec84ee Author: Stefan Haberland Date: Mon Dec 19 17:15:50 2016 +0100 block: check partition alignment Partitions that are not aligned to the blocksize of a device may cause invalid I/O requests because the blocklayer cares only about alignment within the partition when building requests on partitions. device |--------4096--------|--------4096--------|--------4096--------| partition offset 512byte |-512-|--------4096--------|--------4096--------|--------4096--------| When reading/writing one 4k block of the partition this maps to reading/writing with an offset of 512 byte of the device leading to unaligned requests for the device which in turn may cause unexpected behavior of the device driver. For DASD devices we have to translate the block number into a cylinder, head, record format. The unaligned requests lead to wrong calculation and therefore to misdirected I/O. In a "good" case this leads to I/O errors because the underlying hardware detects the wrong addressing. In a worst case scenario this might destroy data on the device. To prevent partitions that are not aligned to the physical blocksize of a device check for the alignment in the blkpg_ioctl. Signed-off-by: Stefan Haberland Reviewed-by: Christoph Hellwig Signed-off-by: Jens Axboe block/ioctl.c | 3 +++ 1 file changed, 3 insertions(+) commit f1e9132444a97b52b20d07f352323926b2df7c32 Merge: ac5a28b d4af49f Author: Linus Torvalds Date: Mon Dec 19 08:18:58 2016 -0800 Merge branch 'dmi-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging Pull dmi fix from Jean Delvare. * 'dmi-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging: firmware: dmi_scan: Always show system identification string commit ac5a28b0d3d173ba0a581342416ed339f2c3be3d Merge: b0b3a37 9355919 Author: Linus Torvalds Date: Mon Dec 19 08:16:26 2016 -0800 Merge tag 'mfd-for-linus-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/mfd Pull MFD updates from Lee Jones: "New Device Support - Add support for Ricoh RC5T619 PMIC to rn5t618 - Add support for PM8821 PMIC to qcom-pm8xxx New Functionality: - Add support for GPIO to lpc_ich - Add support for GPADC to sun4i - Add ability for rk808 to shutdown Fix-ups: - Simplify/strip unnecessary code; tps65218, palmas, tps65217 - Device Tree binding updates; tps65218, altera-a10sr - Provide/export device ID info; tps65218, axp20x-i2c, hi655x-pmic, fsl-imx25-tsadc, intel_soc_pmic_bxtwc - Use MFD API instead of of_platform_populate(); tps65218 - Generalise name-space; pm8xxx - Supply/edit regmap configuration; axp20x, cs47l24-tables, axp20x - Enable compile testing; max77620, max77686, exynos-lpass, abx500-core - Coding style issues; wm8994-core, wm5102-tables - Supply endian support; syscon - Remove module support; ab3100-core, ab8500-debugfs, ab8500-gpadc, abx500-core Bug Fixes: - Fix ordering issues; wm8994 - Fix dependencies (build-time/run-time); exynos_lpass, sun4i-gpadc - Fix compiler warnings; sun4i-gpadc - Fix leaks; mfd-core - Fix page fault during module unload; tps65217" * tag 'mfd-for-linus-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/lee/mfd: (49 commits) mfd: tps65217: Support an interrupt pin as the system wakeup mfd: tps65217: Make an interrupt handler simpler mfd: tps65217: Update register interrupt mask bits instead of writing operation mfd: tps65217: Specify the IRQ name mfd: tps65217: Fix page fault on unloading modules mfd: palmas: Remove redundant check in palmas_power_off mfd: arizona: Disable IRQs during driver remove mfd: pm8xxx: add support to pm8821 mfd: intel-lpss: Try to enable Memory-Write-Invalidate mfd: rn5t618: Add Ricoh RC5T619 PMIC support mfd: axp20x: Add address extension registers for AXP806 regmap mfd: intel_soc_pmic_bxtwc: Fix a typo in MODULE_DEVICE_TABLE() mfd: core: Fix device reference leak in mfd_clone_cell mfd: bcm590xx: Simplify a test mfd: sun4i-gpadc: Select regmap-irq mfd: abx500-core: drop unused MODULE_ tags from non-modular code mfd: ab8500: make sysctrl explicitly non-modular mfd: ab8500-gpadc: Make it explicitly non-modular mfd: ab8500-debugfs: Make it explicitly non-modular mfd: ab8500-core: Make it explicitly non-modular ... commit ad688cdbb076833ba17fc65591cd0fe01900a5cf Author: Pavel Machek Date: Sun Dec 18 21:38:12 2016 +0100 stmmac: fix memory barriers Fix up memory barriers in stmmac driver. They are meant to protect against DMA engine, so smp_ variants are certainly wrong, and dma_ variants are preferable. Signed-off-by: Pavel Machek Tested-by: Niklas Cassel Acked-by: Giuseppe Cavallaro Signed-off-by: David S. Miller drivers/net/ethernet/stmicro/stmmac/dwmac4_descs.c | 4 ++-- drivers/net/ethernet/stmicro/stmmac/enh_desc.c | 2 +- drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 8 ++++---- 3 files changed, 7 insertions(+), 7 deletions(-) commit 162809dfc2bfb31eb54dc67733bcdab0f2d1534d Author: Arvind Yadav Date: Thu Dec 15 00:33:30 2016 +0530 net: ethernet: cavium: octeon: octeon_mgmt: Handle return NULL error from devm_ioremap Here, If devm_ioremap will fail. It will return NULL. Kernel can run into a NULL-pointer dereference. This error check will avoid NULL pointer dereference. Signed-off-by: Arvind Yadav Signed-off-by: David S. Miller drivers/net/ethernet/cavium/octeon/octeon_mgmt.c | 6 ++++++ 1 file changed, 6 insertions(+) commit c965809c669da004b660e5923b8add8fac5a7dc8 Author: Stephen Bates Date: Fri Dec 16 11:54:50 2016 -0700 nvme : Use correct scnprintf in cmb show Make sure we are using the correct scnprintf in the sysfs show function for the CMB. Signed-off-by: Stephen Bates Reviewed-by Jon Derrick: Signed-off-by: Jens Axboe drivers/nvme/host/pci.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 25cdb64510644f3e854d502d69c73f21c6df88a9 Author: Mauricio Faria de Oliveira Date: Thu Dec 15 11:48:18 2016 -0600 block: allow WRITE_SAME commands with the SG_IO ioctl The WRITE_SAME commands are not present in the blk_default_cmd_filter write_ok list, and thus are failed with -EPERM when the SG_IO ioctl() is executed without CAP_SYS_RAWIO capability (e.g., unprivileged users). [ sg_io() -> blk_fill_sghdr_rq() > blk_verify_command() -> -EPERM ] The problem can be reproduced with the sg_write_same command # sg_write_same --num 1 --xferlen 512 /dev/sda # # capsh --drop=cap_sys_rawio -- -c \ 'sg_write_same --num 1 --xferlen 512 /dev/sda' Write same: pass through os error: Operation not permitted # For comparison, the WRITE_VERIFY command does not observe this problem, since it is in that list: # capsh --drop=cap_sys_rawio -- -c \ 'sg_write_verify --num 1 --ilen 512 --lba 0 /dev/sda' # So, this patch adds the WRITE_SAME commands to the list, in order for the SG_IO ioctl to finish successfully: # capsh --drop=cap_sys_rawio -- -c \ 'sg_write_same --num 1 --xferlen 512 /dev/sda' # That case happens to be exercised by QEMU KVM guests with 'scsi-block' devices (qemu "-device scsi-block" [1], libvirt "" [2]), which employs the SG_IO ioctl() and runs as an unprivileged user (libvirt-qemu). In that scenario, when a filesystem (e.g., ext4) performs its zero-out calls, which are translated to write-same calls in the guest kernel, and then into SG_IO ioctls to the host kernel, SCSI I/O errors may be observed in the guest: [...] sd 0:0:0:0: [sda] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE [...] sd 0:0:0:0: [sda] tag#0 Sense Key : Aborted Command [current] [...] sd 0:0:0:0: [sda] tag#0 Add. Sense: I/O process terminated [...] sd 0:0:0:0: [sda] tag#0 CDB: Write Same(10) 41 00 01 04 e0 78 00 00 08 00 [...] blk_update_request: I/O error, dev sda, sector 17096824 Links: [1] http://git.qemu.org/?p=qemu.git;a=commit;h=336a6915bc7089fb20fea4ba99972ad9a97c5f52 [2] https://libvirt.org/formatdomain.html#elementsDisks (see 'disk' -> 'device') Signed-off-by: Mauricio Faria de Oliveira Signed-off-by: Brahadambal Srinivasan Reported-by: Manjunatha H R Reviewed-by: Christoph Hellwig Signed-off-by: Jens Axboe block/scsi_ioctl.c | 3 +++ 1 file changed, 3 insertions(+) commit ef85b67385436ddc1998f45f1d6a210f935b3388 Author: Jim Mattson Date: Mon Dec 12 11:01:37 2016 -0800 kvm: nVMX: Allow L1 to intercept software exceptions (#BP and #OF) When L2 exits to L0 due to "exception or NMI", software exceptions (#BP and #OF) for which L1 has requested an intercept should be handled by L1 rather than L0. Previously, only hardware exceptions were forwarded to L1. Signed-off-by: Jim Mattson Cc: stable@vger.kernel.org Signed-off-by: Paolo Bonzini arch/x86/kvm/vmx.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) commit cc0d907c0907561f108b2f4d4da24e85f18d0ca5 Author: Andrea Arcangeli Date: Sat Dec 17 19:13:32 2016 +0100 kvm: take srcu lock around kvm_steal_time_set_preempted() kvm_memslots() will be called by kvm_write_guest_offset_cached() so take the srcu lock. Signed-off-by: Andrea Arcangeli Signed-off-by: Paolo Bonzini arch/x86/kvm/x86.c | 7 +++++++ 1 file changed, 7 insertions(+) commit 931f261b42f10c8c8c9ab53f5ceb47ce51af7cf5 Author: Andrea Arcangeli Date: Sat Dec 17 18:43:52 2016 +0100 kvm: fix schedule in atomic in kvm_steal_time_set_preempted() kvm_steal_time_set_preempted() isn't disabling the pagefaults before calling __copy_to_user and the kernel debug notices. Signed-off-by: Andrea Arcangeli Signed-off-by: Paolo Bonzini arch/x86/kvm/x86.c | 10 ++++++++++ 1 file changed, 10 insertions(+) commit db4d22c07e3e652eeec82abcc1399e6305edd838 Author: Sudeep Holla Date: Tue Nov 29 14:37:05 2016 +0000 mailbox: mailbox-test: allow reserved areas in SRAM When CONFIG_SRAM is enable and the SRAM region is found, the entire SRAM region resource is requested and marked as occupied by SRAM driver even if certain parts of regions is marked reserved. It's quite possible that a small region of the SRAM is reserved for all the mailbox communication and hence it may fail to request the region as it's already marked busy region. This patch tries to just do a ioremap of this mailbox memory region if it finds it busy. Cc: Lee Jones Signed-off-by: Sudeep Holla Signed-off-by: Jassi Brar drivers/mailbox/mailbox-test.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) commit baef9a35d24626ebdc5a9074455e63eea6c7f6af Author: Sudeep Holla Date: Tue Nov 29 14:37:04 2016 +0000 mailbox: mailbox-test: add support for fasync/poll Currently the read operation on the message debug file returns error if there's no data ready to be read. It expects the userspace to retry if it fails. Since the mailbox response could be asynchronous, it would be good to add support to block the read until the data is available. We can also implement poll file operations so that the userspace can wait to become ready to perform any I/O. This patch implements the poll and fasync file operation callback for the test mailbox device. Cc: Lee Jones Signed-off-by: Sudeep Holla Signed-off-by: Jassi Brar drivers/mailbox/mailbox-test.c | 79 +++++++++++++++++++++++++++++++++++++----- 1 file changed, 71 insertions(+), 8 deletions(-) commit cf17581340d730175f1f3f4ce6e90ae434154e37 Author: Rob Rice Date: Mon Nov 14 13:26:05 2016 -0500 mailbox: bcm-pdc: Remove unnecessary void* casts Remove unnecessary void* casts in register writes. Fix two other minor formatting issues. Signed-off-by: Rob Rice Reviewed-by: Andy Gospodarek Reviewed-by: Jon Mason Signed-off-by: Jassi Brar drivers/mailbox/bcm-pdc-mailbox.c | 41 +++++++++++++++++++-------------------- 1 file changed, 20 insertions(+), 21 deletions(-) commit 30d1ef623fd1e99bc1bab5211ba1da0d97d40e64 Author: Rob Rice Date: Mon Nov 14 13:26:04 2016 -0500 mailbox: bcm-pdc: Simplify interrupt handler logic Earlier versions of the PDC driver registered for both transmit and receive interrupts. The hard IRQ handler had to communicate to the soft handler which interrupt(s) had occurred. The PDC driver no longer registers for tx interrupts. So there is no reason to save the intstatus. So remove the intstatus member of the PDC state. Signed-off-by: Rob Rice Reviewed-by: Andy Gospodarek Signed-off-by: Jassi Brar drivers/mailbox/bcm-pdc-mailbox.c | 38 +++++++++++++------------------------- 1 file changed, 13 insertions(+), 25 deletions(-) commit 63bb50bdb997f4bede1b5f2d56645f393f7f39fb Author: Rob Rice Date: Mon Nov 14 13:26:03 2016 -0500 mailbox: bcm-pdc: Performance improvements Three changes to improve performance in the PDC driver: - disable and reenable interrupts while the interrupt handler is running - update rxin and txin descriptor indexes more efficiently - group receive descriptor context into a structure and keep context in a single array rather than five to improve locality of reference Signed-off-by: Rob Rice Reviewed-by: Andy Gospodarek Signed-off-by: Jassi Brar drivers/mailbox/bcm-pdc-mailbox.c | 85 ++++++++++++++++++++++----------------- 1 file changed, 49 insertions(+), 36 deletions(-) commit 38ed49ed4a99942f1a340f4a82a5a8b492e3463b Author: Rob Rice Date: Mon Nov 14 13:26:02 2016 -0500 mailbox: bcm-pdc: Don't use iowrite32 to write DMA descriptors In PDC driver, it is not necessary to use iowrite32() when writing DMA descriptors to the transmit and receive rings. The ring memory is in host memory. So convert to normal assignment statements. Signed-off-by: Rob Rice Reviewed-by: Andy Gospodarek Signed-off-by: Jassi Brar drivers/mailbox/bcm-pdc-mailbox.c | 23 +++++++++++------------ 1 file changed, 11 insertions(+), 12 deletions(-) commit 8aef00f090bcbe5237c5a6628e7c000890267efe Author: Rob Rice Date: Mon Nov 14 13:26:01 2016 -0500 mailbox: bcm-pdc: Convert from threaded IRQ to tasklet Previously used threaded IRQs in the PDC driver to defer processing the rx DMA ring after getting an rx done interrupt. Instead, use a tasklet at normal priority for deferred processing. Signed-off-by: Rob Rice Reviewed-by: Andy Gospodarek Signed-off-by: Jassi Brar drivers/mailbox/bcm-pdc-mailbox.c | 57 +++++++++++++++++---------------------- 1 file changed, 25 insertions(+), 32 deletions(-) commit 7493cde34efc28641c295ee0d52ab9d790853c62 Author: Rob Rice Date: Mon Nov 14 13:26:00 2016 -0500 mailbox: bcm-pdc: Try to improve branch prediction Use likely/unlikely directives to improve branch prediction. Signed-off-by: Rob Rice Reviewed-by: Andy Gospodarek Signed-off-by: Jassi Brar drivers/mailbox/bcm-pdc-mailbox.c | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) commit e004c7e7d3b873a671fecf04f197982806e380eb Author: Rob Rice Date: Mon Nov 14 13:25:59 2016 -0500 mailbox: bcm-pdc: streamline rx code Remove the unnecessary rmb() from the receive path. If the rx ring has multiple messages ready, avoid reading last_rx_curr multiple times from the register. Signed-off-by: Rob Rice Reviewed-by: Andy Gospodarek Signed-off-by: Jassi Brar drivers/mailbox/bcm-pdc-mailbox.c | 108 +++++++++++++++++--------------------- 1 file changed, 48 insertions(+), 60 deletions(-) commit ab8d1b2d564f6649547b97e65806556c42f93a26 Author: Rob Rice Date: Mon Nov 14 13:25:58 2016 -0500 mailbox: bcm-pdc: Convert from interrupts to poll for tx done The PDC driver is a mailbox controller. A mailbox controller can report that a mailbox message has been "transmitted" either when a tx interrupt fires or by having the mailbox framework poll. This commit converts the PDC driver to the poll method. We found that the tx interrupt happens when the descriptors are read by the SPU hw. Thus, the interrupt method does not allow more than one tx message in the PDC tx DMA ring at a time. To keep the SPU hw busy, we would like to keep the tx ring full under heavy load. With the poll method, the PDC driver responds that the previous message has been transmitted if the tx ring has space for another message. SPU request messages take a variable number of descriptors. If 15 descriptors are available, there is a good chance another message will fit. Also increased the ring size from 128 to 512 descriptors. With this change, I found the PDC driver hangs on its spinlock under heavy load. The PDC spinlock is not required; so I removed it. Calls to pdc_send_data() are already synchronized because of the channel spinlock in the mailbox framework. Other references to ring indexes should not require locking because they only written on either the tx or rx side. Signed-off-by: Rob Rice Reviewed-by: Andy Gospodarek Signed-off-by: Jassi Brar drivers/mailbox/bcm-pdc-mailbox.c | 207 ++++++++++++++++++++++++++------------ 1 file changed, 145 insertions(+), 62 deletions(-) commit 9310f1ded44067b2da61fa0471ca5b7768dd28ae Author: Steve Lin Date: Mon Nov 14 13:25:57 2016 -0500 mailbox: bcm-pdc: PDC driver leaves debugfs files after removal Minor fix to ensure that debugfs stats pseudo-files are removed when driver module is unloaded. Previously, the call to debugfs_remove_recursive() was never being called since the directory was not empty, and a seg fault would occur if another process tried to access these leftover files. Signed-off-by: Steve Lin Signed-off-by: Rob Rice Reviewed-by: Andy Gospodarek Signed-off-by: Jassi Brar drivers/mailbox/bcm-pdc-mailbox.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) commit 9fb0f9ac54b393ddfe49be7da7751f02bb133db6 Author: Steve Lin Date: Mon Nov 14 13:25:56 2016 -0500 mailbox: bcm-pdc: Changes so mbox client can be removed / re-inserted Ensure that DMA is disabled, and pointers reset, when changing DMA base addresses in pdc_ring_init(). This allows a mailbox client to be re-inserted after being removed. Otherwise, the DMA doesn't restart so the client hangs while being reinserted. Signed-off-by: Steve Lin Signed-off-by: Rob Rice Reviewed-by: Andy Gospodarek Signed-off-by: Jassi Brar drivers/mailbox/bcm-pdc-mailbox.c | 54 +++++++++++++++++++++++++++++++++------ 1 file changed, 46 insertions(+), 8 deletions(-) commit 9b1b2b3adb310560a31ea248fa0defc8f09129ff Author: Rob Rice Date: Mon Nov 14 13:25:55 2016 -0500 mailbox: bcm-pdc: Use octal permissions rather than symbolic When creating the debugfs files for the PDC driver, use octal file permissions rather than symbolic file permissions. Signed-off-by: Rob Rice Reviewed-by: Andy Gospodarek Signed-off-by: Jassi Brar drivers/mailbox/bcm-pdc-mailbox.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 2f50497d71e2982584d1a11d636d43eea0f992e6 Author: Javier Martinez Canillas Date: Thu Oct 20 00:34:05 2016 -0300 mailbox: sti: Fix module autoload for OF registration If the driver is built as a module, autoload won't work because the module alias information is not filled. So user-space can't match the registered device with the corresponding module. Export the module alias information using the MODULE_DEVICE_TABLE() macro. Before this patch: $ modinfo drivers/mailbox/mailbox-sti.ko | grep alias alias: platform:mailbox-sti After this patch: $ modinfo drivers/mailbox/mailbox-sti.ko | grep alias alias: platform:mailbox-sti alias: of:N*T*Cst,stih407-mailboxC* alias: of:N*T*Cst,stih407-mailbox Signed-off-by: Javier Martinez Canillas Acked-by: Lee Jones Signed-off-by: Jassi Brar drivers/mailbox/mailbox-sti.c | 1 + 1 file changed, 1 insertion(+) commit f42cce3c2409960adebe8e970574b23cbbf34e7d Author: Javier Martinez Canillas Date: Thu Oct 20 00:34:04 2016 -0300 mailbox: mailbox-test: Fix module autoload If the driver is built as a module, autoload won't work because the module alias information is not filled. So user-space can't match the registered device with the corresponding module. Export the module alias information using the MODULE_DEVICE_TABLE() macro. Before this patch: $ modinfo drivers/mailbox/mailbox-test.ko | grep alias $ After this patch: $ modinfo drivers/mailbox/mailbox-test.ko | grep alias alias: of:N*T*Cmailbox-testC* alias: of:N*T*Cmailbox-test Signed-off-by: Javier Martinez Canillas Acked-by: Lee Jones Signed-off-by: Jassi Brar drivers/mailbox/mailbox-test.c | 1 + 1 file changed, 1 insertion(+) commit 405182c2459fe2de4a3994ef39e866993e0e61d1 Author: Roderick Colenbrander Date: Thu Dec 8 19:09:52 2016 -0800 HID: sony: Ignore DS4 dongle reports when no device is connected When the DS4 dongle is connected, it always generates HID reports even when no DS4 is paired to it. This patch adds logic to ignore HID reports from the dongle if there is no DS4 currently attached. Signed-off-by: Roderick Colenbrander Signed-off-by: Jiri Kosina drivers/hid/hid-sony.c | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) commit c70d5f70ccbbdf56bb86adb42127db90d0c90976 Author: Roderick Colenbrander Date: Thu Dec 8 19:09:51 2016 -0800 HID: sony: Use DS4 MAC address as unique identifier on USB The DS4 MAC address is reported as a unique identified when using Bluetooth. For USB there is no unique identifier reported yet, so use the MAC address. Signed-off-by: Roderick Colenbrander Signed-off-by: Jiri Kosina drivers/hid/hid-sony.c | 6 ++++++ 1 file changed, 6 insertions(+) commit 2b6579d4a71afb19c6583470783371b992944f67 Author: Roderick Colenbrander Date: Thu Dec 8 19:09:50 2016 -0800 HID: sony: Fix error handling bug when touchpad registration fails The error handling code in sony_input_configured in general uses goto based cleanup. Recently we migrated code from sony_probe to here, but we didn't update the existing touchpad registration code, which was already here to use the goto. Signed-off-by: Roderick Colenbrander Signed-off-by: Jiri Kosina drivers/hid/hid-sony.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit fff5d99225107f5f13fe4a9805adc2a1c4b5fb00 Author: Geert Uytterhoeven Date: Fri Dec 16 14:28:42 2016 +0100 swiotlb: Add swiotlb=noforce debug option On architectures like arm64, swiotlb is tied intimately to the core architecture DMA support. In addition, ZONE_DMA cannot be disabled. To aid debugging and catch devices not supporting DMA to memory outside the 32-bit address space, add a kernel command line option "swiotlb=noforce", which disables the use of bounce buffers. If specified, trying to map memory that cannot be used with DMA will fail, and a rate-limited warning will be printed. Note that io_tlb_nslabs is set to 1, which is the minimal supported value. Signed-off-by: Geert Uytterhoeven Signed-off-by: Konrad Rzeszutek Wilk Documentation/admin-guide/kernel-parameters.txt | 3 ++- include/linux/swiotlb.h | 1 + include/trace/events/swiotlb.h | 3 ++- lib/swiotlb.c | 18 ++++++++++++++++-- 4 files changed, 21 insertions(+), 4 deletions(-) commit ae7871be189cb41184f1e05742b4a99e2c59774d Author: Geert Uytterhoeven Date: Fri Dec 16 14:28:41 2016 +0100 swiotlb: Convert swiotlb_force from int to enum Convert the flag swiotlb_force from an int to an enum, to prepare for the advent of more possible values. Suggested-by: Konrad Rzeszutek Wilk Signed-off-by: Geert Uytterhoeven Signed-off-by: Konrad Rzeszutek Wilk arch/arm64/mm/dma-mapping.c | 3 ++- arch/arm64/mm/init.c | 3 ++- arch/x86/kernel/pci-swiotlb.c | 2 +- arch/x86/xen/pci-swiotlb-xen.c | 2 +- drivers/xen/swiotlb-xen.c | 4 ++-- include/linux/swiotlb.h | 7 ++++++- include/trace/events/swiotlb.h | 16 +++++++++------- lib/swiotlb.c | 8 ++++---- 8 files changed, 27 insertions(+), 18 deletions(-) commit 6c206e4d99f2ed2a5a59875858e3beecc69b6474 Author: Geert Uytterhoeven Date: Fri Dec 16 14:28:40 2016 +0100 x86, swiotlb: Simplify pci_swiotlb_detect_override() At the end of the function, the local variable use_swiotlb has always the same value as the global variable swiotlb. Hence drop the local variable completely. Signed-off-by: Geert Uytterhoeven Signed-off-by: Konrad Rzeszutek Wilk arch/x86/kernel/pci-swiotlb.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) commit 4a8b3a682be9addff7dbd16371fa8c34103b5c31 Author: Pierre-Louis Bossart Date: Fri Dec 16 10:55:49 2016 -0600 ASoC: Intel: bytcr_rt5640: fallback mechanism if MCLK is not enabled Commit df1a2776a795 ("ASoC: Intel: bytcr_rt5640: add MCLK support") was merged but the corresponding clock framework patches have not, after being bumped from audio to clock to x86 domains. The missing clock-related patches result in a regression starting with 4.9 with the audio card not being created. Rather than reverting this commit and all following updates already queued up for 4.10, handle run-time dependency on MCLK and fall back to the previous bit-clock mode. This provides the same functionality as in 4.8 for Baytrail devices. On Baytrail-CR most devices remain silent with this fallback but additional patches are needed anyway. As suggested by Mark Brown, the fallback is only allowed with -ENOENT, all other run-time errors, including -EPROBE_DEFER, will stop the probe with no sound card registered. This patch should be applied to -stable as well as ASoC 4.10 fixes Signed-off-by: Pierre-Louis Bossart Signed-off-by: Mark Brown sound/soc/intel/boards/bytcr_rt5640.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) commit 2700e6067c72a99d1b7037692da0145ac44623c4 Author: Jan Kara Date: Mon Dec 19 14:01:39 2016 +0100 quota: Fix bogus warning in dquot_disable() dquot_disable() was warning when sb_has_quota_loaded() was true when invalidating page cache for quota files. The thinking behind this warning was that we must have raced with somebody else turning quotas on and this should not happen because all places modifying quota state must hold s_umount exclusively now. However sb_has_quota_loaded() can be also true at this point when we are just suspending quotas on remount read-only. Just restore the behavior to situation before commit c3b004460d77 ("quota: Remove dqonoff_mutex") which introduced the warning. The code in dquot_disable() can be further simplified with the new locking of quota state changes however let's leave that to a separate commit that can get more testing exposure. Fixes: c3b004460d77bf3f980d877be539016f2df4df12 Signed-off-by: Jan Kara fs/quota/dquot.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit c198b121b1a1d7a7171770c634cd49191bac4477 Author: Andy Lutomirski Date: Fri Dec 9 10:24:08 2016 -0800 x86/asm: Rewrite sync_core() to use IRET-to-self Aside from being excessively slow, CPUID is problematic: Linux runs on a handful of CPUs that don't have CPUID. Use IRET-to-self instead. IRET-to-self works everywhere, so it makes testing easy. For reference, On my laptop, IRET-to-self is ~110ns, CPUID(eax=1, ecx=0) is ~83ns on native and very very slow under KVM, and MOV-to-CR2 is ~42ns. While we're at it: sync_core() serves a very specific purpose. Document it. Signed-off-by: Andy Lutomirski Cc: Juergen Gross Cc: One Thousand Gnomes Cc: Peter Zijlstra Cc: Brian Gerst Cc: Matthew Whitehead Cc: Borislav Petkov Cc: Henrique de Moraes Holschuh Cc: Andrew Cooper Cc: Boris Ostrovsky Cc: xen-devel Link: http://lkml.kernel.org/r/5c79f0225f68bc8c40335612bf624511abb78941.1481307769.git.luto@kernel.org Signed-off-by: Thomas Gleixner arch/x86/include/asm/processor.h | 80 +++++++++++++++++++++++++++++----------- 1 file changed, 58 insertions(+), 22 deletions(-) commit 484d0e5c7943644cc46e7308a8f9d83be598f2b9 Author: Andy Lutomirski Date: Fri Dec 9 10:24:07 2016 -0800 x86/microcode/intel: Replace sync_core() with native_cpuid() The Intel microcode driver is using sync_core() to mean "do CPUID with EAX=1". I want to rework sync_core(), but first the Intel microcode driver needs to stop depending on its current behavior. Reported-by: Henrique de Moraes Holschuh Signed-off-by: Andy Lutomirski Acked-by: Borislav Petkov Cc: Juergen Gross Cc: One Thousand Gnomes Cc: Peter Zijlstra Cc: Brian Gerst Cc: Matthew Whitehead Cc: Andrew Cooper Cc: Boris Ostrovsky Cc: xen-devel Link: http://lkml.kernel.org/r/535a025bb91fed1a019c5412b036337ad239e5bb.1481307769.git.luto@kernel.org Signed-off-by: Thomas Gleixner arch/x86/kernel/cpu/microcode/intel.c | 26 +++++++++++++++++++++++--- 1 file changed, 23 insertions(+), 3 deletions(-) commit 426d1aff3138cf38da14e912df3c75e312f96e9e Author: Andy Lutomirski Date: Fri Dec 9 10:24:06 2016 -0800 Revert "x86/boot: Fail the boot if !M486 and CPUID is missing" This reverts commit ed68d7e9b9cfb64f3045ffbcb108df03c09a0f98. The patch wasn't quite correct -- there are non-Intel (and hence non-486) CPUs that we support that don't have CPUID. Since we no longer require CPUID for sync_core(), just revert the patch. I think the relevant CPUs are Geode and Elan, but I'm not sure. In principle, we should try to do better at identifying CPUID-less CPUs in early boot, but that's more complicated. Reported-by: One Thousand Gnomes Signed-off-by: Andy Lutomirski Cc: Juergen Gross Cc: Denys Vlasenko Cc: Peter Zijlstra Cc: Brian Gerst Cc: Josh Poimboeuf Cc: Matthew Whitehead Cc: Borislav Petkov Cc: Henrique de Moraes Holschuh Cc: Andrew Cooper Cc: Boris Ostrovsky Cc: xen-devel Cc: Linus Torvalds Link: http://lkml.kernel.org/r/82acde18a108b8e353180dd6febcc2876df33f24.1481307769.git.luto@kernel.org Signed-off-by: Thomas Gleixner arch/x86/boot/cpu.c | 6 ------ 1 file changed, 6 deletions(-) commit 1c52d859cb2d417e7216d3e56bb7fea88444cec9 Author: Andy Lutomirski Date: Fri Dec 9 10:24:05 2016 -0800 x86/asm/32: Make sync_core() handle missing CPUID on all 32-bit kernels We support various non-Intel CPUs that don't have the CPUID instruction, so the M486 test was wrong. For now, fix it with a big hammer: handle missing CPUID on all 32-bit CPUs. Reported-by: One Thousand Gnomes Signed-off-by: Andy Lutomirski Cc: Juergen Gross Cc: Peter Zijlstra Cc: Brian Gerst Cc: Matthew Whitehead Cc: Borislav Petkov Cc: Henrique de Moraes Holschuh Cc: Andrew Cooper Cc: Boris Ostrovsky Cc: xen-devel Link: http://lkml.kernel.org/r/685bd083a7c036f7769510b6846315b17d6ba71f.1481307769.git.luto@kernel.org Signed-off-by: Thomas Gleixner arch/x86/include/asm/processor.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 3df8d9208569ef0b2313e516566222d745f3b94b Author: Andy Lutomirski Date: Thu Dec 15 10:14:42 2016 -0800 x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6 A typo (or mis-merge?) resulted in leaf 6 only being probed if cpuid_level >= 7. Fixes: 2ccd71f1b278 ("x86/cpufeature: Move some of the scattered feature bits to x86_capability") Signed-off-by: Andy Lutomirski Acked-by: Borislav Petkov Cc: Brian Gerst Link: http://lkml.kernel.org/r/6ea30c0e9daec21e488b54761881a6dfcf3e04d0.1481825597.git.luto@kernel.org Signed-off-by: Thomas Gleixner arch/x86/kernel/cpu/common.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) commit 7ebb916782949621ff6819acf373a06902df7679 Author: Markus Trippelsdorf Date: Thu Dec 15 13:45:13 2016 +0100 x86/tools: Fix gcc-7 warning in relocs.c gcc-7 warns: In file included from arch/x86/tools/relocs_64.c:17:0: arch/x86/tools/relocs.c: In function ‘process_64’: arch/x86/tools/relocs.c:953:2: warning: argument 1 null where non-null expected [-Wnonnull] qsort(r->offset, r->count, sizeof(r->offset[0]), cmp_relocs); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In file included from arch/x86/tools/relocs.h:6:0, from arch/x86/tools/relocs_64.c:1: /usr/include/stdlib.h:741:13: note: in a call to function ‘qsort’ declared here extern void qsort This happens because relocs16 is not used for ELF_BITS == 64, so there is no point in trying to sort it. Make the sort_relocs(&relocs16) call 32bit only. Signed-off-by: Markus Trippelsdorf Link: http://lkml.kernel.org/r/20161215124513.GA289@x4 Signed-off-by: Thomas Gleixner arch/x86/tools/relocs.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 8b5e99f02264130782a10ba5c0c759797fb064ee Author: Josh Poimboeuf Date: Fri Dec 16 10:05:06 2016 -0600 x86/unwind: Dump stack data on warnings The unwinder warnings are good at finding unexpected unwinder issues, but they often don't give enough data to be able to fully diagnose them. Print a one-time stack dump when a warning is detected. Signed-off-by: Josh Poimboeuf Cc: Borislav Petkov Cc: Andy Lutomirski Link: http://lkml.kernel.org/r/15607370e3ddb1732b6a73d5c65937864df16ac8.1481904011.git.jpoimboe@redhat.com Signed-off-by: Thomas Gleixner arch/x86/include/asm/unwind.h | 2 +- arch/x86/kernel/unwind_frame.c | 38 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 39 insertions(+), 1 deletion(-) commit 8023e0e2a48d45e8d5363081fad9f7ed4402f953 Author: Josh Poimboeuf Date: Fri Dec 16 10:05:05 2016 -0600 x86/unwind: Adjust last frame check for aligned function stacks Somehow, CONFIG_PARAVIRT=n convinces gcc to change the x86_64_start_kernel() prologue from: 0000000000000129 : 129: 55 push %rbp 12a: 48 89 e5 mov %rsp,%rbp to: 0000000000000124 : 124: 4c 8d 54 24 08 lea 0x8(%rsp),%r10 129: 48 83 e4 f0 and $0xfffffffffffffff0,%rsp 12d: 41 ff 72 f8 pushq -0x8(%r10) 131: 55 push %rbp 132: 48 89 e5 mov %rsp,%rbp This is an unusual pattern which aligns rsp (though in this case it's already aligned) and saves the start_cpu() return address again on the stack before storing the frame pointer. The unwinder assumes the last stack frame header is at a certain offset, but the above code breaks that assumption, resulting in the following warning: WARNING: kernel stack frame pointer at ffffffff82e03f40 in swapper:0 has bad value (null) Fix it by checking for the last task stack frame at the aligned offset in addition to the normal unaligned offset. Fixes: acb4608ad186 ("x86/unwind: Create stack frames for saved syscall registers") Reported-by: Borislav Petkov Signed-off-by: Josh Poimboeuf Cc: Andy Lutomirski Link: http://lkml.kernel.org/r/9d7b4eb8cf55a7d6002cb738f25c23e7429c99a0.1481904011.git.jpoimboe@redhat.com Signed-off-by: Thomas Gleixner arch/x86/kernel/unwind_frame.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) commit 22d3c0d63b1108af0b4ef1cfdad1f6ef0710da30 Author: Dmitry Torokhov Date: Fri Dec 9 12:57:41 2016 -0800 x86/init: Fix a couple of comment typos Signed-off-by: Dmitry Torokhov Acked-by: Marcos Paulo de Souza Cc: linux-input@vger.kernel.org Link: http://lkml.kernel.org/r/1481317061-31486-5-git-send-email-dmitry.torokhov@gmail.com Signed-off-by: Thomas Gleixner arch/x86/include/asm/x86_init.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 32786fdc9506aeba98278c1844d4bfb766863832 Author: Dmitry Torokhov Date: Fri Dec 9 12:57:40 2016 -0800 x86/init: Remove i8042_detect() from platform ops Now that i8042 uses flag in legacy platform data, i8042_detect() is no longer used and can be removed. Signed-off-by: Dmitry Torokhov Tested-by: Takashi Iwai Acked-by: Marcos Paulo de Souza Cc: linux-input@vger.kernel.org Link: http://lkml.kernel.org/r/1481317061-31486-4-git-send-email-dmitry.torokhov@gmail.com Signed-off-by: Thomas Gleixner arch/x86/include/asm/x86_init.h | 2 -- arch/x86/kernel/x86_init.c | 2 -- arch/x86/platform/ce4100/ce4100.c | 6 ------ arch/x86/platform/intel-mid/intel-mid.c | 7 ------- 4 files changed, 17 deletions(-) commit d79e141c1c6ea7cb70c169971d522b88c8d5b419 Author: Dmitry Torokhov Date: Fri Dec 9 12:57:39 2016 -0800 Input: i8042 - Trust firmware a bit more when probing on X86 The error message "Can't read CTR while initializing i8042" appears on Cherry Trail-based devices at each boot time: i8042: PNP: No PS/2 controller found. Probing ports directly. i8042: Can't read CTR while initializing i8042 i8042: probe of i8042 failed with error -5 This happens because we historically do not trust firmware on X86 and, while noting that PNP does not show keyboard or mouse devices, we still charge ahead and try to probe the controller. Let's relax this a bit and if results of PNP probe agree with the results of platform initialization/quirks conclude that there is, in fact, no i8042. While at it, let's avoid using x86_platform.i8042_detect() and instead abort execution early if platform indicates that it can not possibly have i8042 (x86_platform.legacy.i8042 equals X86_LEGACY_I8042_PLATFORM_ABSENT). Reported-and-tested-by: Takashi Iwai Signed-off-by: Dmitry Torokhov Acked-by: Marcos Paulo de Souza Cc: linux-input@vger.kernel.org Link: http://lkml.kernel.org/r/1481317061-31486-3-git-send-email-dmitry.torokhov@gmail.com Signed-off-by: Thomas Gleixner drivers/input/serio/i8042-x86ia64io.h | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) commit 93ffa9a479ffb65d045e74e141346e7f107fcde1 Author: Dmitry Torokhov Date: Fri Dec 9 12:57:38 2016 -0800 x86/init: Add i8042 state to the platform data Add i8042 state to the platform data to help i8042 driver make decision whether to probe for i8042 or not. We recognize 3 states: platform/subarch ca not possible have i8042 (as is the case with Inrel MID platform), firmware (such as ACPI) reports that i8042 is absent from the device, or i8042 may be present and the driver should probe for it. The intent is to allow i8042 driver abort initialization on x86 if PNP data (absence of both keyboard and mouse PNP devices) agrees with firmware data. It will also allow us to remove i8042_detect later. Signed-off-by: Dmitry Torokhov Tested-by: Takashi Iwai Acked-by: Marcos Paulo de Souza Cc: linux-input@vger.kernel.org Link: http://lkml.kernel.org/r/1481317061-31486-2-git-send-email-dmitry.torokhov@gmail.com Signed-off-by: Thomas Gleixner arch/x86/include/asm/x86_init.h | 18 ++++++++++++++++++ arch/x86/kernel/acpi/boot.c | 7 +++++++ arch/x86/kernel/platform-quirks.c | 5 +++++ 3 files changed, 30 insertions(+) commit c8b1b3dd89ea7b3f77a73e59c4c4495e16338e15 Author: Brendan McGrath Date: Sat Dec 10 21:20:42 2016 +1100 HID: asus: Fix keyboard support The previous submission which added Touchpad support broke the Keyboard support of this driver. This patch: 1. fixes the Keyboard support (by assigning drvdata->input); 2. renames NOTEBOOK_QUIRKS to KEYBOARD_QUIRKS; 3. adds the NO_INIT_REPORT quirk to the KEYBOARD_QUIRKS; and 4. sets the input->name to 'Asus Keyboard' for the keyboard Signed-off-by: Brendan McGrath Reviewed-by: Benjamin Tissoires Signed-off-by: Jiri Kosina drivers/hid/hid-asus.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) commit c9435f35ae64ee162555a82b6a3586b160093957 Author: Sudip Mukherjee Date: Sun Dec 18 22:26:36 2016 +0000 clocksource/drivers/moxart: Plug memory and mapping leaks If of_iomap() or any other subsequent function fails moxart_timer_init() exits without freeing memory and unmapping the timer base. Add proper cleanup points. Signed-off-by: Sudip Mukherjee Cc: Daniel Lezcano Cc: Sudip Mukherjee Link: http://lkml.kernel.org/r/1482099996-1524-1-git-send-email-sudipm.mukherjee@gmail.com Signed-off-by: Thomas Gleixner drivers/clocksource/moxart_timer.c | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) commit f357563f958df06cd9ea9e614cdba30578bb08b1 Author: Jérémy Lefaure Date: Fri Dec 16 19:29:27 2016 -0500 irqchip/st: Mark st_irq_syscfg_resume() __maybe_unused When CONFIG_PM_SLEEP is disabled, the compiler raises a warning on st_irq_syscfg_resume: drivers/irqchip/irq-st.c:183:12: warning: 'st_irq_syscfg_resume' defined but not used [-Wunused-function] static int st_irq_syscfg_resume(struct device *dev) ^~~~~~~~~~~~~~~~~~~~ Annotate the function with __maybe_unused. Signed-off-by: Jérémy Lefaure Cc: Marc Zyngier Cc: Jason Cooper Link: http://lkml.kernel.org/r/20161217002927.31947-1-jeremy.lefaure@lse.epita.fr Signed-off-by: Thomas Gleixner drivers/irqchip/irq-st.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 2b4c91569a40c4512ea1b413e0c817d179ce9868 Author: Boris Ostrovsky Date: Sun Dec 18 17:44:14 2016 +0100 x86/microcode/AMD: Use native_cpuid() in load_ucode_amd_bsp() When CONFIG_PARAVIRT is selected, cpuid() becomes a call. Since for 32-bit kernels load_ucode_amd_bsp() is executed before paging is enabled the call cannot be completed (as kernel virtual addresses are not reachable yet). Use native_cpuid() instead which is an asm wrapper for the CPUID instruction. Signed-off-by: Boris Ostrovsky Signed-off-by: Borislav Petkov Cc: Jürgen Gross Link: http://lkml.kernel.org/r/1481906392-3847-1-git-send-email-boris.ostrovsky@oracle.com Link: http://lkml.kernel.org/r/20161218164414.9649-5-bp@alien8.de Signed-off-by: Thomas Gleixner arch/x86/kernel/cpu/microcode/amd.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) commit a15a753539eca8ba243d576f02e7ca9c4b7d7042 Author: Borislav Petkov Date: Sun Dec 18 17:44:13 2016 +0100 x86/microcode/AMD: Do not load when running on a hypervisor Doing so is completely void of sense for multiple reasons so prevent it. Set dis_ucode_ldr to true and thus disable the microcode loader by default to address xen pv guests which execute the AP path but not the BSP path. By having it turned off by default, the APs won't run into the loader either. Also, check CPUID(1).ECX[31] which hypervisors set. Well almost, not the xen pv one. That one gets the aforementioned "fix". Also, improve the detection method by caching the final decision whether to continue loading in dis_ucode_ldr and do it once on the BSP. The APs then simply test that value. Signed-off-by: Borislav Petkov Tested-by: Juergen Gross Tested-by: Boris Ostrovsky Acked-by: Juergen Gross Link: http://lkml.kernel.org/r/20161218164414.9649-4-bp@alien8.de Signed-off-by: Thomas Gleixner arch/x86/kernel/cpu/microcode/core.c | 28 +++++++++++++++++++--------- 1 file changed, 19 insertions(+), 9 deletions(-) commit 200d3553163f6065a0f1f142f92d1cf716d586c2 Author: Borislav Petkov Date: Sun Dec 18 17:44:12 2016 +0100 x86/microcode/AMD: Sanitize apply_microcode_early_amd() Make it simply return bool to denote whether it found a container or not and return the pointer to the container and its size in the handed-in container pointer instead, as returning a struct was just silly. Signed-off-by: Borislav Petkov Cc: Jürgen Gross Cc: Boris Ostrovsky Link: http://lkml.kernel.org/r/20161218164414.9649-3-bp@alien8.de Signed-off-by: Thomas Gleixner arch/x86/kernel/cpu/microcode/amd.c | 30 +++++++++++++++++------------- 1 file changed, 17 insertions(+), 13 deletions(-) commit 8feaa64a9a69652fdff87205f8a8cfe1bfd5b522 Author: Borislav Petkov Date: Sun Dec 18 17:44:11 2016 +0100 x86/microcode/AMD: Make find_proper_container() sane again Fixup signature and retvals, return the container struct through the passed in pointer, not as a function return value. Signed-off-by: Borislav Petkov Cc: Jürgen Gross Cc: Boris Ostrovsky Link: http://lkml.kernel.org/r/20161218164414.9649-2-bp@alien8.de Signed-off-by: Thomas Gleixner arch/x86/kernel/cpu/microcode/amd.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) commit d4af49f810db8b855b043615c3b4312e5ba8aedb Author: Kefeng Wang Date: Mon Dec 19 10:01:47 2016 +0100 firmware: dmi_scan: Always show system identification string Let's keep consistent when print dmi_ids_string between SMBIOS 2.x and SMBIOS 3.x, and always show the system identification string, like Vendor, Product/Board name and BIOS infos. Signed-off-by: Kefeng Wang Signed-off-by: Jean Delvare drivers/firmware/dmi_scan.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 983eeba7d2a854b540bd25c9e2311778408d9730 Author: Vladimir Kondratiev Date: Wed Dec 14 10:36:47 2016 +0200 ARC: enable SG chaining Signed-off-by: Vladimir Kondratiev Signed-off-by: Vineet Gupta Documentation/features/io/sg-chain/arch-support.txt | 2 +- arch/arc/Kconfig | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) commit b0b3a37b908b5906524c11f3ca12cd7c9d4adc1c Merge: 3be134e d3e5925 Author: Linus Torvalds Date: Sun Dec 18 18:18:03 2016 -0800 Merge tag 'rtc-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/abelloni/linux Pull RTC updates from Alexandre Belloni: "Subsystem: - non-modular drivers are now explicitly non-modular New driver: - Epson Toyocom rtc-7301sf/dg Drivers: - cmos: reject unsupported alarm values wrt the RTC capabilities - ds1307: ACPI support - jz4740: DT support, jz4780 handling, can now be used as a system power controller - mcp795: many fixes, in particular proper month handling - twl: driver is now DT only" * tag 'rtc-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/abelloni/linux: (31 commits) rtc: mcp795: Fix whitespace and indentation. rtc: mcp795: Prefer using the BIT() macro. rtc: mcp795: fix month write resetting date to 1. rtc: mcp795: fix time range difference between linux and RTC chip. rtc: mcp795: fix bitmask value for leap year (LP). rtc: mcp795: use bcd2bin/bin2bcd. rtc: add support for EPSON TOYOCOM RTC-7301SF/DG rtc: ds1307: Add ACPI support rtc: imxdi: (trivial) fix a typo rtc: ds1374: Merge conditional + WARN_ON() rtc: twl: make driver DT only rtc: twl: kill static variables rtc: fix typos in Kconfig rtc: jz4740: make the driver builtin only rtc: jz4740: remove unused EXPORT_SYMBOL Documentation: bindings: fix twl-rtc documentation rtc: Enable compile testing for Maxim and Samsung drivers MIPS: jz4740: Remove obsolete code MIPS: qi_lb60: Probe RTC driver from DT and use it as power controller MIPS: jz4740: DTS: Probe the jz4740-rtc driver from devicetree ... commit d3e5925902dc0f639efc3641e07fca2bd7af5441 Author: Emil Bartczak Date: Thu Dec 8 00:27:42 2016 +0100 rtc: mcp795: Fix whitespace and indentation. Fix whitespace and indentation errors and the following checkpatch warnings: - line 15: Block comments use a trailing */ on a separate line - line 256: Line over 80 characters No code change. Signed-off-by: Emil Bartczak Signed-off-by: Alexandre Belloni drivers/rtc/rtc-mcp795.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) commit a2b42997513401903341cf96616839ad22f151b6 Author: Emil Bartczak Date: Thu Dec 8 00:27:41 2016 +0100 rtc: mcp795: Prefer using the BIT() macro. This patch doesn't change the code but replaces all bitmask values with the BIT(x) macro. Signed-off-by: Emil Bartczak Signed-off-by: Alexandre Belloni drivers/rtc/rtc-mcp795.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 43d0b10f60c54667108729adb525bc1090d4238f Author: Emil Bartczak Date: Thu Dec 8 00:27:40 2016 +0100 rtc: mcp795: fix month write resetting date to 1. According to Microchip errata some combinations of date and month values may result in the date being reset to 1, even if the date is also written with the month (for example 31-07 or 31-08). As a workaround avoid writing date and month values within the same Write command. Instead, terminate the Write command after loading the date and begin a new command to write the month. In addition, disable the oscillator before loading the new values. This is done by ensuring both the ST and EXTOSC bits are cleared and waiting for the OSCON bit to clear. Signed-off-by: Emil Bartczak Signed-off-by: Alexandre Belloni drivers/rtc/rtc-mcp795.c | 86 +++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 81 insertions(+), 5 deletions(-) commit 26eeefd5956449b03c87c49b996e012ffe3e59aa Author: Emil Bartczak Date: Thu Dec 8 00:27:39 2016 +0100 rtc: mcp795: fix time range difference between linux and RTC chip. In linux rtc_time struct, tm_mon range is 0~11, while in RTC HW REG, month range is 1~12. This patch adjusts difference of them. Signed-off-by: Emil Bartczak Signed-off-by: Alexandre Belloni drivers/rtc/rtc-mcp795.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit e72765c648a172f052486cba9688ddc28f23140b Author: Emil Bartczak Date: Thu Dec 8 00:27:38 2016 +0100 rtc: mcp795: fix bitmask value for leap year (LP). According the datasheet the leap year is a fifth bit in month register. Signed-off-by: Emil Bartczak Signed-off-by: Alexandre Belloni drivers/rtc/rtc-mcp795.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit bcf18d88ac16c1a86bac7e8f5f4b1de1f752865f Author: Emil Bartczak Date: Thu Dec 8 00:27:37 2016 +0100 rtc: mcp795: use bcd2bin/bin2bcd. Change rtc-mcp795.c to use the bcd2bin/bin2bcd functions. This change fixes the wrong conversion of month value from binary to BCD (missing right shift operation for 10 month). Signed-off-by: Emil Bartczak Signed-off-by: Alexandre Belloni drivers/rtc/rtc-mcp795.c | 25 +++++++++++++------------ 1 file changed, 13 insertions(+), 12 deletions(-) commit 0b6a8f5c9bebe51b95ff23939db570e8d298a36f Author: Akinobu Mita Date: Sun Dec 4 23:04:39 2016 +0900 rtc: add support for EPSON TOYOCOM RTC-7301SF/DG This adds support for EPSON TOYOCOM RTC-7301SF/DG which has parallel interface compatible with SRAM. This driver supports basic clock, calendar and alarm functionality. Tested with Microblaze linux running on Artix7 FPGA board with my own custom IP for RTC-7301. Signed-off-by: Akinobu Mita Acked-by: Rob Herring Signed-off-by: Alexandre Belloni .../devicetree/bindings/rtc/epson,rtc7301.txt | 16 + drivers/rtc/Kconfig | 11 + drivers/rtc/Makefile | 1 + drivers/rtc/rtc-r7301.c | 453 +++++++++++++++++++++ 4 files changed, 481 insertions(+) commit 9c19b8930d2cf95f5dc5ec11610400a7c61845d1 Author: Tin Huynh Date: Wed Nov 30 09:57:31 2016 +0700 rtc: ds1307: Add ACPI support This patch enables ACPI support for rtc-ds1307 driver. Signed-off-by: Tin Huynh Signed-off-by: Alexandre Belloni drivers/rtc/rtc-ds1307.c | 52 +++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 43 insertions(+), 9 deletions(-) commit 67626c9323027534496d21cf32793121662d03c0 Author: Aniroop Mathur Date: Sun Dec 18 15:27:16 2016 -0800 Input: synaptics_i2c - change msleep to usleep_range for small msecs msleep(1~20) may not do what the caller intends, and will often sleep longer. (~20 ms actual sleep for any value given in the 1~20ms range) This is not the desired behaviour for many cases like device resume time, device suspend time, device enable time, retry logic, etc. Thus, change msleep to usleep_range for precise wakeups. Signed-off-by: Aniroop Mathur Acked-by: Igor Grinberg Signed-off-by: Dmitry Torokhov drivers/input/mouse/synaptics_i2c.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 41c567a5d7d1a986763e58c3394782813c3bcb03 Author: Marcos Paulo de Souza Date: Sun Dec 18 15:26:12 2016 -0800 Input: i8042 - add Pegatron touchpad to noloop table Avoid AUX loopback in Pegatron C15B touchpad, so input subsystem is able to recognize a Synaptics touchpad in the AUX port. Fixes: https://bugzilla.kernel.org/show_bug.cgi?id=93791 (Touchpad is not detected on DNS 0801480 notebook (PEGATRON C15B)) Suggested-by: Dmitry Torokhov Signed-off-by: Marcos Paulo de Souza Signed-off-by: Dmitry Torokhov drivers/input/serio/i8042-x86ia64io.h | 6 ++++++ 1 file changed, 6 insertions(+) commit 65dadffddbe44a60f8be9e95f264949ba1e547e9 Author: Corentin Labbe Date: Fri Dec 16 14:43:39 2016 -0800 Input: joydev - remove unused linux/miscdevice.h include This patch remove the inclusion of linux/miscdevice.h for joydev since it does not use miscdevice. Signed-off-by: Corentin Labbe Signed-off-by: Dmitry Torokhov drivers/input/joydev.c | 1 - 1 file changed, 1 deletion(-) commit 3be134e5152f08e8bd3c2afdaac723f64d93c2bb Merge: 8421c60 c44ef85 Author: Linus Torvalds Date: Sun Dec 18 15:49:10 2016 -0800 Merge tag 'libnvdimm-for-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm Pull libnvdimm updates from Dan Williams: "The libnvdimm pull request is relatively small this time around due to some development topics being deferred to 4.11. As for this pull request the bulk of it has been in -next for several releases leading to one late fix being added (commit 868f036fee4b ("libnvdimm: fix mishandled nvdimm_clear_poison() return value")). It has received a build success notification from the 0day-kbuild robot and passes the latest libnvdimm unit tests. Summary: - Dynamic label support: To date namespace label support has been limited to disambiguating cases where PMEM (direct load/store) and BLK (mmio aperture) accessed-capacity alias on the same DIMM. Since 4.9 added support for multiple namespaces per PMEM-region there is value to support namespace labels even in the non-aliasing case. The presence of a valid namespace index block force-enables label support when the kernel would otherwise rely on region boundaries, and permits the region to be sub-divided. - Handle media errors in namespace metadata: Complement the error handling for media errors in namespace data areas with support for clearing errors on writes, and downgrading potential machine-check exceptions to simple i/o errors on read. - Device-DAX region attributes: Add 'align', 'id', and 'size' as attributes for device-dax regions. In particular this enables userspace tooling to generically size memory mapping and i/o operations. Prevent userspace from growing assumptions / dependencies about the parent device topology for a dax region. A libnvdimm namespace may not always be the parent device of a dax region. - Various cleanups and small fixes" * tag 'libnvdimm-for-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm: dax: add region 'id', 'size', and 'align' attributes libnvdimm: fix mishandled nvdimm_clear_poison() return value libnvdimm: replace mutex_is_locked() warnings with lockdep_assert_held libnvdimm, pfn: fix align attribute libnvdimm, e820: use module_platform_driver libnvdimm, namespace: use octal for permissions libnvdimm, namespace: avoid multiple sector calculations libnvdimm: remove else after return in nsio_rw_bytes() libnvdimm, namespace: fix the type of name variable libnvdimm: use consistent naming for request_mem_region() nvdimm: use the right length of "pmem" libnvdimm: check and clear poison before writing to pmem tools/testing/nvdimm: dynamic label support libnvdimm: allow a platform to force enable label support libnvdimm: use generic iostat interfaces commit 8421c60446290c0fef1858a806261871a40ebf76 Merge: f7dd3b17 83da6b5 Author: Linus Torvalds Date: Sun Dec 18 15:45:33 2016 -0800 Merge tag 'platform-drivers-x86-v4.10-2' of git://git.infradead.org/users/dvhart/linux-platform-drivers-x86 Pull more x86 platform driver updates from Darren Hart: "Move and add registration for the mlx-platform driver. Introduce button and lid drivers for the surface3 (different from the surface3-pro). Add BXT PMIC TMU support. Add Y700 to existing ideapad-laptop quirk. Summary: ideapad-laptop: - Add Y700 15-ACZ to no_hw_rfkill DMI list surface3_button: - Introduce button support for the Surface 3 surface3-wmi: - Add custom surface3 platform device for controlling LID - Balance locking on error path mlx-platform: - Add mlxcpld-hotplug driver registration - Fix semicolon.cocci warnings - Move module from arch/x86 platform/x86: - Add Whiskey Cove PMIC TMU support" * tag 'platform-drivers-x86-v4.10-2' of git://git.infradead.org/users/dvhart/linux-platform-drivers-x86: platform/x86: surface3-wmi: Balance locking on error path platform/x86: Add Whiskey Cove PMIC TMU support platform/x86: ideapad-laptop: Add Y700 15-ACZ to no_hw_rfkill DMI list platform/x86: Introduce button support for the Surface 3 platform/x86: Add custom surface3 platform device for controlling LID platform/x86: mlx-platform: Add mlxcpld-hotplug driver registration platform/x86: mlx-platform: Fix semicolon.cocci warnings platform/x86: mlx-platform: Move module from arch/x86 commit 83da6b59919a71a1a97ce9863aa0267eaf6d496c Author: Andy Shevchenko Date: Thu Dec 15 03:10:02 2016 +0200 platform/x86: surface3-wmi: Balance locking on error path There is a possibility that lock will be left acquired. Consolidate error path under out_free_unlock label. Reported-by: kbuild test robot Reviewed-by: Benjamin Tissoires Signed-off-by: Andy Shevchenko drivers/platform/x86/surface3-wmi.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) commit 957ae5098185e763b5c06be6c3b4b6e98c048712 Author: Nilesh Bacchewar Date: Mon Nov 7 12:11:47 2016 -0800 platform/x86: Add Whiskey Cove PMIC TMU support This adds TMU (Time Management Unit) support for Intel BXT platform. It enables the alarm wake-up functionality in the TMU unit of Whiskey Cove PMIC. Signed-off-by: Nilesh Bacchewar Reviewed-by: Mika Westerberg [andy: resolve merge conflict in Kconfig] Signed-off-by: Andy Shevchenko drivers/mfd/intel_soc_pmic_bxtwc.c | 38 ++++++++ drivers/platform/x86/Kconfig | 9 ++ drivers/platform/x86/Makefile | 1 + drivers/platform/x86/intel_bxtwc_tmu.c | 162 +++++++++++++++++++++++++++++++++ include/linux/mfd/intel_soc_pmic.h | 1 + 5 files changed, 211 insertions(+) commit f7dd3b1734ea335fea01f103d48b3de26ea0d335 Merge: 1bbb05f 8c9b9d8 Author: Linus Torvalds Date: Sun Dec 18 13:59:10 2016 -0800 Merge branch 'x86-timers-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull timer updates from Thomas Gleixner: "This is the last functional update from the tip tree for 4.10. It got delayed due to a newly reported and anlyzed variant of BIOS bug and the resulting wreckage: - Seperation of TSC being marked realiable and the fact that the platform provides the TSC frequency via CPUID/MSRs and making use for it for GOLDMONT. - TSC adjust MSR validation and sanitizing: The TSC adjust MSR contains the offset to the hardware counter. The sum of the adjust MSR and the counter is the TSC value which is read via RDTSC. On at least two machines from different vendors the BIOS sets the TSC adjust MSR to negative values. This happens on cold and warm boot. While on cold boot the offset is a few milliseconds, on warm boot it basically compensates the power on time of the system. The BIOSes are not even using the adjust MSR to set all CPUs in the package to the same offset. The offsets are different which renders the TSC unusable, What's worse is that the TSC deadline timer has a HW feature^Wbug. It malfunctions when the TSC adjust value is negative or greater equal 0x80000000 resulting in silent boot failures, hard lockups or non firing timers. This looks like some hardware internal 32/64bit issue with a sign extension problem. Intel has been silent so far on the issue. The update contains sanity checks and keeps the adjust register within working limits and in sync on the package. As it looks like this disease is spreading via BIOS crapware, we need to address this urgently as the boot failures are hard to debug for users" * 'x86-timers-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/tsc: Limit the adjust value further x86/tsc: Annotate printouts as firmware bug x86/tsc: Force TSC_ADJUST register to value >= zero x86/tsc: Validate TSC_ADJUST after resume x86/tsc: Validate cpumask pointer before accessing it x86/tsc: Fix broken CONFIG_X86_TSC=n build x86/tsc: Try to adjust TSC if sync test fails x86/tsc: Prepare warp test for TSC adjustment x86/tsc: Move sync cleanup to a safe place x86/tsc: Sync test only for the first cpu in a package x86/tsc: Verify TSC_ADJUST from idle x86/tsc: Store and check TSC ADJUST MSR x86/tsc: Detect random warps x86/tsc: Use X86_FEATURE_TSC_ADJUST in detect_art() x86/tsc: Finalize the split of the TSC_RELIABLE flag x86/tsc: Set TSC_KNOWN_FREQ and TSC_RELIABLE flags on Intel Atom SoCs x86/tsc: Mark Intel ATOM_GOLDMONT TSC reliable x86/tsc: Mark TSC frequency determined by CPUID as known x86/tsc: Add X86_FEATURE_TSC_KNOWN_FREQ flag commit 217e2bfab22e740227df09f22165e834cddd8a3b Author: Dmitry Shachnev Date: Sun Dec 18 13:11:46 2016 +0300 docs: sphinx-extensions: make rstFlatTable work with docutils 0.13 In docutils 0.13, the return type of get_column_widths method of the Table directive has changed [1], which breaks our flat-table directive and leads to a TypeError when trying to build the docs [2]. This patch adds support for the new return type, while keeping support for older docutils versions too. [1] https://sourceforge.net/p/docutils/patches/120/ [2] https://sourceforge.net/p/docutils/bugs/303/ Signed-off-by: Dmitry Shachnev Cc: # 4.8.x- Signed-off-by: Jonathan Corbet Documentation/sphinx/rstFlatTable.py | 5 +++++ 1 file changed, 5 insertions(+) commit 1bbb05f52055c8b2fc1cbb2ac272b011593172f9 Merge: 451bb1a ffc7dc8 Author: Linus Torvalds Date: Sun Dec 18 11:12:53 2016 -0800 Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 fixes and cleanups from Thomas Gleixner: "This set of updates contains: - Robustification for the logical package managment. Cures the AMD and virtualization issues. - Put the correct start_cpu() return address on the stack of the idle task. - Fixups for the fallout of the nodeid <-> cpuid persistent mapping modifciations - Move the x86/MPX specific mm_struct member to the arch specific mm_context where it belongs - Cleanups for C89 struct initializers and useless function arguments" * 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/floppy: Use designated initializers x86/mpx: Move bd_addr to mm_context_t x86/mm: Drop unused argument 'removed' from sync_global_pgds() ACPI/NUMA: Do not map pxm to node when NUMA is turned off x86/acpi: Use proper macro for invalid node x86/smpboot: Prevent false positive out of bounds cpumask access warning x86/boot/64: Push correct start_cpu() return address x86/boot/64: Use 'push' instead of 'call' in start_cpu() x86/smpboot: Make logical package management more robust commit 451bb1a6b2d24df6d677fe790950bec0679b741d Merge: 98da295 c1a9eeb Author: Linus Torvalds Date: Sun Dec 18 11:11:01 2016 -0800 Merge branch 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull timer fix from Thomas Gleixner: "Prevent NULL pointer dereferencing in the tick broadcast code. Old bug, which got unearthed by the hotplug ordering problem" * 'timers-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: tick/broadcast: Prevent NULL pointer dereference commit 98da295b35cf23222b52a3dc1d768b7997c95a32 Merge: eb3a3c0 512f098 Author: Linus Torvalds Date: Sun Dec 18 11:06:05 2016 -0800 Merge branch 'smp-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull SMP hotplug fixes from Thomas Gleixner: "Two fixlets for cpu hotplug: - Fix a subtle ordering problem with the dummy timer. This happened to work before the conversion by chance due to initcall ordering. - Fix the function comment for __cpuhp_setup_state()" * 'smp-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: cpu/hotplug: Clarify description of __cpuhp_setup_state() return value clocksource/dummy_timer: Move hotplug callback after the real timers commit eb3a3c074624fdae82a09e77740c131f85299d67 Merge: 52f40e9 c0af524 Author: Linus Torvalds Date: Sun Dec 18 11:00:56 2016 -0800 Merge branch 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull irq fix from Thomas Gleixner: "A fix for the irq affinity spread algorithm so it handles non linear node numbering nicely" * 'irq-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: genirq/affinity: Fix node generation from cpumask commit e259934d4df7f99f2a5c2c4f074f6a55bd4b1722 Author: Bart Van Assche Date: Thu Dec 15 17:15:07 2016 +0100 IB/rxe: Fix a memory leak in rxe_qp_cleanup() A socket is associated with every QP by the rxe driver but sock_release() is never called. Add a call to sock_release() in rxe_qp_cleanup(). Fixes: commit 8700e3e7c48A5 ("Add Soft RoCE driver") Signed-off-by: Bart Van Assche Cc: Moni Shoua Cc: Kamal Heib Cc: Amir Vadai Cc: Haggai Eran Cc: Reviewed-by: Moni Shoua Signed-off-by: Doug Ledford drivers/infiniband/sw/rxe/rxe_qp.c | 1 + 1 file changed, 1 insertion(+) commit b414fa01c31318383ae29d9d23cb9ca4184bbd86 Author: Steve Wise Date: Thu Dec 15 08:09:35 2016 -0800 iw_cxgb4: set correct FetchBurstMax for QPs The current QP FetchBurstMax value is 256B, which is incorrect since a WR can exceed that value. The result being a partial WR fetched by hardware, and a fatal "bad WR" error posted by the SGE. So bump the FetchBurstMax to 512B. Signed-off-by: Steve Wise Signed-off-by: Doug Ledford drivers/infiniband/hw/cxgb4/qp.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 8c9b9d87b855226a823b41a77a05f42324497603 Author: Thomas Gleixner Date: Sun Dec 18 15:09:29 2016 +0100 x86/tsc: Limit the adjust value further Adjust value 0x80000000 and other values larger than that render the TSC deadline timer disfunctional. We have not yet any information about this from Intel, but experimentation clearly proves that this is a 32/64 bit and sign extension issue. If adjust values larger than that are actually required, which might be the case for physical CPU hotplug, then we need to disable the deadline timer on the affected package/CPUs and use the local APIC timer instead. That requires some surgery in the APIC setup code, so we just limit the ADJUST register value into the known to work range for now and revisit this when Intel comes forth with proper information. Signed-off-by: Thomas Gleixner Cc: Roland Scheidegger Cc: Bruce Schlobohm Cc: Kevin Stanton Cc: Peter Zijlstra Cc: Borislav Petkov arch/x86/kernel/tsc_sync.c | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) commit 16588f659257495212ac6b9beaf008d9b19e8165 Author: Thomas Gleixner Date: Sun Dec 18 15:06:27 2016 +0100 x86/tsc: Annotate printouts as firmware bug Make it more obvious that the BIOS is screwed up. Signed-off-by: Thomas Gleixner Cc: Roland Scheidegger Cc: Bruce Schlobohm Cc: Kevin Stanton Cc: Peter Zijlstra Cc: Borislav Petkov arch/x86/kernel/tsc_sync.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 298360af3dab45659810fdc51aba0c9f4097e4f6 Author: Russell Currey Date: Thu Dec 15 16:12:41 2016 +1100 drivers/gpu/drm/ast: Fix infinite loop if read fails ast_get_dram_info() configures a window in order to access BMC memory. A BMC register can be configured to disallow this, and if so, causes an infinite loop in the ast driver which renders the system unusable. Fix this by erroring out if an error is detected. On powerpc systems with EEH, this leads to the device being fenced and the system continuing to operate. Cc: # 3.10+ Signed-off-by: Russell Currey Reviewed-by: Joel Stanley Signed-off-by: Daniel Vetter Link: http://patchwork.freedesktop.org/patch/msgid/20161215051241.20815-1-ruscur@russell.cc drivers/gpu/drm/ast/ast_main.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) commit 297e765e390a2ac996000b5f7228cbd84d995174 Author: Marcin Nowakowski Date: Tue Dec 13 11:40:57 2016 +0100 uprobes: Fix uprobes on MIPS, allow for a cache flush after ixol breakpoint creation Commit: 72e6ae285a1d ('ARM: 8043/1: uprobes need icache flush after xol write' ... has introduced an arch-specific method to ensure all caches are flushed appropriately after an instruction is written to an XOL page. However, when the XOL area is created and the out-of-line breakpoint instruction is copied, caches are not flushed at all and stale data may be found in icache. Replace a simple copy_to_page() with arch_uprobe_copy_ixol() to allow the arch to ensure all caches are updated accordingly. This change fixes uprobes on MIPS InterAptiv (tested on Creator Ci40). Signed-off-by: Marcin Nowakowski Cc: Alexander Shishkin Cc: Arnaldo Carvalho de Melo Cc: Arnaldo Carvalho de Melo Cc: Jiri Olsa Cc: Linus Torvalds Cc: Oleg Nesterov Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: Victor Kamensky Cc: linux-mips@linux-mips.org Link: http://lkml.kernel.org/r/1481625657-22850-1-git-send-email-marcin.nowakowski@imgtec.com Signed-off-by: Ingo Molnar kernel/events/uprobes.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit ffc7dc8d838c6403a550021e4f28a737334d80a7 Author: Kees Cook Date: Sat Dec 17 13:37:05 2016 -0800 x86/floppy: Use designated initializers Prepare to mark sensitive kernel structures for randomization by making sure they're using designated initializers. These were identified during allyesconfig builds of x86, arm, and arm64, with most initializer fixes extracted from grsecurity. Signed-off-by: Kees Cook Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/20161217213705.GA1248@beast Signed-off-by: Ingo Molnar arch/x86/include/asm/floppy.h | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) commit 649ac63a9ae5e08b7123f2fa98c2bf42f033bdb9 Author: Peter Rosin Date: Sat Dec 17 21:29:11 2016 +0100 i2c: mux: mlxcpld: fix i2c mux selection caching smbus functions return -ve on error, 0 on success. However, __i2c_transfer() have a different return signature - -ve on error, or number of buffers transferred (which may be zero or greater). The upshot of this is that the sense of the test is reversed when using the mux on a bus supporting the master_xfer method: we cache the value and never retry if we fail to transfer any buffers, but if we succeed, we clear the cached value. Fix this by making mlxcpld_mux_reg_write() return a -ve error code for all failure cases, just as was done in commit 7f638c1cb0a1 ("i2c: mux: pca954x: fix i2c mux selection caching"). This also aligns the implementations of these two muxes in this area. Signed-off-by: Peter Rosin Acked-by: Vadim Pasternak Signed-off-by: Wolfram Sang drivers/i2c/muxes/i2c-mux-mlxcpld.c | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) commit 52f40e9d657cc126b766304a5dd58ad73b02ff46 Merge: 231753e 3e3397e Author: Linus Torvalds Date: Sat Dec 17 20:17:04 2016 -0800 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net Pull networking fixes and cleanups from David Miller: 1) Revert bogus nla_ok() change, from Alexey Dobriyan. 2) Various bpf validator fixes from Daniel Borkmann. 3) Add some necessary SET_NETDEV_DEV() calls to hsis_femac and hip04 drivers, from Dongpo Li. 4) Several ethtool ksettings conversions from Philippe Reynes. 5) Fix bugs in inet port management wrt. soreuseport, from Tom Herbert. 6) XDP support for virtio_net, from John Fastabend. 7) Fix NAT handling within a vrf, from David Ahern. 8) Endianness fixes in dpaa_eth driver, from Claudiu Manoil * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (63 commits) net: mv643xx_eth: fix build failure isdn: Constify some function parameters mlxsw: spectrum: Mark split ports as such cgroup: Fix CGROUP_BPF config qed: fix old-style function definition net: ipv6: check route protocol when deleting routes r6040: move spinlock in r6040_close as SOFTIRQ-unsafe lock order detected irda: w83977af_ir: cleanup an indent issue net: sfc: use new api ethtool_{get|set}_link_ksettings net: davicom: dm9000: use new api ethtool_{get|set}_link_ksettings net: cirrus: ep93xx: use new api ethtool_{get|set}_link_ksettings net: chelsio: cxgb3: use new api ethtool_{get|set}_link_ksettings net: chelsio: cxgb2: use new api ethtool_{get|set}_link_ksettings bpf: fix mark_reg_unknown_value for spilled regs on map value marking bpf: fix overflow in prog accounting bpf: dynamically allocate digest scratch buffer gtp: Fix initialization of Flags octet in GTPv1 header gtp: gtp_check_src_ms_ipv4() always return success net/x25: use designated initializers isdn: use designated initializers ... commit 231753ef780012eb6f3922c3dfc0a7186baa33c2 Merge: 0110c35 d16744e Author: Linus Torvalds Date: Sat Dec 17 19:16:12 2016 -0800 Merge uncontroversial parts of branch 'readlink' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs Pull partial readlink cleanups from Miklos Szeredi. This is the uncontroversial part of the readlink cleanup patch-set that simplifies the default readlink handling. Miklos and Al are still discussing the rest of the series. * git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs: vfs: make generic_readlink() static vfs: remove ".readlink = generic_readlink" assignments vfs: default to generic_readlink() vfs: replace calling i_op->readlink with vfs_readlink() proc/self: use generic_readlink ecryptfs: use vfs_get_link() bad_inode: add missing i_op initializers commit 3e3397e7b11ce1b9526975ddfbe8dd569fc1f316 Author: Sudip Mukherjee Date: Sat Dec 17 00:45:05 2016 +0000 net: mv643xx_eth: fix build failure The build of sparc allmodconfig fails with the error: "of_irq_to_resource" [drivers/net/ethernet/marvell/mv643xx_eth.ko] undefined! of_irq_to_resource() is defined when CONFIG_OF_IRQ is defined. And also CONFIG_OF_IRQ can only be defined if CONFIG_IRQ is defined. So we can safely use #if defined(CONFIG_OF_IRQ) in the code. Signed-off-by: Sudip Mukherjee Signed-off-by: David S. Miller drivers/net/ethernet/marvell/mv643xx_eth.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit a6b3c48312f6a2c3905653c0633344f811c1dde5 Author: Emese Revfy Date: Fri Dec 16 13:40:47 2016 -0800 isdn: Constify some function parameters The coming initify gcc plugin expects const pointer types, and caught some __printf arguments that weren't const yet. This fixes those. Signed-off-by: Emese Revfy [kees: expanded commit message] Signed-off-by: Kees Cook Signed-off-by: David S. Miller drivers/isdn/hisax/config.c | 16 ++++++++-------- drivers/isdn/hisax/hisax.h | 4 ++-- 2 files changed, 10 insertions(+), 10 deletions(-) commit 9a60c9072295b30459284beca9aff52be8dfd64b Author: Ido Schimmel Date: Fri Dec 16 19:29:03 2016 +0100 mlxsw: spectrum: Mark split ports as such When a port is split we should mark it as such, as otherwise the split ports aren't renamed correctly (e.g. sw1p3 -> sw1p3s1) and the unsplit operation fails: $ devlink port split sw1p3 count 4 $ devlink port unsplit eth0 devlink answers: Invalid argument [ 598.565307] mlxsw_spectrum 0000:03:00.0 eth0: Port wasn't split Fixes: 67963a33b4fd ("mlxsw: Make devlink port instances independent of spectrum/switchx2 port instances") Signed-off-by: Ido Schimmel Reported-by: Tamir Winetroub Reviewed-by: Elad Raz Tested-by: Tamir Winetroub Signed-off-by: Jiri Pirko Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlxsw/spectrum.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 0110c350c86d511be2130cb2a30dcbb76c4af750 Merge: d9cb5bf 9763f7a Author: Linus Torvalds Date: Sat Dec 17 18:44:00 2016 -0800 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs Pull more vfs updates from Al Viro: "In this pile: - autofs-namespace series - dedupe stuff - more struct path constification" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: (40 commits) ocfs2: implement the VFS clone_range, copy_range, and dedupe_range features ocfs2: charge quota for reflinked blocks ocfs2: fix bad pointer cast ocfs2: always unlock when completing dio writes ocfs2: don't eat io errors during _dio_end_io_write ocfs2: budget for extent tree splits when adding refcount flag ocfs2: prohibit refcounted swapfiles ocfs2: add newlines to some error messages ocfs2: convert inode refcount test to a helper simple_write_end(): don't zero in short copy into uptodate exofs: don't mess with simple_write_{begin,end} 9p: saner ->write_end() on failing copy into non-uptodate page fix gfs2_stuffed_write_end() on short copies fix ceph_write_end() nfs_write_end(): fix handling of short copies vfs: refactor clone/dedupe_file_range common functions fs: try to clone files first in vfs_copy_file_range vfs: misc struct path constification namespace.c: constify struct path passed to a bunch of primitives quota: constify struct path in quota_on ... commit 483c4933ea09b7aa625b9d64af286fc22ec7e419 Author: Andy Lutomirski Date: Fri Dec 16 08:33:45 2016 -0800 cgroup: Fix CGROUP_BPF config CGROUP_BPF depended on SOCK_CGROUP_DATA which can't be manually enabled, making it rather challenging to turn CGROUP_BPF on. Signed-off-by: Andy Lutomirski Acked-by: Alexei Starovoitov Signed-off-by: David S. Miller init/Kconfig | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 67a72a58913ab0f2f239e771547a58987c266960 Merge: 7729bad a17d93f Author: David S. Miller Date: Sat Dec 17 21:41:33 2016 -0500 Merge tag 'mac80211-for-davem-2016-12-16' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211 Johannes Berg says: ==================== Three fixes: * avoid a WARN_ON() when trying to use WEP with AP_VLANs * ensure enough headroom on mesh forwarding packets * don't report unknown/invalid rates to userspace ==================== Signed-off-by: David S. Miller commit 7729bad4fd95e48bcafcb2222c63a8a5cdc42f61 Author: Arnd Bergmann Date: Fri Dec 16 09:47:41 2016 +0100 qed: fix old-style function definition The newly added file causes a harmless warning, with "make W=1": drivers/net/ethernet/qlogic/qed/qed_iscsi.c: In function 'qed_get_iscsi_ops': drivers/net/ethernet/qlogic/qed/qed_iscsi.c:1268:29: warning: old-style function definition [-Wold-style-definition] This makes it a proper prototype. Fixes: fc831825f99e ("qed: Add support for hardware offloaded iSCSI.") Signed-off-by: Arnd Bergmann Reviewed-by: Johannes Thumshirn Signed-off-by: David S. Miller drivers/net/ethernet/qlogic/qed/qed_iscsi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit c2ed1880fd61a998e3ce40254a99a2ad000f1a7d Author: Mantas M Date: Fri Dec 16 10:30:59 2016 +0200 net: ipv6: check route protocol when deleting routes The protocol field is checked when deleting IPv4 routes, but ignored for IPv6, which causes problems with routing daemons accidentally deleting externally set routes (observed by multiple bird6 users). This can be verified using `ip -6 route del proto something`. Signed-off-by: Mantas Mikulėnas Signed-off-by: David S. Miller net/ipv6/route.c | 2 ++ 1 file changed, 2 insertions(+) commit c762eaa777b789540e3fe33581d6d0e593dbb22e Author: Manuel Bessler Date: Thu Dec 15 22:55:00 2016 -0500 r6040: move spinlock in r6040_close as SOFTIRQ-unsafe lock order detected 'ifconfig eth0 down' makes r6040_close() trigger: INFO: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected Fixed by moving calls to phy_stop(), napi_disable(), netif_stop_queue() to outside of the module's private spin_lock_irq block. Found on a Versalogic Tomcat SBC with a Vortex86 SoC s1660e_5150:~# sudo ifconfig eth0 down [ 61.306415] ====================================================== [ 61.306415] [ INFO: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected ] [ 61.306415] 4.9.0-gb898d2d-manuel #1 Not tainted [ 61.306415] ------------------------------------------------------ [ 61.306415] ifconfig/449 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 61.306415] (&dev->lock){+.+...}, at: [] phy_stop+0x16/0x80 [ 61.306415] and this task is already holding: [ 61.306415] (&(&lp->lock)->rlock){+.-...}, at: [] r6040_close+0x24/0x230 [r6040] which would create a new lock dependency: [ 61.306415] (&(&lp->lock)->rlock){+.-...} -> (&dev->lock){+.+...} [ 61.306415] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 61.306415] (&(&lp->lock)->rlock){+.-...} [ 61.306415] ... which became SOFTIRQ-irq-safe at: [ 61.306415] [ 61.306415] [] __lock_acquire+0x555/0x1770 [ 61.306415] [ 61.306415] [] lock_acquire+0x7c/0x150 [ 61.306415] [ 61.306415] [] _raw_spin_lock_irqsave+0x24/0x40 [ 61.306415] [ 61.306415] [] r6040_start_xmit+0x30/0x1d0 [r6040] [ 61.306415] [ 61.306415] [] dev_hard_start_xmit+0x9d/0x2d0 [ 61.306415] [ 61.306415] [] sch_direct_xmit+0xa8/0x140 [ 61.306415] [ 61.306415] [] __dev_queue_xmit+0x416/0x780 [ 61.306415] [ 61.306415] [] dev_queue_xmit+0xa/0x10 [ 61.306415] [ 61.306415] [] neigh_resolve_output+0x147/0x220 [ 61.306415] [ 61.306415] [] ip6_finish_output2+0x2fb/0x910 [ 61.306415] [ 61.306415] [] ip6_finish_output+0xa6/0x1a0 [ 61.306415] [ 61.306415] [] ip6_output+0x55/0x320 [ 61.306415] [ 61.306415] [] mld_sendpack+0x352/0x560 [ 61.306415] [ 61.306415] [] mld_ifc_timer_expire+0x155/0x280 [ 61.306415] [ 61.306415] [] call_timer_fn+0x81/0x270 [ 61.306415] [ 61.306415] [] expire_timers+0xc1/0x180 [ 61.306415] [ 61.306415] [] run_timer_softirq+0x77/0x150 [ 61.306415] [ 61.306415] [] __do_softirq+0xb4/0x3d0 [ 61.306415] [ 61.306415] [] do_softirq_own_stack+0x1c/0x30 [ 61.306415] [ 61.306415] [] irq_exit+0x8e/0xa0 [ 61.306415] [ 61.306415] [] do_IRQ+0x51/0x100 [ 61.306415] [ 61.306415] [] common_interrupt+0x36/0x40 [ 61.306415] [ 61.306415] [] set_root+0x68/0xf0 [ 61.306415] [ 61.306415] [] path_init+0x400/0x640 [ 61.306415] [ 61.306415] [] path_lookupat+0xf/0xe0 [ 61.306415] [ 61.306415] [] filename_lookup+0x6c/0x100 [ 61.306415] [ 61.306415] [] user_path_at_empty+0x25/0x30 [ 61.306415] [ 61.306415] [] SyS_faccessat+0x86/0x1e0 [ 61.306415] [ 61.306415] [] SyS_access+0x10/0x20 [ 61.306415] [ 61.306415] [] do_int80_syscall_32+0x3f/0x110 [ 61.306415] [ 61.306415] [] restore_all+0x0/0x61 [ 61.306415] [ 61.306415] to a SOFTIRQ-irq-unsafe lock: [ 61.306415] (&dev->lock){+.+...} [ 61.306415] ... which became SOFTIRQ-irq-unsafe at: [ 61.306415] ...[ 61.306415] [ 61.306415] [] __lock_acquire+0x59c/0x1770 [ 61.306415] [ 61.306415] [] lock_acquire+0x7c/0x150 [ 61.306415] [ 61.306415] [] mutex_lock_nested+0x2d/0x4a0 [ 61.306415] [ 61.306415] [] phy_probe+0x4d/0xc0 [ 61.306415] [ 61.306415] [] phy_attach_direct+0xbe/0x190 [ 61.306415] [ 61.306415] [] phy_connect_direct+0x17/0x60 [ 61.306415] [ 61.306415] [] phy_connect+0x33/0x70 [ 61.306415] [ 61.306415] [] r6040_init_one+0x3a0/0x500 [r6040] [ 61.306415] [ 61.306415] [] pci_device_probe+0x77/0xd0 [ 61.306415] [ 61.306415] [] driver_probe_device+0x145/0x280 [ 61.306415] [ 61.306415] [] __driver_attach+0x89/0x90 [ 61.306415] [ 61.306415] [] bus_for_each_dev+0x4f/0x80 [ 61.306415] [ 61.306415] [] driver_attach+0x14/0x20 [ 61.306415] [ 61.306415] [] bus_add_driver+0x197/0x210 [ 61.306415] [ 61.306415] [] driver_register+0x51/0xd0 [ 61.306415] [ 61.306415] [] __pci_register_driver+0x45/0x50 [ 61.306415] [ 61.306415] [] 0xd0938017 [ 61.306415] [ 61.306415] [] do_one_initcall+0x2f/0x140 [ 61.306415] [ 61.306415] [] do_init_module+0x4a/0x19b [ 61.306415] [ 61.306415] [] load_module+0x1b2e/0x2070 [ 61.306415] [ 61.306415] [] SyS_finit_module+0x69/0x80 [ 61.306415] [ 61.306415] [] do_int80_syscall_32+0x3f/0x110 [ 61.306415] [ 61.306415] [] restore_all+0x0/0x61 [ 61.306415] [ 61.306415] other info that might help us debug this: [ 61.306415] [ 61.306415] Possible interrupt unsafe locking scenario: [ 61.306415] [ 61.306415] CPU0 CPU1 [ 61.306415] ---- ---- [ 61.306415] lock(&dev->lock); [ 61.306415] local_irq_disable(); [ 61.306415] lock(&(&lp->lock)->rlock); [ 61.306415] lock(&dev->lock); [ 61.306415] [ 61.306415] lock(&(&lp->lock)->rlock); [ 61.306415] [ 61.306415] *** DEADLOCK *** [ 61.306415] [ 61.306415] 2 locks held by ifconfig/449: [ 61.306415] #0: (rtnl_mutex){+.+.+.}, at: [] rtnl_lock+0xf/0x20 [ 61.306415] #1: (&(&lp->lock)->rlock){+.-...}, at: [] r6040_close+0x24/0x230 [r6040] [ 61.306415] [ 61.306415] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 61.306415] -> (&(&lp->lock)->rlock){+.-...} ops: 3049 { [ 61.306415] HARDIRQ-ON-W at: [ 61.306415] [ 61.306415] [] __lock_acquire+0x577/0x1770 [ 61.306415] [ 61.306415] [] lock_acquire+0x7c/0x150 [ 61.306415] [ 61.306415] [] _raw_spin_lock+0x1b/0x30 [ 61.306415] [ 61.306415] [] r6040_poll+0x2c/0x330 [r6040] [ 61.306415] [ 61.306415] [] net_rx_action+0x197/0x340 [ 61.306415] [ 61.306415] [] __do_softirq+0xb4/0x3d0 [ 61.306415] [ 61.306415] [] run_ksoftirqd+0x17/0x40 [ 61.306415] [ 61.306415] [] smpboot_thread_fn+0x141/0x180 [ 61.306415] [ 61.306415] [] kthread+0xde/0x110 [ 61.306415] [ 61.306415] [] ret_from_fork+0x19/0x30 [ 61.306415] IN-SOFTIRQ-W at: [ 61.306415] [ 61.306415] [] __lock_acquire+0x555/0x1770 [ 61.306415] [ 61.306415] [] lock_acquire+0x7c/0x150 [ 61.306415] [ 61.306415] [] _raw_spin_lock_irqsave+0x24/0x40 [ 61.306415] [ 61.306415] [] r6040_start_xmit+0x30/0x1d0 [r6040] [ 61.306415] [ 61.306415] [] dev_hard_start_xmit+0x9d/0x2d0 [ 61.306415] [ 61.306415] [] sch_direct_xmit+0xa8/0x140 [ 61.306415] [ 61.306415] [] __dev_queue_xmit+0x416/0x780 [ 61.306415] [ 61.306415] [] dev_queue_xmit+0xa/0x10 [ 61.306415] [ 61.306415] [] neigh_resolve_output+0x147/0x220 [ 61.306415] [ 61.306415] [] ip6_finish_output2+0x2fb/0x910 [ 61.306415] [ 61.306415] [] ip6_finish_output+0xa6/0x1a0 [ 61.306415] [ 61.306415] [] ip6_output+0x55/0x320 [ 61.306415] [ 61.306415] [] mld_sendpack+0x352/0x560 [ 61.306415] [ 61.306415] [] mld_ifc_timer_expire+0x155/0x280 [ 61.306415] [ 61.306415] [] call_timer_fn+0x81/0x270 [ 61.306415] [ 61.306415] [] expire_timers+0xc1/0x180 [ 61.306415] [ 61.306415] [] run_timer_softirq+0x77/0x150 [ 61.306415] [ 61.306415] [] __do_softirq+0xb4/0x3d0 [ 61.306415] [ 61.306415] [] do_softirq_own_stack+0x1c/0x30 [ 61.306415] [ 61.306415] [] irq_exit+0x8e/0xa0 [ 61.306415] [ 61.306415] [] do_IRQ+0x51/0x100 [ 61.306415] [ 61.306415] [] common_interrupt+0x36/0x40 [ 61.306415] [ 61.306415] [] set_root+0x68/0xf0 [ 61.306415] [ 61.306415] [] path_init+0x400/0x640 [ 61.306415] [ 61.306415] [] path_lookupat+0xf/0xe0 [ 61.306415] [ 61.306415] [] filename_lookup+0x6c/0x100 [ 61.306415] [ 61.306415] [] user_path_at_empty+0x25/0x30 [ 61.306415] [ 61.306415] [] SyS_faccessat+0x86/0x1e0 [ 61.306415] [ 61.306415] [] SyS_access+0x10/0x20 [ 61.306415] [ 61.306415] [] do_int80_syscall_32+0x3f/0x110 [ 61.306415] [ 61.306415] [] restore_all+0x0/0x61 [ 61.306415] INITIAL USE at: [ 61.306415] [ 61.306415] [] __lock_acquire+0x1fe/0x1770 [ 61.306415] [ 61.306415] [] lock_acquire+0x7c/0x150 [ 61.306415] [ 61.306415] [] _raw_spin_lock_irqsave+0x24/0x40 [ 61.306415] [ 61.306415] [] r6040_get_stats+0x1e/0x60 [r6040] [ 61.306415] [ 61.306415] [] dev_get_stats+0x96/0xc0 [ 61.306415] [ 61.306415] [] rtnl_fill_stats+0x36/0xfd [ 61.306415] [ 61.306415] [] rtnl_fill_ifinfo+0x47c/0xce0 [ 61.306415] [ 61.306415] [] rtmsg_ifinfo_build_skb+0x4e/0xd0 [ 61.306415] [ 61.306415] [] rtmsg_ifinfo.part.20+0x10/0x40 [ 61.306415] [ 61.306415] [] rtmsg_ifinfo+0x1b/0x20 [ 61.306415] [ 61.306415] [] register_netdevice+0x409/0x550 [ 61.306415] [ 61.306415] [] register_netdev+0x12/0x20 [ 61.306415] [ 61.306415] [] r6040_init_one+0x3e8/0x500 [r6040] [ 61.306415] [ 61.306415] [] pci_device_probe+0x77/0xd0 [ 61.306415] [ 61.306415] [] driver_probe_device+0x145/0x280 [ 61.306415] [ 61.306415] [] __driver_attach+0x89/0x90 [ 61.306415] [ 61.306415] [] bus_for_each_dev+0x4f/0x80 [ 61.306415] [ 61.306415] [] driver_attach+0x14/0x20 [ 61.306415] [ 61.306415] [] bus_add_driver+0x197/0x210 [ 61.306415] [ 61.306415] [] driver_register+0x51/0xd0 [ 61.306415] [ 61.306415] [] __pci_register_driver+0x45/0x50 [ 61.306415] [ 61.306415] [] 0xd0938017 [ 61.306415] [ 61.306415] [] do_one_initcall+0x2f/0x140 [ 61.306415] [ 61.306415] [] do_init_module+0x4a/0x19b [ 61.306415] [ 61.306415] [] load_module+0x1b2e/0x2070 [ 61.306415] [ 61.306415] [] SyS_finit_module+0x69/0x80 [ 61.306415] [ 61.306415] [] do_int80_syscall_32+0x3f/0x110 [ 61.306415] [ 61.306415] [] restore_all+0x0/0x61 [ 61.306415] } [ 61.306415] ... key at: [] __key.45893+0x0/0xfffff739 [r6040] [ 61.306415] ... acquired at: [ 61.306415] [ 61.306415] [] check_irq_usage+0x42/0xb0 [ 61.306415] [ 61.306415] [] __lock_acquire+0x110c/0x1770 [ 61.306415] [ 61.306415] [] lock_acquire+0x7c/0x150 [ 61.306415] [ 61.306415] [] mutex_lock_nested+0x2d/0x4a0 [ 61.306415] [ 61.306415] [] phy_stop+0x16/0x80 [ 61.306415] [ 61.306415] [] r6040_close+0x89/0x230 [r6040] [ 61.306415] [ 61.306415] [] __dev_close_many+0x61/0xa0 [ 61.306415] [ 61.306415] [] __dev_close+0x1f/0x30 [ 61.306415] [ 61.306415] [] __dev_change_flags+0x87/0x150 [ 61.306415] [ 61.306415] [] dev_change_flags+0x23/0x60 [ 61.306415] [ 61.306415] [] devinet_ioctl+0x5f8/0x6f0 [ 61.306415] [ 61.306415] [] inet_ioctl+0x65/0x90 [ 61.306415] [ 61.306415] [] sock_ioctl+0x124/0x2b0 [ 61.306415] [ 61.306415] [] do_vfs_ioctl+0x7c/0x790 [ 61.306415] [ 61.306415] [] SyS_ioctl+0x28/0x50 [ 61.306415] [ 61.306415] [] do_int80_syscall_32+0x3f/0x110 [ 61.306415] [ 61.306415] [] restore_all+0x0/0x61 [ 61.306415] [ 61.306415] the dependencies between the lock to be acquired[ 61.306415] and SOFTIRQ-irq-unsafe lock: [ 61.306415] -> (&dev->lock){+.+...} ops: 56 { [ 61.306415] HARDIRQ-ON-W at: [ 61.306415] [ 61.306415] [] __lock_acquire+0x577/0x1770 [ 61.306415] [ 61.306415] [] lock_acquire+0x7c/0x150 [ 61.306415] [ 61.306415] [] mutex_lock_nested+0x2d/0x4a0 [ 61.306415] [ 61.306415] [] phy_probe+0x4d/0xc0 [ 61.306415] [ 61.306415] [] phy_attach_direct+0xbe/0x190 [ 61.306415] [ 61.306415] [] phy_connect_direct+0x17/0x60 [ 61.306415] [ 61.306415] [] phy_connect+0x33/0x70 [ 61.306415] [ 61.306415] [] r6040_init_one+0x3a0/0x500 [r6040] [ 61.306415] [ 61.306415] [] pci_device_probe+0x77/0xd0 [ 61.306415] [ 61.306415] [] driver_probe_device+0x145/0x280 [ 61.306415] [ 61.306415] [] __driver_attach+0x89/0x90 [ 61.306415] [ 61.306415] [] bus_for_each_dev+0x4f/0x80 [ 61.306415] [ 61.306415] [] driver_attach+0x14/0x20 [ 61.306415] [ 61.306415] [] bus_add_driver+0x197/0x210 [ 61.306415] [ 61.306415] [] driver_register+0x51/0xd0 [ 61.306415] [ 61.306415] [] __pci_register_driver+0x45/0x50 [ 61.306415] [ 61.306415] [] 0xd0938017 [ 61.306415] [ 61.306415] [] do_one_initcall+0x2f/0x140 [ 61.306415] [ 61.306415] [] do_init_module+0x4a/0x19b [ 61.306415] [ 61.306415] [] load_module+0x1b2e/0x2070 [ 61.306415] [ 61.306415] [] SyS_finit_module+0x69/0x80 [ 61.306415] [ 61.306415] [] do_int80_syscall_32+0x3f/0x110 [ 61.306415] [ 61.306415] [] restore_all+0x0/0x61 [ 61.306415] SOFTIRQ-ON-W at: [ 61.306415] [ 61.306415] [] __lock_acquire+0x59c/0x1770 [ 61.306415] [ 61.306415] [] lock_acquire+0x7c/0x150 [ 61.306415] [ 61.306415] [] mutex_lock_nested+0x2d/0x4a0 [ 61.306415] [ 61.306415] [] phy_probe+0x4d/0xc0 [ 61.306415] [ 61.306415] [] phy_attach_direct+0xbe/0x190 [ 61.306415] [ 61.306415] [] phy_connect_direct+0x17/0x60 [ 61.306415] [ 61.306415] [] phy_connect+0x33/0x70 [ 61.306415] [ 61.306415] [] r6040_init_one+0x3a0/0x500 [r6040] [ 61.306415] [ 61.306415] [] pci_device_probe+0x77/0xd0 [ 61.306415] [ 61.306415] [] driver_probe_device+0x145/0x280 [ 61.306415] [ 61.306415] [] __driver_attach+0x89/0x90 [ 61.306415] [ 61.306415] [] bus_for_each_dev+0x4f/0x80 [ 61.306415] [ 61.306415] [] driver_attach+0x14/0x20 [ 61.306415] [ 61.306415] [] bus_add_driver+0x197/0x210 [ 61.306415] [ 61.306415] [] driver_register+0x51/0xd0 [ 61.306415] [ 61.306415] [] __pci_register_driver+0x45/0x50 [ 61.306415] [ 61.306415] [] 0xd0938017 [ 61.306415] [ 61.306415] [] do_one_initcall+0x2f/0x140 [ 61.306415] [ 61.306415] [] do_init_module+0x4a/0x19b [ 61.306415] [ 61.306415] [] load_module+0x1b2e/0x2070 [ 61.306415] [ 61.306415] [] SyS_finit_module+0x69/0x80 [ 61.306415] [ 61.306415] [] do_int80_syscall_32+0x3f/0x110 [ 61.306415] [ 61.306415] [] restore_all+0x0/0x61 [ 61.306415] INITIAL USE at: [ 61.306415] [ 61.306415] [] __lock_acquire+0x1fe/0x1770 [ 61.306415] [ 61.306415] [] lock_acquire+0x7c/0x150 [ 61.306415] [ 61.306415] [] mutex_lock_nested+0x2d/0x4a0 [ 61.306415] [ 61.306415] [] phy_probe+0x4d/0xc0 [ 61.306415] [ 61.306415] [] phy_attach_direct+0xbe/0x190 [ 61.306415] [ 61.306415] [] phy_connect_direct+0x17/0x60 [ 61.306415] [ 61.306415] [] phy_connect+0x33/0x70 [ 61.306415] [ 61.306415] [] r6040_init_one+0x3a0/0x500 [r6040] [ 61.306415] [ 61.306415] [] pci_device_probe+0x77/0xd0 [ 61.306415] [ 61.306415] [] driver_probe_device+0x145/0x280 [ 61.306415] [ 61.306415] [] __driver_attach+0x89/0x90 [ 61.306415] [ 61.306415] [] bus_for_each_dev+0x4f/0x80 [ 61.306415] [ 61.306415] [] driver_attach+0x14/0x20 [ 61.306415] [ 61.306415] [] bus_add_driver+0x197/0x210 [ 61.306415] [ 61.306415] [] driver_register+0x51/0xd0 [ 61.306415] [ 61.306415] [] __pci_register_driver+0x45/0x50 [ 61.306415] [ 61.306415] [] 0xd0938017 [ 61.306415] [ 61.306415] [] do_one_initcall+0x2f/0x140 [ 61.306415] [ 61.306415] [] do_init_module+0x4a/0x19b [ 61.306415] [ 61.306415] [] load_module+0x1b2e/0x2070 [ 61.306415] [ 61.306415] [] SyS_finit_module+0x69/0x80 [ 61.306415] [ 61.306415] [] do_int80_syscall_32+0x3f/0x110 [ 61.306415] [ 61.306415] [] restore_all+0x0/0x61 [ 61.306415] } [ 61.306415] ... key at: [] __key.43998+0x0/0x8 [ 61.306415] ... acquired at: [ 61.306415] [ 61.306415] [] check_irq_usage+0x42/0xb0 [ 61.306415] [ 61.306415] [] __lock_acquire+0x110c/0x1770 [ 61.306415] [ 61.306415] [] lock_acquire+0x7c/0x150 [ 61.306415] [ 61.306415] [] mutex_lock_nested+0x2d/0x4a0 [ 61.306415] [ 61.306415] [] phy_stop+0x16/0x80 [ 61.306415] [ 61.306415] [] r6040_close+0x89/0x230 [r6040] [ 61.306415] [ 61.306415] [] __dev_close_many+0x61/0xa0 [ 61.306415] [ 61.306415] [] __dev_close+0x1f/0x30 [ 61.306415] [ 61.306415] [] __dev_change_flags+0x87/0x150 [ 61.306415] [ 61.306415] [] dev_change_flags+0x23/0x60 [ 61.306415] [ 61.306415] [] devinet_ioctl+0x5f8/0x6f0 [ 61.306415] [ 61.306415] [] inet_ioctl+0x65/0x90 [ 61.306415] [ 61.306415] [] sock_ioctl+0x124/0x2b0 [ 61.306415] [ 61.306415] [] do_vfs_ioctl+0x7c/0x790 [ 61.306415] [ 61.306415] [] SyS_ioctl+0x28/0x50 [ 61.306415] [ 61.306415] [] do_int80_syscall_32+0x3f/0x110 [ 61.306415] [ 61.306415] [] restore_all+0x0/0x61 [ 61.306415] [ 61.306415] [ 61.306415] stack backtrace: [ 61.306415] CPU: 0 PID: 449 Comm: ifconfig Not tainted 4.9.0-gb898d2d-manuel #1 [ 61.306415] Call Trace: [ 61.306415] dump_stack+0x16/0x19 [ 61.306415] check_usage+0x3f6/0x550 [ 61.306415] ? check_usage+0x4d/0x550 [ 61.306415] check_irq_usage+0x42/0xb0 [ 61.306415] __lock_acquire+0x110c/0x1770 [ 61.306415] lock_acquire+0x7c/0x150 [ 61.306415] ? phy_stop+0x16/0x80 [ 61.306415] mutex_lock_nested+0x2d/0x4a0 [ 61.306415] ? phy_stop+0x16/0x80 [ 61.306415] ? r6040_close+0x24/0x230 [r6040] [ 61.306415] ? __delay+0x9/0x10 [ 61.306415] phy_stop+0x16/0x80 [ 61.306415] r6040_close+0x89/0x230 [r6040] [ 61.306415] __dev_close_many+0x61/0xa0 [ 61.306415] __dev_close+0x1f/0x30 [ 61.306415] __dev_change_flags+0x87/0x150 [ 61.306415] dev_change_flags+0x23/0x60 [ 61.306415] devinet_ioctl+0x5f8/0x6f0 [ 61.306415] inet_ioctl+0x65/0x90 [ 61.306415] sock_ioctl+0x124/0x2b0 [ 61.306415] ? dlci_ioctl_set+0x30/0x30 [ 61.306415] do_vfs_ioctl+0x7c/0x790 [ 61.306415] ? trace_hardirqs_on+0xb/0x10 [ 61.306415] ? call_rcu_sched+0xd/0x10 [ 61.306415] ? __put_cred+0x32/0x50 [ 61.306415] ? SyS_faccessat+0x178/0x1e0 [ 61.306415] SyS_ioctl+0x28/0x50 [ 61.306415] do_int80_syscall_32+0x3f/0x110 [ 61.306415] entry_INT80_32+0x2f/0x2f [ 61.306415] EIP: 0xb764d364 [ 61.306415] EFLAGS: 00000286 CPU: 0 [ 61.306415] EAX: ffffffda EBX: 00000004 ECX: 00008914 EDX: bfa99d7c [ 61.306415] ESI: bfa99e4c EDI: fffffffe EBP: 00000004 ESP: bfa99d58 [ 61.306415] DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b [ 63.836607] r6040 0000:00:08.0 eth0: Link is Down Signed-off-by: Manuel Bessler Signed-off-by: David S. Miller drivers/net/ethernet/rdc/r6040.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) commit 3a7f0762a6b784ac9257287346e4f5f5f7f420b7 Author: Dan Carpenter Date: Mon Dec 12 14:21:34 2016 +0300 irda: w83977af_ir: cleanup an indent issue In commit 99d8d2159d7c ("irda: w83977af_ir: Neaten logging"), we accidentally added an extra tab to these lines. Signed-off-by: Dan Carpenter Signed-off-by: David S. Miller drivers/net/irda/w83977af_ir.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 7cafe8f82438ced6de4c6f17b872a02c10f7a63a Author: Philippe Reynes Date: Thu Dec 15 00:12:53 2016 +0100 net: sfc: use new api ethtool_{get|set}_link_ksettings The ethtool api {get|set}_settings is deprecated. We move this driver to new api {get|set}_link_ksettings. Signed-off-by: Philippe Reynes Tested-by: Bert Kenward Acked-by: Bert Kenward Signed-off-by: David S. Miller drivers/net/ethernet/sfc/ethtool.c | 35 ++++++++++++-------- drivers/net/ethernet/sfc/mcdi_port.c | 60 +++++++++++++++++++++-------------- drivers/net/ethernet/sfc/net_driver.h | 12 +++---- 3 files changed, 65 insertions(+), 42 deletions(-) commit 99bff5ee44f32c3ca5115922e487b067d9c3dd6b Author: Philippe Reynes Date: Wed Dec 14 10:01:58 2016 +0100 net: davicom: dm9000: use new api ethtool_{get|set}_link_ksettings The ethtool api {get|set}_settings is deprecated. We move this driver to new api {get|set}_link_ksettings. Signed-off-by: Philippe Reynes Signed-off-by: David S. Miller drivers/net/ethernet/davicom/dm9000.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) commit 93dfe6c290123f1059828001678e6f8b1a102d9a Author: Philippe Reynes Date: Mon Dec 12 23:28:33 2016 +0100 net: cirrus: ep93xx: use new api ethtool_{get|set}_link_ksettings The ethtool api {get|set}_settings is deprecated. We move this driver to new api {get|set}_link_ksettings. Signed-off-by: Philippe Reynes Signed-off-by: David S. Miller drivers/net/ethernet/cirrus/ep93xx_eth.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) commit b7b44fd23e6d2a896c6efbe85b39862f14aae11a Author: Philippe Reynes Date: Mon Dec 12 00:27:49 2016 +0100 net: chelsio: cxgb3: use new api ethtool_{get|set}_link_ksettings The ethtool api {get|set}_settings is deprecated. We move this driver to new api {get|set}_link_ksettings. Signed-off-by: Philippe Reynes Signed-off-by: David S. Miller drivers/net/ethernet/chelsio/cxgb3/cxgb3_main.c | 65 ++++++++++++++----------- 1 file changed, 37 insertions(+), 28 deletions(-) commit 49cad93909b18acf942b70356e65eeeaa9ca9d23 Author: Philippe Reynes Date: Sun Dec 11 22:47:50 2016 +0100 net: chelsio: cxgb2: use new api ethtool_{get|set}_link_ksettings The ethtool api {get|set}_settings is deprecated. We move this driver to new api {get|set}_link_ksettings. Signed-off-by: Philippe Reynes Signed-off-by: David S. Miller drivers/net/ethernet/chelsio/cxgb/cxgb2.c | 64 ++++++++++++++++++------------- 1 file changed, 37 insertions(+), 27 deletions(-) commit 6219d05506b66e3157efa48b1b39042b04280ce1 Merge: 40e972a 6760bf2 Author: David S. Miller Date: Sat Dec 17 21:27:45 2016 -0500 Merge branch 'bpf-fixes' Daniel Borkmann says: ==================== Couple of BPF fixes This set contains three BPF fixes for net, one that addresses the complaint from Geert wrt static allocations, and the other is a fix wrt mem accounting that I found recently during testing and there's still one more fix on the map value marking. Thanks! v1 -> v2: - Patch 1 as is. - Fixed kbuild bot issue by letting charging helpers stay in the syscall.c, since there locked_vm is valid and only export the ones needed by bpf_prog_realloc(). Add empty stubs in case the bpf syscall is not enabled. - Added patch 3 that addresses one more issue in map val marking. ==================== Signed-off-by: David S. Miller commit 6760bf2ddde8ad64f8205a651223a93de3a35494 Author: Daniel Borkmann Date: Sun Dec 18 01:52:59 2016 +0100 bpf: fix mark_reg_unknown_value for spilled regs on map value marking Martin reported a verifier issue that hit the BUG_ON() for his test case in the mark_reg_unknown_value() function: [ 202.861380] kernel BUG at kernel/bpf/verifier.c:467! [...] [ 203.291109] Call Trace: [ 203.296501] [] mark_map_reg+0x45/0x50 [ 203.308225] [] mark_map_regs+0x78/0x90 [ 203.320140] [] do_check+0x226d/0x2c90 [ 203.331865] [] bpf_check+0x48b/0x780 [ 203.343403] [] bpf_prog_load+0x27e/0x440 [ 203.355705] [] ? handle_mm_fault+0x11af/0x1230 [ 203.369158] [] ? security_capable+0x48/0x60 [ 203.382035] [] SyS_bpf+0x124/0x960 [ 203.393185] [] ? __do_page_fault+0x276/0x490 [ 203.406258] [] entry_SYSCALL_64_fastpath+0x13/0x94 This issue got uncovered after the fix in a08dd0da5307 ("bpf: fix regression on verifier pruning wrt map lookups"). The reason why it wasn't noticed before was, because as mentioned in a08dd0da5307, mark_map_regs() was doing the id matching incorrectly based on the uncached regs[regno].id. So, in the first loop, we walked all regs and as soon as we found regno == i, then this reg's id was cleared when calling mark_reg_unknown_value() thus that every subsequent register was probed against id of 0 (which, in combination with the PTR_TO_MAP_VALUE_OR_NULL type is an invalid condition that no other register state can hold), and therefore wasn't type transitioned such as in the spilled register case for the second loop. Now since that got fixed, it turned out that 57a09bf0a416 ("bpf: Detect identical PTR_TO_MAP_VALUE_OR_NULL registers") used mark_reg_unknown_value() incorrectly for the spilled regs, and thus hitting the BUG_ON() in some cases due to regno >= MAX_BPF_REG. Although spilled regs have the same type as the non-spilled regs for the verifier state, that is, struct bpf_reg_state, they are semantically different from the non-spilled regs. In other words, there can be up to 64 (MAX_BPF_STACK / BPF_REG_SIZE) spilled regs in the stack, for example, register R could have been spilled by the program to stack location X, Y, Z, and in mark_map_regs() we need to scan these stack slots of type STACK_SPILL for potential registers that we have to transition from PTR_TO_MAP_VALUE_OR_NULL. Therefore, depending on the location, the spilled_regs regno can be a lot higher than just MAX_BPF_REG's value since we operate on stack instead. The reset in mark_reg_unknown_value() itself is just fine, only that the BUG_ON() was inappropriate for this. Fix it by making a __mark_reg_unknown_value() version that can be called from mark_map_reg() generically; we know for the non-spilled case that the regno is always < MAX_BPF_REG anyway. Fixes: 57a09bf0a416 ("bpf: Detect identical PTR_TO_MAP_VALUE_OR_NULL registers") Reported-by: Martin KaFai Lau Signed-off-by: Daniel Borkmann Acked-by: Alexei Starovoitov Signed-off-by: David S. Miller kernel/bpf/verifier.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) commit 5ccb071e97fbd9ffe623a0d3977cc6d013bee93c Author: Daniel Borkmann Date: Sun Dec 18 01:52:58 2016 +0100 bpf: fix overflow in prog accounting Commit aaac3ba95e4c ("bpf: charge user for creation of BPF maps and programs") made a wrong assumption of charging against prog->pages. Unlike map->pages, prog->pages are still subject to change when we need to expand the program through bpf_prog_realloc(). This can for example happen during verification stage when we need to expand and rewrite parts of the program. Should the required space cross a page boundary, then prog->pages is not the same anymore as its original value that we used to bpf_prog_charge_memlock() on. Thus, we'll hit a wrap-around during bpf_prog_uncharge_memlock() when prog is freed eventually. I noticed this that despite having unlimited memlock, programs suddenly refused to load with EPERM error due to insufficient memlock. There are two ways to fix this issue. One would be to add a cached variable to struct bpf_prog that takes a snapshot of prog->pages at the time of charging. The other approach is to also account for resizes. I chose to go with the latter for a couple of reasons: i) We want accounting rather to be more accurate instead of further fooling limits, ii) adding yet another page counter on struct bpf_prog would also be a waste just for this purpose. We also do want to charge as early as possible to avoid going into the verifier just to find out later on that we crossed limits. The only place that needs to be fixed is bpf_prog_realloc(), since only here we expand the program, so we try to account for the needed delta and should we fail, call-sites check for outcome anyway. On cBPF to eBPF migrations, we don't grab a reference to the user as they are charged differently. With that in place, my test case worked fine. Fixes: aaac3ba95e4c ("bpf: charge user for creation of BPF maps and programs") Signed-off-by: Daniel Borkmann Acked-by: Alexei Starovoitov Signed-off-by: David S. Miller include/linux/bpf.h | 11 +++++++++++ kernel/bpf/core.c | 16 +++++++++++++--- kernel/bpf/syscall.c | 36 ++++++++++++++++++++++++++++-------- 3 files changed, 52 insertions(+), 11 deletions(-) commit aafe6ae9cee32df85eb5e8bb6dd1d918e6807b09 Author: Daniel Borkmann Date: Sun Dec 18 01:52:57 2016 +0100 bpf: dynamically allocate digest scratch buffer Geert rightfully complained that 7bd509e311f4 ("bpf: add prog_digest and expose it via fdinfo/netlink") added a too large allocation of variable 'raw' from bss section, and should instead be done dynamically: # ./scripts/bloat-o-meter kernel/bpf/core.o.1 kernel/bpf/core.o.2 add/remove: 3/0 grow/shrink: 0/0 up/down: 33291/0 (33291) function old new delta raw - 32832 +32832 [...] Since this is only relevant during program creation path, which can be considered slow-path anyway, lets allocate that dynamically and be not implicitly dependent on verifier mutex. Move bpf_prog_calc_digest() at the beginning of replace_map_fd_with_map_ptr() and also error handling stays straight forward. Reported-by: Geert Uytterhoeven Signed-off-by: Daniel Borkmann Acked-by: Alexei Starovoitov Signed-off-by: David S. Miller include/linux/bpf.h | 2 +- include/linux/filter.h | 14 +++++++++++--- kernel/bpf/core.c | 27 ++++++++++++++++----------- kernel/bpf/syscall.c | 2 +- kernel/bpf/verifier.c | 6 ++++-- 5 files changed, 33 insertions(+), 18 deletions(-) commit d9cb5bfcc3339f1a63df8fe0af8cece33c83c3af Merge: 0f484e4 14e73e7 Author: Linus Torvalds Date: Sat Dec 17 17:05:49 2016 -0800 Merge git://git.kernel.org/pub/scm/linux/kernel/git/cmetcalf/linux-tile Pull arch/tile updates from Chris Metcalf: "Another grab-bag of miscellaneous changes" * git://git.kernel.org/pub/scm/linux/kernel/git/cmetcalf/linux-tile: tile: use __ro_after_init instead of tile-specific __write_once tile: migrate exception table users off module.h and onto extable.h tile: remove #pragma unroll from finv_buffer_remote() tile-module: Rename jump labels in module_alloc() tile-module: Use kmalloc_array() in module_alloc() tile/pci_gx: fix spelling mistake: "delievered" -> "delivered" commit 0f484e42baaf5a38fc79e99b917caa5431651fb1 Merge: af79ce4 659643f Author: Linus Torvalds Date: Sat Dec 17 16:47:31 2016 -0800 Merge tag 'kvmgt-vfio-mdev-for-v4.10-rc1' of git://github.com/01org/gvt-linux Pull i915/gvt KVMGT updates from Zhenyu Wang: "KVMGT support depending on the VFIO/mdev framework" * tag 'kvmgt-vfio-mdev-for-v4.10-rc1' of git://github.com/01org/gvt-linux: drm/i915/gvt/kvmgt: add vfio/mdev support to KVMGT drm/i915/gvt/kvmgt: read/write GPA via KVM API drm/i915/gvt/kvmgt: replace kmalloc() by kzalloc() commit af79ce47efabba36d1db0902d46a80de7f251411 Merge: c07dee7 f26e881 Author: Linus Torvalds Date: Sat Dec 17 16:45:00 2016 -0800 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input Pull input subsystem updates from Dmitry Torokhov: - updated support for Synaptics RMI4 devices, including support for SMBus controllers, firmware update support, sensor tuning, and PS/2 guest support - ALPS driver now supports tracksticks on SS5 controllers - i8042 now uses chassis info to skip selftest on Asus laptops as list of individual models became too unwieldy - miscellaneous fixes to other drivers * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input: (67 commits) Input: imx6ul_tsc - generalize the averaging property Input: drv260x - use generic device properties Input: drv260x - use temporary for &client->dev Input: drv260x - fix input device's parent assignment Input: synaptics-rmi4 - add support for F34 V7 bootloader Input: drv260x - fix initializing overdrive voltage Input: ALPS - fix protcol -> protocol Input: i8042 - comment #else/#endif of CONFIG_PNP Input: lpc32xx-keys - fix invalid error handling of a requested irq Input: synaptics-rmi4 - fix debug for sensor clip Input: synaptics-rmi4 - store the attn data in the driver Input: synaptics-rmi4 - allow to add attention data Input: synaptics-rmi4 - f03 - grab data passed by transport device Input: synaptics-rmi4 - add support for F03 Input: imx6ul_tsc - convert int to u32 Input: imx6ul_tsc - add mask when set REG_ADC_CFG Input: synaptics-rmi4 - have only one struct platform data Input: synaptics-rmi4 - remove EXPORT_SYMBOL_GPL for internal functions Input: synaptics-rmi4 - remove mutex calls while updating the firmware Input: drv2667 - fix misuse of regmap_update_bits ... commit c07dee7348e2451bcf2f178bf0e7830268e2c31a Merge: 135c919 445caaa Author: Linus Torvalds Date: Sat Dec 17 16:41:10 2016 -0800 Merge tag 'for-linus-20161216' of git://git.infradead.org/linux-mtd Pull MTD updates from Brian Norris: "Nothing enormous here, though notably we have some of the first work of a few new maintainers. I think for now I'll still be sending pull requests, but that's open to change in the future. Summary: Core: - dynamic BDI object allocation (resolves some problems when built as a module) - cleanups in the ooblayout handling NAND: - new tango NAND controller driver - new ox820 NAND controller driver - addition of a new full-ID entry in the nand_ids table - rework of the s3c240 driver to support DT - extension of the nand_sdr_timings to expose tCCS, tPROG and tR - addition of a new flag to ask the core to wait for tCCS when sending a RNDIN/RNDOUT command - addition of a new flag to ask the core to let the controller driver send the READ/PROGPAGE command Minor fixes/cleanup/cosmetic changes: - properly support 512 ECC step size in the sunxi driver - improve the error messages in the PXA probe path - fix module autoload in the omap2 driver - cleanup of several nand drivers to return nand_scan{_tail}() error code instead of returning -EIO - various cleanups in the denali driver - fix an error check in nandsim SPI NOR: - new flash IDs - wait for Spansion flash to be ready after quad-enable - error handling fixes for Candence QSPI - constify some structures in Freescale QSPI driver" * tag 'for-linus-20161216' of git://git.infradead.org/linux-mtd: (71 commits) mtd: Allocate bdi objects dynamically mtd: nand: tango: Add standard legalese header mtd: maps: add missing iounmap() in error path mtd: spi-nor: constify fsl_qspi_devtype_data mtd: spi-nor: Add support for mr25h40 mtd: spi-nor: Add support for N25Q016A mtd: spi-nor: Add at25df321 spi-nor flash support mtd: spi-nor: Fix some error codes in cqspi_setup_flash() mtd: spi-nor: Off by one in cqspi_setup_flash() mtd: spi-nor: add support for s25fl208k mtd: spi-nor: fix flags for s25fl128s mtd: spi-nor: fix spansion quad enable mtd: spi-nor: add Macronix mx25u25635f to list of known devices. mtd: mtdswap: fix spelling mistake "erassure" -> "erasure" mtd: bcm47xxpart: fix parsing first block after aligned TRX mtd: nand: tango: Use nand_to_mtd() instead of directly accessing chip->mtd mtd: remove unneeded initializer in mtd_ooblayout_count_bytes() mtd: use min_t() to refactor mtd_ooblayout_{get, set}_bytes() mtd: remove unneeded initializer in mtd_ooblayout_{get, set}_bytes() mtd: nand: nandsim: fix error check ... commit 135c919758b019599c9ea7730f7ceb063f19c7b7 Merge: 37861ff ff5b1ce Author: Linus Torvalds Date: Sat Dec 17 16:32:27 2016 -0800 Merge branch 'misc' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild Pull kbuild misc updates from Michal Marek: - one new coccinelle check and improvements to irqf_oneshot.cocci - 'make rpm' POSIX compatibility fix - 'make deb-pkg' arm64 cross-compiling fix. I forgot to send this one during the v4.9 rc-phase, therefor the pull request is based on -rc6 and not -rc1 * 'misc' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild: Coccinelle: misc: Add support for devm variant in all modes Coccinelle: misc: Improve the result given by context mode Coccinelle: misc: Improve the matching of rules kbuild/mkspec: avoid using brace expansion Coccinelle: Add misc/boolconv.cocci builddeb: fix cross-building to arm64 producing host-arch debs commit 37861ffa8c28e6c479cf04a70b7d6cc33d23c2a8 Merge: 41e0e24 83c3a1b Author: Linus Torvalds Date: Sat Dec 17 16:30:24 2016 -0800 Merge branch 'kconfig' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild Pull kconfig updates from Michal Marek: - 'make xconfig' gui fixes - 'make nconfig' fix for options with long prompts - fix 'make nconfig' warning when pkg-config forces -D_GNU_SOURCE * 'kconfig' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild: xconfig: fix missing suboption and help panels on first run xconfig: fix 'Show Debug' functionality kconfig/nconf: Fix hang when editing symbol with a long prompt Scripts: kconfig: nconf: fix _GNU_SOURCE redefined warning commit 41e0e24b450fadc079dfb659d81f3076afcfbd8a Merge: 0aaf214 334bb77 Author: Linus Torvalds Date: Sat Dec 17 16:24:13 2016 -0800 Merge branch 'kbuild' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild Pull kbuild updates from Michal Marek: - prototypes for x86 asm-exported symbols (Adam Borowski) and a warning about missing CRCs (Nick Piggin) - asm-exports fix for LTO (Nicolas Pitre) - thin archives improvements (Nick Piggin) - linker script fix for CONFIG_LD_DEAD_CODE_DATA_ELIMINATION (Nick Piggin) - genksyms support for __builtin_va_list keyword - misc minor fixes * 'kbuild' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild: x86/kbuild: enable modversions for symbols exported from asm kbuild: fix scripts/adjust_autoksyms.sh* for the no modules case scripts/kallsyms: remove last remnants of --page-offset option make use of make variable CURDIR instead of calling pwd kbuild: cmd_export_list: tighten the sed script kbuild: minor improvement for thin archives build kbuild: modpost warn if export version crc is missing kbuild: keep data tables through dead code elimination kbuild: improve linker compatibility with lib-ksyms.o build genksyms: Regenerate parser kbuild/genksyms: handle va_list type kbuild: thin archives for multi-y targets kbuild: kallsyms allow 3-pass generation if symbols size has changed commit 0aaf2146ecf00f7932f472ec5aa30d999c89530c Merge: 59331c2 3fa71d0 Author: Linus Torvalds Date: Sat Dec 17 16:00:34 2016 -0800 Merge tag 'docs-4.10-2' of git://git.lwn.net/linux Pull more documentation updates from Jonathan Corbet: "This converts the crypto DocBook to Sphinx" * tag 'docs-4.10-2' of git://git.lwn.net/linux: crypto: doc - optimize compilation crypto: doc - clarify AEAD memory structure crypto: doc - remove crypto_alloc_ablkcipher crypto: doc - add KPP documentation crypto: doc - fix separation of cipher / req API crypto: doc - fix source comments for Sphinx crypto: doc - remove crypto API DocBook crypto: doc - convert crypto API documentation to Sphinx commit c44ef859ceff45db1c72f9ccbfae96843c4b1501 Merge: 325896f d7fe1a6 Author: Dan Williams Date: Sat Dec 17 15:08:10 2016 -0800 Merge branch 'for-4.10/libnvdimm' into libnvdimm-for-next commit d7fe1a67f658b50ec98ee1afb86df7b35c2b2593 Author: Dan Williams Date: Sat Dec 17 14:50:04 2016 -0800 dax: add region 'id', 'size', and 'align' attributes While this information is available by looking at the nvdimm parent device that may not always be the case when/if we add support for other memory regions. Tooling should not depend on walking a given ancestor topology that is not guaranteed by the device's class. For example, a device-dax instance will always have a dax_region parent, but it may not always have a libnvdimm "dax" device as a grandparent. Reported-by: Johannes Thumshirn Signed-off-by: Dan Williams drivers/dax/dax.c | 94 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 94 insertions(+) commit e8465447d2f3366069115f7453153561ac9a1220 Author: Ritesh Harjani Date: Fri Dec 16 10:11:56 2016 +0530 block: Remove unused member (busy) from struct blk_queue_tag Signed-off-by: Ritesh Harjani Reviewed-by: Bart Van Assche Signed-off-by: Jens Axboe include/linux/blkdev.h | 1 - 1 file changed, 1 deletion(-) commit b8c0d911ac5285e6be8967713271a51bdc5a936a Author: Eric Wheeler Date: Sun Oct 23 18:19:20 2016 -0700 bcache: partition support: add 16 minors per bcacheN device Signed-off-by: Eric Wheeler Tested-by: Wido den Hollander drivers/md/bcache/super.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit be628be09563f8f6e81929efbd7cf3f45c344416 Author: Kent Overstreet Date: Wed Oct 26 20:31:17 2016 -0700 bcache: Make gc wakeup sane, remove set_task_state() Signed-off-by: Kent Overstreet drivers/md/bcache/bcache.h | 4 ++-- drivers/md/bcache/btree.c | 39 ++++++++++++++++++++------------------- drivers/md/bcache/btree.h | 3 +-- drivers/md/bcache/request.c | 4 +--- drivers/md/bcache/super.c | 2 ++ 5 files changed, 26 insertions(+), 26 deletions(-) commit 8e598769c55dd6c442a1c6cbd21e7abda2a52215 Author: Tin Huynh Date: Wed Dec 14 16:23:58 2016 +0700 i2c: designware: fix wrong Tx/Rx FIFO for ACPI ACPI always sets Tx/Rx FIFO to 32. This configuration will cause problem if the IP core supports a FIFO size of less than 32. The driver should read the FIFO size from the IP and select the smaller one of the two. Signed-off-by: Tin Huynh Acked-by: Jarkko Nikula Reviewed-by: Mika Westerberg Reviewed-by: Andy Shevchenko Signed-off-by: Wolfram Sang drivers/i2c/busses/i2c-designware-platdrv.c | 31 ++++++++++++++++++++++------- 1 file changed, 24 insertions(+), 7 deletions(-) commit 1635c5d04ea9343f0e3c74709c29995a23801ecd Author: Tin Huynh Date: Wed Dec 14 14:17:26 2016 +0700 i2c: xgene: Fix missing code of DTB support In DTB case, i2c-core doesn't create slave device which is installed on i2c-xgene bus because of missing code in this driver. This patch fixes this issue. Signed-off-by: Tin Huynh Signed-off-by: Wolfram Sang drivers/i2c/busses/i2c-xgene-slimpro.c | 1 + 1 file changed, 1 insertion(+) commit 7f638c1cb0a1112dbe0b682a42db30521646686b Author: Russell King Date: Sat Dec 17 12:10:56 2016 +0000 i2c: mux: pca954x: fix i2c mux selection caching smbus functions return -ve on error, 0 on success. However, __i2c_transfer() have a different return signature - -ve on error, or number of buffers transferred (which may be zero or greater.) The upshot of this is that the sense of the test is reversed when using the mux on a bus supporting the master_xfer method: we cache the value and never retry if we fail to transfer any buffers, but if we succeed, we clear the cached value. Fix this by making pca954x_reg_write() return a negative error code for all failure cases. Fixes: 463e8f845cbf ("i2c: mux: pca954x: retry updating the mux selection on failure") Acked-by: Peter Rosin Signed-off-by: Russell King Signed-off-by: Wolfram Sang drivers/i2c/muxes/i2c-mux-pca954x.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit 493ff7e2cdda9182fb709d3681315180d9165bd8 Author: Jan Glauber Date: Fri Dec 9 10:31:57 2016 +0100 i2c: octeon: thunderx: Limit register access retries Do not infinitely retry register readq and writeq operations in order to not lock up the CPU in case the TWSI gets stuck. Return -EIO in case of a failed data read. For all other cases just return so subsequent operations will fail and trigger the recovery. Signed-off-by: Jan Glauber Signed-off-by: Wolfram Sang drivers/i2c/busses/i2c-octeon-core.c | 4 +++- drivers/i2c/busses/i2c-octeon-core.h | 21 ++++++++++++++++----- 2 files changed, 19 insertions(+), 6 deletions(-) commit 40e972ab652f3e9b84a8f24f517345b460962c29 Merge: e999cb4 d928be8 Author: David S. Miller Date: Sat Dec 17 12:00:26 2016 -0500 Merge branch 'gtp-fixes' Pablo Neira Ayuso says: ==================== GTP tunneling fixes for net The following patchset contains two GTP tunneling fixes for your net tree, they are: 1) Offset to IPv4 header in gtp_check_src_ms_ipv4() is incorrect, thus this function always succeeds and therefore this defeats this sanity check. This allows packets that have no PDP to go though, patch from Lionel Gauthier. 2) According to Note 0 of Figure 2 in Section 6 of 3GPP TS 29.060 v13.5.0 Release 13, always set GTPv1 reserved bit to zero. This may cause interoperability problems, patch from Harald Welte. Please, apply, thanks a lot! ==================== Signed-off-by: David S. Miller commit d928be81b44dc3cad75d7a9f9fcbe99725dc7e56 Author: Harald Welte Date: Thu Dec 15 22:35:53 2016 +0100 gtp: Fix initialization of Flags octet in GTPv1 header When generating a GTPv1 header in gtp1_push_header(), initialize the 'reserved' bit to zero. All 3GPP specifications for GTPv1 from Release 99 through Release 13 agree that a transmitter shall set this bit to zero, see e.g. Note 0 of Figure 2 in Section 6 of 3GPP TS 29.060 v13.5.0 Release 13, available from http://www.etsi.org/deliver/etsi_ts/129000_129099/129060/13.05.00_60/ts_129060v130500p.pdf Signed-off-by: Harald Welte Signed-off-by: Pablo Neira Ayuso Signed-off-by: David S. Miller drivers/net/gtp.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 88edf10315c8d72db70d39f3851cf2c91abdb634 Author: Lionel Gauthier Date: Thu Dec 15 22:35:52 2016 +0100 gtp: gtp_check_src_ms_ipv4() always return success gtp_check_src_ms_ipv4() did not find the PDP context matching with the UE IP address because the memory location is not right, but the result is inverted by the Boolean "not" operator. So whatever is the PDP context, any call to this function is successful. Signed-off-by: Lionel Gauthier Signed-off-by: Pablo Neira Ayuso Signed-off-by: David S. Miller drivers/net/gtp.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit e999cb43d51f3635afd6253c5c066798ad998255 Author: Kees Cook Date: Fri Dec 16 17:03:39 2016 -0800 net/x25: use designated initializers Prepare to mark sensitive kernel structures for randomization by making sure they're using designated initializers. These were identified during allyesconfig builds of x86, arm, and arm64, with most initializer fixes extracted from grsecurity. Signed-off-by: Kees Cook Signed-off-by: David S. Miller net/x25/sysctl_net_x25.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit ebf12f1320c70c3eaeb5b7d108444fafd54d352c Author: Kees Cook Date: Fri Dec 16 17:01:42 2016 -0800 isdn: use designated initializers Prepare to mark sensitive kernel structures for randomization by making sure they're using designated initializers. These were identified during allyesconfig builds of x86, arm, and arm64, with most initializer fixes extracted from grsecurity. Signed-off-by: Kees Cook Signed-off-by: David S. Miller drivers/isdn/i4l/isdn_concap.c | 6 +++--- drivers/isdn/i4l/isdn_x25iface.c | 16 ++++++++-------- 2 files changed, 11 insertions(+), 11 deletions(-) commit 9751362a4fe7ad37115d20344ce6d914a088268d Author: Kees Cook Date: Fri Dec 16 17:00:54 2016 -0800 bna: use designated initializers Prepare to mark sensitive kernel structures for randomization by making sure they're using designated initializers. These were identified during allyesconfig builds of x86, arm, and arm64, with most initializer fixes extracted from grsecurity. Signed-off-by: Kees Cook Signed-off-by: David S. Miller drivers/net/ethernet/brocade/bna/bna_enet.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit aabd7ad949247ef315fa5086d2caad7885567434 Author: Kees Cook Date: Fri Dec 16 16:59:18 2016 -0800 WAN: use designated initializers Prepare to mark sensitive kernel structures for randomization by making sure they're using designated initializers. These were identified during allyesconfig builds of x86, arm, and arm64, with most initializer fixes extracted from grsecurity. Signed-off-by: Kees Cook Signed-off-by: David S. Miller drivers/net/wan/lmc/lmc_media.c | 97 +++++++++++++++++++++-------------------- 1 file changed, 49 insertions(+), 48 deletions(-) commit 9d1c0ca5e1d6697ce1e32bb708bfe24dff34f287 Author: Kees Cook Date: Fri Dec 16 16:58:58 2016 -0800 net: use designated initializers Prepare to mark sensitive kernel structures for randomization by making sure they're using designated initializers. These were identified during allyesconfig builds of x86, arm, and arm64, with most initializer fixes extracted from grsecurity. Signed-off-by: Kees Cook Signed-off-by: David S. Miller net/decnet/dn_dev.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 99a5e178bde4b0fa1f25ca8d9caee0cb5e329e7c Author: Kees Cook Date: Fri Dec 16 16:58:43 2016 -0800 ATM: use designated initializers Prepare to mark sensitive kernel structures for randomization by making sure they're using designated initializers. These were identified during allyesconfig builds of x86, arm, and arm64, with most initializer fixes extracted from grsecurity. Signed-off-by: Kees Cook Signed-off-by: David S. Miller net/atm/lec.c | 6 ++-- net/atm/mpoa_caches.c | 43 ++++++++++++++-------------- net/vmw_vsock/vmci_transport_notify.c | 30 +++++++++---------- net/vmw_vsock/vmci_transport_notify_qstate.c | 30 +++++++++---------- 4 files changed, 54 insertions(+), 55 deletions(-) commit 4794195058b916cabcfaf9f4dfc699e6f48784f7 Author: Kees Cook Date: Fri Dec 16 16:58:06 2016 -0800 isdn/gigaset: use designated initializers Prepare to mark sensitive kernel structures for randomization by making sure they're using designated initializers. These were identified during allyesconfig builds of x86, arm, and arm64, with most initializer fixes extracted from grsecurity. Signed-off-by: Kees Cook Signed-off-by: David S. Miller drivers/isdn/gigaset/bas-gigaset.c | 32 ++++++++++++++++---------------- drivers/isdn/gigaset/ser-gigaset.c | 32 ++++++++++++++++---------------- drivers/isdn/gigaset/usb-gigaset.c | 32 ++++++++++++++++---------------- 3 files changed, 48 insertions(+), 48 deletions(-) commit cd333e377f803dbf8ec7588f598b70d4a1178f58 Merge: 08abb79 72979a6 Author: David S. Miller Date: Sat Dec 17 11:48:56 2016 -0500 Merge branch 'virtio_net-XDP' John Fastabend says: ==================== XDP for virtio_net This implements virtio_net for the mergeable buffers and big_packet modes. I tested this with vhost_net running on qemu and did not see any issues. For testing num_buf > 1 I added a hack to vhost driver to only but 100 bytes per buffer. There are some restrictions for XDP to be enabled and work well (see patch 3) for more details. 1. GUEST_TSO{4|6} must be off 2. MTU must be less than PAGE_SIZE 3. queues must be available to dedicate to XDP 4. num_bufs received in mergeable buffers must be 1 5. big_packet mode must have all data on single page To test this I used pktgen in the hypervisor and ran the XDP sample programs xdp1 and xdp2 from ./samples/bpf in the host. The default mode that is used with these patches with Linux guest and QEMU/Linux hypervisor is the mergeable buffers mode. I tested this mode for 2+ days running xdp2 without issues. Additionally I did a series of driver unload/load tests to check the allocate/release paths. To test the big_packets path I applied the following simple patch against the virtio driver forcing big_packets mode, --- a/drivers/net/virtio_net.c +++ b/drivers/net/virtio_net.c @@ -2242,7 +2242,7 @@ static int virtnet_probe(struct virtio_device *vdev) vi->big_packets = true; if (virtio_has_feature(vdev, VIRTIO_NET_F_MRG_RXBUF)) - vi->mergeable_rx_bufs = true; + vi->mergeable_rx_bufs = false; if (virtio_has_feature(vdev, VIRTIO_NET_F_MRG_RXBUF) || virtio_has_feature(vdev, VIRTIO_F_VERSION_1)) I then repeated the tests with xdp1 and xdp2. After letting them run for a few hours I called it good enough. Testing the unexpected case where virtio receives a packet across multiple buffers required patching the hypervisor vhost driver to convince it to send these unexpected packets. Then I used ping with the -s option to trigger the case with multiple buffers. This mode is not expected to be used but as MST pointed out per spec it is not strictly speaking illegal to generate multi-buffer packets so we need someway to handle these. The following patch can be used to generate multiple buffers, --- a/drivers/vhost/vhost.c +++ b/drivers/vhost/vhost.c @@ -1777,7 +1777,8 @@ static int translate_desc(struct vhost_virtqueue *vq, u64 _iov = iov + ret; size = node->size - addr + node->start; - _iov->iov_len = min((u64)len - s, size); + printk("%s: build 100 length headers!\n", __func__); + _iov->iov_len = min((u64)len - s, (u64)100);//size); _iov->iov_base = (void __user *)(unsigned long) (node->userspace_addr + addr - node->start); s += size; The qemu command I most frequently used for testing (although I did test various other combinations of devices) is the following, ./x86_64-softmmu/qemu-system-x86_64 \ -hda /var/lib/libvirt/images/Fedora-test0.img \ -m 4096 -enable-kvm -smp 2 \ -netdev tap,id=hn0,queues=4,vhost=on \ -device virtio-net-pci,netdev=hn0,mq=on,vectors=9,guest_tso4=off,guest_tso6=off \ -serial stdio The options 'guest_tso4=off,guest_tso6=off' are required because we do not support LRO with XDP at the moment. Please review any comments/feedback welcome as always. ==================== Acked-by: Michael S. Tsirkin Signed-off-by: David S. Miller commit 72979a6c35907b6a7ab85e7bc60e0d52dba68f9d Author: John Fastabend Date: Thu Dec 15 12:14:36 2016 -0800 virtio_net: xdp, add slowpath case for non contiguous buffers virtio_net XDP support expects receive buffers to be contiguous. If this is not the case we enable a slowpath to allow connectivity to continue but at a significan performance overhead associated with linearizing data. To make it painfully aware to users that XDP is running in a degraded mode we throw an xdp buffer error. To linearize packets we allocate a page and copy the segments of the data, including the header, into it. After this the page can be handled by XDP code flow as normal. Then depending on the return code the page is either freed or sent to the XDP xmit path. There is no attempt to optimize this path. This case is being handled simple as a precaution in case some unknown backend were to generate packets in this form. To test this I had to hack qemu and force it to generate these packets. I do not expect this case to be generated by "real" backends. Signed-off-by: John Fastabend Signed-off-by: David S. Miller drivers/net/virtio_net.c | 75 +++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 74 insertions(+), 1 deletion(-) commit 56434a01b12e99eb60908f5f2b27b90726d0a183 Author: John Fastabend Date: Thu Dec 15 12:14:13 2016 -0800 virtio_net: add XDP_TX support This adds support for the XDP_TX action to virtio_net. When an XDP program is run and returns the XDP_TX action the virtio_net XDP implementation will transmit the packet on a TX queue that aligns with the current CPU that the XDP packet was processed on. Before sending the packet the header is zeroed. Also XDP is expected to handle checksum correctly so no checksum offload support is provided. Signed-off-by: John Fastabend Signed-off-by: David S. Miller drivers/net/virtio_net.c | 100 +++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 93 insertions(+), 7 deletions(-) commit 672aafd5d88a951f394334802b938b502010d9eb Author: John Fastabend Date: Thu Dec 15 12:13:49 2016 -0800 virtio_net: add dedicated XDP transmit queues XDP requires using isolated transmit queues to avoid interference with normal networking stack (BQL, NETDEV_TX_BUSY, etc). This patch adds a XDP queue per cpu when a XDP program is loaded and does not expose the queues to the OS via the normal API call to netif_set_real_num_tx_queues(). This way the stack will never push an skb to these queues. However virtio/vhost/qemu implementation only allows for creating TX/RX queue pairs at this time so creating only TX queues was not possible. And because the associated RX queues are being created I went ahead and exposed these to the stack and let the backend use them. This creates more RX queues visible to the network stack than TX queues which is worth mentioning but does not cause any issues as far as I can tell. Signed-off-by: John Fastabend Signed-off-by: David S. Miller drivers/net/virtio_net.c | 30 ++++++++++++++++++++++++++++-- 1 file changed, 28 insertions(+), 2 deletions(-) commit f600b690501550b94e83e07295d9c8b9c4c39f4e Author: John Fastabend Date: Thu Dec 15 12:13:24 2016 -0800 virtio_net: Add XDP support This adds XDP support to virtio_net. Some requirements must be met for XDP to be enabled depending on the mode. First it will only be supported with LRO disabled so that data is not pushed across multiple buffers. Second the MTU must be less than a page size to avoid having to handle XDP across multiple pages. If mergeable receive is enabled this patch only supports the case where header and data are in the same buf which we can check when a packet is received by looking at num_buf. If the num_buf is greater than 1 and a XDP program is loaded the packet is dropped and a warning is thrown. When any_header_sg is set this does not happen and both header and data is put in a single buffer as expected so we check this when XDP programs are loaded. Subsequent patches will process the packet in a degraded mode to ensure connectivity and correctness is not lost even if backend pushes packets into multiple buffers. If big packets mode is enabled and MTU/LRO conditions above are met then XDP is allowed. This patch was tested with qemu with vhost=on and vhost=off where mergeable and big_packet modes were forced via hard coding feature negotiation. Multiple buffers per packet was forced via a small test patch to vhost.c in the vhost=on qemu mode. Suggested-by: Shrijeet Mukherjee Signed-off-by: John Fastabend Signed-off-by: David S. Miller drivers/net/virtio_net.c | 176 +++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 171 insertions(+), 5 deletions(-) commit f23bc46c30ca5ef58b8549434899fcbac41b2cfc Author: John Fastabend Date: Thu Dec 15 12:12:54 2016 -0800 net: xdp: add invalid buffer warning This adds a warning for drivers to use when encountering an invalid buffer for XDP. For normal cases this should not happen but to catch this in virtual/qemu setups that I may not have expected from the emulation layer having a standard warning is useful. Signed-off-by: John Fastabend Signed-off-by: David S. Miller include/linux/filter.h | 1 + net/core/filter.c | 6 ++++++ 2 files changed, 7 insertions(+) commit 08abb79542c9e8c367d1d8e44fe1026868d3f0a7 Author: Xin Long Date: Thu Dec 15 23:05:52 2016 +0800 sctp: sctp_transport_lookup_process should rcu_read_unlock when transport is null Prior to this patch, sctp_transport_lookup_process didn't rcu_read_unlock when it failed to find a transport by sctp_addrs_lookup_transport. This patch is to fix it by moving up rcu_read_unlock right before checking transport and also to remove the out path. Fixes: 1cceda784980 ("sctp: fix the issue sctp_diag uses lock_sock in rcu_read_lock") Signed-off-by: Xin Long Acked-by: Marcelo Ricardo Leitner Signed-off-by: David S. Miller net/sctp/socket.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) commit 5cb2cd68ddf9a13af36cec633006c0f2bdfb300a Author: Xin Long Date: Thu Dec 15 23:00:55 2016 +0800 sctp: sctp_epaddr_lookup_transport should be protected by rcu_read_lock Since commit 7fda702f9315 ("sctp: use new rhlist interface on sctp transport rhashtable"), sctp has changed to use rhlist_lookup to look up transport, but rhlist_lookup doesn't call rcu_read_lock inside, unlike rhashtable_lookup_fast. It is called in sctp_epaddr_lookup_transport and sctp_addrs_lookup_transport. sctp_addrs_lookup_transport is always in the protection of rcu_read_lock(), as __sctp_lookup_association is called in rx path or sctp_lookup_association which are in the protection of rcu_read_lock() already. But sctp_epaddr_lookup_transport is called by sctp_endpoint_lookup_assoc, it doesn't call rcu_read_lock, which may cause "suspicious rcu_dereference_check usage' in __rhashtable_lookup. This patch is to fix it by adding rcu_read_lock in sctp_endpoint_lookup_assoc before calling sctp_epaddr_lookup_transport. Fixes: 7fda702f9315 ("sctp: use new rhlist interface on sctp transport rhashtable") Reported-by: Dmitry Vyukov Signed-off-by: Xin Long Acked-by: Marcelo Ricardo Leitner Signed-off-by: David S. Miller net/sctp/endpointola.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit 10a3ecf49b681af49bf1b4f3fcf00115059a0ac6 Merge: 616f6b4 63f4b4b Author: David S. Miller Date: Sat Dec 17 11:43:05 2016 -0500 Merge branch 'dpaa_eth-fixes' Madalin Bucur says: ==================== dpaa_eth: a couple of fixes This patch set introduces big endian accessors in the dpaa_eth driver making sure accesses to the QBMan HW are correct on little endian platforms. Removing a redundant Kconfig dependency on FSL_SOC. Adding myself as maintainer of the dpaa_eth driver. ==================== Signed-off-by: David S. Miller commit 63f4b4b0348b494c0fcfa1c41e7da865108dcaab Author: Madalin Bucur Date: Thu Dec 15 15:13:06 2016 +0200 MAINTAINERS: net: add entry for Freescale QorIQ DPAA Ethernet driver Add record for Freescale QORIQ DPAA Ethernet driver adding myself as maintainer. Signed-off-by: Madalin Bucur Signed-off-by: David S. Miller MAINTAINERS | 6 ++++++ 1 file changed, 6 insertions(+) commit 708f0f4f9cec143403f8575493bea62a692b4ca2 Author: Madalin Bucur Date: Thu Dec 15 15:13:05 2016 +0200 dpaa_eth: remove redundant dependency on FSL_SOC Signed-off-by: Madalin Bucur Signed-off-by: David S. Miller drivers/net/ethernet/freescale/dpaa/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 7d6f8dc0b2180ed60aea65660b35d7618ff6e4ee Author: Claudiu Manoil Date: Thu Dec 15 15:13:04 2016 +0200 dpaa_eth: use big endian accessors Ensure correct access to the big endian QMan HW through proper accessors. Signed-off-by: Claudiu Manoil Signed-off-by: Madalin Bucur Signed-off-by: David S. Miller drivers/net/ethernet/freescale/dpaa/dpaa_eth.c | 71 ++++++++++++++------------ 1 file changed, 37 insertions(+), 34 deletions(-) commit 616f6b40236fb9fdfc5267e2e945e16b7448b641 Author: LABBE Corentin Date: Thu Dec 15 11:42:50 2016 +0100 irda: irnet: add member name to the miscdevice declaration Since the struct miscdevice have many members, it is dangerous to init it without members name relying only on member order. This patch add member name to the init declaration. Signed-off-by: Corentin Labbe Signed-off-by: David S. Miller net/irda/irnet/irnet_ppp.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 33de4d1bb9e3d90e2238e85d7865ec664cf48e60 Author: LABBE Corentin Date: Thu Dec 15 11:42:49 2016 +0100 irda: irnet: Remove unused IRNET_MAJOR define The IRNET_MAJOR define is not used, so this patch remove it. Signed-off-by: Corentin Labbe Signed-off-by: David S. Miller net/irda/irnet/irnet_ppp.h | 3 --- 1 file changed, 3 deletions(-) commit 24c946cc5d35e32c5bb0c07ebdad32756e2bd20d Author: LABBE Corentin Date: Thu Dec 15 11:42:48 2016 +0100 irnet: ppp: move IRNET_MINOR to include/linux/miscdevice.h This patch move the define for IRNET_MINOR to include/linux/miscdevice.h It is better that all minor number definitions are in the same place. Signed-off-by: Corentin Labbe Acked-by: Greg Kroah-Hartman Signed-off-by: David S. Miller include/linux/miscdevice.h | 1 + net/irda/irnet/irnet_ppp.h | 1 - 2 files changed, 1 insertion(+), 1 deletion(-) commit e292823559709b09cd9bf7bd112bd13c93daa146 Author: LABBE Corentin Date: Thu Dec 15 11:42:47 2016 +0100 irda: irnet: Move linux/miscdevice.h include The only use of miscdevice is irda_ppp so no need to include linux/miscdevice.h for all irda files. This patch move the linux/miscdevice.h include to irnet_ppp.h Signed-off-by: Corentin Labbe Signed-off-by: David S. Miller net/irda/irnet/irnet.h | 1 - net/irda/irnet/irnet_ppp.h | 1 + 2 files changed, 1 insertion(+), 1 deletion(-) commit 078497a4d9535026b137c08e3746e600d5669a05 Author: LABBE Corentin Date: Thu Dec 15 11:42:46 2016 +0100 irda: irproc.c: Remove unneeded linux/miscdevice.h include irproc.c does not use any miscdevice so this patch remove this unnecessary inclusion. Signed-off-by: Corentin Labbe Signed-off-by: David S. Miller net/irda/irproc.c | 1 - 1 file changed, 1 deletion(-) commit dcdc43d6642c828fa10d25130a92b712003d2ca4 Author: Daniel Mack Date: Thu Dec 15 10:53:21 2016 +0100 bpf: cgroup: annotate pointers in struct cgroup_bpf with __rcu The member 'effective' in 'struct cgroup_bpf' is protected by RCU. Annotate it accordingly to squelch a sparse warning. Signed-off-by: Daniel Mack Acked-by: Alexei Starovoitov Signed-off-by: David S. Miller include/linux/bpf-cgroup.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 28055c9710e7ab1479d018224be697f63eac2daa Merge: 0eb6984 0643ee4 Author: David S. Miller Date: Sat Dec 17 11:13:20 2016 -0500 Merge branch 'inet_csk_get_port-and-soreusport-fixes' Tom Herbert says: ==================== inet: Fixes for inet_csk_get_port and soreusport This patch set fixes a couple of issues I noticed while debugging our softlockup issue in inet_csk_get_port. - Don't allow jump into port scan in inet_csk_get_port if function was called with non-zero port number (looking up explicit port number). - When inet_csk_get_port is called with zero port number (ie. perform scan) an reuseport is set on the socket, don't match sockets that also have reuseport set. The intent from the user should be to get a new port number and then explictly bind other sockets to that number using soreuseport. Tested: Ran first patch on production workload with no ill effect. For second patch, ran a little listener application and first demonstrated that unbound sockets with soreuseport can indeed be bound to unrelated soreuseport sockets. ==================== Signed-off-by: David S. Miller commit 0643ee4fd1b79c1af3bd7bc8968dbf5fd047f490 Author: Tom Herbert Date: Wed Dec 14 16:54:16 2016 -0800 inet: Fix get port to handle zero port number with soreuseport set A user may call listen with binding an explicit port with the intent that the kernel will assign an available port to the socket. In this case inet_csk_get_port does a port scan. For such sockets, the user may also set soreuseport with the intent a creating more sockets for the port that is selected. The problem is that the initial socket being opened could inadvertently choose an existing and unreleated port number that was already created with soreuseport. This patch adds a boolean parameter to inet_bind_conflict that indicates rather soreuseport is allowed for the check (in addition to sk->sk_reuseport). In calls to inet_bind_conflict from inet_csk_get_port the argument is set to true if an explicit port is being looked up (snum argument is nonzero), and is false if port scan is done. Signed-off-by: Tom Herbert Signed-off-by: David S. Miller include/net/inet6_connection_sock.h | 3 ++- include/net/inet_connection_sock.h | 6 ++++-- net/ipv4/inet_connection_sock.c | 14 +++++++++----- net/ipv6/inet6_connection_sock.c | 7 ++++--- 4 files changed, 19 insertions(+), 11 deletions(-) commit 9af7e923fdd82dc25ad5ea75e24e92708947f961 Author: Tom Herbert Date: Wed Dec 14 16:54:15 2016 -0800 inet: Don't go into port scan when looking for specific bind port inet_csk_get_port is called with port number (snum argument) that may be zero or nonzero. If it is zero, then the intent is to find an available ephemeral port number to bind to. If snum is non-zero then the caller is asking to allocate a specific port number. In the latter case we never want to perform the scan in ephemeral port range. It is conceivable that this can happen if the "goto again" in "tb_found:" is done. This patch adds a check that snum is zero before doing the "goto again". Signed-off-by: Tom Herbert Signed-off-by: David S. Miller net/ipv4/inet_connection_sock.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 0eb6984f70005e792917d9e51142a57f79b32c91 Author: Daniel Borkmann Date: Thu Dec 15 01:39:10 2016 +0100 bpf, test_verifier: fix a test case error result on unprivileged Running ./test_verifier as unprivileged lets 1 out of 98 tests fail: [...] #71 unpriv: check that printk is disallowed FAIL Unexpected error message! 0: (7a) *(u64 *)(r10 -8) = 0 1: (bf) r1 = r10 2: (07) r1 += -8 3: (b7) r2 = 8 4: (bf) r3 = r1 5: (85) call bpf_trace_printk#6 unknown func bpf_trace_printk#6 [...] The test case is correct, just that the error outcome changed with ebb676daa1a3 ("bpf: Print function name in addition to function id"). Same as with e00c7b216f34 ("bpf: fix multiple issues in selftest suite and samples") issue 2), so just fix up the function name. Fixes: ebb676daa1a3 ("bpf: Print function name in addition to function id") Signed-off-by: Daniel Borkmann Acked-by: Alexei Starovoitov Signed-off-by: David S. Miller tools/testing/selftests/bpf/test_verifier.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit a08dd0da5307ba01295c8383923e51e7997c3576 Author: Daniel Borkmann Date: Thu Dec 15 01:30:06 2016 +0100 bpf: fix regression on verifier pruning wrt map lookups Commit 57a09bf0a416 ("bpf: Detect identical PTR_TO_MAP_VALUE_OR_NULL registers") introduced a regression where existing programs stopped loading due to reaching the verifier's maximum complexity limit, whereas prior to this commit they were loading just fine; the affected program has roughly 2k instructions. What was found is that state pruning couldn't be performed effectively anymore due to mismatches of the verifier's register state, in particular in the id tracking. It doesn't mean that 57a09bf0a416 is incorrect per se, but rather that verifier needs to perform a lot more work for the same program with regards to involved map lookups. Since commit 57a09bf0a416 is only about tracking registers with type PTR_TO_MAP_VALUE_OR_NULL, the id is only needed to follow registers until they are promoted through pattern matching with a NULL check to either PTR_TO_MAP_VALUE or UNKNOWN_VALUE type. After that point, the id becomes irrelevant for the transitioned types. For UNKNOWN_VALUE, id is already reset to 0 via mark_reg_unknown_value(), but not so for PTR_TO_MAP_VALUE where id is becoming stale. It's even transferred further into other types that don't make use of it. Among others, one example is where UNKNOWN_VALUE is set on function call return with RET_INTEGER return type. states_equal() will then fall through the memcmp() on register state; note that the second memcmp() uses offsetofend(), so the id is part of that since d2a4dd37f6b4 ("bpf: fix state equivalence"). But the bisect pointed already to 57a09bf0a416, where we really reach beyond complexity limit. What I found was that states_equal() often failed in this case due to id mismatches in spilled regs with registers in type PTR_TO_MAP_VALUE. Unlike non-spilled regs, spilled regs just perform a memcmp() on their reg state and don't have any other optimizations in place, therefore also id was relevant in this case for making a pruning decision. We can safely reset id to 0 as well when converting to PTR_TO_MAP_VALUE. For the affected program, it resulted in a ~17 fold reduction of complexity and let the program load fine again. Selftest suite also runs fine. The only other place where env->id_gen is used currently is through direct packet access, but for these cases id is long living, thus a different scenario. Also, the current logic in mark_map_regs() is not fully correct when marking NULL branch with UNKNOWN_VALUE. We need to cache the destination reg's id in any case. Otherwise, once we marked that reg as UNKNOWN_VALUE, it's id is reset and any subsequent registers that hold the original id and are of type PTR_TO_MAP_VALUE_OR_NULL won't be marked UNKNOWN_VALUE anymore, since mark_map_reg() reuses the uncached regs[regno].id that was just overridden. Note, we don't need to cache it outside of mark_map_regs(), since it's called once on this_branch and the other time on other_branch, which are both two independent verifier states. A test case for this is added here, too. Fixes: 57a09bf0a416 ("bpf: Detect identical PTR_TO_MAP_VALUE_OR_NULL registers") Signed-off-by: Daniel Borkmann Acked-by: Thomas Graf Acked-by: Alexei Starovoitov Signed-off-by: David S. Miller kernel/bpf/verifier.c | 11 ++++++++--- tools/testing/selftests/bpf/test_verifier.c | 28 ++++++++++++++++++++++++++++ 2 files changed, 36 insertions(+), 3 deletions(-) commit eb63ecc1706b3e094d0f57438b6c2067cfc299f2 Author: David Ahern Date: Wed Dec 14 14:31:11 2016 -0800 net: vrf: Drop conntrack data after pass through VRF device on Tx Locally originated traffic in a VRF fails in the presence of a POSTROUTING rule. For example, $ iptables -t nat -A POSTROUTING -s 11.1.1.0/24 -j MASQUERADE $ ping -I red -c1 11.1.1.3 ping: Warning: source address might be selected on device other than red. PING 11.1.1.3 (11.1.1.3) from 11.1.1.2 red: 56(84) bytes of data. ping: sendmsg: Operation not permitted Worse, the above causes random corruption resulting in a panic in random places (I have not seen a consistent backtrace). Call nf_reset to drop the conntrack info following the pass through the VRF device. The nf_reset is needed on Tx but not Rx because of the order in which NF_HOOK's are hit: on Rx the VRF device is after the real ingress device and on Tx it is is before the real egress device. Connection tracking should be tied to the real egress device and not the VRF device. Fixes: 8f58336d3f78a ("net: Add ethernet header for pass through VRF device") Fixes: 35402e3136634 ("net: Add IPv6 support to VRF device") Signed-off-by: David Ahern Signed-off-by: David S. Miller drivers/net/vrf.c | 4 ++++ 1 file changed, 4 insertions(+) commit a0f37efa82253994b99623dbf41eea8dd0ba169b Author: David Ahern Date: Wed Dec 14 11:06:18 2016 -0800 net: vrf: Fix NAT within a VRF Connection tracking with VRF is broken because the pass through the VRF device drops the connection tracking info. Removing the call to nf_reset allows DNAT and MASQUERADE to work across interfaces within a VRF. Fixes: 73e20b761acf ("net: vrf: Add support for PREROUTING rules on vrf device") Signed-off-by: David Ahern Signed-off-by: David S. Miller drivers/net/vrf.c | 2 -- 1 file changed, 2 deletions(-) commit 8a9f5fdf87bf383388fd21caf764b9d169c20a95 Merge: 83a77e9 f93bd17 Author: David S. Miller Date: Sat Dec 17 10:44:42 2016 -0500 Merge branch 'cls_flower-mask' Paul Blakey says: ==================== net/sched: cls_flower: Fix mask handling The series fix how the mask is being handled. ==================== Signed-off-by: David S. Miller commit f93bd17b916959fc20fbb7dc578e1f2657a8c343 Author: Paul Blakey Date: Wed Dec 14 19:00:58 2016 +0200 net/sched: cls_flower: Use masked key when calling HW offloads Zero bits on the mask signify a "don't care" on the corresponding bits in key. Some HWs require those bits on the key to be zero. Since these bits are masked anyway, it's okay to provide the masked key to all drivers. Fixes: 5b33f48842fa ('net/flower: Introduce hardware offload support') Signed-off-by: Paul Blakey Reviewed-by: Roi Dayan Acked-by: Jiri Pirko Signed-off-by: David S. Miller net/sched/cls_flower.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 970bfcd09791282de7de6589bfe440eb11e2efd2 Author: Paul Blakey Date: Wed Dec 14 19:00:57 2016 +0200 net/sched: cls_flower: Use mask for addr_type When addr_type is set, mask should also be set. Fixes: 66530bdf85eb ('sched,cls_flower: set key address type when present') Fixes: bc3103f1ed40 ('net/sched: cls_flower: Classify packet in ip tunnels') Signed-off-by: Paul Blakey Reviewed-by: Roi Dayan Acked-by: Jiri Pirko Signed-off-by: David S. Miller net/sched/cls_flower.c | 4 ++++ 1 file changed, 4 insertions(+) commit 83a77e9ec4150ee4acc635638f7dedd9da523a26 Author: Bartosz Folta Date: Wed Dec 14 06:39:15 2016 +0000 net: macb: Added PCI wrapper for Platform Driver. There are hardware PCI implementations of Cadence GEM network controller. This patch will allow to use such hardware with reuse of existing Platform Driver. Signed-off-by: Bartosz Folta Signed-off-by: David S. Miller drivers/net/ethernet/cadence/Kconfig | 9 ++ drivers/net/ethernet/cadence/Makefile | 1 + drivers/net/ethernet/cadence/macb.c | 31 +++++-- drivers/net/ethernet/cadence/macb_pci.c | 153 ++++++++++++++++++++++++++++++++ include/linux/platform_data/macb.h | 6 ++ 5 files changed, 195 insertions(+), 5 deletions(-) commit 94acf164dc8f1184e8d0737be7125134c2701dbe Author: Thomas Falcon Date: Tue Dec 13 18:15:09 2016 -0600 ibmveth: calculate gso_segs for large packets Include calculations to compute the number of segments that comprise an aggregated large packet. Signed-off-by: Thomas Falcon Reviewed-by: Marcelo Ricardo Leitner Reviewed-by: Jonathan Maxwell Signed-off-by: David S. Miller drivers/net/ethernet/ibm/ibmveth.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) commit 026acd5f47340382844f0af73516cf7ae6cdc876 Author: Timur Tabi Date: Tue Dec 13 17:49:02 2016 -0600 net: qcom/emac: don't try to claim clocks on ACPI systems On ACPI systems, clocks are not available to drivers directly. They are handled exclusively by ACPI and/or firmware, so there is no clock driver. Calls to clk_get() always fail, so we should not even attempt to claim any clocks on ACPI systems. Signed-off-by: Timur Tabi Reviewed-by: Florian Fainelli Signed-off-by: David S. Miller drivers/net/ethernet/qualcomm/emac/emac.c | 9 +++++++++ 1 file changed, 9 insertions(+) commit cb02de96ec724b84373488dd349e53897ab432f5 Author: Mark Rutland Date: Fri Dec 16 12:40:55 2016 +0000 x86/mpx: Move bd_addr to mm_context_t Currently bd_addr lives in mm_struct, which is otherwise architecture independent. Architecture-specific data is supposed to live within mm_context_t (itself contained in mm_struct). Other x86-specific context like the pkey accounting data lives in mm_context_t, and there's no readon the MPX data can't also live there. So as to keep the arch-specific data togather, and to set a good example for others, this patch moves bd_addr into x86's mm_context_t. Signed-off-by: Mark Rutland Acked-by: Dave Hansen Cc: Andrew Morton Link: http://lkml.kernel.org/r/1481892055-24596-1-git-send-email-mark.rutland@arm.com Signed-off-by: Thomas Gleixner arch/x86/include/asm/mmu.h | 4 ++++ arch/x86/include/asm/mpx.h | 4 ++-- arch/x86/mm/mpx.c | 10 +++++----- include/linux/mm_types.h | 4 ---- 4 files changed, 11 insertions(+), 11 deletions(-) commit 9763f7a4a5f7b1a7c480fa06d01b2bad25163c0a Merge: 3c55d6b 1c4344a Author: Al Viro Date: Fri Dec 16 16:34:52 2016 -0500 Merge branch 'work.autofs' into for-linus Signed-off-by: Al Viro commit 5235d448c48e1f5a4a34bf90d412775cb75ffb32 Author: Al Viro Date: Sun Nov 20 19:33:09 2016 -0500 reorganize do_make_slave() Make sure that clone_mnt() never returns a mount with MNT_SHARED in flags, but without a valid ->mnt_group_id. That allows to demystify do_make_slave() quite a bit, among other things. Signed-off-by: Al Viro fs/namespace.c | 2 ++ fs/pnode.c | 74 ++++++++++++++++++++++++++++------------------------------ 2 files changed, 38 insertions(+), 38 deletions(-) commit 066715d3fde4834cbbec88d12ca277c4185b9303 Author: Al Viro Date: Sat Nov 19 23:23:18 2016 -0500 clone_private_mount() doesn't need to touch namespace_sem not for CL_PRIVATE clone_mnt() Signed-off-by: Al Viro fs/namespace.c | 2 -- 1 file changed, 2 deletions(-) commit f4cc1c3810a0382ff76a4e119a21b90b84dbe195 Author: Al Viro Date: Sat Nov 19 22:37:03 2016 -0500 remove a bogus claim about namespace_sem being held by callers of mnt_alloc_id() Hadn't been true for quite a while Signed-off-by: Al Viro fs/namespace.c | 4 ---- 1 file changed, 4 deletions(-) commit e297046875f2c5a43684f54f0fd098249b4f293a Author: velemas Date: Tue Dec 6 22:17:43 2016 +0300 platform/x86: ideapad-laptop: Add Y700 15-ACZ to no_hw_rfkill DMI list Like other Y700 models Lenovo Y700 15-ACZ does not have a physical rfkill switch. ideapad-laptop wrongly reports all radios as blocked by hardware which causes wireless network connections to fail. Add this model without an rfkill switch to the no_hw_rfkill list. Signed-off-by: Artiom Vaskov Signed-off-by: Andy Shevchenko drivers/platform/x86/ideapad-laptop.c | 7 +++++++ 1 file changed, 7 insertions(+) commit 1a64b719d3ae0e4fb939d9a9e31abb60b4ce4eb1 Author: Benjamin Tissoires Date: Mon Dec 5 16:10:33 2016 +0100 platform/x86: Introduce button support for the Surface 3 The Surface 3 is not following the ACPI spec for PNP0C40, but nearly. The device is connected to a I2C device that might have some magic but we don't know about. Just create the device after the enumeration and use the declared GPIOs to provide button support. This driver is just an adaptation of drivers/input/misc/soc_button_array.c The Surface Pro 3 is using an ACPI driver and matches against the bid of the device ("VGBI"). To prevent this incompatible driver to be used on the Surface Pro, we add a match on the Surface 3 bid "TEV2". link: https://bugzilla.kernel.org/show_bug.cgi?id=102761 Signed-off-by: Benjamin Tissoires Acked-by: Dmitry Torokhov Signed-off-by: Andy Shevchenko drivers/platform/x86/Kconfig | 6 + drivers/platform/x86/Makefile | 1 + drivers/platform/x86/surface3_button.c | 250 +++++++++++++++++++++++++++++++++ 3 files changed, 257 insertions(+) commit 3dda3b3798f96d2974b5f60811142d3e25547807 Author: Benjamin Tissoires Date: Fri Nov 25 17:11:41 2016 +0100 platform/x86: Add custom surface3 platform device for controlling LID The LID state provided by ACPI on the Surface 3 is not accurate. The ACPI node doesn't get notified on LID open, which means the LID input switch stays close most of the time. Fortunatelly, there is a WMI method which directly queries the GPIO underneath the LID state, so it's far more reliable than ACPI. To get the notifications that the LID was opened/closed, we can rely on the ACPI notification of the touchscreen: the DSDT shows that the touchscreen will get notified on close/open as it also controls its _STA method. Note that we need to set the tag "power-switch" to the LID input node through a udev rule for logind to accept it: SUBSYSTEM=="input", KERNEL=="event*", KERNELS=="surface3-wmi", \ TAG+="power-switch" Signed-off-by: Benjamin Tissoires Signed-off-by: Andy Shevchenko drivers/platform/x86/Kconfig | 12 ++ drivers/platform/x86/Makefile | 1 + drivers/platform/x86/surface3-wmi.c | 296 ++++++++++++++++++++++++++++++++++++ 3 files changed, 309 insertions(+) commit afc4715901f0dce3206837a7051af05abf5a1e06 Author: Vadim Pasternak Date: Thu Oct 27 19:55:54 2016 +0000 platform/x86: mlx-platform: Add mlxcpld-hotplug driver registration Add calls for mlxcpld-hotplug platform driver registration/unregistration and add platform hotplug data configurations. This driver, when registered within system will handle system hot-plug events for the power suppliers, power cables and fans (insertion and removing). These events are controlled through CPLD Lattice device. Signed-off-by: Vadim Pasternak Signed-off-by: Andy Shevchenko drivers/platform/x86/mlx-platform.c | 98 ++++++++++++++++++++++++++++++++++++- 1 file changed, 97 insertions(+), 1 deletion(-) commit c3886c9d6076555697551da9b921cf6a6e9cc2b5 Author: kbuild test robot Date: Fri Oct 28 01:26:50 2016 +0800 platform/x86: mlx-platform: Fix semicolon.cocci warnings drivers/platform/x86/mlx-platform.c:219:2-3: Unneeded semicolon Remove unneeded semicolon. Generated by: scripts/coccinelle/misc/semicolon.cocci CC: Vadim Pasternak Signed-off-by: Fengguang Wu Acked-by: Vadim Pasternak Signed-off-by: Andy Shevchenko drivers/platform/x86/mlx-platform.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 6613d18e90385db5cdbe32fe47567a3c11575b2d Author: Vadim Pasternak Date: Mon Oct 31 07:22:33 2016 +0000 platform/x86: mlx-platform: Move module from arch/x86 Since mlx-platform is not an architectural driver, it is moved out of arch/x86/platform to drivers/platform/x86. Relevant Makefile and Kconfig are updated. Signed-off-by: Vadim Pasternak Acked-by: Thomas Gleixner Signed-off-by: Andy Shevchenko MAINTAINERS | 2 +- arch/x86/Kconfig | 12 -- arch/x86/platform/Makefile | 1 - arch/x86/platform/mellanox/Makefile | 1 - arch/x86/platform/mellanox/mlx-platform.c | 266 ------------------------------ drivers/platform/x86/Kconfig | 13 +- drivers/platform/x86/Makefile | 1 + drivers/platform/x86/mlx-platform.c | 265 +++++++++++++++++++++++++++++ 8 files changed, 279 insertions(+), 282 deletions(-) commit 3c55d6bcfe8163ff2b5636b4aabe3caa3f5d95f4 Merge: 4da00fd 29ac8e8 Author: Al Viro Date: Fri Dec 16 16:21:05 2016 -0500 Merge remote-tracking branch 'djwong/ocfs2-vfs-reflink-6' into for-linus commit 4da00fd1b948b408f76488c4e506af748be5fce8 Merge: f0bb5aa 04fff64 Author: Al Viro Date: Fri Dec 16 16:19:49 2016 -0500 Merge branch 'work.write_end' into for-linus commit 14e73e78ee982710292248536aa84cba41e974f4 Author: Chris Metcalf Date: Mon Nov 7 14:19:10 2016 -0500 tile: use __ro_after_init instead of tile-specific __write_once The semantics of the old tile __write_once are the same as the newer generic __ro_after_init, so rename them all and get rid of the tile-specific version. This does not enable actual support for __ro_after_init, which had been dropped from the tile architecture before the initial upstreaming was done, since we had at that time switched to using 16MB huge pages to map the kernel. Signed-off-by: Chris Metcalf arch/tile/include/asm/cache.h | 7 ++----- arch/tile/include/asm/sections.h | 3 --- arch/tile/kernel/pci.c | 2 +- arch/tile/kernel/setup.c | 18 +++++++++--------- arch/tile/kernel/smp.c | 2 +- arch/tile/kernel/time.c | 4 ++-- arch/tile/mm/homecache.c | 2 +- arch/tile/mm/init.c | 10 +++++----- 8 files changed, 21 insertions(+), 27 deletions(-) commit 18bfd3e6ab69cc4c8a11e4fc4acc121050db9b6e Author: Paul Gortmaker Date: Mon Sep 19 17:34:39 2016 -0400 tile: migrate exception table users off module.h and onto extable.h These files were only including module.h for exception table related functions. We've now separated that content out into its own file "extable.h" so now move over to that and avoid all the extra header content in module.h that we don't really need to compile these files. Cc: Chris Metcalf Signed-off-by: Paul Gortmaker Signed-off-by: Chris Metcalf arch/tile/kernel/unaligned.c | 2 +- arch/tile/mm/extable.c | 2 +- arch/tile/mm/fault.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) commit 870ee4ff5647dbf024f99ba5e56d0f3c344f1511 Author: Chris Metcalf Date: Tue Sep 6 15:56:15 2016 -0400 tile: remove #pragma unroll from finv_buffer_remote() This directive was put in the kernel source before the "pragma unroll" support for tilegx gcc was upstreamed. Remove it for now, and we can put it back later if/when the compiler support is upstreamed. This avoids a warning when building the kernel. This routine is not on a hot path in any case, so the extra optimization here was mostly just for its own sake. Signed-off-by: Chris Metcalf arch/tile/lib/cacheflush.c | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) commit 8e36f722f73f2fc1766af1af0b2f56f2299ba687 Author: Markus Elfring Date: Sat Sep 3 20:45:20 2016 +0200 tile-module: Rename jump labels in module_alloc() Adjust jump labels according to the current Linux coding style convention. Signed-off-by: Markus Elfring Signed-off-by: Chris Metcalf arch/tile/kernel/module.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) commit 8797fe75f164d4b2f183e776003612ece565c76e Author: Markus Elfring Date: Sat Sep 3 20:40:57 2016 +0200 tile-module: Use kmalloc_array() in module_alloc() * A multiplication for the size determination of a memory allocation indicated that an array data structure should be processed. Thus use the corresponding function "kmalloc_array". * Replace the specification of a data type by a pointer dereference to make the corresponding size determination a bit safer according to the Linux coding style convention. Signed-off-by: Markus Elfring Signed-off-by: Chris Metcalf arch/tile/kernel/module.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 65f62ce8492139bd5caea77dfce724c540efc4eb Author: Colin Ian King Date: Thu Aug 18 16:42:01 2016 +0100 tile/pci_gx: fix spelling mistake: "delievered" -> "delivered" trivial fix to spelling mistake in pr_warn message Signed-off-by: Colin Ian King Signed-off-by: Chris Metcalf arch/tile/kernel/pci_gx.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 59331c215daf600a650e281b6e8ef3e1ed1174c2 Merge: ff0f962 45ee2c1 Author: Linus Torvalds Date: Fri Dec 16 11:23:34 2016 -0800 Merge tag 'ceph-for-4.10-rc1' of git://github.com/ceph/ceph-client Pull ceph updates from Ilya Dryomov: "A varied set of changes: - a large rework of cephx auth code to cope with CONFIG_VMAP_STACK (myself). Also fixed a deadlock caused by a bogus allocation on the writeback path and authorize reply verification. - a fix for long stalls during fsync (Jeff Layton). The client now has a way to force the MDS log flush, leading to ~100x speedups in some synthetic tests. - a new [no]require_active_mds mount option (Zheng Yan). On mount, we will now check whether any of the MDSes are available and bail rather than block if none are. This check can be avoided by specifying the "no" option. - a couple of MDS cap handling fixes and a few assorted patches throughout" * tag 'ceph-for-4.10-rc1' of git://github.com/ceph/ceph-client: (32 commits) libceph: remove now unused finish_request() wrapper libceph: always signal completion when done ceph: avoid creating orphan object when checking pool permission ceph: properly set issue_seq for cap release ceph: add flags parameter to send_cap_msg ceph: update cap message struct version to 10 ceph: define new argument structure for send_cap_msg ceph: move xattr initialzation before the encoding past the ceph_mds_caps ceph: fix minor typo in unsafe_request_wait ceph: record truncate size/seq for snap data writeback ceph: check availability of mds cluster on mount ceph: fix splice read for no Fc capability case ceph: try getting buffer capability for readahead/fadvise ceph: fix scheduler warning due to nested blocking ceph: fix printing wrong return variable in ceph_direct_read_write() crush: include mapper.h in mapper.c rbd: silence bogus -Wmaybe-uninitialized warning libceph: no need to drop con->mutex for ->get_authorizer() libceph: drop len argument of *verify_authorizer_reply() libceph: verify authorize reply on connect ... commit ff0f962ca3c38239b299a70e7eea27abfbb979c3 Merge: 087a76d c3c8699 Author: Linus Torvalds Date: Fri Dec 16 10:58:12 2016 -0800 Merge branch 'overlayfs-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs Pull overlayfs updates from Miklos Szeredi: "This update contains: - try to clone on copy-up - allow renaming a directory - split source into managable chunks - misc cleanups and fixes It does not contain the read-only fd data inconsistency fix, which Al didn't like. I'll leave that to the next year..." * 'overlayfs-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs: (36 commits) ovl: fix reStructuredText syntax errors in documentation ovl: fix return value of ovl_fill_super ovl: clean up kstat usage ovl: fold ovl_copy_up_truncate() into ovl_copy_up() ovl: create directories inside merged parent opaque ovl: opaque cleanup ovl: show redirect_dir mount option ovl: allow setting max size of redirect ovl: allow redirect_dir to default to "on" ovl: check for emptiness of redirect dir ovl: redirect on rename-dir ovl: lookup redirects ovl: consolidate lookup for underlying layers ovl: fix nested overlayfs mount ovl: check namelen ovl: split super.c ovl: use d_is_dir() ovl: simplify lookup ovl: check lower existence of rename target ovl: rename: simplify handling of lower/merged directory ... commit 087a76d390cbb8c0d21ea0cb3672ab4a7bb76362 Merge: 759b265 2939e1a Author: Linus Torvalds Date: Fri Dec 16 10:53:01 2016 -0800 Merge branch 'for-linus-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs Pull btrfs updates from Chris Mason: "Jeff Mahoney and Dave Sterba have a really nice set of cleanups in here, and Christoph pitched in corrections/improvements to make btrfs use proper helpers for bio walking instead of doing it by hand. There are some key fixes as well, including some long standing bugs that took forever to track down in btrfs_drop_extents and during balance" * 'for-linus-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs: (77 commits) btrfs: limit async_work allocation and worker func duration Revert "Btrfs: adjust len of writes if following a preallocated extent" Btrfs: don't WARN() in btrfs_transaction_abort() for IO errors btrfs: opencode chunk locking, remove helpers btrfs: remove root parameter from transaction commit/end routines btrfs: split btrfs_wait_marked_extents into normal and tree log functions btrfs: take an fs_info directly when the root is not used otherwise btrfs: simplify btrfs_wait_cache_io prototype btrfs: convert extent-tree tracepoints to use fs_info btrfs: root->fs_info cleanup, access fs_info->delayed_root directly btrfs: root->fs_info cleanup, add fs_info convenience variables btrfs: root->fs_info cleanup, update_block_group{,flags} btrfs: root->fs_info cleanup, lock/unlock_chunks btrfs: root->fs_info cleanup, btrfs_calc_{trans,trunc}_metadata_size btrfs: pull node/sector/stripe sizes out of root and into fs_info btrfs: root->fs_info cleanup, io_ctl_init btrfs: root->fs_info cleanup, use fs_info->dev_root everywhere btrfs: struct reada_control.root -> reada_control.fs_info btrfs: struct btrfsic_state->root should be an fs_info btrfs: alloc_reserved_file_extent trace point should use extent_root ... commit 759b2656b259d10935647a92dbfae7fafee6a790 Merge: 9a19a6d 47057ab Author: Linus Torvalds Date: Fri Dec 16 10:48:28 2016 -0800 Merge tag 'nfsd-4.10' of git://linux-nfs.org/~bfields/linux Pull nfsd updates from Bruce Fields: "The one new feature is support for a new NFSv4.2 mode_umask attribute that makes ACL inheritance a little more useful in environments that default to restrictive umasks. Requires client-side support, also on its way for 4.10. Other than that, miscellaneous smaller fixes and cleanup, especially to the server rdma code" [ The client side of the umask attribute was merged yesterday ] * tag 'nfsd-4.10' of git://linux-nfs.org/~bfields/linux: nfsd: add support for the umask attribute sunrpc: use DEFINE_SPINLOCK() svcrdma: Further clean-up of svc_rdma_get_inv_rkey() svcrdma: Break up dprintk format in svc_rdma_accept() svcrdma: Remove unused variable in rdma_copy_tail() svcrdma: Remove unused variables in xprt_rdma_bc_allocate() svcrdma: Remove svc_rdma_op_ctxt::wc_status svcrdma: Remove DMA map accounting svcrdma: Remove BH-disabled spin locking in svc_rdma_send() svcrdma: Renovate sendto chunk list parsing svcauth_gss: Close connection when dropping an incoming message svcrdma: Clear xpt_bc_xps in xprt_setup_rdma_bc() error exit arm nfsd: constify reply_cache_stats_operations structure nfsd: update workqueue creation sunrpc: GFP_KERNEL should be GFP_NOFS in crypto code nfsd: catch errors in decode_fattr earlier nfsd: clean up supported attribute handling nfsd: fix error handling for clients that fail to return the layout nfsd: more robust allocation failure handling in nfsd_reply_cache_init commit b822ee6c5e5ba1f695fc514a65849cdd87618bd3 Author: Jeroen De Wachter Date: Mon Dec 12 14:29:09 2016 +0100 encx24j600: Fix some checkstyle warnings Signed-off-by: Jeroen De Wachter Signed-off-by: David S. Miller drivers/net/ethernet/microchip/encx24j600-regmap.c | 17 +++++++++++------ drivers/net/ethernet/microchip/encx24j600.c | 16 ++++++++++++++-- 2 files changed, 25 insertions(+), 8 deletions(-) commit ebe5236d06abcdb1beb93ffbab73557d5b496824 Author: Jeroen De Wachter Date: Mon Dec 12 14:29:08 2016 +0100 encx24j600: bugfix - always move ERXTAIL to next packet in encx24j600_rx_packets Before, encx24j600_rx_packets did not update encx24j600_priv's next_packet member when an error occurred during packet handling (either because the packet's RSV header indicates an error or because the encx24j600_receive_packet method can't allocate an sk_buff). If the next_packet member is not updated, the ERXTAIL register will be set to the same value it had before, which means the bad packet remains in the component's memory and its RSV header will be read again when a new packet arrives. If the RSV header indicates a bad packet or if sk_buff allocation continues to fail, new packets will be stored in the component's memory until that memory is full, after which packets will be dropped. The SETPKTDEC command is always executed though, so the encx24j600 hardware has an incorrect count of the packets in its memory. To prevent this, the next_packet member should always be updated, allowing the packet to be skipped (either because it's bad, as indicated in its RSV header, or because allocating an sk_buff failed). In the allocation failure case, this does mean dropping a valid packet, but dropping the oldest packet to keep as much memory as possible available for new packets seems preferable to keeping old (but valid) packets around while dropping new ones. Signed-off-by: Jeroen De Wachter Signed-off-by: David S. Miller drivers/net/ethernet/microchip/encx24j600.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit ea7a2b9ac853d8c3afd929952ad4b3cb65ba329c Merge: 66e2809 8cd1f70 Author: David S. Miller Date: Fri Dec 16 13:29:42 2016 -0500 Merge branch 'hisilicon-netdev-dev' Dongpo Li says: ==================== net: ethernet: hisilicon: set dev->dev.parent before PHY connect This patch series builds atop: ec988ad78ed6d184a7f4ca6b8e962b0e8f1de461 ("phy: Don't increment MDIO bus refcount unless it's a different owner") I have checked all the hisilicon ethernet driver and found only two drivers need to be fixed to make sure set dev->dev.parent before PHY connect. ==================== Signed-off-by: David S. Miller commit 8cd1f70f205a1c684037f06906566ddb3066d659 Author: Dongpo Li Date: Mon Dec 12 20:03:43 2016 +0800 net: ethernet: hip04: Call SET_NETDEV_DEV() The hip04 driver calls into PHYLIB which now checks for net_device->dev.parent, so make sure we do set it before calling into any MDIO/PHYLIB related function. Fixes: ec988ad78ed6 ("phy: Don't increment MDIO bus refcount unless it's a different owner") Signed-off-by: Dongpo Li Reviewed-by: Florian Fainelli Signed-off-by: David S. Miller drivers/net/ethernet/hisilicon/hip04_eth.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 2087d421a5a1af4883e3cf0afb93823b7e12132a Author: Dongpo Li Date: Mon Dec 12 20:03:42 2016 +0800 net: ethernet: hisi_femac: Call SET_NETDEV_DEV() The hisi_femac driver calls into PHYLIB which now checks for net_device->dev.parent, so make sure we do set it before calling into any MDIO/PHYLIB related function. Fixes: ec988ad78ed6 ("phy: Don't increment MDIO bus refcount unless it's a different owner") Signed-off-by: Dongpo Li Reviewed-by: Florian Fainelli Signed-off-by: David S. Miller drivers/net/ethernet/hisilicon/hisi_femac.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 66e2809dd324f0ab5e1f9d997b40d4d31a2e42b1 Author: Andrew Lunn Date: Sun Dec 11 21:07:19 2016 +0100 net: dsa: mv88e6xxx: Fix opps when adding vlan bridge A port is not necessarily assigned to a netdev. And a port does not need to be a member of a bridge. So when iterating over all ports, check before using the netdev and bridge_dev for a port. Otherwise we dereference a NULL pointer. Fixes: da9c359e19f0 ("net: dsa: mv88e6xxx: check hardware VLAN in use") Signed-off-by: Andrew Lunn Reviewed-by: Vivien Didelot Signed-off-by: David S. Miller drivers/net/dsa/mv88e6xxx/chip.c | 6 ++++++ 1 file changed, 6 insertions(+) commit e28ceeb10cd1883a4b6528c17a2b1f2024e35cad Author: Thomas Gleixner Date: Sun Dec 11 18:31:22 2016 +0100 net/3com/3c515: Fix timer handling, prevent leaks and crashes The timer handling in this driver is broken in several ways: - corkscrew_open() initializes and arms a timer before requesting the device interrupt. If the request fails the timer stays armed. A second call to corkscrew_open will unconditionally reinitialize the quued timer and arm it again. Also a immediate device removal will leave the timer queued because close() is not called (open() failed) and therefore nothing issues del_timer(). The reinitialization corrupts the link chain in the timer wheel hash bucket and causes a NULL pointer dereference when the timer wheel tries to operate on that hash bucket. Immediate device removal lets the link chain poke into freed and possibly reused memory. Solution: Arm the timer after the successful irq request. - corkscrew_close() uses del_timer() On close the timer is disarmed with del_timer() which lets the following code race against a concurrent timer expiry function. Solution: Use del_timer_sync() instead - corkscrew_close() calls del_timer() unconditionally del_timer() is invoked even if the timer was never initialized. This works by chance because the struct containing the timer is zeroed at allocation time. Solution: Move the setup of the timer into corkscrew_setup(). Reported-by: Matthew Whitehead Signed-off-by: Thomas Gleixner Cc: Andy Lutomirski Cc: netdev@vger.kernel.org Signed-off-by: David S. Miller drivers/net/ethernet/3com/3c515.c | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) commit 9a19a6db37ee0b7a6db796b3dcd6bb6e7237d6ea Merge: bd9999c c4364f8 Author: Linus Torvalds Date: Fri Dec 16 10:24:44 2016 -0800 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs Pull vfs updates from Al Viro: - more ->d_init() stuff (work.dcache) - pathname resolution cleanups (work.namei) - a few missing iov_iter primitives - copy_from_iter_full() and friends. Either copy the full requested amount, advance the iterator and return true, or fail, return false and do _not_ advance the iterator. Quite a few open-coded callers converted (and became more readable and harder to fuck up that way) (work.iov_iter) - several assorted patches, the big one being logfs removal * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: logfs: remove from tree vfs: fix put_compat_statfs64() does not handle errors namei: fold should_follow_link() with the step into not-followed link namei: pass both WALK_GET and WALK_MORE to should_follow_link() namei: invert WALK_PUT logics namei: shift interpretation of LOOKUP_FOLLOW inside should_follow_link() namei: saner calling conventions for mountpoint_last() namei.c: get rid of user_path_parent() switch getfrag callbacks to ..._full() primitives make skb_add_data,{_nocache}() and skb_copy_to_page_nocache() advance only on success [iov_iter] new primitives - copy_from_iter_full() and friends don't open-code file_inode() ceph: switch to use of ->d_init() ceph: unify dentry_operations instances lustre: switch to use of ->d_init() commit bd9999cd6a5eb899504ce14c1f70c5479143bbbc Merge: 9dfe495 65390ea Author: Linus Torvalds Date: Fri Dec 16 09:39:16 2016 -0800 Merge tag 'media/v4.10-1' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media Pull media updates from Mauro Carvalho Chehab: - new Mediatek drivers: mtk-mdp and mtk-vcodec - some additions at the media documentation - the CEC core and drivers were promoted from staging to mainstream - some cleanups at the DVB core - the LIRC serial driver got promoted from staging to mainstream - added a driver for Renesas R-Car FDP1 driver - add DVBv5 statistics support to mn88473 driver - several fixes related to printk continuation lines - add support for HSV encoding formats - lots of other cleanups, fixups and driver improvements. * tag 'media/v4.10-1' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media: (496 commits) [media] v4l: tvp5150: Add missing break in set control handler [media] v4l: tvp5150: Don't inline the tvp5150_selmux() function [media] v4l: tvp5150: Compile tvp5150_link_setup out if !CONFIG_MEDIA_CONTROLLER [media] em28xx: don't store usb_device at struct em28xx [media] em28xx: use usb_interface for dev_foo() calls [media] em28xx: don't change the device's name [media] mn88472: fix chip id check on probe [media] mn88473: fix chip id check on probe [media] lirc: fix error paths in lirc_cdev_add() [media] s5p-mfc: Add support for MFC v8 available in Exynos 5433 SoCs [media] s5p-mfc: Rework clock handling [media] s5p-mfc: Don't keep clock prepared all the time [media] s5p-mfc: Kill all IS_ERR_OR_NULL in clocks management code [media] s5p-mfc: Remove dead conditional code [media] s5p-mfc: Ensure that clock is disabled before turning power off [media] s5p-mfc: Remove special clock rate management [media] s5p-mfc: Use printk_ratelimited for reporting ioctl errors [media] s5p-mfc: Set DMA_ATTR_ALLOC_SINGLE_PAGES [media] vivid: Set color_enc on HSV formats [media] v4l2-tpg: Init hv_enc field with a valid value ... commit 9dfe495c7b4896fb88aa745660254a9704ae5930 Merge: 9936f44 4838a0d Author: Linus Torvalds Date: Fri Dec 16 09:37:03 2016 -0800 Merge tag 'edac/v4.10-1' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-edac Pull edac updates from Mauro Carvalho Chehab: "This contains the conversion of the EDAC uAPI documentation to ReST and the addition of the EDAC kAPI documentation to the driver-api docs. It also splits the EDAC headers by their functions" * tag 'edac/v4.10-1' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-edac: EDAC: Document HW_EVENT_ERR_DEFERRED type edac.rst: move concepts dictionary from edac.h edac: fix kenel-doc markups at edac.h edac: fix kernel-doc tags at the drivers/edac_*.h edac: adjust docs location at MAINTAINERS and 00-INDEX driver-api: create an edac.rst file with EDAC documentation edac: move documentation from edac_mc.c to edac_core.h edac: move documentation from edac_pci*.c to edac_pci.h edac: move documentation from edac_device to edac_core.h edac: rename edac_core.h to edac_mc.h edac: move EDAC device definitions to drivers/edac/edac_device.h edac: move EDAC PCI definitions to drivers/edac/edac_pci.h docs-rst: admin-guide: add documentation for EDAC edac.txt: Improve documentation, adding RAS introduction edac.txt: update information about newer Intel CPUs edac.txt: remove info that the Nehalem EDAC is experimental edac.txt: convert EDAC documentation to ReST edac.txt: add a section explaining the dimmX and rankX directories edac: edac_core.h: remove prototype for edac_pci_reset_delay_period() edac: edac_core.h: get rid of unused kobj_complete commit 9936f44add987355a7d79d52e48cd12255651c0d Merge: 70f56cb f88f0bd Author: Linus Torvalds Date: Fri Dec 16 09:35:03 2016 -0800 Merge branch 'for-linus-4.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/uml Pull UML update from Richard Weinberger: "A performance enhancement for UML's block driver" * 'for-linus-4.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rw/uml: um: UBD Improvements commit 70f56cbbdc4ffccbea77e6f51ce9afcbda5fc20f Merge: de39981 744606c Author: Linus Torvalds Date: Fri Dec 16 09:33:16 2016 -0800 Merge tag 'nios2-v4.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/lftan/nios2 Pull arch/nios2 updates from Ley Foon Tan: - add screen_info - Convert pfn_valid to static inline - Extend !__ASSEMBLY__ section in asm/page.h * tag 'nios2-v4.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/lftan/nios2: nios2: add screen_info nios2: Convert pfn_valid to static inline nios2: Extend !__ASSEMBLY__ section in asm/page.h commit f26e8817b235d8764363bffcc9cbfc61867371f2 Merge: 2425f18 ebfb018 Author: Dmitry Torokhov Date: Fri Dec 16 09:31:17 2016 -0800 Merge branch 'next' into for-linus Prepare input updates for 4.10 merge window. commit de399813b521ea7e38bbfb5e5b620b5e202e5783 Merge: 57ca04a c6f6634 Author: Linus Torvalds Date: Fri Dec 16 09:26:42 2016 -0800 Merge tag 'powerpc-4.10-1' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux Pull powerpc updates from Michael Ellerman: "Highlights include: - Support for the kexec_file_load() syscall, which is a prereq for secure and trusted boot. - Prevent kernel execution of userspace on P9 Radix (similar to SMEP/PXN). - Sort the exception tables at build time, to save time at boot, and store them as relative offsets to save space in the kernel image & memory. - Allow building the kernel with thin archives, which should allow us to build an allyesconfig once some other fixes land. - Build fixes to allow us to correctly rebuild when changing the kernel endian from big to little or vice versa. - Plumbing so that we can avoid doing a full mm TLB flush on P9 Radix. - Initial stack protector support (-fstack-protector). - Support for dumping the radix (aka. Linux) and hash page tables via debugfs. - Fix an oops in cxl coredump generation when cxl_get_fd() is used. - Freescale updates from Scott: "Highlights include 8xx hugepage support, qbman fixes/cleanup, device tree updates, and some misc cleanup." - Many and varied fixes and minor enhancements as always. Thanks to: Alexey Kardashevskiy, Andrew Donnellan, Aneesh Kumar K.V, Anshuman Khandual, Anton Blanchard, Balbir Singh, Bartlomiej Zolnierkiewicz, Christophe Jaillet, Christophe Leroy, Denis Kirjanov, Elimar Riesebieter, Frederic Barrat, Gautham R. Shenoy, Geliang Tang, Geoff Levand, Jack Miller, Johan Hovold, Lars-Peter Clausen, Libin, Madhavan Srinivasan, Michael Neuling, Nathan Fontenot, Naveen N. Rao, Nicholas Piggin, Pan Xinhui, Peter Senna Tschudin, Rashmica Gupta, Rui Teng, Russell Currey, Scott Wood, Simon Guo, Suraj Jitindar Singh, Thiago Jung Bauermann, Tobias Klauser, Vaibhav Jain" [ And thanks to Michael, who took time off from a new baby to get this pull request done. - Linus ] * tag 'powerpc-4.10-1' of git://git.kernel.org/pub/scm/linux/kernel/git/powerpc/linux: (174 commits) powerpc/fsl/dts: add FMan node for t1042d4rdb powerpc/fsl/dts: add sg_2500_aqr105_phy4 alias on t1024rdb powerpc/fsl/dts: add QMan and BMan nodes on t1024 powerpc/fsl/dts: add QMan and BMan nodes on t1023 soc/fsl/qman: test: use DEFINE_SPINLOCK() powerpc/fsl-lbc: use DEFINE_SPINLOCK() powerpc/8xx: Implement support of hugepages powerpc: get hugetlbpage handling more generic powerpc: port 64 bits pgtable_cache to 32 bits powerpc/boot: Request no dynamic linker for boot wrapper soc/fsl/bman: Use resource_size instead of computation soc/fsl/qe: use builtin_platform_driver powerpc/fsl_pmc: use builtin_platform_driver powerpc/83xx/suspend: use builtin_platform_driver powerpc/ftrace: Fix the comments for ftrace_modify_code powerpc/perf: macros for power9 format encoding powerpc/perf: power9 raw event format encoding powerpc/perf: update attribute_group data structure powerpc/perf: factor out the event format field powerpc/mm/iommu, vfio/spapr: Put pages on VFIO container shutdown ... commit 57ca04ab440168e101da746ef9edd1ec583b7214 Merge: 73e2e0c 0b7589e Author: Linus Torvalds Date: Fri Dec 16 09:05:25 2016 -0800 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux Pull m ore s390 updates from Martin Schwidefsky: "Over 95% of the changes in this pull request are related to the zcrypt driver. There are five improvements for zcrypt: the ID for the CEX6 cards is added, workload balancing and multi-domain support are introduced, the debug logs are overhauled and a set of tracepoints is added. Then there are several patches in regard to inline assemblies. One compile fix and several missing memory clobbers. As far as we can tell the omitted memory clobbers have not caused any breakage. A small change to the PCI arch code, the machine can tells us how big the function measurement blocks are. The PCI function measurement will be disabled for a device if the queried length is larger than the allocated size for these blocks. And two more patches to correct five printk messages. That is it for s390 in regard to the 4.10 merge window. Happy holidays" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux: (23 commits) s390/pci: query fmb length s390/zcrypt: add missing memory clobber to ap_qci inline assembly s390/extmem: add missing memory clobber to dcss_set_subcodes s390/nmi: fix inline assembly constraints s390/lib: add missing memory barriers to string inline assemblies s390/cpumf: fix qsi inline assembly s390/setup: reword printk messages s390/dasd: fix typos in DASD error messages s390: fix compile error with memmove_early() inline assembly s390/zcrypt: tracepoint definitions for zcrypt device driver. s390/zcrypt: Rework debug feature invocations. s390/zcrypt: Improved invalid domain response handling. s390/zcrypt: Fix ap_max_domain_id for older machine types s390/zcrypt: Correct function bits for CEX2x and CEX3x cards. s390/zcrypt: Fixed attrition of AP adapters and domains s390/zcrypt: Introduce new zcrypt device status API s390/zcrypt: add multi domain support s390/zcrypt: Introduce workload balancing s390/zcrypt: get rid of ap_poll_requests s390/zcrypt: header for the AP inline assmblies ... commit 3f5ad8be3713572f3946b69eb376206153d0ea2d Author: Paolo Bonzini Date: Mon Dec 12 10:12:53 2016 +0100 KVM: hyperv: fix locking of struct kvm_hv fields Introduce a new mutex to avoid an AB-BA deadlock between kvm->lock and vcpu->mutex. Protect accesses in kvm_hv_setup_tsc_page too, as suggested by Roman. Reported-by: Dmitry Vyukov Reviewed-by: Roman Kagan Signed-off-by: Paolo Bonzini Documentation/virtual/kvm/locking.txt | 8 ++++++-- arch/x86/include/asm/kvm_host.h | 1 + arch/x86/kvm/hyperv.c | 24 +++++++++++++++--------- arch/x86/kvm/x86.c | 1 + 4 files changed, 23 insertions(+), 11 deletions(-) commit 868f036fee4b1f934117197fb93461d2c968ffec Author: Dan Williams Date: Fri Dec 16 08:10:31 2016 -0800 libnvdimm: fix mishandled nvdimm_clear_poison() return value Colin, via static analysis, reports that the length could be negative from nvdimm_clear_poison() in the error case. There was a similar problem with commit 0a3f27b9a6a8 "libnvdimm, namespace: avoid multiple sector calculations" that I noticed when merging the for-4.10/libnvdimm topic branch into libnvdimm-for-next, but I missed this one. Fix both of them to the following procedure: * if we clear a block's worth of media, clear that many blocks in badblocks * if we clear less than the requested size of the transfer return an error * always invalidate cache after any non-error / non-zero nvdimm_clear_poison result Fixes: 82bf1037f2ca ("libnvdimm: check and clear poison before writing to pmem") Fixes: 0a3f27b9a6a8 ("libnvdimm, namespace: avoid multiple sector calculations") Cc: Fabian Frederick Cc: Dave Jiang Reported-by: Colin Ian King Signed-off-by: Dan Williams drivers/nvdimm/claim.c | 9 +++++---- drivers/nvdimm/pmem.c | 21 ++++++++++++++------- 2 files changed, 19 insertions(+), 11 deletions(-) commit 067161281f428aa7c6e153e06aab7b5fe1ed1e98 Author: Maciej S. Szmigiero Date: Thu Dec 15 23:52:36 2016 +0100 watchdog: it87_wdt: add IT8620E ID This adds IT8620E chip ID to it87_wdt driver. Such chip is often found on current Gigabyte motherboards, it is allegedly custom made for this manufacturer. Upon testing it looks like it has a 16-bit timer and cannot be reset via game port (only via CIR), so it is similar to IT87{18,20,21,28,83} chips. Tested on GA-F2A88XM-HD3P board. Signed-off-by: Maciej S. Szmigiero Reviewed-by: Guenter Roeck Signed-off-by: Guenter Roeck drivers/watchdog/Kconfig | 4 ++-- drivers/watchdog/it87_wdt.c | 4 +++- 2 files changed, 5 insertions(+), 3 deletions(-) commit f01d74cc5a2aefa0ba16e2821086a1f2d0a2c899 Author: Corentin Labbe Date: Thu Dec 15 19:03:44 2016 +0100 watchdog: mpc8xxx: Remove unneeded linux/miscdevice.h include watchdog/mpc8xxx_wdt.c does not use any miscdevice so this patch remove this unnecessary inclusion. Signed-off-by: Corentin Labbe Reviewed-by: Guenter Roeck Signed-off-by: Guenter Roeck drivers/watchdog/mpc8xxx_wdt.c | 1 - 1 file changed, 1 deletion(-) commit 724284a323c4cdea6c1bb1448247ffc858f2bd1d Author: Corentin Labbe Date: Thu Dec 15 18:49:29 2016 +0100 watchdog: octeon: Remove unneeded linux/miscdevice.h include watchdog/octeon-wdt-main.c does not use any miscdevice so this patch remove this unnecessary inclusion. Signed-off-by: Corentin Labbe Reviewed-by: Guenter Roeck Signed-off-by: Guenter Roeck drivers/watchdog/octeon-wdt-main.c | 1 - 1 file changed, 1 deletion(-) commit 054ae19422859c394d5f26a8756ed57d332f6284 Author: Rasmus Villemoes Date: Mon Dec 12 10:48:43 2016 +0100 watchdog: bcm2835_wdt: set WDOG_HW_RUNNING bit when appropriate A bootloader may start the watchdog device before handing control to the kernel - in that case, we should tell the kernel about it so the watchdog framework can keep it alive until userspace opens /dev/watchdog0. Signed-off-by: Rasmus Villemoes Reviewed-by: Guenter Roeck Acked-by: Eric Anholt Signed-off-by: Guenter Roeck drivers/watchdog/bcm2835_wdt.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) commit 1d8565ee4f5bd9fccb738e53d6b9fc7a559f7d2b Author: Yang Ling Date: Thu Dec 8 00:10:58 2016 +0800 watchdog: loongson1: Add Loongson1 SoC watchdog driver Add watchdog timer specific driver for Loongson1 SoC. Signed-off-by: Yang Ling Reviewed-by: Guenter Roeck Signed-off-by: Guenter Roeck drivers/watchdog/Kconfig | 7 ++ drivers/watchdog/Makefile | 1 + drivers/watchdog/loongson1_wdt.c | 170 +++++++++++++++++++++++++++++++++++++++ 3 files changed, 178 insertions(+) commit b6621df5c87603310c3f94903bb30adbfeb9aa69 Author: Amit Kushwaha Date: Tue Dec 6 10:19:48 2016 -0800 watchdog: cpwd: remove memory allocate failure message Replaced goto with a return statement and dropped the kfree() calls because memory allocated with devm_kzalloc() is automatically freed on driver detach Signed-off-by: Amit Kushwaha Reviewed-by: Guenter Roeck Signed-off-by: Guenter Roeck drivers/watchdog/cpwd.c | 23 +++++++---------------- 1 file changed, 7 insertions(+), 16 deletions(-) commit 72106c1894aa4e26ab403282cc7617fcb07d3d4d Author: Steve Twiss Date: Mon Nov 14 08:22:45 2016 +0000 watchdog: da9062/61: watchdog driver The of_device_id match array is added to support "dlg,da9062-watchdog" as a valid .compatible string. A MODULE_DEVICE_TABLE() macro is added. This patch assumes the use of a DA9062 fallback compatible string for the DTS to pick up the DA9062 device driver for use with the DA9061 watchdog hardware Copyright header is updated to add DA9061 in its description and the module description macro is extended to include DA9061. Kconfig is updated to reflect support for DA9061/62. Reviewed-by: Guenter Roeck Signed-off-by: Steve Twiss Signed-off-by: Guenter Roeck drivers/watchdog/Kconfig | 4 ++-- drivers/watchdog/da9062_wdt.c | 12 ++++++++++-- 2 files changed, 12 insertions(+), 4 deletions(-) commit bb79036215e2ca9d7ef5bd1461981396989c40da Author: Andy Shevchenko Date: Fri Nov 18 17:24:41 2016 +0200 intel-mid_wdt: Error code is just an integer Error code when printed is more readable if it's represented as plain decimal integer. Otherwise user will see something like intel_mid_wdt: Error stopping watchdog: 0xffffffed which is not quite understandable ("Should I interpret it as a bitfield?"). Make it clear to use plaint integer specifier. While here, move struct device *dev local variable definition to the top of functions. Signed-off-by: Andy Shevchenko Reviewed-by: Guenter Roeck Signed-off-by: Guenter Roeck drivers/watchdog/intel-mid_wdt.c | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) commit 31ecad65b011d64dfc80cab7c968078171aa2642 Author: Andy Shevchenko Date: Fri Nov 18 16:50:02 2016 +0200 intel-mid_wdt: make sure watchdog is not running at startup Make sure that the watchdog is not running after loading and before it is started by opening /dev/watchdog. Signed-off-by: Andy Shevchenko Reviewed-by: Guenter Roeck Signed-off-by: Guenter Roeck drivers/watchdog/intel-mid_wdt.c | 3 +++ 1 file changed, 3 insertions(+) commit 9eff1140a82db8c5520f76e51c21827b4af670b3 Author: Alexander Usyskin Date: Tue Nov 8 17:55:52 2016 +0200 watchdog: mei_wdt: request stop on reboot to prevent false positive event Systemd on reboot enables shutdown watchdog that leaves the watchdog device open to ensure that even if power down process get stuck the platform reboots nonetheless. The iamt_wdt is an alarm-only watchdog and can't reboot system, but the FW will generate an alarm event reboot was completed in time, as the watchdog is not automatically disabled during power cycle. So we should request stop watchdog on reboot to eliminate wrong alarm from the FW. Cc: Signed-off-by: Alexander Usyskin Signed-off-by: Tomas Winkler Reviewed-by: Guenter Roeck Signed-off-by: Guenter Roeck drivers/watchdog/mei_wdt.c | 2 ++ 1 file changed, 2 insertions(+) commit 4cfccbdaa234b6564326ed3bf18c38f73693fe14 Author: Jimmy Vance Date: Thu Nov 10 15:25:27 2016 -0500 watchdog: hpwdt: changed maintainer information Signed-off-by: Jimmy Vance Reviewed-by: Guenter Roeck Signed-off-by: Guenter Roeck MAINTAINERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 35ffa961df7ed13b3701bdb546f08849921e50dc Author: Stephen Boyd Date: Thu Nov 10 16:02:20 2016 -0800 watchdog: jz4740: Fix modular build Compiling this driver as a module causes a build error because a semicolon is missing after MODULE_DEVICE_TABLE. Add it. CC [M] drivers/watchdog/jz4740_wdt.o drivers/watchdog/jz4740_wdt.c:154:1: error: expected ‘,’ or ‘;’ before ‘static’ drivers/watchdog/jz4740_wdt.c:218:11: error: ‘jz4740_wdt_probe’ undeclared here (not in a function) Cc: Zubair Lutfullah Kakakhel Cc: Guenter Roeck Signed-off-by: Stephen Boyd Reviewed-by: Guenter Roeck Signed-off-by: Guenter Roeck drivers/watchdog/jz4740_wdt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit f06f35c66fdbd5ac38901a3305ce763a0cd59375 Author: Christian Lamparter Date: Mon Nov 14 02:11:16 2016 +0100 watchdog: qcom: fix kernel panic due to external abort on non-linefetch This patch fixes a off-by-one in the "watchdog: qcom: add option for standalone watchdog not in timer block" patch that causes the following panic on boot: > Unhandled fault: external abort on non-linefetch (0x1008) at 0xc8874002 > pgd = c0204000 > [c8874002] *pgd=87806811, *pte=0b017653, *ppte=0b017453 > Internal error: : 1008 [#1] SMP ARM > CPU: 2 PID: 1 Comm: swapper/0 Not tainted 4.8.6 #0 > Hardware name: Generic DT based system > PC is at 0xc02222f4 > LR is at 0x1 > pc : [] lr : [<00000001>] psr: 00000113 > sp : c782fc98 ip : 00000003 fp : 00000000 > r10: 00000004 r9 : c782e000 r8 : c04ab98c > r7 : 00000001 r6 : c8874002 r5 : c782fe00 r4 : 00000002 > r3 : 00000000 r2 : c782fe00 r1 : 00100000 r0 : c8874002 > Flags: nzcv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none > Control: 10c5387d Table: 8020406a DAC: 00000051 > Process swapper/0 (pid: 1, stack limit = 0xc782e210) > Stack: (0xc782fc98 to 0xc7830000) > [...] The WDT_STS (status) needs to be translated via wdt_addr as well. fixes: f0d9d0f4b44a ("watchdog: qcom: add option for standalone watchdog not in timer block") Cc: stable@vger.kernel.org # 4.8 Signed-off-by: Christian Lamparter Reviewed-by: Guenter Roeck Signed-off-by: Guenter Roeck drivers/watchdog/qcom-wdt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 9b3865749589d67f612d71b447847223b2321408 Author: Tero Kristo Date: Thu Nov 24 14:58:28 2016 +0200 watchdog: davinci: add support for deferred probing devm_clk_get can fail with EPROBE_DEFER in case the clock provider is not ready yet. Handle this case gracefully, rather than dumping out a huge warning. Signed-off-by: Tero Kristo Reviewed-by: Guenter Roeck Signed-off-by: Guenter Roeck drivers/watchdog/davinci_wdt.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) commit 807f0b2d22b0934fc1c67df8a4961044bd76b081 Author: Javier Martinez Canillas Date: Wed Oct 19 16:49:42 2016 -0300 watchdog: meson: Remove unneeded platform MODULE_ALIAS The Amlogic Meson is a DT-only platform, which means the devices are registered via OF and not using the legacy platform devices support. So there's no need to have a MODULE_ALIAS("platform:meson-gxbb-wdt") since the reported uevent MODALIAS to user-space will be the OF one. Signed-off-by: Javier Martinez Canillas Acked-by: Kevin Hilman Reviewed-by: Guenter Roeck Signed-off-by: Guenter Roeck drivers/watchdog/meson_gxbb_wdt.c | 1 - 1 file changed, 1 deletion(-) commit 0f3871f8a535d7e79512fe56f4a5a161b3a03422 Author: Robert P. J. Day Date: Sun Oct 16 08:10:37 2016 -0400 watchdog: Standardize leading tabs and spaces in Kconfig file Replace small number of lines using leading spaces with proper leading tabs and spaces -- purely an aesthetic fix. Signed-off-by: Robert P. J. Day Signed-off-by: Guenter Roeck drivers/watchdog/Kconfig | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) commit f99524dced4c89af52a82a369cb61a111b9169b3 Author: Javier Martinez Canillas Date: Fri Oct 14 12:23:51 2016 -0300 watchdog: max77620_wdt: fix module autoload If the driver is built as a module, autoload won't work because the module alias information is not filled. So user-space can't match the registered device with the corresponding module. Export the module alias information using the MODULE_DEVICE_TABLE() macro. Before this patch: $ $ modinfo drivers/watchdog/max77620_wdt.ko | grep alias $ After this patch: modinfo drivers/watchdog/max77620_wdt.ko | grep alias alias: platform:max77620-watchdog Signed-off-by: Javier Martinez Canillas Reviewed-by: Guenter Roeck Signed-off-by: Guenter Roeck drivers/watchdog/max77620_wdt.c | 1 + 1 file changed, 1 insertion(+) commit 57d77c62536ea0f388c840c8ac7e94be54425308 Author: Javier Martinez Canillas Date: Fri Oct 14 12:23:50 2016 -0300 watchdog: bcm7038_wdt: fix module autoload If the driver is built as a module, autoload won't work because the module alias information is not filled. So user-space can't match the registered device with the corresponding module. Export the module alias information using the MODULE_DEVICE_TABLE() macro. Before this patch: $ modinfo drivers/watchdog/bcm7038_wdt.ko | grep alias $ After this patch: $ modinfo drivers/watchdog/bcm7038_wdt.ko | grep alias alias: of:N*T*Cbrcm,bcm7038-wdtC* alias: of:N*T*Cbrcm,bcm7038-wdt Signed-off-by: Javier Martinez Canillas Reviewed-by: Guenter Roeck Signed-off-by: Guenter Roeck drivers/watchdog/bcm7038_wdt.c | 1 + 1 file changed, 1 insertion(+) commit 42cd4ed888393b2bc8ddfd277aa2d0ec0c7e0259 Author: Dan Carpenter Date: Fri Dec 16 12:33:25 2016 +0300 spi: armada-3700: Set mode bits correctly We set SPI_RX_DUAL twice instead of setting SPI_TX_DUAL. Fixes: 5762ab71eb24 ("spi: Add support for Armada 3700 SPI Controller") Signed-off-by: Dan Carpenter Acked-by: Romain Perier Signed-off-by: Mark Brown drivers/spi/spi-armada-3700.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 9e4d59ada4d602e78eee9fb5f898ce61fdddb446 Author: Takashi Sakamoto Date: Fri Dec 16 18:26:54 2016 +0900 ASoC: hdmi-codec: use unsigned type to structure members with bit-field This is a fix for Linux 4.10-rc1. In C language specification, a bit-field is interpreted as a signed or unsigned integer type consisting of the specified number of bits. In GCC manual, the range of a signed bit field of N bits is from -(2^N) / 2 to ((2^N) / 2) - 1 https://www.gnu.org/software/gnu-c-manual/gnu-c-manual.html#Bit-Fields Therefore, when defined as 1 bit-field with signed type, variables can represents -1 and 0. The snd-soc-hdmi-codec module includes a structure which has signed type members with bit-fields. Codes of this module assign 0 and 1 to the members. This seems to result in implementation-dependent behaviours. As of v4.10-rc1 merge window, outside of sound subsystem, this structure is referred by below GPU modules. - tda998x - sti-drm - mediatek-drm-hdmi - msm As long as I review their codes relevant to the structure, the structure members are used just for condition statements and printk formats. My proposal of change is a bit intrusive to the printk formats but this may be acceptable. Totally, it's reasonable to use unsigned type for the structure members. This bug is detected by Sparse, static code analyzer with below warnings. ./include/sound/hdmi-codec.h:39:26: error: dubious one-bit signed bitfield ./include/sound/hdmi-codec.h:40:28: error: dubious one-bit signed bitfield ./include/sound/hdmi-codec.h:41:29: error: dubious one-bit signed bitfield ./include/sound/hdmi-codec.h:42:31: error: dubious one-bit signed bitfield Fixes: 09184118a8ab ("ASoC: hdmi-codec: Add hdmi-codec for external HDMI-encoders") Signed-off-by: Takashi Sakamoto Acked-by: Arnaud Pouliquen Signed-off-by: Mark Brown CC: stable@vger.kernel.org include/sound/hdmi-codec.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 8759fec4af222f338d08f8f1a7ad6a77ca6cb301 Author: Romain Perier Date: Wed Dec 14 15:15:07 2016 +0100 crypto: marvell - Copy IVDIG before launching partial DMA ahash requests Currently, inner IV/DIGEST data are only copied once into the hash engines and not set explicitly before launching a request that is not a first frag. This is an issue especially when multiple ahash reqs are computed in parallel or chained with cipher request, as the state of the request being computed is not updated into the hash engine. It leads to non-deterministic corrupted digest results. Fixes: commit 2786cee8e50b ("crypto: marvell - Move SRAM I/O operations to step functions") Signed-off-by: Romain Perier Acked-by: Boris Brezillon Cc: Signed-off-by: Herbert Xu drivers/crypto/marvell/cesa.h | 3 ++- drivers/crypto/marvell/hash.c | 34 +++++++++++++++++++++++++++++++++- drivers/crypto/marvell/tdma.c | 9 ++++++++- 3 files changed, 43 insertions(+), 3 deletions(-) commit 83337e544323a8bd7492994d64af339175ac7107 Author: Varun Prakash Date: Sun Dec 11 22:05:56 2016 +0530 iscsi-target: Return error if unable to add network portal If iscsit_tpg_add_network_portal() fails then return error code instead of 0 to user space. If iscsi-target returns 0 then user space keeps on retrying same command infinitely, targetcli or echo hangs till command completes with non zero return value. In some cases it is possible that add network portal command never completes with success even after retrying multiple times, for example - cxgbit_setup_np() always returns -EINVAL if portal IP does not belong to Chelsio adapter interface. Signed-off-by: Varun Prakash Signed-off-by: Bart Van Assche [ bvanassche: Added "Fixes:" and "Cc: stable" tags ] Fixes: commit d4b3fa4b0881 ("iscsi-target: Make iscsi_tpg_np driver show/store use generic code") Cc: drivers/target/iscsi/iscsi_target_configfs.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit a3960ced84b8049783de678abf8cd680ee14175f Author: Colin Ian King Date: Mon Nov 7 16:31:21 2016 +0000 target: Fix spelling mistake and unwrap multi-line text Trivial fix to spelling mistake "Obselete" to "Obsolete" in error message and also turn multi-line text into one line. Signed-off-by: Colin Ian King Signed-off-by: Bart Van Assche drivers/target/target_core_pr.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit a91918cd3ea11f91c68e08e1e8ce1b560447a80e Author: Dan Carpenter Date: Tue Dec 13 15:27:04 2016 +0300 target/iscsi: Fix double free in lio_target_tiqn_addtpg() This iscsit_tpg_add_portal_group() function is only called from lio_target_tiqn_addtpg(). Both functions free the "tpg" pointer on error so it's a double free bug. The memory is allocated in the caller so it should be freed in the caller and not here. Fixes: e48354ce078c ("iscsi-target: Add iSCSI fabric support for target v4.1") Signed-off-by: Dan Carpenter Reviewed-by: David Disseldorp [ bvanassche: Added "Fix" at start of patch title ] Signed-off-by: Bart Van Assche drivers/target/iscsi/iscsi_target_tpg.c | 1 - 1 file changed, 1 deletion(-) commit c3c8699664800a68600f1988302173067eaeaffa Author: Amir Goldstein Date: Thu Dec 8 09:49:51 2016 +0200 ovl: fix reStructuredText syntax errors in documentation - Fix broken long line block quote - Fix missing newline before bullets list - Use correct numbered list syntax Signed-off-by: Amir Goldstein Signed-off-by: Miklos Szeredi Documentation/filesystems/overlayfs.txt | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) commit 313684c48cc0e450ab303e1f82130ee2d0b50274 Author: Geliang Tang Date: Fri Nov 18 23:02:46 2016 +0800 ovl: fix return value of ovl_fill_super If kcalloc() failed, the return value of ovl_fill_super() is -EINVAL, not -ENOMEM. So this patch sets this value to -ENOMEM before calling kcalloc(), and sets it back to -EINVAL after calling kcalloc(). Signed-off-by: Geliang Tang Signed-off-by: Miklos Szeredi fs/overlayfs/super.c | 2 ++ 1 file changed, 2 insertions(+) commit 32a3d848eb91a298334991f1891e12e0362f91db Author: Al Viro Date: Sun Dec 4 17:33:17 2016 +0000 ovl: clean up kstat usage FWIW, there's a bit of abuse of struct kstat in overlayfs object creation paths - for one thing, it ends up with a very small subset of struct kstat (mode + rdev), for another it also needs link in case of symlinks and ends up passing it separately. IMO it would be better to introduce a separate object for that. In principle, we might even lift that thing into general API and switch ->mkdir()/->mknod()/->symlink() to identical calling conventions. Hell knows, perhaps ->create() as well... Signed-off-by: Miklos Szeredi fs/overlayfs/copy_up.c | 12 ++++++----- fs/overlayfs/dir.c | 56 ++++++++++++++++++++++++------------------------ fs/overlayfs/overlayfs.h | 7 +++++- fs/overlayfs/super.c | 9 ++++---- 4 files changed, 45 insertions(+), 39 deletions(-) commit 9aba652190f8cdced66967c97d6159de0cc8478e Author: Amir Goldstein Date: Sat Nov 12 21:36:03 2016 +0200 ovl: fold ovl_copy_up_truncate() into ovl_copy_up() This removes code duplication. Signed-off-by: Amir Goldstein Signed-off-by: Miklos Szeredi fs/overlayfs/copy_up.c | 14 +++++++++++--- fs/overlayfs/inode.c | 33 +-------------------------------- fs/overlayfs/overlayfs.h | 3 +-- 3 files changed, 13 insertions(+), 37 deletions(-) commit 97c684cc911060ba7f97c0925eaf842f159a39e8 Author: Amir Goldstein Date: Mon Nov 21 18:57:34 2016 +0200 ovl: create directories inside merged parent opaque The benefit of making directories opaque on creation is that lookups can stop short when they reach the original created directory, instead of continue lookup the entire depth of parent directory stack. The best case is overlay with N layers, performing lookup for first level directory, which exists only in upper. In that case, there will be only one lookup instead of N. Signed-off-by: Amir Goldstein Signed-off-by: Miklos Szeredi fs/overlayfs/dir.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) commit 5cf5b477f0ca33f56a30c7ec00e61a6204da2efb Author: Miklos Szeredi Date: Fri Dec 16 11:02:57 2016 +0100 ovl: opaque cleanup oe->opaque is set for a) whiteouts b) directories having the "trusted.overlay.opaque" xattr Case b can be simplified, since setting the xattr always implies setting oe->opaque. Also once set, the opaque flag is never cleared. Don't need to set opaque flag for non-directories. Signed-off-by: Miklos Szeredi fs/overlayfs/copy_up.c | 6 ------ fs/overlayfs/dir.c | 43 +++++++++++++++++++++---------------------- fs/overlayfs/overlayfs.h | 2 +- fs/overlayfs/util.c | 5 +++-- 4 files changed, 25 insertions(+), 31 deletions(-) commit c5bef3a72b9d8a2040d5e9f4bde03db7c86bbfce Author: Amir Goldstein Date: Tue Nov 22 11:47:09 2016 +0200 ovl: show redirect_dir mount option Show the value of redirect_dir in /proc/mounts. Signed-off-by: Amir Goldstein Signed-off-by: Miklos Szeredi fs/overlayfs/super.c | 3 +++ 1 file changed, 3 insertions(+) commit 3ea22a71b65b6743a53e286ff4991a06b9d2597c Author: Miklos Szeredi Date: Fri Dec 16 11:02:57 2016 +0100 ovl: allow setting max size of redirect Add a module option to allow tuning the max size of absolute redirects. Default is 256. Size of relative redirects is naturally limited by the the underlying filesystem's max filename length (usually 255). Signed-off-by: Miklos Szeredi fs/overlayfs/dir.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) commit 688ea0e5a0e2278e2fcd0014324ab1ba68e70ad7 Author: Miklos Szeredi Date: Fri Dec 16 11:02:57 2016 +0100 ovl: allow redirect_dir to default to "on" This patch introduces a kernel config option and a module param. Both can be used independently to turn the default value of redirect_dir on or off. Signed-off-by: Miklos Szeredi fs/overlayfs/Kconfig | 14 ++++++++++++++ fs/overlayfs/super.c | 5 +++++ 2 files changed, 19 insertions(+) commit d15951198eaccb92c6b49e62cb72f5ff62da2236 Author: Amir Goldstein Date: Wed Oct 26 12:34:06 2016 +0300 ovl: check for emptiness of redirect dir Before introducing redirect_dir feature, the condition !ovl_lower_positive(dentry) for a directory, implied that it is a pure upper directory, which may be removed if empty. Now that directory can be redirect, it is possible that upper does not cover any lower (i.e. !ovl_lower_positive(dentry)), but the directory is a merge (with redirected path) and maybe non empty. Check for this case in ovl_remove_upper(). This change fixes the following test case from rename-pop-dir.py of unionmount-testsuite: """Remove dir and rename old name""" d = ctx.non_empty_dir() d2 = ctx.no_dir() ctx.rmdir(d, err=ENOTEMPTY) ctx.rename(d, d2) ctx.rmdir(d, err=ENOENT) ctx.rmdir(d2, err=ENOTEMPTY) ./run --ov rename-pop-dir /mnt/a/no_dir103: Expected error (Directory not empty) was not produced Signed-off-by: Amir Goldstein Signed-off-by: Miklos Szeredi fs/overlayfs/dir.c | 31 ++++++++++++++++++++++--------- 1 file changed, 22 insertions(+), 9 deletions(-) commit a6c6065511411c57167a6cdae0c33263fb662b51 Author: Miklos Szeredi Date: Fri Dec 16 11:02:56 2016 +0100 ovl: redirect on rename-dir Current code returns EXDEV when a directory would need to be copied up to move. We could copy up the directory tree in this case, but there's another, simpler solution: point to old lower directory from moved upper directory. This is achieved with a "trusted.overlay.redirect" xattr storing the path relative to the root of the overlay. After such attribute has been set, the directory can be moved without further actions required. This is a backward incompatible feature, old kernels won't be able to correctly mount an overlay containing redirected directories. Signed-off-by: Miklos Szeredi Documentation/filesystems/overlayfs.txt | 21 ++++- fs/overlayfs/copy_up.c | 20 ++--- fs/overlayfs/dir.c | 138 ++++++++++++++++++++++++++++---- fs/overlayfs/overlayfs.h | 4 + fs/overlayfs/ovl_entry.h | 1 + fs/overlayfs/super.c | 12 +++ fs/overlayfs/util.c | 29 +++++++ 7 files changed, 195 insertions(+), 30 deletions(-) commit 02b69b284cd7815239fabfe895bfef9a9eb5a3ce Author: Miklos Szeredi Date: Fri Dec 16 11:02:56 2016 +0100 ovl: lookup redirects If a directory has the "trusted.overlay.redirect" xattr, it means that the value of the xattr should be used to find the underlying directory on the next lower layer. The redirect may be relative or absolute. Absolute redirects begin with a slash. A relative redirect means: instead of the current dentry's name use the value of the redirect to find the directory in the next lower layer. Relative redirects must not contain a slash. An absolute redirect means: look up the directory relative to the root of the overlay using the value of the redirect in the next lower layer. Redirects work on lower layers as well. Signed-off-by: Miklos Szeredi fs/overlayfs/namei.c | 122 ++++++++++++++++++++++++++++++++++++++++++++++- fs/overlayfs/overlayfs.h | 1 + fs/overlayfs/ovl_entry.h | 1 + fs/overlayfs/super.c | 1 + 4 files changed, 123 insertions(+), 2 deletions(-) commit e28edc46b8e29d2a4c10263cd7769e657582fff4 Author: Miklos Szeredi Date: Fri Dec 16 11:02:56 2016 +0100 ovl: consolidate lookup for underlying layers Use a common helper for lookup of upper and lower layers. This paves the way for looking up directory redirects. No functional change. Signed-off-by: Miklos Szeredi fs/overlayfs/namei.c | 156 ++++++++++++++++++++++++++++----------------------- 1 file changed, 86 insertions(+), 70 deletions(-) commit 48fab5d7c750ff70aa77c36a44c01211020bbc98 Author: Amir Goldstein Date: Wed Nov 16 11:22:39 2016 +0200 ovl: fix nested overlayfs mount When the upper overlayfs checks "trusted.overlay.*" xattr on the underlying overlayfs mount, it gets -EPERM, which confuses the upper overlayfs. Fix this by returning -EOPNOTSUPP instead of -EPERM from ovl_own_xattr_get() and ovl_own_xattr_set(). This behavior is consistent with the behavior of ovl_listxattr(), which filters out the private overlayfs xattrs. Note: nested overlays are deprecated. But this change makes sense regardless: these xattrs are private to the overlay and should always be hidden. Hence getting and setting them should indicate this. [SzMi: Use EOPNOTSUPP instead of ENODATA and use it for both getting and setting "trusted.overlay." xattrs. This is a perfectly valid error code for "we don't support this prefix", which is the case here.] Signed-off-by: Amir Goldstein Signed-off-by: Miklos Szeredi fs/overlayfs/super.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 6b2d5fe46fa8f4fc1c5262c73930b9a2a94db2e3 Author: Miklos Szeredi Date: Fri Dec 16 11:02:56 2016 +0100 ovl: check namelen We already calculate f_namelen in statfs as the maximum of the name lengths provided by the filesystems taking part in the overlay. Signed-off-by: Miklos Szeredi fs/overlayfs/namei.c | 16 ++++++++-------- fs/overlayfs/ovl_entry.h | 2 +- fs/overlayfs/super.c | 38 ++++++++++++++++++++++++++------------ 3 files changed, 35 insertions(+), 21 deletions(-) commit bbb1e54dd53cf83863e856dd5518ce5e58791115 Author: Miklos Szeredi Date: Fri Dec 16 11:02:56 2016 +0100 ovl: split super.c fs/overlayfs/super.c is the biggest of the overlayfs source files and it contains various utility functions as well as the rather complicated lookup code. Split these parts out to separate files. Before: 1446 fs/overlayfs/super.c After: 919 fs/overlayfs/super.c 267 fs/overlayfs/namei.c 235 fs/overlayfs/util.c 51 fs/overlayfs/ovl_entry.h Signed-off-by: Miklos Szeredi fs/overlayfs/Makefile | 2 +- fs/overlayfs/namei.c | 267 ++++++++++++++++++++++++ fs/overlayfs/overlayfs.h | 34 +-- fs/overlayfs/ovl_entry.h | 51 +++++ fs/overlayfs/super.c | 529 +---------------------------------------------- fs/overlayfs/util.c | 235 +++++++++++++++++++++ 6 files changed, 572 insertions(+), 546 deletions(-) commit 2b8c30e9ef1492c34099b97365115504f6cd6995 Author: Miklos Szeredi Date: Fri Dec 16 11:02:56 2016 +0100 ovl: use d_is_dir() Signed-off-by: Miklos Szeredi fs/overlayfs/super.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 8ee6059c58ea525f76b4efb98f8f66845f697efc Author: Miklos Szeredi Date: Fri Dec 16 11:02:56 2016 +0100 ovl: simplify lookup If encountering a non-directory, then stop looking at lower layers. In this case the oe->opaque flag is not set anymore, which doesn't matter since existence of lower file is now checked at remove/rename time. Signed-off-by: Miklos Szeredi fs/overlayfs/super.c | 54 ++++++++++++++++++++++++---------------------------- 1 file changed, 25 insertions(+), 29 deletions(-) commit 3ee23ff1025a18796607cf4110a8ffa8e2d163fd Author: Miklos Szeredi Date: Fri Dec 16 11:02:55 2016 +0100 ovl: check lower existence of rename target Check if something exists on the lower layer(s) under the target or rename to decide if directory needs to be marked "opaque". Marking opaque is done before the rename, and on failure the marking was undone. Also the opaque xattr was removed if the target didn't cover anything. This patch changes behavior so that removal of "opaque" is not done in either of the above cases. This means that directory may have the opaque flag even if it doesn't cover anything. However this shouldn't affect the performance or semantics of the overalay, while simplifying the code. Signed-off-by: Miklos Szeredi fs/overlayfs/dir.c | 63 ++++++++++-------------------------------------------- 1 file changed, 11 insertions(+), 52 deletions(-) commit 370e55ace59c2d3ed8f0ca933155030b9652e04f Author: Miklos Szeredi Date: Fri Dec 16 11:02:55 2016 +0100 ovl: rename: simplify handling of lower/merged directory d_is_dir() is safe to call on a negative dentry. Use this fact to simplify handling of the lower or merged directories. Signed-off-by: Miklos Szeredi fs/overlayfs/dir.c | 30 ++++++++++++------------------ fs/overlayfs/overlayfs.h | 3 --- 2 files changed, 12 insertions(+), 21 deletions(-) commit 38e813db61c3951ef76d071ca7d2f46c2e939b80 Author: Miklos Szeredi Date: Fri Dec 16 11:02:55 2016 +0100 ovl: get rid of PURE type The remainging uses of __OVL_PATH_PURE can be replaced by ovl_dentry_is_opaque(). Signed-off-by: Miklos Szeredi fs/overlayfs/dir.c | 9 +++------ fs/overlayfs/overlayfs.h | 6 ++---- fs/overlayfs/super.c | 4 +--- 3 files changed, 6 insertions(+), 13 deletions(-) commit 2aff4534b6c48c465c2ba3bca310646652318e16 Author: Miklos Szeredi Date: Fri Dec 16 11:02:55 2016 +0100 ovl: check lower existence when removing Currently ovl_lookup() checks existence of lower file even if there's a non-directory on upper (which is always opaque). This is done so that remove can decide whether a whiteout is needed or not. It would be better to defer this check to unlink, since most of the time the gathered information about opaqueness will be unused. This adds a helper ovl_lower_positive() that checks if there's anything on the lower layer(s). The following patches also introduce changes to how the "opaque" attribute is updated on directories: this attribute is added when the directory is creted or moved over a whiteout or object covering something on the lower layer. However following changes will allow the attribute to remain on the directory after being moved, even if the new location doesn't cover anything. Because of this, we need to check lower layers even for opaque directories, so that whiteout is only created when necessary. This function will later be also used to decide about marking a directory opaque, so deal with negative dentries as well. When dealing with negative, it's enough to check for being a whiteout If the dentry is positive but not upper then it also obviously needs whiteout/opaque. Signed-off-by: Miklos Szeredi fs/overlayfs/dir.c | 4 ++-- fs/overlayfs/overlayfs.h | 1 + fs/overlayfs/super.c | 54 +++++++++++++++++++++++++++++++++++++++++++++++- 3 files changed, 56 insertions(+), 3 deletions(-) commit c412ce498396097cb96b3e24e062752312a962c9 Author: Miklos Szeredi Date: Fri Dec 16 11:02:55 2016 +0100 ovl: add ovl_dentry_is_whiteout() And use it instead of ovl_dentry_is_opaque() where appropriate. Signed-off-by: Miklos Szeredi fs/overlayfs/dir.c | 6 +++--- fs/overlayfs/overlayfs.h | 1 + fs/overlayfs/super.c | 5 +++++ 3 files changed, 9 insertions(+), 3 deletions(-) commit 99f5d08e3640c8319f353e6c883da150c48067f6 Author: Miklos Szeredi Date: Fri Dec 16 11:02:55 2016 +0100 ovl: don't check sticky Since commit 07a2daab49c5 ("ovl: Copy up underlying inode's ->i_mode to overlay inode") sticky checking on overlay inode is performed by the vfs, so checking against sticky on underlying inode is not needed. Signed-off-by: Miklos Szeredi fs/overlayfs/dir.c | 24 ------------------------ 1 file changed, 24 deletions(-) commit 804032fabb3b5270a7bc355f478eed45b1a5b041 Author: Miklos Szeredi Date: Fri Dec 16 11:02:55 2016 +0100 ovl: don't check rename to self This is redundant, the vfs already performed this check (and was broken, see commit 9409e22acdfc ("vfs: rename: check backing inode being equal")). Signed-off-by: Miklos Szeredi fs/overlayfs/dir.c | 15 +++------------ 1 file changed, 3 insertions(+), 12 deletions(-) commit ca4c8a3a800039c2681d609c5b7491c1bd17c0a7 Author: Miklos Szeredi Date: Fri Dec 16 11:02:55 2016 +0100 ovl: treat special files like a regular fs No sense in opening special files on the underlying layers, they work just as well if opened on the overlay. Side effect is that it's no longer possible to connect one side of a pipe opened on overlayfs with the other side opened on the underlying layer. Signed-off-by: Miklos Szeredi fs/overlayfs/dir.c | 2 +- fs/overlayfs/inode.c | 24 ++++++++++-------------- fs/overlayfs/overlayfs.h | 2 +- fs/overlayfs/super.c | 7 ++++--- 4 files changed, 16 insertions(+), 19 deletions(-) commit 6c02cb59e6fe1dfbe4352dbf089e7a16ef6bfac6 Author: Miklos Szeredi Date: Fri Dec 16 11:02:55 2016 +0100 ovl: rename ovl_rename2() to ovl_rename() Signed-off-by: Miklos Szeredi fs/overlayfs/dir.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 2ea98466491b7609ace297647b07c28d99ef3722 Author: Amir Goldstein Date: Fri Sep 23 11:38:12 2016 +0300 ovl: use vfs_clone_file_range() for copy up if possible When copying up within the same fs, try to use vfs_clone_file_range(). This is very efficient when lower and upper are on the same fs with file reflink support. If vfs_clone_file_range() fails for any reason, copy up falls back to the regular data copy code. Tested correct behavior when lower and upper are on: 1. same ext4 (copy) 2. same xfs + reflink patches + mkfs.xfs (copy) 3. same xfs + reflink patches + mkfs.xfs -m reflink=1 (reflink) 4. different xfs + reflink patches + mkfs.xfs -m reflink=1 (copy) For comparison, on my laptop, xfstest overlay/001 (copy up of large sparse files) takes less than 1 second in the xfs reflink setup vs. 25 seconds on the rest of the setups. Signed-off-by: Amir Goldstein Signed-off-by: Miklos Szeredi fs/overlayfs/copy_up.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) commit 31c3a7069593b072bd57192b63b62f9a7e994e9a Author: Miklos Szeredi Date: Wed Oct 12 16:28:11 2016 +0200 Revert "ovl: get_write_access() in truncate" This reverts commit 03bea60409328de54e4ff7ec41672e12a9cb0908. Commit 4d0c5ba2ff79 ("vfs: do get_write_access() on upper layer of overlayfs") makes the writecount checks inside overlayfs superfluous, the file is already copied up and write access acquired on the upper inode when ovl_setattr is called with ATTR_SIZE. Signed-off-by: Miklos Szeredi fs/overlayfs/inode.c | 21 --------------------- 1 file changed, 21 deletions(-) commit 2d8f2908e60be605dac89145c3edb5e42631d061 Author: Miklos Szeredi Date: Fri Dec 16 11:02:54 2016 +0100 ovl: update doc The quirk for file locks and leases no longer applies. Add missing info about renaming directory residing on lower layer. Signed-off-by: Miklos Szeredi Documentation/filesystems/overlayfs.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit b335e9d9944d9c66cdaadc5e295cc845c31e40a0 Author: Amir Goldstein Date: Wed Oct 26 22:34:01 2016 +0300 vfs: fix vfs_clone_file_range() for overlayfs files With overlayfs, it is wrong to compare file_inode(inode)->i_sb of regular files with those of non-regular files, because the former reference the real (upper/lower) sb and the latter reference the overlayfs sb. Move the test for same super block after the sanity tests for clone range of directory and non-regular file. This change fixes xfstest generic/157, which returned EXDEV instead of EISDIR/EINVAL in the following test cases over overlayfs: echo "Try to reflink a dir" _reflink_range $testdir1/dir1 0 $testdir1/file2 0 $blksz echo "Try to reflink a device" _reflink_range $testdir1/dev1 0 $testdir1/file2 0 $blksz Signed-off-by: Amir Goldstein Signed-off-by: Miklos Szeredi fs/read_write.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) commit 031a072a0b8ac2646def77aa310a95016c884bb0 Author: Amir Goldstein Date: Fri Sep 23 11:38:11 2016 +0300 vfs: call vfs_clone_file_range() under freeze protection Move sb_start_write()/sb_end_write() out of the vfs helper and up into the ioctl handler. Signed-off-by: Amir Goldstein Signed-off-by: Miklos Szeredi fs/ioctl.c | 2 +- fs/nfsd/vfs.c | 3 +-- fs/read_write.c | 3 --- include/linux/fs.h | 13 +++++++++++++ 4 files changed, 15 insertions(+), 6 deletions(-) commit 913b86e92e1f68ab9db00ccb0fecf594732511e5 Author: Amir Goldstein Date: Fri Sep 23 11:38:10 2016 +0300 vfs: allow vfs_clone_file_range() across mount points FICLONE/FICLONERANGE ioctls return -EXDEV if src and dest files are not on the same mount point. Practically, clone only requires that src and dest files are on the same file system. Move the check for same mount point to ioctl handler and keep only the check for same super block in the vfs helper. A following patch is going to use the vfs_clone_file_range() helper in overlayfs to copy up between lower and upper mount points on the same file system. Signed-off-by: Amir Goldstein Signed-off-by: Miklos Szeredi fs/ioctl.c | 4 ++++ fs/read_write.c | 8 ++++++-- 2 files changed, 10 insertions(+), 2 deletions(-) commit 3616119da484699e7045957c009c13d778563874 Author: Miklos Szeredi Date: Fri Dec 16 11:02:54 2016 +0100 vfs: no mnt_want_write_file() in vfs_{copy,clone}_file_range() We've checked for file_out being opened for write. This ensures that we already have mnt_want_write() on target. Signed-off-by: Miklos Szeredi fs/read_write.c | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) commit 8d3e2936375bacce6abacbce3917d667e4133409 Author: Miklos Szeredi Date: Fri Dec 16 11:02:54 2016 +0100 Revert "vfs: rename: check backing inode being equal" This reverts commit 9409e22acdfc9153f88d9b1ed2bd2a5b34d2d3ca. Since commit 51f7e52dc943 ("ovl: share inode for hard link") there's no need to call d_real_inode() to check two overlay inodes for equality. Signed-off-by: Miklos Szeredi fs/namei.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) commit beef5121f3a4d1566c8ab8cd99b4e001862048cf Author: Miklos Szeredi Date: Fri Dec 16 11:02:53 2016 +0100 Revert "af_unix: fix hard linked sockets on overlay" This reverts commit eb0a4a47ae89aaa0674ab3180de6a162f3be2ddf. Since commit 51f7e52dc943 ("ovl: share inode for hard link") there's no need to call d_real_inode() to check two overlay inodes for equality. Side effect of this revert is that it's no longer possible to connect one socket on overlayfs to one on the underlying layer (something which didn't make sense anyway). Signed-off-by: Miklos Szeredi net/unix/af_unix.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 659643f7d81432189c2c87230e2feee4c75c14c1 Author: Jike Song Date: Thu Dec 8 11:00:36 2016 +0800 drm/i915/gvt/kvmgt: add vfio/mdev support to KVMGT KVMGT leverages vfio/mdev to mediate device accesses from guest, this patch adds the vfio/mdev support, thereby completes the functionality. An intel_vgpu is presented as a mdev device, and full userspace API compatibility with vfio-pci is kept. An intel_vgpu_ops is provided to mdev framework, methods get called to create/remove a vgpu, to open/close it, and to access it. Signed-off-by: Kevin Tian Signed-off-by: Xiaoguang Chen Signed-off-by: Jike Song Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/Kconfig | 1 + drivers/gpu/drm/i915/gvt/Makefile | 2 - drivers/gpu/drm/i915/gvt/gvt.h | 6 +- drivers/gpu/drm/i915/gvt/kvmgt.c | 938 ++++++++++++++++++++++++++++++++++++-- 4 files changed, 907 insertions(+), 40 deletions(-) commit f440c8a572d7e0002d5c2c8dbd740130ad8ffa5b Author: Jike Song Date: Thu Dec 8 11:00:35 2016 +0800 drm/i915/gvt/kvmgt: read/write GPA via KVM API Previously to read/write a GPA, we at first try to pin the GFN it belongs to, then translate the pinned PFN to a kernel HVA, then read/write it. This is however not necessary. A GFN should be pinned IFF it would be accessed by peripheral devices (DMA), not by CPU. This patch changes the read/write method to KVM API, which will leverage userspace HVA and copy_{from|to}_usr instead. Signed-off-by: Jike Song Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/kvmgt.c | 37 ++++++++++++++++--------------------- 1 file changed, 16 insertions(+), 21 deletions(-) commit c55b1de02d68e4343045391c0f4978c0bc5a9447 Author: Jike Song Date: Thu Dec 8 11:00:34 2016 +0800 drm/i915/gvt/kvmgt: replace kmalloc() by kzalloc() Signed-off-by: Jike Song Signed-off-by: Zhenyu Wang drivers/gpu/drm/i915/gvt/kvmgt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit ebfb0184ef560897fad35005989e82433419202c Merge: f43d3ec 5191d88a Author: Dmitry Torokhov Date: Thu Dec 15 21:36:09 2016 -0800 Merge branch 'synaptics-rmi4' into next Merge updated Synaptics RMI4 support, including support for SMBus controllers and flashing firmware. commit f43d3ec3a889c7f6a196f3b6d6b13345ee46af8a Author: Guy Shapiro Date: Thu Dec 15 21:23:02 2016 -0800 Input: imx6ul_tsc - generalize the averaging property Make the avarage-samples property a general touchscreen property rather than imx6ul device specific. Signed-off-by: Guy Shapiro Acked-by: Rob Herring Signed-off-by: Dmitry Torokhov .../bindings/input/touchscreen/imx6ul_tsc.txt | 11 ++----- .../bindings/input/touchscreen/touchscreen.txt | 3 ++ drivers/input/touchscreen/imx6ul_tsc.c | 38 +++++++++++++++------- 3 files changed, 33 insertions(+), 19 deletions(-) commit c6f6634721c871bfab4235e1cbcad208d3063798 Merge: ff45000 baae856 Author: Michael Ellerman Date: Fri Dec 16 15:05:38 2016 +1100 Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/scottwood/linux into next Freescale updates from Scott: "Highlights include 8xx hugepage support, qbman fixes/cleanup, device tree updates, and some misc cleanup." commit 9cf8bd529c6ba81402ebf6b7a56307b0787e4f93 Author: Dan Williams Date: Thu Dec 15 20:04:31 2016 -0800 libnvdimm: replace mutex_is_locked() warnings with lockdep_assert_held For warnings that should only ever trigger during development and testing replace WARN statements with lockdep_assert_held. The lockdep pattern is prevalent, and these paths are are well covered by libnvdimm unit tests. Reported-by: Johannes Thumshirn Reviewed-by: Johannes Thumshirn Signed-off-by: Dan Williams drivers/nvdimm/claim.c | 10 ++++------ drivers/nvdimm/namespace_devs.c | 2 +- drivers/nvdimm/region_devs.c | 2 +- 3 files changed, 6 insertions(+), 8 deletions(-) commit 73e2e0c9b13c97df1c8565f6e158caac3c481b44 Merge: ed3c5a0 2549f30 Author: Linus Torvalds Date: Thu Dec 15 18:47:31 2016 -0800 Merge tag 'nfs-for-4.10-1' of git://git.linux-nfs.org/projects/trondmy/linux-nfs Pull NFS client updates from Trond Myklebust: "Highlights include: Stable bugfixes: - Fix a pnfs deadlock between read resends and layoutreturn - Don't invalidate the layout stateid while a layout return is outstanding - Don't schedule a layoutreturn if the layout stateid is marked as invalid - On a pNFS error, do not send LAYOUTGET until the LAYOUTRETURN is complete - SUNRPC: fix refcounting problems with auth_gss messages. Features: - Add client support for the NFSv4 umask attribute. - NFSv4: Correct support for flock() stateids. - Add a LAYOUTRETURN operation to CLOSE and DELEGRETURN when return-on-close is specified - Allow the pNFS/flexfiles layoutstat information to piggyback on LAYOUTRETURN - Optimise away redundant GETATTR calls when doing state recovery and/or when not required by cache revalidation rules or close-to-open cache consistency. - Attribute cache improvements - RPC/RDMA support for SG_GAP devices Bugfixes: - NFS: Fix performance regressions in readdir - pNFS/flexfiles: Fix a deadlock on LAYOUTGET - NFSv4: Add missing nfs_put_lock_context() - NFSv4.1: Fix regression in callback retry handling - Fix false positive NFSv4.0 trunking detection. - pNFS/flexfiles: Only send layoutstats updates for mirrors that were updated - Various layout stateid related bugfixes - RPC/RDMA bugfixes" * tag 'nfs-for-4.10-1' of git://git.linux-nfs.org/projects/trondmy/linux-nfs: (82 commits) SUNRPC: fix refcounting problems with auth_gss messages. nfs: add support for the umask attribute pNFS/flexfiles: Ensure we have enough buffer for layoutreturn pNFS/flexfiles: Remove a redundant parameter in ff_layout_encode_ioerr() pNFS/flexfiles: Fix a deadlock on LAYOUTGET pNFS: Layoutreturn must free the layout after the layout-private data pNFS/flexfiles: Fix ff_layout_add_ds_error_locked() NFSv4: Add missing nfs_put_lock_context() pNFS: Release NFS_LAYOUT_RETURN when invalidating the layout stateid NFSv4.1: Don't schedule lease recovery in nfs4_schedule_session_recovery() NFSv4.1: Handle NFS4ERR_BADSESSION/NFS4ERR_DEADSESSION replies to OP_SEQUENCE NFS: Only look at the change attribute cache state in nfs_check_verifier NFS: Fix incorrect size revalidation when holding a delegation NFS: Fix incorrect mapping revalidation when holding a delegation pNFS/flexfiles: Support sending layoutstats in layoutreturn pNFS/flexfiles: Minor refactoring before adding iostats to layoutreturn NFS: Fix up read of mirror stats pNFS/flexfiles: Clean up layoutstats pNFS/flexfiles: Refactor encoding of the layoutreturn payload pNFS: Add a layoutreturn callback to performa layout-private setup ... commit ed3c5a0be38c180ab0899a0f52719e81f36b87a1 Merge: 66d4667 6bdf1e0 Author: Linus Torvalds Date: Thu Dec 15 18:13:41 2016 -0800 Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost Pull virtio updates from Michael Tsirkin: "virtio, vhost: new device, fixes, speedups This includes the new virtio crypto device, and fixes all over the place. In particular enabling endian-ness checks for sparse builds found some bugs which this fixes. And it appears that everyone is in agreement that disabling endian-ness sparse checks shouldn't be necessary any longer. So this enables them for everyone, and drops the __CHECK_ENDIAN__ and __bitwise__ APIs. IRQ handling in virtio has been refactored somewhat, the larger switch to IRQ_SHARED will have to wait as it proved too aggressive" * tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost: (34 commits) Makefile: drop -D__CHECK_ENDIAN__ from cflags fs/logfs: drop __CHECK_ENDIAN__ Documentation/sparse: drop __CHECK_ENDIAN__ linux: drop __bitwise__ everywhere checkpatch: replace __bitwise__ with __bitwise Documentation/sparse: drop __bitwise__ tools: enable endian checks for all sparse builds linux/types.h: enable endian checks for all sparse builds virtio_mmio: Set dev.release() to avoid warning vhost: remove unused feature bit virtio_ring: fix description of virtqueue_get_buf vhost/scsi: Remove unused but set variable tools/virtio: use {READ,WRITE}_ONCE() in uaccess.h vringh: kill off ACCESS_ONCE() tools/virtio: fix READ_ONCE() crypto: add virtio-crypto driver vhost: cache used event for better performance vsock: lookup and setup guest_cid inside vhost_vsock_lock virtio_pci: split vp_try_to_find_vqs into INTx and MSI-X variants virtio_pci: merge vp_free_vectors into vp_del_vqs ... commit 47057abde515155a4fee53038e7772d6b387e0aa Author: Andreas Gruenbacher Date: Tue Jan 12 20:24:14 2016 +0100 nfsd: add support for the umask attribute Clients can set the umask attribute when creating files to cause the server to apply it always except when inheriting permissions from the parent directory. That way, the new files will end up with the same permissions as files created locally. See https://tools.ietf.org/html/draft-ietf-nfsv4-umask-02 for more details. Signed-off-by: Andreas Gruenbacher Signed-off-by: J. Bruce Fields fs/nfsd/nfs4proc.c | 3 +++ fs/nfsd/nfs4xdr.c | 26 +++++++++++++++++++++----- fs/nfsd/nfsd.h | 9 +++++++-- fs/nfsd/nfssvc.c | 4 ++-- include/linux/nfs4.h | 1 + 5 files changed, 34 insertions(+), 9 deletions(-) commit 66d466722c39f663b2bbeb44ba4f9419a548fa23 Merge: 991688bf ed141f2 Author: Linus Torvalds Date: Thu Dec 15 16:06:15 2016 -0800 Merge branch 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm Pull ARM updates from Russell King: - an update for clkdev registration error detection to simplify users - add cpu capacity parsing from DT - support for larger cachelines found on UniPhier caches - documentation for udelay constants - properly tag assembly function declarations - remove unnecessary indirection of asm/mach-types.h - switch to syscall table based generation to simplify future additions of system calls, along with correpsonding commit for pkey syscalls - remove redundant sa1101 header file - RONX protect modules when they're in the vmalloc region * 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm: ARM: mm: allow set_memory_*() to be used on the vmalloc region ARM: mm: fix set_memory_*() bounds checks ARM: 8631/1: clkdev: Detect errors in clk_hw_register_clkdev() for mass registration ARM: 8629/1: vfp: properly tag assembly function declarations in C code ARM: 8622/3: add sysfs cpu_capacity attribute ARM: 8621/3: parse cpu capacity-dmips-mhz from DT ARM: 8623/1: mm: add ARM_L1_CACHE_SHIFT_7 for UniPhier outer cache ARM: Update mach-types ARM: sa1100: remove SA-1101 header file ARM: 8619/1: udelay: document the various constants ARM: wire up new pkey syscalls ARM: convert to generated system call tables ARM: remove indirection of asm/mach-types.h commit 991688bfc63550b8c7ab9fb1de2feb44e3071d29 Merge: 482c3e88 2ada959 Author: Linus Torvalds Date: Thu Dec 15 16:03:25 2016 -0800 Merge tag 'armsoc-drivers' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc Pull ARM SoC driver updates from Arnd Bergmann: "Driver updates for ARM SoCs, including a couple of newly added drivers: - A new driver for the power management controller on TI Keystone - Support for the prerelease "SCPI" firmware protocol that ended up being shipped by Amlogic in their GXBB SoC. - A soc_device can now be matched using a glob from inside the kernel, when another driver wants to know the specific chip it is running on and cannot find out from DT, firmware or hardware. - Renesas SoCs now support identification through the soc_device interface, both in user space and kernel. - Renesas r8a7743 and r8a7745 gain support for their system controller - A new checking module for the ARM "PSCI" (not to be confused with "SCPI" mentioned above) firmware interface. - A new driver for the Tegra GMI memory interface - Support for the Tegra firmware interfaces with their power management controllers As usual, the updates for the reset controller framework are merged here, as they tend to touch multiple SoCs as well, including a new driver for the Oxford (now Broadcom) OX820 chip and the Tegra bpmp interface. The existing drivers for Atmel, Qualcomm, NVIDIA, TI Davinci, and Rockchips SoCs see some further updates" * tag 'armsoc-drivers' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (76 commits) misc: sram: remove useless #ifdef drivers: psci: Allow PSCI node to be disabled drivers: psci: PSCI checker module soc: renesas: Identify SoC and register with the SoC bus firmware: qcom: scm: Return PTR_ERR when devm_clk_get fails firmware: qcom: scm: Remove core, iface and bus clocks dependency dt-bindings: firmware: scm: Add MSM8996 DT bindings memory: da8xx-ddrctl: drop the call to of_flat_dt_get_machine_name() bus: da8xx-mstpri: drop the call to of_flat_dt_get_machine_name() ARM: shmobile: Document DT bindings for Product Register soc: renesas: rcar-sysc: add R8A7745 support reset: Add Tegra BPMP reset driver dt-bindings: firmware: Allow child nodes inside the Tegra BPMP dt-bindings: Add power domains to Tegra BPMP firmware firmware: tegra: Add BPMP support firmware: tegra: Add IVC library dt-bindings: firmware: Add bindings for Tegra BPMP mailbox: tegra-hsp: Use after free in tegra_hsp_remove_doorbells() mailbox: Add Tegra HSP driver firmware: arm_scpi: add support for pre-v1.0 SCPI compatible ... commit 482c3e8835e9e9b325aad295c21bd9e965a11006 Merge: 786a72d 09a5665 Author: Linus Torvalds Date: Thu Dec 15 15:58:28 2016 -0800 Merge tag 'armsoc-dt64' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc Pull ARM 64-bit DT updates from Arnd Bergmann: "A couple of interesting new SoC platforms are now supported, these are the respective DTS sources: - Samsung Exynos5433 mobile phone platform, including an (almost) fully supported phone reference board. - Hisilicon Hip07 server platform and D05 board, the latest iteration of their product line, now with 64 Cortex-A72 cores across two sockets. - Allwinner A64 SoC, the first 64-bit chip from their "sunxi" product line, used in Android tablets and ultra-cheap development boards - NXP LS1046A Communication processor, improving on the earlier LS1043A with faster CPU cores - Qualcomm MSM8992 (Snapdragon 808) and MSM8994 (Snapdragon 810) mobile phone SoCs - Early support for the Nvidia Tegra Tegra186 SoC - Amlogic S905D is a minor variant of their existing Android consumer product line - Rockchip PX5 automotive platform, a close relative of their popular rk3368 Android tablet chips Aside from the respective evaluation platforms for the above chips, there are only a few consumer devices and boards added this time: - Huawei Nexus 6P (Angler) mobile phone - LG Nexus 5x (Bullhead) mobile phone - Nexbox A1 and A95X Android TV boxes - Pine64 development board based on Allwinner A64 - Globalscale Marvell ESPRESSOBin community board based on Armada 3700 - Renesas "R-Car Starter Kit Pro" (M3ULCB) low-cost automotive board For the existing platforms, we get bug fixes and new peripheral support for Juno, Renesas, Uniphier, Amlogic, Samsung, Broadcom, Rockchip, Berlin, and ZTE" * tag 'armsoc-dt64' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (168 commits) arm64: dts: fix build errors from missing dependencies ARM64: dts: meson-gxbb: add SCPI pre-1.0 compatible ARM64: dts: meson-gxl: Add support for Nexbox A95X ARM64: dts: meson-gxm: Add support for the Nexbox A1 ARM: dts: artpec: add pcie support arm64: dts: berlin4ct-dmp: add missing unit name to /memory node arm64: dts: berlin4ct-stb: add missing unit name to /memory node arm64: dts: berlin4ct: add missing unit name to /soc node arm64: dts: qcom: msm8916: Add ddr support to sdhc1 arm64: dts: exynos: Enable HS400 mode for eMMC for TM2 ARM: dts: Add xo to sdhc clock node on qcom platforms ARM64: dts: Add support for Meson GXM dt-bindings: add rockchip RK1108 Evaluation board arm64: dts: NS2: Add PCI PHYs arm64: dts: NS2: enable sdio1 arm64: dts: exynos: Add the mshc_2 node for supporting T-Flash arm64: tegra: Add NVIDIA P2771 board support arm64: tegra: Enable PSCI on P3310 arm64: tegra: Add NVIDIA P3310 processor module support arm64: tegra: Add GPIO controllers on Tegra186 ... commit 786a72d79140028537382fa63bea63d5640c27d6 Merge: 3bd776b 8237c0b Author: Linus Torvalds Date: Thu Dec 15 15:50:24 2016 -0800 Merge tag 'armsoc-dt' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc Pull ARM DT updates from Arnd Bergmann: "Lots of changes as usual, so I'm trying to be brief here. Most of the new hardware support has the respective driver changes merged through other trees or has had it available for a while, so this is where things come together. We get a DT descriptions for a couple of new SoCs, all of them variants of other chips we already support, and usually coming with a new evaluation board: - Oxford semiconductor (now Broadcom) OX820 SoC for NAS devices - Qualcomm MDM9615 LTE baseband - NXP imx6ull, the latest and smallest i.MX6 application processor variant - Renesas RZ/G (r8a7743 and r8a7745) application processors - Rockchip PX3, a variant of the rk3188 chip used in Android tablets - Rockchip rk1108 single-core application processor - ST stm32f746 Cortex-M7 based microcontroller - TI DRA71x automotive processors These are commercially available consumer platforms we now support: - Motorola Droid 4 (xt894) mobile phone - Rikomagic MK808 Android TV stick based on Rockchips rx3066 - Cloud Engines PogoPlug v3 based on OX820 - Various Broadcom based wireless devices: - Netgear R8500 router - Tenda AC9 router - TP-LINK Archer C9 V1 - Luxul XAP-1510 Access point - Turris Omnia open hardware router based on Armada 385 And a couple of new boards targeted at developers, makers or industrial integration: - Macnica Sodia development platform for Altera socfpga (Cyclone V) - MicroZed board based on Xilinx Zynq FPGA platforms - TOPEET itop/elite based on exynos4412 - WP8548 MangOH Open Hardware platform for IOT, based on Qualcomm MDM9615 - NextThing CHIP Pro gadget - NanoPi M1 development board - AM571x-IDK industrial board based on TI AM5718 - i.MX6SX UDOO Neo - Boundary Devices Nitrogen6_SOM2 (i.MX6) - Engicam i.CoreM6 - Grinn i.MX6UL liteSOM/liteBoard - Toradex Colibri iMX6 module Other changes: - added peripherals on renesas, davinci, stm32f429, uniphier, sti, mediatek, integrator, at91, imx, vybrid, ls1021a, omap, qualcomm, mvebu, allwinner, broadcom, exynos, zynq - Continued fixes for W=1 dtc warnings - The old STiH415/416 SoC support gets removed, these never made it into products and have served their purpose in the kernel as a template for teh newer chips from ST - The exynos4415 dtsi file is removed as nothing uses it. - Intel PXA25x can now be booted using devicetree" * tag 'armsoc-dt' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (422 commits) arm: dts: zynq: Add MicroZed board support ARM: dts: da850: enable high speed for mmc ARM: dts: da850: Add node for pullup/pulldown pinconf ARM: dts: da850: enable memctrl and mstpri nodes per board ARM: dts: da850-lcdk: Add ethernet0 alias to DT ARM: dts: artpec: add pcie support ARM: dts: add support for Turris Omnia devicetree: Add vendor prefix for CZ.NIC ARM: dts: berlin2q-marvell-dmp: fix typo in chosen node ARM: dts: berlin2q-marvell-dmp: fix regulators' name ARM: dts: Add xo to sdhc clock node on qcom platforms ARM: dts: r8a7794: Add device node for PRR ARM: dts: r8a7793: Add device node for PRR ARM: dts: r8a7792: Add device node for PRR ARM: dts: r8a7791: Add device node for PRR ARM: dts: r8a7790: Add device node for PRR ARM: dts: r8a7779: Add device node for PRR ARM: dts: r8a73a4: Add device node for PRR ARM: dts: sk-rzg1e: add Ether support ARM: dts: sk-rzg1e: initial device tree ... commit 3bd776bbda9e8f2453e7361d340933dccd067fc3 Merge: 775fadd 2e50f79 Author: Linus Torvalds Date: Thu Dec 15 15:42:41 2016 -0800 Merge tag 'armsoc-arm64' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc Pull ARM SoC 64-bit updates from Arnd Bergmann: "Changes to platform code for 64-bit ARM platforms. We are not adding any new platforms that require code or Kconfig changes this time, so it's basically just defconfig changes to enable support for more drivers used on the existing platforms. This is mainly interesting for the Raspberry Pi 3, which should now work much better with the default build" * tag 'armsoc-arm64' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: arm64: defconfig: drop GPIO_SYSFS on multiplatforms arm64: defconfig: Do not lower CONFIG_LOG_BUF_SHIFT arm64: defconfig: allow rk3399-based boards to boot from mmc and usb arm64: defconfig: enable RK808 components arm64: defconfig: enable I2C and DW MMC controller on rockchip platform arm64: defconfig: Enable Tegra186 SoC ARM64: configs: Activate Internal PHY for Meson GXL arm64: qcom: enable GPIOLIB in Kconfig arm64: configs: enable configs for msm899(2/4) basic support ARM64: bcm2835: add thermal driver to default config ARM64: configs: Add Platform MHU in defconfig MAINTAINERS: Update Broadcom Vulcan maintainer email arm64: defconfig: enable EEPROM_AT25 config option arm64: Enable HIBERNATION in defconfig arm64: defconfig: Enable DRM DU and V4L2 FCP + VSP modules ARM64: defconfig: Enable MMC related configs arm64: Add BCM2835 (Raspberry Pi 3) support to the defconfig commit 775fadd09e7beac2fc61cc0517629e9fa69bdb56 Merge: e79ab19 9f793ef Author: Linus Torvalds Date: Thu Dec 15 15:41:04 2016 -0800 Merge tag 'armsoc-defconfig' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc Pull ARM SoC defconfig updates from Arnd Bergmann: "Defconfig additions, removals, etc. Most of these are small changes adding the options for newly upstreamed drivers, or drivers needed for new board support. Bartlomiej Zolnierkiewicz has done a series of patches reducing the use of CONFIG_IDE from 19 to 3 in favor of CONFIG_ATA. Overall more patches than usual, but nothing big" * tag 'armsoc-defconfig' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (54 commits) ARM: davinci_all_defconfig: Enable da8xx usb otg ARM: defconfig: drop GPIO_SYSFS on multiplatforms ARM: multi_v7_defconfig: enable STMicroelectronics HVA driver ARM: configs: Add new config fragment to change RAM start point ARM: davinci_all_defconfig: Enable OHCI as module ARM: defconfig: turn on the DT cpufreq for Integrator ARM: omap2plus_defconfig: Run make savedefconfig to save some space ARM: davinci_all_defconfig: add missing options for systemd ARM: davinci_all_defconfig: enable the mstpri and ddrctl drivers ARM: bcm2835: add thermal driver to default config ARM: omap2plus_defconfig: Enable LP873X support ARM: omap2plus_defconfig: Enable REGULATOR_GPIO ARM: omap2plus_defconfig: Enable TOUCHSCREEN_TSC2004 ARM: socfpga_defconfig: enable FS configs to support Angstrom filesystem ARM: config: Enable GPIO Key driver in stm32_defconfig ARM: tegra: Enable GMI driver in default configuration ARM: tegra: Enable SGTL5000 audio ARM: tegra: Update default configuration for v4.9-rc1 ARM: socfpga: updates for socfpga_defconfig ARM: davinci_all_defconfig: enable LED default-on trigger ... commit e79ab194d15e1baa25540cb9efaf2a459cf4bc32 Merge: 3ec5e8d 44c29b8 Author: Linus Torvalds Date: Thu Dec 15 15:39:02 2016 -0800 Merge tag 'armsoc-soc' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc Pull ARM SoC platform updates from Arnd Bergmann: "These are updates for platform specific code on 32-bit ARM machines, essentially anything that can not (yet) be expressed using DT files. Noteworthy changes include: - Added support for the TI DRA71x family of SoCs in mach-omap2, this is an new variant of the the DRA72x/DRA74x automotive infotainment chips we already supported for a while. - Added support for the ST STM32F746 SoC, the first Cortex-M7 based microcontroller we support, related to the smaller STM32F4 family. - Renesas adds support for r8a7743 and r8a7745 in mach-shmobile, see http://elinux.org/RZ-G - SMP is now supported on the OX820 platform - A lot of code in mach-omap2 gets removed as a follow-up to removing support for board files in the previous release - Davinci has some new work to improve USB support - For i.MX, the performance monitor now supports profiling the memory controller using 'perf'" * tag 'armsoc-soc' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (95 commits) ARM: davinci: da830-evm: use gpio descriptor for mmc pins ARM: davinci: da850-evm: use gpio descriptor for mmc pins ARM: davinci: hawk: use gpio descriptor for mmc pins ARM: ARTPEC-6: add select MFD_SYSCON to MACH_ARTPEC6 ARM: davinci: da8xx: Fix ohci device name ARM: oxnas: Add OX820 config and makefile entry ARM: oxnas: Add OX820 SMP support ARM: davinci: PM: fix build when da850 not compiled in ARM: orion5x: remove legacy support of ls-chl ARM: integrator: drop EBI access use syscon ARM: BCM5301X: Add back handler ignoring external imprecise aborts ARM: davinci: PM: support da8xx DT platforms ARM: davinci: PM: cleanup: remove references to pdata ARM: davinci: PM: rework init, remove platform device ARM: Kconfig: Introduce MACH_STM32F746 flag ARM: mach-stm32: Add a new SOC - STM32F746 ARM: shmobile: document SK-RZG1E board ARM: shmobile: r8a7745: basic SoC support ARM: imx: mach-imx6ul: add imx6ull support ARM: zynq: Reserve correct amount of non-DMA RAM ... commit 3ec5e8d82b1a4ee42c8956099d89b87917dd3ba5 Merge: 09dee2a 816c60c Author: Linus Torvalds Date: Thu Dec 15 15:15:13 2016 -0800 Merge tag 'armsoc-fixes-nc' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc Pull ARM SoC non-urgent fixes from Arnd Bergmann: "As usual, we queue up a few fixes that don't seem urgent enough to go in through -rc, or that just came a little too late given their size. The zx fixes make the platform finally boot on real hardware, the davinci and imx31 get the DT support working better for some of the machines that are still normally used with classic board files. One tegra fix is important for new bootloader versions, but the bug has been around for a while without anyone noticing. The other changes are mostly cosmetic" * tag 'armsoc-fixes-nc' of git://git.kernel.org/pub/scm/linux/kernel/git/arm/arm-soc: (22 commits) arm64: tegra: Add missing Smaug revision arm64: tegra: Add VDD_GPU regulator to Jetson TX1 arm64: dts: zte: clean up gic-v3 redistributor properties arm64: dts: zx: Fix gic GICR property bus: vexpress-config: fix device reference leak soc: ti: qmss: fix the case when !SMP ARM: lpc32xx: drop duplicate header device.h ARM: ixp4xx: drop duplicate header gpio.h ARM: socfpga: fix spelling mistake in error message ARM: dts: imx6q-cm-fx6: fix fec pinctrl ARM: dts: imx7d-pinfunc: fix UART pinmux defines ARM: dts: imx6qp: correct LDB clock inputs ARM: OMAP2+: pm-debug: Use seq_putc() in two functions ARM: OMAP2+: Remove the omapdss_early_init_of() function mfd: tps65217: Fix mismatched interrupt number ARM: zx: Fix error handling ARM: spear: Fix error handling ARM: davinci: da850: Fix pwm name matching ARM: clk: imx31: properly init clocks for machines with DT clk: imx31: fix rewritten input argument of mx31_clocks_init() ... commit 09dee2a608a4a7d42f021f83084ade7de2415d7e Merge: d25b6af 22f6592 Author: Linus Torvalds Date: Thu Dec 15 14:17:32 2016 -0800 Merge tag 'linux-kselftest-4.10-rc1-update' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest Pull kselftest updates from Shuah Khan: "This update consists of: - new tests to exercise the Sync Kernel Infrastructure. These tests are part of a battery of Android libsync tests and are re-written to test the new sync user-space interfaces from Emilio López, and Gustavo Padovan. - test to run hw-independent mock tests for i915.ko from Chris Wilson - a new gpio test case from Bamvor Jian Zhang - missing gitignore additions" * tag 'linux-kselftest-4.10-rc1-update' of git://git.kernel.org/pub/scm/linux/kernel/git/shuah/linux-kselftest: selftest/gpio: add gpio test case selftest: sync: improve assert() failure message kselftests: Exercise hw-independent mock tests for i915.ko selftests: add missing gitignore files/dirs selftests: add missing set-tz to timers .gitignore selftest: sync: stress test for merges selftest: sync: stress consumer/producer test selftest: sync: stress test for parallelism selftest: sync: wait tests for sw_sync framework selftest: sync: merge tests for sw_sync framework selftest: sync: fence tests for sw_sync framework selftest: sync: basic tests for sw_sync framework commit d25b6af91ec600faaff3a7e863f19d3e16593e52 Merge: 179a7ba 7badf6f Author: Linus Torvalds Date: Thu Dec 15 14:15:17 2016 -0800 Merge tag 'arc-4.10-rc1-part1' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc Pull ARC updates from Vineet Gupta: "These are mostly timer/clocksource driver updates which were Reviewed/Acked by Daniel but had to be merged via ARC tree due to dependencies. I will follow up with another pull request with actual ARC changes early next week ! Summary: - Moving ARC timer driver into drivers/clocksource - EZChip timer driver updates [Noam] - ARC AXS103 and HAPS platform updates [Alexey]" * tag 'arc-4.10-rc1-part1' of git://git.kernel.org/pub/scm/linux/kernel/git/vgupta/arc: ARC: axs10x: really enable ARC PGU ARC: rename Zebu platform support to HAPS clocksource: nps: avoid maybe-uninitialized warning clocksource: Add clockevent support to NPS400 driver clocksource: update "fn" at CLOCKSOURCE_OF_DECLARE() of nps400 timer soc: Support for NPS HW scheduling clocksource: import ARC timer driver ARC: breakout timer include code into separate header ... ARC: move mcip.h into include/soc and adjust the includes ARC: breakout aux handling into a separate header ARC: time: move time_init() out of the driver ARC: timer: gfrc, rtc: build under same option (64-bit timers) ARC: timer: gfrc, rtc: Read BCR to detect whether hardware exists ... ARC: timer: gfrc, rtc: deuglify big endian code commit 6bdf1e0efb04a1716373646cb6f35b73addca492 Author: Michael S. Tsirkin Date: Thu Dec 15 04:07:46 2016 +0200 Makefile: drop -D__CHECK_ENDIAN__ from cflags That's the default now, no need for makefiles to set it. Signed-off-by: Michael S. Tsirkin Acked-by: Kalle Valo Acked-by: Marcel Holtmann Acked-by: Marc Kleine-Budde Acked-by: Greg Kroah-Hartman Acked-by: Arend van Spriel drivers/bluetooth/Makefile | 2 -- drivers/net/can/Makefile | 1 - drivers/net/ethernet/altera/Makefile | 1 - drivers/net/ethernet/atheros/alx/Makefile | 1 - drivers/net/ethernet/freescale/Makefile | 2 -- drivers/net/wireless/ath/Makefile | 2 -- drivers/net/wireless/ath/wil6210/Makefile | 2 -- drivers/net/wireless/broadcom/brcm80211/brcmfmac/Makefile | 2 -- drivers/net/wireless/broadcom/brcm80211/brcmsmac/Makefile | 1 - drivers/net/wireless/intel/iwlegacy/Makefile | 2 -- drivers/net/wireless/intel/iwlwifi/Makefile | 2 +- drivers/net/wireless/intel/iwlwifi/dvm/Makefile | 2 +- drivers/net/wireless/intel/iwlwifi/mvm/Makefile | 2 +- drivers/net/wireless/intersil/orinoco/Makefile | 3 --- drivers/net/wireless/mediatek/mt7601u/Makefile | 2 -- drivers/net/wireless/realtek/rtlwifi/Makefile | 2 -- drivers/net/wireless/realtek/rtlwifi/btcoexist/Makefile | 2 -- drivers/net/wireless/realtek/rtlwifi/rtl8188ee/Makefile | 2 -- drivers/net/wireless/realtek/rtlwifi/rtl8192c/Makefile | 2 -- drivers/net/wireless/realtek/rtlwifi/rtl8192ce/Makefile | 2 -- drivers/net/wireless/realtek/rtlwifi/rtl8192cu/Makefile | 2 -- drivers/net/wireless/realtek/rtlwifi/rtl8192de/Makefile | 2 -- drivers/net/wireless/realtek/rtlwifi/rtl8192ee/Makefile | 2 -- drivers/net/wireless/realtek/rtlwifi/rtl8192se/Makefile | 2 -- drivers/net/wireless/realtek/rtlwifi/rtl8723ae/Makefile | 2 -- drivers/net/wireless/realtek/rtlwifi/rtl8723be/Makefile | 2 -- drivers/net/wireless/realtek/rtlwifi/rtl8723com/Makefile | 2 -- drivers/net/wireless/realtek/rtlwifi/rtl8821ae/Makefile | 2 -- drivers/net/wireless/ti/wl1251/Makefile | 2 -- drivers/net/wireless/ti/wlcore/Makefile | 2 -- drivers/staging/rtl8188eu/Makefile | 2 +- drivers/staging/rtl8192e/Makefile | 2 -- drivers/staging/rtl8192e/rtl8192e/Makefile | 2 -- net/bluetooth/Makefile | 2 -- net/ieee802154/Makefile | 2 -- net/mac80211/Makefile | 2 +- net/mac802154/Makefile | 2 -- net/wireless/Makefile | 2 -- 38 files changed, 5 insertions(+), 68 deletions(-) commit 378d5a40fa2c251b31d64e9a7e746f71c2e39b14 Author: Michael S. Tsirkin Date: Sun Dec 11 06:47:27 2016 +0200 fs/logfs: drop __CHECK_ENDIAN__ No need for it anymore: __bitwise checks are now on by default for everyone. Signed-off-by: Michael S. Tsirkin fs/logfs/logfs.h | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) commit dc67a9f70c0b43b0d1f3aa04407e67ca4cf9b241 Author: Michael S. Tsirkin Date: Sun Dec 11 06:41:20 2016 +0200 Documentation/sparse: drop __CHECK_ENDIAN__ It's no longer used. Signed-off-by: Michael S. Tsirkin Documentation/dev-tools/sparse.rst | 7 +------ Documentation/translations/zh_CN/sparse.txt | 7 +------ 2 files changed, 2 insertions(+), 12 deletions(-) commit 9efeccacd3a486128d3add611dd4cefb5b60a58c Author: Michael S. Tsirkin Date: Sun Dec 11 06:34:53 2016 +0200 linux: drop __bitwise__ everywhere __bitwise__ used to mean "yes, please enable sparse checks unconditionally", but now that we dropped __CHECK_ENDIAN__ __bitwise is exactly the same. There aren't many users, replace it by __bitwise everywhere. Signed-off-by: Michael S. Tsirkin Acked-by: Greg Kroah-Hartman Acked-by: Stefan Schmidt Acked-by: Krzysztof Kozlowski Akced-by: Lee Duncan arch/arm/plat-samsung/include/plat/gpio-cfg.h | 2 +- drivers/md/dm-cache-block-types.h | 6 +++--- drivers/net/ethernet/sun/sunhme.h | 2 +- drivers/net/wireless/intel/iwlwifi/iwl-fw-file.h | 4 ++-- include/linux/mmzone.h | 2 +- include/linux/serial_core.h | 4 ++-- include/linux/types.h | 4 ++-- include/scsi/iscsi_proto.h | 2 +- include/target/target_core_base.h | 2 +- include/uapi/linux/virtio_types.h | 6 +++--- net/ieee802154/6lowpan/6lowpan_i.h | 2 +- net/mac80211/ieee80211_i.h | 4 ++-- 12 files changed, 20 insertions(+), 20 deletions(-) commit 46d832f5e2102cce455672c5a0b8cbe97e27fe42 Author: Michael S. Tsirkin Date: Sun Dec 11 06:29:58 2016 +0200 checkpatch: replace __bitwise__ with __bitwise __bitwise__ is an implementation detail now. Signed-off-by: Michael S. Tsirkin scripts/checkpatch.pl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 9536099a8ef185abc0497d5e995ce23bd587a96e Author: Michael S. Tsirkin Date: Sun Dec 11 06:28:41 2016 +0200 Documentation/sparse: drop __bitwise__ We dropped __CHECK_ENDIAN__ so __bitwise__ is now an implementation detail. People should use __bitwise everywhere. Signed-off-by: Michael S. Tsirkin Documentation/dev-tools/sparse.rst | 7 ------- 1 file changed, 7 deletions(-) commit 376a5fb34b04524af501a0c5979c5920be940e05 Author: Michael S. Tsirkin Date: Sun Dec 11 06:27:21 2016 +0200 tools: enable endian checks for all sparse builds We dropped need for __CHECK_ENDIAN__ for linux, this mirrors this for tools. Signed-off-by: Michael S. Tsirkin tools/include/linux/types.h | 4 ---- 1 file changed, 4 deletions(-) commit 05de97003c773e7881e4df3f767b81a6508107f2 Author: Michael S. Tsirkin Date: Thu Dec 8 04:19:29 2016 +0200 linux/types.h: enable endian checks for all sparse builds By now, linux is mostly endian-clean. Enabling endian-ness checks for everyone produces about 200 new sparse warnings for me - less than 10% over the 2000 sparse warnings already there. Not a big deal, OTOH enabling this helps people notice they are introducing new bugs. So let's just drop __CHECK_ENDIAN__. Follow-up patches can drop distinction between __bitwise and __bitwise__. Cc: Linus Torvalds Suggested-by: Christoph Hellwig Signed-off-by: Michael S. Tsirkin include/uapi/linux/types.h | 4 ---- 1 file changed, 4 deletions(-) commit cecdbdc3771e5b8583a9b43b03335b4223a9a6c9 Author: Yuan Liu Date: Wed Nov 23 16:31:00 2016 -0800 virtio_mmio: Set dev.release() to avoid warning Fix a warning thrown from virtio_mmio_remove(): Device 'virtio0' does not have a release() function The fix is according to virtio_pci_probe() of drivers/virtio/virtio_pci_common.c Signed-off-by: Yuan Liu Signed-off-by: Michael S. Tsirkin drivers/virtio/virtio_mmio.c | 2 ++ 1 file changed, 2 insertions(+) commit 8d390464bf22a47252eb976efae2f462c5c884e5 Author: Jason Wang Date: Fri Nov 18 15:58:39 2016 +0800 vhost: remove unused feature bit Signed-off-by: Jason Wang Signed-off-by: Michael S. Tsirkin include/uapi/linux/vhost.h | 2 -- 1 file changed, 2 deletions(-) commit 0c7eaf5930e145b9f1a0121bd5813a05b0fc77f2 Author: Felipe Franciosi Date: Mon Nov 14 06:16:15 2016 -0800 virtio_ring: fix description of virtqueue_get_buf The device (not the driver) populates the used ring and includes the len of how much data was written. Signed-off-by: Felipe Franciosi Signed-off-by: Michael S. Tsirkin drivers/virtio/virtio_ring.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit b9fd06d0dae38a88efa4b770dfa9db7dcbe3cda9 Author: Tobias Klauser Date: Fri Nov 11 14:27:10 2016 +0100 vhost/scsi: Remove unused but set variable Remove the unused but set variable se_tpg in vhost_scsi_nexus_cb() to fix the following GCC warning when building with 'W=1': drivers/vhost/scsi.c:1752:26: warning: variable ‘se_tpg’ set but not used Signed-off-by: Tobias Klauser Signed-off-by: Michael S. Tsirkin drivers/vhost/scsi.c | 2 -- 1 file changed, 2 deletions(-) commit ea9156fb3b71d9f7e383253eaff9dd7498b23276 Author: Mark Rutland Date: Thu Nov 24 10:25:14 2016 +0000 tools/virtio: use {READ,WRITE}_ONCE() in uaccess.h As a step towards killing off ACCESS_ONCE, use {READ,WRITE}_ONCE() for the virtio tools uaccess primitives, pulling these in from . With this done, we can kill off the now-unused ACCESS_ONCE() definition. Signed-off-by: Mark Rutland Cc: Jason Wang Cc: Michael S. Tsirkin Cc: linux-kernel@vger.kernel.org Cc: virtualization@lists.linux-foundation.org Signed-off-by: Michael S. Tsirkin Reviewed-by: Cornelia Huck Reviewed-by: Jason Wang tools/virtio/linux/uaccess.h | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) commit 9d1b972f8a25bba01ecfc1d90d7a2fbf1923d052 Author: Mark Rutland Date: Thu Nov 24 10:25:13 2016 +0000 vringh: kill off ACCESS_ONCE() Despite living under drivers/ vringh.c is also used as part of the userspace virtio tools. Before we can kill off the ACCESS_ONCE()definition in the tools, we must convert vringh.c to use {READ,WRITE}_ONCE(). This patch does so, along with the required include of for the relevant definitions. The userspace tools provide their own definitions in their own . Signed-off-by: Mark Rutland Cc: Jason Wang Cc: Michael S. Tsirkin Cc: kvm@vger.kernel.org Cc: linux-kernel@vger.kernel.org Cc: netdev@vger.kernel.org Cc: virtualization@lists.linux-foundation.org Signed-off-by: Michael S. Tsirkin Reviewed-by: Christian Borntraeger Reviewed-by: Cornelia Huck Reviewed-by: Jason Wang drivers/vhost/vringh.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 5da889c795b1fbefc9d8f058b54717ab8ab17891 Author: Mark Rutland Date: Thu Nov 24 10:25:12 2016 +0000 tools/virtio: fix READ_ONCE() The virtio tools implementation of READ_ONCE() has a single parameter called 'var', but erroneously refers to 'val' for its cast, and thus won't work unless there's a variable of the correct type that happens to be called 'var'. Fix this with s/var/val/, making READ_ONCE() work as expected regardless. Fixes: a7c490333df3cff5 ("tools/virtio: use virt_xxx barriers") Signed-off-by: Mark Rutland Cc: Jason Wang Cc: Michael S. Tsirkin Cc: linux-kernel@vger.kernel.org Cc: virtualization@lists.linux-foundation.org Signed-off-by: Michael S. Tsirkin Reviewed-by: Cornelia Huck Reviewed-by: Jason Wang tools/virtio/linux/compiler.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit dbaf0624ffa57ae6e7d87a823185ccd9a7852d3c Author: Gonglei Date: Thu Dec 15 10:03:16 2016 +0800 crypto: add virtio-crypto driver This patch introduces virtio-crypto driver for Linux Kernel. The virtio crypto device is a virtual cryptography device as well as a kind of virtual hardware accelerator for virtual machines. The encryption anddecryption requests are placed in the data queue and are ultimately handled by thebackend crypto accelerators. The second queue is the control queue used to create or destroy sessions for symmetric algorithms and will control some advanced features in the future. The virtio crypto device provides the following cryptoservices: CIPHER, MAC, HASH, and AEAD. For more information about virtio-crypto device, please see: http://qemu-project.org/Features/VirtioCrypto CC: Michael S. Tsirkin CC: Cornelia Huck CC: Stefan Hajnoczi CC: Herbert Xu CC: Halil Pasic CC: David S. Miller CC: Zeng Xin Signed-off-by: Gonglei Signed-off-by: Michael S. Tsirkin MAINTAINERS | 9 + drivers/crypto/Kconfig | 2 + drivers/crypto/Makefile | 1 + drivers/crypto/virtio/Kconfig | 10 + drivers/crypto/virtio/Makefile | 5 + drivers/crypto/virtio/virtio_crypto_algs.c | 540 +++++++++++++++++++++++++++ drivers/crypto/virtio/virtio_crypto_common.h | 128 +++++++ drivers/crypto/virtio/virtio_crypto_core.c | 476 +++++++++++++++++++++++ drivers/crypto/virtio/virtio_crypto_mgr.c | 264 +++++++++++++ include/uapi/linux/Kbuild | 1 + include/uapi/linux/virtio_crypto.h | 450 ++++++++++++++++++++++ include/uapi/linux/virtio_ids.h | 1 + 12 files changed, 1887 insertions(+) commit 809ecb9bca6a9424ccd392d67e368160f8b76c92 Author: Jason Wang Date: Mon Dec 12 14:46:49 2016 +0800 vhost: cache used event for better performance When event index was enabled, we need to fetch used event from userspace memory each time. This userspace fetch (with memory barrier) could be saved sometime when 1) caching used event and 2) if used event is ahead of new and old to new updating does not cross it, we're sure there's no need to notify guest. This will be useful for heavy tx load e.g guest pktgen test with Linux driver shows ~3.5% improvement. Signed-off-by: Jason Wang Signed-off-by: Michael S. Tsirkin drivers/vhost/vhost.c | 28 ++++++++++++++++++++++------ drivers/vhost/vhost.h | 3 +++ 2 files changed, 25 insertions(+), 6 deletions(-) commit 6c083c2b8a0a110cad936bc0a2c089f0d8115175 Author: Gao feng Date: Wed Dec 14 19:24:36 2016 +0800 vsock: lookup and setup guest_cid inside vhost_vsock_lock Multi vsocks may setup the same cid at the same time. Signed-off-by: Gao feng Signed-off-by: Michael S. Tsirkin Reviewed-by: Stefan Hajnoczi drivers/vhost/vsock.c | 25 +++++++++++++++++-------- 1 file changed, 17 insertions(+), 8 deletions(-) commit a3cbec69727c8c149ee2b3652e184818cc269fe6 Author: Christoph Hellwig Date: Thu Nov 17 11:43:16 2016 +0100 virtio_pci: split vp_try_to_find_vqs into INTx and MSI-X variants There is basically no shared logic between the INTx and MSI-X case in vp_try_to_find_vqs, so split the function into two and clean them up a little bit. Also remove the fairly pointless vp_request_intx wrapper while we're at it. Signed-off-by: Christoph Hellwig Signed-off-by: Michael S. Tsirkin drivers/virtio/virtio_pci_common.c | 97 ++++++++++++++++++++++---------------- 1 file changed, 57 insertions(+), 40 deletions(-) commit 66f2f55542270c44d67f05533594f75404c1481a Author: Christoph Hellwig Date: Thu Nov 17 11:43:15 2016 +0100 virtio_pci: merge vp_free_vectors into vp_del_vqs Signed-off-by: Christoph Hellwig Signed-off-by: Michael S. Tsirkin drivers/virtio/virtio_pci_common.c | 61 +++++++++++++++++--------------------- 1 file changed, 27 insertions(+), 34 deletions(-) commit 9f8196cc05caa9aba19f38f29c5f9a12722986c4 Author: Christoph Hellwig Date: Thu Nov 17 11:43:14 2016 +0100 virtio_pci: remove the call to vp_free_vectors in vp_request_msix_vectors vp_request_msix_vectors is only called by vp_try_to_find_vqs, which already calls vp_free_vectors through vp_del_vqs in the failure case. Signed-off-by: Christoph Hellwig Signed-off-by: Michael S. Tsirkin drivers/virtio/virtio_pci_common.c | 1 - 1 file changed, 1 deletion(-) commit fa3a3279354e5f7a13ec16f2c9f5e39124745332 Author: Christoph Hellwig Date: Thu Nov 17 11:43:13 2016 +0100 virtio_pci: use pci_alloc_irq_vectors This avoids the separate allocation for the msix_entries structures, and instead allows us to use pci_irq_vector to find a given IRQ vector. Signed-off-by: Christoph Hellwig Signed-off-by: Michael S. Tsirkin drivers/virtio/virtio_pci_common.c | 42 +++++++++++++++----------------------- drivers/virtio/virtio_pci_common.h | 1 - 2 files changed, 17 insertions(+), 26 deletions(-) commit d41795978c47fa87b6514a0f2238958b7e8319a0 Author: Michael S. Tsirkin Date: Thu Dec 15 23:58:13 2016 +0200 virtio: clean up handling of request_irq failure We call del_vqs twice when request_irq fails, this makes no sense. Signed-off-by: Michael S. Tsirkin drivers/virtio/virtio_pci_common.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) commit 179a7ba6806805bd4cd7a5e4574b83353c5615ad Merge: 5e176d6 3dbb16b Author: Linus Torvalds Date: Thu Dec 15 13:49:34 2016 -0800 Merge tag 'trace-v4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace Pull tracing updates from Steven Rostedt: "This release has a few updates: - STM can hook into the function tracer - Function filtering now supports more advance glob matching - Ftrace selftests updates and added tests - Softirq tag in traces now show only softirqs - ARM nop added to non traced locations at compile time - New trace_marker_raw file that allows for binary input - Optimizations to the ring buffer - Removal of kmap in trace_marker - Wakeup and irqsoff tracers now adhere to the set_graph_notrace file - Other various fixes and clean ups" * tag 'trace-v4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace: (42 commits) selftests: ftrace: Shift down default message verbosity kprobes/trace: Fix kprobe selftest for newer gcc tracing/kprobes: Add a helper method to return number of probe hits tracing/rb: Init the CPU mask on allocation tracing: Use SOFTIRQ_OFFSET for softirq dectection for more accurate results tracing/fgraph: Have wakeup and irqsoff tracers ignore graph functions too fgraph: Handle a case where a tracer ignores set_graph_notrace tracing: Replace kmap with copy_from_user() in trace_marker writing ftrace/x86_32: Set ftrace_stub to weak to prevent gcc from using short jumps to it tracing: Allow benchmark to be enabled at early_initcall() tracing: Have system enable return error if one of the events fail tracing: Do not start benchmark on boot up tracing: Have the reg function allow to fail ring-buffer: Force rb_end_commit() and rb_set_commit_to_write() inline ring-buffer: Froce rb_update_write_stamp() to be inlined ring-buffer: Force inline of hotpath helper functions tracing: Make __buffer_unlock_commit() always_inline tracing: Make tracepoint_printk a static_key ring-buffer: Always inline rb_event_data() ring-buffer: Make rb_reserve_next_event() always inlined ... commit 5e176d6973bdac04d9f298ca384c39f08eb084cb Merge: 39d2c3b 04102c7 Author: Linus Torvalds Date: Thu Dec 15 13:41:55 2016 -0800 Merge tag 'for-linus-4.10-ofs1' of git://git.kernel.org/pub/scm/linux/kernel/git/hubcap/linux Pull orangefs updates from Mike Marshall: "Two small fixes sent in by other developers: - axe some dead code (Christophe Jaillet) - fix memory leak (Colin Ian King, found by Coverity)" * tag 'for-linus-4.10-ofs1' of git://git.kernel.org/pub/scm/linux/kernel/git/hubcap/linux: orangefs: Axe some dead code orangefs: fix memory leak of string 'new' on exit path commit 39d2c3b96e072c8756f3b980588fa516b7988cb1 Merge: e18bf80 ba75d57 Author: Linus Torvalds Date: Thu Dec 15 13:37:08 2016 -0800 Merge tag 'upstream-4.10-rc1' of git://git.infradead.org/linux-ubifs Pull ubifs updates from Richard Weinberger: - file encryption for UBIFS using the fscrypt framework - a fix to honor the dirty_writeback_interval sysctl - removal of dead code * tag 'upstream-4.10-rc1' of git://git.infradead.org/linux-ubifs: (30 commits) ubifs: Initialize fstr_real_len ubifs: Use fscrypt ioctl() helpers ubifs: Use FS_CFLG_OWN_PAGES ubifs: Raise write version to 5 ubifs: Implement UBIFS_FLG_ENCRYPTION ubifs: Implement UBIFS_FLG_DOUBLE_HASH ubifs: Use a random number for cookies ubifs: Add full hash lookup support ubifs: Rename tnc_read_node_nm ubifs: Add support for encrypted symlinks ubifs: Implement encrypted filenames ubifs: Make r5 hash binary string aware ubifs: Relax checks in ubifs_validate_entry() ubifs: Implement encrypt/decrypt for all IO ubifs: Constify struct inode pointer in ubifs_crypt_is_encrypted() ubifs: Introduce new data node field, compr_size ubifs: Enforce crypto policy in mmap ubifs: Massage assert in ubifs_xattr_set() wrt. fscrypto ubifs: Preload crypto context in ->lookup() ubifs: Enforce crypto policy in ->link and ->rename ... commit e18bf801f1501e15830db5fa927a6e2832d49d7b Merge: 8600b69 cb2bf25 Author: Linus Torvalds Date: Thu Dec 15 13:31:25 2016 -0800 Merge tag 'platform-drivers-x86-v4.10-1' of git://git.infradead.org/users/dvhart/linux-platform-drivers-x86 Pull x86 platform driver updates from Darrent Hart: "Introduce one new driver for Mellanox platforms. Add support for various new models to existing drivers via quirks, hotkeys, etc. Significant updates to intel_pmc_core in support of Kabylake and Sunrise Point PCH power management debug. Some cleanup and refactoring across various drivers. Detailed summary: dell-laptop: - Use brightness_set_blocking for kbd_led_level_set thinkpad_acpi: - Initialize local in_tablet_mode and type - Fix old style declaration GCC warning - Adding new hotkey ID for Lenovo thinkpad - Add support for X1 Yoga (2016) Tablet Mode - Move tablet detection into separate function asus-nb-wmi: - Add X45U quirk - Make use of dmi->ident asus-wmi: - Set specified XUSB2PR value for X550LB intel_mid_thermal: - Fix suspend handlers unused warning intel-vbtn: - Switch to use devm_input_allocate_device dell-wmi: - Add events created by Dell Rugged 2-in-1s - Adjust wifi catcher to emit KEY_WLAN intel_pmc_core: - Add KBL CPUID support - Add LTR IGNORE debug feature - Add MPHY PLL clock gating status - ModPhy core lanes pg status - Add PCH IP Power Gating Status - Fix PWRMBASE mask and mmio reg len acer-wmi: - Only supports AMW0_GUID1 on acer family mlx-platform: - Introduce support for Mellanox hotplug driver platform/x86: - Use ACPI_FAILURE at appropriate places" * tag 'platform-drivers-x86-v4.10-1' of git://git.infradead.org/users/dvhart/linux-platform-drivers-x86: (22 commits) platform/x86: thinkpad_acpi: Initialize local in_tablet_mode and type platform/x86: dell-laptop: Use brightness_set_blocking for kbd_led_level_set platform/x86: thinkpad_acpi: Fix old style declaration GCC warning platform/x86: thinkpad_acpi: Adding new hotkey ID for Lenovo thinkpad platform/x86: thinkpad_acpi: Add support for X1 Yoga (2016) Tablet Mode platform/x86: thinkpad_acpi: Move tablet detection into separate function platform/x86: asus-nb-wmi.c: Add X45U quirk platform/x86: asus-nb-wmi: Make use of dmi->ident platform/x86: asus-wmi: Set specified XUSB2PR value for X550LB platform/x86: intel_mid_thermal: Fix suspend handlers unused warning platform/x86: intel-vbtn: Switch to use devm_input_allocate_device platform/x86: Use ACPI_FAILURE at appropriate places platform/x86: dell-wmi: Add events created by Dell Rugged 2-in-1s platform/x86: dell-wmi: Adjust wifi catcher to emit KEY_WLAN platform/x86: intel_pmc_core: Add KBL CPUID support platform/x86: intel_pmc_core: Add LTR IGNORE debug feature platform/x86: intel_pmc_core: Add MPHY PLL clock gating status platform/x86: intel_pmc_core: ModPhy core lanes pg status platform/x86: intel_pmc_core: Add PCH IP Power Gating Status platform/x86: intel_pmc_core: Fix PWRMBASE mask and mmio reg len ... commit 8600b697cd4787ac3ce053d48ca7301836fd0c55 Merge: 0ab7b12 6eb89ef Author: Linus Torvalds Date: Thu Dec 15 12:56:35 2016 -0800 Merge branch 'i2c/for-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux Pull i2c updates from Wolfram Sang: - the first series of making i2c_device_id optional instead of mandatory (in favor of alternatives like of_device_id). This involves adding a new probe callback (probe_new) which removes some peculiarities I2C had for a long time now. The new probe is matching the other subsystems now and the old one will be removed once all users are converted. It is expected to take a while but there is ongoing interest in that. - SMBus Host Notify introduced 4.9 got refactored. They are now using interrupts instead of the alert callback which solves multiple issues. - new drivers for iMX LowPower I2C, Mellanox CPLD and its I2C mux - significant refactoring for bcm2835 driver - the usual set of driver updates and improvements * 'i2c/for-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux: (46 commits) i2c: fsl-lpi2c: read lpi2c fifo size in probe() i2c: octeon: thunderx: Remove double-check after interrupt i2c: octeon: thunderx: TWSI software reset in recovery i2c: cadence: Allow Cadence I2C to be selected for Cadence Xtensa CPUs i2c: sh_mobile: Add per-Generation fallback bindings i2c: rcar: Add per-Generation fallback bindings i2c: imx-lpi2c: add low power i2c bus driver dt-bindings: i2c: imx-lpi2c: add devicetree bindings i2c: designware-pcidrv: Add 10bit address feature to medfield/merrifield i2c: pxa: Add support for the I2C units found in Armada 3700 i2c: pxa: Add definition of fast and high speed modes via the regs layout dt-bindings: i2c: pxa: Update the documentation for the Armada 3700 i2c: qup: support SMBus block read i2c: qup: add ACPI support i2c: designware: Consolidate default functionality bits i2c: i2c-mux-gpio: update mux with gpiod_set_array_value_cansleep i2c: mux: pca954x: Add ACPI support for pca954x i2c: use an IRQ to report Host Notify events, not alert i2c: i801: remove SMBNTFDDAT reads as they always seem to return 0 i2c: i801: use the BIT() macro for FEATURES_* also ... commit 0ab7b12c49b6fbf2d4d0381374b82935f949be5f Merge: a9a16a6 b08d2e6 Author: Linus Torvalds Date: Thu Dec 15 12:46:48 2016 -0800 Merge tag 'pci-v4.10-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci Pull PCI updates from Bjorn Helgaas: "PCI changes: - add support for PCI on ARM64 boxes with ACPI. We already had this for theoretical spec-compliant hardware; now we're adding quirks for the actual hardware (Cavium, HiSilicon, Qualcomm, X-Gene) - add runtime PM support for hotplug ports - enable runtime suspend for Intel UHCI that uses platform-specific wakeup signaling - add yet another host bridge registration interface. We hope this is extensible enough to subsume the others - expose device revision in sysfs for DRM - to avoid device conflicts, make sure any VF BAR updates are done before enabling the VF - avoid unnecessary link retrains for ASPM - allow INTx masking on Mellanox devices that support it - allow access to non-standard VPD for Chelsio devices - update Broadcom iProc support for PAXB v2, PAXC v2, inbound DMA, etc - update Rockchip support for max-link-speed - add NVIDIA Tegra210 support - add Layerscape LS1046a support - update R-Car compatibility strings - add Qualcomm MSM8996 support - remove some uninformative bootup messages" * tag 'pci-v4.10-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/helgaas/pci: (115 commits) PCI: Enable access to non-standard VPD for Chelsio devices (cxgb3) PCI: Expand "VPD access disabled" quirk message PCI: pciehp: Remove loading message PCI: hotplug: Remove hotplug core message PCI: Remove service driver load/unload messages PCI/AER: Log AER IRQ when claiming Root Port PCI/AER: Log errors with PCI device, not PCIe service device PCI/AER: Remove unused version macros PCI/PME: Log PME IRQ when claiming Root Port PCI/PME: Drop unused support for PMEs from Root Complex Event Collectors PCI: Move config space size macros to pci_regs.h x86/platform/intel-mid: Constify mid_pci_platform_pm PCI/ASPM: Don't retrain link if ASPM not possible PCI: iproc: Skip check for legacy IRQ on PAXC buses PCI: pciehp: Leave power indicator on when enabling already-enabled slot PCI: pciehp: Prioritize data-link event over presence detect PCI: rcar: Add gen3 fallback compatibility string for pcie-rcar PCI: rcar: Use gen2 fallback compatibility last PCI: rcar-gen2: Use gen2 fallback compatibility last PCI: rockchip: Move the deassert of pm/aclk/pclk after phy_init() .. commit cb2bf25145e0d2abef20f47dd2ae55bff97fd9cb Author: Darren Hart Date: Wed Dec 14 14:45:48 2016 -0800 platform/x86: thinkpad_acpi: Initialize local in_tablet_mode and type linux-next reported in_tablet_mode and type may be used uninitialized after: b31800283868 ("platform/x86: thinkpad_acpi: Move tablet detection into separate function") This turns out to be a false positive as the pr_info call cannot be reached if tp_features.hotkey_tablet (global scope) is 0, and in_tablet_mode and type are assigned in both places tp_features.hotkey_tablet is assigned. Regardless, to make it explicit and avoid further reports, initialize in_tablet_mode to 0 and type to NULL. Signed-off-by: Darren Hart Acked-by: Henrique de Moraes Holschuh Cc: Lyude drivers/platform/x86/thinkpad_acpi.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit a9a16a6d136593c9e6f72e481b2b86ae1d8d1fce Merge: d3ea547 1465f48 Author: Linus Torvalds Date: Thu Dec 15 12:24:14 2016 -0800 Merge tag 'iommu-updates-v4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu Pull IOMMU updates from Joerg Roedel: "These changes include: - support for the ACPI IORT table on ARM systems and patches to make the ARM-SMMU driver make use of it - conversion of the Exynos IOMMU driver to device dependency links and implementation of runtime pm support based on that conversion - update the Mediatek IOMMU driver to use the new struct device->iommu_fwspec member - implementation of dma_map/unmap_resource in the generic ARM dma-iommu layer - a number of smaller fixes and improvements all over the place" * tag 'iommu-updates-v4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu: (44 commits) ACPI/IORT: Make dma masks set-up IORT specific iommu/amd: Missing error code in amd_iommu_init_device() iommu/s390: Drop duplicate header pci.h ACPI/IORT: Introduce iort_iommu_configure ACPI/IORT: Add single mapping function ACPI/IORT: Replace rid map type with type mask iommu/arm-smmu: Add IORT configuration iommu/arm-smmu: Split probe functions into DT/generic portions iommu/arm-smmu-v3: Add IORT configuration iommu/arm-smmu-v3: Split probe functions into DT/generic portions ACPI/IORT: Add support for ARM SMMU platform devices creation ACPI/IORT: Add node match function ACPI: Implement acpi_dma_configure iommu/arm-smmu-v3: Convert struct device of_node to fwnode usage iommu/arm-smmu: Convert struct device of_node to fwnode usage iommu: Make of_iommu_set/get_ops() DT agnostic ACPI/IORT: Add support for IOMMU fwnode registration ACPI/IORT: Introduce linker section for IORT entries probing ACPI: Add FWNODE_ACPI_STATIC fwnode type iommu/arm-smmu: Set SMTNMB_TLBEN in ACR to enable caching of bypass entries ... commit d3ea547853852481dc5eba6d4cb13adab1564d0b Author: Linus Torvalds Date: Thu Dec 15 12:18:42 2016 -0800 rdma: fix buggy code that the compiler warns about Get rid of this warning: drivers/infiniband/sw/rdmavt/cq.c: In function ‘rvt_cq_exit’: drivers/infiniband/sw/rdmavt/cq.c:542:2: warning: ‘worker’ may be used uninitialized in this function [-Wmaybe-uninitialized] kthread_destroy_worker(worker); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ by fixing the function to actually work. Fixes: 6efaf10f163d ("IB/rdmavt: Avoid queuing work into a destroyed cq kthread worker") Cc: Petr Mladek Cc: Doug Ledford Signed-off-by: Linus Torvalds drivers/infiniband/sw/rdmavt/cq.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 8a19e7fa085e22519f2b069406f82ae24d3f3c93 Author: Rex Zhu Date: Wed Dec 7 19:11:49 2016 +0800 drm/amdgpu: refine set clock gating for tonga/polaris Signed-off-by: Rex Zhu Reviewed-by: Alex Deucher Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c | 165 +++++++++++++++++++++++++--------- drivers/gpu/drm/amd/amdgpu/vi.c | 155 ++++++++++++++++++++++---------- 2 files changed, 230 insertions(+), 90 deletions(-) commit ca18b84986ccde80fe3ba6c2aed4408b25c0da8c Author: Rex Zhu Date: Wed Dec 7 18:22:38 2016 +0800 drm/amdgpu: initialize cg flags for tonga/polaris10/polaris11. Signed-off-by: Rex Zhu Reviewed-by: Alex Deucher Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/vi.c | 52 ++++++++++++++++++++++++++++++++++++++--- 1 file changed, 49 insertions(+), 3 deletions(-) commit 398d82ccbd8b97e67d2503f09345de5d63a80c56 Author: Rex Zhu Date: Fri Dec 9 13:27:27 2016 +0800 drm/amdgpu: add new gfx cg flags. Signed-off-by: Rex Zhu Reviewed-by: Alex Deucher Signed-off-by: Alex Deucher drivers/gpu/drm/amd/include/amd_shared.h | 4 ++++ 1 file changed, 4 insertions(+) commit ad1830d504d85233392215c9966e5876b99c481e Author: Rex Zhu Date: Wed Dec 7 17:55:50 2016 +0800 drm/amdgpu: fix pg can't be disabled by PG mask. Signed-off-by: Rex Zhu Reviewed-by: Alex Deucher Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) commit c4d17b81244d23e7727f0bf68f0f63905e871a73 Author: Rex Zhu Date: Wed Dec 7 17:54:57 2016 +0800 drm/amdgpu: always initialize gfx pg for gfx_v8.0. v2: always init gfx pg for asics that can support. Signed-off-by: Rex Zhu Reviewed-by: Alex Deucher Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c | 71 ++++++++++++++++------------------- 1 file changed, 32 insertions(+), 39 deletions(-) commit 98fccc78bc29e35f7204f5f6cf7f0a923e335222 Author: Rex Zhu Date: Wed Dec 7 17:48:48 2016 +0800 drm/amdgpu: enable AMD_PG_SUPPORT_CP in Carrizo/Stoney. Signed-off-by: Rex Zhu Reviewed-by: Alex Deucher Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/vi.c | 2 ++ 1 file changed, 2 insertions(+) commit 202e0b227b906cb80a2791f21216a55d9468d61b Author: Rex Zhu Date: Wed Dec 7 17:44:20 2016 +0800 drm/amdgpu: fix init save/restore list in gfx_v8.0 set valid data to mmRLC_SRM_INDEX_CNTL_ADDRx/DATAx. Signed-off-by: Rex Zhu Reviewed-by: Alex Deucher Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) commit eb584241226958d45aa1f07f4f6a6ea9da98b29e Author: Rex Zhu Date: Wed Dec 7 17:22:25 2016 +0800 drm/amdgpu: fix enable_cp_power_gating in gfx_v8.0. the CP_PG_DISABLE bit was reversed. Signed-off-by: Rex Zhu Reviewed-by: Alex Deucher Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 54971406b7731efd5dbe0b1ccc42dfbd8af1f3b2 Author: Rex Zhu Date: Wed Dec 7 16:06:38 2016 +0800 drm/amdgpu: disable uvd pg on Tonga. it does not work with GPU pass through if the VM is not cleanly shutdown leading to a hang when the modules is reloaded. Signed-off-by: Rex Zhu Reviewed-by: Alex Deucher Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org drivers/gpu/drm/amd/amdgpu/vi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 4d5b57e05a67c3cfd8e2b2a64ca356245a15b1c6 Merge: 6df8b74 6f94ba2 Author: Linus Torvalds Date: Thu Dec 15 12:03:32 2016 -0800 Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma Pull rdma updates from Doug Ledford: "This is the complete update for the rdma stack for this release cycle. Most of it is typical driver and core updates, but there is the entirely new VMWare pvrdma driver. You may have noticed that there were changes in DaveM's pull request to the bnxt Ethernet driver to support a RoCE RDMA driver. The bnxt_re driver was tentatively set to be pulled in this release cycle, but it simply wasn't ready in time and was dropped (a few review comments still to address, and some multi-arch build issues like prefetch() not working across all arches). Summary: - shared mlx5 updates with net stack (will drop out on merge if Dave's tree has already been merged) - driver updates: cxgb4, hfi1, hns-roce, i40iw, mlx4, mlx5, qedr, rxe - debug cleanups - new connection rejection helpers - SRP updates - various misc fixes - new paravirt driver from vmware" * tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dledford/rdma: (210 commits) IB: Add vmw_pvrdma driver IB/mlx4: fix improper return value IB/ocrdma: fix bad initialization infiniband: nes: return value of skb_linearize should be handled MAINTAINERS: Update Intel RDMA RNIC driver maintainers MAINTAINERS: Remove Mitesh Ahuja from emulex maintainers IB/core: fix unmap_sg argument qede: fix general protection fault may occur on probe IB/mthca: Replace pci_pool_alloc by pci_pool_zalloc mlx5, calc_sq_size(): Make a debug message more informative mlx5: Remove a set-but-not-used variable mlx5: Use { } instead of { 0 } to init struct IB/srp: Make writing the add_target sysfs attr interruptible IB/srp: Make mapping failures easier to debug IB/srp: Make login failures easier to debug IB/srp: Introduce a local variable in srp_add_one() IB/srp: Fix CONFIG_DYNAMIC_DEBUG=n build IB/multicast: Check ib_find_pkey() return value IPoIB: Avoid reading an uninitialized member variable IB/mad: Fix an array index check ... commit 6df8b74b1720db1133ace0861cb6721bfe57819a Merge: 57d64e6 61eb3a0 Author: Linus Torvalds Date: Thu Dec 15 11:49:41 2016 -0800 Merge tag 'devicetree-for-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux Pull DeviceTree updates from Rob Herring: - add various vendor prefixes. - fix NUMA node handling when "numa=off" is passed on kernel command line. - coding style Clean-up of overlay handling code. - DocBook fixes in DT platform driver code - Altera SoCFPGA binding addtions for freeze bridge, arria10 FPGA manager and FPGA bridges. - a couple of printk message fixes. * tag 'devicetree-for-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/robh/linux: (33 commits) dt: pwm: bcm2835: fix typo in clocks property name devicetree: add vendor prefix for National Instruments Revert "of: base: add support to get machine model name" of: Fix issue where code would fall through to error case. drivers/of: fix missing pr_cont()s in of_print_phandle_args devicetree: bindings: Add vendor prefix for Oki devicetree: bindings: Add vendor prefix for Andes Technology Corporation dt-bindings: add MYIR Tech hardware vendor prefix add bindings document for altera freeze bridge ARM: socfpga: add bindings doc for arria10 fpga manager ARM: socfpga: add bindings document for fpga bridge drivers of: base: add support to get machine model name of/platform: clarify of_find_device_by_node refcounting of/platform: fix of_platform_device_destroy comment of: Remove unused variable overlay_symbols of: Move setting of pointer to beside test for non-null of: Add back an error message, restructured of: Update comments to reflect changes and increase clarity of: Remove redundant size check of: Update structure of code to be clearer, also remove BUG_ON() ... commit 57d64e6f5fac7b47dd03487f5f2670a7f0c67335 Merge: 19c75bc d09f008 Author: Linus Torvalds Date: Thu Dec 15 11:45:13 2016 -0800 Merge tag 'pwm/for-4.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/thierry.reding/linux-pwm Pull pwm updates from Thierry Reding: "This is a very tiny pull request, with just a new driver for HiSilicon BVT SoCs and a cleanup for the Amlogic Meson driver. There are other patches on the list, but my timing was really bad this time and I ended up not having the time to look at them in enough detail to be comfortable merging them" * tag 'pwm/for-4.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/thierry.reding/linux-pwm: pwm: Add PWM driver for HiSilicon BVT SOCs pwm: meson: Remove unneeded platform MODULE_ALIAS commit 19c75bcbe0113cbbf05e4d89e0502a23358bfca9 Merge: ee84595 18e615a Author: Linus Torvalds Date: Thu Dec 15 11:41:37 2016 -0800 Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 Pull crypto fixes from Herbert Xu: "This fixes the following issues: - a crash regression in the new skcipher walker - incorrect return value in public_key_verify_signature - fix for in-place signing in the sign-file utility" * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: crypto: skcipher - fix crash in virtual walk sign-file: Fix inplace signing when src and dst names are both specified crypto: asymmetric_keys - set error code on failure commit d40fc181ebec6b1d560e2167208276baa4f3bbf0 Author: Joe Stringer Date: Wed Dec 14 14:43:38 2016 -0800 samples/bpf: Make samples more libbpf-centric Switch all of the sample code to use the function names from tools/lib/bpf so that they're consistent with that, and to declare their own log buffers. This allow the next commit to be purely devoted to getting rid of the duplicate library in samples/bpf. Committer notes: Testing it: On a fedora rawhide container, with clang/llvm 3.9, sharing the host linux kernel git tree: # make O=/tmp/build/linux/ headers_install # make O=/tmp/build/linux -C samples/bpf/ Since I forgot to make it privileged, just tested it outside the container, using what it generated: # uname -a Linux jouet 4.9.0-rc8+ #1 SMP Mon Dec 12 11:20:49 BRT 2016 x86_64 x86_64 x86_64 GNU/Linux # cd /var/lib/docker/devicemapper/mnt/c43e09a53ff56c86a07baf79847f00e2cc2a17a1e2220e1adbf8cbc62734feda/rootfs/tmp/build/linux/samples/bpf/ # ls -la offwaketime -rwxr-xr-x. 1 root root 24200 Dec 15 12:19 offwaketime # file offwaketime offwaketime: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 2.6.32, BuildID[sha1]=c940d3f127d5e66cdd680e42d885cb0b64f8a0e4, not stripped # readelf -SW offwaketime_kern.o | grep PROGBITS [ 2] .text PROGBITS 0000000000000000 000040 000000 00 AX 0 0 4 [ 3] kprobe/try_to_wake_up PROGBITS 0000000000000000 000040 0000d8 00 AX 0 0 8 [ 5] tracepoint/sched/sched_switch PROGBITS 0000000000000000 000118 000318 00 AX 0 0 8 [ 7] maps PROGBITS 0000000000000000 000430 000050 00 WA 0 0 4 [ 8] license PROGBITS 0000000000000000 000480 000004 00 WA 0 0 1 [ 9] version PROGBITS 0000000000000000 000484 000004 00 WA 0 0 4 # ./offwaketime | head -5 swapper/1;start_secondary;cpu_startup_entry;schedule_preempt_disabled;schedule;__schedule;-;---;; 106 CPU 0/KVM;entry_SYSCALL_64_fastpath;sys_ioctl;do_vfs_ioctl;kvm_vcpu_ioctl;kvm_arch_vcpu_ioctl_run;kvm_vcpu_block;schedule;__schedule;-;try_to_wake_up;swake_up_locked;swake_up;apic_timer_expired;apic_timer_fn;__hrtimer_run_queues;hrtimer_interrupt;local_apic_timer_interrupt;smp_apic_timer_interrupt;__irqentry_text_start;cpuidle_enter;call_cpuidle;cpu_startup_entry;start_secondary;;swapper/3 2 Compositor;entry_SYSCALL_64_fastpath;sys_futex;do_futex;futex_wait;futex_wait_queue_me;schedule;__schedule;-;try_to_wake_up;futex_requeue;do_futex;sys_futex;entry_SYSCALL_64_fastpath;;SoftwareVsyncTh 5 firefox;entry_SYSCALL_64_fastpath;sys_poll;do_sys_poll;poll_schedule_timeout;schedule_hrtimeout_range;schedule_hrtimeout_range_clock;schedule;__schedule;-;try_to_wake_up;pollwake;__wake_up_common;__wake_up_sync_key;pipe_write;__vfs_write;vfs_write;sys_write;entry_SYSCALL_64_fastpath;;Timer 13 JS Helper;entry_SYSCALL_64_fastpath;sys_futex;do_futex;futex_wait;futex_wait_queue_me;schedule;__schedule;-;try_to_wake_up;do_futex;sys_futex;entry_SYSCALL_64_fastpath;;firefox 2 # Signed-off-by: Joe Stringer Tested-by: Arnaldo Carvalho de Melo Cc: Alexei Starovoitov Cc: Daniel Borkmann Cc: Wang Nan Cc: netdev@vger.kernel.org Link: http://lkml.kernel.org/r/20161214224342.12858-2-joe@ovn.org Signed-off-by: Arnaldo Carvalho de Melo samples/bpf/bpf_load.c | 17 +++++++++--- samples/bpf/bpf_load.h | 3 +++ samples/bpf/fds_example.c | 9 ++++--- samples/bpf/lathist_user.c | 2 +- samples/bpf/libbpf.c | 23 ++++++++-------- samples/bpf/libbpf.h | 18 ++++++------- samples/bpf/lwt_len_hist_user.c | 6 +++-- samples/bpf/offwaketime_user.c | 8 +++--- samples/bpf/sampleip_user.c | 4 +-- samples/bpf/sock_example.c | 12 +++++---- samples/bpf/sockex1_user.c | 6 ++--- samples/bpf/sockex2_user.c | 4 +-- samples/bpf/sockex3_user.c | 4 +-- samples/bpf/spintest_user.c | 8 +++--- samples/bpf/tc_l2_redirect_user.c | 4 +-- samples/bpf/test_cgrp2_array_pin.c | 4 +-- samples/bpf/test_cgrp2_attach.c | 11 +++++--- samples/bpf/test_cgrp2_attach2.c | 7 +++-- samples/bpf/test_cgrp2_sock.c | 6 +++-- samples/bpf/test_current_task_under_cgroup_user.c | 8 +++--- samples/bpf/test_lru_dist.c | 32 +++++++++++------------ samples/bpf/test_probe_write_user_user.c | 2 +- samples/bpf/trace_event_user.c | 14 +++++----- samples/bpf/trace_output_user.c | 2 +- samples/bpf/tracex2_user.c | 10 +++---- samples/bpf/tracex3_user.c | 4 +-- samples/bpf/tracex4_user.c | 4 +-- samples/bpf/tracex6_user.c | 2 +- samples/bpf/xdp1_user.c | 2 +- samples/bpf/xdp_tx_iptunnel_user.c | 6 ++--- 30 files changed, 133 insertions(+), 109 deletions(-) commit a5580c7f7a6d078696458d283df5d6547ad1c740 Author: Joe Stringer Date: Thu Dec 8 18:46:16 2016 -0800 tools lib bpf: Add flags to bpf_create_map() Commit 6c905981743 ("bpf: pre-allocate hash map elements") introduces map_flags to bpf_attr for BPF_MAP_CREATE command. Expose this new parameter in libbpf. By exposing it, users can access flags such as whether or not to preallocate the map. Signed-off-by: Joe Stringer Acked-by: Wang Nan Cc: Alexei Starovoitov Cc: Daniel Borkmann Link: http://lkml.kernel.org/r/20161209024620.31660-4-joe@ovn.org [ Added clarifying comment made by Wang Nan ] Signed-off-by: Arnaldo Carvalho de Melo tools/lib/bpf/bpf.c | 3 ++- tools/lib/bpf/bpf.h | 2 +- tools/lib/bpf/libbpf.c | 3 ++- 3 files changed, 5 insertions(+), 3 deletions(-) commit 83d994d02bf4594d6bfa9b2b67befb6cff7f9380 Author: Joe Stringer Date: Thu Dec 8 18:46:15 2016 -0800 tools lib bpf: use __u32 from linux/types.h Fixes the following issue when building without access to 'u32' type: ./tools/lib/bpf/bpf.h:27:23: error: unknown type name ‘u32’ Signed-off-by: Joe Stringer Acked-by: Wang Nan Cc: Alexei Starovoitov Cc: Daniel Borkmann Link: http://lkml.kernel.org/r/20161209024620.31660-3-joe@ovn.org Signed-off-by: Arnaldo Carvalho de Melo tools/lib/bpf/bpf.c | 4 ++-- tools/lib/bpf/bpf.h | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) commit 0cb34dc2a37290f4069c5b01735c9725dc0a1b5c Author: Joe Stringer Date: Thu Dec 8 18:46:14 2016 -0800 tools lib bpf: Sync {tools,}/include/uapi/linux/bpf.h The tools version of this header is out of date; update it to the latest version from the kernel headers. Signed-off-by: Joe Stringer Acked-by: Wang Nan Cc: Alexei Starovoitov Cc: Daniel Borkmann Link: http://lkml.kernel.org/r/20161209024620.31660-2-joe@ovn.org [ Sync it harder, after merging with what was in net-next via perf/urgent via torvalds/master to get BPG_PROG_(AT|DE)TACH, etc ] Signed-off-by: Arnaldo Carvalho de Melo tools/include/uapi/linux/bpf.h | 593 +++++++++++++++++++++++++---------------- 1 file changed, 364 insertions(+), 229 deletions(-) commit e216874cc1946d28084fa90e495e02725a29e25f Author: Ravi Bangoria Date: Mon Dec 5 21:26:47 2016 +0530 perf annotate: Fix jump target outside of function address range If jump target is outside of function range, perf is not handling it correctly. Especially when target address is lesser than function start address, target offset will be negative. But, target address declared to be unsigned, converts negative number into 2's complement. See below example. Here target of 'jumpq' instruction at 34cf8 is 34ac0 which is lesser than function start address(34cf0). 34ac0 - 34cf0 = -0x230 = 0xfffffffffffffdd0 Objdump output: 0000000000034cf0 <__sigaction>: __GI___sigaction(): 34cf0: lea -0x20(%rdi),%eax 34cf3: cmp -bashx1,%eax 34cf6: jbe 34d00 <__sigaction+0x10> 34cf8: jmpq 34ac0 <__GI___libc_sigaction> 34cfd: nopl (%rax) 34d00: mov 0x386161(%rip),%rax # 3bae68 <_DYNAMIC+0x2e8> 34d07: movl -bashx16,%fs:(%rax) 34d0e: mov -bashxffffffff,%eax 34d13: retq perf annotate before applying patch: __GI___sigaction /usr/lib64/libc-2.22.so lea -0x20(%rdi),%eax cmp -bashx1,%eax v jbe 10 v jmpq fffffffffffffdd0 nop 10: mov _DYNAMIC+0x2e8,%rax movl -bashx16,%fs:(%rax) mov -bashxffffffff,%eax retq perf annotate after applying patch: __GI___sigaction /usr/lib64/libc-2.22.so lea -0x20(%rdi),%eax cmp -bashx1,%eax v jbe 10 ^ jmpq 34ac0 <__GI___libc_sigaction> nop 10: mov _DYNAMIC+0x2e8,%rax movl -bashx16,%fs:(%rax) mov -bashxffffffff,%eax retq Signed-off-by: Ravi Bangoria Cc: Alexander Shishkin Cc: Chris Riyder Cc: Kim Phillips Cc: Markus Trippelsdorf Cc: Masami Hiramatsu Cc: Naveen N. Rao Cc: Peter Zijlstra Cc: Taeung Song Cc: linuxppc-dev@lists.ozlabs.org Link: http://lkml.kernel.org/r/1480953407-7605-3-git-send-email-ravi.bangoria@linux.vnet.ibm.com Signed-off-by: Arnaldo Carvalho de Melo tools/perf/ui/browsers/annotate.c | 5 +++-- tools/perf/util/annotate.c | 14 +++++++++----- tools/perf/util/annotate.h | 5 +++-- 3 files changed, 15 insertions(+), 9 deletions(-) commit 3ee2eb6da20db1edad31070da38996e8e0f8adfa Author: Ravi Bangoria Date: Mon Dec 5 21:26:46 2016 +0530 perf annotate: Support jump instruction with target as second operand Architectures like PowerPC have jump instructions that includes a target address as a second operand. For example, 'bne cr7,0xc0000000000f6154'. Add support for such instruction in perf annotate. objdump o/p: c0000000000f6140: ld r9,1032(r31) c0000000000f6144: cmpdi cr7,r9,0 c0000000000f6148: bne cr7,0xc0000000000f6154 c0000000000f614c: ld r9,2312(r30) c0000000000f6150: std r9,1032(r31) c0000000000f6154: ld r9,88(r31) Corresponding perf annotate o/p: Before patch: ld r9,1032(r31) cmpdi cr7,r9,0 v bne 3ffffffffff09f2c ld r9,2312(r30) std r9,1032(r31) 74: ld r9,88(r31) After patch: ld r9,1032(r31) cmpdi cr7,r9,0 v bne 74 ld r9,2312(r30) std r9,1032(r31) 74: ld r9,88(r31) Signed-off-by: Ravi Bangoria Cc: Alexander Shishkin Cc: Chris Riyder Cc: Kim Phillips Cc: Markus Trippelsdorf Cc: Masami Hiramatsu Cc: Naveen N. Rao Cc: Peter Zijlstra Cc: Taeung Song Cc: linuxppc-dev@lists.ozlabs.org Link: http://lkml.kernel.org/r/1480953407-7605-2-git-send-email-ravi.bangoria@linux.vnet.ibm.com Signed-off-by: Arnaldo Carvalho de Melo tools/perf/util/annotate.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) commit 23dc4f1586159470aac707caae526824dd077e25 Author: Jiri Olsa Date: Mon Dec 12 11:35:43 2016 +0100 perf record: Force ignore_missing_thread for uid option Enable perf_evsel::ignore_missing_thread for -u option to ignore complete failure if any of the user's processes die between its enumeration and time we open the event. Committer notes: While doing a 'make -j4 allmodconfig' we sometimes get into the race: Before: # perf record -u acme Error: The sys_perf_event_open() syscall returned with 3 (No such process) for event (cycles:ppp). /bin/dmesg may provide additional information. No CONFIG_PERF_EVENTS=y kernel support configured? # After: [root@jouet ~]# perf record -u acme WARNING: Ignored open failure for pid 9888 WARNING: Ignored open failure for pid 18059 [root@jouet ~]# Which is an improvement, with the races not preventing the remaining threads for the specified user from being monitored, but the message probably needs further clarification. Signed-off-by: Jiri Olsa Tested-by: Arnaldo Carvalho de Melo Cc: David Ahern Cc: Namhyung Kim Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/1481538943-21874-6-git-send-email-jolsa@kernel.org Signed-off-by: Arnaldo Carvalho de Melo tools/perf/builtin-record.c | 3 +++ 1 file changed, 3 insertions(+) commit a359c17a7e1a9c99384499cf7b43d80867080789 Author: Jiri Olsa Date: Tue Dec 13 08:46:22 2016 +0100 perf evsel: Allow to ignore missing pid Adding perf_evsel::ignore_missing_cpu_thread bool. When set true, it allows perf to ignore error of missing pid of perf event syscall. We remove missing thread id from the thread_map, so the rest of the processing like ioctl and mmap won't get disturbed with -1 fd. The reason for supporting this is to ease up monitoring group of pids, that 'disappear' before perf opens their event. This currently leads perf to report error and exit and makes perf record's -u option unusable under certain setup. With this change we will allow this race and ignore such failure with following warning: WARNING: Ignored open failure for pid 8605 Signed-off-by: Jiri Olsa Cc: David Ahern Cc: Jiri Olsa Cc: Namhyung Kim Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/20161213074622.GA3084@krava Signed-off-by: Arnaldo Carvalho de Melo tools/perf/perf.h | 1 + tools/perf/util/evsel.c | 44 ++++++++++++++++++++++++++++++++++++++++++++ tools/perf/util/evsel.h | 1 + 3 files changed, 46 insertions(+) commit 38af91f01de0e160c17ae380acb5bab5d51066f4 Author: Jiri Olsa Date: Mon Dec 12 11:35:41 2016 +0100 perf thread_map: Add thread_map__remove function Add thread_map__remove function to remove thread from thread map. Add automated test also. Committer notes: Testing it: # perf test "Remove thread map" 39: Remove thread map : Ok # perf test -v "Remove thread map" 39: Remove thread map : --- start --- test child forked, pid 4483 2 threads: 4482, 4483 1 thread: 4483 0 thread: test child finished with 0 ---- end ---- Remove thread map: Ok # Signed-off-by: Jiri Olsa Tested-by: Arnaldo Carvalho de Melo Cc: David Ahern Cc: Namhyung Kim Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/1481538943-21874-4-git-send-email-jolsa@kernel.org [ Added stdlib.h, to get the free() declaration ] Signed-off-by: Arnaldo Carvalho de Melo tools/perf/tests/builtin-test.c | 4 ++++ tools/perf/tests/tests.h | 1 + tools/perf/tests/thread-map.c | 44 +++++++++++++++++++++++++++++++++++++++++ tools/perf/util/thread_map.c | 22 +++++++++++++++++++++ tools/perf/util/thread_map.h | 1 + 5 files changed, 72 insertions(+) commit 83c2e4f3968d6871eed295f2f5675d3d70b01afa Author: Jiri Olsa Date: Mon Dec 12 11:35:40 2016 +0100 perf evsel: Use variable instead of repeating lengthy FD macro It's more readable and will ease up following patches. Signed-off-by: Jiri Olsa Cc: David Ahern Cc: Namhyung Kim Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/1481538943-21874-3-git-send-email-jolsa@kernel.org Signed-off-by: Arnaldo Carvalho de Melo tools/perf/util/evsel.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) commit 631ac41b46d293fb3ee43a809776c1663de8d9c6 Author: Jiri Olsa Date: Mon Dec 12 11:35:39 2016 +0100 perf mem: Fix --all-user/--all-kernel options Removing extra '--' prefix. Signed-off-by: Jiri Olsa Cc: David Ahern Cc: Namhyung Kim Cc: Peter Zijlstra Fixes: ad16511b0e40 ("perf mem: Add -U/-K (--all-user/--all-kernel) options") Link: http://lkml.kernel.org/r/1481538943-21874-2-git-send-email-jolsa@kernel.org Signed-off-by: Arnaldo Carvalho de Melo tools/perf/builtin-mem.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 7e6a79981b7a797b37b1dbeca3fd6ae1cb6d881f Author: Arnaldo Carvalho de Melo Date: Mon Dec 12 10:52:10 2016 -0300 perf tools: Remove some needless __maybe_unused I.e. those parameters/functions _are_ used, so ditch that misleading attribute. Cc: Adrian Hunter Cc: David Ahern Cc: Jiri Olsa Cc: Namhyung Kim Cc: Wang Nan Link: http://lkml.kernel.org/n/tip-13cqtjh0yojg5gzvpq1zzpl0@git.kernel.org Signed-off-by: Arnaldo Carvalho de Melo tools/perf/builtin-c2c.c | 13 ++++++------- tools/perf/builtin-report.c | 2 +- tools/perf/builtin-stat.c | 6 +++--- 3 files changed, 10 insertions(+), 11 deletions(-) commit ba957ebb54893acaf3dc846031073a63f021cee1 Author: Namhyung Kim Date: Thu Dec 8 23:47:55 2016 +0900 perf sched timehist: Show callchains for idle stat When --idle-hist option is used with --summary, it now shows idle stats with callchains like below: Idle stats by callchain: CPU 0: 902.195 msec Idle time (msec) Count Callchains ---------------- ------- -------------------------------------------------- 370.589 69 futex_wait_queue_me <- futex_wait <- do_futex <- sys_futex <- entry_SYSCALL_64_fastpath 178.799 17 worker_thread <- kthread <- ret_from_fork 128.352 17 schedule_timeout <- rcu_gp_kthread <- kthread <- ret_from_fork 125.111 19 schedule_hrtimeout_range_clock <- schedule_hrtimeout_range <- poll_schedule_timeout <- do_select <- core_sys_select 71.599 50 schedule_hrtimeout_range_clock <- schedule_hrtimeout_range <- poll_schedule_timeout <- do_sys_poll <- sys_poll 23.146 1 rcu_gp_kthread <- kthread <- ret_from_fork 4.510 1 schedule_hrtimeout_range_clock <- schedule_hrtimeout_range <- ep_poll <- sys_epoll_wait <- do_syscall_64 0.085 1 schedule_hrtimeout_range_clock <- schedule_hrtimeout_range <- poll_schedule_timeout <- do_sys_poll <- do_restart_poll ... Committer notes: Extra testing: # uname -a Linux jouet 4.8.8-300.fc25.x86_64 #1 SMP Tue Nov 15 18:10:06 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux 1) Run 'perf sched record -g' 2) Run 'perf sched timehist --idle --summary' Idle stats by callchain: CPU 0: 13456.840 msec Idle time (msec) Count Callchains ---------------- ----- -------------------------------------------------- 5386.637 3283 schedule_hrtimeout_range_clock <- schedule_hrtimeout_range <- poll_schedule_timeout <- do_sys_poll <- sys_poll 2750.238 2299 futex_wait_queue_me <- futex_wait <- do_futex <- sys_futex <- do_syscall_64 1275.672 1287 schedule_hrtimeout_range_clock <- schedule_hrtimeout_range <- ep_poll <- sys_epoll_wait <- entry_SYSCALL_64_fastpath 936.322 452 worker_thread <- kthread <- ret_from_fork 741.311 385 rcu_nocb_kthread <- kthread <- ret_from_fork 729.385 248 schedule_hrtimeout_range_clock <- schedule_hrtimeout_range <- poll_schedule_timeout <- do_sys_poll <- sys_ppoll 365.386 229 irq_thread <- kthread <- ret_from_fork 338.934 265 futex_wait_queue_me <- futex_wait <- do_futex <- sys_futex <- entry_SYSCALL_64_fastpath 219.488 201 schedule_timeout <- rcu_gp_kthread <- kthread <- ret_from_fork 186.839 410 schedule_hrtimeout_range_clock <- schedule_hrtimeout_range <- ep_poll <- sys_epoll_wait <- do_syscall_64 142.541 59 kvm_vcpu_block <- kvm_arch_vcpu_ioctl_run <- kvm_vcpu_ioctl <- do_vfs_ioctl <- sys_ioctl 83.887 92 smpboot_thread_fn <- kthread <- ret_from_fork 62.722 96 do_exit <- do_group_exit <- 0x2a5594 <- entry_SYSCALL_64_fastpath 47.894 83 pipe_wait <- pipe_read <- __vfs_read <- vfs_read <- sys_read 46.554 61 rcu_gp_kthread <- kthread <- ret_from_fork 34.337 21 schedule_timeout <- intel_fbc_work_fn <- process_one_work <- worker_thread <- kthread 29.521 14 schedule_hrtimeout_range_clock <- schedule_hrtimeout_range <- poll_schedule_timeout <- do_select <- core_sys_select 20.274 10 schedule_timeout <- io_schedule_timeout <- bit_wait_io <- __wait_on_bit <- out_of_line_wait_on_bit 15.085 55 schedule_timeout <- unix_stream_read_generic <- unix_stream_recvmsg <- sock_recvmsg <- SYSC_recvfrom Signed-off-by: Namhyung Kim Tested-by: Arnaldo Carvalho de Melo Acked-by: David Ahern Cc: Andi Kleen Cc: Jiri Olsa Cc: Minchan Kim Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/20161208144755.16673-7-namhyung@kernel.org Signed-off-by: Arnaldo Carvalho de Melo tools/perf/builtin-sched.c | 86 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 86 insertions(+) commit 07235f84ece6b66f43334881806aad3467cf3d84 Author: Namhyung Kim Date: Thu Dec 8 23:47:54 2016 +0900 perf sched timehist: Add -I/--idle-hist option The --idle-hist option is to analyze system idle state so which process makes cpu to go idle. If this option is specified, non-idle events will be skipped and processes switching to/from idle will be shown. This option is mostly useful when used with --summary(-only) option. In the idle-time summary view, idle time is accounted to previous thread which is run before idle task. The example output looks like following: Idle-time summary comm parent sched-out idle-time min-idle avg-idle max-idle stddev migrations (count) (msec) (msec) (msec) (msec) % -------------------------------------------------------------------------------------------- rcu_preempt[7] 2 95 550.872 0.011 5.798 23.146 7.63 0 migration/1[16] 2 1 15.558 15.558 15.558 15.558 0.00 0 khugepaged[39] 2 1 3.062 3.062 3.062 3.062 0.00 0 kworker/0:1H[124] 2 2 4.728 0.611 2.364 4.116 74.12 0 systemd-journal[167] 1 1 4.510 4.510 4.510 4.510 0.00 0 kworker/u16:3[558] 2 13 74.737 0.080 5.749 12.960 21.96 0 irq/34-iwlwifi[628] 2 21 118.403 0.032 5.638 23.990 24.00 0 kworker/u17:0[673] 2 1 3.523 3.523 3.523 3.523 0.00 0 dbus-daemon[722] 1 1 6.743 6.743 6.743 6.743 0.00 0 ifplugd[741] 1 1 58.826 58.826 58.826 58.826 0.00 0 wpa_supplicant[1490] 1 1 13.302 13.302 13.302 13.302 0.00 0 wpa_actiond[1492] 1 2 4.064 0.168 2.032 3.896 91.72 0 dockerd[1500] 1 1 0.055 0.055 0.055 0.055 0.00 0 ... Signed-off-by: Namhyung Kim Tested-by: Arnaldo Carvalho de Melo Acked-by: David Ahern Cc: Andi Kleen Cc: Jiri Olsa Cc: Minchan Kim Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/20161208144755.16673-6-namhyung@kernel.org Link: http://lkml.kernel.org/r/20161213080632.19099-2-namhyung@kernel.org [ Merged fix sent by Namhyumg, as posted in the second Link: tag ] Signed-off-by: Arnaldo Carvalho de Melo tools/perf/Documentation/perf-sched.txt | 4 +++ tools/perf/builtin-sched.c | 46 +++++++++++++++++++++++++++++---- 2 files changed, 45 insertions(+), 5 deletions(-) commit a4b2b6f56e0cfe729cf89318d44b6a875b31d95a Author: Namhyung Kim Date: Thu Dec 8 23:47:53 2016 +0900 perf sched timehist: Skip non-idle events when necessary Sometimes it only focuses on idle-related events like upcoming idle-hist feature. In this case we don't want to see other event to reduce noise. Signed-off-by: Namhyung Kim Acked-by: David Ahern Cc: Andi Kleen Cc: Jiri Olsa Cc: Minchan Kim Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/20161208144755.16673-5-namhyung@kernel.org Signed-off-by: Arnaldo Carvalho de Melo tools/perf/builtin-sched.c | 25 ++++++++++++++++++------- 1 file changed, 18 insertions(+), 7 deletions(-) commit 699b5b920db04a6ff5c03a519e4c182aeb350952 Author: Namhyung Kim Date: Thu Dec 8 23:47:52 2016 +0900 perf sched timehist: Save callchain when entering idle In order to investigate the idleness reason, it is necessary to keep the callchains when entering idle. This can be identified by the sched:sched_switch event having the next_pid field as 0. Signed-off-by: Namhyung Kim Acked-by: David Ahern Cc: Andi Kleen Cc: Jiri Olsa Cc: Minchan Kim Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/20161208144755.16673-4-namhyung@kernel.org Link: http://lkml.kernel.org/r/20161213080632.19099-1-namhyung@kernel.org [ Merged fix from Namhyung, see second Link: tag ] Signed-off-by: Arnaldo Carvalho de Melo tools/perf/builtin-sched.c | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) commit 3bc2fa9cb829ccf6527e7117d9af769d93ee6d39 Author: Namhyung Kim Date: Thu Dec 8 23:47:51 2016 +0900 perf sched timehist: Introduce struct idle_time_data The struct idle_time_data is to keep idle stats with callchains entering to the idle task. The normal thread_runtime calculation is done transparently since it extends the struct thread_runtime. Signed-off-by: Namhyung Kim Acked-by: David Ahern Cc: Andi Kleen Cc: Jiri Olsa Cc: Minchan Kim Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/20161208144755.16673-3-namhyung@kernel.org [ Align struct field names ] Signed-off-by: Arnaldo Carvalho de Melo tools/perf/builtin-sched.c | 37 +++++++++++++++++++++++++++++++++---- 1 file changed, 33 insertions(+), 4 deletions(-) commit 96039c7c52e03b7d6dd773664e74b79e3ae9856a Author: Namhyung Kim Date: Thu Dec 8 23:47:50 2016 +0900 perf sched timehist: Split is_idle_sample() The is_idle_sample() function actually does more than determining whether sample come from idle task. Split the callchain part into save_task_callchain() to make it clearer. Also checking prev_pid from trace data looks preferred than just checking sample->pid since it's possible, although rare, to have invalid 0 pid/tid on scheduling an exiting task. Signed-off-by: Namhyung Kim Acked-by: David Ahern Cc: Andi Kleen Cc: Jiri Olsa Cc: Minchan Kim Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/20161208144755.16673-2-namhyung@kernel.org [ Remove some needless () in some return statements ] Signed-off-by: Arnaldo Carvalho de Melo tools/perf/builtin-sched.c | 39 ++++++++++++++++++++------------------- 1 file changed, 20 insertions(+), 19 deletions(-) commit aeafd623f866c429307e3a4a39998f5f06b4f00e Author: Jiri Olsa Date: Tue Dec 6 14:18:51 2016 +0100 perf tools: Move headers check into bash script To make it nicer and easily maintainable. Also moving the check into fixdep sub make, so its output is not scattered around the build output. Removing extra $$ from mman*.h checks. Signed-off-by: Jiri Olsa Tested-by: Arnaldo Carvalho de Melo Cc: David Ahern Cc: Namhyung Kim Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/1481030331-31944-5-git-send-email-jolsa@kernel.org [ Use /bin/sh, and 'function check() {' -> 'check () {' to make it work with busybox, in Alpine Linux, for instance ] Signed-off-by: Arnaldo Carvalho de Melo tools/perf/Makefile.perf | 94 +-------------------------------------------- tools/perf/check-headers.sh | 59 ++++++++++++++++++++++++++++ 2 files changed, 60 insertions(+), 93 deletions(-) commit ee84595a91c60d33cbf1d5b941b04a3ee6cf7ce0 Author: David Howells Date: Thu Dec 15 13:59:50 2016 +0000 afs, rxrpc: Update the MAINTAINERS file Update the MAINTAINERS file for AFS and AF_RXRPC to include a website pointer. Signed-off-by: David Howells Signed-off-by: Linus Torvalds MAINTAINERS | 1 + 1 file changed, 1 insertion(+) commit b9a0deb96b8b5a7e896da183974ba6feb727f14a Author: Matthew Wilcox Date: Wed Dec 7 14:44:33 2016 -0800 redo: radix tree test suite: fix compilation [ This resurrects commit 53855d10f456, which was reverted in 2b41226b39b6. It depended on commit d544abd5ff7d ("lib/radix-tree: Convert to hotplug state machine") so now it is correct to apply ] Patch "lib/radix-tree: Convert to hotplug state machine" breaks the test suite as it adds a call to cpuhp_setup_state_nocalls() which is not currently emulated in the test suite. Add it, and delete the emulation of the old CPU hotplug mechanism. Link: http://lkml.kernel.org/r/1480369871-5271-36-git-send-email-mawilcox@linuxonhyperv.com Signed-off-by: Matthew Wilcox Tested-by: Kirill A. Shutemov Cc: Konstantin Khlebnikov Cc: Ross Zwisler Cc: Matthew Wilcox Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds lib/radix-tree.c | 1 - tools/testing/radix-tree/linux/cpu.h | 22 +--------------------- tools/testing/radix-tree/linux/notifier.h | 8 -------- 3 files changed, 1 insertion(+), 30 deletions(-) commit 8fa9a697ab083af0f4a2807869752685ed8a7a6a Author: Geert Uytterhoeven Date: Thu Dec 15 13:53:58 2016 +0100 printk: Remove no longer used second struct cont If CONFIG_PRINTK=n: kernel/printk/printk.c:1893: warning: ‘cont’ defined but not used Note that there are actually two different struct cont definitions and objects: the first one is used if CONFIG_PRINTK=y, the second one became unused by removing console_cont_flush(). Fixes: 5c2992ee7fd8 ("printk: remove console flushing special cases for partial buffered lines") Signed-off-by: Geert Uytterhoeven Acked-by: Petr Mladek [ I do the occasional "allnoconfig" builds, but apparently not often enough - Linus ] Signed-off-by: Linus Torvalds kernel/printk/printk.c | 6 ------ 1 file changed, 6 deletions(-) commit 30b507051dd1f79bbedce79cb37dc0ef31f5fb6c Author: Max Filippov Date: Wed Jul 13 19:21:57 2016 +0300 xtensa: update DMA-related Documentation/features entries xtensa supports DMA API debug and contiguous DMA, mark it as such. Signed-off-by: Max Filippov Documentation/features/io/dma-api-debug/arch-support.txt | 2 +- Documentation/features/io/dma-contiguous/arch-support.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) commit 644b213ccced83495eb54dd48764f7e963bcc1c0 Author: Max Filippov Date: Fri Nov 4 14:44:22 2016 -0700 xtensa: configure shared DMA pool reservation in kc705 DTS Add example 64MByte long reservation in the first 512MBytes of physical memory used as shared DMA pool. Signed-off-by: Max Filippov arch/xtensa/boot/dts/kc705.dts | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) commit 9d2ffe5c62554f2795859bb661eb138759eee980 Author: Max Filippov Date: Mon Apr 25 22:08:52 2016 +0300 xtensa: enable HAVE_DMA_CONTIGUOUS Enable HAVE_DMA_CONTIGUOUS, reserve contiguous memory at bootmem_init, use dma_alloc_from_contiguous and dma_release_from_contiguous in xtensa_dma_alloc/free. This allows for big contiguous DMA buffer allocation from designated area configured in the device tree. Signed-off-by: Max Filippov arch/xtensa/Kconfig | 1 + arch/xtensa/include/asm/Kbuild | 1 + arch/xtensa/kernel/pci-dma.c | 21 +++++++++++++++++---- arch/xtensa/mm/init.c | 2 ++ 4 files changed, 21 insertions(+), 4 deletions(-) commit 512f09801b356c54baef62543e51169f03b2e642 Author: Boris Ostrovsky Date: Thu Dec 15 10:00:57 2016 -0500 cpu/hotplug: Clarify description of __cpuhp_setup_state() return value When invoked with CPUHP_AP_ONLINE_DYN state __cpuhp_setup_state() is expected to return positive value which is the hotplug state that the routine assigns. Signed-off-by: Boris Ostrovsky Cc: linux-pm@vger.kernel.org Cc: viresh.kumar@linaro.org Cc: bigeasy@linutronix.de Cc: rjw@rjwysocki.net Cc: xen-devel@lists.xenproject.org Link: http://lkml.kernel.org/r/1481814058-4799-2-git-send-email-boris.ostrovsky@oracle.com Signed-off-by: Thomas Gleixner kernel/cpu.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) commit d0905ca757bc40bd1ebc261a448a521b064777d7 Author: Andy Grover Date: Mon Nov 21 16:35:30 2016 -0800 target/user: Fix use-after-free of tcmu_cmds if they are expired Don't free the cmd in tcmu_check_expired_cmd, it's still referenced by an entry in our cmd_id->cmd idr. If userspace ever resumes processing, tcmu_handle_completions() will use the now-invalid cmd pointer. Instead, don't free cmd. It will be freed by tcmu_handle_completion() if userspace ever recovers, or tcmu_free_device if not. Cc: stable@vger.kernel.org Reported-by: Bryant G Ly Tested-by: Bryant G Ly Signed-off-by: Andy Grover Signed-off-by: Bart Van Assche drivers/target/target_core_user.c | 2 -- 1 file changed, 2 deletions(-) commit 83781d180b219bd079ae72b341ee3f21fb236e97 Author: Yi Sun Date: Wed Dec 14 10:42:29 2016 +0800 KVM: x86: Expose Intel AVX512IFMA/AVX512VBMI/SHA features to guest. Expose AVX512IFMA/AVX512VBMI/SHA features to guest. AVX512 spec can be found at: https://software.intel.com/sites/default/files/managed/26/40/319433-026.pdf SHA spec can be found at: https://software.intel.com/sites/default/files/managed/39/c5/325462-sdm-vol-1-2abcd-3abcd.pdf This patch depends on below patch. http://marc.info/?l=linux-kernel&m=147932800828178&w=2 Signed-off-by: Yi Sun Signed-off-by: Paolo Bonzini arch/x86/kvm/cpuid.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) commit 37b9a671f346a184c4e381b32ee465cf7d248ae8 Author: GanShun Date: Wed Nov 30 10:28:19 2016 -0800 kvm: nVMX: Correct a VMX instruction error code for VMPTRLD When the operand passed to VMPTRLD matches the address of the VMXON region, the VMX instruction error code should be VMXERR_VMPTRLD_VMXON_POINTER rather than VMXERR_VMCLEAR_VMXON_POINTER. Signed-off-by: GanShun Signed-off-by: Jim Mattson Signed-off-by: Paolo Bonzini arch/x86/kvm/vmx.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 5372e155a28f56122eb10db56d4130f481a89cd7 Author: Kirill A. Shutemov Date: Thu Dec 15 02:44:03 2016 +0300 x86/mm: Drop unused argument 'removed' from sync_global_pgds() Since commit af2cf278ef4f ("x86/mm/hotplug: Don't remove PGD entries in remove_pagetable()") there are no callers of sync_global_pgds() which set the 'removed' argument to 1. Remove the argument and the related conditionals in the function. Signed-off-by: Kirill A. Shutemov Cc: Andy Lutomirski Link: http://lkml.kernel.org/r/20161214234403.137556-1-kirill.shutemov@linux.intel.com Signed-off-by: Thomas Gleixner arch/x86/include/asm/pgtable_64.h | 3 +-- arch/x86/mm/fault.c | 2 +- arch/x86/mm/init_64.c | 24 +++++++----------------- 3 files changed, 9 insertions(+), 20 deletions(-) commit c2b36129ce53a22b89dd2b88db33e7ffdefe0f41 Author: Colin Ian King Date: Fri Dec 9 14:17:47 2016 +0000 ASoC: topology: kfree kcontrol->private_value before freeing kcontrol kcontrol->private_value is being kfree'd after kcontrol has been freed (in previous call to snd_ctl_remove). Instead, fix this by kfreeing the private_value before kcontrol. CoverityScan CID#1388311 "Read from pointer after free" Fixes: eea3dd4f1247a ("ASoC: topology: Only free TLV for volume mixers of a widget") Signed-off-by: Colin Ian King Signed-off-by: Mark Brown sound/soc/soc-topology.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit c0af52437254fda8b0cdbaae5a9b6d9327f1fcd5 Author: Guilherme G. Piccoli Date: Wed Dec 14 16:01:12 2016 -0200 genirq/affinity: Fix node generation from cpumask Commit 34c3d9819fda ("genirq/affinity: Provide smarter irq spreading infrastructure") introduced a better IRQ spreading mechanism, taking account of the available NUMA nodes in the machine. Problem is that the algorithm of retrieving the nodemask iterates "linearly" based on the number of online nodes - some architectures present non-linear node distribution among the nodemask, like PowerPC. If this is the case, the algorithm lead to a wrong node count number and therefore to a bad/incomplete IRQ affinity distribution. For example, this problem were found in a machine with 128 CPUs and two nodes, namely nodes 0 and 8 (instead of 0 and 1, if it was linearly distributed). This led to a wrong affinity distribution which then led to a bad mq allocation for nvme driver. Finally, we take the opportunity to fix a comment regarding the affinity distribution when we have _more_ nodes than vectors. Fixes: 34c3d9819fda ("genirq/affinity: Provide smarter irq spreading infrastructure") Reported-by: Gabriel Krisman Bertazi Signed-off-by: Guilherme G. Piccoli Reviewed-by: Christoph Hellwig Reviewed-by: Gabriel Krisman Bertazi Reviewed-by: Gavin Shan Cc: linux-pci@vger.kernel.org Cc: linuxppc-dev@lists.ozlabs.org Cc: hch@lst.de Link: http://lkml.kernel.org/r/1481738472-2671-1-git-send-email-gpiccoli@linux.vnet.ibm.com Signed-off-by: Thomas Gleixner kernel/irq/affinity.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit c1a9eeb938b5433947e5ea22f89baff3182e7075 Author: Thomas Gleixner Date: Thu Dec 15 12:10:37 2016 +0100 tick/broadcast: Prevent NULL pointer dereference When a disfunctional timer, e.g. dummy timer, is installed, the tick core tries to setup the broadcast timer. If no broadcast device is installed, the kernel crashes with a NULL pointer dereference in tick_broadcast_setup_oneshot() because the function has no sanity check. Reported-by: Mason Signed-off-by: Thomas Gleixner Cc: Mark Rutland Cc: Anna-Maria Gleixner Cc: Richard Cochran Cc: Sebastian Andrzej Siewior Cc: Daniel Lezcano Cc: Peter Zijlstra , Cc: Sebastian Frias Cc: Thibaud Cornic Cc: Robin Murphy Link: http://lkml.kernel.org/r/1147ef90-7877-e4d2-bb2b-5c4fa8d3144b@free.fr kernel/time/tick-broadcast.c | 3 +++ 1 file changed, 3 insertions(+) commit 9bf11ecce5a2758e5a097c2f3a13d08552d0d6f9 Author: Thomas Gleixner Date: Thu Dec 15 12:01:05 2016 +0100 clocksource/dummy_timer: Move hotplug callback after the real timers When the dummy timer callback is invoked before the real timer callbacks, then it tries to install that timer for the starting CPU. If the platform does not have a broadcast timer installed the installation fails with a kernel crash. The crash happens due to a unconditional deference of the non available broadcast device. This needs to be fixed in the timer core code. But even when this is fixed in the core code then installing the dummy timer before the real timers is a pointless exercise. Move it to the end of the callback list. Fixes: 00c1d17aab51 ("clocksource/dummy_timer: Convert to hotplug state machine") Reported-and-tested-by: Mason Signed-off-by: Thomas Gleixner Cc: Mark Rutland Cc: Anna-Maria Gleixner Cc: Richard Cochran Cc: Sebastian Andrzej Siewior Cc: Daniel Lezcano Cc: Peter Zijlstra , Cc: Sebastian Frias Cc: Thibaud Cornic Cc: Robin Murphy Link: http://lkml.kernel.org/r/1147ef90-7877-e4d2-bb2b-5c4fa8d3144b@free.fr include/linux/cpuhotplug.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 0ea617a298dcdc2251b4e10f83ac3f3e627b66e3 Author: Colin Ian King Date: Thu Dec 8 13:05:43 2016 +0000 ASoC: rsnd: don't double free kctrl On an error, snd_ctl_add already free's kctrl, so calling snd_ctl_free_one to free it again leads to a double free error. Fix this by removing the extraneous snd_ctl_free_one call. Issue found using static analysis with CoverityScan, CID 1372908 Signed-off-by: Colin Ian King Acked-by: Kuninori Morimoto Signed-off-by: Mark Brown sound/soc/sh/rcar/core.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) commit 4838a0def07f5611347860b1fc0129c3fe77cc02 Author: Yazen Ghannam Date: Thu Dec 1 14:24:53 2016 -0600 EDAC: Document HW_EVENT_ERR_DEFERRED type Add a description of the HW_EVENT_ERR_DEFERRED type that wasn't included with commit d12a969ebbfc ("EDAC, amd64: Add Deferred Error type"). Signed-off-by: Yazen Ghannam Acked-by: Borislav Petkov Signed-off-by: Mauro Carvalho Chehab include/linux/edac.h | 6 ++++++ 1 file changed, 6 insertions(+) commit 6b1fb6f7037221981fb2cf1822c31b5fba1b9c22 Author: Mauro Carvalho Chehab Date: Sat Oct 29 16:13:23 2016 -0200 edac.rst: move concepts dictionary from edac.h Instead of storing the concepts dictionary inside header file, move it to the subsystem documentation. Signed-off-by: Mauro Carvalho Chehab Documentation/driver-api/edac.rst | 106 +++++++++++++++++++++++++++++++++++++ include/linux/edac.h | 108 -------------------------------------- 2 files changed, 106 insertions(+), 108 deletions(-) commit e002075819d987dec3bf9fa3ca98ad19fa86ae0f Author: Mauro Carvalho Chehab Date: Fri Oct 28 15:04:52 2016 -0200 edac: fix kenel-doc markups at edac.h As this file was never added to the driver-api, the kernel-doc markups there were never tested. Some of them have issues. Fix them. Signed-off-by: Mauro Carvalho Chehab include/linux/edac.h | 38 +++++++++++++++++++++++--------------- 1 file changed, 23 insertions(+), 15 deletions(-) commit 66c222a02fadfd7cc62c754c12379d6bb08eaf77 Author: Mauro Carvalho Chehab Date: Sat Oct 29 10:35:23 2016 -0200 edac: fix kernel-doc tags at the drivers/edac_*.h Some kernel-doc tags don't provide good descriptions or use a different style. Adjust them. Signed-off-by: Mauro Carvalho Chehab Documentation/admin-guide/ras.rst | 2 +- drivers/edac/edac_mc.h | 55 +++++++++++++++++++++++++-------------- 2 files changed, 36 insertions(+), 21 deletions(-) commit b73bbad352a50fb2d8dd42241b534a3dace03b49 Author: Mauro Carvalho Chehab Date: Thu Oct 27 06:35:16 2016 -0200 edac: adjust docs location at MAINTAINERS and 00-INDEX Update MAINTAINERS to reflect the location of edac.rst and ras.rst. In the case of 00-INDEX, there's already an entry to the admin-guide, so all we need to do is to remove the entry there. Signed-off-by: Mauro Carvalho Chehab Documentation/00-INDEX | 2 -- MAINTAINERS | 3 ++- 2 files changed, 2 insertions(+), 3 deletions(-) commit 6634fbb6b6356e6f5b428a349952b368b25d514d Author: Mauro Carvalho Chehab Date: Wed Oct 26 14:14:45 2016 -0200 driver-api: create an edac.rst file with EDAC documentation Currently, there's no device driver documentation for the EDAC subsystem at the driver-api book. Fill in the blanks for the structures and functions that misses documentation, uniform the word on the existing ones, and add a new edac.rst file at driver-api, in order to document the EDAC subsystem. Signed-off-by: Mauro Carvalho Chehab Documentation/driver-api/edac.rst | 72 ++++++++++++++++++++++++++++++++++++++ Documentation/driver-api/index.rst | 1 + drivers/edac/edac_mc.h | 2 -- 3 files changed, 73 insertions(+), 2 deletions(-) commit e01aa14cf2e7ff6d39614f8087800d08ba1629b2 Author: Mauro Carvalho Chehab Date: Wed Oct 26 15:47:55 2016 -0200 edac: move documentation from edac_mc.c to edac_core.h Several functions are documented at edac_mc.c. As we'll be including edac_core.h at drivers-api book, move those, in order for the kernel-doc markups be part of the API documentation book. Signed-off-by: Mauro Carvalho Chehab drivers/edac/edac_mc.c | 82 --------------------------------------- drivers/edac/edac_mc.h | 101 +++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 101 insertions(+), 82 deletions(-) commit fdaf0b3505f330b8a56ddec4e904049be998d6d1 Author: Mauro Carvalho Chehab Date: Wed Oct 26 16:13:43 2016 -0200 edac: move documentation from edac_pci*.c to edac_pci.h Several functions are documented at edac_pci.c and edac_pci_sysfs.c. As we'll be including edac_pci.h at drivers-api book, move those, in order for the kernel-doc markups be part of the API documentation book. As several of those kernel-doc macros are not in the right format, fix them. Signed-off-by: Mauro Carvalho Chehab drivers/edac/edac_pci.c | 65 ---------------------------- drivers/edac/edac_pci.h | 98 +++++++++++++++++++++++++++++++++++++++++++ drivers/edac/edac_pci_sysfs.c | 11 ----- 3 files changed, 98 insertions(+), 76 deletions(-) commit 5336f75499bbb293910b3502b3c4a4f9ab9ff078 Author: Mauro Carvalho Chehab Date: Wed Oct 26 16:01:47 2016 -0200 edac: move documentation from edac_device to edac_core.h Several functions are documented at edac_device.c. As we'll be including edac_core.h at drivers-api book, move those, in order for the kernel-doc markups be part of the API documentation book. As several of those kernel-doc macros are not in the right format, fix them. Signed-off-by: Mauro Carvalho Chehab drivers/edac/edac_device.c | 58 ---------------------------------------------- drivers/edac/edac_device.h | 51 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 51 insertions(+), 58 deletions(-) commit 78d88e8a3d738f1ce508cd24b525d2e6cdfda1c1 Author: Mauro Carvalho Chehab Date: Sat Oct 29 15:16:34 2016 -0200 edac: rename edac_core.h to edac_mc.h Now, all left at edac_core.h are at drivers/edac/edac_mc.c, so rename it to edac_mc.h. Signed-off-by: Mauro Carvalho Chehab drivers/edac/altera_edac.c | 1 - drivers/edac/amd64_edac.h | 2 +- drivers/edac/amd76x_edac.c | 2 +- drivers/edac/amd8111_edac.c | 1 - drivers/edac/amd8131_edac.c | 1 - drivers/edac/cell_edac.c | 2 +- drivers/edac/cpc925_edac.c | 1 - drivers/edac/e752x_edac.c | 2 +- drivers/edac/e7xxx_edac.c | 2 +- drivers/edac/edac_core.h | 134 ---------------------------------------- drivers/edac/edac_mc.c | 2 +- drivers/edac/edac_mc.h | 131 +++++++++++++++++++++++++++++++++++++++ drivers/edac/edac_mc_sysfs.c | 2 +- drivers/edac/edac_module.c | 2 +- drivers/edac/edac_module.h | 4 +- drivers/edac/fsl_ddr_edac.c | 1 - drivers/edac/ghes_edac.c | 2 +- drivers/edac/highbank_l2_edac.c | 1 - drivers/edac/highbank_mc_edac.c | 1 - drivers/edac/i3000_edac.c | 2 +- drivers/edac/i3200_edac.c | 2 +- drivers/edac/i5000_edac.c | 2 +- drivers/edac/i5100_edac.c | 1 - drivers/edac/i5400_edac.c | 2 +- drivers/edac/i7300_edac.c | 2 +- drivers/edac/i7core_edac.c | 2 +- drivers/edac/i82443bxgx_edac.c | 2 +- drivers/edac/i82860_edac.c | 2 +- drivers/edac/i82875p_edac.c | 2 +- drivers/edac/i82975x_edac.c | 2 +- drivers/edac/ie31200_edac.c | 2 +- drivers/edac/layerscape_edac.c | 2 +- drivers/edac/mpc85xx_edac.c | 1 - drivers/edac/mv64x60_edac.c | 1 - drivers/edac/octeon_edac-l2c.c | 1 - drivers/edac/octeon_edac-lmc.c | 1 - drivers/edac/octeon_edac-pc.c | 1 - drivers/edac/octeon_edac-pci.c | 1 - drivers/edac/pasemi_edac.c | 2 +- drivers/edac/ppc4xx_edac.c | 2 +- drivers/edac/r82600_edac.c | 2 +- drivers/edac/sb_edac.c | 2 +- drivers/edac/skx_edac.c | 2 +- drivers/edac/synopsys_edac.c | 2 +- drivers/edac/tile_edac.c | 2 +- drivers/edac/x38_edac.c | 2 +- drivers/edac/xgene_edac.c | 1 - 47 files changed, 163 insertions(+), 179 deletions(-) commit 6d8ef2472410c8ab004729a71ec829a224699a08 Author: Mauro Carvalho Chehab Date: Sat Oct 29 10:01:41 2016 -0200 edac: move EDAC device definitions to drivers/edac/edac_device.h The edac_core.h header contain data structures and function definitions for both EDAC MC and EDAC device. Let's move the devices ones to a separate header file, as part of a header reorganization. Signed-off-by: Mauro Carvalho Chehab drivers/edac/edac_core.h | 238 +--------------------------------- drivers/edac/edac_device.c | 21 ++- drivers/edac/edac_device.h | 269 +++++++++++++++++++++++++++++++++++++++ drivers/edac/edac_device_sysfs.c | 4 +- 4 files changed, 281 insertions(+), 251 deletions(-) commit 0b892c717714334890ea179a2dc1941a223e446f Author: Mauro Carvalho Chehab Date: Sat Oct 29 09:56:00 2016 -0200 edac: move EDAC PCI definitions to drivers/edac/edac_pci.h The edac_core.h header contain data structures and function definitions for the 3 parts of EDAC: MC, PCI and device. Let's move the PCI ones to a separate header file, as part of a header reorganization. Signed-off-by: Mauro Carvalho Chehab drivers/edac/edac_core.h | 145 +---------------------------------- drivers/edac/edac_pci.c | 19 ++--- drivers/edac/edac_pci.h | 173 ++++++++++++++++++++++++++++++++++++++++++ drivers/edac/edac_pci_sysfs.c | 2 +- include/linux/edac.h | 2 + 5 files changed, 185 insertions(+), 156 deletions(-) commit fd77f6ba7b3ae5f02f8d4d706df6534ae9722dce Author: Mauro Carvalho Chehab Date: Wed Oct 26 16:24:41 2016 -0200 docs-rst: admin-guide: add documentation for EDAC EDAC is part of the Kernel's RAS facilities, with is useful for system admins to detect errors. So, add it to the admin's guide. Signed-off-by: Mauro Carvalho Chehab Documentation/admin-guide/index.rst | 1 + Documentation/admin-guide/ras.rst | 1190 +++++++++++++++++++++++++++++++++++ Documentation/edac.txt | 1190 ----------------------------------- 3 files changed, 1191 insertions(+), 1190 deletions(-) commit 9c058d24ccb36d91650a84d9cbc27409f769d9a9 Author: Mauro Carvalho Chehab Date: Thu Oct 27 09:26:36 2016 -0200 edac.txt: Improve documentation, adding RAS introduction The edac.txt assumes that the reader has already deep knowledge on RAS features. However, this may not be the case. So, add an introduction chapter explaining the main concepts that are used by the EDAC subsystem and by other RAS drivers within the Kernel. Signed-off-by: Mauro Carvalho Chehab Documentation/edac.txt | 287 ++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 248 insertions(+), 39 deletions(-) commit e4b5301674c0d2d866de767f02a44bc322af8d7f Author: Mauro Carvalho Chehab Date: Wed Oct 26 08:43:58 2016 -0200 edac.txt: update information about newer Intel CPUs There's a chapter at edac.rst written by the time Nehalem support was added. Such information is used not only by the Nehalem driver (i7core_edac), but by all newer Intel CPU architectures that are supported by i7core_edac, sb_edac and sbx_edac drivers. Update the information to reflect that. Signed-off-by: Mauro Carvalho Chehab Documentation/edac.txt | 44 +++++++++++++++++++++++++++++--------------- 1 file changed, 29 insertions(+), 15 deletions(-) commit 96714bd7078fecc91631596c3ca4ddd0fd3ecde6 Author: Mauro Carvalho Chehab Date: Wed Oct 26 08:19:57 2016 -0200 edac.txt: remove info that the Nehalem EDAC is experimental This driver has been there for almost 3 years, without any conceptual changes. So, it is not experimental anymore, and won't likely have any changes at the API or on log outputs. Signed-off-by: Mauro Carvalho Chehab Documentation/edac.txt | 4 ---- 1 file changed, 4 deletions(-) commit b27a2d04feb6969e74942378d5012d84877d3544 Author: Mauro Carvalho Chehab Date: Wed Oct 26 08:14:12 2016 -0200 edac.txt: convert EDAC documentation to ReST Converts the EDAC driver subsystem documentation to ReST: - Put paragraph titles in lower case; - Add code blocks where needed; - Convert tables to ReST markup; - Mark filesystem and module names as verbatim; - Adjust document to be properly displayed in html. Signed-off-by: Mauro Carvalho Chehab Documentation/edac.txt | 551 ++++++++++++++++++++++++++----------------------- 1 file changed, 295 insertions(+), 256 deletions(-) commit 032d0ab743ff8ee340d5fc2a00c833dfe74c49e4 Author: Mauro Carvalho Chehab Date: Thu Oct 27 10:00:46 2016 -0200 edac.txt: add a section explaining the dimmX and rankX directories Documentation for those are missing at the EDAC description. I guess we end by moving such descriptions in the past to the ABI document (or only added it there), but it means that the EDAC documentation is incomplete. So, add it there. Signed-off-by: Mauro Carvalho Chehab Documentation/edac.txt | 120 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 120 insertions(+) commit 723061753724009a6e3cbec9deba7860dba2df99 Author: Mauro Carvalho Chehab Date: Wed Oct 26 16:15:02 2016 -0200 edac: edac_core.h: remove prototype for edac_pci_reset_delay_period() This function doesn't exist. So, remove its prototype. Signed-off-by: Mauro Carvalho Chehab drivers/edac/edac_core.h | 3 --- 1 file changed, 3 deletions(-) commit a2c223b5ed64d7a0266cf1a3e0b2726647a98ed8 Author: Mauro Carvalho Chehab Date: Wed Oct 26 15:25:23 2016 -0200 edac: edac_core.h: get rid of unused kobj_complete This element of struct edac_pci_ctl_info is never used. So, get rid of it. Signed-off-by: Mauro Carvalho Chehab drivers/edac/edac_core.h | 1 - 1 file changed, 1 deletion(-) commit 5bae156241e05d25171b18ee43e49f103c3f8097 Author: Thomas Gleixner Date: Tue Dec 13 13:14:17 2016 +0000 x86/tsc: Force TSC_ADJUST register to value >= zero Roland reported that his DELL T5810 sports a value add BIOS which completely wreckages the TSC. The squirmware [(TM) Ingo Molnar] boots with random negative TSC_ADJUST values, different on all CPUs. That renders the TSC useless because the sycnchronization check fails. Roland tested the new TSC_ADJUST mechanism. While it manages to readjust the TSCs he needs to disable the TSC deadline timer, otherwise the machine just stops booting. Deeper investigation unearthed that the TSC deadline timer is sensitive to the TSC_ADJUST value. Writing TSC_ADJUST to a negative value results in an interrupt storm caused by the TSC deadline timer. This does not make any sense and it's hard to imagine what kind of hardware wreckage is behind that misfeature, but it's reliably reproducible on other systems which have TSC_ADJUST and TSC deadline timer. While it would be understandable that a big enough negative value which moves the resulting TSC readout into the negative space could have the described effect, this happens even with a adjust value of -1, which keeps the TSC readout definitely in the positive space. The compare register for the TSC deadline timer is set to a positive value larger than the TSC, but despite not having reached the deadline the interrupt is raised immediately. If this happens on the boot CPU, then the machine dies silently because this setup happens before the NMI watchdog is armed. Further experiments showed that any other adjustment of TSC_ADJUST works as expected as long as it stays in the positive range. The direction of the adjustment has no influence either. See the lkml link for further analysis. Yet another proof for the theory that timers are designed by janitors and the underlying (obviously undocumented) mechanisms which allow BIOSes to wreckage them are considered a feature. Well done Intel - NOT! To address this wreckage add the following sanity measures: - If the TSC_ADJUST value on the boot cpu is not 0, set it to 0 - If the TSC_ADJUST value on any cpu is negative, set it to 0 - Prevent the cross package synchronization mechanism from setting negative TSC_ADJUST values. Reported-and-tested-by: Roland Scheidegger Signed-off-by: Thomas Gleixner Cc: Bruce Schlobohm Cc: Kevin Stanton Cc: Peter Zijlstra Cc: Allen Hung Cc: Borislav Petkov Link: http://lkml.kernel.org/r/20161213131211.397588033@linutronix.de Signed-off-by: Thomas Gleixner arch/x86/include/asm/tsc.h | 4 ++-- arch/x86/kernel/tsc.c | 2 +- arch/x86/kernel/tsc_sync.c | 55 ++++++++++++++++++++++++++++++++-------------- 3 files changed, 42 insertions(+), 19 deletions(-) commit 6a369583178d0b89c2c3919c4456ee22fee0f249 Author: Thomas Gleixner Date: Tue Dec 13 13:14:17 2016 +0000 x86/tsc: Validate TSC_ADJUST after resume Some 'feature' BIOSes fiddle with the TSC_ADJUST register during suspend/resume which renders the TSC unusable. Add sanity checks into the resume path and restore the original value if it was adjusted. Reported-and-tested-by: Roland Scheidegger Signed-off-by: Thomas Gleixner Cc: Bruce Schlobohm Cc: Kevin Stanton Cc: Peter Zijlstra Cc: Allen Hung Cc: Borislav Petkov Link: http://lkml.kernel.org/r/20161213131211.317654500@linutronix.de Signed-off-by: Thomas Gleixner arch/x86/include/asm/tsc.h | 4 ++-- arch/x86/kernel/process.c | 2 +- arch/x86/kernel/tsc.c | 6 ++++++ arch/x86/kernel/tsc_sync.c | 6 +++--- arch/x86/power/cpu.c | 1 + 5 files changed, 13 insertions(+), 6 deletions(-) commit 65390ea01ce678379da32b01f39fcfac4903f256 Merge: e7aa8c2 d183e4e Author: Mauro Carvalho Chehab Date: Thu Dec 15 08:38:35 2016 -0200 Merge branch 'patchwork' into v4l_for_linus * patchwork: (496 commits) [media] v4l: tvp5150: Add missing break in set control handler [media] v4l: tvp5150: Don't inline the tvp5150_selmux() function [media] v4l: tvp5150: Compile tvp5150_link_setup out if !CONFIG_MEDIA_CONTROLLER [media] em28xx: don't store usb_device at struct em28xx [media] em28xx: use usb_interface for dev_foo() calls [media] em28xx: don't change the device's name [media] mn88472: fix chip id check on probe [media] mn88473: fix chip id check on probe [media] lirc: fix error paths in lirc_cdev_add() [media] s5p-mfc: Add support for MFC v8 available in Exynos 5433 SoCs [media] s5p-mfc: Rework clock handling [media] s5p-mfc: Don't keep clock prepared all the time [media] s5p-mfc: Kill all IS_ERR_OR_NULL in clocks management code [media] s5p-mfc: Remove dead conditional code [media] s5p-mfc: Ensure that clock is disabled before turning power off [media] s5p-mfc: Remove special clock rate management [media] s5p-mfc: Use printk_ratelimited for reporting ioctl errors [media] s5p-mfc: Set DMA_ATTR_ALLOC_SINGLE_PAGES [media] vivid: Set color_enc on HSV formats [media] v4l2-tpg: Init hv_enc field with a valid value ... commit aec03f89e905dca9ce4b061e03ee1da3a3eb3432 Author: Boris Ostrovsky Date: Mon Dec 12 23:18:29 2016 -0500 ACPI/NUMA: Do not map pxm to node when NUMA is turned off acpi_map_pxm_to_node() unconditially maps nodes even when NUMA is turned off. So acpi_get_node() might return a node > 0, which is fatal when NUMA is disabled as the rest of the kernel assumes that only node 0 exists. Expose numa_off to the acpi code and return NUMA_NO_NODE when it's set. Signed-off-by: Boris Ostrovsky Cc: fenghua.yu@intel.com Cc: tony.luck@intel.com Cc: linux-ia64@vger.kernel.org Cc: catalin.marinas@arm.com Cc: rjw@rjwysocki.net Cc: will.deacon@arm.com Cc: linux-acpi@vger.kernel.org Cc: linux-arm-kernel@lists.infradead.org Cc: lenb@kernel.org Link: http://lkml.kernel.org/r/1481602709-18260-1-git-send-email-boris.ostrovsky@oracle.com Signed-off-by: Thomas Gleixner arch/arm64/include/asm/numa.h | 2 ++ arch/arm64/mm/numa.c | 2 +- arch/ia64/include/asm/numa.h | 2 ++ arch/x86/mm/numa.c | 2 +- drivers/acpi/numa.c | 2 +- 5 files changed, 7 insertions(+), 3 deletions(-) commit 4370a3ef39f3d07342a1ae9967701bd697c8d9df Author: Boris Ostrovsky Date: Mon Dec 12 14:29:52 2016 -0500 x86/acpi: Use proper macro for invalid node Use NUMA_NO_NODE instead of -1. Signed-off-by: Boris Ostrovsky Cc: len.brown@intel.com Cc: rjw@rjwysocki.net Cc: linux-acpi@vger.kernel.org Cc: pavel@ucw.cz Link: http://lkml.kernel.org/r/1481570993-13941-1-git-send-email-boris.ostrovsky@oracle.com Signed-off-by: Thomas Gleixner arch/x86/kernel/acpi/boot.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 427d77a32365d5f942d335248305a5c237baf63a Author: Thomas Gleixner Date: Tue Dec 13 19:32:28 2016 +0100 x86/smpboot: Prevent false positive out of bounds cpumask access warning prefill_possible_map() reinitializes the cpu_possible_map by setting the possible cpu bits and clearing all other bits up to NR_CPUS. This is technically always correct because cpu_possible_map is statically allocated and sized NR_CPUS. With CPUMASK_OFFSTACK and DEBUG_PER_CPU_MAPS enabled the bounds check of cpu masks happens on nr_cpu_ids. nr_cpu_ids is initialized to NR_CPUS and only limited after the set/clear bit loops have been executed. But if the system was booted with "nr_cpus=N" on the command line, where N is < NR_CPUS then nr_cpu_ids is limited in the parameter parsing function before prefill_possible_map() is invoked. As a consequence the cpumask bounds check triggers when clearing the bits past nr_cpu_ids. Add a helper which allows to reset cpu_possible_map w/o the bounds check and then set only the possible bits which are well inside bounds. Reported-by: Dmitry Safonov Cc: Rusty Russell Cc: 0x7f454c46@gmail.com Cc: Jan Beulich Link: http://lkml.kernel.org/r/alpine.DEB.2.20.1612131836050.3415@nanos Signed-off-by: Thomas Gleixner arch/x86/kernel/smpboot.c | 8 ++++---- include/linux/cpumask.h | 5 +++++ 2 files changed, 9 insertions(+), 4 deletions(-) commit a17d93ff3a950fefaea40e4a4bf3669b9137c533 Author: Ben Greear Date: Wed Dec 14 11:30:38 2016 -0800 mac80211: fix legacy and invalid rx-rate report This fixes obtaining the rate info via sta_set_sinfo when the rx rate is invalid (for instance, on IBSS interface that has received no frames from one of its peers). Also initialize rinfo->flags for legacy rates, to not rely on the whole sinfo being initialized to zero. Signed-off-by: Ben Greear Signed-off-by: Johannes Berg net/mac80211/sta_info.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) commit 374402a2a1dfbbee8ab1a5a32ec4887bf8c15d52 Author: Sachin Prabhu Date: Thu Dec 15 12:31:19 2016 +0530 cifs_get_root shouldn't use path with tree name When a server returns the optional flag SMB_SHARE_IS_IN_DFS in response to a tree connect, cifs_build_path_to_root() will return a pathname which includes the hostname. This causes problems with cifs_get_root() which separates each component and does a lookup for each component of the path which in this case will incorrectly include looking up the hostname component as a path component. We encountered a problem with dfs shares hosted by a Netapp. When connecting to nodes pointed to by the DFS share. The tree connect for these nodes return SMB_SHARE_IS_IN_DFS resulting failures in lookup in cifs_get_root(). RH bz: 1373153 The patch was tested against a Netapp simulator and by a user using an actual Netapp server. Signed-off-by: Sachin Prabhu Reported-by: Pierguido Lambri Reviewed-by: Jeff Layton Signed-off-by: Steve French fs/cifs/cifsfs.c | 2 +- fs/cifs/cifsproto.h | 3 ++- fs/cifs/connect.c | 3 ++- fs/cifs/dir.c | 4 ++-- 4 files changed, 7 insertions(+), 5 deletions(-) commit 395664439c4945e4827543e3ca80f7b74e1bf733 Author: Germano Percossi Date: Thu Dec 15 12:31:18 2016 +0530 Fix default behaviour for empty domains and add domainauto option With commit 2b149f119 many things have been fixed/introduced. However, the default behaviour for RawNTLMSSP authentication seems to be wrong in case the domain is not passed on the command line. The main points (see below) of the patch are: - It alignes behaviour with Windows clients - It fixes backward compatibility - It fixes UPN I compared this behavour with the one from a Windows 10 command line client. When no domains are specified on the command line, I traced the packets and observed that the client does send an empty domain to the server. In the linux kernel case, the empty domain is replaced by the primary domain communicated by the SMB server. This means that, if the credentials are valid against the local server but that server is part of a domain, then the kernel module will ask to authenticate against that domain and we will get LOGON failure. I compared the packet trace from the smbclient when no domain is passed and, in that case, a default domain from the client smb.conf is taken. Apparently, connection succeeds anyway, because when the domain passed is not valid (in my case WORKGROUP), then the local one is tried and authentication succeeds. I tried with any kind of invalid domain and the result was always a connection. So, trying to interpret what to do and picking a valid domain if none is passed, seems the wrong thing to do. To this end, a new option "domainauto" has been added in case the user wants a mechanism for guessing. Without this patch, backward compatibility also is broken. With kernel 3.10, the default auth mechanism was NTLM. One of our testing servers accepted NTLM and, because no domains are passed, authentication was local. Moving to RawNTLMSSP forced us to change our command line to add a fake domain to pass to prevent this mechanism to kick in. For the same reasons, UPN is broken because the domain is specified in the username. The SMB server will work out the domain from the UPN and authenticate against the right server. Without the patch, though, given the domain is empty, it gets replaced with another domain that could be the wrong one for the authentication. Signed-off-by: Germano Percossi Acked-by: Pavel Shilovsky Signed-off-by: Steve French fs/cifs/cifsencrypt.c | 14 +++++++++----- fs/cifs/cifsglob.h | 2 ++ fs/cifs/connect.c | 7 +++++++ 3 files changed, 18 insertions(+), 5 deletions(-) commit c6fc663e90e56fdcaa3ad62801cfa99f287b8bfc Author: Rasmus Villemoes Date: Wed Nov 30 23:40:32 2016 +0100 cifs: use %16phN for formatting md5 sum Passing a gazillion arguments takes a lot of code: add/remove: 0/0 grow/shrink: 0/2 up/down: 0/-253 (-253) Signed-off-by: Rasmus Villemoes Reviewed-by: Pavel Shilovsky Signed-off-by: Steve French fs/cifs/link.c | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) commit c4364f837caf618c2fdb51a2e132cf29dfd1fffa Merge: 1d0fd57 8f64fb1 ad5cb12 0b62fca Author: Al Viro Date: Thu Dec 15 01:07:29 2016 -0500 Merge branches 'work.namei', 'work.dcache' and 'work.iov_iter' into for-linus commit 5cc60aeedf315a7513f92e98314e86d515b986d1 Merge: 5c2992e 9807b77 Author: Linus Torvalds Date: Wed Dec 14 21:35:31 2016 -0800 Merge tag 'xfs-for-linus-4.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/dgc/linux-xfs Pull xfs updates from Dave Chinner: "There is quite a varied bunch of stuff in this update, and some of it you will have already merged through the ext4 tree which imported the dax-4.10-iomap-pmd topic branch from the XFS tree. There is also a new direct IO implementation that uses the iomap infrastructure. It's much simpler, faster, and has lower IO latency than the existing direct IO infrastructure. Summary: - DAX PMD faults via iomap infrastructure - Direct-io support in iomap infrastructure - removal of now-redundant XFS inode iolock, replaced with VFS i_rwsem - synchronisation with fixes and changes in userspace libxfs code - extent tree lookup helpers - lots of little corruption detection improvements to verifiers - optimised CRC calculations - faster buffer cache lookups - deprecation of barrier/nobarrier mount options - we always use REQ_FUA/REQ_FLUSH where appropriate for data integrity now - cleanups to speculative preallocation - miscellaneous minor bug fixes and cleanups" * tag 'xfs-for-linus-4.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/dgc/linux-xfs: (63 commits) xfs: nuke unused tracepoint definitions xfs: use GPF_NOFS when allocating btree cursors xfs: use xfs_vn_setattr_size to check on new size xfs: deprecate barrier/nobarrier mount option xfs: Always flush caches when integrity is required xfs: ignore leaf attr ichdr.count in verifier during log replay xfs: use rhashtable to track buffer cache xfs: optimise CRC updates xfs: make xfs btree stats less huge xfs: don't cap maximum dedupe request length xfs: don't allow di_size with high bit set xfs: error out if trying to add attrs and anextents > 0 xfs: don't crash if reading a directory results in an unexpected hole xfs: complain if we don't get nextents bmap records xfs: check for bogus values in btree block headers xfs: forbid AG btrees with level == 0 xfs: several xattr functions can be void xfs: handle cow fork in xfs_bmap_trace_exlist xfs: pass state not whichfork to trace_xfs_extlist xfs: Move AGI buffer type setting to xfs_read_agi ... commit 5c2992ee7fd8a29d04125dc0aa3522784c5fa5eb Author: Linus Torvalds Date: Tue Oct 25 11:27:31 2016 -0700 printk: remove console flushing special cases for partial buffered lines It actively hurts proper merging, and makes for a lot of special cases. There was a good(ish) reason for doing it originally, but it's getting too painful to maintain. And most of the original reasons for it are long gone. So instead of having special code to flush partial lines to the console (as opposed to the record buffers), do _all_ the console writing from the record buffer, and be done with it. If an oops happens (or some other synchronous event), we will flush the partial lines due to the oops printing activity, so this does not affect that. It does mean that if you have a completely hung machine, a partial preceding line may not have been printed out. That was some of the original reason for this complexity, in fact, back when we used to test for the historical i386 "halt" instruction problem by doing pr_info("Checking 'hlt' instruction... "); if (!boot_cpu_data.hlt_works_ok) { pr_cont("disabled\n"); return; } halt(); halt(); halt(); halt(); pr_cont("OK\n"); and that model no longer works (it the 'hlt' instruction kills the machine, the partial line won't have been flushed, so you won't even see it). Of course, that was also back in the days when people actually had textual console output rather than a graphical splash-screen at bootup. How times change.. Cc: Sergey Senozhatsky Cc: Joe Perches Cc: Steven Rostedt Tested-by: Petr Mladek Tested-by: Geert Uytterhoeven Tested-by: Mark Rutland Signed-off-by: Linus Torvalds kernel/printk/printk.c | 108 +++---------------------------------------------- 1 file changed, 5 insertions(+), 103 deletions(-) commit 5aa068ea4082b39eafc356c27c9ecd155b0895f6 Author: Linus Torvalds Date: Tue Oct 25 11:27:31 2016 -0700 printk: remove games with previous record flags The record logging code looks at the previous record flags in various ways, and they are all wrong. You can't use the previous record flags to determine anything about the next record, because they may simply not be related. In particular, the reason the previous record was a continuation record may well be exactly _because_ the new record was printed by a different process, which is why the previous record was flushed. So all those games are simply wrong, and make the code hard to understand (because the code fundamentally cdoes not make sense). So remove it. Signed-off-by: Linus Torvalds kernel/printk/printk.c | 109 +++++++++++-------------------------------------- 1 file changed, 24 insertions(+), 85 deletions(-) commit f83f12d660d11718d3eed9d979ee03e83aa55544 Author: Michael S. Tsirkin Date: Tue Dec 6 06:07:15 2016 +0200 vsock/virtio: fix src/dst cid format These fields are 64 bit, using le32_to_cpu and friends on these will not do the right thing. Fix this up. Cc: stable@vger.kernel.org Signed-off-by: Michael S. Tsirkin net/vmw_vsock/virtio_transport_common.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) commit 819483d806f4324b42a25f8dd760735ae659141c Author: Michael S. Tsirkin Date: Tue Dec 6 06:06:06 2016 +0200 vsock/virtio: mark an internal function static virtio_transport_alloc_pkt is only used locally, make it static. Signed-off-by: Michael S. Tsirkin net/vmw_vsock/virtio_transport_common.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 6c7efafdd5c1639084dd08ace82567e19a4032be Author: Michael S. Tsirkin Date: Tue Dec 6 06:03:34 2016 +0200 vsock/virtio: add a missing __le annotation guest cid is read from config space, therefore it's in little endian format and is treated as such, annotate it accordingly. Signed-off-by: Michael S. Tsirkin net/vmw_vsock/virtio_transport.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 72952cc0614b61650b2b13f57752a6dd82cbeae5 Author: Michael S. Tsirkin Date: Tue Dec 6 06:01:41 2016 +0200 vhost: add missing __user annotations Several vhost functions were missing __user annotations on pointers, causing sparse warnings. Fix this up. sparse also warns about vhost_process_iotlb_msg which is local and should be static. Fix that up as well. Signed-off-by: Michael S. Tsirkin drivers/vhost/vhost.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) commit 2f952c0105d14bd46bb6d6a3cc03ad789a381228 Author: Michael S. Tsirkin Date: Tue Dec 6 05:57:54 2016 +0200 vhost: make interval tree static inline vhost_umem_interval_tree is only used locally within vhost.c, mark it static. As some functions generated go unused, this triggers warnings unless we also mark it inline. Signed-off-by: Michael S. Tsirkin drivers/vhost/vhost.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 3373755a415c9c8024d26cf32fd812a8cdb82541 Author: Michael S. Tsirkin Date: Mon Dec 5 22:39:30 2016 +0200 drm/virtio: annotate virtio_gpu_queue_ctrl_buffer_locked virtio_gpu_queue_ctrl_buffer_locked is called with ctrlq.qlock taken, it releases and acquires this lock. This causes a sparse warning. Add appropriate annotations for sparse context checking. Signed-off-by: Michael S. Tsirkin drivers/gpu/drm/virtio/virtgpu_vq.c | 2 ++ 1 file changed, 2 insertions(+) commit f862e60f8d52dae33c9f72afc20fab691a89f0bd Author: Michael S. Tsirkin Date: Mon Dec 5 22:36:56 2016 +0200 drm/virtio: fix lock context imbalance When virtio_gpu_free_vbufs exits due to list empty, it does not drop the free_vbufs lock that it took. list empty is not expected to happen anyway, but it can't hurt to fix this and drop the lock. Signed-off-by: Michael S. Tsirkin drivers/gpu/drm/virtio/virtgpu_vq.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 8854a56f3e71703e0253697e4cc82b20acf732dc Author: Michael S. Tsirkin Date: Mon Dec 5 21:44:39 2016 +0200 drm/virtio: fix endianness in primary_plane_update virtio_gpu_cmd_transfer_to_host_2d expects x and y parameters in LE, but virtio_gpu_primary_plane_update passes in the CPU format instead. Signed-off-by: Michael S. Tsirkin drivers/gpu/drm/virtio/virtgpu_plane.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 7328fa64aa30405c2d6abd44bb6866e914dba35d Author: Michael S. Tsirkin Date: Mon Dec 5 21:39:42 2016 +0200 virtio_console: drop unused config fields struct ports_device includes a config field including the whole virtio_console_config, but only max_nr_ports in there is ever updated or used. The rest is unused and in fact does not even mirror the device config. Drop everything except max_nr_ports, saving some memory. Signed-off-by: Michael S. Tsirkin Reviewed-by: Jason Wang drivers/char/virtio_console.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) commit 196202be3cfc75762b0075e2d69f55cef949c610 Merge: e3842cb 070cbd1 Author: Linus Torvalds Date: Wed Dec 14 20:54:33 2016 -0800 Merge tag 'for-linus-4.10' of git://git.code.sf.net/p/openipmi/linux-ipmi Pull IPMI updates from Corey Minyard: "Various small fixes for IPMI. Cleanups in the documentation and convertion printk() to pr_xxx() and removal of an unused module parameter. Some small bug fixes and enhancements. This also adds a post softdep from the IPMI core module to the IPMI device interface. Many people have complained that the device interface isn't automatically avaiable when IPMI is loaded. I don't want to make the device interface mandatory, though, plenty of people use IPMI internally (like with ACPI) and don't need a device interface or the added possible security entry. A softdep should make it work 'out of the box' but allow people to not have it if they don't want it" * tag 'for-linus-4.10' of git://git.code.sf.net/p/openipmi/linux-ipmi: ipmi: create hardware-independent softdep for ipmi_devintf ipmi: Fix sequence number handling ipmi: Pick up slave address from SMBIOS on an ACPI device ipmi_si: Clean up printks Move platform device creation earlier in the initialization ipmi: Update documentation ipmi_ssif: Remove an unused module parameter ipmi: Periodically check for events, not messages commit 1d0fd57a50aa372dd2e84b16711023cbcd826cb8 Author: Christoph Hellwig Date: Sun Sep 11 09:04:46 2016 -0500 logfs: remove from tree Logfs was introduced to the kernel in 2009, and hasn't seen any non drive-by changes since 2012, while having lots of unsolved issues including the complete lack of error handling, with more and more issues popping up without any fixes. The logfs.org domain has been bouncing from a mail, and the maintainer on the non-logfs.org domain hasn't repsonded to past queries either. Signed-off-by: Christoph Hellwig Signed-off-by: Al Viro Documentation/filesystems/00-INDEX | 2 - Documentation/filesystems/logfs.txt | 241 ---- MAINTAINERS | 8 - fs/Kconfig | 1 - fs/Makefile | 1 - fs/logfs/Kconfig | 17 - fs/logfs/Makefile | 13 - fs/logfs/compr.c | 95 -- fs/logfs/dev_bdev.c | 322 ----- fs/logfs/dev_mtd.c | 274 ----- fs/logfs/dir.c | 801 ------------ fs/logfs/file.c | 285 ----- fs/logfs/gc.c | 732 ----------- fs/logfs/inode.c | 428 ------- fs/logfs/journal.c | 894 -------------- fs/logfs/logfs.h | 735 ----------- fs/logfs/logfs_abi.h | 629 ---------- fs/logfs/readwrite.c | 2298 ----------------------------------- fs/logfs/segment.c | 961 --------------- fs/logfs/super.c | 653 ---------- 20 files changed, 9390 deletions(-) commit e3842cbfe0976b014288147b130551d8bf52b96c Merge: 4d98ead 4625d2a Author: Linus Torvalds Date: Wed Dec 14 20:42:45 2016 -0800 Merge tag 'dmaengine-4.10-rc1' of git://git.infradead.org/users/vkoul/slave-dma Pull dmaengine updates from Vinod Koul: "Fairly routine update this time around with all changes specific to drivers: - New driver for STMicroelectronics FDMA - Memory-to-memory transfers on dw dmac - Support for slave maps on pl08x devices - Bunch of driver fixes to use dma_pool_zalloc - Bunch of compile and warning fixes spread across drivers" [ The ST FDMA driver already came in earlier through the remoteproc tree ] * tag 'dmaengine-4.10-rc1' of git://git.infradead.org/users/vkoul/slave-dma: (68 commits) dmaengine: sirf-dma: remove unused ‘sdesc’ dmaengine: pl330: remove unused ‘regs’ dmaengine: s3c24xx: remove unused ‘cdata’ dmaengine: stm32-dma: remove unused ‘src_addr’ dmaengine: stm32-dma: remove unused ‘dst_addr’ dmaengine: stm32-dma: remove unused ‘sfcr’ dmaengine: pch_dma: remove unused ‘cookie’ dmaengine: mic_x100_dma: remove unused ‘data’ dmaengine: img-mdc: remove unused ‘prev_phys’ dmaengine: usb-dmac: remove unused ‘uchan’ dmaengine: ioat: remove unused ‘res’ dmaengine: ioat: remove unused ‘ioat_dma’ dmaengine: ioat: remove unused ‘is_raid_device’ dmaengine: pl330: do not generate unaligned access dmaengine: k3dma: move to dma_pool_zalloc dmaengine: at_hdmac: move to dma_pool_zalloc dmaengine: at_xdmac: don't restore unsaved status dmaengine: ioat: set error code on failures dmaengine: ioat: set error code on failures dmaengine: DW DMAC: add multi-block property to device tree ... commit c60923cb9cb5e042790839d553ed77e68ef45adf Author: Gonglei Date: Tue Nov 22 13:51:50 2016 +0800 virtio_ring: fix complaint by sparse # make C=2 CF="-D__CHECK_ENDIAN__" ./drivers/virtio/ drivers/virtio/virtio_ring.c:423:19: warning: incorrect type in assignment (different base types) drivers/virtio/virtio_ring.c:423:19: expected unsigned int [unsigned] [assigned] i drivers/virtio/virtio_ring.c:423:19: got restricted __virtio16 [usertype] next drivers/virtio/virtio_ring.c:423:19: warning: incorrect type in assignment (different base types) drivers/virtio/virtio_ring.c:423:19: expected unsigned int [unsigned] [assigned] i drivers/virtio/virtio_ring.c:423:19: got restricted __virtio16 [usertype] next drivers/virtio/virtio_ring.c:423:19: warning: incorrect type in assignment (different base types) drivers/virtio/virtio_ring.c:423:19: expected unsigned int [unsigned] [assigned] i drivers/virtio/virtio_ring.c:423:19: got restricted __virtio16 [usertype] next drivers/virtio/virtio_ring.c:604:39: warning: incorrect type in initializer (different base types) drivers/virtio/virtio_ring.c:604:39: expected unsigned short [unsigned] [usertype] nextflag drivers/virtio/virtio_ring.c:604:39: got restricted __virtio16 drivers/virtio/virtio_ring.c:612:33: warning: restricted __virtio16 degrades to integer Signed-off-by: Gonglei Signed-off-by: Michael S. Tsirkin drivers/virtio/virtio_ring.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 61bd405f4edcf7396cc7853e48212342feead06d Author: Gonglei Date: Tue Nov 22 13:51:49 2016 +0800 virtio_pci_modern: fix complaint by sparse drivers/virtio/virtio_pci_modern.c:66:40: warning: incorrect type in argument 2 (different base types) drivers/virtio/virtio_pci_modern.c:66:40: expected unsigned int [noderef] [usertype] *addr drivers/virtio/virtio_pci_modern.c:66:40: got restricted __le32 [noderef] [usertype] *lo drivers/virtio/virtio_pci_modern.c:67:33: warning: incorrect type in argument 2 (different base types) drivers/virtio/virtio_pci_modern.c:67:33: expected unsigned int [noderef] [usertype] *addr drivers/virtio/virtio_pci_modern.c:67:33: got restricted __le32 [noderef] [usertype] *hi drivers/virtio/virtio_pci_modern.c:150:32: warning: incorrect type in argument 2 (different base types) drivers/virtio/virtio_pci_modern.c:150:32: expected unsigned int [noderef] [usertype] *addr drivers/virtio/virtio_pci_modern.c:150:32: got restricted __le32 [noderef] * drivers/virtio/virtio_pci_modern.c:151:39: warning: incorrect type in argument 1 (different base types) drivers/virtio/virtio_pci_modern.c:151:39: expected unsigned int [noderef] [usertype] *addr drivers/virtio/virtio_pci_modern.c:151:39: got restricted __le32 [noderef] * drivers/virtio/virtio_pci_modern.c:152:32: warning: incorrect type in argument 2 (different base types) drivers/virtio/virtio_pci_modern.c:152:32: expected unsigned int [noderef] [usertype] *addr Signed-off-by: Gonglei Signed-off-by: Michael S. Tsirkin drivers/virtio/virtio_pci_modern.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 4d98ead183a2be77bfea425d5243e32629eaaeb1 Merge: a57cb1c 4d217a5 Author: Linus Torvalds Date: Wed Dec 14 20:12:43 2016 -0800 Merge tag 'modules-for-v4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/jeyu/linux Pull modules updates from Jessica Yu: "Summary of modules changes for the 4.10 merge window: - The rodata= cmdline parameter has been extended to additionally apply to module mappings - Fix a hard to hit race between module loader error/clean up handling and ftrace registration - Some code cleanups, notably panic.c and modules code use a unified taint_flags table now. This is much cleaner than duplicating the taint flag code in modules.c" * tag 'modules-for-v4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/jeyu/linux: module: fix DEBUG_SET_MODULE_RONX typo module: extend 'rodata=off' boot cmdline parameter to module mappings module: Fix a comment above strong_try_module_get() module: When modifying a module's text ignore modules which are going away too module: Ensure a module's state is set accordingly during module coming cleanup code module: remove trailing whitespace taint/module: Clean up global and module taint flags handling modpost: free allocated memory commit a57cb1c1d7974c62a5c80f7869e35b492ace12cd Merge: cf1b334 e1e14ab Author: Linus Torvalds Date: Wed Dec 14 17:25:18 2016 -0800 Merge branch 'akpm' (patches from Andrew) Merge more updates from Andrew Morton: - a few misc things - kexec updates - DMA-mapping updates to better support networking DMA operations - IPC updates - various MM changes to improve DAX fault handling - lots of radix-tree changes, mainly to the test suite. All leading up to reimplementing the IDA/IDR code to be a wrapper layer over the radix-tree. However the final trigger-pulling patch is held off for 4.11. * emailed patches from Andrew Morton : (114 commits) radix tree test suite: delete unused rcupdate.c radix tree test suite: add new tag check radix-tree: ensure counts are initialised radix tree test suite: cache recently freed objects radix tree test suite: add some more functionality idr: reduce the number of bits per level from 8 to 6 rxrpc: abstract away knowledge of IDR internals tpm: use idr_find(), not idr_find_slowpath() idr: add ida_is_empty radix tree test suite: check multiorder iteration radix-tree: fix replacement for multiorder entries radix-tree: add radix_tree_split_preload() radix-tree: add radix_tree_split radix-tree: add radix_tree_join radix-tree: delete radix_tree_range_tag_if_tagged() radix-tree: delete radix_tree_locate_item() radix-tree: improve multiorder iterators btrfs: fix race in btrfs_free_dummy_fs_info() radix-tree: improve dump output radix-tree: make radix_tree_find_next_bit more useful ... commit cf1b3341afab9d3ad02a76b3a619ea027dcf4e28 Merge: 80eabba d1b1cea Author: Linus Torvalds Date: Wed Dec 14 17:21:53 2016 -0800 Merge branch 'for-linus' of git://git.kernel.dk/linux-block Pull block IO fixes from Jens Axboe: "A few fixes that I collected as post-merge. I was going to wait a bit with sending this out, but the O_DIRECT fix should really go in sooner rather than later" * 'for-linus' of git://git.kernel.dk/linux-block: blk-mq: Fix failed allocation path when mapping queues blk-mq: Avoid memory reclaim when remapping queues block_dev: don't update file access position for sync direct IO nvme/pci: Log PCI_STATUS when the controller dies block_dev: don't test bdev->bd_contains when it is not stable commit 80eabba70260dcb55b05098f6c1fecbe5c0e518b Merge: 852d21a ce98321 Author: Linus Torvalds Date: Wed Dec 14 17:09:00 2016 -0800 Merge branch 'for-4.10/fs-unmap' of git://git.kernel.dk/linux-block Pull fs meta data unmap optimization from Jens Axboe: "A series from Jan Kara, providing a more efficient way for unmapping meta data from in the buffer cache than doing it block-by-block. Provide a general helper that existing callers can use" * 'for-4.10/fs-unmap' of git://git.kernel.dk/linux-block: fs: Remove unmap_underlying_metadata fs: Add helper to clean bdev aliases under a bh and use it ext2: Use clean_bdev_aliases() instead of iteration ext4: Use clean_bdev_aliases() instead of iteration direct-io: Use clean_bdev_aliases() instead of handmade iteration fs: Provide function to unmap metadata for a range of blocks commit 852d21ae1fcdf0e4de6b5bfa730d29cb013c7ff3 Author: Linus Torvalds Date: Wed Dec 14 16:30:12 2016 -0800 docs: add back 'Documentation/Changes' file (as symlink) Jaegeuk Kim reports that the debian kernel package build gets confused by the lack of Documentation/Changes file. We also refer to that path name in ver_linux and various how-to files and Kconfig files. The file got renamed away in commit 186128f75392 ("docs-rst: add documents to development-process"), and as Jaegeuk Kim points out, the commit message for that change says "use symlinks instead of renames", but then the commit itself actually does renames after all. Maybe we should do the other files too, but for now this just adds the minimal symlink back to the historical name, so that people looking for Documentation/Changes will actually find what they are looking for, and the debian scripts continue to work. Reported-by: Jaegeuk Kim Cc: Greg Kroah-Hartman Cc: Mauro Carvalho Chehab Signed-off-by: Linus Torvalds Documentation/Changes | 1 + 1 file changed, 1 insertion(+) commit e1e14ab8411df344a17687821f8f78f0a1e73cbb Author: Matthew Wilcox Date: Wed Dec 14 15:09:36 2016 -0800 radix tree test suite: delete unused rcupdate.c This file was used to implement call_rcu() before liburcu implemented that function. It hasn't even been compiled since before the test suite was added to the kernel. Remove it to reduce confusion. Link: http://lkml.kernel.org/r/1481667692-14500-5-git-send-email-mawilcox@linuxonhyperv.com Signed-off-by: Matthew Wilcox Cc: Kirill A. Shutemov Cc: Konstantin Khlebnikov Cc: Ross Zwisler Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds tools/testing/radix-tree/rcupdate.c | 86 ------------------------------------- 1 file changed, 86 deletions(-) commit 092bc0b225a9bdb6dca0959ddd6826afb6d40747 Author: Matthew Wilcox Date: Wed Dec 14 15:09:34 2016 -0800 radix tree test suite: add new tag check We have a check that setting a tag on a single entry at root succeeds, but we were missing a check that clearing a tag on that same entry also succeeds. Link: http://lkml.kernel.org/r/1481667692-14500-4-git-send-email-mawilcox@linuxonhyperv.com Signed-off-by: Matthew Wilcox Cc: Kirill A. Shutemov Cc: Konstantin Khlebnikov Cc: Ross Zwisler Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds tools/testing/radix-tree/tag_check.c | 3 +++ 1 file changed, 3 insertions(+) commit e8de4340767dd002978c285e3adddaeda8ac652c Author: Matthew Wilcox Date: Wed Dec 14 15:09:31 2016 -0800 radix-tree: ensure counts are initialised radix_tree_join() was freeing nodes with a non-zero ->exceptional count, and radix_tree_split() wasn't zeroing ->exceptional when it allocated the new node. Fix this by making all callers of radix_tree_node_alloc() pass in the new counts (and some other always-initialised fields), which will prevent the problem recurring if in future we decide to do something similar. Link: http://lkml.kernel.org/r/1481667692-14500-3-git-send-email-mawilcox@linuxonhyperv.com Signed-off-by: Matthew Wilcox Cc: Kirill A. Shutemov Cc: Konstantin Khlebnikov Cc: Ross Zwisler Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds lib/radix-tree.c | 41 ++++++++++++++++--------------- tools/testing/radix-tree/multiorder.c | 45 +++++++++++++++++++++++++++++++---- 2 files changed, 61 insertions(+), 25 deletions(-) commit bbe9d71f2c545398987a6fea5090a6ca76f4a8dc Author: Matthew Wilcox Date: Wed Dec 14 15:09:28 2016 -0800 radix tree test suite: cache recently freed objects The kmem_cache_alloc implementation simply allocates new memory from malloc() and calls the ctor, which zeroes out the entire object. This means it cannot spot bugs where the object isn't properly reinitialised before being freed. Add a small (11 objects) cache before freeing objects back to malloc. This is enough to let us write a test to catch it, although the memory allocator is now aware of the structure of the radix tree node, since it chains free objects through ->private_data (like the percpu cache does). Link: http://lkml.kernel.org/r/1481667692-14500-2-git-send-email-mawilcox@linuxonhyperv.com Signed-off-by: Matthew Wilcox Cc: Kirill A. Shutemov Cc: Konstantin Khlebnikov Cc: Ross Zwisler Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds tools/testing/radix-tree/linux.c | 48 ++++++++++++++++++++++++++++++----- tools/testing/radix-tree/linux/slab.h | 5 ---- 2 files changed, 41 insertions(+), 12 deletions(-) commit de1af8f62a78ea8abcc2dddb6de622e4069a368e Author: Matthew Wilcox Date: Wed Dec 14 15:09:25 2016 -0800 radix tree test suite: add some more functionality IDR needs more functionality from the kernel: kmalloc()/kfree(), and xchg(). Link: http://lkml.kernel.org/r/1480369871-5271-67-git-send-email-mawilcox@linuxonhyperv.com Signed-off-by: Matthew Wilcox Tested-by: Kirill A. Shutemov Cc: Konstantin Khlebnikov Cc: Ross Zwisler Cc: Matthew Wilcox Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds tools/testing/radix-tree/linux.c | 15 +++++++++++++++ tools/testing/radix-tree/linux/kernel.h | 3 +++ tools/testing/radix-tree/linux/slab.h | 3 +++ 3 files changed, 21 insertions(+) commit 424251a4a929a1b6dff2056d49135e3805132e32 Author: Matthew Wilcox Date: Wed Dec 14 15:09:22 2016 -0800 idr: reduce the number of bits per level from 8 to 6 In preparation for merging the IDR and radix tree, reduce the fanout at each level from 256 to 64. If this causes a performance problem then a bisect will point to this commit, and we'll have a better idea about what we might do to fix it. Link: http://lkml.kernel.org/r/1480369871-5271-66-git-send-email-mawilcox@linuxonhyperv.com Signed-off-by: Matthew Wilcox Tested-by: Kirill A. Shutemov Cc: Konstantin Khlebnikov Cc: Ross Zwisler Cc: Matthew Wilcox Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/idr.h | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) commit 444306129a920015a2cc876d13fcbf52382f39bd Author: Matthew Wilcox Date: Wed Dec 14 15:09:19 2016 -0800 rxrpc: abstract away knowledge of IDR internals Add idr_get_cursor() / idr_set_cursor() APIs, and remove the reference to IDR_SIZE. Link: http://lkml.kernel.org/r/1480369871-5271-65-git-send-email-mawilcox@linuxonhyperv.com Signed-off-by: Matthew Wilcox Reviewed-by: David Howells Tested-by: Kirill A. Shutemov Cc: Konstantin Khlebnikov Cc: Ross Zwisler Cc: Matthew Wilcox Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/idr.h | 26 ++++++++++++++++++++++++++ net/rxrpc/af_rxrpc.c | 11 ++++++----- net/rxrpc/conn_client.c | 4 ++-- 3 files changed, 34 insertions(+), 7 deletions(-) commit 37f4915fef0572e41ab91b7d3f7feb237cddbd92 Author: Matthew Wilcox Date: Wed Dec 14 15:09:16 2016 -0800 tpm: use idr_find(), not idr_find_slowpath() idr_find_slowpath() is not intended to be part of the public API, it's an implementation detail. There's no reason to skip straight to the slowpath here. Link: http://lkml.kernel.org/r/1480369871-5271-64-git-send-email-mawilcox@linuxonhyperv.com Signed-off-by: Matthew Wilcox Tested-by: Kirill A. Shutemov Cc: Konstantin Khlebnikov Cc: Ross Zwisler Cc: Peter Huewe Cc: Marcel Selhorst Cc: Jarkko Sakkinen Cc: Jason Gunthorpe Cc: Matthew Wilcox Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds drivers/char/tpm/tpm-chip.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 99c494077e2d4282a17120a772eecc00ec3004cc Author: Matthew Wilcox Date: Wed Dec 14 15:09:13 2016 -0800 idr: add ida_is_empty Two of the USB Gadgets were poking around in the internals of struct ida in order to determine if it is empty. Add the appropriate abstraction. Link: http://lkml.kernel.org/r/1480369871-5271-63-git-send-email-mawilcox@linuxonhyperv.com Signed-off-by: Matthew Wilcox Acked-by: Konstantin Khlebnikov Tested-by: Kirill A. Shutemov Cc: Ross Zwisler Cc: Felipe Balbi Cc: Greg Kroah-Hartman Cc: Michal Nazarewicz Cc: Matthew Wilcox Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds drivers/usb/gadget/function/f_hid.c | 6 +++--- drivers/usb/gadget/function/f_printer.c | 6 +++--- include/linux/idr.h | 5 +++++ 3 files changed, 11 insertions(+), 6 deletions(-) commit 3e3cdc68bede179a957fcd6be7b833a83df4e5de Author: Matthew Wilcox Date: Wed Dec 14 15:09:10 2016 -0800 radix tree test suite: check multiorder iteration The random iteration test only inserts order-0 entries currently. Update it to insert entries of order between 7 and 0. Also make the maximum index configurable, make some variables static, make the test duration variable, remove some useless spinning, and add a fifth thread which calls tag_tagged_items(). Link: http://lkml.kernel.org/r/1480369871-5271-62-git-send-email-mawilcox@linuxonhyperv.com Signed-off-by: Matthew Wilcox Tested-by: Kirill A. Shutemov Cc: Konstantin Khlebnikov Cc: Ross Zwisler Cc: Matthew Wilcox Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds tools/testing/radix-tree/iteration_check.c | 80 ++++++++++++++++++------------ tools/testing/radix-tree/main.c | 3 +- tools/testing/radix-tree/multiorder.c | 23 +++++++++ tools/testing/radix-tree/test.h | 2 +- 4 files changed, 73 insertions(+), 35 deletions(-) commit a90eb3a2a405cf7e96093ed531a285067dfdbc9d Author: Matthew Wilcox Date: Wed Dec 14 15:09:07 2016 -0800 radix-tree: fix replacement for multiorder entries When replacing an entry with NULL, we need to delete any sibling entries. Also account deleting exceptional entries properly. Also fix a bug with radix_tree_iter_replace() where we would fail to remove entirely freed nodes. Also fix accounting bug when switching between normal and exceptional entries with replace_slot. Also add testcases for all these bugs. Link: http://lkml.kernel.org/r/1480369871-5271-61-git-send-email-mawilcox@linuxonhyperv.com Signed-off-by: Matthew Wilcox Tested-by: Kirill A. Shutemov Cc: Konstantin Khlebnikov Cc: Ross Zwisler Cc: Matthew Wilcox Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds lib/radix-tree.c | 60 +++++++++++++++++------- tools/testing/radix-tree/multiorder.c | 87 ++++++++++++++++++++++++++++++----- 2 files changed, 119 insertions(+), 28 deletions(-) commit 2791653a6814d170fa893344618563a7b1da95c6 Author: Matthew Wilcox Date: Wed Dec 14 15:09:04 2016 -0800 radix-tree: add radix_tree_split_preload() Calculate how many nodes we need to allocate to split an old_order entry into multiple entries, each of size new_order. The test suite checks that we allocated exactly the right number of nodes; neither too many (checked by rtp->nr == 0), nor too few (checked by comparing nr_allocated before and after the call to radix_tree_split()). Link: http://lkml.kernel.org/r/1480369871-5271-60-git-send-email-mawilcox@linuxonhyperv.com Signed-off-by: Matthew Wilcox Tested-by: Kirill A. Shutemov Cc: Konstantin Khlebnikov Cc: Ross Zwisler Cc: Matthew Wilcox Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/radix-tree.h | 1 + lib/radix-tree.c | 24 +++++++++++++++++++- tools/testing/radix-tree/multiorder.c | 42 +++++++++++++++++++++++++++++++++-- tools/testing/radix-tree/test.h | 5 +++++ 4 files changed, 69 insertions(+), 3 deletions(-) commit e157b555945fb16ddc6cce605a1eb6b4135ea5f1 Author: Matthew Wilcox Date: Wed Dec 14 15:09:01 2016 -0800 radix-tree: add radix_tree_split This new function splits a larger multiorder entry into smaller entries (potentially multi-order entries). These entries are initialised to RADIX_TREE_RETRY to ensure that RCU walkers who see this state aren't confused. The caller should then call radix_tree_for_each_slot() and radix_tree_replace_slot() in order to turn these retry entries into the intended new entries. Tags are replicated from the original multiorder entry into each new entry. Link: http://lkml.kernel.org/r/1480369871-5271-59-git-send-email-mawilcox@linuxonhyperv.com Signed-off-by: Matthew Wilcox Tested-by: Kirill A. Shutemov Cc: Konstantin Khlebnikov Cc: Ross Zwisler Cc: Matthew Wilcox Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/radix-tree.h | 12 +++ lib/radix-tree.c | 142 +++++++++++++++++++++++++++++++++- tools/testing/radix-tree/multiorder.c | 64 +++++++++++++++ 3 files changed, 214 insertions(+), 4 deletions(-) commit 175542f575723e43f897ddb09d0011c13f7cf0ec Author: Matthew Wilcox Date: Wed Dec 14 15:08:58 2016 -0800 radix-tree: add radix_tree_join This new function allows for the replacement of many smaller entries in the radix tree with one larger multiorder entry. From the point of view of an RCU walker, they may see a mixture of the smaller entries and the large entry during the same walk, but they will never see NULL for an index which was populated before the join. Link: http://lkml.kernel.org/r/1480369871-5271-58-git-send-email-mawilcox@linuxonhyperv.com Signed-off-by: Matthew Wilcox Tested-by: Kirill A. Shutemov Cc: Konstantin Khlebnikov Cc: Ross Zwisler Cc: Matthew Wilcox Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/radix-tree.h | 3 + lib/radix-tree.c | 183 ++++++++++++++++++++++++++++------ tools/testing/radix-tree/multiorder.c | 58 +++++++++++ 3 files changed, 213 insertions(+), 31 deletions(-) commit 268f42de718128cd0301293177e79c08c38e39a6 Author: Matthew Wilcox Date: Wed Dec 14 15:08:55 2016 -0800 radix-tree: delete radix_tree_range_tag_if_tagged() This is an exceptionally complicated function with just one caller (tag_pages_for_writeback). We devote a large portion of the runtime of the test suite to testing this one function which has one caller. By introducing the new function radix_tree_iter_tag_set(), we can eliminate all of the complexity while keeping the performance. The caller can now use a fairly standard radix_tree_for_each() loop, and it doesn't need to worry about tricksy things like 'start' wrapping. The test suite continues to spend a large amount of time investigating this function, but now it's testing the underlying primitives such as radix_tree_iter_resume() and the radix_tree_for_each_tagged() iterator which are also used by other parts of the kernel. Link: http://lkml.kernel.org/r/1480369871-5271-57-git-send-email-mawilcox@linuxonhyperv.com Signed-off-by: Matthew Wilcox Tested-by: Kirill A. Shutemov Cc: Konstantin Khlebnikov Cc: Ross Zwisler Cc: Matthew Wilcox Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/radix-tree.h | 74 ++++++++++----------- lib/radix-tree.c | 117 ++++++--------------------------- mm/page-writeback.c | 28 +++++--- tools/testing/radix-tree/main.c | 12 ++-- tools/testing/radix-tree/multiorder.c | 13 ++-- tools/testing/radix-tree/regression2.c | 3 +- tools/testing/radix-tree/tag_check.c | 4 +- tools/testing/radix-tree/test.c | 34 ++++++++++ tools/testing/radix-tree/test.h | 3 + 9 files changed, 125 insertions(+), 163 deletions(-) commit 478922e2b0f41567e4a530771bfb3f693f857d45 Author: Matthew Wilcox Date: Wed Dec 14 15:08:52 2016 -0800 radix-tree: delete radix_tree_locate_item() This rather complicated function can be better implemented as an iterator. It has only one caller, so move the functionality to the only place that needs it. Update the test suite to follow the same pattern. Link: http://lkml.kernel.org/r/1480369871-5271-56-git-send-email-mawilcox@linuxonhyperv.com Signed-off-by: Matthew Wilcox Acked-by: Konstantin Khlebnikov Tested-by: Kirill A. Shutemov Cc: Ross Zwisler Cc: Matthew Wilcox Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/radix-tree.h | 1 - lib/radix-tree.c | 99 ----------------------------------------- mm/shmem.c | 26 ++++++++++- tools/testing/radix-tree/main.c | 8 ++-- tools/testing/radix-tree/test.c | 22 +++++++++ tools/testing/radix-tree/test.h | 2 + 6 files changed, 53 insertions(+), 105 deletions(-) commit 148deab223b23734069abcacb5c7118b0e7deadc Author: Matthew Wilcox Date: Wed Dec 14 15:08:49 2016 -0800 radix-tree: improve multiorder iterators This fixes several interlinked problems with the iterators in the presence of multiorder entries. 1. radix_tree_iter_next() would only advance by one slot, which would result in the iterators returning the same entry more than once if there were sibling entries. 2. radix_tree_next_slot() could return an internal pointer instead of a user pointer if a tagged multiorder entry was immediately followed by an entry of lower order. 3. radix_tree_next_slot() expanded to a lot more code than it used to when multiorder support was compiled in. And I wasn't comfortable with entry_to_node() being in a header file. Fixing radix_tree_iter_next() for the presence of sibling entries necessarily involves examining the contents of the radix tree, so we now need to pass 'slot' to radix_tree_iter_next(), and we need to change the calling convention so it is called *before* dropping the lock which protects the tree. Also rename it to radix_tree_iter_resume(), as some people thought it was necessary to call radix_tree_iter_next() each time around the loop. radix_tree_next_slot() becomes closer to how it looked before multiorder support was introduced. It only checks to see if the next entry in the chunk is a sibling entry or a pointer to a node; this should be rare enough that handling this case out of line is not a performance impact (and such impact is amortised by the fact that the entry we just processed was a multiorder entry). Also, radix_tree_next_slot() used to force a new chunk lookup for untagged entries, which is more expensive than the out of line sibling entry skipping. Link: http://lkml.kernel.org/r/1480369871-5271-55-git-send-email-mawilcox@linuxonhyperv.com Signed-off-by: Matthew Wilcox Tested-by: Kirill A. Shutemov Cc: Konstantin Khlebnikov Cc: Ross Zwisler Cc: Matthew Wilcox Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/btrfs/tests/btrfs-tests.c | 2 +- include/linux/radix-tree.h | 71 +++++++-------- lib/radix-tree.c | 138 +++++++++++++++++++++++++---- mm/khugepaged.c | 7 +- mm/shmem.c | 6 +- tools/testing/radix-tree/iteration_check.c | 12 +-- tools/testing/radix-tree/multiorder.c | 28 ++++-- tools/testing/radix-tree/regression3.c | 8 +- tools/testing/radix-tree/test.h | 1 + 9 files changed, 188 insertions(+), 85 deletions(-) commit b35df27a39f40e39fabf1b1e9569c7b24e1add6a Author: Matthew Wilcox Date: Wed Dec 14 15:08:46 2016 -0800 btrfs: fix race in btrfs_free_dummy_fs_info() We drop the lock which protects the radix tree, so we must call radix_tree_iter_next() in order to avoid a modification to the tree invalidating the iterator state. Link: http://lkml.kernel.org/r/1480369871-5271-54-git-send-email-mawilcox@linuxonhyperv.com Signed-off-by: Matthew Wilcox Tested-by: Kirill A. Shutemov Cc: Konstantin Khlebnikov Cc: Ross Zwisler Cc: Matthew Wilcox Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/btrfs/tests/btrfs-tests.c | 1 + 1 file changed, 1 insertion(+) commit 218ed7503aee07c7758dcbdd782e8c1a25c9f1e9 Author: Matthew Wilcox Date: Wed Dec 14 15:08:43 2016 -0800 radix-tree: improve dump output Print the indices of the entries as unsigned (instead of signed) integers and print the parent node of each entry to help navigate around larger trees where the layout is not quite so obvious. Print the indices covered by a node. Rearrange the order of fields printed so the indices and parents line up for each type of entry. Link: http://lkml.kernel.org/r/1480369871-5271-53-git-send-email-mawilcox@linuxonhyperv.com Signed-off-by: Matthew Wilcox Tested-by: Kirill A. Shutemov Cc: Konstantin Khlebnikov Cc: Ross Zwisler Cc: Matthew Wilcox Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds lib/radix-tree.c | 49 ++++++++++++++++++++++++++----------------------- 1 file changed, 26 insertions(+), 23 deletions(-) commit bc412fca6edc25bbbe28b6449512e15ebb1573ae Author: Matthew Wilcox Date: Wed Dec 14 15:08:40 2016 -0800 radix-tree: make radix_tree_find_next_bit more useful Since this function is specialised to the radix tree, pass in the node and tag to calculate the address of the bitmap in radix_tree_find_next_bit() instead of the caller. Likewise, there is no need to pass in the size of the bitmap. Link: http://lkml.kernel.org/r/1480369871-5271-52-git-send-email-mawilcox@linuxonhyperv.com Signed-off-by: Matthew Wilcox Tested-by: Kirill A. Shutemov Cc: Konstantin Khlebnikov Cc: Ross Zwisler Cc: Matthew Wilcox Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds lib/radix-tree.c | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) commit 9498d2bb34b0866829c313569df35e77a83f12eb Author: Matthew Wilcox Date: Wed Dec 14 15:08:37 2016 -0800 radix-tree: create node_tag_set() Similar to node_tag_clear(), factor node_tag_set() out of radix_tree_range_tag_if_tagged(). Link: http://lkml.kernel.org/r/1480369871-5271-51-git-send-email-mawilcox@linuxonhyperv.com Signed-off-by: Matthew Wilcox Tested-by: Kirill A. Shutemov Cc: Konstantin Khlebnikov Cc: Ross Zwisler Cc: Matthew Wilcox Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds lib/radix-tree.c | 41 +++++++++++++++++++---------------------- 1 file changed, 19 insertions(+), 22 deletions(-) commit 91d9c05ac6c788531136888d31ef18c6a0ec160f Author: Matthew Wilcox Date: Wed Dec 14 15:08:34 2016 -0800 radix-tree: move rcu_head into a union with private_list I want to be able to reference node->parent after freeing node. Currently node->parent is in a union with rcu_head, so it is overwritten when the node is put on the RCU list. We know that private_list is not referenced after the node is freed, so it is safe for these two members to share space. Link: http://lkml.kernel.org/r/1480369871-5271-50-git-send-email-mawilcox@linuxonhyperv.com Signed-off-by: Matthew Wilcox Tested-by: Kirill A. Shutemov Cc: Konstantin Khlebnikov Cc: Ross Zwisler Cc: Matthew Wilcox Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/radix-tree.h | 14 ++++---------- lib/radix-tree.c | 1 + 2 files changed, 5 insertions(+), 10 deletions(-) commit 91b9677c4c1242a3d0afd76d0e91f43808243b92 Author: Matthew Wilcox Date: Wed Dec 14 15:08:31 2016 -0800 radix-tree: fix typo Signed-off-by: Matthew Wilcox Tested-by: Kirill A. Shutemov Cc: Konstantin Khlebnikov Cc: Ross Zwisler Cc: Matthew Wilcox Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds lib/radix-tree.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 0629573e6bbd60f20ed2d7a91da1214a6274e751 Author: Matthew Wilcox Date: Wed Dec 14 15:08:29 2016 -0800 radix tree test suite: use common find-bit code Remove the old find_next_bit code in favour of linking in the find_bit code from tools/lib. Link: http://lkml.kernel.org/r/1480369871-5271-48-git-send-email-mawilcox@linuxonhyperv.com Signed-off-by: Matthew Wilcox Tested-by: Kirill A. Shutemov Cc: Konstantin Khlebnikov Cc: Ross Zwisler Cc: Matthew Wilcox Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds tools/testing/radix-tree/Makefile | 7 ++- tools/testing/radix-tree/find_next_bit.c | 57 ---------------------- tools/testing/radix-tree/linux/bitops.h | 40 +++++++++------ tools/testing/radix-tree/linux/bitops/non-atomic.h | 13 +++-- tools/testing/radix-tree/linux/kernel.h | 11 +++++ 5 files changed, 48 insertions(+), 80 deletions(-) commit b328daf3b7130098b105c18bdae694ddaad5b6e3 Author: Matthew Wilcox Date: Wed Dec 14 15:08:26 2016 -0800 tools: add more bitmap functions I need the following functions for the radix tree: bitmap_fill bitmap_empty bitmap_full Copy the implementations from include/linux/bitmap.h Signed-off-by: Matthew Wilcox Tested-by: Kirill A. Shutemov Cc: Konstantin Khlebnikov Cc: Ross Zwisler Cc: Matthew Wilcox Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds tools/include/linux/bitmap.h | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) commit 101d9607fffefdfc9e3922f0ac9061a61edda1b0 Author: Matthew Wilcox Date: Wed Dec 14 15:08:23 2016 -0800 radix tree test suite: record order in each item This probably doubles the size of each item allocated by the test suite but it lets us check a few more things, and may be needed for upcoming API changes that require the caller pass in the order of the entry. Link: http://lkml.kernel.org/r/1480369871-5271-46-git-send-email-mawilcox@linuxonhyperv.com Signed-off-by: Matthew Wilcox Tested-by: Kirill A. Shutemov Cc: Konstantin Khlebnikov Cc: Ross Zwisler Cc: Matthew Wilcox Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds tools/testing/radix-tree/multiorder.c | 2 +- tools/testing/radix-tree/test.c | 29 +++++++++++++++++++---------- tools/testing/radix-tree/test.h | 6 +++--- 3 files changed, 23 insertions(+), 14 deletions(-) commit 3ad75f8a1d9b047989059c67afc38d57161270e9 Author: Matthew Wilcox Date: Wed Dec 14 15:08:20 2016 -0800 radix tree test suite: handle exceptional entries item_kill_tree() assumes that everything in the tree is a pointer to a struct item, which is annoying when testing the behaviour of exceptional entries. Fix it to delete exceptional entries on the assumption they don't need to be freed. Link: http://lkml.kernel.org/r/1480369871-5271-45-git-send-email-mawilcox@linuxonhyperv.com Signed-off-by: Matthew Wilcox Tested-by: Kirill A. Shutemov Cc: Konstantin Khlebnikov Cc: Ross Zwisler Cc: Matthew Wilcox Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds tools/testing/radix-tree/test.c | 7 +++++++ 1 file changed, 7 insertions(+) commit af1c5cca9030f1bb935463ceb8274bfe82719128 Author: Matthew Wilcox Date: Wed Dec 14 15:08:17 2016 -0800 radix tree test suite: use rcu_barrier Calling rcu_barrier() allows all of the rcu-freed memory to be actually returned to the pool, and allows nr_allocated to return to 0. As well as allowing diffs between runs to be more useful, it also lets us pinpoint leaks more effectively. Link: http://lkml.kernel.org/r/1480369871-5271-44-git-send-email-mawilcox@linuxonhyperv.com Signed-off-by: Matthew Wilcox Tested-by: Kirill A. Shutemov Cc: Konstantin Khlebnikov Cc: Ross Zwisler Cc: Matthew Wilcox Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds tools/testing/radix-tree/main.c | 12 ++++++++++-- tools/testing/radix-tree/tag_check.c | 5 +++++ 2 files changed, 15 insertions(+), 2 deletions(-) commit cfa40bcfd6fed7010b1633bf127ed8571d3b607e Author: Konstantin Khlebnikov Date: Wed Dec 14 15:08:14 2016 -0800 radix tree test suite: benchmark for iterator This adds simple benchmark for iterator similar to one I've used for commit 78c1d78488a3 ("radix-tree: introduce bit-optimized iterator") Building with make BENCHMARK=1 set radix tree order to 6, this allows to get performance comparable to in kernel performance. Link: http://lkml.kernel.org/r/1480369871-5271-43-git-send-email-mawilcox@linuxonhyperv.com Signed-off-by: Konstantin Khlebnikov Signed-off-by: Matthew Wilcox Tested-by: Kirill A. Shutemov Cc: Ross Zwisler Cc: Matthew Wilcox Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds tools/testing/radix-tree/Makefile | 6 +- tools/testing/radix-tree/benchmark.c | 98 +++++++++++++++++++++++++++++++++ tools/testing/radix-tree/linux/kernel.h | 4 ++ tools/testing/radix-tree/main.c | 2 + tools/testing/radix-tree/test.h | 1 + 5 files changed, 110 insertions(+), 1 deletion(-) commit ba20cd60c97945f0de9fe313f869b3a5855e1503 Author: Matthew Wilcox Date: Wed Dec 14 15:08:11 2016 -0800 radix tree test suite: iteration test misuses RCU Each thread needs to register itself with RCU, otherwise the reading thread's read lock has no effect and the freeing thread will free the memory in the tree without waiting for the read lock to be dropped. Link: http://lkml.kernel.org/r/1480369871-5271-42-git-send-email-mawilcox@linuxonhyperv.com Signed-off-by: Matthew Wilcox Tested-by: Kirill A. Shutemov Cc: Konstantin Khlebnikov Cc: Ross Zwisler Cc: Matthew Wilcox Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds tools/testing/radix-tree/iteration_check.c | 28 ++++++++++++++++++++++++++-- 1 file changed, 26 insertions(+), 2 deletions(-) commit 061ef3936b16edc8f779d403d569392505665ed5 Author: Matthew Wilcox Date: Wed Dec 14 15:08:08 2016 -0800 radix tree test suite: make runs more reproducible Instead of reseeding the random number generator every time around the loop in big_gang_check(), seed it at the beginning of execution. Use rand_r() and an independent base seed for each thread in iteration_test() so they don't stomp all over each others state. Since this particular test depends on the kernel scheduler, the iteration test can't be reproduced based purely on the random seed, but at least it won't pollute the other tests. Print the seed, and allow the seed to be specified so that a run which hits a problem can be reproduced. Link: http://lkml.kernel.org/r/1480369871-5271-41-git-send-email-mawilcox@linuxonhyperv.com Signed-off-by: Matthew Wilcox Tested-by: Kirill A. Shutemov Cc: Konstantin Khlebnikov Cc: Ross Zwisler Cc: Matthew Wilcox Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds tools/testing/radix-tree/iteration_check.c | 11 +++++++---- tools/testing/radix-tree/main.c | 9 +++++++-- 2 files changed, 14 insertions(+), 6 deletions(-) commit 6df5ee786786ddafdddc922344a0b789f5b25fa4 Author: Matthew Wilcox Date: Wed Dec 14 15:08:05 2016 -0800 radix tree test suite: free preallocated nodes It can be a source of mild concern when the test suite shows that we're leaking nodes. While poring over the source code looking for leaks can lead to some fascinating bugs being discovered, sometimes the leak is simply that these nodes were preallocated and are sitting on the per-CPU list. Free them by calling the CPU dead callback. Link: http://lkml.kernel.org/r/1480369871-5271-40-git-send-email-mawilcox@linuxonhyperv.com Signed-off-by: Matthew Wilcox Tested-by: Kirill A. Shutemov Cc: Konstantin Khlebnikov Cc: Ross Zwisler Cc: Matthew Wilcox Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds tools/testing/radix-tree/main.c | 3 +++ tools/testing/radix-tree/test.h | 1 + 2 files changed, 4 insertions(+) commit 847d357635ce4c63b8901ab81333586a0f115fa5 Author: Matthew Wilcox Date: Wed Dec 14 15:08:02 2016 -0800 radix tree test suite: track preempt_count Rather than simply NOP out preempt_enable() and preempt_disable(), keep track of preempt_count and display it regularly in case either the test suite or the code under test is forgetting to balance the enables & disables. Only found a test-case that was forgetting to re-enable preemption, but it's a possibility worth checking. Link: http://lkml.kernel.org/r/1480369871-5271-39-git-send-email-mawilcox@linuxonhyperv.com Signed-off-by: Matthew Wilcox Tested-by: Kirill A. Shutemov Cc: Konstantin Khlebnikov Cc: Ross Zwisler Cc: Matthew Wilcox Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds tools/testing/radix-tree/linux.c | 1 + tools/testing/radix-tree/linux/preempt.h | 6 +++--- tools/testing/radix-tree/main.c | 30 ++++++++++++++++++++---------- 3 files changed, 24 insertions(+), 13 deletions(-) commit 31023cd66468359790beb046b6808fe0444672a2 Author: Matthew Wilcox Date: Wed Dec 14 15:07:59 2016 -0800 radix tree test suite: allow GFP_ATOMIC allocations to fail In order to test the preload code, it is necessary to fail GFP_ATOMIC allocations, which requires defining GFP_KERNEL and GFP_ATOMIC properly. Remove the obsolete __GFP_WAIT and copy the definitions of the __GFP flags which are used from the kernel include files. We also need the real definition of gfpflags_allow_blocking() to persuade the radix tree to actually use its preallocated nodes. Link: http://lkml.kernel.org/r/1480369871-5271-38-git-send-email-mawilcox@linuxonhyperv.com Signed-off-by: Matthew Wilcox Tested-by: Kirill A. Shutemov Cc: Konstantin Khlebnikov Cc: Ross Zwisler Cc: Matthew Wilcox Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds tools/testing/radix-tree/linux.c | 7 ++++++- tools/testing/radix-tree/linux/gfp.h | 22 +++++++++++++++++++--- tools/testing/radix-tree/linux/slab.h | 5 ----- 3 files changed, 25 insertions(+), 9 deletions(-) commit ebb9a9aedb95f697673a96a26ff0322a13676381 Author: Matthew Wilcox Date: Wed Dec 14 15:07:56 2016 -0800 tools: add WARN_ON_ONCE Patch series "Radix tree patches for 4.10", v3. Mostly these are improvements; the only bug fixes in here relate to multiorder entries (which are unused in the 4.9 tree). This patch (of 32): The radix tree uses its own buggy WARN_ON_ONCE. Replace it with the definition from asm-generic/bug.h Link: http://lkml.kernel.org/r/1480369871-5271-37-git-send-email-mawilcox@linuxonhyperv.com Signed-off-by: Matthew Wilcox Tested-by: Kirill A. Shutemov Cc: Konstantin Khlebnikov Cc: Ross Zwisler Cc: Matthew Wilcox Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds tools/include/asm/bug.h | 11 +++++++++++ tools/testing/radix-tree/Makefile | 2 +- tools/testing/radix-tree/linux/bug.h | 2 +- tools/testing/radix-tree/linux/types.h | 2 -- 4 files changed, 13 insertions(+), 4 deletions(-) commit 4b4bb46d00b386e1c972890dc5785a7966eaa9c0 Author: Jan Kara Date: Wed Dec 14 15:07:53 2016 -0800 dax: clear dirty entry tags on cache flush Currently we never clear dirty tags in DAX mappings and thus address ranges to flush accumulate. Now that we have locking of radix tree entries, we have all the locking necessary to reliably clear the radix tree dirty tag when flushing caches for corresponding address range. Similarly to page_mkclean() we also have to write-protect pages to get a page fault when the page is next written to so that we can mark the entry dirty again. Link: http://lkml.kernel.org/r/1479460644-25076-21-git-send-email-jack@suse.cz Signed-off-by: Jan Kara Reviewed-by: Ross Zwisler Cc: Kirill A. Shutemov Cc: Dan Williams Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/dax.c | 64 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 64 insertions(+) commit 2f89dc12a25ddf995b9acd7b6543fe892e3473d6 Author: Jan Kara Date: Wed Dec 14 15:07:50 2016 -0800 dax: protect PTE modification on WP fault by radix tree entry lock Currently PTE gets updated in wp_pfn_shared() after dax_pfn_mkwrite() has released corresponding radix tree entry lock. When we want to writeprotect PTE on cache flush, we need PTE modification to happen under radix tree entry lock to ensure consistent updates of PTE and radix tree (standard faults use page lock to ensure this consistency). So move update of PTE bit into dax_pfn_mkwrite(). Link: http://lkml.kernel.org/r/1479460644-25076-20-git-send-email-jack@suse.cz Signed-off-by: Jan Kara Reviewed-by: Ross Zwisler Cc: Kirill A. Shutemov Cc: Dan Williams Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/dax.c | 22 ++++++++++++++++------ mm/memory.c | 2 +- 2 files changed, 17 insertions(+), 7 deletions(-) commit a6abc2c0e77b16480f4d2c1eb7925e5287ae1526 Author: Jan Kara Date: Wed Dec 14 15:07:47 2016 -0800 dax: make cache flushing protected by entry lock Currently, flushing of caches for DAX mappings was ignoring entry lock. So far this was ok (modulo a bug that a difference in entry lock could cause cache flushing to be mistakenly skipped) but in the following patches we will write-protect PTEs on cache flushing and clear dirty tags. For that we will need more exclusion. So do cache flushing under an entry lock. This allows us to remove one lock-unlock pair of mapping->tree_lock as a bonus. Link: http://lkml.kernel.org/r/1479460644-25076-19-git-send-email-jack@suse.cz Signed-off-by: Jan Kara Reviewed-by: Ross Zwisler Cc: Kirill A. Shutemov Cc: Dan Williams Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/dax.c | 61 +++++++++++++++++++++++++++++++++++++++---------------------- 1 file changed, 39 insertions(+), 22 deletions(-) commit cae1240257d9ba4b40eb240124c530de8ee349bc Author: Jan Kara Date: Wed Dec 14 15:07:45 2016 -0800 mm: export follow_pte() DAX will need to implement its own version of page_check_address(). To avoid duplicating page table walking code, export follow_pte() which does what we need. Link: http://lkml.kernel.org/r/1479460644-25076-18-git-send-email-jack@suse.cz Signed-off-by: Jan Kara Reviewed-by: Ross Zwisler Cc: Kirill A. Shutemov Cc: Dan Williams Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/mm.h | 2 ++ mm/memory.c | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) commit a19e25536ed3a20845f642ce531e10c27fb2add5 Author: Jan Kara Date: Wed Dec 14 15:07:42 2016 -0800 mm: change return values of finish_mkwrite_fault() Currently finish_mkwrite_fault() returns 0 when PTE got changed before we acquired PTE lock and VM_FAULT_WRITE when we succeeded in modifying the PTE. This is somewhat confusing since 0 generally means success, it is also inconsistent with finish_fault() which returns 0 on success. Change finish_mkwrite_fault() to return 0 on success and VM_FAULT_NOPAGE when PTE changed. Practically, there should be no behavioral difference since we bail out from the fault the same way regardless whether we return 0, VM_FAULT_NOPAGE, or VM_FAULT_WRITE. Also note that VM_FAULT_WRITE has no effect for shared mappings since the only two places that check it - KSM and GUP - care about private mappings only. Generally the meaning of VM_FAULT_WRITE for shared mappings is not well defined and we should probably clean that up. Link: http://lkml.kernel.org/r/1479460644-25076-17-git-send-email-jack@suse.cz Signed-off-by: Jan Kara Acked-by: Kirill A. Shutemov Cc: Ross Zwisler Cc: Dan Williams Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/memory.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) commit 66a6197c118540d454913eef24d68d7491ab5d5f Author: Jan Kara Date: Wed Dec 14 15:07:39 2016 -0800 mm: provide helper for finishing mkwrite faults Provide a helper function for finishing write faults due to PTE being read-only. The helper will be used by DAX to avoid the need of complicating generic MM code with DAX locking specifics. Link: http://lkml.kernel.org/r/1479460644-25076-16-git-send-email-jack@suse.cz Signed-off-by: Jan Kara Reviewed-by: Ross Zwisler Acked-by: Kirill A. Shutemov Cc: Dan Williams Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/mm.h | 1 + mm/memory.c | 67 ++++++++++++++++++++++++++++++++---------------------- 2 files changed, 41 insertions(+), 27 deletions(-) commit 997dd98dd68beb2aea74cac53e7fd440cc8dba68 Author: Jan Kara Date: Wed Dec 14 15:07:36 2016 -0800 mm: move part of wp_page_reuse() into the single call site wp_page_reuse() handles write shared faults which is needed only in wp_page_shared(). Move the handling only into that location to make wp_page_reuse() simpler and avoid a strange situation when we sometimes pass in locked page, sometimes unlocked etc. Link: http://lkml.kernel.org/r/1479460644-25076-15-git-send-email-jack@suse.cz Signed-off-by: Jan Kara Reviewed-by: Ross Zwisler Acked-by: Kirill A. Shutemov Cc: Dan Williams Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/memory.c | 27 ++++++++++++--------------- 1 file changed, 12 insertions(+), 15 deletions(-) commit a41b70d6dfc28b9e1a17c2a9f3181c2b614bfd54 Author: Jan Kara Date: Wed Dec 14 15:07:33 2016 -0800 mm: use vmf->page during WP faults So far we set vmf->page during WP faults only when we needed to pass it to the ->page_mkwrite handler. Set it in all the cases now and use that instead of passing page pointer explicitly around. Link: http://lkml.kernel.org/r/1479460644-25076-14-git-send-email-jack@suse.cz Signed-off-by: Jan Kara Reviewed-by: Ross Zwisler Acked-by: Kirill A. Shutemov Cc: Dan Williams Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/memory.c | 58 +++++++++++++++++++++++++++++----------------------------- 1 file changed, 29 insertions(+), 29 deletions(-) commit 38b8cb7fbb892503fe9fcf748ebbed8c9fde7bf8 Author: Jan Kara Date: Wed Dec 14 15:07:30 2016 -0800 mm: pass vm_fault structure into do_page_mkwrite() We will need more information in the ->page_mkwrite() helper for DAX to be able to fully finish faults there. Pass vm_fault structure to do_page_mkwrite() and use it there so that information propagates properly from upper layers. Link: http://lkml.kernel.org/r/1479460644-25076-13-git-send-email-jack@suse.cz Signed-off-by: Jan Kara Reviewed-by: Ross Zwisler Acked-by: Kirill A. Shutemov Cc: Dan Williams Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/memory.c | 22 ++++++++++------------ 1 file changed, 10 insertions(+), 12 deletions(-) commit 97ba0c2b4b0994044e404b7a96fc92a2e0424534 Author: Jan Kara Date: Wed Dec 14 15:07:27 2016 -0800 mm: factor out common parts of write fault handling Currently we duplicate handling of shared write faults in wp_page_reuse() and do_shared_fault(). Factor them out into a common function. Link: http://lkml.kernel.org/r/1479460644-25076-12-git-send-email-jack@suse.cz Signed-off-by: Jan Kara Reviewed-by: Ross Zwisler Acked-by: Kirill A. Shutemov Cc: Dan Williams Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/memory.c | 78 +++++++++++++++++++++++++++++-------------------------------- 1 file changed, 37 insertions(+), 41 deletions(-) commit b1aa812b21084285e9f6098639be9cd5bf9e05d7 Author: Jan Kara Date: Wed Dec 14 15:07:24 2016 -0800 mm: move handling of COW faults into DAX code Move final handling of COW faults from generic code into DAX fault handler. That way generic code doesn't have to be aware of peculiarities of DAX locking so remove that knowledge and make locking functions private to fs/dax.c. Link: http://lkml.kernel.org/r/1479460644-25076-11-git-send-email-jack@suse.cz Signed-off-by: Jan Kara Acked-by: Kirill A. Shutemov Reviewed-by: Ross Zwisler Cc: Dan Williams Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/dax.c | 61 +++++++++++++++++++++++++---------------------------- include/linux/dax.h | 7 ------ include/linux/mm.h | 9 +------- mm/memory.c | 13 ++++-------- 4 files changed, 34 insertions(+), 56 deletions(-) commit 9118c0cbd44262d0015568266f314e645ed6b9ce Author: Jan Kara Date: Wed Dec 14 15:07:21 2016 -0800 mm: factor out functionality to finish page faults Introduce finish_fault() as a helper function for finishing page faults. It is rather thin wrapper around alloc_set_pte() but since we'd want to call this from DAX code or filesystems, it is still useful to avoid some boilerplate code. Link: http://lkml.kernel.org/r/1479460644-25076-10-git-send-email-jack@suse.cz Signed-off-by: Jan Kara Reviewed-by: Ross Zwisler Acked-by: Kirill A. Shutemov Cc: Dan Williams Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/mm.h | 1 + mm/memory.c | 44 +++++++++++++++++++++++++++++++++++--------- 2 files changed, 36 insertions(+), 9 deletions(-) commit 3917048d4572b9cabf6f8f5ad395eb693717367c Author: Jan Kara Date: Wed Dec 14 15:07:18 2016 -0800 mm: allow full handling of COW faults in ->fault handlers Patch series "dax: Clear dirty bits after flushing caches", v5. Patchset to clear dirty bits from radix tree of DAX inodes when caches for corresponding pfns have been flushed. In principle, these patches enable handlers to easily update PTEs and do other work necessary to finish the fault without duplicating the functionality present in the generic code. I'd like to thank Kirill and Ross for reviews of the series! This patch (of 20): To allow full handling of COW faults add memcg field to struct vm_fault and a return value of ->fault() handler meaning that COW fault is fully handled and memcg charge must not be canceled. This will allow us to remove knowledge about special DAX locking from the generic fault code. Link: http://lkml.kernel.org/r/1479460644-25076-9-git-send-email-jack@suse.cz Signed-off-by: Jan Kara Reviewed-by: Ross Zwisler Acked-by: Kirill A. Shutemov Cc: Dan Williams Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/mm.h | 4 +++- mm/memory.c | 14 +++++++------- 2 files changed, 10 insertions(+), 8 deletions(-) commit 2994302bc8a17180788fac66a47102d338d5d0ec Author: Jan Kara Date: Wed Dec 14 15:07:16 2016 -0800 mm: add orig_pte field into vm_fault Add orig_pte field to vm_fault structure to allow ->page_mkwrite handlers to fully handle the fault. This also allows us to save some passing of extra arguments around. Link: http://lkml.kernel.org/r/1479460644-25076-8-git-send-email-jack@suse.cz Signed-off-by: Jan Kara Reviewed-by: Ross Zwisler Acked-by: Kirill A. Shutemov Cc: Dan Williams Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/mm.h | 4 +-- mm/internal.h | 2 +- mm/khugepaged.c | 7 ++--- mm/memory.c | 82 +++++++++++++++++++++++++++--------------------------- 4 files changed, 47 insertions(+), 48 deletions(-) commit fe82221f57ea6840a4238a8e077e3f93f257a03f Author: Jan Kara Date: Wed Dec 14 15:07:13 2016 -0800 mm: use passed vm_fault structure for in wp_pfn_shared() Instead of creating another vm_fault structure, use the one passed to wp_pfn_shared() for passing arguments into pfn_mkwrite handler. Link: http://lkml.kernel.org/r/1479460644-25076-7-git-send-email-jack@suse.cz Signed-off-by: Jan Kara Reviewed-by: Ross Zwisler Acked-by: Kirill A. Shutemov Cc: Dan Williams Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/memory.c | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) commit 936ca80d3773bd9b6dda8a0dfd54425f9ec1be9d Author: Jan Kara Date: Wed Dec 14 15:07:10 2016 -0800 mm: trim __do_fault() arguments Use vm_fault structure to pass cow_page, page, and entry in and out of the function. That reduces number of __do_fault() arguments from 4 to 1. Link: http://lkml.kernel.org/r/1479460644-25076-6-git-send-email-jack@suse.cz Signed-off-by: Jan Kara Reviewed-by: Ross Zwisler Acked-by: Kirill A. Shutemov Cc: Dan Williams Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/memory.c | 67 ++++++++++++++++++++++++++----------------------------------- 1 file changed, 29 insertions(+), 38 deletions(-) commit 667240e0f2e13e792a5af99b3c34dfab12ef125b Author: Jan Kara Date: Wed Dec 14 15:07:07 2016 -0800 mm: use passed vm_fault structure in __do_fault() Instead of creating another vm_fault structure, use the one passed to __do_fault() for passing arguments into fault handler. Link: http://lkml.kernel.org/r/1479460644-25076-5-git-send-email-jack@suse.cz Signed-off-by: Jan Kara Reviewed-by: Ross Zwisler Acked-by: Kirill A. Shutemov Cc: Dan Williams Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/memory.c | 25 ++++++++++--------------- 1 file changed, 10 insertions(+), 15 deletions(-) commit 0721ec8bc156fafc9057ec1df95cdb3bbc3cbae8 Author: Jan Kara Date: Wed Dec 14 15:07:04 2016 -0800 mm: use pgoff in struct vm_fault instead of passing it separately struct vm_fault has already pgoff entry. Use it instead of passing pgoff as a separate argument and then assigning it later. Link: http://lkml.kernel.org/r/1479460644-25076-4-git-send-email-jack@suse.cz Signed-off-by: Jan Kara Reviewed-by: Ross Zwisler Acked-by: Kirill A. Shutemov Cc: Dan Williams Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/khugepaged.c | 1 + mm/memory.c | 35 ++++++++++++++++++----------------- 2 files changed, 19 insertions(+), 17 deletions(-) commit 1a29d85eb0f19b7d8271923d8917d7b4f5540b3e Author: Jan Kara Date: Wed Dec 14 15:07:01 2016 -0800 mm: use vmf->address instead of of vmf->virtual_address Every single user of vmf->virtual_address typed that entry to unsigned long before doing anything with it so the type of virtual_address does not really provide us any additional safety. Just use masked vmf->address which already has the appropriate type. Link: http://lkml.kernel.org/r/1479460644-25076-3-git-send-email-jack@suse.cz Signed-off-by: Jan Kara Acked-by: Kirill A. Shutemov Cc: Dan Williams Cc: Ross Zwisler Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/powerpc/platforms/cell/spufs/file.c | 8 +++----- arch/x86/entry/vdso/vma.c | 4 ++-- drivers/char/agp/alpha-agp.c | 3 +-- drivers/char/mspec.c | 2 +- drivers/dax/dax.c | 3 +-- drivers/gpu/drm/armada/armada_gem.c | 5 ++--- drivers/gpu/drm/drm_vm.c | 10 +++++----- drivers/gpu/drm/etnaviv/etnaviv_gem.c | 7 +++---- drivers/gpu/drm/exynos/exynos_drm_gem.c | 6 ++---- drivers/gpu/drm/gma500/framebuffer.c | 2 +- drivers/gpu/drm/gma500/gem.c | 5 ++--- drivers/gpu/drm/i915/i915_gem.c | 3 +-- drivers/gpu/drm/msm/msm_gem.c | 8 +++----- drivers/gpu/drm/omapdrm/omap_gem.c | 20 ++++++++------------ drivers/gpu/drm/tegra/gem.c | 4 ++-- drivers/gpu/drm/ttm/ttm_bo_vm.c | 2 +- drivers/gpu/drm/udl/udl_gem.c | 5 ++--- drivers/gpu/drm/vgem/vgem_drv.c | 2 +- drivers/media/v4l2-core/videobuf-dma-sg.c | 5 ++--- drivers/misc/cxl/context.c | 5 ++--- drivers/misc/sgi-gru/grumain.c | 2 +- drivers/staging/android/ion/ion.c | 2 +- drivers/staging/lustre/lustre/llite/vvp_io.c | 6 +++--- drivers/xen/privcmd.c | 2 +- fs/dax.c | 4 ++-- include/linux/mm.h | 2 -- mm/memory.c | 9 ++++----- 27 files changed, 57 insertions(+), 79 deletions(-) commit 82b0f8c39a3869b6fd2a10e180a862248736ec6f Author: Jan Kara Date: Wed Dec 14 15:06:58 2016 -0800 mm: join struct fault_env and vm_fault Currently we have two different structures for passing fault information around - struct vm_fault and struct fault_env. DAX will need more information in struct vm_fault to handle its faults so the content of that structure would become event closer to fault_env. Furthermore it would need to generate struct fault_env to be able to call some of the generic functions. So at this point I don't think there's much use in keeping these two structures separate. Just embed into struct vm_fault all that is needed to use it for both purposes. Link: http://lkml.kernel.org/r/1479460644-25076-2-git-send-email-jack@suse.cz Signed-off-by: Jan Kara Acked-by: Kirill A. Shutemov Cc: Ross Zwisler Cc: Dan Williams Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Documentation/filesystems/Locking | 2 +- fs/userfaultfd.c | 22 +- include/linux/huge_mm.h | 10 +- include/linux/mm.h | 28 +- include/linux/userfaultfd_k.h | 4 +- mm/filemap.c | 14 +- mm/huge_memory.c | 173 ++++++------ mm/internal.h | 2 +- mm/khugepaged.c | 20 +- mm/memory.c | 568 +++++++++++++++++++------------------- mm/nommu.c | 2 +- 11 files changed, 423 insertions(+), 422 deletions(-) commit 8b7457ef9a9eb46cd1675d40d8e1fd3c47a38395 Author: Lorenzo Stoakes Date: Wed Dec 14 15:06:55 2016 -0800 mm: unexport __get_user_pages_unlocked() Unexport the low-level __get_user_pages_unlocked() function and replaces invocations with calls to more appropriate higher-level functions. In hva_to_pfn_slow() we are able to replace __get_user_pages_unlocked() with get_user_pages_unlocked() since we can now pass gup_flags. In async_pf_execute() and process_vm_rw_single_vec() we need to pass different tsk, mm arguments so get_user_pages_remote() is the sane replacement in these cases (having added manual acquisition and release of mmap_sem.) Additionally get_user_pages_remote() reintroduces use of the FOLL_TOUCH flag. However, this flag was originally silently dropped by commit 1e9877902dc7 ("mm/gup: Introduce get_user_pages_remote()"), so this appears to have been unintentional and reintroducing it is therefore not an issue. [akpm@linux-foundation.org: coding-style fixes] Link: http://lkml.kernel.org/r/20161027095141.2569-3-lstoakes@gmail.com Signed-off-by: Lorenzo Stoakes Acked-by: Michal Hocko Cc: Jan Kara Cc: Hugh Dickins Cc: Dave Hansen Cc: Rik van Riel Cc: Mel Gorman Cc: Paolo Bonzini Cc: Radim Krcmar Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/mm.h | 3 --- mm/gup.c | 8 ++++---- mm/nommu.c | 8 ++++---- mm/process_vm_access.c | 12 ++++++++---- virt/kvm/async_pf.c | 10 +++++++--- virt/kvm/kvm_main.c | 5 ++--- 6 files changed, 25 insertions(+), 21 deletions(-) commit 5b56d49fc31dbb0487e14ead790fc81ca9fb2c99 Author: Lorenzo Stoakes Date: Wed Dec 14 15:06:52 2016 -0800 mm: add locked parameter to get_user_pages_remote() Patch series "mm: unexport __get_user_pages_unlocked()". This patch series continues the cleanup of get_user_pages*() functions taking advantage of the fact we can now pass gup_flags as we please. It firstly adds an additional 'locked' parameter to get_user_pages_remote() to allow for its callers to utilise VM_FAULT_RETRY functionality. This is necessary as the invocation of __get_user_pages_unlocked() in process_vm_rw_single_vec() makes use of this and no other existing higher level function would allow it to do so. Secondly existing callers of __get_user_pages_unlocked() are replaced with the appropriate higher-level replacement - get_user_pages_unlocked() if the current task and memory descriptor are referenced, or get_user_pages_remote() if other task/memory descriptors are referenced (having acquiring mmap_sem.) This patch (of 2): Add a int *locked parameter to get_user_pages_remote() to allow VM_FAULT_RETRY faulting behaviour similar to get_user_pages_[un]locked(). Taking into account the previous adjustments to get_user_pages*() functions allowing for the passing of gup_flags, we are now in a position where __get_user_pages_unlocked() need only be exported for his ability to allow VM_FAULT_RETRY behaviour, this adjustment allows us to subsequently unexport __get_user_pages_unlocked() as well as allowing for future flexibility in the use of get_user_pages_remote(). [sfr@canb.auug.org.au: merge fix for get_user_pages_remote API change] Link: http://lkml.kernel.org/r/20161122210511.024ec341@canb.auug.org.au Link: http://lkml.kernel.org/r/20161027095141.2569-2-lstoakes@gmail.com Signed-off-by: Lorenzo Stoakes Acked-by: Michal Hocko Cc: Jan Kara Cc: Hugh Dickins Cc: Dave Hansen Cc: Rik van Riel Cc: Mel Gorman Cc: Paolo Bonzini Cc: Radim Krcmar Signed-off-by: Stephen Rothwell Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds drivers/gpu/drm/etnaviv/etnaviv_gem.c | 2 +- drivers/gpu/drm/i915/i915_gem_userptr.c | 2 +- drivers/infiniband/core/umem_odp.c | 2 +- drivers/vfio/vfio_iommu_type1.c | 2 +- fs/exec.c | 2 +- include/linux/mm.h | 2 +- kernel/events/uprobes.c | 4 ++-- mm/gup.c | 12 ++++++++---- mm/memory.c | 2 +- security/tomoyo/domain.c | 2 +- 10 files changed, 18 insertions(+), 14 deletions(-) commit 370b262c896e5565b271a3ea3abee4d0914ba443 Author: Davidlohr Bueso Date: Wed Dec 14 15:06:49 2016 -0800 ipc/sem: avoid idr tree lookup for interrupted semop We can avoid the idr tree lookup (albeit possibly avoiding idr_find_fast()) when being awoken in EINTR, as the semid will not change in this context while blocked. Use the sma pointer directly and take the sem_lock, then re-check for RMID races. We continue to re-check the queue.status with the lock held such that we can detect situations where we where are dealing with a spurious wakeup but another task that holds the sem_lock updated the queue.status while we were spinning for it. Once we take the lock it obviously won't change again. Being the only caller, get rid of sem_obtain_lock() altogether. Link: http://lkml.kernel.org/r/1478708774-28826-3-git-send-email-dave@stgolabs.net Signed-off-by: Davidlohr Bueso Cc: Manfred Spraul Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds ipc/sem.c | 37 +++++-------------------------------- 1 file changed, 5 insertions(+), 32 deletions(-) commit b5fa01a22e4ba9e3ca6de7cb94c3d21e42da449c Author: Davidlohr Bueso Date: Wed Dec 14 15:06:46 2016 -0800 ipc/sem: simplify wait-wake loop Instead of using the reverse goto, we can simplify the flow and make it more language natural by just doing do-while instead. One would hope this is the standard way (or obviously just with a while bucle) that we do wait/wakeup handling in the kernel. The exact same logic is kept, just more indented. [akpm@linux-foundation.org: coding-style fixes] Link: http://lkml.kernel.org/r/1478708774-28826-2-git-send-email-dave@stgolabs.net Signed-off-by: Davidlohr Bueso Cc: Manfred Spraul Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds ipc/sem.c | 108 ++++++++++++++++++++++++++++++-------------------------------- 1 file changed, 52 insertions(+), 56 deletions(-) commit f150f02cfbc7b6b980e260856555abd73235a6b0 Author: Davidlohr Bueso Date: Wed Dec 14 15:06:43 2016 -0800 ipc/sem: use proper list api for pending_list wakeups ... saves some LoC and looks cleaner than re-implementing the calls. Link: http://lkml.kernel.org/r/1474225896-10066-6-git-send-email-dave@stgolabs.net Signed-off-by: Davidlohr Bueso Acked-by: Manfred Spraul Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds ipc/sem.c | 38 +++++++++++++------------------------- 1 file changed, 13 insertions(+), 25 deletions(-) commit 4663d3e8f21652f33c698fcc2bf20f61499d9c3e Author: Davidlohr Bueso Date: Wed Dec 14 15:06:40 2016 -0800 ipc/sem: explicitly inline check_restart The compiler already does this, but make it explicit. This helper is really small and also used in update_queue's main loop, which is O(N^2) scanning. Inline and avoid the function overhead. Link: http://lkml.kernel.org/r/1474225896-10066-5-git-send-email-dave@stgolabs.net Signed-off-by: Davidlohr Bueso Cc: Manfred Spraul Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds ipc/sem.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 4ce33ec2e42d4661bf05289e213bc088eecb9132 Author: Davidlohr Bueso Date: Wed Dec 14 15:06:37 2016 -0800 ipc/sem: optimize perform_atomic_semop() This is the main workhorse that deals with semop user calls such that the waitforzero or semval update operations, on the set, can complete on not as the sma currently stands. Currently, the set is iterated twice (setting semval, then backwards for the sempid value). Slowpaths, and particularly SEM_UNDO calls, must undo any altered sem when it is detected that the caller must block or has errored-out. With larger sets, there can occur situations where this involves a lot of cycles and can obviously be a suboptimal use of cached resources in shared memory. Ie, discarding CPU caches that are also calling semop and have the sembuf cached (and can complete), while the current lock holder doing the semop will block, error, or does a waitforzero operation. This patch proposes still iterating the set twice, but the first scan is read-only, and we perform the actual updates afterward, once we know that the call will succeed. In order to not suffer from the overhead of dealing with sops that act on the same sem_num, such (rare) cases use perform_atomic_semop_slow(), which is exactly what we have now. Duplicates are detected before grabbing sem_lock, and uses simple a 32/64-bit hash array variable to based on the sem_num we are working on. In addition add some comments to when we expect to the caller to block. [akpm@linux-foundation.org: coding-style fixes] [colin.king@canonical.com: ensure we left shift a ULL rather than a 32 bit integer] Link: http://lkml.kernel.org/r/20161028181129.7311-1-colin.king@canonical.com Link: http://lkml.kernel.org/r/20160921194603.GB21438@linux-80c1.suse Signed-off-by: Davidlohr Bueso Cc: Manfred Spraul Signed-off-by: Colin Ian King Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds ipc/sem.c | 112 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 102 insertions(+), 10 deletions(-) commit 9ae949fa382b080170f9d3c8bd9dea951cf52ee7 Author: Davidlohr Bueso Date: Wed Dec 14 15:06:34 2016 -0800 ipc/sem: rework task wakeups Our sysv sems have been using the notion of lockless wakeups for a while, ever since commit 0a2b9d4c7967 ("ipc/sem.c: move wake_up_process out of the spinlock section"), in order to reduce the sem_lock hold times. This in-house pending queue can be replaced by wake_q (just like all the rest of ipc now), in that it provides the following advantages: o Simplifies and gets rid of unnecessary code. o We get rid of the IN_WAKEUP complexities. Given that wake_q_add() grabs reference to the task, if awoken due to an unrelated event, between the wake_q_add() and wake_up_q() window, we cannot race with sys_exit and the imminent call to wake_up_process(). o By not spinning IN_WAKEUP, we no longer need to disable preemption. In consequence, the wakeup paths (after schedule(), that is) must acknowledge an external signal/event, as well spurious wakeup occurring during the pending wakeup window. Obviously no changes in semantics that could be visible to the user. The fastpath is _only_ for when we know for sure that we were awoken due to a the waker's successful semop call (queue.status is not -EINTR). On a 48-core Haswell, running the ipcscale 'waitforzero' test, the following is seen with increasing thread counts: v4.8-rc5 v4.8-rc5 semopv2 Hmean sembench-sem-2 574733.00 ( 0.00%) 578322.00 ( 0.62%) Hmean sembench-sem-8 811708.00 ( 0.00%) 824689.00 ( 1.59%) Hmean sembench-sem-12 842448.00 ( 0.00%) 845409.00 ( 0.35%) Hmean sembench-sem-21 933003.00 ( 0.00%) 977748.00 ( 4.80%) Hmean sembench-sem-48 935910.00 ( 0.00%) 1004759.00 ( 7.36%) Hmean sembench-sem-79 937186.00 ( 0.00%) 983976.00 ( 4.99%) Hmean sembench-sem-234 974256.00 ( 0.00%) 1060294.00 ( 8.83%) Hmean sembench-sem-265 975468.00 ( 0.00%) 1016243.00 ( 4.18%) Hmean sembench-sem-296 991280.00 ( 0.00%) 1042659.00 ( 5.18%) Hmean sembench-sem-327 975415.00 ( 0.00%) 1029977.00 ( 5.59%) Hmean sembench-sem-358 1014286.00 ( 0.00%) 1049624.00 ( 3.48%) Hmean sembench-sem-389 972939.00 ( 0.00%) 1043127.00 ( 7.21%) Hmean sembench-sem-420 981909.00 ( 0.00%) 1056747.00 ( 7.62%) Hmean sembench-sem-451 990139.00 ( 0.00%) 1051609.00 ( 6.21%) Hmean sembench-sem-482 965735.00 ( 0.00%) 1040313.00 ( 7.72%) [akpm@linux-foundation.org: coding-style fixes] [sfr@canb.auug.org.au: merge fix for WAKE_Q to DEFINE_WAKE_Q rename] Link: http://lkml.kernel.org/r/20161122210410.5eca9fc2@canb.auug.org.au Link: http://lkml.kernel.org/r/1474225896-10066-3-git-send-email-dave@stgolabs.net Signed-off-by: Davidlohr Bueso Acked-by: Manfred Spraul Signed-off-by: Stephen Rothwell Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds ipc/sem.c | 266 ++++++++++++++++++++------------------------------------------ 1 file changed, 86 insertions(+), 180 deletions(-) commit 248e7357cf8ec50bdaca68dce7c488ce843b6b93 Author: Davidlohr Bueso Date: Wed Dec 14 15:06:31 2016 -0800 ipc/sem: do not call wake_sem_queue_do() prematurely ... as this call should obviously be paired with its _prepare() counterpart. At least whenever possible, as there is no harm in calling it bogusly as we do now in a few places. Immediate error semop(2) paths that are far from ever having the task block can be simplified and avoid a few unnecessary loads on their way out of the call as it is not deeply nested. Link: http://lkml.kernel.org/r/1474225896-10066-2-git-send-email-dave@stgolabs.net Signed-off-by: Davidlohr Bueso Cc: Manfred Spraul Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds ipc/sem.c | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) commit 7a5c8b57cec93196b3e84e3cad2ff81ae0faed78 Author: Babu Moger Date: Wed Dec 14 15:06:28 2016 -0800 sparc: implement watchdog_nmi_enable and watchdog_nmi_disable Implement functions watchdog_nmi_enable and watchdog_nmi_disable to enable/disable nmi watchdog. Sparc uses arch specific nmi watchdog handler. Currently, we do not have a way to enable/disable nmi watchdog dynamically. With these patches we can enable or disable arch specific nmi watchdogs using proc or sysctl interface. Example commands. To enable: echo 1 > /proc/sys/kernel/nmi_watchdog To disable: echo 0 > /proc/sys/kernel/nmi_watchdog It can also achieved using the sysctl parameter kernel.nmi_watchdog Link: http://lkml.kernel.org/r/1478034826-43888-4-git-send-email-babu.moger@oracle.com Signed-off-by: Babu Moger Acked-by: Don Zickus Cc: Ingo Molnar Cc: Jiri Kosina Cc: Andi Kleen Cc: Yaowei Bai Cc: Aaron Tomlin Cc: Ulrich Obergfell Cc: Tejun Heo Cc: Hidehiro Kawai Cc: Josh Hunt Cc: "David S. Miller" Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/sparc/kernel/nmi.c | 44 +++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 43 insertions(+), 1 deletion(-) commit 73ce0511c43686095efd2f65ef564aab952e07bc Author: Babu Moger Date: Wed Dec 14 15:06:24 2016 -0800 kernel/watchdog.c: move hardlockup detector to separate file Separate hardlockup code from watchdog.c and move it to watchdog_hld.c. It is mostly straight forward. Remove everything inside CONFIG_HARDLOCKUP_DETECTORS. This code will go to file watchdog_hld.c. Also update the makefile accordigly. Link: http://lkml.kernel.org/r/1478034826-43888-3-git-send-email-babu.moger@oracle.com Signed-off-by: Babu Moger Acked-by: Don Zickus Cc: Ingo Molnar Cc: Jiri Kosina Cc: Andi Kleen Cc: Yaowei Bai Cc: Aaron Tomlin Cc: Ulrich Obergfell Cc: Tejun Heo Cc: Hidehiro Kawai Cc: Josh Hunt Cc: "David S. Miller" Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds kernel/Makefile | 1 + kernel/watchdog.c | 241 +++----------------------------------------------- kernel/watchdog_hld.c | 227 +++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 239 insertions(+), 230 deletions(-) commit 249e52e35580fcfe5dad53a7dcd7c1252788749c Author: Babu Moger Date: Wed Dec 14 15:06:21 2016 -0800 kernel/watchdog.c: move shared definitions to nmi.h Patch series "Clean up watchdog handlers", v2. This is an attempt to cleanup watchdog handlers. Right now, kernel/watchdog.c implements both softlockup and hardlockup detectors. Softlockup code is generic. Hardlockup code is arch specific. Some architectures don't use hardlockup detectors. They use their own watchdog detectors. To make both these combination work, we have numerous #ifdefs in kernel/watchdog.c. We are trying here to make these handlers independent of each other. Also provide an interface for architectures to implement their own handlers. watchdog_nmi_enable and watchdog_nmi_disable will be defined as weak such that architectures can override its definitions. Thanks to Don Zickus for his suggestions. Here are our previous discussions http://www.spinics.net/lists/sparclinux/msg16543.html http://www.spinics.net/lists/sparclinux/msg16441.html This patch (of 3): Move shared macros and definitions to nmi.h so that watchdog.c, new file watchdog_hld.c or any other architecture specific handler can use those definitions. Link: http://lkml.kernel.org/r/1478034826-43888-2-git-send-email-babu.moger@oracle.com Signed-off-by: Babu Moger Acked-by: Don Zickus Cc: Ingo Molnar Cc: Jiri Kosina Cc: Andi Kleen Cc: Yaowei Bai Cc: Aaron Tomlin Cc: Ulrich Obergfell Cc: Tejun Heo Cc: Hidehiro Kawai Cc: Josh Hunt Cc: "David S. Miller" Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/nmi.h | 24 ++++++++++++++++++++++++ kernel/watchdog.c | 28 ++++------------------------ 2 files changed, 28 insertions(+), 24 deletions(-) commit 22722799de869912fb541c2c85b51cec4226c614 Author: Pavel Machek Date: Wed Dec 14 15:06:18 2016 -0800 ktest.pl: fix english Ajdust spelling to more common "mandatory". Variant "mandidory" is certainly wrong. Link: http://lkml.kernel.org/r/20161011073003.GA19476@amd Signed-off-by: Pavel Machek Acked-by: Steven Rostedt Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds tools/testing/ktest/ktest.pl | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit b5fc8c6c000aa083a671cd8f1736d04081bf65aa Author: Andrew Morton Date: Wed Dec 14 15:06:15 2016 -0800 drivers/net/wireless/intel/iwlwifi/dvm/calib.c: simplfy min() expression This cast is no longer needed. Cc: Johannes Berg Cc: Emmanuel Grumbach Cc: Intel Linux Wireless Cc: Kalle Valo Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds drivers/net/wireless/intel/iwlwifi/dvm/calib.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit b6f8a92c9ca835b4a079ecee8433d0d110398448 Author: Nicolas Pitre Date: Wed Dec 14 15:06:13 2016 -0800 posix-timers: give lazy compilers some help optimizing code away The OpenRISC compiler (so far) fails to optimize away a large portion of code containing a reference to posix_timer_event in alarmtimer.c when CONFIG_POSIX_TIMERS is unset. Let's give it a direct clue to let the build succeed. This fixes [linux-next:master 6682/7183] alarmtimer.c:undefined reference to `posix_timer_event' reported by kbuild test robot. Signed-off-by: Nicolas Pitre Cc: Thomas Gleixner Cc: Josh Triplett Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds kernel/time/alarmtimer.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 63980c80e1e99cb324942f3b5e59657025af47c0 Author: Shailesh Pandey Date: Wed Dec 14 15:06:10 2016 -0800 ipc/shm.c: coding style fixes This patch fixes below warnings: WARNING: Missing a blank line after declarations WARNING: Block comments use a trailing */ on a separate line ERROR: spaces required around that '=' (ctx:WxV) Above warnings were reported by checkpatch.pl Link: http://lkml.kernel.org/r/1478604980-18062-1-git-send-email-p.shailesh@samsung.com Signed-off-by: Shailesh Pandey Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds ipc/shm.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) commit 999898355e08ae3b92dfd0a08db706e0c6703d30 Author: Jiri Slaby Date: Wed Dec 14 15:06:07 2016 -0800 ipc: msg, make msgrcv work with LONG_MIN When LONG_MIN is passed to msgrcv, one would expect to recieve any message. But convert_mode does *msgtyp = -*msgtyp and -LONG_MIN is undefined. In particular, with my gcc -LONG_MIN produces -LONG_MIN again. So handle this case properly by assigning LONG_MAX to *msgtyp if LONG_MIN was specified as msgtyp to msgrcv. This code: long msg[] = { 100, 200 }; int m = msgget(IPC_PRIVATE, IPC_CREAT | 0644); msgsnd(m, &msg, sizeof(msg), 0); msgrcv(m, &msg, sizeof(msg), LONG_MIN, 0); produces currently nothing: msgget(IPC_PRIVATE, IPC_CREAT|0644) = 65538 msgsnd(65538, {100, "\310\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"}, 16, 0) = 0 msgrcv(65538, ... Except a UBSAN warning: UBSAN: Undefined behaviour in ipc/msg.c:745:13 negation of -9223372036854775808 cannot be represented in type 'long int': With the patch, I see what I expect: msgget(IPC_PRIVATE, IPC_CREAT|0644) = 0 msgsnd(0, {100, "\310\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"}, 16, 0) = 0 msgrcv(0, {100, "\310\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"}, 16, -9223372036854775808, 0) = 16 Link: http://lkml.kernel.org/r/20161024082633.10148-1-jslaby@suse.cz Signed-off-by: Jiri Slaby Cc: Davidlohr Bueso Cc: Manfred Spraul Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds ipc/msg.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit db2aa7fd15e857891cefbada8348c8d938c7a2bc Author: Francisco Blas Izquierdo Riera (klondike) Date: Wed Dec 14 15:06:04 2016 -0800 initramfs: allow again choice of the embedded initram compression algorithm Choosing the appropriate compression option when using an embedded initramfs can result in significant size differences in the resulting data. This is caused by avoiding double compression of the initramfs contents. For example on my tests, choosing CONFIG_INITRAMFS_COMPRESSION_NONE when compressing the kernel using XZ) results in up to 500KiB differences (9MiB to 8.5MiB) in the kernel size as the dictionary will not get polluted with uncomprensible data and may reuse kernel data too. Despite embedding an uncompressed initramfs, a user may want to allow for a compressed extra initramfs to be passed using the rd system, for example to boot a recovery system. 9ba4bcb645898d ("initramfs: read CONFIG_RD_ variables for initramfs compression") broke that behavior by making the choice based on CONFIG_RD_* instead of adding CONFIG_INITRAMFS_COMPRESSION_LZ4. Saddly, CONFIG_RD_* is also used to choose the supported RD compression algorithms by the kernel and a user may want to support more than one. This patch also reverts commit 3e4e0f0a875 ("initramfs: remove "compression mode" choice") restoring back the "compression mode" choice and includes the CONFIG_INITRAMFS_COMPRESSION_LZ4 option which was never added. As a result the following options are added or readed affecting the embedded initramfs compression: INITRAMFS_COMPRESSION_NONE Do no compression INITRAMFS_COMPRESSION_GZIP Compress using gzip INITRAMFS_COMPRESSION_BZIP2 Compress using bzip2 INITRAMFS_COMPRESSION_LZMA Compress using lzma INITRAMFS_COMPRESSION_XZ Compress using xz INITRAMFS_COMPRESSION_LZO Compress using lzo INITRAMFS_COMPRESSION_LZ4 Compress using lz4 These depend on the corresponding CONFIG_RD_* option being set (except NONE which has no dependencies). This patch depends on the previous one (the previous version didn't) to simplify the way in which the algorithm is chosen and keep backwards compatibility with the behaviour introduced by 9ba4bcb645898 ("initramfs: read CONFIG_RD_ variables for initramfs compression"). Link: http://lkml.kernel.org/r/57EAD77B.7090607@klondike.es Signed-off-by: Francisco Blas Izquierdo Riera (klondike) Cc: P J P Cc: Paul Bolle Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds usr/Kconfig | 117 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 117 insertions(+) commit 35e669e1a254e8b60d4a8983205b383666cc01ca Author: Francisco Blas Izquierdo Riera (klondike) Date: Wed Dec 14 15:06:01 2016 -0800 initramfs: select builtin initram compression algorithm on KConfig instead of Makefile Move the current builtin initram compression algorithm selection from the Makefile into the INITRAMFS_COMPRESSION variable. This makes deciding algorithm precedence easier and would allow for overrides if new algorithms want to be tested. Link: http://lkml.kernel.org/r/57EAD769.1090401@klondike.es Signed-off-by: Francisco Blas Izquierdo Riera (klondike) Cc: P J P Cc: Paul Bolle Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds usr/Kconfig | 10 ++++++++++ usr/Makefile | 20 +------------------- 2 files changed, 11 insertions(+), 19 deletions(-) commit 34aaff40b42148b23dcde40152480e25c7d2d759 Author: Petr Mladek Date: Wed Dec 14 15:05:58 2016 -0800 kdb: call vkdb_printf() from vprintk_default() only when wanted kdb_trap_printk allows to pass normal printk() messages to kdb via vkdb_printk(). For example, it is used to get backtrace using the classic show_stack(), see kdb_show_stack(). vkdb_printf() tries to avoid a potential infinite loop by disabling the trap. But this approach is racy, for example: CPU1 CPU2 vkdb_printf() // assume that kdb_trap_printk == 0 saved_trap_printk = kdb_trap_printk; kdb_trap_printk = 0; kdb_show_stack() kdb_trap_printk++; Problem1: Now, a nested printk() on CPU0 calls vkdb_printf() even when it should have been disabled. It will not cause a deadlock but... // using the outdated saved value: 0 kdb_trap_printk = saved_trap_printk; kdb_trap_printk--; Problem2: Now, kdb_trap_printk == -1 and will stay like this. It means that all messages will get passed to kdb from now on. This patch removes the racy saved_trap_printk handling. Instead, the recursion is prevented by a check for the locked CPU. The solution is still kind of racy. A non-related printk(), from another process, might get trapped by vkdb_printf(). And the wanted printk() might not get trapped because kdb_printf_cpu is assigned. But this problem existed even with the original code. A proper solution would be to get_cpu() before setting kdb_trap_printk and trap messages only from this CPU. I am not sure if it is worth the effort, though. In fact, the race is very theoretical. When kdb is running any of the commands that use kdb_trap_printk there is a single active CPU and the other CPUs should be in a holding pen inside kgdb_cpu_enter(). The only time this is violated is when there is a timeout waiting for the other CPUs to report to the holding pen. Finally, note that the situation is a bit schizophrenic. vkdb_printf() explicitly allows recursion but only from KDB code that calls kdb_printf() directly. On the other hand, the generic printk() recursion is not allowed because it might cause an infinite loop. This is why we could not hide the decision inside vkdb_printf() easily. Link: http://lkml.kernel.org/r/1480412276-16690-4-git-send-email-pmladek@suse.com Signed-off-by: Petr Mladek Cc: Daniel Thompson Cc: Jason Wessel Cc: Peter Zijlstra Cc: Sergey Senozhatsky Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/kdb.h | 1 + kernel/debug/kdb/kdb_io.c | 9 ++------- kernel/printk/printk.c | 3 ++- 3 files changed, 5 insertions(+), 8 deletions(-) commit d5d8d3d0d4adcc3aec6e2e0fb656165014a712b7 Author: Petr Mladek Date: Wed Dec 14 15:05:55 2016 -0800 kdb: properly synchronize vkdb_printf() calls with other CPUs kdb_printf_lock does not prevent other CPUs from entering the critical section because it is ignored when KDB_STATE_PRINTF_LOCK is set. The problematic situation might look like: CPU0 CPU1 vkdb_printf() if (!KDB_STATE(PRINTF_LOCK)) KDB_STATE_SET(PRINTF_LOCK); spin_lock_irqsave(&kdb_printf_lock, flags); vkdb_printf() if (!KDB_STATE(PRINTF_LOCK)) BANG: The PRINTF_LOCK state is set and CPU1 is entering the critical section without spinning on the lock. The problem is that the code tries to implement locking using two state variables that are not handled atomically. Well, we need a custom locking because we want to allow reentering the critical section on the very same CPU. Let's use solution from Petr Zijlstra that was proposed for a similar scenario, see https://lkml.kernel.org/r/20161018171513.734367391@infradead.org This patch uses the same trick with cmpxchg(). The only difference is that we want to handle only recursion from the same context and therefore we disable interrupts. In addition, KDB_STATE_PRINTF_LOCK is removed. In fact, we are not able to set it a non-racy way. Link: http://lkml.kernel.org/r/1480412276-16690-3-git-send-email-pmladek@suse.com Signed-off-by: Petr Mladek Reviewed-by: Daniel Thompson Cc: Jason Wessel Cc: Peter Zijlstra Cc: Sergey Senozhatsky Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds kernel/debug/kdb/kdb_io.c | 30 +++++++++++++----------------- kernel/debug/kdb/kdb_private.h | 1 - 2 files changed, 13 insertions(+), 18 deletions(-) commit d1bd8ead126668a2d6c42d97cc3664e95b3fa1dc Author: Petr Mladek Date: Wed Dec 14 15:05:52 2016 -0800 kdb: remove unused kdb_event handling kdb_event state variable is only set but never checked in the kernel code. http://www.spinics.net/lists/kdb/msg01733.html suggests that this variable affected WARN_CONSOLE_UNLOCKED() in the original implementation. But this check never went upstream. The semantic is unclear and racy. The value is updated after the kdb_printf_lock is acquired and after it is released. It should be symmetric at minimum. The value should be manipulated either inside or outside the locked area. Fortunately, it seems that the original function is gone and we could simply remove the state variable. Link: http://lkml.kernel.org/r/1480412276-16690-2-git-send-email-pmladek@suse.com Signed-off-by: Petr Mladek Suggested-by: Daniel Thompson Cc: Jason Wessel Cc: Peter Zijlstra Cc: Sergey Senozhatsky Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/kdb.h | 1 - kernel/debug/kdb/kdb_io.c | 2 -- kernel/debug/kdb/kdb_main.c | 1 - 3 files changed, 4 deletions(-) commit 2d13bb6494c807bcf3f78af0e96c0b8615a94385 Author: Douglas Anderson Date: Wed Dec 14 15:05:49 2016 -0800 kernel/debug/debug_core.c: more properly delay for secondary CPUs We've got a delay loop waiting for secondary CPUs. That loop uses loops_per_jiffy. However, loops_per_jiffy doesn't actually mean how many tight loops make up a jiffy on all architectures. It is quite common to see things like this in the boot log: Calibrating delay loop (skipped), value calculated using timer frequency.. 48.00 BogoMIPS (lpj=24000) In my case I was seeing lots of cases where other CPUs timed out entering the debugger only to print their stack crawls shortly after the kdb> prompt was written. Elsewhere in kgdb we already use udelay(), so that should be safe enough to use to implement our timeout. We'll delay 1 ms for 1000 times, which should give us a full second of delay (just like the old code wanted) but allow us to notice that we're done every 1 ms. [akpm@linux-foundation.org: simplifications, per Daniel] Link: http://lkml.kernel.org/r/1477091361-2039-1-git-send-email-dianders@chromium.org Signed-off-by: Douglas Anderson Reviewed-by: Daniel Thompson Cc: Jason Wessel Cc: Brian Norris Cc: [4.0+] Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds kernel/debug/debug_core.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit db862358a4a96f52d3b0c713c703828f90d97de9 Author: Kefeng Wang Date: Wed Dec 14 15:05:46 2016 -0800 kcov: add more missing includes It is fragile that some definitions acquired via transitive dependencies, as shown in below: atomic_* () ENOMEM/EN* () EXPORT_SYMBOL () device_initcall () preempt_* () Include them to prevent possible issues. Link: http://lkml.kernel.org/r/1481163221-40170-1-git-send-email-wangkefeng.wang@huawei.com Signed-off-by: Kefeng Wang Suggested-by: Mark Rutland Cc: Dmitry Vyukov Cc: Andrey Ryabinin Cc: Mark Rutland Cc: James Morse Cc: Kefeng Wang Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds kernel/kcov.c | 5 +++++ 1 file changed, 5 insertions(+) commit 0462554707d62d53fc400ecb3cc19d7f9c786b95 Author: Andreas Platschek Date: Wed Dec 14 15:05:43 2016 -0800 Kconfig: lib/Kconfig.ubsan fix reference to ubsan documentation Documenation/ubsan.txt was moved to Documentation/dev-tools/ubsan.rst, this fixes the reference. Link: http://lkml.kernel.org/r/1476698152-29340-3-git-send-email-andreas.platschek@opentech.at Signed-off-by: Andreas Platschek Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds lib/Kconfig.ubsan | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 700199b0c192c7243539757177782780f5a45afb Author: Andreas Platschek Date: Wed Dec 14 15:05:40 2016 -0800 Kconfig: lib/Kconfig.debug: fix references to Documenation Documentation on development tools was moved to Documentation/devl-tools and sphinxified (renamed from .txt to .rst). References in lib/Kconfig.debug need to be updated to the new location. Link: http://lkml.kernel.org/r/1476698152-29340-2-git-send-email-andreas.platschek@opentech.at Signed-off-by: Andreas Platschek Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds lib/Kconfig.debug | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 9a29d0fbc2d9ad99fb8a981ab72548cc360e9d4c Author: Dan Carpenter Date: Wed Dec 14 15:05:38 2016 -0800 relay: check array offset before using it Smatch complains that we started using the array offset before we checked that it was valid. Fixes: 017c59c042d0 ('relay: Use per CPU constructs for the relay channel buffer pointers') Link: http://lkml.kernel.org/r/20161013084947.GC16198@mwanda Signed-off-by: Dan Carpenter Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds kernel/relay.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit bd4171a5d4c2827f4ae7a235389648d7c149a41b Author: Alexander Duyck Date: Wed Dec 14 15:05:34 2016 -0800 igb: update code to better handle incrementing page count Update the driver code so that we do bulk updates of the page reference count instead of just incrementing it by one reference at a time. The advantage to doing this is that we cut down on atomic operations and this in turn should give us a slight improvement in cycles per packet. In addition if we eventually move this over to using build_skb the gains will be more noticeable. Link: http://lkml.kernel.org/r/20161110113616.76501.17072.stgit@ahduyck-blue-test.jf.intel.com Signed-off-by: Alexander Duyck Acked-by: Jeff Kirsher Cc: "David S. Miller" Cc: "James E.J. Bottomley" Cc: Chris Metcalf Cc: David Howells Cc: Geert Uytterhoeven Cc: Hans-Christian Noren Egtvedt Cc: Helge Deller Cc: James Hogan Cc: Jonas Bonn Cc: Keguang Zhang Cc: Ley Foon Tan Cc: Mark Salter Cc: Max Filippov Cc: Michael Ellerman Cc: Michal Simek Cc: Ralf Baechle Cc: Rich Felker Cc: Richard Kuo Cc: Russell King Cc: Steven Miao Cc: Tobias Klauser Cc: Vineet Gupta Cc: Yoshinori Sato Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds drivers/net/ethernet/intel/igb/igb.h | 7 ++++++- drivers/net/ethernet/intel/igb/igb_main.c | 24 +++++++++++++++++------- 2 files changed, 23 insertions(+), 8 deletions(-) commit 5be5955425c22df5e25ee0628b57f523437af6dc Author: Alexander Duyck Date: Wed Dec 14 15:05:30 2016 -0800 igb: update driver to make use of DMA_ATTR_SKIP_CPU_SYNC The ARM architecture provides a mechanism for deferring cache line invalidation in the case of map/unmap. This patch makes use of this mechanism to avoid unnecessary synchronization. A secondary effect of this change is that the portion of the page that has been synchronized for use by the CPU should be writable and could be passed up the stack (at least on ARM). The last bit that occurred to me is that on architectures where the sync_for_cpu call invalidates cache lines we were prefetching and then invalidating the first 128 bytes of the packet. To avoid that I have moved the sync up to before we perform the prefetch and allocate the skbuff so that we can actually make use of it. Link: http://lkml.kernel.org/r/20161110113611.76501.98897.stgit@ahduyck-blue-test.jf.intel.com Signed-off-by: Alexander Duyck Acked-by: Jeff Kirsher Cc: "David S. Miller" Cc: "James E.J. Bottomley" Cc: Chris Metcalf Cc: David Howells Cc: Geert Uytterhoeven Cc: Hans-Christian Noren Egtvedt Cc: Helge Deller Cc: James Hogan Cc: Jonas Bonn Cc: Keguang Zhang Cc: Ley Foon Tan Cc: Mark Salter Cc: Max Filippov Cc: Michael Ellerman Cc: Michal Simek Cc: Ralf Baechle Cc: Rich Felker Cc: Richard Kuo Cc: Russell King Cc: Steven Miao Cc: Tobias Klauser Cc: Vineet Gupta Cc: Yoshinori Sato Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds drivers/net/ethernet/intel/igb/igb_main.c | 53 +++++++++++++++++++------------ 1 file changed, 33 insertions(+), 20 deletions(-) commit 44fdffd70504c15b617686753dfdf9eb0ddf3729 Author: Alexander Duyck Date: Wed Dec 14 15:05:26 2016 -0800 mm: add support for releasing multiple instances of a page Add a function that allows us to batch free a page that has multiple references outstanding. Specifically this function can be used to drop a page being used in the page frag alloc cache. With this drivers can make use of functionality similar to the page frag alloc cache without having to do any workarounds for the fact that there is no function that frees multiple references. Link: http://lkml.kernel.org/r/20161110113606.76501.70752.stgit@ahduyck-blue-test.jf.intel.com Signed-off-by: Alexander Duyck Cc: "David S. Miller" Cc: "James E.J. Bottomley" Cc: Chris Metcalf Cc: David Howells Cc: Geert Uytterhoeven Cc: Hans-Christian Noren Egtvedt Cc: Helge Deller Cc: James Hogan Cc: Jeff Kirsher Cc: Jonas Bonn Cc: Keguang Zhang Cc: Ley Foon Tan Cc: Mark Salter Cc: Max Filippov Cc: Michael Ellerman Cc: Michal Simek Cc: Ralf Baechle Cc: Rich Felker Cc: Richard Kuo Cc: Russell King Cc: Steven Miao Cc: Tobias Klauser Cc: Vineet Gupta Cc: Yoshinori Sato Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/gfp.h | 2 ++ mm/page_alloc.c | 14 ++++++++++++++ 2 files changed, 16 insertions(+) commit 0495c3d367944e4af053983ff3cdf256b567b053 Author: Alexander Duyck Date: Wed Dec 14 15:05:23 2016 -0800 dma: add calls for dma_map_page_attrs and dma_unmap_page_attrs Add support for mapping and unmapping a page with attributes. The primary use for this is currently to allow for us to pass the DMA_ATTR_SKIP_CPU_SYNC attribute when mapping and unmapping a page. On some architectures such as ARM the synchronization has significant overhead and if we are already taking care of the sync_for_cpu and sync_for_device from the driver there isn't much need to handle this in the map/unmap calls as well. Link: http://lkml.kernel.org/r/20161110113601.76501.46095.stgit@ahduyck-blue-test.jf.intel.com Signed-off-by: Alexander Duyck Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/dma-mapping.h | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) commit 4bfa135abec99f4b35b5636f56a6db75ce3c64d7 Author: Alexander Duyck Date: Wed Dec 14 15:05:21 2016 -0800 arch/xtensa: add option to skip DMA sync as a part of mapping This change allows us to pass DMA_ATTR_SKIP_CPU_SYNC which allows us to avoid invoking cache line invalidation if the driver will just handle it via a sync_for_cpu or sync_for_device call. Link: http://lkml.kernel.org/r/20161110113555.76501.52536.stgit@ahduyck-blue-test.jf.intel.com Signed-off-by: Alexander Duyck Cc: Max Filippov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/xtensa/kernel/pci-dma.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) commit 33c77e53d838dc27e9d2edec5b6ab6a11861fb32 Author: Alexander Duyck Date: Wed Dec 14 15:05:18 2016 -0800 arch/tile: add option to skip DMA sync as a part of map and unmap This change allows us to pass DMA_ATTR_SKIP_CPU_SYNC which allows us to avoid invoking cache line invalidation if the driver will just handle it via a sync_for_cpu or sync_for_device call. Link: http://lkml.kernel.org/r/20161110113550.76501.73060.stgit@ahduyck-blue-test.jf.intel.com Signed-off-by: Alexander Duyck Cc: Chris Metcalf Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/tile/kernel/pci-dma.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) commit 68bbc28f616c18b695a13e59adefb9a1fc0c46a0 Author: Alexander Duyck Date: Wed Dec 14 15:05:15 2016 -0800 arch/sparc: add option to skip DMA sync as a part of map and unmap This change allows us to pass DMA_ATTR_SKIP_CPU_SYNC which allows us to avoid invoking cache line invalidation if the driver will just handle it via a sync_for_cpu or sync_for_device call. Link: http://lkml.kernel.org/r/20161110113544.76501.40008.stgit@ahduyck-blue-test.jf.intel.com Signed-off-by: Alexander Duyck Cc: "David S. Miller" Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/sparc/kernel/iommu.c | 4 ++-- arch/sparc/kernel/ioport.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) commit a08120017d7d659719d446fb036d500fa9b1e6f9 Author: Alexander Duyck Date: Wed Dec 14 15:05:12 2016 -0800 arch/sh: add option to skip DMA sync as a part of mapping This change allows us to pass DMA_ATTR_SKIP_CPU_SYNC which allows us to avoid invoking cache line invalidation if the driver will just handle it via a sync_for_cpu or sync_for_device call. Link: http://lkml.kernel.org/r/20161110113539.76501.6539.stgit@ahduyck-blue-test.jf.intel.com Signed-off-by: Alexander Duyck Cc: Yoshinori Sato Cc: Rich Felker Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/sh/kernel/dma-nommu.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) commit 6f774809612d1f1fc800b452ee1ef447a277ec9d Author: Alexander Duyck Date: Wed Dec 14 15:05:09 2016 -0800 arch/powerpc: add option to skip DMA sync as a part of mapping This change allows us to pass DMA_ATTR_SKIP_CPU_SYNC which allows us to avoid invoking cache line invalidation if the driver will just handle it via a sync_for_cpu or sync_for_device call. Link: http://lkml.kernel.org/r/20161110113534.76501.86492.stgit@ahduyck-blue-test.jf.intel.com Signed-off-by: Alexander Duyck Acked-by: Michael Ellerman Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/powerpc/kernel/dma.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) commit f50a2bd298b47e1957f67f794aed90f2c3bd9a10 Author: Alexander Duyck Date: Wed Dec 14 15:05:06 2016 -0800 arch/parisc: add option to skip DMA sync as a part of map and unmap This change allows us to pass DMA_ATTR_SKIP_CPU_SYNC which allows us to avoid invoking cache line invalidation if the driver will just handle it via a sync_for_cpu or sync_for_device call. Link: http://lkml.kernel.org/r/20161110113529.76501.44762.stgit@ahduyck-blue-test.jf.intel.com Signed-off-by: Alexander Duyck Cc: "James E.J. Bottomley" Cc: Helge Deller Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/parisc/kernel/pci-dma.c | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) commit 043b42bcbbc6bc87c457b156041d74d51f6cebc2 Author: Alexander Duyck Date: Wed Dec 14 15:05:03 2016 -0800 arch/openrisc: add option to skip DMA sync as a part of mapping This change allows us to pass DMA_ATTR_SKIP_CPU_SYNC which allows us to avoid invoking cache line invalidation if the driver will just handle it via a sync_for_cpu or sync_for_device call. Link: http://lkml.kernel.org/r/20161110113524.76501.87966.stgit@ahduyck-blue-test.jf.intel.com Signed-off-by: Alexander Duyck Cc: Jonas Bonn Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/openrisc/kernel/dma.c | 3 +++ 1 file changed, 3 insertions(+) commit abdf4799dac6210e3d09d368c4ed19e984c45dce Author: Alexander Duyck Date: Wed Dec 14 15:05:00 2016 -0800 arch/nios2: add option to skip DMA sync as a part of map and unmap This change allows us to pass DMA_ATTR_SKIP_CPU_SYNC which allows us to avoid invoking cache line invalidation if the driver will just handle it via a sync_for_cpu or sync_for_device call. Link: http://lkml.kernel.org/r/20161110113518.76501.52225.stgit@ahduyck-blue-test.jf.intel.com Signed-off-by: Alexander Duyck Reviewed-by: Tobias Klauser Cc: Ley Foon Tan Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/nios2/mm/dma-mapping.c | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) commit 9f318d470e37a470d65449f94a06165ea72dbce1 Author: Alexander Duyck Date: Wed Dec 14 15:04:58 2016 -0800 arch/mips: add option to skip DMA sync as a part of map and unmap This change allows us to pass DMA_ATTR_SKIP_CPU_SYNC which allows us to avoid invoking cache line invalidation if the driver will just handle it via a sync_for_cpu or sync_for_device call. Link: http://lkml.kernel.org/r/20161110113513.76501.32321.stgit@ahduyck-blue-test.jf.intel.com Signed-off-by: Alexander Duyck Cc: Ralf Baechle Cc: Keguang Zhang Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/mips/loongson64/common/dma-swiotlb.c | 2 +- arch/mips/mm/dma-default.c | 8 +++++--- 2 files changed, 6 insertions(+), 4 deletions(-) commit 98ac2fc274e07a22bea43682cf8998f47ffea9d0 Author: Alexander Duyck Date: Wed Dec 14 15:04:55 2016 -0800 arch/microblaze: add option to skip DMA sync as a part of map and unmap This change allows us to pass DMA_ATTR_SKIP_CPU_SYNC which allows us to avoid invoking cache line invalidation if the driver will just handle it via a sync_for_cpu or sync_for_device call. Link: http://lkml.kernel.org/r/20161110113508.76501.77583.stgit@ahduyck-blue-test.jf.intel.com Signed-off-by: Alexander Duyck Cc: Michal Simek Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/microblaze/kernel/dma.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) commit 38bdbdc7e391f5326a9f27f0bc8be0c175a73567 Author: Alexander Duyck Date: Wed Dec 14 15:04:52 2016 -0800 arch/metag: add option to skip DMA sync as a part of map and unmap This change allows us to pass DMA_ATTR_SKIP_CPU_SYNC which allows us to avoid invoking cache line invalidation if the driver will just handle it via a sync_for_cpu or sync_for_device call. Link: http://lkml.kernel.org/r/20161110113503.76501.80809.stgit@ahduyck-blue-test.jf.intel.com Signed-off-by: Alexander Duyck Cc: James Hogan Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/metag/kernel/dma.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) commit 5140d2344f1036dadffbb949a60af971b6dde0d3 Author: Alexander Duyck Date: Wed Dec 14 15:04:49 2016 -0800 arch/m68k: add option to skip DMA sync as a part of mapping This change allows us to pass DMA_ATTR_SKIP_CPU_SYNC which allows us to avoid invoking cache line invalidation if the driver will just handle it later via a sync_for_cpu or sync_for_device call. Link: http://lkml.kernel.org/r/20161110113457.76501.77603.stgit@ahduyck-blue-test.jf.intel.com Signed-off-by: Alexander Duyck Cc: Geert Uytterhoeven Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/m68k/kernel/dma.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) commit b8a346dd472af45e1ee8cbc77101dad0b836210b Author: Alexander Duyck Date: Wed Dec 14 15:04:46 2016 -0800 arch/hexagon: Add option to skip DMA sync as a part of mapping This change allows us to pass DMA_ATTR_SKIP_CPU_SYNC which allows us to avoid invoking cache line invalidation if the driver will just handle it later via a sync_for_cpu or sync_for_device call. Link: http://lkml.kernel.org/r/20161110113452.76501.45864.stgit@ahduyck-blue-test.jf.intel.com Signed-off-by: Alexander Duyck Cc: Richard Kuo Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/hexagon/kernel/dma.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) commit 34f8be79a772094a96da83f52f247cff2bc13978 Author: Alexander Duyck Date: Wed Dec 14 15:04:43 2016 -0800 arch/frv: add option to skip sync on DMA map The use of DMA_ATTR_SKIP_CPU_SYNC was not consistent across all of the DMA APIs in the arch/arm folder. This change is meant to correct that so that we get consistent behavior. Link: http://lkml.kernel.org/r/20161110113447.76501.93160.stgit@ahduyck-blue-test.jf.intel.com Signed-off-by: Alexander Duyck Cc: David Howells Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/frv/mb93090-mb00/pci-dma-nommu.c | 14 ++++++++++---- arch/frv/mb93090-mb00/pci-dma.c | 9 +++++++-- 2 files changed, 17 insertions(+), 6 deletions(-) commit 64c596b59c726514f548e15f13a87010efbff40d Author: Alexander Duyck Date: Wed Dec 14 15:04:41 2016 -0800 arch/c6x: add option to skip sync on DMA map and unmap This change allows us to pass DMA_ATTR_SKIP_CPU_SYNC which allows us to avoid invoking cache line invalidation if the driver will just handle it later via a sync_for_cpu or sync_for_device call. Link: http://lkml.kernel.org/r/20161110113442.76501.7673.stgit@ahduyck-blue-test.jf.intel.com Signed-off-by: Alexander Duyck Acked-by: Mark Salter Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/c6x/kernel/dma.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) commit 8c16a2e209d563a1909451c769417a6f953e5b2c Author: Alexander Duyck Date: Wed Dec 14 15:04:38 2016 -0800 arch/blackfin: add option to skip sync on DMA map The use of DMA_ATTR_SKIP_CPU_SYNC was not consistent across all of the DMA APIs in the arch/arm folder. This change is meant to correct that so that we get consistent behavior. Link: http://lkml.kernel.org/r/20161110113436.76501.13386.stgit@ahduyck-blue-test.jf.intel.com Signed-off-by: Alexander Duyck Cc: Steven Miao Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/blackfin/kernel/dma-mapping.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) commit e8b4762c22589a514add9bf9dda7a3050e4fa54c Author: Alexander Duyck Date: Wed Dec 14 15:04:35 2016 -0800 arch/avr32: add option to skip sync on DMA map The use of DMA_ATTR_SKIP_CPU_SYNC was not consistent across all of the DMA APIs in the arch/arm folder. This change is meant to correct that so that we get consistent behavior. Link: http://lkml.kernel.org/r/20161110113430.76501.79737.stgit@ahduyck-blue-test.jf.intel.com Signed-off-by: Alexander Duyck Acked-by: Hans-Christian Noren Egtvedt Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/avr32/mm/dma-coherent.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) commit fc1b138de7917d8fda5995aeecdb10c8182d9f75 Author: Alexander Duyck Date: Wed Dec 14 15:04:32 2016 -0800 arch/arm: add option to skip sync on DMA map and unmap The use of DMA_ATTR_SKIP_CPU_SYNC was not consistent across all of the DMA APIs in the arch/arm folder. This change is meant to correct that so that we get consistent behavior. Link: http://lkml.kernel.org/r/20161110113424.76501.2715.stgit@ahduyck-blue-test.jf.intel.com Signed-off-by: Alexander Duyck Cc: Russell King Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/arm/common/dmabounce.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) commit 8a3385d2d47cd912f28d23bd2225ee37de518d86 Author: Alexander Duyck Date: Wed Dec 14 15:04:29 2016 -0800 arch/arc: add option to skip sync on DMA mapping Patch series "Add support for DMA writable pages being writable by the network stack", v3. The first 19 patches in the set add support for the DMA attribute DMA_ATTR_SKIP_CPU_SYNC on multiple platforms/architectures. This is needed so that we can flag the calls to dma_map/unmap_page so that we do not invalidate cache lines that do not currently belong to the device. Instead we have to take care of this in the driver via a call to sync_single_range_for_cpu prior to freeing the Rx page. Patch 20 adds support for dma_map_page_attrs and dma_unmap_page_attrs so that we can unmap and map a page using the DMA_ATTR_SKIP_CPU_SYNC attribute. Patch 21 adds support for freeing a page that has multiple references being held by a single caller. This way we can free page fragments that were allocated by a given driver. The last 2 patches use these updates in the igb driver, and lay the groundwork to allow for us to reimplement the use of build_skb. This patch (of 23): This change allows us to pass DMA_ATTR_SKIP_CPU_SYNC which allows us to avoid invoking cache line invalidation if the driver will just handle it later via a sync_for_cpu or sync_for_device call. Link: http://lkml.kernel.org/r/20161110113419.76501.38491.stgit@ahduyck-blue-test.jf.intel.com Signed-off-by: Alexander Duyck Acked-by: Vineet Gupta Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/arc/mm/dma.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit 7560ef39dc0bfebba8f43766d8bb4c1ec5eb66fc Author: Tetsuo Handa Date: Wed Dec 14 15:04:26 2016 -0800 sysctl: add KERN_CONT to deprecated_sysctl_warning() Do not break lines while printk()ing values. kernel: warning: process `tomoyo_file_tes' used the deprecated sysctl system call with kernel: 3. kernel: 5. kernel: 56. kernel: Link: http://lkml.kernel.org/r/1480814833-4976-1-git-send-email-penguin-kernel@I-love.SAKURA.ne.jp Signed-off-by: Tetsuo Handa Acked-by: "Eric W. Biederman" Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds kernel/sysctl_binary.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 8e53c073a41795365eb0e47ae23441dc01c70511 Author: zhong jiang Date: Wed Dec 14 15:04:23 2016 -0800 kexec: add cond_resched into kimage_alloc_crash_control_pages A soft lookup will occur when I run trinity in syscall kexec_load. the corresponding stack information is as follows. BUG: soft lockup - CPU#6 stuck for 22s! [trinity-c6:13859] Kernel panic - not syncing: softlockup: hung tasks CPU: 6 PID: 13859 Comm: trinity-c6 Tainted: G O L ----V------- 3.10.0-327.28.3.35.zhongjiang.x86_64 #1 Hardware name: Huawei Technologies Co., Ltd. Tecal BH622 V2/BC01SRSA0, BIOS RMIBV386 06/30/2014 Call Trace: dump_stack+0x19/0x1b panic+0xd8/0x214 watchdog_timer_fn+0x1cc/0x1e0 __hrtimer_run_queues+0xd2/0x260 hrtimer_interrupt+0xb0/0x1e0 ? call_softirq+0x1c/0x30 local_apic_timer_interrupt+0x37/0x60 smp_apic_timer_interrupt+0x3f/0x60 apic_timer_interrupt+0x6d/0x80 ? kimage_alloc_control_pages+0x80/0x270 ? kmem_cache_alloc_trace+0x1ce/0x1f0 ? do_kimage_alloc_init+0x1f/0x90 kimage_alloc_init+0x12a/0x180 SyS_kexec_load+0x20a/0x260 system_call_fastpath+0x16/0x1b the first time allocation of control pages may take too much time because crash_res.end can be set to a higher value. we need to add cond_resched to avoid the issue. The patch have been tested and above issue is not appear. Link: http://lkml.kernel.org/r/1481164674-42775-1-git-send-email-zhongjiang@huawei.com Signed-off-by: zhong jiang Acked-by: "Eric W. Biederman" Cc: Xunlei Pang Cc: Dave Young Cc: Vivek Goyal Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds kernel/kexec_core.c | 2 ++ 1 file changed, 2 insertions(+) commit 401721ecd1dcb0a428aa5d6832ee05ffbdbffbbe Author: Baoquan He Date: Wed Dec 14 15:04:20 2016 -0800 kexec: export the value of phys_base instead of symbol address Currently in x86_64, the symbol address of phys_base is exported to vmcoreinfo. Dave Anderson complained this is really useless for his Crash implementation. Because in user-space utility Crash and Makedumpfile which exported vmcore information is mainly used for, value of phys_base is needed to covert virtual address of exported kernel symbol to physical address. Especially init_level4_pgt, if we want to access and go over the page table to look up a PA corresponding to VA, firstly we need calculate page_dir = SYMBOL(init_level4_pgt) - __START_KERNEL_map + phys_base; Now in Crash and Makedumpfile, we have to analyze the vmcore elf program header to get value of phys_base. As Dave said, it would be preferable if it were readily availabl in vmcoreinfo rather than depending upon the PT_LOAD semantics. Hence in this patch change to export the value of phys_base instead of its virtual address. And people also complained that KERNEL_IMAGE_SIZE exporting is x86_64 only, should be moved into arch dependent function arch_crash_save_vmcoreinfo. Do the moving in this patch. Link: http://lkml.kernel.org/r/1478568596-30060-2-git-send-email-bhe@redhat.com Signed-off-by: Baoquan He Cc: Thomas Garnier Cc: Baoquan He Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H . Peter Anvin" Cc: Eric Biederman Cc: Xunlei Pang Cc: HATAYAMA Daisuke Cc: Kees Cook Cc: Eugene Surovegin Cc: Dave Young Cc: AKASHI Takahiro Cc: Atsushi Kumagai Cc: Dave Anderson Cc: Pratyush Anand Cc: Vivek Goyal Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/x86/kernel/machine_kexec_64.c | 3 ++- kernel/kexec_core.c | 3 --- 2 files changed, 2 insertions(+), 4 deletions(-) commit 69f58384791ac6da4165ce8e6defd6f408f4afdf Author: Baoquan He Date: Wed Dec 14 15:04:16 2016 -0800 Revert "kdump, vmcoreinfo: report memory sections virtual addresses" This reverts commit 0549a3c02efb ("kdump, vmcoreinfo: report memory sections virtual addresses"). Commit 0549a3c02efb tells the userspace utility makedumpfile the randomized base address of these memmory sections when mm kaslr is enabled. However the following patch "kexec: export the value of phys_base instead of symbol address" makes makedumpfile not need these addresses any more. Besides we should use VMCOREINFO_NUMBER to export the value of the variable so that we can use the existing number_table mechanism of Makedumpfile to fetch it. So revert it now. If needed we can add it later. http://lists.infradead.org/pipermail/kexec/2016-October/017540.html Link: http://lkml.kernel.org/r/1478568596-30060-1-git-send-email-bhe@redhat.com Signed-off-by: Baoquan He Cc: Thomas Garnier Cc: Baoquan He Cc: Thomas Gleixner Cc: Ingo Molnar Cc: "H . Peter Anvin" Cc: Eric Biederman Cc: Xunlei Pang Cc: HATAYAMA Daisuke Cc: Kees Cook Cc: Eugene Surovegin Cc: Dave Young Cc: AKASHI Takahiro Cc: Atsushi Kumagai Cc: Dave Anderson Cc: Pratyush Anand Cc: Vivek Goyal Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/x86/kernel/machine_kexec_64.c | 3 --- include/linux/kexec.h | 6 ------ 2 files changed, 9 deletions(-) commit 760c6a9139c37e16502362b22656d0cc4e840e8f Author: Alexey Dobriyan Date: Wed Dec 14 15:04:14 2016 -0800 coredump: clarify "unsafe core_pattern" warning I was amused to find "unsafe core_pattern" warning having these lines in /etc/sysctl.conf: fs.suid_dumpable=2 kernel.core_pattern=/core/core-%e-%p-%E kernel.core_uses_pid=0 Turns out kernel is formally right. Default core_pattern is just "core", which doesn't qualify for secure path while setting suid.dumpable. Hint admins about solution, clarify sysctl names, delete unnecessary '\' characters (string literals are concatenated regardless) and reformat for easier grepping. Link: http://lkml.kernel.org/r/20161029152124.GA1258@avx2 Signed-off-by: Alexey Dobriyan Acked-by: Kees Cook Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds kernel/sysctl.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) commit c7be96af89d4b53211862d8599b2430e8900ed92 Author: Waiman Long Date: Wed Dec 14 15:04:10 2016 -0800 signals: avoid unnecessary taking of sighand->siglock When running certain database workload on a high-end system with many CPUs, it was found that spinlock contention in the sigprocmask syscalls became a significant portion of the overall CPU cycles as shown below. 9.30% 9.30% 905387 dataserver /proc/kcore 0x7fff8163f4d2 [k] _raw_spin_lock_irq | ---_raw_spin_lock_irq | |--99.34%-- __set_current_blocked | sigprocmask | sys_rt_sigprocmask | system_call_fastpath | | | |--50.63%-- __swapcontext | | | | | |--99.91%-- upsleepgeneric | | | |--49.36%-- __setcontext | | ktskRun Looking further into the swapcontext function in glibc, it was found that the function always call sigprocmask() without checking if there are changes in the signal mask. A check was added to the __set_current_blocked() function to avoid taking the sighand->siglock spinlock if there is no change in the signal mask. This will prevent unneeded spinlock contention when many threads are trying to call sigprocmask(). With this patch applied, the spinlock contention in sigprocmask() was gone. Link: http://lkml.kernel.org/r/1474979209-11867-1-git-send-email-Waiman.Long@hpe.com Signed-off-by: Waiman Long Acked-by: Oleg Nesterov Cc: Ingo Molnar Cc: Thomas Gleixner Cc: Stas Sergeev Cc: Scott J Norton Cc: Douglas Hatch Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/signal.h | 17 +++++++++++++++++ kernel/signal.c | 7 +++++++ 2 files changed, 24 insertions(+) commit 73e64c51afc56d4863ae225e947ba2f16ad04487 Author: Michal Hocko Date: Wed Dec 14 15:04:07 2016 -0800 mm, compaction: allow compaction for GFP_NOFS requests compaction has been disabled for GFP_NOFS and GFP_NOIO requests since the direct compaction was introduced by commit 56de7263fcf3 ("mm: compaction: direct compact when a high-order allocation fails"). The main reason is that the migration of page cache pages might recurse back to fs/io layer and we could potentially deadlock. This is overly conservative because all the anonymous memory is migrateable in the GFP_NOFS context just fine. This might be a large portion of the memory in many/most workkloads. Remove the GFP_NOFS restriction and make sure that we skip all fs pages (those with a mapping) while isolating pages to be migrated. We cannot consider clean fs pages because they might need a metadata update so only isolate pages without any mapping for nofs requests. The effect of this patch will be probably very limited in many/most workloads because higher order GFP_NOFS requests are quite rare, although different configurations might lead to very different results. David Chinner has mentioned a heavy metadata workload with 64kB block which to quote him: : Unfortunately, there was an era of cargo cult configuration tweaks in the : Ceph community that has resulted in a large number of production machines : with XFS filesystems configured this way. And a lot of them store large : numbers of small files and run under significant sustained memory : pressure. : : I slowly working towards getting rid of these high order allocations and : replacing them with the equivalent number of single page allocations, but : I haven't got that (complex) change working yet. We can do the following to simulate that workload: $ mkfs.xfs -f -n size=64k $ mount /mnt/scratch $ time ./fs_mark -D 10000 -S0 -n 100000 -s 0 -L 32 \ -d /mnt/scratch/0 -d /mnt/scratch/1 \ -d /mnt/scratch/2 -d /mnt/scratch/3 \ -d /mnt/scratch/4 -d /mnt/scratch/5 \ -d /mnt/scratch/6 -d /mnt/scratch/7 \ -d /mnt/scratch/8 -d /mnt/scratch/9 \ -d /mnt/scratch/10 -d /mnt/scratch/11 \ -d /mnt/scratch/12 -d /mnt/scratch/13 \ -d /mnt/scratch/14 -d /mnt/scratch/15 and indeed is hammers the system with many high order GFP_NOFS requests as per a simle tracepoint during the load: $ echo '!(gfp_flags & 0x80) && (gfp_flags &0x400000)' > $TRACE_MNT/events/kmem/mm_page_alloc/filter I am getting 5287609 order=0 37 order=1 1594905 order=2 3048439 order=3 6699207 order=4 66645 order=5 My testing was done in a kvm guest so performance numbers should be taken with a grain of salt but there seems to be a difference when the patch is applied: * Original kernel FSUse% Count Size Files/sec App Overhead 1 1600000 0 4300.1 20745838 3 3200000 0 4239.9 23849857 5 4800000 0 4243.4 25939543 6 6400000 0 4248.4 19514050 8 8000000 0 4262.1 20796169 9 9600000 0 4257.6 21288675 11 11200000 0 4259.7 19375120 13 12800000 0 4220.7 22734141 14 14400000 0 4238.5 31936458 16 16000000 0 4231.5 23409901 18 17600000 0 4045.3 23577700 19 19200000 0 2783.4 58299526 21 20800000 0 2678.2 40616302 23 22400000 0 2693.5 83973996 and xfs complaining about memory allocation not making progress [ 2304.372647] XFS: fs_mark(3289) possible memory allocation deadlock size 65624 in kmem_alloc (mode:0x2408240) [ 2304.443323] XFS: fs_mark(3285) possible memory allocation deadlock size 65728 in kmem_alloc (mode:0x2408240) [ 4796.772477] XFS: fs_mark(3424) possible memory allocation deadlock size 46936 in kmem_alloc (mode:0x2408240) [ 4796.775329] XFS: fs_mark(3423) possible memory allocation deadlock size 51416 in kmem_alloc (mode:0x2408240) [ 4797.388808] XFS: fs_mark(3424) possible memory allocation deadlock size 65728 in kmem_alloc (mode:0x2408240) * Patched kernel FSUse% Count Size Files/sec App Overhead 1 1600000 0 4289.1 19243934 3 3200000 0 4241.6 32828865 5 4800000 0 4248.7 32884693 6 6400000 0 4314.4 19608921 8 8000000 0 4269.9 24953292 9 9600000 0 4270.7 33235572 11 11200000 0 4346.4 40817101 13 12800000 0 4285.3 29972397 14 14400000 0 4297.2 20539765 16 16000000 0 4219.6 18596767 18 17600000 0 4273.8 49611187 19 19200000 0 4300.4 27944451 21 20800000 0 4270.6 22324585 22 22400000 0 4317.6 22650382 24 24000000 0 4065.2 22297964 So the dropdown at Count 19200000 didn't happen and there was only a single warning about allocation not making progress [ 3063.815003] XFS: fs_mark(3272) possible memory allocation deadlock size 65624 in kmem_alloc (mode:0x2408240) This suggests that the patch has helped even though there is not all that much of anonymous memory as the workload mostly generates fs metadata. I assume the success rate would be higher with more anonymous memory which should be the case in many workloads. [akpm@linux-foundation.org: fix comment] Link: http://lkml.kernel.org/r/20161012114721.31853-1-mhocko@kernel.org Signed-off-by: Michal Hocko Acked-by: Vlastimil Babka Cc: Mel Gorman Cc: Joonsoo Kim Cc: Dave Chinner Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/compaction.c | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) commit 4d1f0fb096aedea7bb5489af93498a82e467c480 Author: Konstantin Khlebnikov Date: Wed Dec 14 15:04:04 2016 -0800 kernel/watchdog: use nmi registers snapshot in hardlockup handler NMI handler doesn't call set_irq_regs(), it's set only by normal IRQ. Thus get_irq_regs() returns NULL or stale registers snapshot with IP/SP pointing to the code interrupted by IRQ which was interrupted by NMI. NULL isn't a problem: in this case watchdog calls dump_stack() and prints full stack trace including NMI. But if we're stuck in IRQ handler then NMI watchlog will print stack trace without IRQ part at all. This patch uses registers snapshot passed into NMI handler as arguments: these registers point exactly to the instruction interrupted by NMI. Fixes: 55537871ef66 ("kernel/watchdog.c: perform all-CPU backtrace in case of hard lockup") Link: http://lkml.kernel.org/r/146771764784.86724.6006627197118544150.stgit@buzz Signed-off-by: Konstantin Khlebnikov Cc: Jiri Kosina Cc: Ulrich Obergfell Cc: Aaron Tomlin Cc: [4.4+] Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds kernel/watchdog.c | 1 - 1 file changed, 1 deletion(-) commit 40f7828b36e3b9dd2fdc34d065e342cddf8d7bef Author: Petr Mladek Date: Wed Dec 14 15:04:01 2016 -0800 btrfs: better handle btrfs_printk() defaults Commit 262c5e86fec7 ("printk/btrfs: handle more message headers") triggers: warning: `ratelimit' may be used uninitialized in this function with gcc (4.1.2) and probably many other versions. The code actually is correct but a bit twisted. Let's make it more straightforward and set the default values at the beginning. Link: http://lkml.kernel.org/r/20161213135246.GQ3506@pathway.suse.cz Signed-off-by: Petr Mladek Reported-by: Geert Uytterhoeven Reviewed-by: Geert Uytterhoeven Acked-by: David Sterba Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/btrfs/super.c | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) commit 053d20f5712529016eae10356e0dea9b360325bd Author: Pablo Neira Ayuso Date: Wed Dec 14 12:15:49 2016 +0100 netfilter: nft_payload: mangle ckecksum if NFT_PAYLOAD_L4CSUM_PSEUDOHDR is set If the NFT_PAYLOAD_L4CSUM_PSEUDOHDR flag is set, then mangle layer 4 checksum. This should not depend on csum_type NFT_PAYLOAD_CSUM_INET since IPv6 header has no checksum field, but still an update of any of the pseudoheader fields may trigger a layer 4 checksum update. Fixes: 1814096980bb ("netfilter: nft_payload: layer 4 checksum adjustment for pseudoheader fields") Signed-off-by: Pablo Neira Ayuso net/netfilter/nft_payload.c | 27 +++++++++++++++++++-------- 1 file changed, 19 insertions(+), 8 deletions(-) commit 3e38df136e453aa69eb4472108ebce2fb00b1ba6 Author: Florian Westphal Date: Tue Dec 13 13:59:33 2016 +0100 netfilter: nf_tables: fix oob access BUG: KASAN: slab-out-of-bounds in nf_tables_rule_destroy+0xf1/0x130 at addr ffff88006a4c35c8 Read of size 8 by task nft/1607 When we've destroyed last valid expr, nft_expr_next() returns an invalid expr. We must not dereference it unless it passes != nft_expr_last() check. Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso net/netfilter/nf_tables_api.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit c2e756ff9e699865d294cdc112acfc36419cf5cc Author: Pablo Neira Ayuso Date: Sun Dec 11 20:46:51 2016 +0100 netfilter: nft_queue: use raw_smp_processor_id() Using smp_processor_id() causes splats with PREEMPT_RCU: [19379.552780] BUG: using smp_processor_id() in preemptible [00000000] code: ping/32389 [19379.552793] caller is debug_smp_processor_id+0x17/0x19 [...] [19379.552823] Call Trace: [19379.552832] [] dump_stack+0x67/0x90 [19379.552837] [] check_preemption_disabled+0xe5/0xf5 [19379.552842] [] debug_smp_processor_id+0x17/0x19 [19379.552849] [] nft_queue_eval+0x35/0x20c [nft_queue] No need to disable preemption since we only fetch the numeric value, so let's use raw_smp_processor_id() instead. Signed-off-by: Pablo Neira Ayuso net/netfilter/nft_queue.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 8010d7feb2f0367ae573ad601b2905e29db50cd3 Author: Pablo Neira Ayuso Date: Sun Dec 11 20:09:23 2016 +0100 netfilter: nft_quota: reset quota after dump Dumping of netlink attributes may fail due to insufficient room in the skbuff, so let's reset consumed quota if we succeed to put netlink attributes into the skbuff. Fixes: 43da04a593d8 ("netfilter: nf_tables: atomic dump and reset for stateful objects") Reported-by: Eric Dumazet Signed-off-by: Pablo Neira Ayuso net/netfilter/nft_quota.c | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) commit 412ac77a9d3ec015524dacea905471d66480b7ac Merge: dcdaa2f 19339c2 Author: Linus Torvalds Date: Wed Dec 14 14:09:48 2016 -0800 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace Pull namespace updates from Eric Biederman: "After a lot of discussion and work we have finally reachanged a basic understanding of what is necessary to make unprivileged mounts safe in the presence of EVM and IMA xattrs which the last commit in this series reflects. While technically it is a revert the comments it adds are important for people not getting confused in the future. Clearing up that confusion allows us to seriously work on unprivileged mounts of fuse in the next development cycle. The rest of the fixes in this set are in the intersection of user namespaces, ptrace, and exec. I started with the first fix which started a feedback cycle of finding additional issues during review and fixing them. Culiminating in a fix for a bug that has been present since at least Linux v1.0. Potentially these fixes were candidates for being merged during the rc cycle, and are certainly backport candidates but enough little things turned up during review and testing that I decided they should be handled as part of the normal development process just to be certain there were not any great surprises when it came time to backport some of these fixes" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace: Revert "evm: Translate user/group ids relative to s_user_ns when computing HMAC" exec: Ensure mm->user_ns contains the execed files ptrace: Don't allow accessing an undumpable mm ptrace: Capture the ptracer's creds not PT_PTRACE_CAP mm: Add a user_ns owner to mm_struct and fix ptrace permission checks commit dcdaa2f9480c55c6dcf54ab480e82e93e5622318 Merge: 683b96f 533c7b6 Author: Linus Torvalds Date: Wed Dec 14 14:06:40 2016 -0800 Merge branch 'stable-4.10' of git://git.infradead.org/users/pcmoore/audit Pull audit updates from Paul Moore: "After the small number of patches for v4.9, we've got a much bigger pile for v4.10. The bulk of these patches involve a rework of the audit backlog queue to enable us to move the netlink multicasting out of the task/thread that generates the audit record and into the kernel thread that emits the record (just like we do for the audit unicast to auditd). While we were playing with the backlog queue(s) we fixed a number of other little problems with the code, and from all the testing so far things look to be in much better shape now. Doing this also allowed us to re-enable disabling IRQs for some netns operations ("netns: avoid disabling irq for netns id"). The remaining patches fix some small problems that are well documented in the commit descriptions, as well as adding session ID filtering support" * 'stable-4.10' of git://git.infradead.org/users/pcmoore/audit: audit: use proper refcount locking on audit_sock netns: avoid disabling irq for netns id audit: don't ever sleep on a command record/message audit: handle a clean auditd shutdown with grace audit: wake up kauditd_thread after auditd registers audit: rework audit_log_start() audit: rework the audit queue handling audit: rename the queues and kauditd related functions audit: queue netlink multicast sends just like we do for unicast sends audit: fixup audit_init() audit: move kaudit thread start from auditd registration to kaudit init (#2) audit: add support for session ID user filter audit: fix formatting of AUDIT_CONFIG_CHANGE events audit: skip sessionid sentinel value when auto-incrementing audit: tame initialization warning len_abuf in audit_log_execve_info audit: less stack usage for /proc/*/loginuid commit 683b96f4d1d132fcefa4a0bd11916649800d7361 Merge: 0f1d6df 50523a2 Author: Linus Torvalds Date: Wed Dec 14 13:57:44 2016 -0800 Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security Pull security subsystem updates from James Morris: "Generally pretty quiet for this release. Highlights: Yama: - allow ptrace access for original parent after re-parenting TPM: - add documentation - many bugfixes & cleanups - define a generic open() method for ascii & bios measurements Integrity: - Harden against malformed xattrs SELinux: - bugfixes & cleanups Smack: - Remove unnecessary smack_known_invalid label - Do not apply star label in smack_setprocattr hook - parse mnt opts after privileges check (fixes unpriv DoS vuln)" * 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (56 commits) Yama: allow access for the current ptrace parent tpm: adjust return value of tpm_read_log tpm: vtpm_proxy: conditionally call tpm_chip_unregister tpm: Fix handling of missing event log tpm: Check the bios_dir entry for NULL before accessing it tpm: return -ENODEV if np is not set tpm: cleanup of printk error messages tpm: replace of_find_node_by_name() with dev of_node property tpm: redefine read_log() to handle ACPI/OF at runtime tpm: fix the missing .owner in tpm_bios_measurements_ops tpm: have event log use the tpm_chip tpm: drop tpm1_chip_register(/unregister) tpm: replace dynamically allocated bios_dir with a static array tpm: replace symbolic permission with octal for securityfs files char: tpm: fix kerneldoc tpm2_unseal_trusted name typo tpm_tis: Allow tpm_tis to be bound using DT tpm, tpm_vtpm_proxy: add kdoc comments for VTPM_PROXY_IOC_NEW_DEV tpm: Only call pm_runtime_get_sync if device has a parent tpm: define a generic open() method for ascii & bios measurements Documentation: tpm: add the Physical TPM device tree binding documentation ... commit f88f0bdfc32f3d1e2fd03ec8a7f7b456df4db725 Author: Anton Ivanov Date: Wed Nov 9 20:43:25 2016 +0000 um: UBD Improvements UBD at present is extremely slow because it handles only one request at a time in the IO thread and IRQ handler. The single request at a time is replaced by handling multiple requests as well as necessary workarounds for short reads/writes. Resulting performance improvement in disk IO - 30% Signed-off-by: Anton Ivanov Signed-off-by: Richard Weinberger arch/um/drivers/ubd.h | 5 ++ arch/um/drivers/ubd_kern.c | 168 ++++++++++++++++++++++++++++++++++++++------- arch/um/drivers/ubd_user.c | 21 +++++- 3 files changed, 167 insertions(+), 27 deletions(-) commit 45ee2c1d66185e5bd27702c60cce3c43fa3370d2 Author: Ilya Dryomov Date: Fri Dec 2 14:01:55 2016 +0100 libceph: remove now unused finish_request() wrapper Kill the wrapper and rename __finish_request() to finish_request(). Signed-off-by: Ilya Dryomov net/ceph/osd_client.c | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) commit c297eb42690b904fb5b78dd9ad001bafe25f49ec Author: Ilya Dryomov Date: Fri Dec 2 14:01:55 2016 +0100 libceph: always signal completion when done r_safe_completion is currently, and has always been, signaled only if on-disk ack was requested. It's there for fsync and syncfs, which wait for in-flight writes to flush - all data write requests set ONDISK. However, the pool perm check code introduced in 4.2 sends a write request with only ACK set. An unfortunately timed syncfs can then hang forever: r_safe_completion won't be signaled because only an unsafe reply was requested. We could patch ceph_osdc_sync() to skip !ONDISK write requests, but that is somewhat incomplete and yet another special case. Instead, rename this completion to r_done_completion and always signal it when the OSD client is done with the request, whether unsafe, safe, or error. This is a bit cleaner and helps with the cancellation code. Reported-by: Yan, Zheng Signed-off-by: Ilya Dryomov fs/ceph/file.c | 2 +- include/linux/ceph/osd_client.h | 2 +- net/ceph/osd_client.c | 25 +++++++++++-------------- 3 files changed, 13 insertions(+), 16 deletions(-) commit 80e80fbb584dc0d0dc894c4965bc2a199c7cd3f2 Author: Yan, Zheng Date: Tue Dec 13 16:03:26 2016 +0800 ceph: avoid creating orphan object when checking pool permission Pool permission check needs to write to the first object. But for snapshot, head of the first object may have already been deleted. Skip the check for snapshot inode to avoid creating orphan object. Link: http://tracker.ceph.com/issues/18211 Signed-off-by: Yan, Zheng fs/ceph/addr.c | 9 +++++++++ 1 file changed, 9 insertions(+) commit 0f1d6dfe03ca4e36132221b918499c6f0b0f048d Merge: d05c5f7 04b46fb Author: Linus Torvalds Date: Wed Dec 14 13:31:29 2016 -0800 Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 Pull crypto updates from Herbert Xu: "Here is the crypto update for 4.10: API: - add skcipher walk interface - add asynchronous compression (acomp) interface - fix algif_aed AIO handling of zero buffer Algorithms: - fix unaligned access in poly1305 - fix DRBG output to large buffers Drivers: - add support for iMX6UL to caam - fix givenc descriptors (used by IPsec) in caam - accelerated SHA256/SHA512 for ARM64 from OpenSSL - add SSE CRCT10DIF and CRC32 to ARM/ARM64 - add AEAD support to Chelsio chcr - add Armada 8K support to omap-rng" * 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6: (148 commits) crypto: testmgr - fix overlap in chunked tests again crypto: arm/crc32 - accelerated support based on x86 SSE implementation crypto: arm64/crc32 - accelerated support based on x86 SSE implementation crypto: arm/crct10dif - port x86 SSE implementation to ARM crypto: arm64/crct10dif - port x86 SSE implementation to arm64 crypto: testmgr - add/enhance test cases for CRC-T10DIF crypto: testmgr - avoid overlap in chunked tests crypto: chcr - checking for IS_ERR() instead of NULL crypto: caam - check caam_emi_slow instead of re-lookup platform crypto: algif_aead - fix AIO handling of zero buffer crypto: aes-ce - Make aes_simd_algs static crypto: algif_skcipher - set error code when kcalloc fails crypto: caam - make aamalg_desc a proper module crypto: caam - pass key buffers with typesafe pointers crypto: arm64/aes-ce-ccm - Fix AEAD decryption length MAINTAINERS: add crypto headers to crypto entry crypt: doc - remove misleading mention of async API crypto: doc - fix header file name crypto: api - fix comment typo crypto: skcipher - Add separate walker for AEAD decryption .. commit d1b1cea1e58477dad88ff769f54c0d2dfa56d923 Author: Gabriel Krisman Bertazi Date: Wed Dec 14 18:48:36 2016 -0200 blk-mq: Fix failed allocation path when mapping queues In blk_mq_map_swqueue, there is a memory optimization that frees the tags of a queue that has gone unmapped. Later, if that hctx is remapped after another topology change, the tags need to be reallocated. If this allocation fails, a simple WARN_ON triggers, but the block layer ends up with an active hctx without any corresponding set of tags. Then, any income IO to that hctx can trigger an Oops. I can reproduce it consistently by running IO, flipping CPUs on and off and eventually injecting a memory allocation failure in that path. In the fix below, if the system experiences a failed allocation of any hctx's tags, we remap all the ctxs of that queue to the hctx_0, which should always keep it's tags. There is a minor performance hit, since our mapping just got worse after the error path, but this is the simplest solution to handle this error path. The performance hit will disappear after another successful remap. I considered dropping the memory optimization all together, but it seemed a bad trade-off to handle this very specific error case. This should apply cleanly on top of Jens' for-next branch. The Oops is the one below: SP (3fff935ce4d0) is in userspace 1:mon> e cpu 0x1: Vector: 300 (Data Access) at [c000000fe99eb110] pc: c0000000005e868c: __sbitmap_queue_get+0x2c/0x180 lr: c000000000575328: __bt_get+0x48/0xd0 sp: c000000fe99eb390 msr: 900000010280b033 dar: 28 dsisr: 40000000 current = 0xc000000fe9966800 paca = 0xc000000007e80300 softe: 0 irq_happened: 0x01 pid = 11035, comm = aio-stress Linux version 4.8.0-rc6+ (root@bean) (gcc version 5.4.0 20160609 (Ubuntu/IBM 5.4.0-6ubuntu1~16.04.2) ) #3 SMP Mon Oct 10 20:16:53 CDT 2016 1:mon> s [c000000fe99eb3d0] c000000000575328 __bt_get+0x48/0xd0 [c000000fe99eb400] c000000000575838 bt_get.isra.1+0x78/0x2d0 [c000000fe99eb480] c000000000575cb4 blk_mq_get_tag+0x44/0x100 [c000000fe99eb4b0] c00000000056f6f4 __blk_mq_alloc_request+0x44/0x220 [c000000fe99eb500] c000000000570050 blk_mq_map_request+0x100/0x1f0 [c000000fe99eb580] c000000000574650 blk_mq_make_request+0xf0/0x540 [c000000fe99eb640] c000000000561c44 generic_make_request+0x144/0x230 [c000000fe99eb690] c000000000561e00 submit_bio+0xd0/0x200 [c000000fe99eb740] c0000000003ef740 ext4_io_submit+0x90/0xb0 [c000000fe99eb770] c0000000003e95d8 ext4_writepages+0x588/0xdd0 [c000000fe99eb910] c00000000025a9f0 do_writepages+0x60/0xc0 [c000000fe99eb940] c000000000246c88 __filemap_fdatawrite_range+0xf8/0x180 [c000000fe99eb9e0] c000000000246f90 filemap_write_and_wait_range+0x70/0xf0 [c000000fe99eba20] c0000000003dd844 ext4_sync_file+0x214/0x540 [c000000fe99eba80] c000000000364718 vfs_fsync_range+0x78/0x130 [c000000fe99ebad0] c0000000003dd46c ext4_file_write_iter+0x35c/0x430 [c000000fe99ebb90] c00000000038c280 aio_run_iocb+0x3b0/0x450 [c000000fe99ebce0] c00000000038dc28 do_io_submit+0x368/0x730 [c000000fe99ebe30] c000000000009404 system_call+0x38/0xec Signed-off-by: Gabriel Krisman Bertazi Cc: Brian King Cc: Douglas Miller Cc: linux-block@vger.kernel.org Cc: linux-scsi@vger.kernel.org Reviewed-by: Douglas Miller Signed-off-by: Jens Axboe block/blk-mq.c | 26 +++++++++++++++++++++----- 1 file changed, 21 insertions(+), 5 deletions(-) commit d2a145252c52792bc59e4767b486b26c430af4bb Author: Wei Fang Date: Tue Dec 13 09:25:21 2016 +0800 scsi: avoid a permanent stop of the scsi device's request queue A race between scanning and fc_remote_port_delete() may result in a permanent stop if the device gets blocked before scsi_sysfs_add_sdev() and unblocked after. The reason is that blocking a device sets both the SDEV_BLOCKED state and the QUEUE_FLAG_STOPPED. However, scsi_sysfs_add_sdev() unconditionally sets SDEV_RUNNING which causes the device to be ignored by scsi_target_unblock() and thus never have its QUEUE_FLAG_STOPPED cleared leading to a device which is apparently running but has a stopped queue. We actually have two places where SDEV_RUNNING is set: once in scsi_add_lun() which respects the blocked flag and once in scsi_sysfs_add_sdev() which doesn't. Since the second set is entirely spurious, simply remove it to fix the problem. Cc: Reported-by: Zengxi Chen Signed-off-by: Wei Fang Reviewed-by: Ewan D. Milne Signed-off-by: Martin K. Petersen drivers/scsi/scsi_sysfs.c | 4 ---- 1 file changed, 4 deletions(-) commit d05c5f7ba164aed3db02fb188c26d0dd94f5455b Author: Linus Torvalds Date: Wed Dec 14 12:45:25 2016 -0800 vfs,mm: fix return value of read() at s_maxbytes We truncated the possible read iterator to s_maxbytes in commit c2a9737f45e2 ("vfs,mm: fix a dead loop in truncate_inode_pages_range()"), but our end condition handling was wrong: it's not an error to try to read at the end of the file. Reading past the end should return EOF (0), not EINVAL. See for example https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1649342 http://lists.gnu.org/archive/html/bug-coreutils/2016-12/msg00008.html where a md5sum of a maximally sized file fails because the final read is exactly at s_maxbytes. Fixes: c2a9737f45e2 ("vfs,mm: fix a dead loop in truncate_inode_pages_range()") Reported-by: Joseph Salisbury Cc: Wei Fang Cc: Christoph Hellwig Cc: Dave Chinner Cc: Al Viro Cc: Andrew Morton Cc: stable@kernel.org Signed-off-by: Linus Torvalds mm/filemap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 307d9075a02b696e817b775c565e45c4fa3c32f2 Author: Adam Manzanares Date: Mon Dec 12 16:31:40 2016 -0800 scsi: mpt3sas: Recognize and act on iopriority info This patch adds support for request iopriority handling in the mpt3sas layer. This works only when a ATA device is behind the SATL. The ATA device also has to indicate that it supports command priorities in the identify information that is pulled from the SATL. Signed-off-by: Adam Manzanares Acked-by: Sreekanth Reddy Signed-off-by: Martin K. Petersen drivers/scsi/mpt3sas/mpt3sas_base.h | 6 +++++ drivers/scsi/mpt3sas/mpt3sas_ctl.c | 43 ++++++++++++++++++++++++++++++++++-- drivers/scsi/mpt3sas/mpt3sas_scsih.c | 34 +++++++++++++++++++++++++++- 3 files changed, 80 insertions(+), 3 deletions(-) commit 093df73771bac8a37d607c0e705d157a8cef4c5c Author: Quinn Tran Date: Mon Dec 12 14:40:09 2016 -0800 scsi: qla2xxx: Fix Target mode handling with Multiqueue changes. - Fix race condition between dpc_thread accessing Multiqueue resources and qla2x00_remove_one thread trying to free resource. - Fix out of order free for Multiqueue resources. Also, Multiqueue interrupts needs a workqueue. Interrupt needed to stop before the wq can be destroyed. Reviewed-by: Hannes Reinecke Signed-off-by: Quinn Tran Signed-off-by: Himanshu Madhani Reviewed-by: Christoph Hellwig Signed-off-by: Martin K. Petersen drivers/scsi/qla2xxx/qla_def.h | 3 ++- drivers/scsi/qla2xxx/qla_init.c | 2 +- drivers/scsi/qla2xxx/qla_isr.c | 20 +++++++--------- drivers/scsi/qla2xxx/qla_os.c | 53 ++++++++++++++++++++++++++++++----------- 4 files changed, 50 insertions(+), 28 deletions(-) commit 5601236b6f7948cd1783298f6d4cacce02e22fde Author: Michael Hernandez Date: Mon Dec 12 14:40:08 2016 -0800 scsi: qla2xxx: Add Block Multi Queue functionality. Tell the SCSI layer how many hardware queues we have based on the number of max queue pairs created. The number of max queue pairs created will depend on number of MSI-X vector count. This feature can be turned on via CONFIG_SCSI_MQ_DEFAULT or passing scsi_mod.use_blk_mq=Y as a parameter to the kernel Reviewed-by: Hannes Reinecke Signed-off-by: Sawan Chandak Signed-off-by: Michael Hernandez Signed-off-by: Himanshu Madhani Reviewed-by: Christoph Hellwig Signed-off-by: Martin K. Petersen drivers/scsi/qla2xxx/qla_os.c | 47 ++++++++++++++++++++++++++++++++++++++----- 1 file changed, 42 insertions(+), 5 deletions(-) commit d74595278f4ab192af66d9e60a9087464638beee Author: Michael Hernandez Date: Mon Dec 12 14:40:07 2016 -0800 scsi: qla2xxx: Add multiple queue pair functionality. Replaced existing multiple queue functionality with framework that allows for the creation of pairs of request and response queues, either at start of day or dynamically. Queue pair creation depend on module parameter "ql2xmqsupport", which need to be enabled to create queue pair. Signed-off-by: Sawan Chandak Signed-off-by: Michael Hernandez Signed-off-by: Himanshu Madhani Acked-by: Christoph Hellwig Signed-off-by: Martin K. Petersen drivers/scsi/qla2xxx/qla_attr.c | 36 ++-- drivers/scsi/qla2xxx/qla_dbg.c | 4 +- drivers/scsi/qla2xxx/qla_def.h | 105 ++++++++-- drivers/scsi/qla2xxx/qla_gbl.h | 28 ++- drivers/scsi/qla2xxx/qla_init.c | 173 +++++++++++++++- drivers/scsi/qla2xxx/qla_inline.h | 30 +++ drivers/scsi/qla2xxx/qla_iocb.c | 407 ++++++++++++++++++++++++++++++++++---- drivers/scsi/qla2xxx/qla_isr.c | 124 ++++++------ drivers/scsi/qla2xxx/qla_mbx.c | 33 ++-- drivers/scsi/qla2xxx/qla_mid.c | 114 ++++++----- drivers/scsi/qla2xxx/qla_os.c | 395 ++++++++++++++++++++++++------------ 11 files changed, 1114 insertions(+), 335 deletions(-) commit 4fa183455988adaa7f6565ca06bceecafb527820 Author: Michael Hernandez Date: Mon Dec 12 14:40:06 2016 -0800 scsi: qla2xxx: Utilize pci_alloc_irq_vectors/pci_free_irq_vectors calls. Replaces the old pci_enable_msi[x]* and pci_disable_msi[x] calls. Signed-off-by: Michael Hernandez Signed-off-by: Himanshu Madhani Reviewed-by: Christoph Hellwig Signed-off-by: Martin K. Petersen drivers/scsi/qla2xxx/qla_def.h | 2 +- drivers/scsi/qla2xxx/qla_isr.c | 89 ++++++++++++++++-------------------------- drivers/scsi/qla2xxx/qla_mid.c | 2 +- 3 files changed, 36 insertions(+), 57 deletions(-) commit 77ddb94a4853204dc680121d59221b1be7c2297e Author: himanshu.madhani@cavium.com Date: Mon Dec 12 14:40:05 2016 -0800 scsi: qla2xxx: Only allow operational MBX to proceed during RESET. This patch is allowing only ROM mailbox command which are necessary to initialize chip after a reset has been issued. In a target environment, there could be a user space daemon which can issue statistics and other management mailbox command which are non-critical. This patch will timeout non critical mailbox commands immediately rather than waiting for timeout, if driver detects that chip reset has been issued or chip reset is in progress. Reviewed-by: Hannes Reinecke Reviewed-by: Christoph Hellwig Signed-off-by: Himanshu Madhani Signed-off-by: Giridhar Malavali Signed-off-by: Martin K. Petersen drivers/scsi/qla2xxx/qla_mbx.c | 52 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) commit 7e8a9486786d5ede1d2405fab140c6a0d8b2c1fe Author: Amit Kushwaha Date: Mon Dec 12 16:34:21 2016 +0530 scsi: hpsa: remove memory allocate failure message This patch cleanup warning reported by checkpatch.pl WARNING: Possible unnecessary 'out of memory' message With no available memory, a warn on message already gets printed by page alloc apis and modified goto use if memory unallocated. Signed-off-by: Amit Kushwaha Acked-by: Don Brace Signed-off-by: Martin K. Petersen drivers/scsi/hpsa.c | 37 ++++++++++++------------------------- 1 file changed, 12 insertions(+), 25 deletions(-) commit 2c9bce5b49713acba3e90ce994d60996adcd4b30 Author: adam radford Date: Fri Dec 9 11:08:05 2016 -0800 scsi: Update 3ware driver email addresses This change updates the 3ware drivers (3w-xxxx, 3w-9xxx, 3w-sas) email addresses from linuxraid@lsi.com to aradford@gmail.com, since the old email address doesn't exist. This patch was updated to remove www.lsi.com text. [mkp: applied by hand] Signed-off-by: Adam Radford Acked-by: Sumit Saxena Signed-off-by: Martin K. Petersen MAINTAINERS | 2 +- drivers/scsi/3w-9xxx.c | 9 +++------ drivers/scsi/3w-9xxx.h | 9 +++------ drivers/scsi/3w-sas.c | 7 ++----- drivers/scsi/3w-sas.h | 7 ++----- drivers/scsi/3w-xxxx.c | 7 +++---- drivers/scsi/3w-xxxx.h | 5 +++-- 7 files changed, 17 insertions(+), 29 deletions(-) commit 6f2ce1c6af37191640ee3ff6e8fc39ea10352f4c Author: Steffen Maier Date: Fri Dec 9 17:16:33 2016 +0100 scsi: zfcp: fix rport unblock race with LUN recovery It is unavoidable that zfcp_scsi_queuecommand() has to finish requests with DID_IMM_RETRY (like fc_remote_port_chkready()) during the time window when zfcp detected an unavailable rport but fc_remote_port_delete(), which is asynchronous via zfcp_scsi_schedule_rport_block(), has not yet blocked the rport. However, for the case when the rport becomes available again, we should prevent unblocking the rport too early. In contrast to other FCP LLDDs, zfcp has to open each LUN with the FCP channel hardware before it can send I/O to a LUN. So if a port already has LUNs attached and we unblock the rport just after port recovery, recoveries of LUNs behind this port can still be pending which in turn force zfcp_scsi_queuecommand() to unnecessarily finish requests with DID_IMM_RETRY. This also opens a time window with unblocked rport (until the followup LUN reopen recovery has finished). If a scsi_cmnd timeout occurs during this time window fc_timed_out() cannot work as desired and such command would indeed time out and trigger scsi_eh. This prevents a clean and timely path failover. This should not happen if the path issue can be recovered on FC transport layer such as path issues involving RSCNs. Fix this by only calling zfcp_scsi_schedule_rport_register(), to asynchronously trigger fc_remote_port_add(), after all LUN recoveries as children of the rport have finished and no new recoveries of equal or higher order were triggered meanwhile. Finished intentionally includes any recovery result no matter if successful or failed (still unblock rport so other successful LUNs work). For simplicity, we check after each finished LUN recovery if there is another LUN recovery pending on the same port and then do nothing. We handle the special case of a successful recovery of a port without LUN children the same way without changing this case's semantics. For debugging we introduce 2 new trace records written if the rport unblock attempt was aborted due to still unfinished or freshly triggered recovery. The records are only written above the default trace level. Benjamin noticed the important special case of new recovery that can be triggered between having given up the erp_lock and before calling zfcp_erp_action_cleanup() within zfcp_erp_strategy(). We must avoid the following sequence: ERP thread rport_work other context ------------------------- -------------- -------------------------------- port is unblocked, rport still blocked, due to pending/running ERP action, so ((port->status & ...UNBLOCK) != 0) and (port->rport == NULL) unlock ERP zfcp_erp_action_cleanup() case ZFCP_ERP_ACTION_REOPEN_LUN: zfcp_erp_try_rport_unblock() ((status & ...UNBLOCK) != 0) [OLD!] zfcp_erp_port_reopen() lock ERP zfcp_erp_port_block() port->status clear ...UNBLOCK unlock ERP zfcp_scsi_schedule_rport_block() port->rport_task = RPORT_DEL queue_work(rport_work) zfcp_scsi_rport_work() (port->rport_task != RPORT_ADD) port->rport_task = RPORT_NONE zfcp_scsi_rport_block() if (!port->rport) return zfcp_scsi_schedule_rport_register() port->rport_task = RPORT_ADD queue_work(rport_work) zfcp_scsi_rport_work() (port->rport_task == RPORT_ADD) port->rport_task = RPORT_NONE zfcp_scsi_rport_register() (port->rport == NULL) rport = fc_remote_port_add() port->rport = rport; Now the rport was erroneously unblocked while the zfcp_port is blocked. This is another situation we want to avoid due to scsi_eh potential. This state would at least remain until the new recovery from the other context finished successfully, or potentially forever if it failed. In order to close this race, we take the erp_lock inside zfcp_erp_try_rport_unblock() when checking the status of zfcp_port or LUN. With that, the possible corresponding rport state sequences would be: (unblock[ERP thread],block[other context]) if the ERP thread gets erp_lock first and still sees ((port->status & ...UNBLOCK) != 0), (block[other context],NOP[ERP thread]) if the ERP thread gets erp_lock after the other context has already cleard ...UNBLOCK from port->status. Since checking fields of struct erp_action is unsafe because they could have been overwritten (re-used for new recovery) meanwhile, we only check status of zfcp_port and LUN since these are only changed under erp_lock elsewhere. Regarding the check of the proper status flags (port or port_forced are similar to the shown adapter recovery): [zfcp_erp_adapter_shutdown()] zfcp_erp_adapter_reopen() zfcp_erp_adapter_block() * clear UNBLOCK ---------------------------------------+ zfcp_scsi_schedule_rports_block() | write_lock_irqsave(&adapter->erp_lock, flags);-------+ | zfcp_erp_action_enqueue() | | zfcp_erp_setup_act() | | * set ERP_INUSE -----------------------------------|--|--+ write_unlock_irqrestore(&adapter->erp_lock, flags);--+ | | .context-switch. | | zfcp_erp_thread() | | zfcp_erp_strategy() | | write_lock_irqsave(&adapter->erp_lock, flags);------+ | | ... | | | zfcp_erp_strategy_check_target() | | | zfcp_erp_strategy_check_adapter() | | | zfcp_erp_adapter_unblock() | | | * set UNBLOCK -----------------------------------|--+ | zfcp_erp_action_dequeue() | | * clear ERP_INUSE ---------------------------------|-----+ ... | write_unlock_irqrestore(&adapter->erp_lock, flags);-+ Hence, we should check for both UNBLOCK and ERP_INUSE because they are interleaved. Also we need to explicitly check ERP_FAILED for the link down case which currently does not clear the UNBLOCK flag in zfcp_fsf_link_down_info_eval(). Signed-off-by: Steffen Maier Fixes: 8830271c4819 ("[SCSI] zfcp: Dont fail SCSI commands when transitioning to blocked fc_rport") Fixes: a2fa0aede07c ("[SCSI] zfcp: Block FC transport rports early on errors") Fixes: 5f852be9e11d ("[SCSI] zfcp: Fix deadlock between zfcp ERP and SCSI") Fixes: 338151e06608 ("[SCSI] zfcp: make use of fc_remote_port_delete when target port is unavailable") Fixes: 3859f6a248cb ("[PATCH] zfcp: add rports to enable scsi_add_device to work again") Cc: #2.6.32+ Reviewed-by: Benjamin Block Signed-off-by: Martin K. Petersen drivers/s390/scsi/zfcp_dbf.c | 17 +++++++++--- drivers/s390/scsi/zfcp_erp.c | 61 +++++++++++++++++++++++++++++++++++++++++-- drivers/s390/scsi/zfcp_ext.h | 4 ++- drivers/s390/scsi/zfcp_scsi.c | 4 +-- 4 files changed, 77 insertions(+), 9 deletions(-) commit 56d23ed7adf3974f10e91b643bd230e9c65b5f79 Author: Steffen Maier Date: Fri Dec 9 17:16:32 2016 +0100 scsi: zfcp: do not trace pure benign residual HBA responses at default level Since quite a while, Linux issues enough SCSI commands per scsi_device which successfully return with FCP_RESID_UNDER, FSF_FCP_RSP_AVAILABLE, and SAM_STAT_GOOD. This floods the HBA trace area and we cannot see other and important HBA trace records long enough. Therefore, do not trace HBA response errors for pure benign residual under counts at the default trace level. This excludes benign residual under count combined with other validity bits set in FCP_RSP_IU, such as FCP_SNS_LEN_VAL. For all those other cases, we still do want to see both the HBA record and the corresponding SCSI record by default. Signed-off-by: Steffen Maier Fixes: a54ca0f62f95 ("[SCSI] zfcp: Redesign of the debug tracing for HBA records.") Cc: #2.6.37+ Reviewed-by: Benjamin Block Signed-off-by: Martin K. Petersen drivers/s390/scsi/zfcp_dbf.h | 30 ++++++++++++++++++++++++++++-- drivers/s390/scsi/zfcp_fsf.h | 3 ++- 2 files changed, 30 insertions(+), 3 deletions(-) commit dac37e15b7d511e026a9313c8c46794c144103cd Author: Benjamin Block Date: Fri Dec 9 17:16:31 2016 +0100 scsi: zfcp: fix use-after-"free" in FC ingress path after TMF When SCSI EH invokes zFCP's callbacks for eh_device_reset_handler() and eh_target_reset_handler(), it expects us to relent the ownership over the given scsi_cmnd and all other scsi_cmnds within the same scope - LUN or target - when returning with SUCCESS from the callback ('release' them). SCSI EH can then reuse those commands. We did not follow this rule to release commands upon SUCCESS; and if later a reply arrived for one of those supposed to be released commands, we would still make use of the scsi_cmnd in our ingress tasklet. This will at least result in undefined behavior or a kernel panic because of a wrong kernel pointer dereference. To fix this, we NULLify all pointers to scsi_cmnds (struct zfcp_fsf_req *)->data in the matching scope if a TMF was successful. This is done under the locks (struct zfcp_adapter *)->abort_lock and (struct zfcp_reqlist *)->lock to prevent the requests from being removed from the request-hashtable, and the ingress tasklet from making use of the scsi_cmnd-pointer in zfcp_fsf_fcp_cmnd_handler(). For cases where a reply arrives during SCSI EH, but before we get a chance to NULLify the pointer - but before we return from the callback -, we assume that the code is protected from races via the CAS operation in blk_complete_request() that is called in scsi_done(). The following stacktrace shows an example for a crash resulting from the previous behavior: Unable to handle kernel pointer dereference at virtual kernel address fffffee17a672000 Oops: 0038 [#1] SMP CPU: 2 PID: 0 Comm: swapper/2 Not tainted task: 00000003f7ff5be0 ti: 00000003f3d38000 task.ti: 00000003f3d38000 Krnl PSW : 0404d00180000000 00000000001156b0 (smp_vcpu_scheduled+0x18/0x40) R:0 T:1 IO:0 EX:0 Key:0 M:1 W:0 P:0 AS:3 CC:1 PM:0 EA:3 Krnl GPRS: 000000200000007e 0000000000000000 fffffee17a671fd8 0000000300000015 ffffffff80000000 00000000005dfde8 07000003f7f80e00 000000004fa4e800 000000036ce8d8f8 000000036ce8d9c0 00000003ece8fe00 ffffffff969c9e93 00000003fffffffd 000000036ce8da10 00000000003bf134 00000003f3b07918 Krnl Code: 00000000001156a2: a7190000 lghi %r1,0 00000000001156a6: a7380015 lhi %r3,21 #00000000001156aa: e32050000008 ag %r2,0(%r5) >00000000001156b0: 482022b0 lh %r2,688(%r2) 00000000001156b4: ae123000 sigp %r1,%r2,0(%r3) 00000000001156b8: b2220020 ipm %r2 00000000001156bc: 8820001c srl %r2,28 00000000001156c0: c02700000001 xilf %r2,1 Call Trace: ([<0000000000000000>] 0x0) [<000003ff807bdb8e>] zfcp_fsf_fcp_cmnd_handler+0x3de/0x490 [zfcp] [<000003ff807be30a>] zfcp_fsf_req_complete+0x252/0x800 [zfcp] [<000003ff807c0a48>] zfcp_fsf_reqid_check+0xe8/0x190 [zfcp] [<000003ff807c194e>] zfcp_qdio_int_resp+0x66/0x188 [zfcp] [<000003ff80440c64>] qdio_kick_handler+0xdc/0x310 [qdio] [<000003ff804463d0>] __tiqdio_inbound_processing+0xf8/0xcd8 [qdio] [<0000000000141fd4>] tasklet_action+0x9c/0x170 [<0000000000141550>] __do_softirq+0xe8/0x258 [<000000000010ce0a>] do_softirq+0xba/0xc0 [<000000000014187c>] irq_exit+0xc4/0xe8 [<000000000046b526>] do_IRQ+0x146/0x1d8 [<00000000005d6a3c>] io_return+0x0/0x8 [<00000000005d6422>] vtime_stop_cpu+0x4a/0xa0 ([<0000000000000000>] 0x0) [<0000000000103d8a>] arch_cpu_idle+0xa2/0xb0 [<0000000000197f94>] cpu_startup_entry+0x13c/0x1f8 [<0000000000114782>] smp_start_secondary+0xda/0xe8 [<00000000005d6efe>] restart_int_handler+0x56/0x6c [<0000000000000000>] 0x0 Last Breaking-Event-Address: [<00000000003bf12e>] arch_spin_lock_wait+0x56/0xb0 Suggested-by: Steffen Maier Signed-off-by: Benjamin Block Fixes: ea127f9754 ("[PATCH] s390 (7/7): zfcp host adapter.") (tglx/history.git) Cc: #2.6.32+ Signed-off-by: Steffen Maier Signed-off-by: Martin K. Petersen drivers/s390/scsi/zfcp_dbf.h | 11 ++++++++ drivers/s390/scsi/zfcp_reqlist.h | 30 ++++++++++++++++++++- drivers/s390/scsi/zfcp_scsi.c | 57 ++++++++++++++++++++++++++++++++++++++-- 3 files changed, 95 insertions(+), 3 deletions(-) commit 165ae50e450bc7de6c741bf2c27ed0920a40a9af Author: Varun Prakash Date: Fri Dec 9 14:40:07 2016 +0530 scsi: libcxgbi: return error if interface is not up Do not post hw active open cmd if IFF_UP is not set or link is down on the interface, return -ENETDOWN in this case. Signed-off-by: Varun Prakash Signed-off-by: Martin K. Petersen drivers/scsi/cxgbi/libcxgbi.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) commit 1fe1fdb04b92f54b58eb8b71d2f28cf73fd9801c Author: Varun Prakash Date: Wed Dec 7 21:06:45 2016 +0530 scsi: cxgb4i: libcxgbi: add missing module_put() Add module_put() in cxgbi_sock_act_open_req_arp_failure() to release module reference in case of arp failure, also check return value of try_module_get() before posting active open hw cmd. Signed-off-by: Varun Prakash Signed-off-by: Martin K. Petersen drivers/scsi/cxgbi/cxgb4i/cxgb4i.c | 11 ++++++++--- drivers/scsi/cxgbi/libcxgbi.c | 3 +++ drivers/scsi/cxgbi/libcxgbi.h | 1 + 3 files changed, 12 insertions(+), 3 deletions(-) commit 44830d8fd28a729729d14bb160341a6170631eb7 Author: Varun Prakash Date: Thu Dec 1 20:28:29 2016 +0530 scsi: cxgb4i: libcxgbi: cxgb4: add T6 iSCSI completion feature T6 adapters reduce number of completions to host by generating single completion for all the directly placed(DDP) iSCSI pdus in a sequence. This patch adds new structure for completion hw cmd (struct cpl_rx_iscsi_cmp) and implements T6 completion feature. Signed-off-by: Varun Prakash Signed-off-by: Martin K. Petersen drivers/net/ethernet/chelsio/cxgb4/t4_msg.h | 13 ++ drivers/scsi/cxgbi/cxgb4i/cxgb4i.c | 219 ++++++++++++++++++++++++---- drivers/scsi/cxgbi/libcxgbi.c | 19 +++ drivers/scsi/cxgbi/libcxgbi.h | 1 + 4 files changed, 226 insertions(+), 26 deletions(-) commit 586be7cb694fdbb3a35cc35c03387ce0fc534572 Author: Varun Prakash Date: Thu Dec 1 20:28:28 2016 +0530 scsi: cxgb4i: libcxgbi: add active open cmd for T6 adapters Add T6 active open cmd to open active connections on T6 adapters. Signed-off-by: Varun Prakash Signed-off-by: Martin K. Petersen drivers/scsi/cxgbi/cxgb4i/cxgb4i.c | 86 ++++++++++++++++++++++++++++++++------ drivers/scsi/cxgbi/libcxgbi.c | 6 +-- 2 files changed, 77 insertions(+), 15 deletions(-) commit e0eed8ab7379faba26f9d85a5904b8292dc4d8b9 Author: Varun Prakash Date: Thu Dec 1 20:28:27 2016 +0530 scsi: cxgb4i: use cxgb4_tp_smt_idx() to get smt_idx cxgb4_tp_smt_idx() is defined in cxgb4 driver, it returns smt_idx for T4,T5,T6 adapters. Signed-off-by: Varun Prakash Signed-off-by: Martin K. Petersen drivers/scsi/cxgbi/cxgb4i/cxgb4i.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit ace7f46ba5fde7273207c7122b0650ceb72510e0 Author: Manish Rangankar Date: Thu Dec 1 00:21:08 2016 -0800 scsi: qedi: Add QLogic FastLinQ offload iSCSI driver framework. The QLogic FastLinQ Driver for iSCSI (qedi) is the iSCSI specific module for 41000 Series Converged Network Adapters by QLogic. This patch consists of following changes: - MAINTAINERS Makefile and Kconfig changes for qedi, - PCI driver registration, - iSCSI host level initialization, - Debugfs and log level infrastructure. The following indiviual changes are merged into this commit: qedi: Add LL2 iSCSI interface for offload iSCSI. qedi: Add support for iSCSI session management. qedi: Add support for data path. Signed-off-by: Nilesh Javali Signed-off-by: Adheer Chandravanshi Signed-off-by: Chad Dupuis Signed-off-by: Saurav Kashyap Signed-off-by: Arun Easi Signed-off-by: Manish Rangankar Reviewed-by: Johannes Thumshirn Reviewed-by: Hannes Reinecke Reviewed-by: Martin K. Petersen Signed-off-by: Martin K. Petersen MAINTAINERS | 6 + drivers/scsi/Kconfig | 1 + drivers/scsi/Makefile | 1 + drivers/scsi/qedi/Kconfig | 10 + drivers/scsi/qedi/Makefile | 5 + drivers/scsi/qedi/qedi.h | 364 ++++++ drivers/scsi/qedi/qedi_dbg.c | 143 +++ drivers/scsi/qedi/qedi_dbg.h | 144 +++ drivers/scsi/qedi/qedi_debugfs.c | 244 ++++ drivers/scsi/qedi/qedi_fw.c | 2378 ++++++++++++++++++++++++++++++++++++++ drivers/scsi/qedi/qedi_gbl.h | 73 ++ drivers/scsi/qedi/qedi_hsi.h | 52 + drivers/scsi/qedi/qedi_iscsi.c | 1624 ++++++++++++++++++++++++++ drivers/scsi/qedi/qedi_iscsi.h | 232 ++++ drivers/scsi/qedi/qedi_main.c | 2127 ++++++++++++++++++++++++++++++++++ drivers/scsi/qedi/qedi_sysfs.c | 52 + drivers/scsi/qedi/qedi_version.h | 14 + 17 files changed, 7470 insertions(+) commit 6f94ba20799b98c8badf047b184fb4cd7bc45e44 Merge: 9032ad7 29c8d9e Author: Doug Ledford Date: Wed Dec 14 14:56:21 2016 -0500 Merge branch 'vmw_pvrdma' into merge-test commit 29c8d9eba550c6d73d17cc1618a9f5f2a7345aa1 Author: Adit Ranadive Date: Sun Oct 2 19:10:22 2016 -0700 IB: Add vmw_pvrdma driver This patch series adds a driver for a paravirtual RDMA device. The device is developed for VMware's Virtual Machines and allows existing RDMA applications to continue to use existing Verbs API when deployed in VMs on ESXi. We recently did a presentation in the OFA Workshop [1] regarding this device. Description and RDMA Support ============================ The virtual device is exposed as a dual function PCIe device. One part is a virtual network device (VMXNet3) which provides networking properties like MAC, IP addresses to the RDMA part of the device. The networking properties are used to register GIDs required by RDMA applications to communicate. These patches add support and the all required infrastructure for letting applications use such a device. We support the mandatory Verbs API as well as the base memory management extensions (Local Inv, Send with Inv and Fast Register Work Requests). We currently support both Reliable Connected and Unreliable Datagram QPs but do not support Shared Receive Queues (SRQs). Also, we support the following types of Work Requests: o Send/Receive (with or without Immediate Data) o RDMA Write (with or without Immediate Data) o RDMA Read o Local Invalidate o Send with Invalidate o Fast Register Work Requests This version only adds support for version 1 of RoCE. We will add RoCEv2 support in a future patch. We do support registration of both MAC-based and IP-based GIDs. I have also created a git tree for our user-level driver [2]. Testing ======= We have tested this internally for various types of Guest OS - Red Hat, Centos, Ubuntu 12.04/14.04/16.04, Oracle Enterprise Linux, SLES 12 using backported versions of this driver. The tests included several runs of the performance tests (included with OFED), Intel MPI PingPong benchmark on OpenMPI, krping for FRWRs. Mellanox has been kind enough to test the backported version of the driver internally on their hardware using a VMware provided ESX build. I have also applied and tested this with Doug's k.o/for-4.9 branch (commit 5603910b). Note, that this patch series should be applied all together. I split out the commits so that it may be easier to review. PVRDMA Resources ================ [1] OFA Workshop Presentation - https://openfabrics.org/images/eventpresos/2016presentations/102parardma.pdf [2] Libpvrdma User-level library - http://git.openfabrics.org/?p=~aditr/libpvrdma.git;a=summary Reviewed-by: Jorgen Hansen Reviewed-by: George Zhang Reviewed-by: Aditya Sarwade Reviewed-by: Bryan Tan Reviewed-by: Leon Romanovsky Signed-off-by: Adit Ranadive Signed-off-by: Doug Ledford MAINTAINERS | 7 + drivers/infiniband/Kconfig | 1 + drivers/infiniband/hw/Makefile | 1 + drivers/infiniband/hw/vmw_pvrdma/Kconfig | 7 + drivers/infiniband/hw/vmw_pvrdma/Makefile | 3 + drivers/infiniband/hw/vmw_pvrdma/pvrdma.h | 474 ++++++++ drivers/infiniband/hw/vmw_pvrdma/pvrdma_cmd.c | 119 ++ drivers/infiniband/hw/vmw_pvrdma/pvrdma_cq.c | 425 +++++++ drivers/infiniband/hw/vmw_pvrdma/pvrdma_dev_api.h | 586 ++++++++++ drivers/infiniband/hw/vmw_pvrdma/pvrdma_doorbell.c | 127 ++ drivers/infiniband/hw/vmw_pvrdma/pvrdma_main.c | 1211 ++++++++++++++++++++ drivers/infiniband/hw/vmw_pvrdma/pvrdma_misc.c | 304 +++++ drivers/infiniband/hw/vmw_pvrdma/pvrdma_mr.c | 334 ++++++ drivers/infiniband/hw/vmw_pvrdma/pvrdma_qp.c | 972 ++++++++++++++++ drivers/infiniband/hw/vmw_pvrdma/pvrdma_ring.h | 131 +++ drivers/infiniband/hw/vmw_pvrdma/pvrdma_verbs.c | 579 ++++++++++ drivers/infiniband/hw/vmw_pvrdma/pvrdma_verbs.h | 436 +++++++ include/uapi/rdma/Kbuild | 1 + include/uapi/rdma/vmw_pvrdma-abi.h | 289 +++++ 19 files changed, 6007 insertions(+) commit 9032ad78bb58f2567fc95125ee69cde7b74c0a21 Merge: 86ef0be 46d0703 22b1ae6 512fb1b 37f69f4 4fa354c Author: Doug Ledford Date: Wed Dec 14 14:44:47 2016 -0500 Merge branches 'misc', 'qedr', 'reject-helpers', 'rxe' and 'srp' into merge-test commit 86ef0beaa0bdbec70d4261977b8b4a100fe54bfe Merge: 253f8b2 7ceb740 Author: Doug Ledford Date: Wed Dec 14 14:44:25 2016 -0500 Merge branch 'mlx' into merge-test commit 253f8b22e0ad643edafd75e831e5c765732877f5 Merge: 884fa4f 22dccc5 Author: Doug Ledford Date: Wed Dec 14 14:44:08 2016 -0500 Merge branch 'hfi1' into merge-test commit 884fa4f3048c4c43facfa6ba3b710169f7ee162c Merge: 15f7e3c f73a1db 4d40995 d6f7bbc Author: Doug Ledford Date: Wed Dec 14 14:43:14 2016 -0500 Merge branches 'chelsio', 'debug-cleanup', 'hns' and 'i40iw' into merge-test commit 46d0703fac3ffa12ec36f22f386d96d0f474c9c2 Author: Pan Bian Date: Sun Dec 4 14:45:38 2016 +0800 IB/mlx4: fix improper return value If uhw->inlen is non-zero, the value of variable err is 0 if the copy succeeds. Then, if kzalloc() or kmalloc() returns a NULL pointer, it will return 0 to the callers. As a result, the callers cannot detect the errors. This patch fixes the bug, assign "-ENOMEM" to err before the NULL pointer checks, and remove the initialization of err at the beginning. Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=189031 Signed-off-by: Pan Bian Reviewed-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/mlx4/main.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 5b4c9cd7e4790f37b595aeb4bf6fcbf7e3ba9e2c Author: Pan Bian Date: Sat Dec 3 21:10:21 2016 +0800 IB/ocrdma: fix bad initialization In function ocrdma_mbx_create_ah_tbl(), returns the value of status on errors. However, because status is initialized with 0, 0 will be returned even if on error paths. This patch initialize status with "-ENOMEM". Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=188831 Signed-off-by: Pan Bian Reviewed-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/ocrdma/ocrdma_hw.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 6a3a1056d66e6a64446930b0d9de2430d835d38f Author: Zhouyi Zhou Date: Wed Dec 7 15:30:05 2016 +0800 infiniband: nes: return value of skb_linearize should be handled Return value of skb_linearize should be handled in function nes_netdev_start_xmit. Compiled in x86_64 Signed-off-by: Zhouyi Zhou Reviewed-by: Yuval Shaia Reviewed-by: Eric Dumazet Signed-off-by: Doug Ledford drivers/infiniband/hw/nes/nes_nic.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) commit 3b9d9650096921f27086d8e0a66eba277f7badba Author: Shiraz Saleem Date: Mon Dec 5 11:28:32 2016 -0600 MAINTAINERS: Update Intel RDMA RNIC driver maintainers Signed-off-by: Shiraz Saleem Signed-off-by: Faisal Latif Signed-off-by: Doug Ledford MAINTAINERS | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) commit f93146c82a589e9e7a3053cede927b00a0212a54 Author: Leon Romanovsky Date: Sun Dec 4 08:47:46 2016 +0200 MAINTAINERS: Remove Mitesh Ahuja from emulex maintainers Remove Mitesh Ahuja from maintainers file. This email address seems not active and causes to mail bounces during submissions. Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford MAINTAINERS | 1 - 1 file changed, 1 deletion(-) commit 7ae123edd37a47e178eb9a6631fe4a7108262c10 Merge: bbcd9c5 cc31e9b Author: Linus Torvalds Date: Wed Dec 14 11:22:26 2016 -0800 Merge tag 'acpi-urgent-4.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull two ACPI CPPC fixes from Rafael Wysocki: "One of them fixes a crash in KVM encountered by Sebastian in linux-next and introduced by a recent intel_pstate change that caused the driver to use the ACPI CPPC code and uncovered a missing NULL pointer check in it. The other one fixes a possible use-after-free in the same code area. Summary: - Fix a crash in KVM encountered in linux-next and introduced by a recent intel_pstate change that caused the driver to use the ACPI CPPC code and uncovered a missing NULL pointer check in it (Sebastian Andrzej Siewior). - Fix a possible use-after-free in the same code area (Rafael Wysocki)" * tag 'acpi-urgent-4.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: ACPI / CPPC: Fix per-CPU pointer management in acpi_cppc_processor_probe() ACPI / CPPC: Fix crash in acpi_cppc_processor_exit() commit 17069d32a3408e69d257a3fe26f08de0336d958d Author: Sebastian Ott Date: Fri Dec 2 14:45:26 2016 +0100 IB/core: fix unmap_sg argument __ib_umem_release calls dma_unmap_sg with a different number of sg_entries than ib_umem_get uses for dma_map_sg. This might cause trouble for implementations that merge sglist entries and results in the following dma debug complaint: DMA-API: device driver frees DMA sg list with different entry count [map count=2] [unmap count=1] Fix it by using the correct value. Signed-off-by: Sebastian Ott Signed-off-by: Doug Ledford drivers/infiniband/core/umem.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit bbcd9c53c743cfee9feb0ee3b25070691d76c5ee Merge: ce38207 6480af4 Author: Linus Torvalds Date: Wed Dec 14 11:18:51 2016 -0800 Merge tag 'for-v4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/sre/linux-power-supply Pull power supply and reset updates from Sebastian Reichel: - new driver for Intel PIIX4 - lots of module autoload fixes - misc fixes * tag 'for-v4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/sre/linux-power-supply: power_supply: wm97xx_battery: use power_supply_get_drvdata wm8350_power: use permission-specific DEVICE_ATTR variants power: ipaq_micro_battery: fix alias power: supply: bq27xxx_battery: Fix register map for BQ27510 and BQ27520 bq24190_charger: Fix PM runtime use for bq24190_battery_set_property power: supply: lp8788: remove an unneeded NULL check power: reset: zx-reboot: Fix module autoload power: reset: syscon-reboot-mode: Fix module autoload power: reset: at91-poweroff: Fix module autoload power: reset: at91-reset: Fix module autoload power: supply: axp288_fuel_gauge: Fix module autoload power: supply: max8997_charger: Fix module autoload power: supply: max17040: Change register transaction length from 8 bits to 16 bits power: supply: bq27xxx_battery: don't update poll_interval param if same power: supply: improve function-level documentation power: reset: Add Intel PIIX4 poweroff driver commit 22b1ae6169e3cb9e33ba549a0c07a0cc469143d7 Author: Amrani, Ram Date: Wed Nov 23 08:03:04 2016 +0000 qede: fix general protection fault may occur on probe The recent introduction of qedr driver support in qede causes a GPF when probing the driver in a server without a RoCE enabled QLogic NIC. This fix avoids using an uninitialized pointer in such a case. Caught by the kernel test robot. Signed-off-by: Ram Amrani Signed-off-by: Doug Ledford drivers/net/ethernet/qlogic/qede/qede_roce.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit ce38207f161513ee3d2bd3860489f07ebe65bc78 Merge: a9042de 995c6a7 Author: Linus Torvalds Date: Wed Dec 14 11:14:28 2016 -0800 Merge tag 'sound-4.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound Pull sound updates from Takashi Iwai: "No dramatic changes are found in this development cycle, but as usual, many commits are applied in a wide range of drivers. Most of big changes are in ASoC, where a few bits of framework work and quite a lot of cleanups and improvements to existing code have been done. The rest are usual stuff, a few HD-audio and USB-audio quirks and fixes, as well as the drop of kthread usages in the whole subsystem. Below are some highlights: ASoC: - support for stereo DAPM controls - some initial work on the of-graph sound card - regmap conversions of the remaining AC'97 drivers - a new version of the topology ABI; this should be backward compatible - updates / cleanups of rsnd, sunxi, sti, nau8825, samsung, arizona, Intel skylake, atom-sst - new drivers for Cirrus Logic CS42L42, Qualcomm MSM8916-WCD, and Realtek RT5665 USB-audio: - yet another race fix at disconnection - tolerated packet size calculation for some Android devices - quirks for Axe-Fx II, QuickCam, TEAC 501/503 HD-audio: - improvement of Dell pin fixup mapping - quirks for HP Z1 Gen3, Alienware 15 R2 2016 and ALC622 headset mic Misc: - replace all kthread usages with simple works" * tag 'sound-4.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound: (296 commits) ALSA: hiface: Fix M2Tech hiFace driver sampling rate change ALSA: usb-audio: Eliminate noise at the start of DSD playback. ALSA: usb-audio: Add native DSD support for TEAC 501/503 DAC ASoC: wm_adsp: wm_adsp_buf_alloc should use kfree in error path ASoC: topology: avoid uninitialized kcontrol_type ALSA: usb-audio: Add QuickCam Communicate Deluxe/S7500 to volume_control_quirks ALSA: usb-audio: add implicit fb quirk for Axe-Fx II ASoC: zte: spdif: correct ZX_SPDIF_CLK_RAT define ASoC: zte: spdif and i2s drivers are not zx296702 specific ASoC: rsnd: setup BRGCKR/BRRA/BRRB when starting ASoC: rsnd: enable/disable ADG when suspend/resume timing ASoC: rsnd: tidyup ssi->usrcnt counter check in hw_params ALSA: cs46xx: add a new line ASoC: Intel: update bxt_da7219_max98357a to support quad ch dmic capture ASoC: nau8825: disable sinc filter for high THD of ADC ALSA: usb-audio: more tolerant packetsize ALSA: usb-audio: avoid setting of sample rate multiple times on bus ASoC: cs35l34: Simplify the logic to set CS35L34_MCLK_CTL setting ALSA: hda - Gate the mic jack on HP Z1 Gen3 AiO ALSA: hda: when comparing pin configurations, ignore assoc in addition to seq ... commit a9042defa29a01cc538b742eab047848e9b5ae14 Merge: 6960d58 74dcba3 Author: Linus Torvalds Date: Wed Dec 14 11:12:25 2016 -0800 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial Pull trivial updates from Jiri Kosina. * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial: NTB: correct ntb_spad_count comment typo misc: ibmasm: fix typo in error message Remove references to dead make variable LINUX_INCLUDE Remove last traces of ikconfig.h treewide: Fix printk() message errors Documentation/device-mapper: s/getsize/getsz/ commit 6960d58240190a885c09e784b8dcc1345951a7c8 Merge: f39fdf2 5902495 Author: Linus Torvalds Date: Wed Dec 14 11:10:32 2016 -0800 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/livepatching Pull livepatch update from Jiri Kosina: "This is just a small documentation update (as the work on the hybrid model is still underway)" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/livepatching: Documentation/livepatch: Fix stale link to gmame commit f39fdf2ab846ecc636d6272b47f28a05a2052a14 Merge: 775a2e2 96e132e Author: Linus Torvalds Date: Wed Dec 14 11:08:25 2016 -0800 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid Pull HID updates from Jiri Kosina: - support for new Wacom "MobileStudio Pro" class of tablets from Jason Gerecke - Microsoft Surface 3 support from Benjamin Tissoires and Microsoft Surface 4 support from Daniel Keller - uDraw PS3 tablet support from Bastien Nocera - timeout scheduling fixes for intel-ish-hid from Even Xu - HID_QUIRK_MULTI_INPUT in order to simplify LED handling from Benjamin Tissoires - support for Sony DS4 dongle and various other fixes to Sony driver from Roderick Colenbrander - other assorted smaller fixes and device ID additions * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid: (63 commits) HID: fix missing irq field HID: i2c-hid: fix build HID: i2c-hid: Disable IRQ before freeing buffers HID: usbhid: fix improper return value HID: wacom: generic: Don't sync input on empty input packets HID: wacom: generic: Pad supports more than buttons HID: wacom: generic: Send data only when the interface is defined HID: wacom: generic: Don't return a value for wacom_wac_event HID: intel_ish-hid: use %pUL for uuid formatting HID: cp2112: explicitly require irqchip support in gpiolib HID: asus: Add i2c touchpad support HID: intel-ish-hid: Fix potential race condition HID: sony: Support DS4 dongle HID: sony: Comply to Linux gamepad spec for DS4 HID: sony: Make the DS4 touchpad a separate device HID: sony: Fix memory issue when connecting device using both Bluetooth and USB HID: cp2112: add IRQ chip handling HID: i2c-hid: force the IRQ level trigger only when not set HID: multitouch: do not retrieve all reports for all devices HID: multitouch: enable the Surface 3 Type Cover to report multitouch data ... commit 775a2e29c3bbcf853432f47d3caa9ff8808807ad Merge: 2a4c32e ef548c5 Author: Linus Torvalds Date: Wed Dec 14 11:01:00 2016 -0800 Merge tag 'dm-4.10-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm Pull device mapper updates from Mike Snitzer: - various fixes and improvements to request-based DM and DM multipath - some locking improvements in DM bufio - add Kconfig option to disable the DM block manager's extra locking which mainly serves as a developer tool - a few bug fixes to DM's persistent-data - a couple changes to prepare for multipage biovec support in the block layer - various improvements and cleanups in the DM core, DM cache, DM raid and DM crypt - add ability to have DM crypt use keys from the kernel key retention service - add a new "error_writes" feature to the DM flakey target, reads are left unchanged in this mode * tag 'dm-4.10-changes' of git://git.kernel.org/pub/scm/linux/kernel/git/device-mapper/linux-dm: (40 commits) dm flakey: introduce "error_writes" feature dm cache policy smq: use hash_32() instead of hash_32_generic() dm crypt: reject key strings containing whitespace chars dm space map: always set ev if sm_ll_mutate() succeeds dm space map metadata: skip useless memcpy in metadata_ll_init_index() dm space map metadata: fix 'struct sm_metadata' leak on failed create Documentation: dm raid: define data_offset status field dm raid: fix discard support regression dm raid: don't allow "write behind" with raid4/5/6 dm mpath: use hw_handler_params if attached hw_handler is same as requested dm crypt: add ability to use keys from the kernel key retention service dm array: remove a dead assignment in populate_ablock_with_values() dm ioctl: use offsetof() instead of open-coding it dm rq: simplify use_blk_mq initialization dm: use blk_set_queue_dying() in __dm_destroy() dm bufio: drop the lock when doing GFP_NOIO allocation dm bufio: don't take the lock in dm_bufio_shrink_count dm bufio: avoid sleeping while holding the dm_bufio lock dm table: simplify dm_table_determine_type() dm table: an 'all_blk_mq' table must be loaded for a blk-mq DM device ... commit 7ceb740c540dde362b3055ad92c6a38009eb7a83 Author: Souptick Joarder Date: Fri Dec 2 00:11:59 2016 +0530 IB/mthca: Replace pci_pool_alloc by pci_pool_zalloc In mthca_create_ah(), pci_pool_alloc() followed by memset will be replaced by pci_pool_zalloc() Signed-off-by: Souptick joarder Reviewed-by: Yuval Shaia Signed-off-by: Doug Ledford drivers/infiniband/hw/mthca/mthca_av.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) commit 2a4c32edd39b7de166e723b1991abcde4db3a701 Merge: b9f98bd 2073773 Author: Linus Torvalds Date: Wed Dec 14 10:58:17 2016 -0800 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/shli/md Pull MD updates from Shaohua Li: - a raid5 writeback cache feature. The goal is to aggregate writes to make full stripe write and reduce read-modify-write. It's helpful for workload which does sequential write and follows fsync for example. This feature is experimental and off by default right now. - FAILFAST support. This fails IOs to broken raid disks quickly, so can improve latency. It's mainly for DASD storage, but some patches help normal raid array too. - support bad block for raid array with external metadata - AVX2 instruction support for raid6 parity calculation - normalize MD info output - add missing blktrace - other bug fixes * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/shli/md: (66 commits) md: separate flags for superblock changes md: MD_RECOVERY_NEEDED is set for mddev->recovery md: takeover should clear unrelated bits md/r5cache: after recovery, increase journal seq by 10000 md/raid5-cache: fix crc in rewrite_data_only_stripes() md/raid5-cache: no recovery is required when create super-block md: fix refcount problem on mddev when stopping array. md/r5cache: do r5c_update_log_state after log recovery md/raid5-cache: adjust the write position of the empty block if no data blocks md/r5cache: run_no_space_stripes() when R5C_LOG_CRITICAL == 0 md/raid5: limit request size according to implementation limits md/raid5-cache: do not need to set STRIPE_PREREAD_ACTIVE repeatedly md/raid5-cache: remove the unnecessary next_cp_seq field from the r5l_log md/raid5-cache: release the stripe_head at the appropriate location md/raid5-cache: use ring add to prevent overflow md/raid5-cache: remove unnecessary function parameters raid5-cache: don't set STRIPE_R5C_PARTIAL_STRIPE flag while load stripe into cache raid5-cache: add another check conditon before replaying one stripe md/r5cache: enable IRQs on error path md/r5cache: handle alloc_page failure ... commit b9f98bd4034a3196ff068eb0fa376c5f41077480 Merge: a829a84 f397c8d Author: Linus Torvalds Date: Wed Dec 14 10:55:56 2016 -0800 Merge tag 'mmc-v4.10-2' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc Pull another MMC update from Ulf Hansson: "Here's a second pull request for MMC for v4.10. As a matter of fact it's only one change that moves some mmc files around. I thought it was a good idea to get this into v4.10, as it gives us a nice and fresh base for v4.11. Summary: MMC core: - Move files from the card directory to the core directory to enable future clean-ups of the generic mmc header files and interfaces" * tag 'mmc-v4.10-2' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc: mmc: block: Move files to core commit a829a8445f09036404060f4d6489cb13433f4304 Merge: 84b6079 f5b893c Author: Linus Torvalds Date: Wed Dec 14 10:49:33 2016 -0800 Merge tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi Pull SCSI updates from James Bottomley: "This update includes the usual round of major driver updates (ncr5380, lpfc, hisi_sas, megaraid_sas, ufs, ibmvscsis, mpt3sas). There's also an assortment of minor fixes, mostly in error legs or other not very user visible stuff. The major change is the pci_alloc_irq_vectors replacement for the old pci_msix_.. calls; this effectively makes IRQ mapping generic for the drivers and allows blk_mq to use the information" * tag 'scsi-misc' of git://git.kernel.org/pub/scm/linux/kernel/git/jejb/scsi: (256 commits) scsi: qla4xxx: switch to pci_alloc_irq_vectors scsi: hisi_sas: support deferred probe for v2 hw scsi: megaraid_sas: switch to pci_alloc_irq_vectors scsi: scsi_devinfo: remove synchronous ALUA for NETAPP devices scsi: be2iscsi: set errno on error path scsi: be2iscsi: set errno on error path scsi: hpsa: fallback to use legacy REPORT PHYS command scsi: scsi_dh_alua: Fix RCU annotations scsi: hpsa: use %phN for short hex dumps scsi: hisi_sas: fix free'ing in probe and remove scsi: isci: switch to pci_alloc_irq_vectors scsi: ipr: Fix runaway IRQs when falling back from MSI to LSI scsi: dpt_i2o: double free on error path scsi: cxlflash: Migrate scsi command pointer to AFU command scsi: cxlflash: Migrate IOARRIN specific routines to function pointers scsi: cxlflash: Cleanup queuecommand() scsi: cxlflash: Cleanup send_tmf() scsi: cxlflash: Remove AFU command lock scsi: cxlflash: Wait for active AFU commands to timeout upon tear down scsi: cxlflash: Remove private command pool ... commit 1974ab9d9d5b6eeafa629f793fdf59958646cb9d Author: Bart Van Assche Date: Mon Dec 5 17:19:52 2016 -0800 mlx5, calc_sq_size(): Make a debug message more informative Make it clear that qp->sq.wqe_cnt is not the number of WQEs. Signed-off-by: Bart Van Assche Cc: Eli Cohen Acked-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/mlx5/qp.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 3d6bdf1625857ba50f433bd140dada387432f051 Author: Bart Van Assche Date: Mon Dec 5 17:18:27 2016 -0800 mlx5: Remove a set-but-not-used variable This has been detected by building the mlx5 driver with W=1. Fixes: 1a412fb1caa2 ('net/mlx5: Fixes: 1a412fb1caa2 (IB/mlx5: Modify QP commands via mlx5 ifc') Signed-off-by: Bart Van Assche Cc: Eli Cohen Acked-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/mlx5/qp.c | 7 ------- 1 file changed, 7 deletions(-) commit 626bc02d4d33510b6ecb6f37c577f844cc6cfc57 Author: Bart Van Assche Date: Mon Dec 5 17:18:08 2016 -0800 mlx5: Use { } instead of { 0 } to init struct Detected by sparse. Signed-off-by: Bart Van Assche Cc: Eli Cohen Signed-off-by: Doug Ledford drivers/infiniband/hw/mlx5/main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 4fa354c9dbfef9226a690d8ee319b046f3067a6a Author: Bart Van Assche Date: Mon Nov 21 13:58:18 2016 -0800 IB/srp: Make writing the add_target sysfs attr interruptible Avoid that shutdown of srp_daemon is delayed if add_target_mutex is held by another process. Signed-off-by: Bart Van Assche Signed-off-by: Doug Ledford drivers/infiniband/ulp/srp/ib_srp.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit 290081b45342ef902ed756f929fa9e4feb9f7dab Author: Bart Van Assche Date: Mon Nov 21 13:57:41 2016 -0800 IB/srp: Make mapping failures easier to debug Make it easier to figure out what is going on if memory mapping fails because more memory regions than mr_per_cmd are needed. Signed-off-by: Bart Van Assche Signed-off-by: Doug Ledford drivers/infiniband/ulp/srp/ib_srp.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) commit 3787d9908c4e05af0322613fe7f8c617c1ddb1d5 Author: Bart Van Assche Date: Mon Nov 21 13:57:24 2016 -0800 IB/srp: Make login failures easier to debug If login fails because memory region allocation failed it can be hard to figure out what happened. Make it easier to figure out why login failed by logging a message if ib_alloc_mr() fails. Signed-off-by: Bart Van Assche Signed-off-by: Doug Ledford drivers/infiniband/ulp/srp/ib_srp.c | 3 +++ 1 file changed, 3 insertions(+) commit 042dd765bdf401c0ccdeb16717b0c2a0b1405f18 Author: Bart Van Assche Date: Mon Nov 21 13:57:07 2016 -0800 IB/srp: Introduce a local variable in srp_add_one() This patch makes the srp_add_one() code more compact and does not change any functionality. Signed-off-by: Bart Van Assche Signed-off-by: Doug Ledford drivers/infiniband/ulp/srp/ib_srp.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) commit 1a1faf7a8a251d134d375b7783a614ee79e932f2 Author: Bart Van Assche Date: Mon Nov 21 13:56:46 2016 -0800 IB/srp: Fix CONFIG_DYNAMIC_DEBUG=n build Avoid that the kernel build fails as follows if dynamic debug support is disabled: drivers/infiniband/ulp/srp/ib_srp.c:2272:3: error: implicit declaration of function 'DEFINE_DYNAMIC_DEBUG_METADATA' drivers/infiniband/ulp/srp/ib_srp.c:2272:33: error: 'ddm' undeclared (first use in this function) drivers/infiniband/ulp/srp/ib_srp.c:2275:39: error: '_DPRINTK_FLAGS_PRINT' undeclared (first use in this function) Signed-off-by: Bart Van Assche Signed-off-by: Doug Ledford drivers/infiniband/ulp/srp/ib_srp.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) commit 84b6079134420f4635f23c2088a3892057b23bb0 Merge: 5084fdf e16769d Author: Linus Torvalds Date: Wed Dec 14 10:31:25 2016 -0800 Merge tag 'configfs-for-4.10' of git://git.infradead.org/users/hch/configfs Pull configfs update from Christoph Hellwig: "Just one simple change from Andrzej to drop the pointless return value from the ->drop_link method" * tag 'configfs-for-4.10' of git://git.infradead.org/users/hch/configfs: fs: configfs: don't return anything from drop_link commit d3a2418ee36a59bc02e9d454723f3175dcf4bfd9 Author: Bart Van Assche Date: Mon Nov 21 10:22:17 2016 -0800 IB/multicast: Check ib_find_pkey() return value This patch avoids that Coverity complains about not checking the ib_find_pkey() return value. Fixes: commit 547af76521b3 ("IB/multicast: Report errors on multicast groups if P_key changes") Signed-off-by: Bart Van Assche Cc: Sean Hefty Cc: Signed-off-by: Doug Ledford drivers/infiniband/core/multicast.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) commit 11b642b84e8c43e8597de031678d15c08dd057bc Author: Bart Van Assche Date: Mon Nov 21 10:21:41 2016 -0800 IPoIB: Avoid reading an uninitialized member variable This patch avoids that Coverity reports the following: Using uninitialized value port_attr.state when calling printk Fixes: commit 94232d9ce817 ("IPoIB: Start multicast join process only on active ports") Signed-off-by: Bart Van Assche Cc: Erez Shitrit Cc: Reviewed-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/ulp/ipoib/ipoib_multicast.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) commit 2fe2f378dd45847d2643638c07a7658822087836 Author: Bart Van Assche Date: Mon Nov 21 10:21:17 2016 -0800 IB/mad: Fix an array index check The array ib_mad_mgmt_class_table.method_table has MAX_MGMT_CLASS (80) elements. Hence compare the array index with that value instead of with IB_MGMT_MAX_METHODS (128). This patch avoids that Coverity reports the following: Overrunning array class->method_table of 80 8-byte elements at element index 127 (byte offset 1016) using index convert_mgmt_class(mad_hdr->mgmt_class) (which evaluates to 127). Fixes: commit b7ab0b19a85f ("IB/mad: Verify mgmt class in received MADs") Signed-off-by: Bart Van Assche Cc: Sean Hefty Cc: Reviewed-by: Hal Rosenstock Signed-off-by: Doug Ledford drivers/infiniband/core/mad.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 533c7b69c764ad5febb3e716899f43a75564fcab Author: Richard Guy Briggs Date: Tue Dec 13 10:03:01 2016 -0500 audit: use proper refcount locking on audit_sock Resetting audit_sock appears to be racy. audit_sock was being copied and dereferenced without using a refcount on the source sock. Bump the refcount on the underlying sock when we store a refrence in audit_sock and release it when we reset audit_sock. audit_sock modification needs the audit_cmd_mutex. See: https://lkml.org/lkml/2016/11/26/232 Thanks to Eric Dumazet and Cong Wang on ideas how to fix it. Signed-off-by: Richard Guy Briggs Reviewed-by: Cong Wang [PM: fixed the comment block text formatting for auditd_reset()] Signed-off-by: Paul Moore kernel/audit.c | 30 ++++++++++++++++++++++++------ 1 file changed, 24 insertions(+), 6 deletions(-) commit fba143c66abb81307a450679f38ab953fe96a413 Author: Paul Moore Date: Tue Nov 29 16:57:48 2016 -0500 netns: avoid disabling irq for netns id Bring back commit bc51dddf98c9 ("netns: avoid disabling irq for netns id") now that we've fixed some audit multicast issues that caused problems with original attempt. Additional information, and history, can be found in the links below: * https://github.com/linux-audit/audit-kernel/issues/22 * https://github.com/linux-audit/audit-kernel/issues/23 Signed-off-by: Cong Wang Signed-off-by: Paul Moore net/core/net_namespace.c | 35 +++++++++++++++-------------------- 1 file changed, 15 insertions(+), 20 deletions(-) commit a09cfa470817ac086cf68418da13a2b91c2744ef Author: Paul Moore Date: Tue Nov 29 16:53:26 2016 -0500 audit: don't ever sleep on a command record/message Sleeping on a command record/message in audit_log_start() could slow something, e.g. auditd, from doing something important, e.g. clean shutdown, which could present problems on a heavily loaded system. This patch allows tasks to bypass any queue restrictions if they are logging a command record/message. Signed-off-by: Paul Moore kernel/audit.c | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) commit 6c54e7899693dee3db67ea996e9be0e10f67920f Author: Paul Moore Date: Tue Nov 29 16:53:26 2016 -0500 audit: handle a clean auditd shutdown with grace When auditd stops cleanly it sets 'auditd_pid' to 0 with an AUDIT_SET message, in this case we should reset our backlog queues via the auditd_reset() function. This patch also adds a 'auditd_pid' check to the top of kauditd_send_unicast_skb() so we can fail quicker. Signed-off-by: Paul Moore kernel/audit.c | 6 ++++++ 1 file changed, 6 insertions(+) commit e1d166212894d9d959a601c4802882b877bb420a Author: Paul Moore Date: Tue Nov 29 16:53:25 2016 -0500 audit: wake up kauditd_thread after auditd registers This patch was suggested by Richard Briggs back in 2015, see the link to the mail archive below. Unfortunately, that patch is no longer even remotely valid due to other changes to the code. * https://www.redhat.com/archives/linux-audit/2015-October/msg00075.html Suggested-by: Richard Guy Briggs Signed-off-by: Paul Moore kernel/audit.c | 1 + 1 file changed, 1 insertion(+) commit 3197542482df22c2a131d4a813280bd7c54cedf5 Author: Paul Moore Date: Tue Nov 29 16:53:25 2016 -0500 audit: rework audit_log_start() The backlog queue handling in audit_log_start() is a little odd with some questionable design decisions, this patch attempts to rectify this with the following changes: * Never make auditd wait, ignore any backlog limits as we need auditd awake so it can drain the backlog queue. * When we hit a backlog limit and start dropping records, don't wake all the tasks sleeping on the backlog, that's silly. Instead, let kauditd_thread() take care of waking everyone once it has had a chance to drain the backlog queue. * Don't keep a global backlog timeout countdown, make it per-task. A per-task timer means we won't have all the sleeping tasks waking at the same time and hammering on an already stressed backlog queue. Signed-off-by: Paul Moore kernel/audit.c | 92 +++++++++++++++++++++++----------------------------------- 1 file changed, 36 insertions(+), 56 deletions(-) commit c6480207fdf7b61de216ee23e93eac0a6878fa74 Author: Paul Moore Date: Tue Nov 29 16:53:25 2016 -0500 audit: rework the audit queue handling The audit record backlog queue has always been a bit of a mess, and the moving the multicast send into kauditd_thread() from audit_log_end() only makes things worse. This patch attempts to fix the backlog queue with a better design that should hold up better under load and have less of a performance impact at syscall invocation time. While it looks like there is a log going on in this patch, the main change is the move from a single backlog queue to three queues: * A queue for holding records generated from audit_log_end() that haven't been consumed by kauditd_thread() (audit_queue). * A queue for holding records that have been sent via multicast but had a temporary failure when sending via unicast and need a resend (audit_retry_queue). * A queue for holding records that haven't been sent via unicast because no one is listening (audit_hold_queue). Special care is taken in this patch to ensure that the proper record ordering is preserved, e.g. we send everything in the hold queue first, then the retry queue, and finally the main queue. Signed-off-by: Paul Moore kernel/audit.c | 347 +++++++++++++++++++++++++++++++++++++-------------------- 1 file changed, 226 insertions(+), 121 deletions(-) commit af8b824f283de5acc9b9ae8dbb60e4adacff721b Author: Paul Moore Date: Tue Nov 29 16:53:24 2016 -0500 audit: rename the queues and kauditd related functions The audit queue names can be shortened and the record sending helpers associated with the kauditd task could be named better, do these small cleanups now to make life easier once we start reworking the queues and kauditd code. Signed-off-by: Paul Moore kernel/audit.c | 40 ++++++++++++++++++++-------------------- 1 file changed, 20 insertions(+), 20 deletions(-) commit 4aa83872d346806d9b54768aa0d1329050542bad Author: Paul Moore Date: Tue Nov 29 16:53:24 2016 -0500 audit: queue netlink multicast sends just like we do for unicast sends Sending audit netlink multicast messages is bad for all the same reasons that sending audit netlink unicast messages is bad, so this patch reworks things so that we don't do the multicast send in audit_log_end(), we do it from the dedicated kauditd_thread thread just as we do for unicast messages. See the GitHub issues below for more information/history: * https://github.com/linux-audit/audit-kernel/issues/23 * https://github.com/linux-audit/audit-kernel/issues/22 Signed-off-by: Paul Moore kernel/audit.c | 70 +++++++++++++++++++++++++++++----------------------------- 1 file changed, 35 insertions(+), 35 deletions(-) commit 6c9255645350ce2aecb7c3cd032d0e93d4a7a71a Author: Paul Moore Date: Tue Nov 29 16:53:23 2016 -0500 audit: fixup audit_init() Make sure everything is initialized before we start the kauditd_thread and don't emit the "initialized" record until everything is finished. We also panic with a descriptive message if we can't start the kauditd_thread. Signed-off-by: Paul Moore kernel/audit.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) commit 55a6f170a413cd8dc7a3a52e5a326e1a87579b4f Author: Richard Guy Briggs Date: Tue Nov 29 16:53:23 2016 -0500 audit: move kaudit thread start from auditd registration to kaudit init (#2) Richard made this change some time ago but Eric backed it out because the rest of the supporting code wasn't ready. In order to move the netlink multicast send to kauditd_thread we need to ensure the kauditd_thread is always running, so restore commit 6ff5e459 ("audit: move kaudit thread start from auditd registration to kaudit init"). Signed-off-by: Richard Guy Briggs [PM: brought forward and merged based on Richard's old patch] Signed-off-by: Paul Moore kernel/audit.c | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) commit b42dde478bcaa8113b0d1cd82ad0048372c5599d Author: Bart Van Assche Date: Mon Nov 14 08:44:11 2016 -0800 IB/mlx4: Rework special QP creation error path The special QP creation error path relies on offset_of(struct mlx4_ib_sqp, qp) == 0. Remove this assumption because that makes the QP creation code easier to understand. Signed-off-by: Bart Van Assche Cc: Yishai Hadas Reviewed-by: Laurence Oberman Reviewed-by: Yishai Hadas Signed-off-by: Doug Ledford drivers/infiniband/hw/mlx4/qp.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit 0d38c240f97602d9a4553252bb710521f49bb264 Author: Bart Van Assche Date: Fri Nov 11 16:36:06 2016 -0800 IB/srpt: Report login failures only once Report the following message only once if no ACL has been configured yet for an initiator port: "Rejected login because no ACL has been configured yet for initiator %s.\n" Signed-off-by: Bart Van Assche Cc: Nicholas Bellinger Cc: Christoph Hellwig Cc: Sagi Grimberg Reviewed-by: Max Gurtovoy Signed-off-by: Doug Ledford drivers/infiniband/ulp/srpt/ib_srpt.c | 22 +++++++++------------- 1 file changed, 9 insertions(+), 13 deletions(-) commit 5f4c7e4eb5f36974ed46a485290f5d01ace5fdba Author: Julia Lawall Date: Fri Nov 11 20:04:26 2016 +0100 IB/usnic: simplify IS_ERR_OR_NULL to IS_ERR The function usnic_ib_qp_grp_get_chunk only returns an ERR_PTR value or a valid pointer, never NULL. The same is true of get_qp_res_chunk, which just returns the result of calling usnic_ib_qp_grp_get_chunk. Simplify IS_ERR_OR_NULL to IS_ERR in both cases. The semantic patch that makes this change is as follows: (http://coccinelle.lip6.fr/) // @@ expression t,e; @@ t = \(usnic_ib_qp_grp_get_chunk(...)\|get_qp_res_chunk(...)\) ... when != t=e - IS_ERR_OR_NULL(t) + IS_ERR(t) @@ expression t,e,e1; @@ t = \(usnic_ib_qp_grp_get_chunk(...)\|get_qp_res_chunk(...)\) ... when != t=e ?- t ? PTR_ERR(t) : e1 + PTR_ERR(t) ... when any // Signed-off-by: Julia Lawall Reviewed-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/usnic/usnic_ib_qp_grp.c | 12 ++++++------ drivers/infiniband/hw/usnic/usnic_ib_verbs.c | 12 ++++++------ 2 files changed, 12 insertions(+), 12 deletions(-) commit 9315bc9a133011fdb084f2626b86db3ebb64661f Author: Hans Westgaard Ry Date: Fri Oct 28 13:14:29 2016 +0200 IB/core: Issue DREQ when receiving REQ/REP for stale QP from "InfiBand Architecture Specifications Volume 1": A QP is said to have a stale connection when only one side has connection information. A stale connection may result if the remote CM had dropped the connection and sent a DREQ but the DREQ was never received by the local CM. Alternatively the remote CM may have lost all record of past connections because its node crashed and rebooted, while the local CM did not become aware of the remote node's reboot and therefore did not clean up stale connections. and: A local CM may receive a REQ/REP for a stale connection. It shall abort the connection issuing REJ to the REQ/REP. It shall then issue DREQ with "DREQ:remote QPN” set to the remote QPN from the REQ/REP. This patch solves a problem with reuse of QPN. Current codebase, that is IPoIB, relies on a REAP-mechanism to do cleanup of the structures in CM. A problem with this is the timeconstants governing this mechanism; they are up to 768 seconds and the interface may look inresponsive in that period. Issuing a DREQ (and receiving a DREP) does the necessary cleanup and the interface comes up. Signed-off-by: Hans Westgaard Ry Reviewed-by: Håkon Bugge Reviewed-by: Sagi Grimberg Signed-off-by: Doug Ledford drivers/infiniband/core/cm.c | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) commit 24dc08c3c9891a79f2754f99b7bffe65745af0f3 Author: Philippe Reynes Date: Tue Oct 25 17:29:47 2016 +0200 IB/nes: use new api ethtool_{get|set}_link_ksettings The ethtool api {get|set}_settings is deprecated. We move this driver to new api {get|set}_link_ksettings. Signed-off-by: Philippe Reynes Signed-off-by: Doug Ledford drivers/infiniband/hw/nes/nes_nic.c | 76 ++++++++++++++++++++----------------- 1 file changed, 42 insertions(+), 34 deletions(-) commit def4a6ffc9d178d6bb14178f56873c4831fb05a7 Author: Alexey Khoroshilov Date: Sat Oct 22 01:01:21 2016 +0300 IB/isert: do not ignore errors in dma_map_single() There are several places, where errors in dma_map_single() are ignored. The patch fixes them. Found by Linux Driver Verification project (linuxtesting.org). Signed-off-by: Alexey Khoroshilov Acked-by: Sagi Grimberg Signed-off-by: Doug Ledford drivers/infiniband/ulp/isert/ib_isert.c | 6 ++++++ 1 file changed, 6 insertions(+) commit f6f0083cca66e673cca6fa26b52b107b5570081d Author: Colin Ian King Date: Tue Dec 13 10:28:12 2016 +0000 spi: armada-3700: fix unsigned compare than zero on irq spi->irq is an unsigned integer hence the check if status is less than zero has no effect. Fix this by replacing spi->irq with an int irq so the less than zero compare will correctly detect errors. Issue found with static analysis with CoverityScan, CID1388567 Signed-off-by: Colin Ian King Acked-by: Romain Perier Signed-off-by: Mark Brown drivers/spi/spi-armada-3700.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) commit 4286db8456f4fa0c6af2b6b9abc5991a7e7da69c Author: Simon Horman Date: Mon Dec 12 10:49:35 2016 +0100 spi: sh-msiof: Add R-Car Gen 2 and 3 fallback bindings In the case of Renesas R-Car hardware we know that there are generations of SoCs, e.g. Gen 2 and Gen 3. But beyond that it's not clear what the relationship between IP blocks might be. For example, I believe that r8a7790 is older than r8a7791 but that doesn't imply that the latter is a descendant of the former or vice versa. We can, however, by examining the documentation and behaviour of the hardware at run-time observe that the current driver implementation appears to be compatible with the IP blocks on SoCs within a given generation. For the above reasons and convenience when enabling new SoCs a per-generation fallback compatibility string scheme is being adopted for drivers for Renesas SoCs. Also: * Deprecate renesas,sh-msiof. It seems poorly named as it is only compatible with SH-Mobile. It also appears unused in mainline. Signed-off-by: Simon Horman Reviewed-by: Geert Uytterhoeven Signed-off-by: Mark Brown Documentation/devicetree/bindings/spi/sh-msiof.txt | 19 +++++++++++++------ drivers/spi/spi-sh-msiof.c | 4 +++- 2 files changed, 16 insertions(+), 7 deletions(-) commit 107177b14d8179f864315fc4daed9da777ed30c2 Author: Vineet Gupta Date: Fri Sep 30 16:13:28 2016 -0700 ARCv2: intc: default all interrupts to priority 1 ARC HS Cores support configurable multiple interrupt priorities of upto 16 levels. In commit dec2b2849cfcc ("ARCv2: intc: Allow interruption by lowest priority interrupt") we switched to 15 which seems a bit excessive given that there would be rare hardware implementing so many preemption levels AND running Linux. It would seem that 2 levels will be more common so switch to 1 as the default priority level. This will be the "lower" priority level saving 0 for implementing NMI style support. This scheme also works in systems with more than 2 prioity levels as well. Signed-off-by: Vineet Gupta arch/arc/include/asm/irqflags-arcv2.h | 6 +++--- arch/arc/kernel/intc-arcv2.c | 10 ++++------ 2 files changed, 7 insertions(+), 9 deletions(-) commit 78833e79d516901413d6e9278cbebf6116d62c78 Author: Vineet Gupta Date: Fri Sep 23 14:09:30 2016 -0700 ARCv2: entry: document intr disable in hard isr And while at it - use the proper assembler macro which includes the optional irq tracing already - de-uglify'ing the code a bit Signed-off-by: Vineet Gupta arch/arc/kernel/entry-arcv2.S | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) commit 5084fdf081739b7455c7aeecda6d7b83ec59c85f Merge: 09cb646 a551d7c Author: Linus Torvalds Date: Wed Dec 14 09:17:42 2016 -0800 Merge tag 'ext4_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4 Pull ext4 updates from Ted Ts'o: "This merge request includes the dax-4.0-iomap-pmd branch which is needed for both ext4 and xfs dax changes to use iomap for DAX. It also includes the fscrypt branch which is needed for ubifs encryption work as well as ext4 encryption and fscrypt cleanups. Lots of cleanups and bug fixes, especially making sure ext4 is robust against maliciously corrupted file systems --- especially maliciously corrupted xattr blocks and a maliciously corrupted superblock. Also fix ext4 support for 64k block sizes so it works well on ppcle. Fixed mbcache so we don't miss some common xattr blocks that can be merged" * tag 'ext4_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4: (86 commits) dax: Fix sleep in atomic contex in grab_mapping_entry() fscrypt: Rename FS_WRITE_PATH_FL to FS_CTX_HAS_BOUNCE_BUFFER_FL fscrypt: Delay bounce page pool allocation until needed fscrypt: Cleanup page locking requirements for fscrypt_{decrypt,encrypt}_page() fscrypt: Cleanup fscrypt_{decrypt,encrypt}_page() fscrypt: Never allocate fscrypt_ctx on in-place encryption fscrypt: Use correct index in decrypt path. fscrypt: move the policy flags and encryption mode definitions to uapi header fscrypt: move non-public structures and constants to fscrypt_private.h fscrypt: unexport fscrypt_initialize() fscrypt: rename get_crypt_info() to fscrypt_get_crypt_info() fscrypto: move ioctl processing more fully into common code fscrypto: remove unneeded Kconfig dependencies MAINTAINERS: fscrypto: recommend linux-fsdevel for fscrypto patches ext4: do not perform data journaling when data is encrypted ext4: return -ENOMEM instead of success ext4: reject inodes with negative size ext4: remove another test in ext4_alloc_file_blocks() Documentation: fix description of ext4's block_validity mount option ext4: fix checks for data=ordered and journal_async_commit options ... commit 22dccc5454a39427de7b87a080d026b6bf66a7b9 Author: Jim Foraker Date: Tue Nov 1 13:44:12 2016 -0700 IB/rdmavt: Only put mmap_info ref if it exists rvt_create_qp() creates qp->ip only when a qp creation request comes from userspace (udata is not NULL). If we exceed the number of available queue pairs however, the error path always attempts to put a kref to this structure. If the requestor is inside the kernel, this leads to a crash. We fix this by checking that qp->ip is not NULL before caling kref_put(). Signed-off-by: Jim Foraker Acked-by: Dennis Dalessandro Acked-by: Jonathan Toppins Acked-by: Alex Estrin Signed-off-by: Doug Ledford drivers/infiniband/sw/rdmavt/qp.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit f5eabf5e5129e8ab5b3e7f50b24444aca1680e64 Author: Petr Mladek Date: Wed Oct 19 14:07:20 2016 +0200 IB/rdmavt: Handle the kthread worker using the new API Use the new API to create and destroy the cq kthread worker. The API hides some implementation details. In particular, kthread_create_worker() allocates and initializes struct kthread_worker. It runs the kthread the right way and stores task_struct into the worker structure. In addition, the *on_cpu() variant binds the kthread to the given cpu and the related memory node. kthread_destroy_worker() flushes all pending works, stops the kthread and frees the structure. This patch does not change the existing behavior. Note that we must use the on_cpu() variant because the function starts the kthread and it must bind it to the right CPU before waking. The numa node is associated for given CPU as well. Signed-off-by: Petr Mladek Signed-off-by: Doug Ledford drivers/infiniband/sw/rdmavt/cq.c | 34 +++++++++++----------------------- 1 file changed, 11 insertions(+), 23 deletions(-) commit 6efaf10f163d9a60d1d4b2a049b194a53537ba1b Author: Petr Mladek Date: Wed Oct 19 14:07:19 2016 +0200 IB/rdmavt: Avoid queuing work into a destroyed cq kthread worker The memory barrier is not enough to protect queuing works into a destroyed cq kthread. Just imagine the following situation: CPU1 CPU2 rvt_cq_enter() worker = cq->rdi->worker; rvt_cq_exit() rdi->worker = NULL; smp_wmb(); kthread_flush_worker(worker); kthread_stop(worker->task); kfree(worker); // nothing queued yet => // nothing flushed and // happily stopped and freed if (likely(worker)) { // true => read before CPU2 acted cq->notify = RVT_CQ_NONE; cq->triggered++; kthread_queue_work(worker, &cq->comptask); BANG: worker has been flushed/stopped/freed in the meantime. This patch solves this by protecting the critical sections by rdi->n_cqs_lock. It seems that this lock is not much contended and looks reasonable for this purpose. One catch is that rvt_cq_enter() might be called from IRQ context. Therefore we must always take the lock with IRQs disabled to avoid a possible deadlock. Signed-off-by: Petr Mladek Signed-off-by: Doug Ledford drivers/infiniband/sw/rdmavt/cq.c | 30 ++++++++++++++++-------------- 1 file changed, 16 insertions(+), 14 deletions(-) commit e98172462f0b75ed60f3a73aa280fb29cafd450f Author: Arnd Bergmann Date: Tue Oct 25 18:16:20 2016 +0200 IB/mlx4: avoid a -Wmaybe-uninitialize warning There is an old warning about mlx4_SW2HW_EQ_wrapper on x86: ethernet/mellanox/mlx4/resource_tracker.c: In function ‘mlx4_SW2HW_EQ_wrapper’: ethernet/mellanox/mlx4/resource_tracker.c:3071:10: error: ‘eq’ may be used uninitialized in this function [-Werror=maybe-uninitialized] The problem here is that gcc won't track the state of the variable across a spin_unlock. Moving the assignment out of the lock is safe here and avoids the warning. Signed-off-by: Arnd Bergmann Reviewed-by: Yishai Hadas Signed-off-by: Doug Ledford drivers/net/ethernet/mellanox/mlx4/resource_tracker.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 14ab8896f5d993c5f427504276e3c42ccb3cc354 Author: Arnd Bergmann Date: Mon Oct 24 22:48:21 2016 +0200 IB/mlx5: avoid bogus -Wmaybe-uninitialized warning We get a false-positive warning in linux-next for the mlx5 driver: infiniband/hw/mlx5/mr.c: In function ‘mlx5_ib_reg_user_mr’: infiniband/hw/mlx5/mr.c:1172:5: error: ‘order’ may be used uninitialized in this function [-Werror=maybe-uninitialized] infiniband/hw/mlx5/mr.c:1161:6: note: ‘order’ was declared here infiniband/hw/mlx5/mr.c:1173:6: error: ‘ncont’ may be used uninitialized in this function [-Werror=maybe-uninitialized] infiniband/hw/mlx5/mr.c:1160:6: note: ‘ncont’ was declared here infiniband/hw/mlx5/mr.c:1173:6: error: ‘page_shift’ may be used uninitialized in this function [-Werror=maybe-uninitialized] infiniband/hw/mlx5/mr.c:1158:6: note: ‘page_shift’ was declared here infiniband/hw/mlx5/mr.c:1143:13: error: ‘npages’ may be used uninitialized in this function [-Werror=maybe-uninitialized] infiniband/hw/mlx5/mr.c:1159:6: note: ‘npages’ was declared here I had a trivial workaround for gcc-5 or higher, but that didn't work on gcc-4.9 unfortunately. The only way I found to avoid the warnings for gcc-4.9, short of initializing each of the arguments first was to change the calling conventions to separate the error code from the umem pointer. This avoids casting the error codes from one pointer to another incompatible pointer, and lets gcc figure out when that the data is actually valid whenever we return successfully. Acked-by: Leon Romanovsky Signed-off-by: Arnd Bergmann Signed-off-by: Doug Ledford drivers/infiniband/hw/mlx5/mr.c | 39 +++++++++++++++++++++------------------ 1 file changed, 21 insertions(+), 18 deletions(-) commit 09cb6464fe5e7fcd5177911429badd139c4481b7 Merge: 19d37ce c0ed440 Author: Linus Torvalds Date: Wed Dec 14 09:07:36 2016 -0800 Merge tag 'for-f2fs-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs Pull f2fs updates from Jaegeuk Kim: "This patch series contains several performance tuning patches regarding to the IO submission flow, in addition to supporting new features such as a ZBC-base drive and multiple devices. It also includes some major bug fixes such as: - checkpoint version control - fdatasync-related roll-forward recovery routine - memory boundary or null-pointer access in corner cases - missing error cases It has various minor clean-up patches as well" * tag 'for-f2fs-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs: (66 commits) f2fs: fix a missing size change in f2fs_setattr f2fs: fix to access nullified flush_cmd_control pointer f2fs: free meta pages if sanity check for ckpt is failed f2fs: detect wrong layout f2fs: call sync_fs when f2fs is idle Revert "f2fs: use percpu_counter for # of dirty pages in inode" f2fs: return AOP_WRITEPAGE_ACTIVATE for writepage f2fs: do not activate auto_recovery for fallocated i_size f2fs: fix to determine start_cp_addr by sbi->cur_cp_pack f2fs: fix 32-bit build f2fs: set ->owner for debugfs status file's file_operations f2fs: fix incorrect free inode count in ->statfs f2fs: drop duplicate header timer.h f2fs: fix wrong AUTO_RECOVER condition f2fs: do not recover i_size if it's valid f2fs: fix fdatasync f2fs: fix to account total free nid correctly f2fs: fix an infinite loop when flush nodes in cp f2fs: don't wait writeback for datas during checkpoint f2fs: fix wrong written_valid_blocks counting ... commit 35493294df1a1b06268a4e7b77b7a323772779f3 Author: Jason Gunthorpe Date: Thu Oct 27 10:51:17 2016 -0600 rdma UAPI: Use __kernel_sockaddr_storage The kernel side is #ifdef'd to this type, and the UAPI header should use it directly. It has slightly different alignment requirments from the usual user space version. Signed-off-by: Jason Gunthorpe Reviewed-by: Leon Romanovsky Signed-off-by: Doug Ledford include/uapi/rdma/rdma_user_cm.h | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) commit ba75d570b60c05cda21c0b43c5fbdc4e344f892d Author: Richard Weinberger Date: Wed Dec 14 11:09:25 2016 +0100 ubifs: Initialize fstr_real_len While fstr_real_len is only being used under if (encrypted), gcc-6 still warns. Fixes this false positive: fs/ubifs/dir.c: In function 'ubifs_readdir': fs/ubifs/dir.c:629:13: warning: 'fstr_real_len' may be used uninitialized in this function [-Wmaybe-uninitialized] fstr.len = fstr_real_len Initialize fstr_real_len to make gcc happy. Reported-by: Stephen Rothwell Signed-off-by: Richard Weinberger fs/ubifs/dir.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 512fb1b32bac02ebec50e5060f94dc1ad23ed28f Author: Steve Wise Date: Wed Oct 26 12:36:48 2016 -0700 nvmet_rdma: log the connection reject message Acked-by: Sagi Grimberg Signed-off-by: Steve Wise Reviewed-by: Christoph Hellwig Signed-off-by: Doug Ledford drivers/nvme/target/rdma.c | 3 +++ 1 file changed, 3 insertions(+) commit 1e38a366ee86ac2b7a8110775cb3353649b18b70 Author: Steve Wise Date: Wed Oct 26 12:36:48 2016 -0700 ib_isert: log the connection reject message Acked-by: Sagi Grimberg Signed-off-by: Steve Wise Reviewed-by: Christoph Hellwig Signed-off-by: Doug Ledford drivers/infiniband/ulp/isert/ib_isert.c | 2 ++ 1 file changed, 2 insertions(+) commit 39384f04d03e10986c783cd527555225ec592821 Author: Steve Wise Date: Wed Oct 26 12:36:48 2016 -0700 rds_rdma: log the connection reject message Acked-by: Santosh Shilimkar Signed-off-by: Steve Wise Signed-off-by: Doug Ledford net/rds/rdma_transport.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit 97540bb90acfab268b256a58c3e51cd06b2d1654 Author: Steve Wise Date: Wed Oct 26 12:36:47 2016 -0700 ib_iser: log the connection reject message Acked-by: Sagi Grimberg Signed-off-by: Steve Wise Reviewed-by: Christoph Hellwig Signed-off-by: Doug Ledford drivers/infiniband/ulp/iser/iser_verbs.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit 7f03953c2f28cdb9c31f3f1410ba5be1f385a693 Author: Steve Wise Date: Wed Oct 26 12:36:47 2016 -0700 nvme-rdma: use rdma connection reject helper functions Also add nvme cm status strings and use them. Reviewed-by: Christoph Hellwig Signed-off-by: Steve Wise Signed-off-by: Doug Ledford drivers/nvme/host/rdma.c | 42 ++++++++++++++++++++++++++++++++++++------ 1 file changed, 36 insertions(+), 6 deletions(-) commit 5f24410408fd093734ce758f2fe3a66fe543de22 Author: Steve Wise Date: Wed Oct 26 12:36:47 2016 -0700 rdma_cm: add rdma_consumer_reject_data helper function rdma_consumer_reject_data() will return the private data pointer and length if any is available. Reviewed-by: Sagi Grimberg Reviewed-by: Christoph Hellwig Signed-off-by: Steve Wise Signed-off-by: Doug Ledford drivers/infiniband/core/cma.c | 16 ++++++++++++++++ include/rdma/rdma_cm.h | 10 ++++++++++ 2 files changed, 26 insertions(+) commit 5042a73d3e9de7bcc2a31adea08ee95bbce998dc Author: Steve Wise Date: Wed Oct 26 12:36:47 2016 -0700 rdma_cm: add rdma_is_consumer_reject() helper function Return true if the peer consumer application rejected the connection attempt. Reviewed-by: Sagi Grimberg Reviewed-by: Christoph Hellwig Signed-off-by: Steve Wise Reviewed-by: Bart Van Assche Signed-off-by: Doug Ledford drivers/infiniband/core/cma.c | 13 +++++++++++++ include/rdma/rdma_cm.h | 7 +++++++ 2 files changed, 20 insertions(+) commit 77a5db13153906a7e00740b10b2730e53385c5a8 Author: Steve Wise Date: Wed Oct 26 12:36:40 2016 -0700 rdma_cm: add rdma_reject_msg() helper function rdma_reject_msg() returns a pointer to a string message associated with the transport reject reason codes. Reviewed-by: Christoph Hellwig Reviewed-by: Sagi Grimberg Signed-off-by: Steve Wise Reviewed-by: Bart Van Assche Signed-off-by: Doug Ledford drivers/infiniband/core/cm.c | 48 ++++++++++++++++++++++++++++++++++++++++++ drivers/infiniband/core/cma.c | 14 ++++++++++++ drivers/infiniband/core/iwcm.c | 21 ++++++++++++++++++ include/rdma/ib_cm.h | 6 ++++++ include/rdma/iw_cm.h | 6 ++++++ include/rdma/rdma_cm.h | 8 +++++++ 6 files changed, 103 insertions(+) commit 19d37ce2a7159ee30bd59d14fe5fe13c932bd5b7 Merge: 3e5cecf 26c1ec2 Author: Linus Torvalds Date: Wed Dec 14 08:31:37 2016 -0800 Merge tag 'dlm-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/teigland/linux-dlm Pull dlm fixes from David Teigland: "This set fixes error reporting for dlm sockets, removes the unbound property on the dlm callback workqueue to improve performance, and includes a couple trivial changes" * tag 'dlm-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/teigland/linux-dlm: dlm: fix error return code in sctp_accept_from_sock() dlm: don't specify WQ_UNBOUND for the ast callback workqueue dlm: remove lock_sock to avoid scheduling while atomic dlm: don't save callbacks after accept dlm: audit and remove any unnecessary uses of module.h dlm: make genl_ops const commit 3e5cecf26842ecfde8ea487c02cb12709cd90ef5 Merge: cdb98c2 362ad5d Author: Linus Torvalds Date: Wed Dec 14 08:30:08 2016 -0800 Merge tag 'jfs-4.10' of git://github.com/kleikamp/linux-shaggy Pull jfs update from David Kleikamp: "The jfs piece of the current_time() series" * tag 'jfs-4.10' of git://github.com/kleikamp/linux-shaggy: fs: jfs: Replace CURRENT_TIME_SEC by current_time() commit aecb66b2b01a87b4b723267b9193c8f00d661c1f Author: Wei Yongjun Date: Wed Nov 2 13:11:32 2016 +0000 qedr: remove pointless NULL check in qedr_post_send() Remove pointless NULL check for 'wr' in qedr_post_send(). Signed-off-by: Wei Yongjun Acked-by: Ram Amrani Signed-off-by: Doug Ledford drivers/infiniband/hw/qedr/verbs.c | 5 ----- 1 file changed, 5 deletions(-) commit aafec388a1b7fc533a81c03b4a81c6e5f3e5688f Author: Wei Yongjun Date: Sat Oct 29 16:19:53 2016 +0000 qedr: Use list_move_tail instead of list_del/list_add_tail Using list_move_tail() instead of list_del() + list_add_tail(). Signed-off-by: Wei Yongjun Reviewed-by: Leon Romanovsky Acked-by: Ram Amrani Signed-off-by: Doug Ledford drivers/infiniband/hw/qedr/verbs.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 181d80151f9c6ff3c765c1bd2e4e200ada23c2f3 Author: Wei Yongjun Date: Fri Oct 28 16:33:47 2016 +0000 qedr: Fix possible memory leak in qedr_create_qp() 'qp' is malloced in qedr_create_qp() and should be freed before leaving from the error handling cases, otherwise it will cause memory leak. Signed-off-by: Wei Yongjun Acked-by: Ram Amrani Signed-off-by: Doug Ledford drivers/infiniband/hw/qedr/verbs.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) commit ea7ef2accdeaf825165cccd60b848765677bf1f2 Author: Colin Ian King Date: Tue Oct 18 19:39:28 2016 +0100 qedr: return -EINVAL if pd is null and avoid null ptr dereference Currently, if pd is null then we hit a null pointer derference on accessing pd->pd_id. Instead of just printing an error message we should also return -EINVAL immediately. Signed-off-by: Colin Ian King Signed-off-by: Doug Ledford drivers/infiniband/hw/qedr/verbs.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 9fa240bbfc4200b080c8fad12579659c2c2f36b5 Author: Hal Rosenstock Date: Tue Oct 18 13:20:29 2016 -0400 IB/mad: Eliminate redundant SM class version defines for OPA and rename class version define to indicate SM rather than SMP or SMI Signed-off-by: Hal Rosenstock Reviewed-by: Ira Weiny Signed-off-by: Doug Ledford drivers/infiniband/core/mad.c | 4 ++-- drivers/infiniband/hw/hfi1/mad.c | 12 ++++++------ include/rdma/ib_mad.h | 2 +- include/rdma/opa_smi.h | 2 -- 4 files changed, 9 insertions(+), 11 deletions(-) commit 0b7589ecca2b6f962cf3314a3a5a675deeefb624 Author: Sebastian Ott Date: Wed Jun 15 13:07:51 2016 +0200 s390/pci: query fmb length Query the length of the fmb and abort fmb registration if the size of the associated measurement block is too small. Signed-off-by: Sebastian Ott Signed-off-by: Martin Schwidefsky arch/s390/include/asm/pci.h | 1 + arch/s390/include/asm/pci_clp.h | 3 ++- arch/s390/pci/pci.c | 2 +- arch/s390/pci/pci_clp.c | 1 + 4 files changed, 5 insertions(+), 2 deletions(-) commit d03502684b65492339d70f11aa8ed6df3961a3bf Author: Heiko Carstens Date: Tue Dec 13 13:24:03 2016 +0100 s390/zcrypt: add missing memory clobber to ap_qci inline assembly The ap_qci() inline assembly writes to memory (*config) but misses to tell the compiler about it. Add the missing memory clobber to fix this. Signed-off-by: Heiko Carstens Signed-off-by: Martin Schwidefsky drivers/s390/crypto/ap_asm.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit f1c7ea26178176ca783cc2ac54f211630344290c Author: Heiko Carstens Date: Tue Dec 13 12:51:19 2016 +0100 s390/extmem: add missing memory clobber to dcss_set_subcodes Add the missing memory clobber / barrier to dcss_set_subcodes() to tell the compiler that the inline assembly accesses memory (name string). Signed-off-by: Heiko Carstens Signed-off-by: Martin Schwidefsky arch/s390/mm/extmem.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 86fa7087d348b6c8a159c77ea20e530ee1230c34 Author: Heiko Carstens Date: Tue Dec 13 12:42:07 2016 +0100 s390/nmi: fix inline assembly constraints Add missing memory clobbers / barriers or use the Q constraint where possible to tell the compiler that the inline assemblies actually access memory and not only pointers to memory. Signed-off-by: Heiko Carstens Signed-off-by: Martin Schwidefsky arch/s390/kernel/nmi.c | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) commit 7a71fd1c59dfd20fac4d14486d63d3d5ab70498a Author: Heiko Carstens Date: Tue Dec 13 09:50:30 2016 +0100 s390/lib: add missing memory barriers to string inline assemblies We have a couple of inline assemblies like memchr() and strlen() that read from memory, but tell the compiler only they need the addresses of the strings they access. This allows the compiler to omit the initialization of such strings and therefore generate broken code. Add the missing memory barrier to all string related inline assemblies to fix this potential issue. It looks like the compiler currently does not generate broken code due to these bugs. Signed-off-by: Heiko Carstens Signed-off-by: Martin Schwidefsky arch/s390/include/asm/string.h | 8 ++++---- arch/s390/lib/string.c | 12 ++++++------ 2 files changed, 10 insertions(+), 10 deletions(-) commit 259acc5c255a4260b3db0461afd5d93fabfe8524 Author: Heiko Carstens Date: Sat Dec 10 10:37:32 2016 +0100 s390/cpumf: fix qsi inline assembly The qsi inline assembly takes an initialized "cc" variable as output operand but specifies it as write-to operand only instead of read/write operand. This allows the compiler to omit the initialization, which in fact it also does (gcc 6.1). Use the "+" constraint modifier to fix this. In addition also use the Q constraint to specify the hws_qsi_info_block memory location, so the compiler can generate slightly better code. Also get rid of the cc clobber since none of the instructions within the inline assembly modify the condition code. Signed-off-by: Heiko Carstens Signed-off-by: Martin Schwidefsky arch/s390/include/asm/cpu_mf.h | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) commit 6d7b2ee9d56af3d17d88b0f43b7dc14ee38161b7 Author: Martin Schwidefsky Date: Tue Dec 13 16:19:11 2016 +0100 s390/setup: reword printk messages Two of the messages introduced by the memblock conversion are reworded. Signed-off-by: Martin Schwidefsky arch/s390/kernel/setup.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 50cff5adcf8eb8bcdd79087a91878f298fb58dcf Author: Stefan Haberland Date: Fri Nov 18 14:39:05 2016 +0100 s390/dasd: fix typos in DASD error messages Signed-off-by: Martin Schwidefsky drivers/s390/block/dasd_3990_erp.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 75a357341e7c9d3893405ea6f9d722036012dd1f Author: Heiko Carstens Date: Tue Dec 13 15:58:16 2016 +0100 s390: fix compile error with memmove_early() inline assembly Old gcc versions can't handle a bogus early clobber on a Q constraint: arch/s390/kernel/early.c: In function 'memmove_early.part.1': arch/s390/kernel/early.c:432:2: error: '&' constraint used with no register class Simply remove it to fix this. Reported-by: Stefan Haberland Fixes: d543a106f96d ("s390: fix initrd corruptions with gcov/kcov instrumented kernels") Signed-off-by: Heiko Carstens Signed-off-by: Martin Schwidefsky arch/s390/kernel/early.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 13b251bdc8b97c45cc8b1d57193ab05ec0fe97e8 Author: Harald Freudenberger Date: Fri Nov 25 18:04:56 2016 +0100 s390/zcrypt: tracepoint definitions for zcrypt device driver. This patch introduces tracepoint definitions and tracepoint event invocations for the s390 zcrypt device. Currently there are just two tracepoint events defined. An s390_zcrypt_req request event occurs as soon as the request is recognized by the zcrypt ioctl function. This event may act as some kind of request-processing-starts-now indication. As late as possible within the zcrypt ioctl function there occurs the s390_zcrypt_rep event which may act as the point in time where the request has been processed by the kernel and the result is about to be transferred back to userspace. The glue which binds together request and reply event is the ptr parameter, which is the local buffer address where the request from userspace has been stored by the ioctl function. The main purpose of this zcrypt tracepoint patch is to get some data for performance measurements together with information about the kind of request and on which card and queue the request has been processed. It is not an ffdc interface as there is already code in the zcrypt device driver to serve the s390 debug feature interface. Signed-off-by: Harald Freudenberger Signed-off-by: Martin Schwidefsky arch/s390/include/asm/trace/zcrypt.h | 122 +++++++++++++++++++++++++++++++++++ drivers/s390/crypto/zcrypt_api.c | 105 +++++++++++++++++++++++------- 2 files changed, 203 insertions(+), 24 deletions(-) commit cccd85bfb7bf6787302435c669ceec23b5a5301c Author: Harald Freudenberger Date: Thu Nov 24 06:45:21 2016 +0100 s390/zcrypt: Rework debug feature invocations. Rework the debug feature calls and initialization. There are now two debug feature entries used by the zcrypt code. The first is 'ap' with all the AP bus related stuff and the second is 'zcrypt' with all the zcrypt and devices and driver related entries. However, there isn't much traffic on both debug features. The ap bus code emits only some debug info and for zcrypt devices on appearance and disappearance there is an entry written. The new dbf invocations use the sprintf buffer layout, whereas the old implementation used the ascii dbf buffer. There are now 5*8=40 bytes used for each entry, resulting in 5 parameters per call. As the sprintf buffer needs a format string the first parameter provides this and so up to 4 more parameters can be used. Alltogehter the new layout should be much more human readable for customers and test. Signed-off-by: Harald Freudenberger Signed-off-by: Martin Schwidefsky drivers/s390/crypto/ap_bus.c | 40 +++++++++++++++++ drivers/s390/crypto/ap_debug.h | 28 ++++++++++++ drivers/s390/crypto/zcrypt_api.c | 38 ++++++---------- drivers/s390/crypto/zcrypt_api.h | 8 ---- drivers/s390/crypto/zcrypt_card.c | 10 ++++- drivers/s390/crypto/zcrypt_debug.h | 50 ++++++--------------- drivers/s390/crypto/zcrypt_error.h | 35 ++++++++------- drivers/s390/crypto/zcrypt_msgtype50.c | 23 +++++----- drivers/s390/crypto/zcrypt_msgtype6.c | 80 +++++++++++++++++++--------------- drivers/s390/crypto/zcrypt_queue.c | 21 +++++---- 10 files changed, 190 insertions(+), 143 deletions(-) commit bf9f31190aa176c43c15cf58b60818d325e0f851 Author: Harald Freudenberger Date: Fri Nov 25 11:50:16 2016 +0100 s390/zcrypt: Improved invalid domain response handling. Add defines and switch case code to handle the two invalid domain response codes better. Until now these two response codes are handled via default resulting in -EAGAIN and switching the processed queue to offline. So this kind of malformed request bounced through all suitable queues and switched them off. Now this kind of malformed request is just rejected with EINVAL without switching off the queue. Signed-off-by: Harald Freudenberger Signed-off-by: Martin Schwidefsky drivers/s390/crypto/zcrypt_error.h | 62 ++++++++++++++++++++------------------ 1 file changed, 33 insertions(+), 29 deletions(-) commit c1c1368de497648cf532e7f37a407361c70aa638 Author: Ingo Tuchscherer Date: Wed Nov 2 10:23:24 2016 +0100 s390/zcrypt: Fix ap_max_domain_id for older machine types According to the system architecture the current implementation requires the presence of the N bit in GR2 in the TAPQ response field to validate the max. number of domains (Nd). Older machine types don't have this N bit, hence the max. domain field was ignored. Before the N bit was introduced the maximum number of domain was a constant value of 15. So set this value in case of N bit absence. Signed-off-by: Ingo Tuchscherer Signed-off-by: Harald Freudenberger Signed-off-by: Martin Schwidefsky drivers/s390/crypto/ap_bus.c | 3 +++ 1 file changed, 3 insertions(+) commit 148784246ef2d85f000713cf56e1c90b405228e8 Author: Harald Freudenberger Date: Thu Oct 27 08:57:39 2016 +0200 s390/zcrypt: Correct function bits for CEX2x and CEX3x cards. For the older CEX2x and CEX3x cards the function bits returned by TAPQ do not reflect the functions of the card. Instead the functionality is implicit by the type of the card. The reworked zcrypt requires to have the function bits set correct, so this patch fixes this. The queue selection is not only based on these function bits but also on function pointers set by the individual drivers. Signed-off-by: Harald Freudenberger Signed-off-by: Ingo Tuchscherer Signed-off-by: Martin Schwidefsky drivers/s390/crypto/ap_bus.c | 17 +++++++++++++++++ drivers/s390/crypto/zcrypt_api.c | 8 +++++--- 2 files changed, 22 insertions(+), 3 deletions(-) commit e47de21dd35bad6d1e71482a66699cd04e83ea40 Author: Ingo Tuchscherer Date: Fri Oct 14 14:34:51 2016 +0200 s390/zcrypt: Fixed attrition of AP adapters and domains Currently the first eligible AP adapter respectively domain will be selected to service requests. In case of sequential workload, the very same adapter/domain will be used. The adapter/domain selection algorithm now considers the completed transactions per adaper/domain and therefore ensures a homogeneous utilization. Signed-off-by: Ingo Tuchscherer Signed-off-by: Martin Schwidefsky drivers/s390/crypto/ap_bus.h | 3 +- drivers/s390/crypto/ap_card.c | 4 +-- drivers/s390/crypto/ap_queue.c | 1 + drivers/s390/crypto/zcrypt_api.c | 63 +++++++++++++++++++++++++++------------- 4 files changed, 47 insertions(+), 24 deletions(-) commit b886a9d1560d6c7d5d58344b16f53ab2cba5b666 Author: Ingo Tuchscherer Date: Thu Aug 25 11:19:58 2016 +0200 s390/zcrypt: Introduce new zcrypt device status API Introduce new ioctl (ZDEVICESTATUS) to provide detailed information, like hardware type, domains, status and functionality of available crypto devices. Signed-off-by: Ingo Tuchscherer Signed-off-by: Martin Schwidefsky arch/s390/include/uapi/asm/zcrypt.h | 37 ++++++++++++++++++++++++++++++++ drivers/s390/crypto/zcrypt_api.c | 42 +++++++++++++++++++++++++++++++++++++ 2 files changed, 79 insertions(+) commit e28d2af43614eb86f59812e7221735fc221bbc10 Author: Ingo Tuchscherer Date: Thu Aug 25 11:16:03 2016 +0200 s390/zcrypt: add multi domain support Currently the ap infrastructure only supports one domain at a time. This feature extends the generic cryptographic device driver to support multiple cryptographic domains simultaneously. There are now card and queue devices on the AP bus with independent card and queue drivers. The new /sys layout is as follows: /sys/bus/ap devices . -> ../../../devices/ap/card/. ... card -> ../../../devices/ap/card ... drivers card card -> ../../../../devices/ap/card queue . -> ../../../../devices/ap/card/. ... /sys/devices/ap card . driver -> ../../../../bus/ap/drivers/queue ... driver -> ../../../bus/ap/drivers/card ... The two digit field is the card number, the four digit field is the queue number and is the name of the device driver, e.g. "cex4". For compatability /sys/bus/ap/card for the old layout has to exist, including the attributes that used to reside there. With additional contributions from Harald Freudenberger and Martin Schwidefsky. Signed-off-by: Ingo Tuchscherer Signed-off-by: Martin Schwidefsky drivers/s390/crypto/Makefile | 5 +- drivers/s390/crypto/ap_bus.c | 1089 ++++++++------------------------ drivers/s390/crypto/ap_bus.h | 94 ++- drivers/s390/crypto/ap_card.c | 172 +++++ drivers/s390/crypto/ap_queue.c | 700 ++++++++++++++++++++ drivers/s390/crypto/zcrypt_api.c | 929 +++++++++++---------------- drivers/s390/crypto/zcrypt_api.h | 84 ++- drivers/s390/crypto/zcrypt_card.c | 181 ++++++ drivers/s390/crypto/zcrypt_cex2a.c | 212 +++++-- drivers/s390/crypto/zcrypt_cex4.c | 317 ++++++---- drivers/s390/crypto/zcrypt_error.h | 38 +- drivers/s390/crypto/zcrypt_msgtype50.c | 90 +-- drivers/s390/crypto/zcrypt_msgtype6.c | 253 ++++---- drivers/s390/crypto/zcrypt_msgtype6.h | 12 +- drivers/s390/crypto/zcrypt_pcixcc.c | 358 +++++------ drivers/s390/crypto/zcrypt_queue.c | 221 +++++++ include/linux/mod_devicetable.h | 3 +- 17 files changed, 2768 insertions(+), 1990 deletions(-) commit 34a15167739412750846d4f1a5540d9e592fd815 Author: Ingo Tuchscherer Date: Thu Aug 25 11:14:15 2016 +0200 s390/zcrypt: Introduce workload balancing Crypto requests are very different in complexity and thus runtime. Also various crypto adapters are differ with regard to the execution time. Crypto requests can be balanced much better when the request type and eligible crypto adapters are rated in a more precise granularity. Therefore, request weights and adapter speed rates for dedicated requests will be introduced. Signed-off-by: Ingo Tuchscherer Signed-off-by: Martin Schwidefsky drivers/s390/crypto/zcrypt_api.c | 308 ++++++++++++++++--------- drivers/s390/crypto/zcrypt_api.h | 26 ++- drivers/s390/crypto/zcrypt_cex2a.c | 12 +- drivers/s390/crypto/zcrypt_cex4.c | 36 +-- drivers/s390/crypto/zcrypt_msgtype50.c | 32 +++ drivers/s390/crypto/zcrypt_msgtype50.h | 3 + drivers/s390/crypto/zcrypt_msgtype6.c | 403 ++++++++++++++++++++++++--------- drivers/s390/crypto/zcrypt_msgtype6.h | 17 +- drivers/s390/crypto/zcrypt_pcixcc.c | 41 +++- 9 files changed, 629 insertions(+), 249 deletions(-) commit 9af3e04ee41e6841b2accb9dc96562bcf4e59916 Author: Martin Schwidefsky Date: Wed Sep 21 14:12:53 2016 +0200 s390/zcrypt: get rid of ap_poll_requests The poll thread of the AP bus is burning CPU while waiting for crypto requests to complete. We can as well burn a few more cycles in the poll thread to check if there are pending requests and remove the atomic operations with the ap_poll_requests. This improves the code if the machine has adapter interrupts. Signed-off-by: Harald Freudenberger Signed-off-by: Martin Schwidefsky drivers/s390/crypto/ap_bus.c | 34 ++++++++++++++++++++++++---------- 1 file changed, 24 insertions(+), 10 deletions(-) commit 0db78559f965a2e652dbe8acf35333f2081bf872 Author: Martin Schwidefsky Date: Wed Sep 21 12:48:54 2016 +0200 s390/zcrypt: header for the AP inline assmblies Move the inline assemblies for the AP bus into a separate header file. Signed-off-by: Martin Schwidefsky drivers/s390/crypto/ap_asm.h | 191 +++++++++++++++++++++++++++++++++++++++++++ drivers/s390/crypto/ap_bus.c | 188 +++--------------------------------------- 2 files changed, 204 insertions(+), 175 deletions(-) commit 236fb2ab95e9832880501d465d64eb2f2935b852 Author: Martin Schwidefsky Date: Fri Sep 2 15:21:45 2016 +0200 s390/zcrypt: simplify message type handling Now that the message type modules are linked with the zcrypt_api into a single module the zcrypt_ops_list is initialized by the module init function of the zcyppt.ko module. After that the list is static and all message types are present. Drop the zcrypt_ops_list_lock spinlock and the module handling in regard to the message types. Signed-off-by: Martin Schwidefsky drivers/s390/crypto/zcrypt_api.c | 49 +++++-------------------------------- drivers/s390/crypto/zcrypt_api.h | 3 +-- drivers/s390/crypto/zcrypt_cex2a.c | 6 +---- drivers/s390/crypto/zcrypt_cex4.c | 16 +++++------- drivers/s390/crypto/zcrypt_pcixcc.c | 11 +++------ 5 files changed, 18 insertions(+), 67 deletions(-) commit fc1d3f02544a6fd5f417921b57c663388586a17a Author: Ingo Tuchscherer Date: Thu Aug 25 11:11:30 2016 +0200 s390/zcrypt: Move the ap bus into kernel Move the ap bus into the kernel and make it general available. Additionally include the message types and the API layer as a preparation for the workload management facility. Signed-off-by: Ingo Tuchscherer Signed-off-by: Martin Schwidefsky drivers/s390/crypto/Makefile | 10 +++++----- drivers/s390/crypto/ap_bus.c | 27 +++++++++++++++++++++++++-- drivers/s390/crypto/zcrypt_api.c | 7 ++++++- drivers/s390/crypto/zcrypt_msgtype50.c | 6 +----- drivers/s390/crypto/zcrypt_msgtype50.h | 2 +- drivers/s390/crypto/zcrypt_msgtype6.c | 6 +----- drivers/s390/crypto/zcrypt_msgtype6.h | 2 +- 7 files changed, 40 insertions(+), 20 deletions(-) commit b3e8652bcbfa04807e44708d4d0c8cdad39c9215 Author: Harald Freudenberger Date: Wed Oct 12 15:58:14 2016 +0200 s390/zcrypt: Introduce CEX6 toleration Signed-off-by: Harald Freudenberger Signed-off-by: Martin Schwidefsky drivers/s390/crypto/ap_bus.c | 3 +++ drivers/s390/crypto/ap_bus.h | 1 + 2 files changed, 4 insertions(+) commit 36e1f3d107867b25c616c2fd294f5a1c9d4e5d09 Author: Gabriel Krisman Bertazi Date: Tue Dec 6 13:31:44 2016 -0200 blk-mq: Avoid memory reclaim when remapping queues While stressing memory and IO at the same time we changed SMT settings, we were able to consistently trigger deadlocks in the mm system, which froze the entire machine. I think that under memory stress conditions, the large allocations performed by blk_mq_init_rq_map may trigger a reclaim, which stalls waiting on the block layer remmaping completion, thus deadlocking the system. The trace below was collected after the machine stalled, waiting for the hotplug event completion. The simplest fix for this is to make allocations in this path non-reclaimable, with GFP_NOIO. With this patch, We couldn't hit the issue anymore. This should apply on top of Jens's for-next branch cleanly. Changes since v1: - Use GFP_NOIO instead of GFP_NOWAIT. Call Trace: [c000000f0160aaf0] [c000000f0160ab50] 0xc000000f0160ab50 (unreliable) [c000000f0160acc0] [c000000000016624] __switch_to+0x2e4/0x430 [c000000f0160ad20] [c000000000b1a880] __schedule+0x310/0x9b0 [c000000f0160ae00] [c000000000b1af68] schedule+0x48/0xc0 [c000000f0160ae30] [c000000000b1b4b0] schedule_preempt_disabled+0x20/0x30 [c000000f0160ae50] [c000000000b1d4fc] __mutex_lock_slowpath+0xec/0x1f0 [c000000f0160aed0] [c000000000b1d678] mutex_lock+0x78/0xa0 [c000000f0160af00] [d000000019413cac] xfs_reclaim_inodes_ag+0x33c/0x380 [xfs] [c000000f0160b0b0] [d000000019415164] xfs_reclaim_inodes_nr+0x54/0x70 [xfs] [c000000f0160b0f0] [d0000000194297f8] xfs_fs_free_cached_objects+0x38/0x60 [xfs] [c000000f0160b120] [c0000000003172c8] super_cache_scan+0x1f8/0x210 [c000000f0160b190] [c00000000026301c] shrink_slab.part.13+0x21c/0x4c0 [c000000f0160b2d0] [c000000000268088] shrink_zone+0x2d8/0x3c0 [c000000f0160b380] [c00000000026834c] do_try_to_free_pages+0x1dc/0x520 [c000000f0160b450] [c00000000026876c] try_to_free_pages+0xdc/0x250 [c000000f0160b4e0] [c000000000251978] __alloc_pages_nodemask+0x868/0x10d0 [c000000f0160b6f0] [c000000000567030] blk_mq_init_rq_map+0x160/0x380 [c000000f0160b7a0] [c00000000056758c] blk_mq_map_swqueue+0x33c/0x360 [c000000f0160b820] [c000000000567904] blk_mq_queue_reinit+0x64/0xb0 [c000000f0160b850] [c00000000056a16c] blk_mq_queue_reinit_notify+0x19c/0x250 [c000000f0160b8a0] [c0000000000f5d38] notifier_call_chain+0x98/0x100 [c000000f0160b8f0] [c0000000000c5fb0] __cpu_notify+0x70/0xe0 [c000000f0160b930] [c0000000000c63c4] notify_prepare+0x44/0xb0 [c000000f0160b9b0] [c0000000000c52f4] cpuhp_invoke_callback+0x84/0x250 [c000000f0160ba10] [c0000000000c570c] cpuhp_up_callbacks+0x5c/0x120 [c000000f0160ba60] [c0000000000c7cb8] _cpu_up+0xf8/0x1d0 [c000000f0160bac0] [c0000000000c7eb0] do_cpu_up+0x120/0x150 [c000000f0160bb40] [c0000000006fe024] cpu_subsys_online+0x64/0xe0 [c000000f0160bb90] [c0000000006f5124] device_online+0xb4/0x120 [c000000f0160bbd0] [c0000000006f5244] online_store+0xb4/0xc0 [c000000f0160bc20] [c0000000006f0a68] dev_attr_store+0x68/0xa0 [c000000f0160bc60] [c0000000003ccc30] sysfs_kf_write+0x80/0xb0 [c000000f0160bca0] [c0000000003cbabc] kernfs_fop_write+0x17c/0x250 [c000000f0160bcf0] [c00000000030fe6c] __vfs_write+0x6c/0x1e0 [c000000f0160bd90] [c000000000311490] vfs_write+0xd0/0x270 [c000000f0160bde0] [c0000000003131fc] SyS_write+0x6c/0x110 [c000000f0160be30] [c000000000009204] system_call+0x38/0xec Signed-off-by: Gabriel Krisman Bertazi Cc: Brian King Cc: Douglas Miller Cc: linux-block@vger.kernel.org Cc: linux-scsi@vger.kernel.org Signed-off-by: Jens Axboe block/blk-mq.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 6fce983f9b3ef51d47e647b2cff15049ef803781 Author: Jose Abreu Date: Tue Dec 13 11:03:49 2016 +0000 ASoC: dwc: Fix PIO mode initialization We can no longer rely on the return value of devm_snd_dmaengine_pcm_register(...) to check if the DMA handle is declared in the DT. Previously this check activated PIO mode but currently dma_request_chan returns either a valid channel or -EPROBE_DEFER. In order to activate PIO mode check instead if the interrupt line is declared. This reflects better what is documented in the DT bindings (see Documentation/devicetree/bindings/sound/ designware-i2s.txt). Also, initialize use_pio variable which was never being set causing PIO mode to never work. Signed-off-by: Jose Abreu Signed-off-by: Mark Brown sound/soc/dwc/designware_i2s.c | 25 +++++++++++-------------- 1 file changed, 11 insertions(+), 14 deletions(-) commit dadab2d4e3cf708ceba22ecddd94aedfecb39199 Author: Geert Uytterhoeven Date: Wed Dec 14 13:28:05 2016 +0100 spi: SPI_FSL_DSPI should depend on HAS_DMA If NO_DMA=y: ERROR: "bad_dma_ops" [drivers/spi/spi-fsl-dspi.ko] undefined! Add a dependency on HAS_DMA to fix this. Signed-off-by: Geert Uytterhoeven Signed-off-by: Mark Brown drivers/spi/Kconfig | 1 + 1 file changed, 1 insertion(+) commit ed141f2890cdb738fc7131367f5fb15632bc3e60 Merge: 4188462 219622b Author: Russell King Date: Wed Dec 14 11:14:00 2016 +0000 Merge branch 'syscalls' into for-linus Conflicts: arch/arm/include/asm/unistd.h arch/arm/include/uapi/asm/unistd.h arch/arm/kernel/calls.S commit 41884629fe579bde263dfc3d1284d0f5c7af7d1a Merge: 9388093 8478132 76fb051 e642873 Author: Russell King Date: Wed Dec 14 11:13:46 2016 +0000 Merge branches 'clkdev', 'fixes', 'misc' and 'sa1100-base' into for-linus commit 18e615ad87bce9125ef3990377a4a946ec0f21f3 Author: Ard Biesheuvel Date: Tue Dec 13 13:34:02 2016 +0000 crypto: skcipher - fix crash in virtual walk The new skcipher walk API may crash in the following way. (Interestingly, the tcrypt boot time tests seem unaffected, while an explicit test using the module triggers it) Unable to handle kernel NULL pointer dereference at virtual address 00000000 ... [] __memcpy+0x84/0x180 [] skcipher_walk_done+0x328/0x340 [] ctr_encrypt+0x84/0x100 [] simd_skcipher_encrypt+0x88/0x98 [] crypto_rfc3686_crypt+0x8c/0x98 [] test_skcipher_speed+0x518/0x820 [tcrypt] [] do_test+0x1408/0x3b70 [tcrypt] [] tcrypt_mod_init+0x50/0x1000 [tcrypt] [] do_one_initcall+0x44/0x138 [] do_init_module+0x68/0x1e0 [] load_module+0x1fd0/0x2458 [] SyS_finit_module+0xe0/0xf0 [] el0_svc_naked+0x24/0x28 This is due to the fact that skcipher_done_slow() may be entered with walk->buffer unset. Since skcipher_walk_done() already deals with the case where walk->buffer == walk->page, it appears to be the intention that walk->buffer point to walk->page after skcipher_next_slow(), so ensure that is the case. Signed-off-by: Ard Biesheuvel Signed-off-by: Herbert Xu crypto/skcipher.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit efcae7c931b473285e38c778bdaa9f36de9f78d6 Author: Alex Yashchenko Date: Tue Dec 13 09:26:25 2016 +0000 sign-file: Fix inplace signing when src and dst names are both specified When src and dst both are specified and they point to the same file the sign-file utility will write only signature to the dst file and the module (.ko file) body will not be written. That happens because we open the same file with "rb" and "wb" flags, from fopen man: w Truncate file to zero length or create text file for writing. The stream is positioned at the beginning of the file. ... bm = BIO_new_file(module_name, "rb"); ... bd = BIO_new_file(dest_name, "wb"); ... while ((n = BIO_read(bm, buf, sizeof(buf))), n > 0) { ERR(BIO_write(bd, buf, n) < 0, "%s", dest_name); } ... Signed-off-by: Alex Yashchenko Signed-off-by: David Howells Signed-off-by: Herbert Xu scripts/sign-file.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit fbb726302a9ae06b373e04a54ad30eafa288dd10 Author: Pan Bian Date: Tue Dec 13 09:26:18 2016 +0000 crypto: asymmetric_keys - set error code on failure In function public_key_verify_signature(), returns variable ret on error paths. When the call to kmalloc() fails, the value of ret is 0, and it is not set to an errno before returning. This patch fixes the bug. Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=188891 Signed-off-by: Pan Bian Signed-off-by: David Howells Signed-off-by: Herbert Xu crypto/asymmetric_keys/public_key.c | 1 + 1 file changed, 1 insertion(+) commit 74dcba3589fc184c7118905eda22b3a4aaef95ff Author: Aaron Sierra Date: Tue Dec 6 19:09:16 2016 -0600 NTB: correct ntb_spad_count comment typo The comment for ntb_spad_count incorrectly referred to ntb_mw_count. Signed-off-by: Aaron Sierra Acked-by: Allen Hubbe Signed-off-by: Jiri Kosina include/linux/ntb.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit ecbf12882f90d95decbc0e4cf100ef6935e96445 Author: Colin Ian King Date: Sat Nov 12 17:54:43 2016 +0000 misc: ibmasm: fix typo in error message Trivial fix to typo "repsonse" to "response" in error message. Signed-off-by: Colin Ian King Signed-off-by: Jiri Kosina drivers/misc/ibmasm/module.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 846221cfb8f64c613b7635c94e0c02549a666c14 Author: Paul Bolle Date: Thu Nov 3 09:53:50 2016 +0100 Remove references to dead make variable LINUX_INCLUDE Commit 4fd06960f120 ("Use the new x86 setup code for i386") introduced a reference to the make variable LINUX_INCLUDE. That reference got moved around a bit and copied twice and now there are three references to it. There has never been a definition of that variable. (Presumably that is because it started out as a mistyped reference to LINUXINCLUDE.) So this reference has always been an empty string. Let's remove it before it spreads any further. Signed-off-by: Paul Bolle Signed-off-by: Jiri Kosina arch/s390/boot/compressed/Makefile | 2 +- arch/x86/boot/compressed/Makefile | 2 +- drivers/firmware/efi/libstub/Makefile | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) commit d06505b2a95efba25dc635b64a481e3197e9369a Author: Paul Bolle Date: Tue Nov 1 23:31:50 2016 +0100 Remove last traces of ikconfig.h The build system stopped generating ikconfig.h in v2.6.8. Remove an entry for it in dontdiff. There's also a reference to it in a small comment. Remove that comment too, as it is of little help in any case. Signed-off-by: Paul Bolle Signed-off-by: Jiri Kosina Documentation/dontdiff | 1 - kernel/Makefile | 2 -- 2 files changed, 3 deletions(-) commit 9165dabb2500b3dcb98fc648d27589a5a806227e Author: Masanari Iida Date: Sat Sep 17 23:44:17 2016 +0900 treewide: Fix printk() message errors This patch fix spelling typos in printk and kconfig. Signed-off-by: Masanari Iida Acked-by: Randy Dunlap Signed-off-by: Jiri Kosina arch/arm64/kernel/hibernate.c | 4 ++-- arch/mips/kernel/asm-offsets.c | 2 +- arch/sh/kernel/cpu/Makefile | 2 +- arch/sh/kernel/cpu/irq/Makefile | 2 +- drivers/acpi/Kconfig | 2 +- drivers/isdn/hisax/q931.c | 2 +- drivers/media/usb/dvb-usb-v2/af9015.c | 2 +- drivers/mfd/max77620.c | 2 +- drivers/net/ethernet/broadcom/bnx2x/bnx2x_sriov.c | 2 +- drivers/net/ethernet/qlogic/qed/qed_int.c | 4 ++-- drivers/net/ethernet/qlogic/qed/qed_sp_commands.c | 2 +- drivers/net/wireless/ath/ath10k/pci.c | 2 +- drivers/net/wireless/ath/wil6210/txrx.c | 2 +- drivers/net/wireless/realtek/rtlwifi/rtl8723ae/fw.c | 2 +- drivers/scsi/aic7xxx/aicasm/aicasm.c | 2 +- drivers/usb/dwc3/gadget.c | 2 +- scripts/gcc-plugins/latent_entropy_plugin.c | 2 +- scripts/gcc-plugins/sancov_plugin.c | 2 +- tools/power/acpi/tools/ec/ec_access.c | 2 +- 19 files changed, 21 insertions(+), 21 deletions(-) commit 95f21c5c6d8345f8253057b24a98adfbceb2aca1 Author: Michael Witten Date: Thu Sep 1 19:38:30 2016 +0000 Documentation/device-mapper: s/getsize/getsz/ According to `man blockdev': --getsize Print device size (32-bit!) in sectors. Deprecated in favor of the --getsz option. ... --getsz Get size in 512-byte sectors. Hence, occurrences of `--getsize' should be replaced with `--getsz', which this commit has achieved as follows: $ cd "$repo" $ git grep -l -e --getsz Documentation/device-mapper/delay.txt Documentation/device-mapper/dm-crypt.txt Documentation/device-mapper/linear.txt Documentation/device-mapper/log-writes.txt Documentation/device-mapper/striped.txt Documentation/device-mapper/switch.txt $ cd Documentation/device-mapper $ sed -i s/getsize/getsz/g * Signed-off-by: Michael Witten Signed-off-by: Jiri Kosina Documentation/device-mapper/delay.txt | 4 ++-- Documentation/device-mapper/dm-crypt.txt | 2 +- Documentation/device-mapper/linear.txt | 8 ++++---- Documentation/device-mapper/striped.txt | 4 ++-- Documentation/device-mapper/switch.txt | 2 +- 5 files changed, 10 insertions(+), 10 deletions(-) commit 96e132ebc0a162c643e0e6e6f1f85c3be3355715 Merge: 9ce12d8 13c28b0 8cd1616 608ad18 f869045 b897f6d 594312b de66a1a 9c5dcd7 c60fa55 c9cfb2a Author: Jiri Kosina Date: Wed Dec 14 10:12:26 2016 +0100 Merge branches 'for-4.10/asus', 'for-4.10/cp2112', 'for-4.10/i2c-hid-nopower', 'for-4.10/intel-ish', 'for-4.10/mayflash', 'for-4.10/microsoft-surface-3', 'for-4.10/multitouch', 'for-4.10/sony', 'for-4.10/udraw-ps3', 'for-4.10/upstream' and 'for-4.10/wacom/generic' into for-linus commit 31dcfec11f827e9a5d8720fe4728f1305894884f Author: Josh Poimboeuf Date: Tue Dec 13 21:25:36 2016 -0600 x86/boot/64: Push correct start_cpu() return address start_cpu() pushes a text address on the stack so that stack traces from idle tasks will show start_cpu() at the end. But it currently shows the wrong function offset. It's more correct to show the address immediately after the 'lretq' instruction. Signed-off-by: Josh Poimboeuf Cc: Andy Lutomirski Cc: Borislav Petkov Cc: Brian Gerst Cc: Denys Vlasenko Cc: H. Peter Anvin Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/2cadd9f16c77da7ee7957bfc5e1c67928c23ca48.1481685203.git.jpoimboe@redhat.com Signed-off-by: Ingo Molnar arch/x86/kernel/head_64.S | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit ec2d86a9b646d93f1948569f368e2c6f5449e6c7 Author: Josh Poimboeuf Date: Tue Dec 13 21:25:35 2016 -0600 x86/boot/64: Use 'push' instead of 'call' in start_cpu() start_cpu() pushes a text address on the stack so that stack traces from idle tasks will show start_cpu() at the end. But it uses a call instruction to do that, which is rather obtuse. Use a straightforward push instead. Suggested-by: Borislav Petkov Signed-off-by: Josh Poimboeuf Cc: Andy Lutomirski Cc: Brian Gerst Cc: Denys Vlasenko Cc: H. Peter Anvin Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Link: http://lkml.kernel.org/r/4d8a1952759721d42d1e62ba9e4a7e3ac5df8574.1481685203.git.jpoimboe@redhat.com Signed-off-by: Ingo Molnar arch/x86/kernel/head_64.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 06deeec77a5a689cc94b21a8a91a76e42176685d Author: Andy Lutomirski Date: Mon Dec 12 12:54:37 2016 -0800 cifs: Fix smbencrypt() to stop pointing a scatterlist at the stack smbencrypt() points a scatterlist to the stack, which is breaks if CONFIG_VMAP_STACK=y. Fix it by switching to crypto_cipher_encrypt_one(). The new code should be considerably faster as an added benefit. This code is nearly identical to some code that Eric Biggers suggested. Cc: stable@vger.kernel.org # 4.9 only Reported-by: Eric Biggers Signed-off-by: Andy Lutomirski Acked-by: Jeff Layton Signed-off-by: Steve French fs/cifs/smbencrypt.c | 40 ++++++++-------------------------------- 1 file changed, 8 insertions(+), 32 deletions(-) commit 18591add41ec9558ce0e32ef88626c18cc70c686 Author: Caesar Wang Date: Mon Dec 12 19:05:35 2016 +0800 thermal: rockchip: handle set_trips without the trip points In some cases, some sensors didn't need the trip points, the set_trips will pass {-INT_MAX, INT_MAX} to trigger tsadc alarm in the end, ignore this case and disable the high temperature interrupt. Signed-off-by: Caesar Wang Reviewed-by: Brian Norris Signed-off-by: Eduardo Valentin drivers/thermal/rockchip_thermal.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) commit cadf29dc2a8bcaae83e6e4c3229965de747c8601 Author: Caesar Wang Date: Mon Dec 12 19:05:34 2016 +0800 thermal: rockchip: optimize the conversion table In order to support the valid temperature can conver to analog value. The rockchip thermal driver has not supported the all valid temperature to convert the analog value. (e.g.: 61C, 62C, 63C....) For example: In some cases, we need adjust the trip point. $cd /sys/class/thermal/thermal_zone* $echo 68000 > trip_point_0_temp That will return the max analogic value indicates the invalid before posting this patch. So, this patch will optimize the conversion table to support the other cases. Signed-off-by: Caesar Wang Signed-off-by: Eduardo Valentin drivers/thermal/rockchip_thermal.c | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) commit d3530497f5c33530c50acb435b7d54e0a82d8032 Author: Caesar Wang Date: Mon Dec 12 19:05:33 2016 +0800 thermal: rockchip: fixes invalid temperature case The temp_to_code function will return 0 when we set the temperature to a invalid value (e.g. 61C, 62C, 63C....), that's unpractical. This patch will prevent this case happening. That will return the max analog value to indicate the temperature is invalid or over table temperature range. Signed-off-by: Caesar Wang Signed-off-by: Eduardo Valentin drivers/thermal/rockchip_thermal.c | 48 ++++++++++++++++++++++---------------- 1 file changed, 28 insertions(+), 20 deletions(-) commit cdd8b3f7b779e39bda1a8057f287da065216720b Author: Brian Norris Date: Mon Dec 12 19:05:32 2016 +0800 thermal: rockchip: don't pass table structs by value This driver passes struct chip_tsadc_table by value throughout; this is inefficient, and AFAICT, there is no reason for it. Let's pass pointers instead. Signed-off-by: Brian Norris Reviewed-by: Caesar Wang Signed-off-by: Caesar Wang Signed-off-by: Eduardo Valentin drivers/thermal/rockchip_thermal.c | 80 +++++++++++++++++++------------------- 1 file changed, 40 insertions(+), 40 deletions(-) commit e6ed1b4ad30331e6d878579dd95764d0a224cacd Author: Brian Norris Date: Mon Dec 12 19:05:31 2016 +0800 thermal: rockchip: improve conversion error messages These error messages don't give much information about what went wrong. It would be nice, for one, to see what invalid temperature was being requested when conversion fails. It's also good to return an error when we can't handle a conversion properly. While we're at it, fix the grammar too. Signed-off-by: Brian Norris Signed-off-by: Caesar Wang Signed-off-by: Eduardo Valentin drivers/thermal/rockchip_thermal.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit 7a62a52333f8b5b82753d9529c11b3404bc5c183 Author: Shaohua Li Date: Tue Dec 13 19:07:55 2016 -0800 block_dev: don't update file access position for sync direct IO For sync direct IO, generic_file_direct_write/generic_file_read_iter will update file access position. Don't duplicate the update in .direct_IO. This cause my raid array can't assemble. Cc: Christoph Hellwig Cc: Jens Axboe Signed-off-by: Shaohua Li Signed-off-by: Jens Axboe fs/block_dev.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) commit d2a61918401ea8db8a6f922e98e86a66b4930cec Author: Andy Lutomirski Date: Fri Dec 2 21:14:15 2016 -0700 nvme/pci: Log PCI_STATUS when the controller dies When debugging nvme controller crashes, it's nice to know whether the controller died cleanly so that the failure is just reflected in CSTS, it died and put an error in PCI_STATUS, or whether it died so badly that it stopped responding to PCI configuration space reads. I've seen a failure that gives 0xffff in PCI_STATUS on a Samsung "SM951 NVMe SAMSUNG 256GB" with firmware "BXW75D0Q". Reviewed-by: Christoph Hellwig Signed-off-by: Andy Lutomirski Reviewed-by: Keith Busch Fixed up white space and hunk reject. Signed-off-by: Jens Axboe drivers/nvme/host/pci.c | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) commit bcc7f5b4bee8e327689a4d994022765855c807ff Author: NeilBrown Date: Mon Dec 12 08:21:51 2016 -0700 block_dev: don't test bdev->bd_contains when it is not stable bdev->bd_contains is not stable before calling __blkdev_get(). When __blkdev_get() is called on a parition with ->bd_openers == 0 it sets bdev->bd_contains = bdev; which is not correct for a partition. After a call to __blkdev_get() succeeds, ->bd_openers will be > 0 and then ->bd_contains is stable. When FMODE_EXCL is used, blkdev_get() calls bd_start_claiming() -> bd_prepare_to_claim() -> bd_may_claim() This call happens before __blkdev_get() is called, so ->bd_contains is not stable. So bd_may_claim() cannot safely use ->bd_contains. It currently tries to use it, and this can lead to a BUG_ON(). This happens when a whole device is already open with a bd_holder (in use by dm in my particular example) and two threads race to open a partition of that device for the first time, one opening with O_EXCL and one without. The thread that doesn't use O_EXCL gets through blkdev_get() to __blkdev_get(), gains the ->bd_mutex, and sets bdev->bd_contains = bdev; Immediately thereafter the other thread, using FMODE_EXCL, calls bd_start_claiming() from blkdev_get(). This should fail because the whole device has a holder, but because bdev->bd_contains == bdev bd_may_claim() incorrectly reports success. This thread continues and blocks on bd_mutex. The first thread then sets bdev->bd_contains correctly and drops the mutex. The thread using FMODE_EXCL then continues and when it calls bd_may_claim() again in: BUG_ON(!bd_may_claim(bdev, whole, holder)); The BUG_ON fires. Fix this by removing the dependency on ->bd_contains in bd_may_claim(). As bd_may_claim() has direct access to the whole device, it can simply test if the target bdev is the whole device. Fixes: 6b4517a7913a ("block: implement bd_claiming and claiming block") Cc: stable@vger.kernel.org (v2.6.35+) Signed-off-by: NeilBrown Signed-off-by: Jens Axboe fs/block_dev.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit cdb98c2698b4af287925abcba4d77d92af82a0c3 Author: Linus Torvalds Date: Tue Dec 13 19:53:37 2016 -0800 Revert "nvme: add support for the Write Zeroes command" This reverts commit 6d31e3ba232ea22458b2f36b6d3f2f9f11bf3fa4. This causes bootup problems for me both on my laptop and my desktop. What they have in common is that they have NVMe disks with dm-crypt, but it's not the same controller, so it's not controller-specific. Jens does not see it on his machine (also NVMe), so it's presumably something that triggers just on bootup. Possibly related to dm-crypt and the fact that I mark my luks volume with "allow-discards" in /etc/crypttab. It's 100% repeatable for me, which made it fairly straightforward to bisect the problem to this commit. Small mercies. So we don't know what the reason is yet, but the revert is needed to get things going again. Acked-by: Jens Axboe Cc: Chaitanya Kulkarni Cc: Christoph Hellwig Signed-off-by: Linus Torvalds drivers/nvme/host/core.c | 21 --------------------- 1 file changed, 21 deletions(-) commit 4625d2a513d60ca9c3e8cae42c8f3d9efc1b4211 Merge: 57fb7ee 3d6b371 Author: Vinod Koul Date: Wed Dec 14 09:07:07 2016 +0530 Merge branch 'topic/st_fdma' into for-linus commit 57fb7ee10c27b315600445b2bad72236a11951ad Merge: 90644ad c41668a Author: Vinod Koul Date: Wed Dec 14 09:07:02 2016 +0530 Merge branch 'topic/s3c64xx' into for-linus commit 90644ad7f2c0292b1a2a98d733bd17f449bb9885 Merge: 83cb0dc 75ff766 Author: Vinod Koul Date: Wed Dec 14 09:06:54 2016 +0530 Merge branch 'topic/qcom' into for-linus commit 83cb0dcaf11fa045cecad4cc6310f3bfbf0cf87e Merge: db82df3 556195f Author: Vinod Koul Date: Wed Dec 14 09:06:45 2016 +0530 Merge branch 'topic/pxa' into for-linus commit db82df3e81b4c89e39b82bf6aa290612cfb2c12c Merge: 3f809e8 08c824e Author: Vinod Koul Date: Wed Dec 14 09:06:30 2016 +0530 Merge branch 'topic/omap' into for-linus commit 3f809e844c6ba46fe5e16b20ad70ac4027341b36 Merge: 7fc3b3f 7393fca Author: Vinod Koul Date: Wed Dec 14 09:06:23 2016 +0530 Merge branch 'topic/ioat' into for-linus commit 7fc3b3f946341a035f05e13756f7b2c441492c55 Merge: 2ef7ff0 397dadf Author: Vinod Koul Date: Wed Dec 14 09:06:14 2016 +0530 Merge branch 'topic/doc' into for-linus commit cc31e9b718dafd8a1bdc593234ddbbf4faa2511c Merge: a67485d 2807648 Author: Rafael J. Wysocki Date: Wed Dec 14 03:15:58 2016 +0100 Merge branch 'acpi-cppc' * acpi-cppc: ACPI / CPPC: Fix per-CPU pointer management in acpi_cppc_processor_probe() ACPI / CPPC: Fix crash in acpi_cppc_processor_exit() commit f4000cd99750065d5177555c0a805c97174d1b9f Merge: 2ec4584 7503712 Author: Linus Torvalds Date: Tue Dec 13 16:39:21 2016 -0800 Merge tag 'arm64-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux Pull arm64 updates from Catalin Marinas: - struct thread_info moved off-stack (also touching include/linux/thread_info.h and include/linux/restart_block.h) - cpus_have_cap() reworked to avoid __builtin_constant_p() for static key use (also touching drivers/irqchip/irq-gic-v3.c) - uprobes support (currently only for native 64-bit tasks) - Emulation of kernel Privileged Access Never (PAN) using TTBR0_EL1 switching to a reserved page table - CPU capacity information passing via DT or sysfs (used by the scheduler) - support for systems without FP/SIMD (IOW, kernel avoids touching these registers; there is no soft-float ABI, nor kernel emulation for AArch64 FP/SIMD) - handling of hardware watchpoint with unaligned addresses, varied lengths and offsets from base - use of the page table contiguous hint for kernel mappings - hugetlb fixes for sizes involving the contiguous hint - remove unnecessary I-cache invalidation in flush_cache_range() - CNTHCTL_EL2 access fix for CPUs with VHE support (ARMv8.1) - boot-time checks for writable+executable kernel mappings - simplify asm/opcodes.h and avoid including the 32-bit ARM counterpart and make the arm64 kernel headers self-consistent (Xen headers patch merged separately) - Workaround for broken .inst support in certain binutils versions * tag 'arm64-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux: (60 commits) arm64: Disable PAN on uaccess_enable() arm64: Work around broken .inst when defective gas is detected arm64: Add detection code for broken .inst support in binutils arm64: Remove reference to asm/opcodes.h arm64: Get rid of asm/opcodes.h arm64: smp: Prevent raw_smp_processor_id() recursion arm64: head.S: Fix CNTHCTL_EL2 access on VHE system arm64: Remove I-cache invalidation from flush_cache_range() arm64: Enable HIBERNATION in defconfig arm64: Enable CONFIG_ARM64_SW_TTBR0_PAN arm64: xen: Enable user access before a privcmd hvc call arm64: Handle faults caused by inadvertent user access with PAN enabled arm64: Disable TTBR0_EL1 during normal kernel execution arm64: Introduce uaccess_{disable,enable} functionality based on TTBR0_EL1 arm64: Factor out TTBR0_EL1 post-update workaround into a specific asm macro arm64: Factor out PAN enabling/disabling into separate uaccess_* macros arm64: Update the synchronous external abort fault description selftests: arm64: add test for unaligned/inexact watchpoint handling arm64: Allow hw watchpoint of length 3,5,6 and 7 arm64: hw_breakpoint: Handle inexact watchpoint addresses ... commit 2ec4584eb89b8933d1ee307f2fc9c42e745847d7 Merge: aa3ecf3 c19805f Author: Linus Torvalds Date: Tue Dec 13 16:33:33 2016 -0800 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux Pull s390 updates from Martin Schwidefsky: "The main bulk of the s390 patches for the 4.10 merge window: - Add support for the contiguous memory allocator. - The recovery for I/O errors in the dasd device driver is improved, the driver will now remove channel paths that are not working properly. - Additional fields are added to /proc/sysinfo, the extended partition name and the partition UUID. - New naming for PCI devices with system defined UIDs. - The last few remaining alloc_bootmem calls are converted to memblock. - The thread_info structure is stripped down and moved to the task_struct. The only field left in thread_info is the flags field. - Rework of the arch topology code to fix a fake numa issue. - Refactoring of the atomic primitives and add a new preempt_count implementation. - Clocksource steering for the STP sync check offsets. - The s390 specific headers are changed to make them usable with CLANG. - Bug fixes and cleanup" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux: (70 commits) s390/cpumf: Use configuration level indication for sampling data s390: provide memmove implementation s390: cleanup arch/s390/kernel Makefile s390: fix initrd corruptions with gcov/kcov instrumented kernels s390: exclude early C code from gcov profiling s390/dasd: channel path aware error recovery s390/dasd: extend dasd path handling s390: remove unused labels from entry.S s390/vmlogrdr: fix IUCV buffer allocation s390/crypto: unlock on error in prng_tdes_read() s390/sysinfo: show partition extended name and UUID if available s390/numa: pin all possible cpus to nodes early s390/numa: establish cpu to node mapping early s390/topology: use cpu_topology array instead of per cpu variable s390/smp: initialize cpu_present_mask in setup_arch s390/topology: always use s390 specific sched_domain_topology_level s390/smp: use smp_get_base_cpu() helper function s390/numa: always use logical cpu and core ids s390: Remove VLAIS in ptff() and clear_table() s390: fix machine check panic stack switch ... commit aa3ecf388adc90bde90776bba71a7f2d278fc4e3 Merge: b5cab0d 709613a Author: Linus Torvalds Date: Tue Dec 13 16:07:55 2016 -0800 Merge tag 'for-linus-4.10-rc0-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip Pull xen updates from Juergen Gross: "Xen features and fixes for 4.10 These are some fixes, a move of some arm related headers to share them between arm and arm64 and a series introducing a helper to make code more readable. The most notable change is David stepping down as maintainer of the Xen hypervisor interface. This results in me sending you the pull requests for Xen related code from now on" * tag 'for-linus-4.10-rc0-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/xen/tip: (29 commits) xen/balloon: Only mark a page as managed when it is released xenbus: fix deadlock on writes to /proc/xen/xenbus xen/scsifront: don't request a slot on the ring until request is ready xen/x86: Increase xen_e820_map to E820_X_MAX possible entries x86: Make E820_X_MAX unconditionally larger than E820MAX xen/pci: Bubble up error and fix description. xen: xenbus: set error code on failure xen: set error code on failures arm/xen: Use alloc_percpu rather than __alloc_percpu arm/arm64: xen: Move shared architecture headers to include/xen/arm xen/events: use xen_vcpu_id mapping for EVTCHNOP_status xen/gntdev: Use VM_MIXEDMAP instead of VM_IO to avoid NUMA balancing xen-scsifront: Add a missing call to kfree MAINTAINERS: update XEN HYPERVISOR INTERFACE xenfs: Use proc_create_mount_point() to create /proc/xen xen-platform: use builtin_pci_driver xen-netback: fix error handling output xen: make use of xenbus_read_unsigned() in xenbus xen: make use of xenbus_read_unsigned() in xen-pciback xen: make use of xenbus_read_unsigned() in xen-fbfront ... commit b5cab0da75c292ffa0fbd68dd2c820066b2842de Merge: 93173b5 d29fa0c Author: Linus Torvalds Date: Tue Dec 13 15:52:23 2016 -0800 Merge branch 'stable/for-linus-4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/swiotlb Pull swiotlb updates from Konrad Rzeszutek Wilk: - minor fixes (rate limiting), remove certain functions - support for DMA_ATTR_SKIP_CPU_SYNC which is an optimization in the DMA API * 'stable/for-linus-4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/swiotlb: swiotlb: Minor fix-ups for DMA_ATTR_SKIP_CPU_SYNC support swiotlb: Add support for DMA_ATTR_SKIP_CPU_SYNC swiotlb-xen: Enforce return of DMA_ERROR_CODE in mapping function swiotlb: Drop unused functions swiotlb_map_sg and swiotlb_unmap_sg swiotlb: Rate-limit printing when running out of SW-IOMMU space commit 93173b5bf2841da7e3a9b0cb1312ef5c87251524 Merge: 1c59e1e f673b5b Author: Linus Torvalds Date: Tue Dec 13 15:47:02 2016 -0800 Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm Pull KVM updates from Paolo Bonzini: "Small release, the most interesting stuff is x86 nested virt improvements. x86: - userspace can now hide nested VMX features from guests - nested VMX can now run Hyper-V in a guest - support for AVX512_4VNNIW and AVX512_FMAPS in KVM - infrastructure support for virtual Intel GPUs. PPC: - support for KVM guests on POWER9 - improved support for interrupt polling - optimizations and cleanups. s390: - two small optimizations, more stuff is in flight and will be in 4.11. ARM: - support for the GICv3 ITS on 32bit platforms" * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: (94 commits) arm64: KVM: pmu: Reset PMSELR_EL0.SEL to a sane value before entering the guest KVM: arm/arm64: timer: Check for properly initialized timer on init KVM: arm/arm64: vgic-v2: Limit ITARGETSR bits to number of VCPUs KVM: x86: Handle the kthread worker using the new API KVM: nVMX: invvpid handling improvements KVM: nVMX: check host CR3 on vmentry and vmexit KVM: nVMX: introduce nested_vmx_load_cr3 and call it on vmentry KVM: nVMX: propagate errors from prepare_vmcs02 KVM: nVMX: fix CR3 load if L2 uses PAE paging and EPT KVM: nVMX: load GUEST_EFER after GUEST_CR0 during emulated VM-entry KVM: nVMX: generate MSR_IA32_CR{0,4}_FIXED1 from guest CPUID KVM: nVMX: fix checks on CR{0,4} during virtual VMX operation KVM: nVMX: support restore of VMX capability MSRs KVM: nVMX: generate non-true VMX MSRs based on true versions KVM: x86: Do not clear RFLAGS.TF when a singlestep trap occurs. KVM: x86: Add kvm_skip_emulated_instruction and use it. KVM: VMX: Move skip_emulated_instruction out of nested_vmx_check_vmcs12 KVM: VMX: Reorder some skip_emulated_instruction calls KVM: x86: Add a return value to kvm_emulate_cpuid KVM: PPC: Book3S: Move prototypes for KVM functions into kvm_ppc.h ... commit 1c59e1edb13d60b97b7b03b332ceed5d967d4227 Merge: bb3dd056 4fccd4a Author: Linus Torvalds Date: Tue Dec 13 15:43:56 2016 -0800 Merge tag 'hwmon-for-linus-v4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging Pull hwmon updates from Guenter Roeck: - new drivers for TMP108 and TC654 - hwmon core code cleanup - coretemp driver cleanup - fix overflow issues in several drivers - minor fixes, cleanups and enhancements in various drivers * tag 'hwmon-for-linus-v4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/groeck/linux-staging: (41 commits) hwmon: (g762) Fix overflows and crash seen when writing limit attributes hwmon: (emcw201) Fix overflows seen when writing into limit attributes hwmon: (emc2103) Fix overflows seen when temperature limit attributes hwmon: (lm85) Fix overflows seen when writing voltage limit attributes hwmon: (lm87) Fix overflow seen when writing voltage limit attributes hwmon: (nct7802) Fix overflows seen when writing into limit attributes hwmon: (adt7470) Fix overflows seen when writing into limit attributes hwmon: (adt7462) Fix overflows seen when writing into limit attributes hwmon: (adm1026) Fix overflows seen when writing into limit attributes hwmon: (adm1025) Fix overflows seen when writing voltage limits hwmon: (via-cputemp) Convert to hotplug state machine devicetree: hwmon: Add documentation for TMP108 driver. hwmon: Add Texas Instruments TMP108 temperature sensor driver. hwmon: (core) Simplify sysfs attribute name allocation hwmon: (core) Rename groups parameter in API to extra_groups hwmon: (core) Explain why at least two attribute groups are allocated hwmon: (core) Make is_visible callback truly mandatory hwmon: (core) Deprecate hwmon_device_register() hwmon: (core) Clarify use of chip attributes hwmon: (core) Add support for string attributes to new API ... commit bb3dd056ed1af9b186f0d9fe849eab78c51d14ce Merge: 7b882cb fafd679 Author: Linus Torvalds Date: Tue Dec 13 15:38:37 2016 -0800 Merge tag 'spi-v4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi Pull spi updates from Mark Brown: "The nicest things about this release for me is seeing some older drivers getting some cleanups and modernization, it's really good to see things moving forwards even for older drivers. In content terms it's a fairly humdrum release but where the work has been happening is great. - Support for simultaneous use of internal and GPIO chip selects for devices that require the use of the internal select even if it's not connected and a GPIO is actually routed to the slave device. - A major rework and cleanup of the fsl-espi driver from Heiner Kallweit which should make it work substantially better. - DMA support for Freescale DSPI IPs. - New drivers for Freescale LPSPI IPs and Marvell Armada 3700. - Support for Allwinner H3" * tag 'spi-v4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/spi: (85 commits) spi: mvebu: fix baudrate calculation for armada variant spi: Add support for Armada 3700 SPI Controller spi: armada-3700: Add documentation for the Armada 3700 SPI Controller spi: fsl-lpspi: quit reading rx fifo under error condition spi: fsl-lpspi: use GPL as module license spi: fsl-espi: fix ioread16/iowrite16 endianness spi: fsl-espi: remove unused linearization code spi: fsl-espi: eliminate need for linearization when reading from hardware spi: fsl-espi: eliminate need for linearization when writing to hardware spi: fsl-espi: determine need for byte swap only once spi: fsl-lpspi: read lpspi tx/rx fifo size in probe() spi: fsl-lpspi: use wait_for_completion_timeout() while waiting transfer done spi: orion: fix comment to mention MVEBU spi: atmel: remove the use of private channel fields spi: atmel: trivial: remove unused fields in DMA structure spi: atmel: Use SPI core DMA mapping framework spi: atmel: Use core SPI_MASTER_MUST_[RT]X handling spi: atmel: trivial: move info banner to latest probe action spi: imx: replace schedule() with cond_resched() spi: imx: fix potential shift truncation ... commit 3fa71d0f58a9b9df84e8e79196f961bcfbf01b2e Author: Stephan Mueller Date: Fri Oct 21 05:00:02 2016 +0200 crypto: doc - optimize compilation The :functions: definition allows the specification of multiple function references which prevents parsing the header file multiple times. Reported-by: Jani Nikula Signed-off-by: Stephan Mueller Signed-off-by: Jonathan Corbet Documentation/crypto/api-aead.rst | 51 +----------- Documentation/crypto/api-akcipher.rst | 42 +--------- Documentation/crypto/api-digest.rst | 95 +-------------------- Documentation/crypto/api-kpp.rst | 64 ++------------ Documentation/crypto/api-rng.rst | 20 +---- Documentation/crypto/api-skcipher.rst | 152 ++-------------------------------- 6 files changed, 23 insertions(+), 401 deletions(-) commit 3f692d5f97cb834a42bcfb3cc10f5e390a9d7867 Author: Stephan Mueller Date: Fri Oct 21 04:59:24 2016 +0200 crypto: doc - clarify AEAD memory structure The previous description have been misleading and partially incorrect. Reported-by: Harsh Jain Signed-off-by: Stephan Mueller Signed-off-by: Jonathan Corbet crypto/algif_aead.c | 14 ++------------ include/crypto/aead.h | 36 ++++++++++++------------------------ 2 files changed, 14 insertions(+), 36 deletions(-) commit 71f3f027f8f8532d397ff2da7bdcd99bf0aa3867 Author: Stephan Mueller Date: Fri Oct 21 04:58:46 2016 +0200 crypto: doc - remove crypto_alloc_ablkcipher Remove the documentation reference to crypto_alloc_ablkcipher as the API function call was removed. Signed-off-by: Stephan Mueller Signed-off-by: Jonathan Corbet Documentation/crypto/api-skcipher.rst | 3 --- 1 file changed, 3 deletions(-) commit 8d23da22ac33be784451fb005cde300c09cdb19d Author: Stephan Mueller Date: Fri Oct 21 04:58:20 2016 +0200 crypto: doc - add KPP documentation Add the KPP API documentation to the kernel crypto API Sphinx documentation. This addition includes the documentation of the ECDH and DH helpers which are needed to create the approrpiate input data for the crypto_kpp_set_secret function. Signed-off-by: Stephan Mueller Signed-off-by: Jonathan Corbet Documentation/crypto/api-kpp.rst | 92 +++++++++++++++++++++++++++++++++++ Documentation/crypto/api.rst | 1 + Documentation/crypto/architecture.rst | 6 +++ include/crypto/dh.h | 58 ++++++++++++++++++++++ include/crypto/ecdh.h | 58 ++++++++++++++++++++++ include/crypto/kpp.h | 15 ++++-- 6 files changed, 227 insertions(+), 3 deletions(-) commit c30c98d174e5ecbb5d70c7c92846d4d884f8b38a Author: Stephan Mueller Date: Fri Oct 21 04:57:57 2016 +0200 crypto: doc - fix separation of cipher / req API Keep the cipher API and the request API function documentation in separate sections. Signed-off-by: Stephan Mueller Signed-off-by: Jonathan Corbet Documentation/crypto/api-akcipher.rst | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) commit 0184cfe72d2f139c4feed7f3820ba2269f5de322 Author: Stephan Mueller Date: Fri Oct 21 04:57:27 2016 +0200 crypto: doc - fix source comments for Sphinx Update comments to avoid any complaints from Sphinx during compilation. Signed-off-by: Stephan Mueller Signed-off-by: Jonathan Corbet include/crypto/aead.h | 14 +++++++------- include/crypto/hash.h | 2 +- include/crypto/skcipher.h | 4 ++-- include/linux/crypto.h | 4 ++-- 4 files changed, 12 insertions(+), 12 deletions(-) commit c441a4781ff1c5b78db1410f708aa96dceec5fa2 Author: Stephan Mueller Date: Fri Oct 21 04:57:00 2016 +0200 crypto: doc - remove crypto API DocBook With the conversion of the documentation to Sphinx, the old DocBook is now stale. Signed-off-by: Stephan Mueller Signed-off-by: Jonathan Corbet Documentation/DocBook/Makefile | 2 +- Documentation/DocBook/crypto-API.tmpl | 2092 --------------------------------- 2 files changed, 1 insertion(+), 2093 deletions(-) commit 3b72c814a8e8cd638e1ba0da4dfce501e9dff5af Author: Stephan Mueller Date: Fri Oct 21 04:54:22 2016 +0200 crypto: doc - convert crypto API documentation to Sphinx With the conversion of the kernel crypto API DocBook to Sphinx, the monolithic document is broken up into individual documents. The documentation is unchanged with the exception of a slight reordering to keep the individual document parts self-contained. Signed-off-by: Stephan Mueller Signed-off-by: Jonathan Corbet Documentation/crypto/api-aead.rst | 68 ++++++ Documentation/crypto/api-akcipher.rst | 56 +++++ Documentation/crypto/api-digest.rst | 122 ++++++++++ Documentation/crypto/api-rng.rst | 32 +++ Documentation/crypto/api-samples.rst | 224 +++++++++++++++++ Documentation/crypto/api-skcipher.rst | 203 ++++++++++++++++ Documentation/crypto/api.rst | 24 ++ Documentation/crypto/architecture.rst | 435 ++++++++++++++++++++++++++++++++++ Documentation/crypto/devel-algos.rst | 247 +++++++++++++++++++ Documentation/crypto/index.rst | 24 ++ Documentation/crypto/intro.rst | 74 ++++++ Documentation/crypto/userspace-if.rst | 387 ++++++++++++++++++++++++++++++ Documentation/index.rst | 1 + 13 files changed, 1897 insertions(+) commit 334bb773876403eae3457d81be0b8ea70f8e4ccc Author: Adam Borowski Date: Sun Dec 11 02:09:18 2016 +0100 x86/kbuild: enable modversions for symbols exported from asm Commit 4efca4ed ("kbuild: modversions for EXPORT_SYMBOL() for asm") adds modversion support for symbols exported from asm files. Architectures must include C-style declarations for those symbols in asm/asm-prototypes.h in order for them to be versioned. Add these declarations for x86, and an architecture-independent file that can be used for common symbols. With f27c2f6 reverting 8ab2ae6 ("default exported asm symbols to zero") we produce a scary warning on x86, this commit fixes that. Signed-off-by: Adam Borowski Tested-by: Kalle Valo Acked-by: Nicholas Piggin Tested-by: Peter Wu Tested-by: Oliver Hartkopp Signed-off-by: Michal Marek arch/x86/include/asm/asm-prototypes.h | 16 ++++++++++++++++ include/asm-generic/asm-prototypes.h | 7 +++++++ 2 files changed, 23 insertions(+) commit 7b882cb800095f216c9da6b6735d10d26df8168b Merge: b92e09b 9f56eca Author: Linus Torvalds Date: Tue Dec 13 15:30:50 2016 -0800 Merge branch 'for-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata Pull another libata patch from Tejun Heo: "One more patch from Adam added. It makes libata skip probing for NCQ prio unless the feature is explicitly requested by the user. This is necessary because some controllers lock up after the optional feature is probed" * 'for-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata: ata: avoid probing NCQ Prio Support if not explicitly requested commit 9f56eca3aeeab699a7dbfb397661d2eca4430e94 Author: Adam Manzanares Date: Tue Dec 13 12:00:05 2016 -0800 ata: avoid probing NCQ Prio Support if not explicitly requested Previously, when the ata device was being initialized we were probing for NCQ prio support by checking the identify information and also checking the log page that holds information about ncq prio support. This caused an error on an Intel HBA so the code is now updated to only probe for NCQ prio support when the sysfs variable controlling NCQ prio support is enabled. tj: Update formatting, switch to spin_[un]lock_irq() and update locking a bit, use REVALIDATE instead of RESET, and return -EIO instead of -EINVAL on config failure. Signed-off-by: Adam Manzanares Signed-off-by: Tejun Heo drivers/ata/libata-core.c | 13 ++++++++++--- drivers/ata/libata-scsi.c | 38 +++++++++++++++++++++----------------- 2 files changed, 31 insertions(+), 20 deletions(-) commit b92e09bb5bf4db65aeb8ca0094fdd5142ed54451 Merge: c11a6cf aecec8b Author: Linus Torvalds Date: Tue Dec 13 13:26:24 2016 -0800 Merge branch 'for-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata Pull libata updates from Tejun Heo: - Adam added opt-in ATA command priority support. - There are machines which hide multiple nvme devices behind an ahci BAR. Dan Williams proposed a solution to force-switch the mode but deemed too hackishd. People are gonna discuss the proper way to handle the situation in nvme standard meetings. For now, detect and warn about the situation. - Low level driver specific changes. Christoph Hellwig pipes in about the hidden nvme warning: "I wish that was the case. We've pretty much agreed that we'll want to implement it as a virtual PCIe root bridge, similar to Intels other 'innovation' VMD that we work around that way. But Intel management has apparently decided that they don't want to spend more cycles on this now that Lenovo has an optional BIOS that doesn't force this broken mode anymore, and no one outside of Intel has enough information to implement something like this. So for now I guess this warning is it, until Intel reconsideres and spends resources on fixing up the damage their Chipset people caused" * 'for-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/libata: ahci: warn about remapped NVMe devices ahci-remap.h: add ahci remapping definitions nvme: move NVMe class code to pci_ids.h pata: imx: support controller modes up to PIO4 pata: imx: add support of setting timings for PIO modes pata: imx: set controller PIO mode with .set_piomode callback pata: imx: sort headers out ata: set ncq_prio_enabled iff device has support ata: ATA Command Priority Disabled By Default ata: Enabling ATA Command Priorities block: Add iocontext priority to request ahci: qoriq: added ls1046a platform support commit f5f3bde4f676ea4b23ac1d7293c69a069e687351 Author: Vineet Gupta Date: Thu Sep 29 15:19:46 2016 -0700 ARC: ARCompact entry: elide re-reading ECR in ProtV handler Signed-off-by: Vineet Gupta arch/arc/kernel/entry-compact.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit c11a6cfb0103d5d831e20bd9b75d10d13519fec5 Merge: e6efef7 8bc4a04 Author: Linus Torvalds Date: Tue Dec 13 12:59:57 2016 -0800 Merge branch 'for-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq Pull workqueue updates from Tejun Heo: "Mostly patches to initialize workqueue subsystem earlier and get rid of keventd_up(). The patches were headed for the last merge cycle but got delayed due to a bug found late minute, which is fixed now. Also, to help debugging, destroy_workqueue() is more chatty now on a sanity check failure." * 'for-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/wq: workqueue: move wq_numa_init() to workqueue_init() workqueue: remove keventd_up() debugobj, workqueue: remove keventd_up() usage slab, workqueue: remove keventd_up() usage power, workqueue: remove keventd_up() usage tty, workqueue: remove keventd_up() usage mce, workqueue: remove keventd_up() usage workqueue: make workqueue available early during boot workqueue: dump workqueue state on sanity check failures in destroy_workqueue() commit 20737738d397dfadbca1ea50dcc00d7259f500cf Merge: b78b499 2953079 Author: Shaohua Li Date: Tue Dec 13 12:40:15 2016 -0800 Merge branch 'md-next' into md-linus commit e6efef7260ac2bb170059980a78440499f2cc0db Merge: b78b499 3ca45a4 Author: Linus Torvalds Date: Tue Dec 13 12:34:47 2016 -0800 Merge branch 'for-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/percpu Pull percpu update from Tejun Heo: "This includes just one patch to reject non-power-of-2 alignments and trigger warning. Interestingly, this actually caught a bug in XEN ARM64" * 'for-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/percpu: percpu: ensure the requested alignment is power of two commit b78b499a67c3f77aeb6cd0b54724bc38b141255d Merge: 098c305 190cc65 Author: Linus Torvalds Date: Tue Dec 13 12:11:01 2016 -0800 Merge tag 'char-misc-4.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc Pull char/misc driver updates from Greg KH: "Here's the big char/misc driver patches for 4.10-rc1. Lots of tiny changes over lots of "minor" driver subsystems, the largest being some new FPGA drivers. Other than that, a few other new drivers, but no new driver subsystems added for this kernel cycle, a nice change. All of these have been in linux-next with no reported issues" * tag 'char-misc-4.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/char-misc: (107 commits) uio-hv-generic: store physical addresses instead of virtual Tools: hv: kvp: configurable external scripts path uio-hv-generic: new userspace i/o driver for VMBus vmbus: add support for dynamic device id's hv: change clockevents unbind tactics hv: acquire vmbus_connection.channel_mutex in vmbus_free_channels() hyperv: Fix spelling of HV_UNKOWN mei: bus: enable non-blocking RX mei: fix the back to back interrupt handling mei: synchronize irq before initiating a reset. VME: Remove shutdown entry from vme_driver auxdisplay: ht16k33: select framebuffer helper modules MAINTAINERS: add git url for fpga fpga: Clarify how write_init works streaming modes fpga zynq: Fix incorrect ISR state on bootup fpga zynq: Remove priv->dev fpga zynq: Add missing \n to messages fpga: Add COMPILE_TEST to all drivers uio: pruss: add clk_disable() char/pcmcia: add some error checking in scr24x_read() ... commit ef548c551e72dbbdcc6d9ed7c7b3b01083fea8e2 Author: Mike Snitzer Date: Tue Dec 13 14:54:50 2016 -0500 dm flakey: introduce "error_writes" feature Recent dm-flakey fixes, to have reads error out during the "down" interval, made it so that the previous read behaviour is no longer available. It is useful to have reads complete like normal but have writes error out, so make it possible again with a new "error_writes" feature. Signed-off-by: Mike Snitzer drivers/md/dm-flakey.c | 51 +++++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 42 insertions(+), 9 deletions(-) commit 3e1ed981b7a903ba81199d4d25b80c6bba705160 Author: Alexey Dobriyan Date: Tue Dec 13 22:30:15 2016 +0300 netlink: revert broken, broken "2-clause nla_ok()" Commit 4f7df337fe79bba1e4c2d525525d63b5ba186bbd "netlink: 2-clause nla_ok()" is BROKEN. First clause tests if "->nla_len" could even be accessed at all, it can not possibly be omitted. Signed-off-by: Alexey Dobriyan Signed-off-by: David S. Miller include/net/netlink.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 098c30557a9a19827240aaadc137e4668157dc6b Merge: 72cca7b 5d47ec0 Author: Linus Torvalds Date: Tue Dec 13 11:42:18 2016 -0800 Merge tag 'driver-core-4.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core Pull driver core updates from Greg KH: "Here's the new driver core patches for 4.10-rc1. Big thing here is the nice addition of "functional dependencies" to the driver core. The idea has been talked about for a very long time, great job to Rafael for stepping up and implementing it. It's been tested for longer than the 4.9-rc1 date, we held off on merging it earlier in order to feel more comfortable about it. Other than that, it's just a handful of small other patches, some good cleanups to the mess that is the firmware class code, and we have a test driver for the deferred probe logic. All of these have been in linux-next for a while with no reported issues" * tag 'driver-core-4.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core: (30 commits) firmware: Correct handling of fw_state_wait() return value driver core: Silence device links sphinx warning firmware: remove warning at documentation generation time drivers: base: dma-mapping: Fix typo in dmam_alloc_non_coherent comments driver core: test_async: fix up typo found by 0-day firmware: move fw_state_is_done() into UHM section firmware: do not use fw_lock for fw_state protection firmware: drop bit ops in favor of simple state machine firmware: refactor loading status firmware: fix usermode helper fallback loading driver core: firmware_class: convert to use class_groups driver core: devcoredump: convert to use class_groups driver core: class: add class_groups support kernfs: Declare two local data structures static driver-core: fix platform_no_drv_owner.cocci warnings drivers/base/memory.c: Remove unused 'first_page' variable driver core: add CLASS_ATTR_WO() drivers: base: cacheinfo: support DT overrides for cache properties drivers: base: cacheinfo: add pr_fmt logging drivers: base: cacheinfo: fix boot error message when acpi is enabled ... commit 72cca7baf4fba777b8ab770b902cf2e08941773f Merge: 5266e70 3e0f9b2 Author: Linus Torvalds Date: Tue Dec 13 11:35:00 2016 -0800 Merge tag 'staging-4.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging Pull staging/IIO updates from Greg KH: "Here's the "big" staging/iio pull request for 4.10-rc1. Not as big as 4.9 was, but still just over a thousand changes. We almost broke even of lines added vs. removed, as the slicoss driver was removed (got a "clean" driver for the same hardware through the netdev tree), and some iio drivers were also dropped, but I think we ended up adding a few thousand lines to the source tree in the end. Other than that it's a lot of minor fixes all over the place, nothing major stands out at all. All of these have been in linux-next for a while. There will be a merge conflict with Al's vfs tree in the lustre code, but the resolution for that should be pretty simple, that too has been in linux-next" * tag 'staging-4.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/staging: (1002 commits) staging: comedi: comedidev.h: Document usage of 'detach' handler staging: fsl-mc: remove unnecessary info prints from bus driver staging: fsl-mc: add sysfs ABI doc staging/lustre/o2iblnd: Fix misspelled attemps->attempts staging/lustre/o2iblnd: Fix misspelling intialized->intialized staging/lustre: Convert all bare unsigned to unsigned int staging/lustre/socklnd: Fix whitespace problem staging/lustre/o2iblnd: Add missing space staging/lustre/lnetselftest: Fix potential integer overflow staging: greybus: audio_module: remove redundant OOM message staging: dgnc: Fix lines longer than 80 characters staging: dgnc: fix blank line after '{' warnings. staging/android: remove Sync Framework tasks from TODO staging/lustre/osc: Revert erroneous list_for_each_entry_safe use staging: slicoss: remove the staging driver staging: lustre: libcfs: remove lnet upcall code staging: lustre: remove set but unused variables staging: lustre: osc: set lock data for readahead lock staging: lustre: import: don't reconnect during connect interpret staging: lustre: clio: remove mtime check in vvp_io_fault_start() ... commit 5266e70335dac35c35b5ca9cea4251c1389d4a68 Merge: 03f8d4c a9b01b5 Author: Linus Torvalds Date: Tue Dec 13 11:18:24 2016 -0800 Merge tag 'tty-4.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty Pull tty/serial updates from Greg KH: "Here's the tty/serial patchset for 4.10-rc1. It's been a quiet kernel cycle for this subsystem, just a small number of changes. A few new serial drivers, and some cleanups to the old vgacon logic, and other minor serial driver changes as well. All of these have been in linux-next for a while with no reported issues" * tag 'tty-4.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/tty: (54 commits) serial: 8250_mid fix calltrace when hotplug 8250 serial controller console: Move userspace I/O out of console_lock to fix lockdep warning tty: nozomi: avoid sprintf buffer overflow serial: 8250_pci: Detach low-level driver during PCI error recovery serial: core: don't check port twice in a row mxs-auart: count FIFO overrun errors serial: 8250_dw: Add support for IrDA SIR mode serial: 8250: Expose set_ldisc function serial: 8250: Add IrDA to UART capabilities serial: 8250_dma: power off device after TX is done serial: 8250_port: export serial8250_rpm_{get|put}_tx() serial: sunsu: Free memory when probe fails serial: sunhv: Free memory when remove() is called vt: fix Scroll Lock LED trigger name tty: typo in comments in drivers/tty/vt/keyboard.c tty: amba-pl011: Add earlycon support for SBSA UART tty: nozomi: use permission-specific DEVICE_ATTR variants tty: serial: Make the STM32 serial port depend on it's arch serial: ifx6x60: Free memory when probe fails serial: ioc4_serial: Free memory when kzalloc fails during probe ... commit 03f8d4cca352fd41f26b5c88dec1e4d3f507f5de Merge: a67485d d8a12b7 Author: Linus Torvalds Date: Tue Dec 13 11:10:36 2016 -0800 Merge tag 'usb-4.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb Pull USB/PHY updates from Greg KH: "Here's the big set of USB/PHY patches for 4.10-rc1. A number of new drivers are here in this set of changes. We have a new USB controller type "mtu3", a new usb-serial driver, and the usual churn in the gadget subsystem and the xhci host controller driver, along with a few other new small drivers added. And lots of little other changes all over the USB and PHY driver tree. Full details are in the shortlog All of these have been in linux-next for a while with no reported issues" * tag 'usb-4.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/usb: (309 commits) USB: serial: option: add dlink dwm-158 USB: serial: option: add support for Telit LE922A PIDs 0x1040, 0x1041 USB: OHCI: nxp: fix code warnings USB: OHCI: nxp: remove useless extern declaration USB: OHCI: at91: remove useless extern declaration usb: misc: rio500: fix result type for error message usb: mtu3: fix U3 port link issue usb: mtu3: enable auto switch from U3 to U2 usbip: fix warning in vhci_hcd_probe/lockdep_init_map usb: core: usbport: Use proper LED API to fix potential crash usbip: add missing compile time generated files to .gitignore usb: hcd.h: construct hub class request constants from simpler constants USB: OHCI: ohci-pxa27x: remove useless functions USB: OHCI: omap: remove useless extern declaration USB: OHCI: ohci-omap: remove useless functions USB: OHCI: ohci-s3c2410: remove useless functions USB: cdc-acm: add device id for GW Instek AFG-125 fsl/usb: Workarourd for USB erratum-A005697 usb: hub: Wait for connection to be reestablished after port reset usbip: vudc: Refactor init_vudc_hw() to be more obvious ... commit a67485d4bf97918225dfb5246e531643755a7ee1 Merge: 7b9dc3f 80f1b3d Author: Linus Torvalds Date: Tue Dec 13 11:06:21 2016 -0800 Merge tag 'acpi-4.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull ACPI updates from Rafael Wysocki: "The ACPICA code in the kernel gets updated as usual (included is upstream revision 20160930 and a few commits from the next one, with the rest waiting for an issue discovered in linux-next to be addressed) which brings in a couple of fixes and cleanups On top of that initial support for APEI on ARM64 is added, two new pieces of documentation are introduced, the properties-parsing code is updated to follow changes in the (external) documentation it is based on and there are a few updates of SoC drivers, some new blacklist entries, plus some assorted fixes and cleanups Specifics: - ACPICA update including upstream revision 20160930 and several commits beyond it (Bob Moore, Lv Zheng) - Initial support for ACPI APEI on ARM64 (Tomasz Nowicki) - New document describing the handling of _OSI and _REV in Linux (Len Brown) - New document describing the usage rules for _DSD properties (Rafael Wysocki) - Update of the ACPI properties-parsing code to reflect recent changes in the (external) documentation it is based on (Rafael Wysocki) - Updates of the ACPI LPSS and ACPI APD SoC drivers for additional hardware support (Andy Shevchenko, Nehal Shah) - New blacklist entries for _REV and video handling (Alex Hung, Hans de Goede, Michael Pobega) - ACPI battery driver fix to fall back to _BIF if _BIX fails (Dave Lambley) - NMI notifications handling fix for APEI (Prarit Bhargava) - Error code path fix for the ACPI CPPC library (Dan Carpenter) - Assorted cleanups (Andy Shevchenko, Longpeng Mike)" * tag 'acpi-4.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: (31 commits) ACPICA: Utilities: Add new decode function for parser values ACPI / osl: Refactor acpi_os_get_root_pointer() to drop 'else':s ACPI / osl: Propagate actual error code for kstrtoul() ACPI / property: Document usage rules for _DSD properties ACPI: Document _OSI and _REV for Linux BIOS writers ACPI / APEI / ARM64: APEI initial support for ARM64 ACPI / APEI: Fix NMI notification handling ACPICA: Tables: Add an error message complaining driver bugs ACPICA: Tables: Add acpi_tb_unload_table() ACPICA: Tables: Cleanup acpi_tb_install_and_load_table() ACPICA: Events: Fix acpi_ev_initialize_region() return value ACPICA: Back port of "ACPICA: Dispatcher: Tune interpreter lock around AcpiEvInitializeRegion()" ACPICA: Namespace: Add acpi_ns_handle_to_name() ACPI / CPPC: set an error code on probe error path ACPI / video: Add force_native quirk for HP Pavilion dv6 ACPI / video: Add force_native quirk for Dell XPS 17 L702X ACPI / property: Hierarchical properties support update ACPI / LPSS: enable hard LLP for DMA ACPI / battery: If _BIX fails, retry with _BIF ACPI / video: Move ACPI_VIDEO_NOTIFY_* defines to acpi/video.h .. commit 2939e1a86f758b55cdba73e29397dd3d94df13bc Author: Maxim Patlasov Date: Mon Dec 12 14:32:44 2016 -0800 btrfs: limit async_work allocation and worker func duration Problem statement: unprivileged user who has read-write access to more than one btrfs subvolume may easily consume all kernel memory (eventually triggering oom-killer). Reproducer (./mkrmdir below essentially loops over mkdir/rmdir): [root@kteam1 ~]# cat prep.sh DEV=/dev/sdb mkfs.btrfs -f $DEV mount $DEV /mnt for i in `seq 1 16` do mkdir /mnt/$i btrfs subvolume create /mnt/SV_$i ID=`btrfs subvolume list /mnt |grep "SV_$i$" |cut -d ' ' -f 2` mount -t btrfs -o subvolid=$ID $DEV /mnt/$i chmod a+rwx /mnt/$i done [root@kteam1 ~]# sh prep.sh [maxim@kteam1 ~]$ for i in `seq 1 16`; do ./mkrmdir /mnt/$i 2000 2000 & done [root@kteam1 ~]# for i in `seq 1 4`; do grep "kmalloc-128" /proc/slabinfo | grep -v dma; sleep 60; done kmalloc-128 10144 10144 128 32 1 : tunables 0 0 0 : slabdata 317 317 0 kmalloc-128 9992352 9992352 128 32 1 : tunables 0 0 0 : slabdata 312261 312261 0 kmalloc-128 24226752 24226752 128 32 1 : tunables 0 0 0 : slabdata 757086 757086 0 kmalloc-128 42754240 42754240 128 32 1 : tunables 0 0 0 : slabdata 1336070 1336070 0 The huge numbers above come from insane number of async_work-s allocated and queued by btrfs_wq_run_delayed_node. The problem is caused by btrfs_wq_run_delayed_node() queuing more and more works if the number of delayed items is above BTRFS_DELAYED_BACKGROUND. The worker func (btrfs_async_run_delayed_root) processes at least BTRFS_DELAYED_BATCH items (if they are present in the list). So, the machinery works as expected while the list is almost empty. As soon as it is getting bigger, worker func starts to process more than one item at a time, it takes longer, and the chances to have async_works queued more than needed is getting higher. The problem above is worsened by another flaw of delayed-inode implementation: if async_work was queued in a throttling branch (number of items >= BTRFS_DELAYED_WRITEBACK), corresponding worker func won't quit until the number of items < BTRFS_DELAYED_BACKGROUND / 2. So, it is possible that the func occupies CPU infinitely (up to 30sec in my experiments): while the func is trying to drain the list, the user activity may add more and more items to the list. The patch fixes both problems in straightforward way: refuse queuing too many works in btrfs_wq_run_delayed_node and bail out of worker func if at least BTRFS_DELAYED_WRITEBACK items are processed. Changed in v2: remove support of thresh == NO_THRESHOLD. Signed-off-by: Maxim Patlasov Signed-off-by: Chris Mason Cc: stable@vger.kernel.org # v3.15+ fs/btrfs/async-thread.c | 14 ++++++++++++++ fs/btrfs/async-thread.h | 1 + fs/btrfs/delayed-inode.c | 6 ++++-- 3 files changed, 19 insertions(+), 2 deletions(-) commit ec9160dacdb08eaeb40a878db97dfed6c2212d91 Author: Richard Weinberger Date: Tue Dec 13 00:27:59 2016 +0100 ubifs: Use fscrypt ioctl() helpers Commit db717d8e26c2 ("fscrypto: move ioctl processing more fully into common code") moved ioctl() related functions into fscrypt and offers us now a set of helper functions. Signed-off-by: Richard Weinberger Reviewed-by: David Gstir fs/ubifs/ioctl.c | 24 ++---------------------- fs/ubifs/ubifs.h | 4 ++-- 2 files changed, 4 insertions(+), 24 deletions(-) commit 7b9dc3f75fc8be046e76387a22a21f421ce55b53 Merge: 36869cb bbc17bb Author: Linus Torvalds Date: Tue Dec 13 10:41:53 2016 -0800 Merge tag 'pm-4.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull power management updates from Rafael Wysocki: "Again, cpufreq gets more changes than the other parts this time (one new driver, one old driver less, a bunch of enhancements of the existing code, new CPU IDs, fixes, cleanups) There also are some changes in cpuidle (idle injection rework, a couple of new CPU IDs, online/offline rework in intel_idle, fixes and cleanups), in the generic power domains framework (mostly related to supporting power domains containing CPUs), and in the Operating Performance Points (OPP) library (mostly related to supporting devices with multiple voltage regulators) In addition to that, the system sleep state selection interface is modified to make it easier for distributions with unchanged user space to support suspend-to-idle as the default system suspend method, some issues are fixed in the PM core, the latency tolerance PM QoS framework is improved a bit, the Intel RAPL power capping driver is cleaned up and there are some fixes and cleanups in the devfreq subsystem Specifics: - New cpufreq driver for Broadcom STB SoCs and a Device Tree binding for it (Markus Mayer) - Support for ARM Integrator/AP and Integrator/CP in the generic DT cpufreq driver and elimination of the old Integrator cpufreq driver (Linus Walleij) - Support for the zx296718, r8a7743 and r8a7745, Socionext UniPhier, and PXA SoCs in the the generic DT cpufreq driver (Baoyou Xie, Geert Uytterhoeven, Masahiro Yamada, Robert Jarzmik) - cpufreq core fix to eliminate races that may lead to using inactive policy objects and related cleanups (Rafael Wysocki) - cpufreq schedutil governor update to make it use SCHED_FIFO kernel threads (instead of regular workqueues) for doing delayed work (to reduce the response latency in some cases) and related cleanups (Viresh Kumar) - New cpufreq sysfs attribute for resetting statistics (Markus Mayer) - cpufreq governors fixes and cleanups (Chen Yu, Stratos Karafotis, Viresh Kumar) - Support for using generic cpufreq governors in the intel_pstate driver (Rafael Wysocki) - Support for per-logical-CPU P-state limits and the EPP/EPB (Energy Performance Preference/Energy Performance Bias) knobs in the intel_pstate driver (Srinivas Pandruvada) - New CPU ID for Knights Mill in intel_pstate (Piotr Luc) - intel_pstate driver modification to use the P-state selection algorithm based on CPU load on platforms with the system profile in the ACPI tables set to "mobile" (Srinivas Pandruvada) - intel_pstate driver cleanups (Arnd Bergmann, Rafael Wysocki, Srinivas Pandruvada) - cpufreq powernv driver updates including fast switching support (for the schedutil governor), fixes and cleanus (Akshay Adiga, Andrew Donnellan, Denis Kirjanov) - acpi-cpufreq driver rework to switch it over to the new CPU offline/online state machine (Sebastian Andrzej Siewior) - Assorted cleanups in cpufreq drivers (Wei Yongjun, Prashanth Prakash) - Idle injection rework (to make it use the regular idle path instead of a home-grown custom one) and related powerclamp thermal driver updates (Peter Zijlstra, Jacob Pan, Petr Mladek, Sebastian Andrzej Siewior) - New CPU IDs for Atom Z34xx and Knights Mill in intel_idle (Andy Shevchenko, Piotr Luc) - intel_idle driver cleanups and switch over to using the new CPU offline/online state machine (Anna-Maria Gleixner, Sebastian Andrzej Siewior) - cpuidle DT driver update to support suspend-to-idle properly (Sudeep Holla) - cpuidle core cleanups and misc updates (Daniel Lezcano, Pan Bian, Rafael Wysocki) - Preliminary support for power domains including CPUs in the generic power domains (genpd) framework and related DT bindings (Lina Iyer) - Assorted fixes and cleanups in the generic power domains (genpd) framework (Colin Ian King, Dan Carpenter, Geert Uytterhoeven) - Preliminary support for devices with multiple voltage regulators and related fixes and cleanups in the Operating Performance Points (OPP) library (Viresh Kumar, Masahiro Yamada, Stephen Boyd) - System sleep state selection interface rework to make it easier to support suspend-to-idle as the default system suspend method (Rafael Wysocki) - PM core fixes and cleanups, mostly related to the interactions between the system suspend and runtime PM frameworks (Ulf Hansson, Sahitya Tummala, Tony Lindgren) - Latency tolerance PM QoS framework imorovements (Andrew Lutomirski) - New Knights Mill CPU ID for the Intel RAPL power capping driver (Piotr Luc) - Intel RAPL power capping driver fixes, cleanups and switch over to using the new CPU offline/online state machine (Jacob Pan, Thomas Gleixner, Sebastian Andrzej Siewior) - Fixes and cleanups in the exynos-ppmu, exynos-nocp, rk3399_dmc, rockchip-dfi devfreq drivers and the devfreq core (Axel Lin, Chanwoo Choi, Javier Martinez Canillas, MyungJoo Ham, Viresh Kumar) - Fix for false-positive KASAN warnings during resume from ACPI S3 (suspend-to-RAM) on x86 (Josh Poimboeuf) - Memory map verification during resume from hibernation on x86 to ensure a consistent address space layout (Chen Yu) - Wakeup sources debugging enhancement (Xing Wei) - rockchip-io AVS driver cleanup (Shawn Lin)" * tag 'pm-4.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: (127 commits) devfreq: rk3399_dmc: Don't use OPP structures outside of RCU locks devfreq: rk3399_dmc: Remove dangling rcu_read_unlock() devfreq: exynos: Don't use OPP structures outside of RCU locks Documentation: intel_pstate: Document HWP energy/performance hints cpufreq: intel_pstate: Support for energy performance hints with HWP cpufreq: intel_pstate: Add locking around HWP requests PM / sleep: Print active wakeup sources when blocking on wakeup_count reads PM / core: Fix bug in the error handling of async suspend PM / wakeirq: Fix dedicated wakeirq for drivers not using autosuspend PM / Domains: Fix compatible for domain idle state PM / OPP: Don't WARN on multiple calls to dev_pm_opp_set_regulators() PM / OPP: Allow platform specific custom set_opp() callbacks PM / OPP: Separate out _generic_set_opp() PM / OPP: Add infrastructure to manage multiple regulators PM / OPP: Pass struct dev_pm_opp_supply to _set_opp_voltage() PM / OPP: Manage supply's voltage/current in a separate structure PM / OPP: Don't use OPP structure outside of rcu protected section PM / OPP: Reword binding supporting multiple regulators per device PM / OPP: Fix incorrect cpu-supply property in binding cpuidle: Add a kerneldoc comment to cpuidle_use_deepest_state() .. commit 7d29f349a4b9dcf5bc9dcc05630d6a7f6b6b3ccd Author: Bodong Wang Date: Thu Dec 1 13:43:16 2016 +0200 IB/mlx5: Properly adjust rate limit on QP state transitions - Add MODIFY_QP_EX CMD to extend modify_qp. - Rate limit will be updated in the following state transactions: RTR2RTS, RTS2RTS. The limit will be removed when SQ is in RST and ERR state. Signed-off-by: Bodong Wang Reviewed-by: Matan Barak Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/mlx5/main.c | 3 +- drivers/infiniband/hw/mlx5/mlx5_ib.h | 1 + drivers/infiniband/hw/mlx5/qp.c | 74 ++++++++++++++++++++++++++++++++---- 3 files changed, 69 insertions(+), 9 deletions(-) commit 189aba99e70030cfb56bd8f199bc5b077a1bc6ff Author: Bodong Wang Date: Thu Dec 1 13:43:15 2016 +0200 IB/uverbs: Extend modify_qp and support packet pacing An new uverbs command ib_uverbs_ex_modify_qp is added to support more QP attributes. User driver should choose to call the legacy/extended API based on input mask. IB_USER_LAST_QP_ATTR_MASK is added to indicated the maximum bit position which supports legacy ib_uverbs_modify_qp. IB_USER_LEGACY_LAST_QP_ATTR_MASK indicates the maximum bit position which supports ib_uverbs_ex_modify_qp, the value of this mask should be updated if new mask is added later. Along with this change, rate_limit is supported by the extended command, user driver could use it to control packet packing. Signed-off-by: Bodong Wang Reviewed-by: Matan Barak Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/core/uverbs.h | 1 + drivers/infiniband/core/uverbs_cmd.c | 192 ++++++++++++++++++++++------------ drivers/infiniband/core/uverbs_main.c | 1 + include/uapi/rdma/ib_user_verbs.h | 21 ++++ 4 files changed, 146 insertions(+), 69 deletions(-) commit 528e5a1bd3f0e9b760cb3a1062fce7513712a15d Author: Bodong Wang Date: Thu Dec 1 13:43:14 2016 +0200 IB/core: Support rate limit for packet pacing Add new member rate_limit to ib_qp_attr which holds the packet pacing rate in kbps, 0 means unlimited. IB_QP_RATE_LIMIT is added to ib_attr_mask and could be used by RAW QPs when changing QP state from RTR to RTS, RTS to RTS. Signed-off-by: Bodong Wang Reviewed-by: Matan Barak Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/core/verbs.c | 2 ++ include/rdma/ib_verbs.h | 2 ++ 2 files changed, 4 insertions(+) commit d949167d68b304c0a00331cf33ef49a29b65d85f Author: Bodong Wang Date: Thu Dec 1 13:43:13 2016 +0200 IB/mlx5: Report mlx5 packet pacing capabilities when querying device Enable mlx5 based hardware to report packet pacing capabilities from kernel to user space. Packet pacing allows to limit the rate to any number between the maximum and minimum, based on user settings. The capabilities are exposed to user space through query_device by uhw. The following capabilities are reported: 1. The maximum and minimum rate limit in kbps supported by packet pacing. 2. Bitmap showing which QP types are supported by packet pacing operation. Signed-off-by: Bodong Wang Reviewed-by: Matan Barak Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/mlx5/main.c | 13 +++++++++++++ include/uapi/rdma/mlx5-abi.h | 13 +++++++++++++ 2 files changed, 26 insertions(+) commit ca5b91d63192ceaa41a6145f8c923debb64c71fa Author: Or Gerlitz Date: Sun Nov 27 16:51:36 2016 +0200 IB/mlx5: Support RAW Ethernet when RoCE is disabled On some environments, such as certain SRIOV VF configurations, RoCE is not supported for mlx5 Ethernet ports. Currently, the driver will not open IB device on that port. This is problematic, since we do want user-space RAW Ethernet (RAW_PACKET QPs) functionality to remain in place. For that end, enhance the relevant driver flows such that we do create a device instance in that case. Signed-off-by: Or Gerlitz Reviewed-by: Matan Barak Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/mlx5/main.c | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) commit 45f95acd63222dd1dc752fa904536327b10f1082 Author: Or Gerlitz Date: Sun Nov 27 16:51:35 2016 +0200 IB/mlx5: Rename RoCE related helpers to reflect being Eth ones This is a pre-step towards having mlx5 IB device also over Eth ports where RoCE is not supported. We change the roce enable/disable and roce_lag init/fini function names to have _eth instead of _roce. This patch doesn't change any functionality. Signed-off-by: Or Gerlitz Reviewed-by: Matan Barak Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/mlx5/main.c | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) commit d012f5d6f8597f936f44c79e46345fda86dcff4d Author: Or Gerlitz Date: Sun Nov 27 16:51:34 2016 +0200 IB/mlx5: Refactor registration to netdev notifier Refactor the netdev notifier registration into a small helper function. This is a pre-step towards having mlx5 IB device over an Ethernet port which doesn't support RoCE. Also, renamed the de-registration helper and the new helper as netdev notifier and not roce, to make it clear this is not only used with roce. This patch doesn't change any functionality. Signed-off-by: Or Gerlitz Reviewed-by: Matan Barak Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/mlx5/main.c | 29 ++++++++++++++++++++--------- 1 file changed, 20 insertions(+), 9 deletions(-) commit b216af408c985092a79472ad10e6f216cb2973fc Author: Maor Gottlieb Date: Sun Nov 27 15:18:22 2016 +0200 IB/mlx5: Use u64 for UMR length The fast_registration length is used to convey length for memory registrations through UMR which can be of any size up to 2^64. Change the length type to be u64. Fixes: 968e78dd9644 ('IB/mlx5: Enhance UMR support to allow partial page table update') Signed-off-by: Maor Gottlieb Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/mlx5/mlx5_ib.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit afd02cd3a9b6c04b41d946b5d7f6e17b3fc30c6b Author: Eli Cohen Date: Sun Nov 27 15:18:21 2016 +0200 IB/mlx5: Avoid system crash when enabling many VFs When enabling many VFs, the total amount of DMA mappings increase significantly. This causes DMA allocations to take a lot of time since they are serialized in the kernel. As a result the driver enters into fatal condition due to timeout and the system hangs. To recover from this we disable MR cache for VFs. PFs will still have a full cache and VFs cache can be manipulated as usual after driver load. Fixes: e126ba97dba9 ('mlx5: Add driver for Mellanox Connect-IB adapters') Signed-off-by: Eli Cohen Signed-off-by: Maor Gottlieb Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/mlx5/mr.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit c73b7911de97fad3ab9032a110af48d6ab2da48f Author: Maor Gottlieb Date: Sun Nov 27 15:18:20 2016 +0200 IB/mlx5: Assign SRQ type earlier Move the SRQ type assignment to be before actually using it in create_srq_user() and in create_srq_kernel() functions. Fixes: af1ba291c5e4 ('{net, IB}/mlx5: Refactor internal SRQ API') Signed-off-by: Maor Gottlieb Reviewed-by: Majd Dibbiny Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/mlx5/srq.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit c482af646d0809a8d5e1b7f4398cce3592589b98 Author: Jack Morgenstein Date: Sun Nov 27 15:18:19 2016 +0200 IB/mlx4: Fix out-of-range array index in destroy qp flow For non-special QPs, the port value becomes non-zero only at the RESET-to-INIT transition. If the QP has not undergone that transition, its port number value is still zero. If such a QP is destroyed before being moved out of the RESET state, subtracting one from the qp port number results in a negative value. Using that negative value as an index into the qp1_proxy array results in an out-of-bounds array reference. Fix this by testing that the QP type is one that uses qp1_proxy before using the port number. For special QPs of all types, the port number is specified at QP creation time. Fixes: 9433c188915c ("IB/mlx4: Invoke UPDATE_QP for proxy QP1 on MAC changes") Signed-off-by: Jack Morgenstein Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/mlx4/qp.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 41c450fd8da549c5f7cced6650354095b0d4312a Author: Moni Shoua Date: Wed Nov 23 08:23:26 2016 +0200 IB/mlx5: Make create/destroy_ah available to userspace Advertise that create_ah and destroy_ah verbs are accessible from uverbs interface. Signed-off-by: Moni Shoua Reviewed-by: Yishai Hadas Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/mlx5/main.c | 2 ++ 1 file changed, 2 insertions(+) commit 5097e71f3edafad3e7d8d4f9c4a137d9aad0fae2 Author: Moni Shoua Date: Wed Nov 23 08:23:25 2016 +0200 IB/mlx5: Use kernel driver to help userspace create ah Resolving a MAC address for a given IP address in userspace is inefficient. This patch lets mlx5 user driver using the kernel driver to resolve the mac and get the answer in the private section of the response. Signed-off-by: Moni Shoua Reviewed-by: Yishai Hadas Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/mlx5/ah.c | 21 +++++++++++++++++++++ include/uapi/rdma/mlx5-abi.h | 6 ++++++ 2 files changed, 27 insertions(+) commit 477864c8fcd953e5a988073ca5be18bb7fd93410 Author: Moni Shoua Date: Wed Nov 23 08:23:24 2016 +0200 IB/core: Let create_ah return extended response to user Add struct ib_udata to the signature of create_ah callback that is implemented by IB device drivers. This allows HW drivers to return extra data to the userspace library. This patch prepares the ground for mlx5 driver to resolve destination mac address for a given GID and return it to userspace. This patch was previously submitted by Knut Omang as a part of the patch set to support Oracle's Infiniband HCA (SIF). Signed-off-by: Knut Omang Signed-off-by: Moni Shoua Reviewed-by: Yishai Hadas Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/core/uverbs_cmd.c | 11 ++++++++++- drivers/infiniband/core/verbs.c | 2 +- drivers/infiniband/hw/cxgb3/iwch_provider.c | 3 ++- drivers/infiniband/hw/cxgb4/provider.c | 4 +++- drivers/infiniband/hw/hns/hns_roce_ah.c | 3 ++- drivers/infiniband/hw/hns/hns_roce_device.h | 3 ++- drivers/infiniband/hw/i40iw/i40iw_verbs.c | 4 +++- drivers/infiniband/hw/mlx4/ah.c | 4 +++- drivers/infiniband/hw/mlx4/mlx4_ib.h | 3 ++- drivers/infiniband/hw/mlx5/ah.c | 4 +++- drivers/infiniband/hw/mlx5/mlx5_ib.h | 3 ++- drivers/infiniband/hw/mthca/mthca_provider.c | 4 +++- drivers/infiniband/hw/nes/nes_verbs.c | 3 ++- drivers/infiniband/hw/ocrdma/ocrdma_ah.c | 3 ++- drivers/infiniband/hw/ocrdma/ocrdma_ah.h | 4 +++- drivers/infiniband/hw/qedr/verbs.c | 3 ++- drivers/infiniband/hw/qedr/verbs.h | 3 ++- drivers/infiniband/hw/usnic/usnic_ib_verbs.c | 4 +++- drivers/infiniband/hw/usnic/usnic_ib_verbs.h | 4 +++- drivers/infiniband/sw/rxe/rxe_verbs.c | 4 +++- include/rdma/ib_verbs.h | 3 ++- 21 files changed, 58 insertions(+), 21 deletions(-) commit 6ad279c5a2e55bf2bd100b4222090d4717de88d5 Author: Moni Shoua Date: Wed Nov 23 08:23:23 2016 +0200 IB/mlx5: Report that device has udata response in create_ah To make mlx5 user driver aware of whether kernel driver returns dmac in user data response add a new flag that will be returned back to user-space through alloc_ucontext. Signed-off-by: Moni Shoua Reviewed-by: Yishai Hadas Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/mlx5/main.c | 3 ++- include/uapi/rdma/mlx5-abi.h | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) commit c90ea9d8e51196d9c528e57d9ab09ee7d41f0ba0 Author: Moni Shoua Date: Wed Nov 23 08:23:22 2016 +0200 IB/core: Change ib_resolve_eth_dmac to use it in create AH The function ib_resolve_eth_dmac() requires struct qp_attr * and qp_attr_mask as parameters while the function might be useful to resolve dmac for address handles. This patch changes the signature of the function so it can be used in the flow of creating an address handle. Signed-off-by: Moni Shoua Reviewed-by: Yishai Hadas Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/core/core_priv.h | 3 -- drivers/infiniband/core/uverbs_cmd.c | 8 ++-- drivers/infiniband/core/verbs.c | 84 ++++++++++++++++++------------------ include/rdma/ib_verbs.h | 2 + 4 files changed, 49 insertions(+), 48 deletions(-) commit 2d1e697e9b716b8a692bc9c197e5f4ffd10d7307 Author: Moses Reuben Date: Mon Nov 14 19:04:52 2016 +0200 IB/mlx5: Add support to match inner packet fields Add support to match packet fields which are tunneled, i.e. support matching the header of the inner packet which is the result of or bit operation of the original header and the IB_FLOW_SPEC_INNER type. The combination of IB_FLOW_SPEC_INNER | IB_FLOW_SPEC_VXLAN_TUNNEL is not needed to be checked, because the IB core has this check already. Signed-off-by: Moses Reuben Reviewed-by: Maor Gottlieb Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/mlx5/main.c | 131 +++++++++++++++++++++++--------------- 1 file changed, 78 insertions(+), 53 deletions(-) commit fbf46860b19ddb485f00bef1ad1a43aabc9f71ad Author: Moses Reuben Date: Mon Nov 14 19:04:51 2016 +0200 IB/core: Introduce inner flow steering For a tunneled packet which contains external and internal headers, we refer to the external headers as "outer fields" and the internal headers as "inner fields". Example of a tunneled packet: { L2 | L3 | L4 | tunnel header | L2 | L3 | l4 | data } | | | | | | | { outer fields }{ inner fields } This patch introduces a new flag for flow steering rules - IB_FLOW_SPEC_INNER - which specifies that the rule applies to the inner fields, rather than to the outer fields of the packet. Signed-off-by: Moses Reuben Reviewed-by: Maor Gottlieb Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/core/uverbs_cmd.c | 4 +++- include/rdma/ib_verbs.h | 17 +++++++++-------- 2 files changed, 12 insertions(+), 9 deletions(-) commit ffb30d8f107b27820a069ae6772ab48e58cc0b2f Author: Moses Reuben Date: Mon Nov 14 19:04:50 2016 +0200 IB/mlx5: Support Vxlan tunneling specification Add support to receive specific Vxlan packet in ConnectX-4. Signed-off-by: Moses Reuben Reviewed-by: Maor Gottlieb Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/mlx5/main.c | 11 +++++++++++ 1 file changed, 11 insertions(+) commit a0cb4c759af12943806564294fa53ab08cb7cf93 Author: Moses Reuben Date: Mon Nov 14 19:04:49 2016 +0200 IB/uverbs: Add support for Vxlan protocol Add ib_uverbs_flow_spec_tunnel to define the rule to match Vxlan, the type, size, reserved fields are identical to rest of the protocols, and are used to identify the spec. The tunnel id is the vni value of the Vxlan protocol, and it is used as part of the steering rule, it is limited by the mask. The steering rule configured on the hardware does a match according to vni and other protocols. In the same way as rest of the protocols that we match, the uniq field's of each protocol are represented on the val and the mask. Signed-off-by: Moses Reuben Reviewed-by: Maor Gottlieb Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford include/uapi/rdma/ib_user_verbs.h | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) commit 76bd23b34204cad78f48aec4cef38869a66aa594 Author: Moses Reuben Date: Mon Nov 14 19:04:48 2016 +0200 IB/core: Align structure ib_flow_spec_type Aligned the structure ib_flow_spec_type indentation, after adding a new definition. Signed-off-by: Moses Reuben Reviewed-by: Maor Gottlieb Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford include/rdma/ib_verbs.h | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) commit 0dbf3332b7b683db33a385a3ce9baab157e3ff9a Author: Moses Reuben Date: Mon Nov 14 19:04:47 2016 +0200 IB/core: Add flow spec tunneling support In order to support tunneling, that can be used by the QP, both struct ib_flow_spec_tunnel and struct ib_flow_tunnel_filter can be used to more IP or UDP based tunneling protocols (e.g NVGRE, GRE, etc). IB_FLOW_SPEC_VXLAN_TUNNEL type flow specification is added to use this functionality and match specific Vxlan packets. In similar to IPv6, we check overflow of the vni value by comparing with the maximum size. Signed-off-by: Moses Reuben Reviewed-by: Maor Gottlieb Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/core/uverbs_cmd.c | 15 +++++++++++++++ include/rdma/ib_verbs.h | 19 ++++++++++++++++++- 2 files changed, 33 insertions(+), 1 deletion(-) commit 1cbe6fc86ccfe05a910be4883da7c7bd28c190fe Author: Bodong Wang Date: Mon Oct 31 12:16:45 2016 +0200 IB/mlx5: Add support for CQE compressing CQE compressing reduces PCI overhead by coalescing and compressing multiple CQEs into a single merged CQE. Successful compressing improves message rate especially for small packet traffic. CQE compressing is supported for all 64B CQE formats (with certain limitations) generated by RQ/Responder or by SQ/Requestor. Signed-off-by: Bodong Wang Reviewed-by: Matan Barak Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/mlx5/cq.c | 30 +++++++++++++++++++++++++++++- include/uapi/rdma/mlx5-abi.h | 4 +++- 2 files changed, 32 insertions(+), 2 deletions(-) commit 7e43a2a5bae39fedaa7cce21d637e0c8d96d8e54 Author: Bodong Wang Date: Mon Oct 31 12:16:44 2016 +0200 IB/mlx5: Report mlx5 CQE compression caps during query The capabilities include: - Max number of compressed and aggregated CQEs in a single session, while zero means unsupported. - For Responder, there are two formats of mini CQE: mini CQE with Rx hash and mini CQE with checksum. They're mutual exclusive. Signed-off-by: Bodong Wang Reviewed-by: Matan Barak Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/mlx5/main.c | 10 ++++++++++ include/uapi/rdma/mlx5-abi.h | 12 ++++++++++++ 2 files changed, 22 insertions(+) commit 191ded4a4d991acf17207e0b4370fef070bce3e9 Author: Bodong Wang Date: Mon Oct 31 12:15:21 2016 +0200 IB/mlx5: Report mlx5 multi packet WQE caps during query The capabilities whether hardware support multi packet WQE or not is exposed to user space through query_device by uhw. Signed-off-by: Bodong Wang Reviewed-by: Matan Barak Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/mlx5/main.c | 11 +++++++++++ include/uapi/rdma/mlx5-abi.h | 2 ++ 2 files changed, 13 insertions(+) commit c226dc22ec4904340e3e14a536983cda3dbe7914 Author: Leon Romanovsky Date: Mon Oct 31 12:15:20 2016 +0200 net/mlx5: Report multi packet WQE capabilities Multi packet WQE enables sending multiple fix sized packets using a single WQE. The exposed field reports such HW support. Signed-off-by: Bodong Wang Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford include/linux/mlx5/mlx5_ifc.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d680ebed91e0b45c43ae03a880a0b43211096161 Author: Yonatan Cohen Date: Wed Nov 16 10:39:16 2016 +0200 IB/rxe: Increase max number of completions to 32k Increase limit of max CQE from 8K to 32K to allow demanding applications to work over SoftRoCE with same configuration as most RoCEv2 HW vendors have. Fixes: 8700e3e7c485 ("Soft RoCE driver") Signed-off-by: Yonatan Cohen Reviewed-by: Moni Shoua Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/sw/rxe/rxe_param.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit bf08e884bfd5be068fd2ccf2bc450f085d8dd853 Author: Eran Ben Elisha Date: Thu Nov 10 11:31:01 2016 +0200 IB/mlx4: Check if GRH is available before using it Before reading GRH attributes, need to make sure AH contains GRH, and in addition, initialize GID type. Fixes: dbf727de7440 ('IB/core: Use GID table in AH creation and dmac resolution') Signed-off-by: Eran Ben Elisha Signed-off-by: Daniel Jurgens Reviewed-by: Mark Bloch Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/mlx4/qp.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 1f22e454df2eb99ba6b7ace3f594f6805cdf5cbc Author: Eran Ben Elisha Date: Thu Nov 10 11:31:00 2016 +0200 IB/mlx4: When no DMFS for IPoIB, don't allow NET_IF QPs According to the firmware spec, FLOW_STEERING_IB_UC_QP_RANGE command is supported only if dmfs_ipoib bit is set. If it isn't set we want to ensure allocating NET_IF QPs fail. We do so by filling out the allocation bitmap. By thus, the NET_IF QPs allocating function won't find any free QP and will fail. Fixes: c1c98501121e ('IB/mlx4: Add support for steerable IB UD QPs') Signed-off-by: Eran Ben Elisha Signed-off-by: Daniel Jurgens Reviewed-by: Mark Bloch Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/mlx4/main.c | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) commit 36869cb93d36269f34800b3384ba7991060a69cf Merge: 9439b37 7cd54aa Author: Linus Torvalds Date: Tue Dec 13 10:19:16 2016 -0800 Merge branch 'for-4.10/block' of git://git.kernel.dk/linux-block Pull block layer updates from Jens Axboe: "This is the main block pull request this series. Contrary to previous release, I've kept the core and driver changes in the same branch. We always ended up having dependencies between the two for obvious reasons, so makes more sense to keep them together. That said, I'll probably try and keep more topical branches going forward, especially for cycles that end up being as busy as this one. The major parts of this pull request is: - Improved support for O_DIRECT on block devices, with a small private implementation instead of using the pig that is fs/direct-io.c. From Christoph. - Request completion tracking in a scalable fashion. This is utilized by two components in this pull, the new hybrid polling and the writeback queue throttling code. - Improved support for polling with O_DIRECT, adding a hybrid mode that combines pure polling with an initial sleep. From me. - Support for automatic throttling of writeback queues on the block side. This uses feedback from the device completion latencies to scale the queue on the block side up or down. From me. - Support from SMR drives in the block layer and for SD. From Hannes and Shaun. - Multi-connection support for nbd. From Josef. - Cleanup of request and bio flags, so we have a clear split between which are bio (or rq) private, and which ones are shared. From Christoph. - A set of patches from Bart, that improve how we handle queue stopping and starting in blk-mq. - Support for WRITE_ZEROES from Chaitanya. - Lightnvm updates from Javier/Matias. - Supoort for FC for the nvme-over-fabrics code. From James Smart. - A bunch of fixes from a whole slew of people, too many to name here" * 'for-4.10/block' of git://git.kernel.dk/linux-block: (182 commits) blk-stat: fix a few cases of missing batch flushing blk-flush: run the queue when inserting blk-mq flush elevator: make the rqhash helpers exported blk-mq: abstract out blk_mq_dispatch_rq_list() helper blk-mq: add blk_mq_start_stopped_hw_queue() block: improve handling of the magic discard payload blk-wbt: don't throttle discard or write zeroes nbd: use dev_err_ratelimited in io path nbd: reset the setup task for NBD_CLEAR_SOCK nvme-fabrics: Add FC LLDD loopback driver to test FC-NVME nvme-fabrics: Add target support for FC transport nvme-fabrics: Add host support for FC transport nvme-fabrics: Add FC transport LLDD api definitions nvme-fabrics: Add FC transport FC-NVME definitions nvme-fabrics: Add FC transport error codes to nvme.h Add type 0x28 NVME type code to scsi fc headers nvme-fabrics: patch target code in prep for FC transport support nvme-fabrics: set sqe.command_id in core not transports parser: add u64 number parser nvme-rdma: align to generic ib_event logging helper ... commit 9439b3710df688d853eb6cb4851256f2c92b1797 Merge: 7079efc 2cf026a Author: Linus Torvalds Date: Tue Dec 13 09:35:09 2016 -0800 Merge tag 'drm-for-v4.10' of git://people.freedesktop.org/~airlied/linux Pull drm updates from Dave Airlie: "This is the main pull request for drm for 4.10 kernel. New drivers: - ZTE VOU display driver (zxdrm) - Amlogic Meson Graphic Controller GXBB/GXL/GXM SoCs (meson) - MXSFB support (mxsfb) Core: - Format handling has been reworked - Better atomic state debugging - drm_mm leak debugging - Atomic explicit fencing support - fbdev helper ops - Documentation updates - MST fbcon fixes Bridge: - Silicon Image SiI8620 driver Panel: - Add support for new simple panels i915: - GVT Device model - Better HDMI2.0 support on skylake - More watermark fixes - GPU idling rework for suspend/resume - DP Audio workarounds - Scheduler prep-work - Opregion CADL handling - GPU scheduler and priority boosting amdgfx/radeon: - Support for virtual devices - New VM manager for non-contig VRAM buffers - UVD powergating - SI register header cleanup - Cursor fixes - Powermanagement fixes nouveau: - Powermangement reworks for better voltage/clock changes - Atomic modesetting support - Displayport Multistream (MST) support. - GP102/104 hang and cursor fixes - GP106 support hisilicon: - hibmc support (BMC chip for aarch64 servers) armada: - add tracing support for overlay change - refactor plane support - de-midlayer the driver omapdrm: - Timing code cleanups rcar-du: - R8A7792/R8A7796 support - Misc fixes. sunxi: - A31 SoC display engine support imx-drm: - YUV format support - Cleanup plane atomic update mali-dp: - Misc fixes dw-hdmi: - Add support for HDMI i2c master controller tegra: - IOMMU support fixes - Error handling fixes tda998x: - Fix connector registration - Improved robustness - Fix infoframe/audio compliance virtio: - fix busid issues - allocate more vbufs qxl: - misc fixes and cleanups. vc4: - Fragment shader threading - ETC1 support - VEC (tv-out) support msm: - A5XX GPU support - Lots of atomic changes tilcdc: - Misc fixes and cleanups. etnaviv: - Fix dma-buf export path - DRAW_INSTANCED support - fix driver on i.MX6SX exynos: - HDMI refactoring fsl-dcu: - fbdev changes" * tag 'drm-for-v4.10' of git://people.freedesktop.org/~airlied/linux: (1343 commits) drm/nouveau/kms/nv50: fix atomic regression on original G80 drm/nouveau/bl: Do not register interface if Apple GMUX detected drm/nouveau/bl: Assign different names to interfaces drm/nouveau/bios/dp: fix handling of LevelEntryTableIndex on DP table 4.2 drm/nouveau/ltc: protect clearing of comptags with mutex drm/nouveau/gr/gf100-: handle GPC/TPC/MPC trap drm/nouveau/core: recognise GP106 chipset drm/nouveau/ttm: wait for bo fence to signal before unmapping vmas drm/nouveau/gr/gf100-: FECS intr handling is not relevant on proprietary ucode drm/nouveau/gr/gf100-: properly ack all FECS error interrupts drm/nouveau/fifo/gf100-: recover from host mmu faults drm: Add fake controlD* symlinks for backwards compat drm/vc4: Don't use drm_put_dev drm/vc4: Document VEC DT binding drm/vc4: Add support for the VEC (Video Encoder) IP drm: Add TV connector states to drm_connector_state drm: Turn DRM_MODE_SUBCONNECTOR_xx definitions into an enum drm/vc4: Fix ->clock_select setting for the VEC encoder drm/amdgpu/dce6: Set MASTER_UPDATE_MODE to 0 in resume_mc_access as well drm/amdgpu: use pin rather than pin_restricted in a few cases ... commit 1d161d4cd719ac498545c94805803af8af9b642f Author: Hans de Goede Date: Wed Oct 26 17:17:44 2016 +0200 platform/x86: dell-laptop: Use brightness_set_blocking for kbd_led_level_set kbd_led_level_set uses dell_smbios call which blocks, so the kbd_led classdev should use the brightness_set_blocking callback. Signed-off-by: Hans de Goede Reviewed-by: Pali Rohár Signed-off-by: Darren Hart drivers/platform/x86/dell-laptop.c | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) commit bb55a2ee76c2426686d320354f9ff7d9eadeb34b Author: Tobias Klauser Date: Fri Nov 25 14:18:07 2016 +0100 platform/x86: thinkpad_acpi: Fix old style declaration GCC warning Fix an [-Wold-style-declaration] GCC warning by moving the inline keyword before the return type. Signed-off-by: Tobias Klauser Acked-by: Henrique de Moraes Holschuh Signed-off-by: Darren Hart drivers/platform/x86/thinkpad_acpi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit a3c42a467a254a17236ab817d5c7c6bc054e4f84 Author: Hui Wang Date: Tue Nov 8 16:13:23 2016 +0800 platform/x86: thinkpad_acpi: Adding new hotkey ID for Lenovo thinkpad Recently we met an issue on lots of Lenovo thinkpad laptops (those laptops are not released to market yet), the issue is that the thinkpad_acpi.ko can't be automatically loaded as before. Through debugging, we found the HKEY_HID is LEN0268 instead of LEN0068 on those machines, and the MHKV is 0x200 instead of 0x100. So adding the new ID into the driver. Signed-off-by: Hui Wang Acked-by: Henrique de Moraes Holschuh Signed-off-by: Darren Hart drivers/platform/x86/thinkpad_acpi.c | 2 ++ 1 file changed, 2 insertions(+) commit b03f4d49469f3bde9600192af15b8f17f8673679 Author: Lyude Date: Fri Nov 11 15:15:03 2016 -0500 platform/x86: thinkpad_acpi: Add support for X1 Yoga (2016) Tablet Mode For whatever reason, the X1 Yoga doesn't support the normal method of querying for tablet mode. Instead of providing the MHKG method under the hotkey handle, we're instead given the CMMD method under the EC handle. Values on this handle are either 0x1, laptop mode, or 0x6, tablet mode. Tested-by: Daniel Martin Signed-off-by: Lyude Signed-off-by: Darren Hart Documentation/laptops/thinkpad-acpi.txt | 1 + drivers/platform/x86/thinkpad_acpi.c | 39 +++++++++++++++++++++++++++++---- 2 files changed, 36 insertions(+), 4 deletions(-) commit b31800283868746fc59686486a11fb24b103955b Author: Lyude Date: Fri Nov 11 15:15:02 2016 -0500 platform/x86: thinkpad_acpi: Move tablet detection into separate function The hotkey events and ACPI handles used for detecting tablet mode on a few of the newer thinkpad models (Yoga X1 and the Yoga 260 specifically) have been changed around, so unfortunately this means we're definitely going to need to probe for multiple types of tablet mode support. Since the hotkey_init() is already a lot larger than it should be, let's split up this detection into its own function to make things a little easier to read. As well, since we're going to have multiple types of tablet modes, make hotkey_tablet into an enum so we can also use it to indicate the type of tablet mode reporting the machine supports. Suggested by Daniel Martin Signed-off-by: Lyude Cc: Daniel Martin Acked-by: Henrique de Moraes Holschuh Signed-off-by: Darren Hart drivers/platform/x86/thinkpad_acpi.c | 52 +++++++++++++++++++++++++----------- 1 file changed, 37 insertions(+), 15 deletions(-) commit e74e259939275a5dd4e0d02845c694f421e249ad Author: Marcos Paulo de Souza Date: Tue Nov 29 23:23:06 2016 -0200 platform/x86: asus-nb-wmi.c: Add X45U quirk Without this patch, the Asus X45U wireless card can't be turned on (hard-blocked), but after a suspend/resume it just starts working. Following this bug report[1], there are other cases like this one, but this Asus is the only model that I can test. [1] https://ubuntuforums.org/showthread.php?t=2181558 Cc: stable@vger.kernel.org # 4.4.x- Signed-off-by: Marcos Paulo de Souza Signed-off-by: Andy Shevchenko drivers/platform/x86/asus-nb-wmi.c | 9 +++++++++ 1 file changed, 9 insertions(+) commit 085370eb19d3b502d56b318abd269bef77524590 Author: Marcos Paulo de Souza Date: Tue Nov 29 23:08:49 2016 -0200 platform/x86: asus-nb-wmi: Make use of dmi->ident Make use of dmi->ident as other drivers do, like fujitsu, intel, hp and samsung. Signed-off-by: Marcos Paulo de Souza Signed-off-by: Andy Shevchenko drivers/platform/x86/asus-nb-wmi.c | 1 + 1 file changed, 1 insertion(+) commit 8023eff10e7b0327898f17f0b553d2e45c71cef3 Author: Kai-Chuan Hsieh Date: Thu Sep 1 23:55:55 2016 +0800 platform/x86: asus-wmi: Set specified XUSB2PR value for X550LB The bluetooth adapter Atheros AR3012 can't be enumerated and make the bluetooth function broken. T: Bus=02 Lev=01 Prnt=01 Port=05 Cnt=02 Dev#= 5 Spd=12 MxCh= 0 D: Ver= 1.10 Cls=e0(wlcon) Sub=01 Prot=01 MxPS=64 #Cfgs= 1 P: Vendor=13d3 ProdID=3362 Rev=00.02 S: Manufacturer=Atheros Communications S: Product=Bluetooth USB Host Controller S: SerialNumber=Alaska Day 2006 C: #Ifs= 2 Cfg#= 1 Atr=e0 MxPwr=100mA I: If#= 0 Alt= 0 #EPs= 3 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb I: If#= 1 Alt= 0 #EPs= 2 Cls=e0(wlcon) Sub=01 Prot=01 Driver=btusb The error is: usb 2-6: device not accepting address 7, error -62 usb usb2-port6: unable to enumerate USB device It is caused by adapter's connected port is mapped to xHC controller, but the xHCI is not supported by the usb device. The output of 'sudo lspci -nnxxx -s 00:14.0': 00:14.0 USB controller [0c03]: Intel Corporation 8 Series USB xHCI HC [8086:9c31] (rev 04) 00: 86 80 31 9c 06 04 90 02 04 30 03 0c 00 00 00 00 10: 04 00 a0 f7 00 00 00 00 00 00 00 00 00 00 00 00 20: 00 00 00 00 00 00 00 00 00 00 00 00 43 10 1f 20 30: 00 00 00 00 70 00 00 00 00 00 00 00 0b 01 00 00 40: fd 01 36 80 89 c6 0f 80 00 00 00 00 00 00 00 00 50: 5f 2e ce 0f 00 00 00 00 00 00 00 00 00 00 00 00 60: 30 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 70: 01 80 c2 c1 08 00 00 00 00 00 00 00 00 00 00 00 80: 05 00 87 00 0c a0 e0 fe 00 00 00 00 a1 41 00 00 90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0: 00 01 04 00 00 00 00 00 00 00 00 00 00 00 00 00 b0: 0f 00 03 00 00 00 00 00 00 00 00 00 00 00 00 00 c0: 03 c0 30 00 00 00 00 00 03 0c 00 00 00 00 00 00 d0: f9 01 00 00 f9 01 00 00 0f 00 00 00 0f 00 00 00 e0: 00 08 00 00 00 00 00 00 00 00 00 00 d8 d8 00 00 f0: 00 00 00 00 00 00 00 00 b1 0f 04 08 00 00 00 00 By referencing Intel Platform Controller Hub(PCH) datasheet, the xHC USB 2.0 Port Routing(XUSB2PR) at offset 0xD0-0xD3h decides the setting of mapping the port to EHCI controller or xHC controller. And the port mapped to xHC will enable xHCI during bus resume. The setting of disabling bluetooth adapter's connected port is 0x000001D9. The value can be obtained by few times 1 bit flip operation. The suited configuration should have the 'lsusb -t' result with bluetooth using ehci: /: Bus 03.Port 1: Dev 1, Class=root_hub, Driver=xhci_hcd/4p, 5000M /: Bus 02.Port 1: Dev 1, Class=root_hub, Driver=xhci_hcd/9p, 480M |__ Port 5: Dev 2, If 0, Class=Video, Driver=uvcvideo, 480M |__ Port 5: Dev 2, If 1, Class=Video, Driver=uvcvideo, 480M /: Bus 01.Port 1: Dev 1, Class=root_hub, Driver=ehci-pci/2p, 480M |__ Port 1: Dev 2, If 0, Class=Hub, Driver=hub/8p, 480M |__ Port 6: Dev 3, If 0, Class=Wireless, Driver=btusb, 12M |__ Port 6: Dev 3, If 1, Class=Wireless, Driver=btusb, 12M Signed-off-by: Kai-Chuan Hsieh Acked-by: Corentin Chary Reviewed-by: Andy Shevchenko [andy: resolve merge conflict in asus-wmi.h] Signed-off-by: Andy Shevchenko drivers/platform/x86/asus-nb-wmi.c | 13 +++++++++++++ drivers/platform/x86/asus-wmi.c | 29 +++++++++++++++++++++++++++++ drivers/platform/x86/asus-wmi.h | 1 + 3 files changed, 43 insertions(+) commit b4aca383f9afb5f84b05de272656e6d4a919d995 Author: Borislav Petkov Date: Sat Nov 26 17:01:51 2016 +0100 platform/x86: intel_mid_thermal: Fix suspend handlers unused warning Fix: drivers/platform/x86/intel_mid_thermal.c:424:12: warning: ‘mid_thermal_resume’ defined but not used [-Wunused-function] static int mid_thermal_resume(struct device *dev) ^ drivers/platform/x86/intel_mid_thermal.c:436:12: warning: ‘mid_thermal_suspend’ defined but not used [-Wunused-function] static int mid_thermal_suspend(struct device *dev) ^ which I see during randbuilds here. Signed-off-by: Borislav Petkov Cc: Darren Hart Cc: platform-driver-x86@vger.kernel.org Reviewed-by: Andy Shevchenko Signed-off-by: Andy Shevchenko drivers/platform/x86/intel_mid_thermal.c | 2 ++ 1 file changed, 2 insertions(+) commit bb9ad484845d7cc48f0c8db199a91c3a669d908f Author: Axel Lin Date: Tue Sep 20 17:01:24 2016 +0800 platform/x86: intel-vbtn: Switch to use devm_input_allocate_device Use devm_input_allocate_device to simplify the error handling code. This conversion also makes input_register_device() to be called after acpi_remove_notify_handler. This avoid a small window that it's possible to call notify_handler after unregister input device. Signed-off-by: Axel Lin Reviewed-by: Andy Shevchenko Signed-off-by: Andy Shevchenko drivers/platform/x86/intel-vbtn.c | 33 +++++---------------------------- 1 file changed, 5 insertions(+), 28 deletions(-) commit 3526ecadc86cc1d485153255498cde7d0275dd37 Author: Axel Lin Date: Mon Sep 19 09:33:51 2016 +0800 platform/x86: Use ACPI_FAILURE at appropriate places Use ACPI_FAILURE() to replace !ACPI_SUCCESS(), this avoid !! operations. Signed-off-by: Axel Lin Acked-by: Henrique de Moraes Holschuh Reviewed-by: Andy Shevchenko Signed-off-by: Andy Shevchenko drivers/platform/x86/intel-hid.c | 6 +++--- drivers/platform/x86/intel-smartconnect.c | 2 +- drivers/platform/x86/intel-vbtn.c | 2 +- drivers/platform/x86/panasonic-laptop.c | 2 +- drivers/platform/x86/thinkpad_acpi.c | 2 +- 5 files changed, 7 insertions(+), 7 deletions(-) commit 5dc444b804eae57abaf6f05663d9cb9f030bb9d2 Author: Mario Limonciello Date: Thu Jul 28 12:53:48 2016 -0500 platform/x86: dell-wmi: Add events created by Dell Rugged 2-in-1s The Dell Rugged 7202 has 3 programmable buttons (labeled P1, P2, P3) and a detachable keyboard/mouse dock. Signed-off-by: Mario Limonciello Reviewed-by: Andy Shevchenko Signed-off-by: Andy Shevchenko drivers/platform/x86/dell-wmi.c | 10 ++++++++++ 1 file changed, 10 insertions(+) commit 915ac0574c85e4202a4ede961d9e1230b1cca06f Author: Mario Limonciello Date: Thu Jul 28 12:53:47 2016 -0500 platform/x86: dell-wmi: Adjust wifi catcher to emit KEY_WLAN Wifi catcher is a slider switch, that when slid past the on position will emit an event that is intended for launching a wifi application or applet when the machine is turned on. Signed-off-by: Mario Limonciello Signed-off-by: Andy Shevchenko drivers/platform/x86/dell-wmi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit daf5d1433d6697ec8786604c30f69b2f9d4c7978 Author: Rajneesh Bhardwaj Date: Fri Oct 7 16:01:17 2016 +0530 platform/x86: intel_pmc_core: Add KBL CPUID support This patch adds Kabylake CPU support for pmc_core driver. Signed-off-by: Rajneesh Bhardwaj Signed-off-by: Darren Hart drivers/platform/x86/intel_pmc_core.c | 4 ++++ 1 file changed, 4 insertions(+) commit 9c2ee19987ef02fe3dbe507d81ff5c7dd5bb4f21 Author: Rajneesh Bhardwaj Date: Fri Oct 7 16:01:16 2016 +0530 platform/x86: intel_pmc_core: Add LTR IGNORE debug feature SPT LTR_IGN register provides a means to make the PMC ignore the LTR values reported by the individual PCH devices. echo > /sys/kernel/debug/pmc_core/ltr_ignore. When a particular IP Offset bit is set the PMC will ignore the LTR value reported by the corresponding IP when the PMC performs the latency coalescing. IP Offset IP Name 0 SPA 1 SPB 2 SATA 3 GBE 4 XHCI 5 RSVD 6 ME 7 EVA 8 SPC 9 Azalia/ADSP 10 RSVD 11 LPSS 12 SPD 13 SPE 14 Camera 15 ESPI 16 SCC 17 ISH Signed-off-by: Rajneesh Bhardwaj [dvhart: pmc_core_ltr_ignore_write local declaration order cleanup] Signed-off-by: Darren Hart drivers/platform/x86/intel_pmc_core.c | 57 ++++++++++++++++++++++++++++++++++- drivers/platform/x86/intel_pmc_core.h | 2 ++ 2 files changed, 58 insertions(+), 1 deletion(-) commit fe748227570107abaa4767c39be3eff934bdaf5c Author: Rajneesh Bhardwaj Date: Fri Oct 7 16:01:15 2016 +0530 platform/x86: intel_pmc_core: Add MPHY PLL clock gating status ModPhy Common lanes can provide the clock gating status for the important system PLLs such as Gen2 USB3PCIE2 PLL, DMIPCIE3 PLL, SATA PLL and MIPI PLL. On SPT, in addition to the crystal oscillator clock, the 100Mhz Gen2 USB3PCI2 PLL clock is used as the PLL reference clock and Gen2 PLL idling is a necessary condition for the platform to go into low power states like PC10 and S0ix. Signed-off-by: Rajneesh Bhardwaj Signed-off-by: Darren Hart drivers/platform/x86/intel_pmc_core.c | 63 ++++++++++++++++++++++++++++++++++- drivers/platform/x86/intel_pmc_core.h | 7 ++++ 2 files changed, 69 insertions(+), 1 deletion(-) commit 173943b3dae570d705e3f5237110a64a28c0bf74 Author: Rajneesh Bhardwaj Date: Fri Oct 7 16:01:14 2016 +0530 platform/x86: intel_pmc_core: ModPhy core lanes pg status The PCH implements a number of High Speed I/O (HSIO) lanes that are split between PCIe*, USB 3.0, SATA, GbE, USB OTG and SSIC. This patch shows the current power gating status of the available ModPhy Core lanes. This is done by sending a message to the PMC (MTPMC) that contains the XRAM register offset for the MPHY_CORE_STS_0 and MPHY_CORE_STS_1 and then by reading the response sent by the PMC (MFPMC). While enabling low power modes we often encounter situations when the ModPhy lanes are not power gated and it becomes hard to debug which lane is active and which is not in the absence of an external hardware debugger (JTAG/ITP). This patch eliminates the dependency on an external hardware debugger for reading the ModPhy Lanes power gating status. This patch requires PMC_READ_DISABLE setting to be disabled in the platform bios. cat /sys/kernel/debug/pmc_core/mphy_lanes_power_gating_status Signed-off-by: Rajneesh Bhardwaj Signed-off-by: Darren Hart drivers/platform/x86/intel_pmc_core.c | 145 +++++++++++++++++++++++++++++++++- drivers/platform/x86/intel_pmc_core.h | 31 ++++++++ 2 files changed, 175 insertions(+), 1 deletion(-) commit 0bdfaf429d1da662742708153bf8cc945bf4904b Author: Rajneesh Bhardwaj Date: Fri Oct 7 16:01:13 2016 +0530 platform/x86: intel_pmc_core: Add PCH IP Power Gating Status This patch adds the support for reading the power gating status of various devices present on Sunrise Point PCH. This is intended to be used for debugging purpose while tuning the platform for power optimizations and also to understand which devices (on PCH) are blocking the system to enter a low power state. Power Management Controller on Sunrise Point PCH provides access to "PGD PFET Enable Ack Status Registers (ppfear)". This patch reads and decodes this register and dumps the output in formatted manner showing various devices present on the PCH and their "Power Gating" status. Further documentation can be found in Intel 7th Gen Core family mobile u/y processor io datasheet volume 2. Sample output (stripped and not in order): cat /sys/kernel/debug/pmc_core/pch_ip_power_gating_status PMC State: Not Power gated OPI-DMI State: Not Power gated XHCI State: Power gated LPSS State: Power gated CSME_PSF State: Not power gated Signed-off-by: Rajneesh Bhardwaj Signed-off-by: Darren Hart drivers/platform/x86/intel_pmc_core.c | 122 ++++++++++++++++++++++++++++++++-- drivers/platform/x86/intel_pmc_core.h | 67 +++++++++++++++++++ 2 files changed, 184 insertions(+), 5 deletions(-) commit 8434709ba71473f75572245c247d3c1e92509cf3 Author: Rajneesh Bhardwaj Date: Fri Oct 7 16:01:12 2016 +0530 platform/x86: intel_pmc_core: Fix PWRMBASE mask and mmio reg len On Sunrise Point PCH, the Power Management Controller provides 4K bytes of memory space for various power management and debug registers. This fix is needed to access power management & debug registers that are mapped at a higher offset. Also, this provides a fix for correctly masking the PWRMBASE as the initial bits (0-11) are reserved. Signed-off-by: Rajneesh Bhardwaj Signed-off-by: Darren Hart drivers/platform/x86/intel_pmc_core.c | 1 + drivers/platform/x86/intel_pmc_core.h | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) commit 5241b1938a4d33eee3d3b43f23067c8e5b96db45 Author: Lee, Chun-Yi Date: Tue Nov 1 12:30:58 2016 +0800 platform/x86: acer-wmi: Only supports AMW0_GUID1 on acer family The AMW0_GUID1 wmi is not only found on Acer family but also other machines like Lenovo, Fujitsu and Medion. In the past, acer-wmi handled those non-Acer machines by quirks list. But actually acer-wmi driver was loaded on any machine that had AMW0_GUID1. This behavior is strange because those machines should be supported by appropriate wmi drivers. e.g. fujitsu-laptop, ideapad-laptop. This patch adds the logic to check the machine that has AMW0_GUID1 should be in Acer/Packard Bell/Gateway white list. But, it still keeps the quirk list of those supported non-acer machines for backward compatibility. Tested-by: Bjørn Mork Signed-off-by: Lee, Chun-Yi Signed-off-by: Darren Hart drivers/platform/x86/acer-wmi.c | 56 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) commit 7079efc9d3e7f1f7cdd34082ec58209026315057 Merge: edc5f44 2386007 Author: Linus Torvalds Date: Tue Dec 13 09:27:24 2016 -0800 Merge tag 'fbdev-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/tomba/linux Pull fbdev update from Tomi Valkeinen: "No one has stepped up to take the job, so I've marked fbdev as orphan" * tag 'fbdev-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/tomba/linux: fbdev: remove current maintainer commit edc5f445a681a6f2522c36a4860f10ad457ab00e Merge: 22d8262 2b8bb1d Author: Linus Torvalds Date: Tue Dec 13 09:23:56 2016 -0800 Merge tag 'vfio-v4.10-rc1' of git://github.com/awilliam/linux-vfio Pull VFIO updates from Alex Williamson: - VFIO updates for v4.10 primarily include a new Mediated Device interface, which essentially allows software defined devices to be exposed to users through VFIO. The host vendor driver providing this virtual device polices, or mediates user access to the device. These devices often incorporate portions of real devices, for instance the primary initial users of this interface expose vGPUs which allow the user to map mediated devices, or mdevs, to a portion of a physical GPU. QEMU composes these mdevs into PCI representations using the existing VFIO user API. This enables both Intel KVM-GT support, which is also expected to arrive into Linux mainline during the v4.10 merge window, as well as NVIDIA vGPU, and also Channel I/O devices (aka CCW devices) for s390 virtualization support. (Kirti Wankhede, Neo Jia) - Drop unnecessary uses of pcibios_err_to_errno() (Cao Jin) - Fixes to VFIO capability chain handling (Eric Auger) - Error handling fixes for fallout from mdev (Christophe JAILLET) - Notifiers to expose struct kvm to mdev vendor drivers (Jike Song) - type1 IOMMU model search fixes (Kirti Wankhede, Neo Jia) * tag 'vfio-v4.10-rc1' of git://github.com/awilliam/linux-vfio: (30 commits) vfio iommu type1: Fix size argument to vfio_find_dma() in pin_pages/unpin_pages vfio iommu type1: Fix size argument to vfio_find_dma() during DMA UNMAP. vfio iommu type1: WARN_ON if notifier block is not unregistered kvm: set/clear kvm to/from vfio_group when group add/delete vfio: support notifier chain in vfio_group vfio: vfio_register_notifier: classify iommu notifier vfio: Fix handling of error returned by 'vfio_group_get_from_dev()' vfio: fix vfio_info_cap_add/shift vfio/pci: Drop unnecessary pcibios_err_to_errno() MAINTAINERS: Add entry VFIO based Mediated device drivers docs: Sample driver to demonstrate how to use Mediated device framework. docs: Sysfs ABI for mediated device framework docs: Add Documentation for Mediated devices vfio: Define device_api strings vfio_platform: Updated to use vfio_set_irqs_validate_and_prepare() vfio_pci: Updated to use vfio_set_irqs_validate_and_prepare() vfio: Introduce vfio_set_irqs_validate_and_prepare() vfio_pci: Update vfio_pci to use vfio_info_add_capability() vfio: Introduce common function to add capabilities vfio iommu: Add blocking notifier to notify DMA_UNMAP ... commit 22d8262c33e52b10a4c442b04a2388b4bc589ee4 Merge: 52281b3 215e2aa Author: Linus Torvalds Date: Tue Dec 13 09:22:21 2016 -0800 Merge tag 'gcc-plugins-v4.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux Pull gcc plugins updates from Kees Cook: "Minor changes to the gcc plugins: - add the gcc plugins Makefile to MAINTAINERS to route things correctly - hide cyc_complexity behind !CONFIG_TEST for the future unhiding of plugins generally" * tag 'gcc-plugins-v4.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: gcc-plugins: Adjust Kconfig to avoid cyc_complexity MAINTAINERS: add GCC plugins Makefile commit 52281b38bc28e188a8aad17c3bf200e670a37aba Merge: daf3471 fc46d4e Author: Linus Torvalds Date: Tue Dec 13 09:16:11 2016 -0800 Merge tag 'pstore-v4.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux Pull pstore updates from Kees Cook: "Improvements and fixes to pstore subsystem: - add additional checks for bad platform data - remove bounce buffer in console writer - protect read/unlink race with a mutex - correctly give up during dump locking failures - increase ftrace bandwidth by splitting ftrace buffers per CPU" * tag 'pstore-v4.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux: ramoops: add pdata NULL check to ramoops_probe pstore: Convert console write to use ->write_buf pstore: Protect unlink with read_mutex pstore: Use global ftrace filters for function trace filtering ftrace: Provide API to use global filtering for ftrace ops pstore: Clarify context field przs as dprzs pstore: improve error report for failed setup pstore: Merge per-CPU ftrace records into one pstore: Add ftrace timestamp counter ramoops: Split ftrace buffer space into per-CPU zones pstore: Make ramoops_init_przs generic for other prz arrays pstore: Allow prz to control need for locking pstore: Warn on PSTORE_TYPE_PMSG using deprecated function pstore: Make spinlock per zone instead of global pstore: Actually give up during locking failure commit 5f52a2c512a55500349aa261e469d099ede0f256 Merge: 7c4c71a 2a7bf53 Author: Chris Mason Date: Tue Dec 13 09:14:42 2016 -0800 Merge branch 'for-chris-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/fdmanana/linux into for-linus-4.10 Patches queued up by Filipe: The most important change is still the fix for the extent tree corruption that happens due to balance when qgroups are enabled (a regression introduced in 4.7 by a fix for a regression from the last qgroups rework). This has been hitting SLE and openSUSE users and QA very badly, where transactions keep getting aborted when running delayed references leaving the root filesystem in RO mode and nearly unusable. There are fixes here that allow us to run xfstests again with the integrity checker enabled, which has been impossible since 4.8 (apparently I'm the only one running xfstests with the integrity checker enabled, which is useful to validate dirtied leafs, like checking if there are keys out of order, etc). The rest are just some trivial fixes, most of them tagged for stable, and two cleanups. Signed-off-by: Chris Mason commit daf34710a9e8849e04867d206692dc42d6d22263 Merge: 9346116 0de2788 Author: Linus Torvalds Date: Tue Dec 13 09:03:52 2016 -0800 Merge tag 'edac_for_4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/bp/bp Pull EDAC updates from Borislav Petkov: - add KNM support to sb_edac (Piotr Luc) - add AMD Zen support to amd64_edac (Yazen Ghannam) - misc small cleanups, improvements and fixes (Colin Ian King, Dave Hansen, Pan Bian, Thor Thayer, Wei Yongjun, Yanjiang Jin, yours truly) * tag 'edac_for_4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/bp/bp: (26 commits) EDAC, amd64: Fix improper return value EDAC, amd64: Improve amd64-specific printing macros EDAC, amd64: Autoload amd64_edac_mod on Fam17h systems EDAC, amd64: Define and register UMC error decode function EDAC, amd64: Determine EDAC capabilities on Fam17h systems EDAC, amd64: Determine EDAC MC capabilities on Fam17h EDAC, amd64: Add Fam17h debug output EDAC, amd64: Add Fam17h scrubber support EDAC, mce_amd: Don't report poison bit on Fam15h, bank 4 EDAC, amd64: Read MC registers on AMD Fam17h EDAC, amd64: Reserve correct PCI devices on AMD Fam17h EDAC, amd64: Add AMD Fam17h family type and ops EDAC, amd64: Extend ecc_enabled() to Fam17h EDAC, amd64: Don't force-enable ECC checking on newer systems EDAC, amd64: Add Deferred Error type EDAC, amd64: Rename __log_bus_error() to be more specific EDAC, amd64: Change target of pci_name from F2 to F3 EDAC, mce_amd: Rename nb_bus_decoder to dram_ecc_decoder EDAC: Add LRDDR4 DRAM type EDAC, mpc85xx: Implement remove method for the platform driver ... commit 9346116d148595a28fe3521f81ac8e14d93239c3 Merge: b8d2798 0faf7dd Author: Linus Torvalds Date: Tue Dec 13 09:00:28 2016 -0800 Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux Pull thermal management updates from Zhang Rui: - Thermal core code reorganization and cleanup. Two new files are created for thermal sysfs I/F code and thermal helper functions (Eduardo Valentin). - Sanitize hotplug and locking for x86_pkg_temp driver (Thomas Gleixner) - Update MAINTAINER file for pwm-fan driver and Samsung thermal driver (Lukasz Majewski) - Fix module auto-load for max77620, tango and db8500 thermal driver (Javier Martinez Canillas) - Fix a bug that thermal hwmon sysfs I/F returns wrong critical trip point temperature value (Krzysztof Kozlowski) - Add Skylake PCH 100 series support for intel_pch_thermal driver (OGAWA Hirofumi) - Small fixes and cleanups for platform thermal drivers (Julia Lawall, Luis Henriques, Leo Yan, Stephen Boyd, Shawn Lin, Javi Merino and Lukasz Luba) * 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux: (76 commits) MAINTAINERS: Samsung: Update maintainer for PWM FAN and SAMSUNG THERMAL thermal/x86 pkg temp: Convert to hotplug state machine thermal/x86_pkg_temp: Sanitize package management thermal/x86_pkg_temp: Move work into package struct thermal/x86_pkg_temp: Move work scheduled flag into package struct thermal/x86_pkg_temp: Sanitize locking thermal/x86_pkg_temp: Cleanup code some more thermal/x86_pkg_temp: Cleanup namespace thermal/x86_pkg_temp: Get rid of ref counting thermal/x86_pkg_temp: Sanitize callback (de)initialization thermal/x86_pkg_temp: Replace open coded cpu search thermal/x86_pkg_temp: Remove redundant package search thermal/x86_pkg_temp: Cleanup thermal interrupt handling thermal: hwmon: Properly report critical temperature in sysfs devfreq_cooling: pass a pointer to devfreq in the power model callbacks devfreq_cooling: make the structs devfreq_cooling_xxx visible for all dt-bindings: rockchip-thermal: fix the misleading description thermal: rockchip: improve the warning log thermal: db8500: Fix module autoload thermal: tango: Fix module autoload ... commit b8d2798f32785398fcd1c48ea80c0c6c5ab88537 Merge: 9612881 2aab7a2 Author: Linus Torvalds Date: Tue Dec 13 08:54:27 2016 -0800 Merge tag 'clk-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux Pull clk updates from Stephen Boyd: "This is a fairly quiet release. We don't have any patches to the core framework. The only patch that can even be considered "core" adds another clk_get() variant. The rest of the changes are in drivers for various SoCs, and we have a few bits for ARM shmobile architecture code (dts and mach) due to the dependency we're breaking between shmobile architecture code and its clk driver. Those shmobile bits have also been pulled into arm-soc tree. Here's the summary: Core: - Support for devm_get_clk_from_child() used with DT bindings that have subnodes with the 'clocks' property New Drivers: - Allwinner A64 (sun50i) - i.MX imx6ull - Socionext's UniPhier SoC CPUs - Mediatek MT2701 SoCs - Rockchip rk1108 SoCs - Qualcomm MSM8994/MSM8992 SoCS - Qualcomm RPM Clocks - Hisilicon Hi3516CV300 and Hi3798CV200 CRG - Oxford Semiconductor OX820 and OX810SE SoCs - Renesas RZ/G1M and RZ/GIE SoCs - Renesas R-Car RST driver for mode pin states Updates: - Four Allwinner SoCs are migrated to the new style clk driver - Rockchip rk3399,rk3066 PLL optimizations - i.MX LVDS display glitch fixes and AV PLL precision improvements - Qualcomm MSM8996 GPU GDSCs, hw controlled GDSCs, and Alpha PLL support - Explicit demodularization of always builtin drivers - Freescale Qoriq ls1012a and ls1046a support - Exynos 5433 parent typo fix and critical clock tagging - Renesas r8a7743/r8a7745 CPG - Renesas R-Car M3-W CSI2/VIN/SYS-DMAC/(H)SCIF/I2C/DRIF/gfx support - stm32f4* LSI, LSE, RTC, and QSPI clocks - pxa27x and pxa25x cpufreq as clks - TI omap36xx sprz319 advisory 2.1 workaround - Broadcom bcm2835 rate change propogation to PLLH_AUX from VEC" * tag 'clk-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/clk/linux: (150 commits) clk: bcm: Fix 'maybe-uninitialized' warning in bcm2835_clock_choose_div_and_prate() clk: add devm_get_clk_from_child() API clk: st: clk-flexgen: Unmap region obtained by of_iomap clk: keystone: pll: Unmap region obtained by of_iomap clk:mmp:clk-of-mmp2: Free memory and Unmap region obtained by kzalloc and of_iomap clk:mmp:clk-of-pxa910: Free memory and Unmap region obtained by kzmalloc and of_iomap clk: mmp: clk-of-pxa1928: Free memory obtained by kzalloc clk: cdce925: Fix limit check clk: bcm: Make COMMON_CLK_IPROC into a library clk: qoriq: added ls1012a clock configuration clk: ti: dra7: fix "failed to lookup clock node gmac_gmii_ref_clk_div" boot message clk: bcm: Allow rate change propagation to PLLH_AUX on VEC clock clk: bcm: Support rate change propagation on bcm2835 clocks clk: bcm2835: Avoid overwriting the div info when disabling a pll_div clk clk: ti: omap36xx: Work around sprz319 advisory 2.1 clk: clk-wm831x: fix a logic error clk: uniphier: add cpufreq data for LD11, LD20 SoCs clk: uniphier: add CPU-gear change (cpufreq) support clk: qcom: Put venus core0/1 gdscs to hw control mode clk: qcom: gdsc: Add support for gdscs with HW control ... commit 961288108e26e5024801c75d0e7c8e9a2de2b02b Merge: edc57ea 5c8a934 Author: Linus Torvalds Date: Tue Dec 13 08:52:45 2016 -0800 Merge tag 'rpmsg-v4.10' of git://github.com/andersson/remoteproc Pull rpmsg updates from Bjorn Andersson: "Argument validation in public functions, function stubs for COMPILE_TEST-ing clients, preparation for exposing rpmsg endponts to user space and minor Qualcomm SMD fixes" * tag 'rpmsg-v4.10' of git://github.com/andersson/remoteproc: dt-binding: soc: qcom: smd: Add label property rpmsg: qcom_smd: Correct return value for O_NONBLOCK rpmsg: Provide function stubs for API rpmsg: Handle invalid parameters in public API rpmsg: Support drivers without primary endpoint rpmsg: Introduce a driver override mechanism rpmsg: smd: Reduce restrictions when finding channel commit edc57ea92cb838e1d04529cb9002097ad6da8a4b Merge: 5233c33 e2a32b6 Author: Linus Torvalds Date: Tue Dec 13 08:49:12 2016 -0800 Merge tag 'rproc-v4.10' of git://github.com/andersson/remoteproc Pull remoteproc updates from Bjorn Andersson: - introduce remoteproc "subdevice" support, which allows remoteproc driver to associate devices to the "running" state of the remoteproc, allowing devices to be probed and removed as the remote processor is booted, shut down or recovering from a crash. - handling of virtio device resources was improved, vring memory is now allocated as part of other memory allocation. This ensures that all vrings for all virtio devices are allocated before we boot the remote processor. - the debugfs mechanism for starting and stopping remoteproc instances was replaced with a sysfs interface, also providing a mechanism for specifying firmware to use by the instance. This allows user space to load and boot use case specific firmware on remote processors. - new drivers for the ST Slimcore and Qualcomm Hexagon DSP as well as removal of the unused StE modem loader. - finally support for crash recovery in the Qualcomm Wirelss subsystem (used for WiFi/BT/FM on a number of platforms) and a number of bug fixes and cleanups * tag 'rproc-v4.10' of git://github.com/andersson/remoteproc: (49 commits) remoteproc: qcom_adsp_pil: select qcom_scm remoteproc: Drop wait in __rproc_boot() remoteproc/ste: Delete unused driver remoteproc: Remove "experimental" warning remoteproc: qcom_adsp_pil: select qcom_scm dt-binding: soc: qcom: smd: Add label property remoteproc: qcom: mdt_loader: add include for sizes remoteproc: Update last rproc_put users to rproc_free remoteproc: qcom: adsp: Add missing MODULE_DEVICE_TABLE remoteproc: wcnss-pil: add QCOM_SMD dependency dmaengine: st_fdma: Revert: "Revert: Update st_fdma to 'depends on REMOTEPROC'" remoteproc: Add support for xo clock remoteproc: adsp-pil: fix recursive dependency remoteproc: Introduce Qualcomm ADSP PIL dt-binding: remoteproc: Introduce ADSP loader binding remoteproc: qcom_wcnss: Fix circular module dependency remoteproc: Merge table_ptr and cached_table pointers remoteproc: Remove custom vdev handler list remoteproc: Update max_notifyid as we allocate vrings remoteproc: Decouple vdev resources and devices ... commit 5233c331cfb41433bc167fc7c70ea67c1133ffec Merge: 58f253d ff6af28 Author: Linus Torvalds Date: Tue Dec 13 08:34:11 2016 -0800 Merge tag 'mmc-v4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc Pull MMC updates from Ulf Hansson: "It's been an busy period for mmc. Quite some changes in the mmc core, two new mmc host drivers, some existing drivers being extended to support new IP versions and lots of other updates. MMC core: - Delete eMMC packed command support - Introduce mmc_abort_tuning() to enable eMMC tuning to fail gracefully - Introduce mmc_can_retune() to see if a host can be retuned - Re-work and improve the sequence when sending a CMD6 for mmc - Enable CDM13 polling when switching to HS and HS DDR mode for mmc - Relax checking for CMD6 errors after switch to HS200 - Re-factoring the code dealing with the mmc block queue - Recognize whether the eMMC card supports CMDQ - Fix 4K native sector check - Don't power off the card when starting the host - Increase MMC_IOC_MAX_BYTES to support bigger firmware binaries - Improve error handling and drop meaningless BUG_ONs() - Lots of clean-ups and changes to improve the quality of the code MMC host: - sdhci: Fix tuning sequence and clean-up the related code - sdhci: Add support to via DT override broken SDHCI cap register bits - sdhci-cadence: Add new driver for Cadence SD4HC SDHCI variant - sdhci-msm: Update clock management - sdhci-msm: Add support for eMMC HS400 mode - sdhci-msm: Deploy runtime/system PM support - sdhci-iproc: Extend driver support to newer IP versions - sdhci-pci: Add support for Intel GLK - sdhci-pci: Add support for Intel NI byt sdio - sdhci-acpi: Add support for 80860F14 UID 2 SDIO bus - sdhci: Lots of various small improvements and clean-ups - tmio: Add support for tuning - sh_mobile_sdhi: Add support for tuning - sh_mobile_sdhi: Extend driver to support SDHI IP on R7S72100 SoC - sh_mobile_sdhi: remove support for sh7372 - davinci: Use mmc_of_parse() to enable generic mmc DT bindings - meson: Add new driver to support GX platforms - dw_mmc: Deploy generic runtime/system PM support - dw_mmc: Lots of various small improvements As a part of the mmc changes this time, I have also pulled in an immutable branch/tag (soc-device-match-tag1) hosted by Geert Uytterhoeven, to share the implementation of the new soc_device_match() interface. This is needed by these mmc related changes: - mmc: sdhci-of-esdhc: Get correct IP version for T4240-R1.0-R2.0 - soc: fsl: add GUTS driver for QorIQ platforms" * tag 'mmc-v4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/ulfh/mmc: (136 commits) mmc: sdhci-cadence: add Cadence SD4HC support mmc: sdhci: export sdhci_execute_tuning() mmc: sdhci: Tidy tuning loop mmc: sdhci: Simplify tuning block size logic mmc: sdhci: Factor out tuning helper functions mmc: sdhci: Use mmc_abort_tuning() mmc: mmc: Introduce mmc_abort_tuning() mmc: sdhci: Always allow tuning to fall back to fixed sampling mmc: sdhci: Fix tuning reset after exhausting the maximum number of loops mmc: sdhci: Fix recovery from tuning timeout Revert "mmc: sdhci: Reset cmd and data circuits after tuning failure" mmc: mmc: Relax checking for switch errors after HS200 switch mmc: sdhci-acpi: support 80860F14 UID 2 SDIO bus mmc: sdhci-of-at91: remove bogus MMC_SDHCI_IO_ACCESSORS select mmc: sdhci-pci: Use ACPI to get max frequency for Intel NI byt sdio mmc: sdhci-pci: Add PCI ID for Intel NI byt sdio mmc: sdhci-s3c: add spin_unlock_irq() before calling clk_round_rate mmc: dw_mmc: display the clock message only one time when card is polling mmc: dw_mmc: add the debug message for polling and non-removable mmc: dw_mmc: check the "present" variable before checking flags ... commit 58f253d26254b7ec0faa0a67d70912facd6687e4 Merge: 96955c9 d00b746 Author: Linus Torvalds Date: Tue Dec 13 08:31:04 2016 -0800 Merge tag 'regulator-v4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator Pull regulator updates from Mark Brown: "A quiet release for the regulator API, conference season must've been slowing everyone down: - a new interface allowing drivers to provide an interface for reading a more detailed description of error conditions which allows devices using these regulators to build - ACPI support for the fixed voltage regulator. - cleanups for the TI TWL drivers to reduce code duplication" * tag 'regulator-v4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regulator: (24 commits) regulator: tps65086: Fix 25mV ranges for BUCK regulators 1, 2, and 6 regulator: Fix regulator_get_error_flags() signature mismatch regulator: core: add newline in debug message regulator: tps65086: Fix 25mV ranges for BUCK regulators regulator: core: Correct type of mode in regulator_mode_constrain regulator: max77620: add documentation for MPOK property regulator: max77620: add support to configure MPOK regulator: twl6030: Remove unused fields from struct twlreg_info regulator: twl: Remove unused fields from struct twlreg_info regulator: twl: split twl6030 logic into its own file regulator: twl: kill unused functions regulator: twl: make driver DT only regulator: twl-regulator: rework fixed regulator definition regulator: max77620: remove unused variable regulator: pwm: Add missing quotes to DT example regulator: stw481x-vmmc: fix ages old enable error regulator: gpio: properly check return value of of_get_named_gpio regulator: lp873x: Add support for populating input supply regulator: axp20x: Fix axp809 ldo_io registration error on cold boot regulators: helpers: Fix handling of bypass_val_on in get_bypass_regmap ... commit 96955c9682051e70f06103f0d96e26d2f35f4910 Merge: 1f0a53f daaadbf Author: Linus Torvalds Date: Tue Dec 13 08:29:30 2016 -0800 Merge tag 'regmap-v4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regmap Pull regmap fixlet from Mark Brown: "The only change for regmap this merge window is a single fix for an unused variable" * tag 'regmap-v4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/regmap: regmap: cache: Remove unused 'blksize' variable commit 3dbb16b87b57bb1088044ad2a0432e4769075002 Author: Masami Hiramatsu Date: Fri Nov 25 21:58:48 2016 +0900 selftests: ftrace: Shift down default message verbosity Shift down default message verbosity, where it does not show error results in stdout by default. Since that behavior is the same as giving the --quiet option, this patch removes --quiet and makes --verbose increasing verbosity. In other words, this changes verbosity options as below. ftracetest -q -> ftracetest ftracetest -> ftracetest -v ftracetest -v -> ftracetest -v -v (or -vv) Link: http://lkml.kernel.org/r/148007872763.5917.15256235993753860592.stgit@devbox Acked-by: Shuah Khan Signed-off-by: Masami Hiramatsu Signed-off-by: Steven Rostedt tools/testing/selftests/ftrace/ftracetest | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) commit 1f0a53f623b675e856554f2bb1d6b630ea78125d Merge: 20d5ba4 44b3e31 Author: Linus Torvalds Date: Tue Dec 13 08:01:19 2016 -0800 Merge tag 'leds_for_4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/j.anaszewski/linux-leds Pull LED updates from Jacek Anaszewski: - userspace LED class driver - it can be useful for testing triggers and can also be used to implement virtual LEDs - LED class driver for NIC78bx device - LED core fixes for preventing potential races while setting brightness when software blinking is enabled - improvements in LED documentation to mention semantics on changing brightness while trigger is active * tag 'leds_for_4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/j.anaszewski/linux-leds: leds: pca955x: Add ACPI support leds: netxbig: fix module autoload for OF registration leds: pca963x: Add ACPI support leds: leds-cobalt-raq: use builtin_platform_driver led: core: Fix blink_brightness setting race led: core: Use atomic bit-field for the blink-flags leds: Add user LED driver for NIC78bx device leds: verify vendor and change license in mlxcpld driver leds: pca963x: enable low-power state leds: pca9532: Use default trigger value from platform data leds: pca963x: workaround group blink scaling issue cleanup LED documentation and make it match reality leds: lp3952: Export I2C module alias information for module autoload leds: mc13783: Fix MC13892 keypad led access ledtrig-cpu.c: fix english leds/leds-lp5523.txt: make documentation match reality tools/leds: Add uledmon program for monitoring userspace LEDs leds: Use macro for max device node name size leds: Introduce userspace LED class driver mfd: qcom-pm8xxx: Clean up PM8XXX namespace commit 20d5ba4928ceb79b919092c939ae4ef4d88807bd Merge: 061ad50 f821444 Author: Linus Torvalds Date: Tue Dec 13 07:59:10 2016 -0800 Merge tag 'pinctrl-v4.10-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl Pull pinctrl updates from Linus Walleij: "Bulk pin control changes for the v4.10 kernel cycle: No core changes this time. Mainly gradual improvement and feature growth in the drivers. New drivers: - New driver for TI DA850/OMAP-L138/AM18XX pinconf - The SX150x was moved over from the GPIO subsystem and reimagined as a pin control driver with GPIO support in a joint effort by three independent users of this hardware. The result was amazingly good! - New subdriver for the Oxnas OX820 Improvements: - The sunxi driver now supports the generic pin control bindings rather than the sunxi-specific. Add debouncing support to the driver. - Simplifications in pinctrl-single adding a generic parser. - Two downstream fixes and move the Raspberry Pi BCM2835 over to use the generic GPIOLIB_IRQCHIP" * tag 'pinctrl-v4.10-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl: (92 commits) pinctrl: sx150x: use new nested IRQ infrastructure pinctrl: sx150x: handle missing 'advanced' reg in sx1504 and sx1505 pinctrl: sx150x: rename 'reg_advance' to 'reg_advanced' pinctrl: sx150x: access the correct bits in the 4-bit regs of sx150[147] pinctrl: mt8173: set GPIO16 to usb iddig mode pinctrl: bcm2835: switch to GPIOLIB_IRQCHIP pinctrl: New driver for TI DA850/OMAP-L138/AM18XX pinconf devicetree: bindings: pinctrl: Add binding for ti,da850-pupd Documentation: pinctrl: palmas: Add ti,palmas-powerhold-override property definition pinctrl: intel: set default handler to be handle_bad_irq() pinctrl: sx150x: add support for sx1501, sx1504, sx1505 and sx1507 pinctrl: sx150x: sort chips by part number pinctrl: sx150x: use correct registers for reg_sense (sx1502 and sx1508) pinctrl: imx: fix imx_pinctrl_desc initialization pinctrl: sx150x: support setting multiple pins at once pinctrl: sx150x: various spelling fixes and some white-space cleanup pinctrl: mediatek: use builtin_platform_driver pinctrl: stm32: use builtin_platform_driver pinctrl: sunxi: Testing the wrong variable pinctrl: nomadik: split up and comments MC0 pins ... commit 061ad5038ca5ac75419204b216bddc2806008ead Merge: e7aa8c2 acf1fcf Author: Linus Torvalds Date: Tue Dec 13 07:54:57 2016 -0800 Merge tag 'gpio-v4.10-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio Pull GPIO updates from Luinus Walleij: "Bulk GPIO changes for the v4.10 kernel cycle: Core changes: - Simplify threaded interrupt handling: instead of passing numbed parameters to gpiochip_irqchip_add_chained() we create a new call: gpiochip_irqchip_add_nested() so the two types are clearly semantically different. Also make sure that all nested chips call gpiochip_set_nested_irqchip() which is necessary for IRQ resend to work properly if it happens. - Return error on seek operations for the chardev. - Clamp values set as part of gpio[d]_direction_output() so that anything != 0 will be send down to the driver as "1" not the value passed in. - ACPI can now support naming of GPIO lines, hogs and holes in the GPIO lists. New drivers: - The SX150x driver was deemed unfit for the GPIO subsystem and was moved over to a combined GPIO+pinctrl driver in the pinctrl subsystem. New features: - Various cleanups to various drivers" * tag 'gpio-v4.10-1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-gpio: (49 commits) gpio: merrifield: Implement gpio_get_direction callback gpio: merrifield: Add support for hardware debouncer gpio: chardev: Return error for seek operations gpio: arizona: Tidy up probe error path gpio: arizona: Remove pointless set of platform drvdata gpio: pl061: delete platform data handling gpio: pl061: move platform data into driver gpio: pl061: rename variable from chip to pl061 gpio: pl061: rename state container struct gpio: pl061: use local state for parent IRQ storage gpio: set explicit nesting on drivers gpio: simplify adding threaded interrupts gpio: vf610: use builtin_platform_driver gpio: axp209: use correct register for GPIO input status gpio: stmpe: fix interrupt handling bug gpio: em: depnd on ARCH_SHMOBILE gpio: zx: depend on ARCH_ZX gpio: x86: update config dependencies for x86 specific hardware gpio: mb86s7x: use builtin_platform_driver gpio: etraxfs: use builtin_platform_driver ... commit a220871be66f99d8957c693cf22ec67ecbd9c23a Author: Jason Wang Date: Tue Dec 13 14:23:05 2016 +0800 virtio-net: correctly enable multiqueue Commit 4490001029012539937ff02778fe6180613fa949 ("virtio-net: enable multiqueue by default") blindly set the affinity instead of queues during probe which can cause a mismatch of #queues between guest and host. This patch fixes it by setting queues. Reported-by: Theodore Ts'o Tested-by: Theodore Ts'o Cc: Neil Horman Cc: Michael S. Tsirkin Fixes: 49000102901 ("virtio-net: enable multiqueue by default") Signed-off-by: Jason Wang Acked-by: Michael S. Tsirkin Signed-off-by: David S. Miller drivers/net/virtio_net.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 385886686609dbdcd2e8f55c358647faa8d4f89e Author: Richard Weinberger Date: Tue Dec 13 00:27:58 2016 +0100 ubifs: Use FS_CFLG_OWN_PAGES Commit bd7b8290388d ("fscrypt: Cleanup page locking requirements for fscrypt_{decrypt,encrypt}_page()") renamed the flag. Signed-off-by: Richard Weinberger fs/ubifs/crypto.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d8da0b5d64d58f7775a94bcf12dda50f13a76f22 Author: Cedric Izoard Date: Wed Dec 7 09:59:00 2016 +0000 mac80211: Ensure enough headroom when forwarding mesh pkt When a buffer is duplicated during MESH packet forwarding, this patch ensures that the new buffer has enough headroom. Signed-off-by: Cedric Izoard Signed-off-by: Johannes Berg net/mac80211/rx.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit ec4efc4a10c3b9a3ab4cf37dc3719fd3c4632cd0 Author: Johannes Berg Date: Tue Dec 13 09:39:18 2016 +0100 mac80211: don't call drv_set_default_unicast_key() for VLANs Since drivers know nothing about AP_VLAN interfaces, trying to call drv_set_default_unicast_key() just results in a warning and no call to the driver. Avoid the warning by not calling the driver for this on AP_VLAN interfaces. This means that drivers that somehow need this call for AP mode will fail to work properly in the presence of VLAN interfaces, but the current drivers don't seem to use it, and mac80211 will select and indicate the key - so drivers should be OK now. Reported-by: Jouni Malinen Signed-off-by: Johannes Berg net/mac80211/key.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 22f6592b23ef8a0c09283bcb13087340721e1154 Author: Bamvor Jian Zhang Date: Mon Nov 21 18:16:11 2016 +0800 selftest/gpio: add gpio test case This test script try to do whitebox testing for gpio subsystem(based on gpiolib). It manipulate gpio device through chardev or sysfs and check the result from debugfs. This script test gpio-mockup through chardev by default. User could test other gpio chip by passing the module name. Some of the testcases are turned off by default to avoid the conflicting with gpiochip in system. In details, it test the following things: 1. Test direction and output value for valid pin. 2. Test dynamic allocation of gpio base. 3. Add single, multi gpiochip to do overlap check. Run "tools/testing/selftests/gpio/gpio-mockup.sh -h" for usage. Acked-by: Shuah Khan Signed-off-by: Bamvor Jian Zhang Signed-off-by: Shuah Khan tools/testing/selftests/Makefile | 1 + tools/testing/selftests/gpio/Makefile | 23 ++ tools/testing/selftests/gpio/gpio-mockup-chardev.c | 324 +++++++++++++++++++++ tools/testing/selftests/gpio/gpio-mockup-sysfs.sh | 134 +++++++++ tools/testing/selftests/gpio/gpio-mockup.sh | 201 +++++++++++++ 5 files changed, 683 insertions(+) commit 981c3db62e2d2dfb0c5725dd55d8c3cf8ed4edd8 Author: Gustavo Padovan Date: Tue Dec 13 11:48:49 2016 -0200 selftest: sync: improve assert() failure message Print "ERROR" on all messages instead of using the not well defined terms like "BAD". Signed-off-by: Gustavo Padovan Signed-off-by: Shuah Khan tools/testing/selftests/sync/synctest.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 5716863e0f8251d3360d4cbfc0e44e08007075df Author: Jan Kara Date: Mon Dec 12 16:08:41 2016 +0100 fsnotify: Fix possible use-after-free in inode iteration on umount fsnotify_unmount_inodes() plays complex tricks to pin next inode in the sb->s_inodes list when iterating over all inodes. Furthermore the code has a bug that if the current inode is the last on i_sb_list that does not have e.g. I_FREEING set, then we leave next_i pointing to inode which may get removed from the i_sb_list once we drop s_inode_list_lock thus resulting in use-after-free issues (usually manifesting as infinite looping in fsnotify_unmount_inodes()). Fix the problem by keeping current inode pinned somewhat longer. Then we can make the code much simpler and standard. CC: stable@vger.kernel.org Signed-off-by: Jan Kara fs/notify/inode_mark.c | 45 +++++++++------------------------------------ 1 file changed, 9 insertions(+), 36 deletions(-) commit 9d85eb9119f4eeeb48e87adfcd71f752655700e9 Author: Thomas Gleixner Date: Mon Dec 12 11:04:53 2016 +0100 x86/smpboot: Make logical package management more robust The logical package management has several issues: - The APIC ids provided by ACPI are not required to be the same as the initial APIC id which can be retrieved by CPUID. The APIC ids provided by ACPI are those which are written by the BIOS into the APIC. The initial id is set by hardware and can not be changed. The hardware provided ids contain the real hardware package information. Especially AMD sets the effective APIC id different from the hardware id as they need to reserve space for the IOAPIC ids starting at id 0. As a consequence those machines trigger the currently active firmware bug printouts in dmesg, These are obviously wrong. - Virtual machines have their own interesting of enumerating APICs and packages which are not reliably covered by the current implementation. The sizing of the mapping array has been tweaked to be generously large to handle systems which provide a wrong core count when HT is disabled so the whole magic which checks for space in the physical hotplug case is not needed anymore. Simplify the whole machinery and do the mapping when the CPU starts and the CPUID derived physical package information is available. This solves the observed problems on AMD machines and works for the virtualization issues as well. Remove the extra call from XEN cpu bringup code as it is not longer required. Fixes: d49597fd3bc7 ("x86/cpu: Deal with broken firmware (VMWare/XEN)") Reported-and-tested-by: Borislav Petkov Tested-by: Boris Ostrovsky Signed-off-by: Thomas Gleixner Cc: Juergen Gross Cc: Peter Zijlstra Cc: M. Vefa Bicakci Cc: xen-devel Cc: Charles (Chas) Williams Cc: Borislav Petkov Cc: Alok Kataria Cc: stable@vger.kernel.org Link: http://lkml.kernel.org/r/alpine.DEB.2.20.1612121102260.3429@nanos Signed-off-by: Thomas Gleixner arch/x86/kernel/apic/apic.c | 15 ------------- arch/x86/kernel/cpu/common.c | 24 +++++++-------------- arch/x86/kernel/smpboot.c | 51 +++++++++++++++++--------------------------- arch/x86/xen/smp.c | 6 ------ 4 files changed, 27 insertions(+), 69 deletions(-) commit 744606c76c4a3a73eb34d21f265013426426c4b5 Author: Ley Foon Tan Date: Wed Dec 7 15:44:19 2016 +0800 nios2: add screen_info Fix build error when enable VGA console. drivers/video/console/vgacon.c:586: undefined reference to `screen_info' Signed-off-by: Ley Foon Tan arch/nios2/kernel/setup.c | 5 +++++ 1 file changed, 5 insertions(+) commit 863cf8da0f32a4c822cd9f7a2f47cd5204ce1ca0 Author: Tobias Klauser Date: Wed Nov 9 17:17:41 2016 +0800 nios2: Convert pfn_valid to static inline When compiling with 'W=1' warnings such as the following occur all over the place: ./include/linux/pfn.h:21:22: warning: comparison of unsigned expression >= 0 is always true [-Wtype-limits] which is due to ARCH_PFN_OFFSET being 0 by default (if CONFIG_NIOS2_MEM_BASE is not changed in the Kconfig). Fix these warnings by making pfn_valid a static inline function. Signed-off-by: Tobias Klauser Signed-off-by: Ley Foon Tan arch/nios2/include/asm/page.h | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) commit 3c98fd266b76e04fd59d294f2fb588cc5cb4c212 Author: Tobias Klauser Date: Wed Nov 9 15:31:00 2016 +0800 nios2: Extend !__ASSEMBLY__ section in asm/page.h Some C-only definition from nios2 asm/page.h are exposed to assembly code. Extend the !__ASSEMBLY__ section to prevent this. Signed-off-by: Tobias Klauser Acked-by: Ley Foon Tan arch/nios2/include/asm/page.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit e7aa8c2eb11ba69b1b69099c3c7bd6be3087b0ba Merge: e34bac7 868c97a Author: Linus Torvalds Date: Mon Dec 12 21:58:13 2016 -0800 Merge tag 'docs-4.10' of git://git.lwn.net/linux Pull documentation update from Jonathan Corbet: "These are the documentation changes for 4.10. It's another busy cycle for the docs tree, as the sphinx conversion continues. Highlights include: - Further work on PDF output, which remains a bit of a pain but should be more solid now. - Five more DocBook template files converted to Sphinx. Only 27 to go... Lots of plain-text files have also been converted and integrated. - Images in binary formats have been replaced with more source-friendly versions. - Various bits of organizational work, including the renaming of various files discussed at the kernel summit. - New documentation for the device_link mechanism. ... and, of course, lots of typo fixes and small updates" * tag 'docs-4.10' of git://git.lwn.net/linux: (193 commits) dma-buf: Extract dma-buf.rst Update Documentation/00-INDEX docs: 00-INDEX: document directories/files with no docs docs: 00-INDEX: remove non-existing entries docs: 00-INDEX: add missing entries for documentation files/dirs docs: 00-INDEX: consolidate process/ and admin-guide/ description scripts: add a script to check if Documentation/00-INDEX is sane Docs: change sh -> awk in REPORTING-BUGS Documentation/core-api/device_link: Add initial documentation core-api: remove an unexpected unident ppc/idle: Add documentation for powersave=off Doc: Correct typo, "Introdution" => "Introduction" Documentation/atomic_ops.txt: convert to ReST markup Documentation/local_ops.txt: convert to ReST markup Documentation/assoc_array.txt: convert to ReST markup docs-rst: parse-headers.pl: cleanup the documentation docs-rst: fix media cleandocs target docs-rst: media/Makefile: reorganize the rules docs-rst: media: build SVG from graphviz files docs-rst: replace bayer.png by a SVG image ... commit e34bac726d27056081d0250c0e173e4b155aa340 Merge: fe6bce8 39a0e97 Author: Linus Torvalds Date: Mon Dec 12 20:50:02 2016 -0800 Merge branch 'akpm' (patches from Andrew) Merge updates from Andrew Morton: - various misc bits - most of MM (quite a lot of MM material is awaiting the merge of linux-next dependencies) - kasan - printk updates - procfs updates - MAINTAINERS - /lib updates - checkpatch updates * emailed patches from Andrew Morton : (123 commits) init: reduce rootwait polling interval time to 5ms binfmt_elf: use vmalloc() for allocation of vma_filesz checkpatch: don't emit unified-diff error for rename-only patches checkpatch: don't check c99 types like uint8_t under tools checkpatch: avoid multiple line dereferences checkpatch: don't check .pl files, improve absolute path commit log test scripts/checkpatch.pl: fix spelling checkpatch: don't try to get maintained status when --no-tree is given lib/ida: document locking requirements a bit better lib/rbtree.c: fix typo in comment of ____rb_erase_color lib/Kconfig.debug: make CONFIG_STRICT_DEVMEM depend on CONFIG_DEVMEM MAINTAINERS: add drm and drm/i915 irc channels MAINTAINERS: add "C:" for URI for chat where developers hang out MAINTAINERS: add drm and drm/i915 bug filing info MAINTAINERS: add "B:" for URI where to file bugs get_maintainer: look for arbitrary letter prefixes in sections printk: add Kconfig option to set default console loglevel printk/sound: handle more message headers printk/btrfs: handle more message headers printk/kdb: handle more message headers ... commit fe6bce8d30a86c693bf7cfbf4759cbafd121289f Author: Joe Perches Date: Mon Dec 12 14:26:55 2016 -0800 treewide: Make remaining source files non-executable .c and .h source files should not be executable, change the permissions to 0644. [ This would normally go through Andrew Morton, but his ancient patch-based toolchain doesn't do permission changes ] Signed-off-by: Joe Perches Acked-by: David Howells Signed-off-by: Linus Torvalds drivers/gpu/drm/amd/include/asic_reg/dce/dce_11_2_d.h | 0 drivers/gpu/drm/amd/include/asic_reg/dce/dce_11_2_sh_mask.h | 0 drivers/gpu/drm/amd/include/cgs_common.h | 0 drivers/gpu/drm/amd/powerplay/smumgr/fiji_smumgr.c | 0 scripts/sign-file.c | 0 5 files changed, 0 insertions(+), 0 deletions(-) commit 2cf026ae85c42f253feb9f420d1b4bc99bd5503d Merge: a77a1ad 19d53d0 Author: Dave Airlie Date: Tue Dec 13 14:29:05 2016 +1000 Merge branch 'linux-4.10' of git://github.com/skeggsb/linux into drm-next - Regression fix from atomic conversion (rotation on the original G80). - Concurrency fix when clearing compression tags. - Fixes DP link training issues on GP102/4/6. - Fixes backlight handling in the presence of Apple GMUX. - Improvements to GPU error recovery in a number of scenarios. - GP106 support. * 'linux-4.10' of git://github.com/skeggsb/linux: drm/nouveau/kms/nv50: fix atomic regression on original G80 drm/nouveau/bl: Do not register interface if Apple GMUX detected drm/nouveau/bl: Assign different names to interfaces drm/nouveau/bios/dp: fix handling of LevelEntryTableIndex on DP table 4.2 drm/nouveau/ltc: protect clearing of comptags with mutex drm/nouveau/gr/gf100-: handle GPC/TPC/MPC trap drm/nouveau/core: recognise GP106 chipset drm/nouveau/ttm: wait for bo fence to signal before unmapping vmas drm/nouveau/gr/gf100-: FECS intr handling is not relevant on proprietary ucode drm/nouveau/gr/gf100-: properly ack all FECS error interrupts drm/nouveau/fifo/gf100-: recover from host mmu faults commit a77a1ad11ef3dc6dd0ae6601eb055495374bdce5 Merge: bdda9dd 585ee0f Author: Dave Airlie Date: Tue Dec 13 14:27:41 2016 +1000 Merge tag 'drm/tegra/for-4.10-rc1' of git://anongit.freedesktop.org/tegra/linux into drm-next drm/tegra: Changes for v4.10-rc1 This has a couple of fixes for IOMMU support and some fixes for error handling. * tag 'drm/tegra/for-4.10-rc1' of git://anongit.freedesktop.org/tegra/linux: drm/tegra: Set sgt pointer in BO pin drm/tegra: Support kernel mappings with IOMMU gpu: host1x: Add locking to syncpt gpu: host1x: Store device address to all bufs drm/tegra: gem: Remove some dead code drm/tegra: sor: No need to free devm_ allocated memory drm/tegra: Fix error handling drm/tegra: dpaux: Fix error handling commit bdda9dd67445707a39ebb6d2be84dfb89ef0dea1 Merge: 8a5c61f 8c31f60 Author: Dave Airlie Date: Tue Dec 13 14:26:28 2016 +1000 Merge tag 'drm/panel/for-4.10-rc1' of git://anongit.freedesktop.org/tegra/linux into drm-next drm/panel: Changes for v4.10-rc1 This adds support for a couple more panels to the simple-panel driver. There is also a fix for a long-standing bug, but it's not critical since no code will currently trigger it. * tag 'drm/panel/for-4.10-rc1' of git://anongit.freedesktop.org/tegra/linux: drm/panel: simple: Add support for AUO G185HAN01 drm/panel: simple: Add support for AUO G133HAN01 drm/panel: simple: Add more properties to Innolux G121I1-L01 drm/panel: simple: Add bits-per-component for Sharp LQ123P1JX31 drm/panel: simple: Check against num_timings when setting preferred for timing drm/panel: Add support for Chunghwa CLAA070WP03XG panel drm/panel: simple: Add NVD9128 as a simple panel drm/panel: simple: Add support for AUO T215HVN01 drm/panel: simple: Add support for Sharp LQ150X1LG11 panels dt-bindings: display: Add Sharp LQ150X1LG11 panel binding commit 8a5c61f4ffa56cf85e21bfa5777440d4a736ef7d Merge: 2601a15 6449b08 Author: Dave Airlie Date: Tue Dec 13 14:24:25 2016 +1000 Merge tag 'drm-misc-next-fixes-2016-12-10' of git://anongit.freedesktop.org/git/drm-misc into drm-next single fix for backwards compat. * tag 'drm-misc-next-fixes-2016-12-10' of git://anongit.freedesktop.org/git/drm-misc: drm: Add fake controlD* symlinks for backwards compat commit f082f02c4731900a5065de69eb0d8cb5aab66196 Merge: 9465d9c 2cae3a1 Author: Linus Torvalds Date: Mon Dec 12 20:23:11 2016 -0800 Merge branch 'irq-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull irq updates from Thomas Gleixner: "The irq department provides: - a major update to the auto affinity management code, which is used by multi-queue devices - move of the microblaze irq chip driver into the common driver code so it can be shared between microblaze, powerpc and MIPS - a series of updates to the ARM GICV3 interrupt controller - the usual pile of fixes and small improvements all over the place" * 'irq-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (25 commits) powerpc/virtex: Use generic xilinx irqchip driver irqchip/xilinx: Try to fall back if xlnx,kind-of-intr not provided irqchip/xilinx: Add support for parent intc irqchip/xilinx: Rename get_irq to xintc_get_irq irqchip/xilinx: Restructure and use jump label api irqchip/xilinx: Clean up print messages microblaze/irqchip: Move intc driver to irqchip ARM: virt: Select ARM_GIC_V3_ITS ARM: gic-v3-its: Add 32bit support to GICv3 ITS irqchip/gic-v3-its: Specialise readq and writeq accesses irqchip/gic-v3-its: Specialise flush_dcache operation irqchip/gic-v3-its: Narrow down Entry Size when used as a divider irqchip/gic-v3-its: Change unsigned types for AArch32 compatibility irqchip/gic-v3: Use nops macro for Cavium ThunderX erratum 23154 irqchip/gic-v3: Convert arm64 GIC accessors to {read,write}_sysreg_s genirq/msi: Drop artificial PCI dependency irqchip/bcm7038-l1: Implement irq_cpu_offline() callback genirq/affinity: Use default affinity mask for reserved vectors genirq/affinity: Take reserved vectors into account when spreading irqs PCI: Remove the irq_affinity mask from struct pci_dev ... commit 9465d9cc31fa732089cd8bec9f1bdfcdc174a5ce Merge: e71c397 c029a2b Author: Linus Torvalds Date: Mon Dec 12 19:56:15 2016 -0800 Merge branch 'timers-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull timer updates from Thomas Gleixner: "The time/timekeeping/timer folks deliver with this update: - Fix a reintroduced signed/unsigned issue and cleanup the whole signed/unsigned mess in the timekeeping core so this wont happen accidentaly again. - Add a new trace clock based on boot time - Prevent injection of random sleep times when PM tracing abuses the RTC for storage - Make posix timers configurable for real tiny systems - Add tracepoints for the alarm timer subsystem so timer based suspend wakeups can be instrumented - The usual pile of fixes and updates to core and drivers" * 'timers-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (23 commits) timekeeping: Use mul_u64_u32_shr() instead of open coding it timekeeping: Get rid of pointless typecasts timekeeping: Make the conversion call chain consistently unsigned timekeeping_Force_unsigned_clocksource_to_nanoseconds_conversion alarmtimer: Add tracepoints for alarm timers trace: Update documentation for mono, mono_raw and boot clock trace: Add an option for boot clock as trace clock timekeeping: Add a fast and NMI safe boot clock timekeeping/clocksource_cyc2ns: Document intended range limitation timekeeping: Ignore the bogus sleep time if pm_trace is enabled selftests/timers: Fix spelling mistake "Asyncrhonous" -> "Asynchronous" clocksource/drivers/bcm2835_timer: Unmap region obtained by of_iomap clocksource/drivers/arm_arch_timer: Map frame with of_io_request_and_map() arm64: dts: rockchip: Arch counter doesn't tick in system suspend clocksource/drivers/arm_arch_timer: Don't assume clock runs in suspend posix-timers: Make them configurable posix_cpu_timers: Move the add_device_randomness() call to a proper place timer: Move sys_alarm from timer.c to itimer.c ptp_clock: Allow for it to be optional Kconfig: Regenerate *.c_shipped files after previous changes ... commit e71c3978d6f97659f6c3ee942c3e581299e4adf2 Merge: f797484 b18cc3d Author: Linus Torvalds Date: Mon Dec 12 19:25:04 2016 -0800 Merge branch 'smp-hotplug-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull smp hotplug updates from Thomas Gleixner: "This is the final round of converting the notifier mess to the state machine. The removal of the notifiers and the related infrastructure will happen around rc1, as there are conversions outstanding in other trees. The whole exercise removed about 2000 lines of code in total and in course of the conversion several dozen bugs got fixed. The new mechanism allows to test almost every hotplug step standalone, so usage sites can exercise all transitions extensively. There is more room for improvement, like integrating all the pointlessly different architecture mechanisms of synchronizing, setting cpus online etc into the core code" * 'smp-hotplug-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (60 commits) tracing/rb: Init the CPU mask on allocation soc/fsl/qbman: Convert to hotplug state machine soc/fsl/qbman: Convert to hotplug state machine zram: Convert to hotplug state machine KVM/PPC/Book3S HV: Convert to hotplug state machine arm64/cpuinfo: Convert to hotplug state machine arm64/cpuinfo: Make hotplug notifier symmetric mm/compaction: Convert to hotplug state machine iommu/vt-d: Convert to hotplug state machine mm/zswap: Convert pool to hotplug state machine mm/zswap: Convert dst-mem to hotplug state machine mm/zsmalloc: Convert to hotplug state machine mm/vmstat: Convert to hotplug state machine mm/vmstat: Avoid on each online CPU loops mm/vmstat: Drop get_online_cpus() from init_cpu_node_state/vmstat_cpu_dead() tracing/rb: Convert to hotplug state machine oprofile/nmi timer: Convert to hotplug state machine net/iucv: Use explicit clean up labels in iucv_init() x86/pci/amd-bus: Convert to hotplug state machine x86/oprofile/nmi: Convert to hotplug state machine ... commit 0faf7dd5a947006978b549dfe29a01b710becf4a Author: Lukasz Majewski Date: Mon Dec 12 16:09:45 2016 +0100 MAINTAINERS: Samsung: Update maintainer for PWM FAN and SAMSUNG THERMAL Since I leave Samsung, I would like to step down from maintenance duties. Bartek Zolnierkiewicz will replace. Signed-off-by: Lukasz Majewski Acked-by: Guenter Roeck Signed-off-by: Zhang Rui MAINTAINERS | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 39a0e975c37dee93fa1b8ea5f7eacd1c4c8a586e Author: Jungseung Lee Date: Mon Dec 12 16:46:43 2016 -0800 init: reduce rootwait polling interval time to 5ms For several devices, the rootwait time is sensitive because it directly affects booting time. The polling interval of rootwait is currently 100ms. To save unnessesary waiting time, reduce the polling interval to 5 ms. [akpm@linux-foundation.org: remove used-once #define] Link: http://lkml.kernel.org/r/20161207060743.1728-1-js07.lee@samsung.com Signed-off-by: Jungseung Lee Cc: Al Viro Cc: Christoph Hellwig Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds init/do_mounts.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 30f74aa0854c2d5a331b507b14fe421ba4980511 Author: Jason Baron Date: Mon Dec 12 16:46:40 2016 -0800 binfmt_elf: use vmalloc() for allocation of vma_filesz We have observed page allocations failures of order 4 during core dump while trying to allocate vma_filesz. This results in a useless core file of size 0. To improve reliability use vmalloc(). Note that the vmalloc() allocation is bounded by sysctl_max_map_count, which is 65,530 by default. So with a 4k page size, and 8 bytes per seg, this is a max of 128 pages or an order 7 allocation. Other parts of the core dump path, such as fill_files_note() are already using vmalloc() for presumably similar reasons. Link: http://lkml.kernel.org/r/1479745791-17611-1-git-send-email-jbaron@akamai.com Signed-off-by: Jason Baron Cc: Al Viro Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/binfmt_elf.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit a82603a8325f89ec53d4c3e249a2e831b747a69d Author: Andrew Jeffery Date: Mon Dec 12 16:46:37 2016 -0800 checkpatch: don't emit unified-diff error for rename-only patches I generated a patch with `git format-patch` which checkpatch thinks is invalid: $ ./scripts/checkpatch.pl lpc-dt/0006-mfd-dt-Move-syscon-bindings-to-syscon-subdirectory.patch WARNING: added, moved or deleted file(s), does MAINTAINERS need updating? Documentation/devicetree/bindings/mfd/{ => syscon}/aspeed-scu.txt | 0 ERROR: Does not appear to be a unified-diff format patch total: 1 errors, 1 warnings, 0 lines checked NOTE: For some of the reported defects, checkpatch may be able to mechanically convert to the typical style using --fix or --fix-inplace. lpc-dt/0006-mfd-dt-Move-syscon-bindings-to-syscon-subdirectory.patch has style problems, please review. NOTE: If any of the errors are false positives, please report them to the maintainer, see CHECKPATCH in MAINTAINERS. The patch in question was all renames with no edits, giving 100% similarity and thus no diff markers. Set '$is_patch = 1;' in the add/remove/rename detection to avoid generating spurious warnings. Link: http://lkml.kernel.org/r/20161205232224.22685-1-andrew@aj.id.au Signed-off-by: Andrew Jeffery Acked-by: Joe Perches Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds scripts/checkpatch.pl | 1 + 1 file changed, 1 insertion(+) commit fd39f904b17686df0f409e880af1ccfa2fe4ae1a Author: Tomas Winkler Date: Mon Dec 12 16:46:34 2016 -0800 checkpatch: don't check c99 types like uint8_t under tools Tools contains user space code so uintX_t types are just fine. Link: http://lkml.kernel.org/r/1479286379-853-1-git-send-email-tomas.winkler@intel.com Signed-off-by: Tomas Winkler Acked-by: Joe Perches Cc: Andy Whitcroft Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds scripts/checkpatch.pl | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 11ca40a0f8e3a788a987f14cb80d836a34d109ae Author: Joe Perches Date: Mon Dec 12 16:46:31 2016 -0800 checkpatch: avoid multiple line dereferences Code that puts a single dereferencing identifier on multiple lines like: struct_identifier->member[index]. member = ; is generally hard to follow. Prefer that dereferencing identifiers be single line. Link: http://lkml.kernel.org/r/e9c191ae3f41bedc8ffd5c0fbcc5a1cec1d1d2df.1478120869.git.joe@perches.com Signed-off-by: Joe Perches Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds scripts/checkpatch.pl | 12 ++++++++++++ 1 file changed, 12 insertions(+) commit d6430f71805aa98d6e8fbc67e605922aefcf9ceb Author: Joe Perches Date: Mon Dec 12 16:46:28 2016 -0800 checkpatch: don't check .pl files, improve absolute path commit log test perl files (*.pl) are mostly inappropriate to check coding styles so exempt them from long line checks and various .[ch] file type tests. And as well, only scan absolute paths in the commit log, not in the patch. Link: http://lkml.kernel.org/r/85b101d50acafe6c0261d9f7df283c827da52c4a.1477340110.git.joe@perches.com Signed-off-by: Joe Perches Cc: Andy Whitcroft Cc: Heinrich Schuchardt Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds scripts/checkpatch.pl | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) commit 224236d9c3a65d23cd3f113042404cf5e09e393c Author: Andrew Morton Date: Mon Dec 12 16:46:26 2016 -0800 scripts/checkpatch.pl: fix spelling s/preceeded/preceded/ Cc: Joe Perches Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds scripts/checkpatch.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit f2c19c2f380fcfdc85eb750016d73f7cd3e77573 Author: Jerome Forissier Date: Mon Dec 12 16:46:23 2016 -0800 checkpatch: don't try to get maintained status when --no-tree is given Fixes the following warning: Use of uninitialized value $root in concatenation (.) or string at /path/to/checkpatch.pl line 764. Link: http://lkml.kernel.org/r/1476719709-16668-1-git-send-email-jerome.forissier@linaro.org Signed-off-by: Jerome Forissier Reviewed-by: Brian Norris Acked-by: Joe Perches Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds scripts/checkpatch.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit a2ef9471c771427c2ddd56677b8de45021f6fd71 Author: Daniel Vetter Date: Mon Dec 12 16:46:20 2016 -0800 lib/ida: document locking requirements a bit better I wanted to wrap a bunch of ida_simple_get calls into their own locking, until I dug around and read the original commit message. Stuff like this should imo be added to the kernel doc, let's do that. Link: http://lkml.kernel.org/r/20161027072216.20411-1-daniel.vetter@ffwll.ch Signed-off-by: Daniel Vetter Acked-by: Tejun Heo Cc: Mel Gorman Cc: Michal Hocko Cc: Vlastimil Babka Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds lib/idr.c | 11 +++++++++++ 1 file changed, 11 insertions(+) commit ce093a04543c403d52c1a5788d8cb92e47453aba Author: Jie Chen Date: Mon Dec 12 16:46:17 2016 -0800 lib/rbtree.c: fix typo in comment of ____rb_erase_color In Case 3 of `sibling == parent->rb_right': Right rotation will not change color of sl and S in the diagram (i.e. should not change "sl" to "Sl", "S" to "s") In Case 3 of `sibling == parent->rb_left': (p) (p) / \ / \ S N --> sr N / \ / Sl sr S / Sl This is actually left rotation at "S", not right rotation. In Case 4 of `sibling == parent->rb_left': (p) (s) / \ / \ S N --> Sl P / \ / \ sl (sr) (sr) N This is actually right rotation at "(p)" + color flips, not left rotation + color flips. Link: http://lkml.kernel.org/r/1472391115-3702-1-git-send-email-fykcee1@gmail.com Signed-off-by: Jie Chen Cc: Wei Yang Cc: Xiao Guangrong Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds lib/rbtree.c | 23 +++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) commit 6b2a65c7ff612035deb1012388738b54e08ab2a6 Author: Dave Young Date: Mon Dec 12 16:46:14 2016 -0800 lib/Kconfig.debug: make CONFIG_STRICT_DEVMEM depend on CONFIG_DEVMEM With CONFIG_DEVMEM not set, CONFIG_STRICT_DEVMEM will be useless even if it is set =y, thus let's update the dependency in Kconfig. Link: http://lkml.kernel.org/r/20161006051217.GA31027@dhcp-128-65.nay.redhat.com Signed-off-by: Dave Young Acked-by: Kees Cook Cc: Ingo Molnar Cc: Dan Williams Cc: Josh Poimboeuf Cc: Tejun Heo Cc: Andrey Ryabinin Cc: Nikolay Aleksandrov Cc: Dmitry Vyukov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds lib/Kconfig.debug | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 5fc41a70d804f93b88924bed1d2f494f3b735571 Author: Jani Nikula Date: Mon Dec 12 16:46:11 2016 -0800 MAINTAINERS: add drm and drm/i915 irc channels Link: http://lkml.kernel.org/r/1476966135-26943-4-git-send-email-jani.nikula@intel.com Signed-off-by: Jani Nikula Reviewed-by: Andrew Donnellan Cc: Daniel Vetter Cc: Dave Airlie Cc: Joe Perches Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds MAINTAINERS | 2 ++ 1 file changed, 2 insertions(+) commit 57599f9b879cae3c85e8646772e94ae568854319 Author: Jani Nikula Date: Mon Dec 12 16:46:08 2016 -0800 MAINTAINERS: add "C:" for URI for chat where developers hang out Make it easier to find the developer chat for the subsystem or driver. Link: http://lkml.kernel.org/r/1476966135-26943-3-git-send-email-jani.nikula@intel.com Signed-off-by: Jani Nikula Reviewed-by: Andrew Donnellan Cc: Daniel Vetter Cc: Dave Airlie Cc: Joe Perches Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds MAINTAINERS | 2 ++ 1 file changed, 2 insertions(+) commit 51b06f9f84eb05f98755fd2d6293063a1a23980c Author: Jani Nikula Date: Mon Dec 12 16:46:05 2016 -0800 MAINTAINERS: add drm and drm/i915 bug filing info Link: http://lkml.kernel.org/r/1476966135-26943-2-git-send-email-jani.nikula@intel.com Signed-off-by: Jani Nikula Reviewed-by: Andrew Donnellan Cc: Daniel Vetter Cc: Dave Airlie Cc: Joe Perches Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds MAINTAINERS | 2 ++ 1 file changed, 2 insertions(+) commit 2de2bd95f45639b8e21b1da7f72f506d43400b4d Author: Jani Nikula Date: Mon Dec 12 16:46:02 2016 -0800 MAINTAINERS: add "B:" for URI where to file bugs Different subsystems and drivers have different preferences for where to file bugs and what information to include. Add "B:" entry for specifying the URI for the bug tracker directly, a web page for detailed info on filing bugs, or a mailto: URI. Link: http://lkml.kernel.org/r/1476966135-26943-1-git-send-email-jani.nikula@intel.com Signed-off-by: Jani Nikula Reviewed-by: Andrew Donnellan Acked-by: Daniel Vetter Cc: Joe Perches Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds MAINTAINERS | 2 ++ 1 file changed, 2 insertions(+) commit 03aed214b25c068cb9955063d4742273679b49f3 Author: Joe Perches Date: Mon Dec 12 16:45:59 2016 -0800 get_maintainer: look for arbitrary letter prefixes in sections Jani Nikula proposes patches to add a few new letter prefixes for "B:" bug reporting and "C:" maintainer chatting to the various sections of MAINTAINERS. Add a generic mechanism to get_maintainer.pl to find sections that have any combination of "[A-Z]" letter prefix types in a section. Link: http://lkml.kernel.org/r/1477332323.1984.8.camel@perches.com Signed-off-by: Joe Perches Cc: Jani Nikula Cc: Daniel Vetter Cc: Dave Airlie Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds scripts/get_maintainer.pl | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) commit a8cfdc68f6cfc0c7ffc6d664406fe7f06f17eef4 Author: Olof Johansson Date: Mon Dec 12 16:45:56 2016 -0800 printk: add Kconfig option to set default console loglevel Add a configuration option to set the default console loglevel. This is, as before, still possible to override at runtime through bootargs (loglevel=), sysrq and /proc/printk. There are cases where adding additional arguments on the commandline is impractical, and changing the default for the kernel when being built makes more sense. Provide such a method here, for those who choose to do so. Also, while touching this code, clarify the difference between MESSAGE_LOGLEVEL_DEFAULT and CONSOLE_LOGLEVEL_DEFAULT. Link: http://lkml.kernel.org/r/1479676829-30031-1-git-send-email-olof@lixom.net Signed-off-by: Olof Johansson Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/printk.h | 7 ++++++- lib/Kconfig.debug | 19 +++++++++++++++++++ 2 files changed, 25 insertions(+), 1 deletion(-) commit 0a4824bf8f8b88ba62c3c6e01608e8bfc2a99a17 Author: Petr Mladek Date: Mon Dec 12 16:45:53 2016 -0800 printk/sound: handle more message headers Commit 4bcc595ccd80 ("printk: reinstate KERN_CONT for printing continuation lines") allows to define more message headers for a single message. The motivation is that continuous lines might get mixed. Therefore it make sense to define the right log level for every piece of a cont line. This patch allows to copy only the real message level. We should ignore KERN_CONT because is added for each message. By other words, we want to know where each piece of the line comes from. [pmladek@suse.com: fix a check of the valid message level] Link: http://lkml.kernel.org/r/20161111183444.GE2145@dhcp128.suse.cz Link: http://lkml.kernel.org/r/1478695291-12169-5-git-send-email-pmladek@suse.com Signed-off-by: Petr Mladek Cc: Joe Perches Cc: Sergey Senozhatsky Cc: Steven Rostedt Cc: Jason Wessel Cc: Jaroslav Kysela Cc: Takashi Iwai Cc: Chris Mason Cc: Josef Bacik Cc: David Sterba Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds sound/core/misc.c | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) commit 262c5e86fec7cfd59754732001a9ff5b13eba501 Author: Petr Mladek Date: Mon Dec 12 16:45:50 2016 -0800 printk/btrfs: handle more message headers Commit 4bcc595ccd80 ("printk: reinstate KERN_CONT for printing continuation lines") allows to define more message headers for a single message. The motivation is that continuous lines might get mixed. Therefore it make sense to define the right log level for every piece of a cont line. The current btrfs_printk() macros do not support continuous lines at the moment. But better be prepared for a custom messages and avoid potential "lvl" buffer overflow. This patch iterates over the entire message header. It is interested only into the message level like the original code. This patch also introduces PRINTK_MAX_SINGLE_HEADER_LEN. Three bytes are enough for the message level header at the moment. But it used to be three, see the commit 04d2c8c83d0e ("printk: convert the format for KERN_ to a 2 byte pattern"). Also I fixed the default ratelimit level. It looked very strange when it was different from the default log level. [pmladek@suse.com: Fix a check of the valid message level] Link: http://lkml.kernel.org/r/20161111183236.GD2145@dhcp128.suse.cz Link: http://lkml.kernel.org/r/1478695291-12169-4-git-send-email-pmladek@suse.com Signed-off-by: Petr Mladek Acked-by: David Sterba Cc: Joe Perches Cc: Sergey Senozhatsky Cc: Steven Rostedt Cc: Jason Wessel Cc: Jaroslav Kysela Cc: Takashi Iwai Cc: Chris Mason Cc: Josef Bacik Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/btrfs/super.c | 26 +++++++++++++++----------- include/linux/printk.h | 2 ++ 2 files changed, 17 insertions(+), 11 deletions(-) commit 497957576cf8a2150d723aedd74ea60b5d498bfe Author: Petr Mladek Date: Mon Dec 12 16:45:47 2016 -0800 printk/kdb: handle more message headers Commit 4bcc595ccd80 ("printk: reinstate KERN_CONT for printing continuation lines") allows to define more message headers for a single message. The motivation is that continuous lines might get mixed. Therefore it make sense to define the right log level for every piece of a cont line. This patch introduces printk_skip_headers() that will skip all headers and uses it in the kdb code instead of printk_skip_level(). This approach helps to fix other printk_skip_level() users independently. Link: http://lkml.kernel.org/r/1478695291-12169-3-git-send-email-pmladek@suse.com Signed-off-by: Petr Mladek Cc: Joe Perches Cc: Sergey Senozhatsky Cc: Steven Rostedt Cc: Jason Wessel Cc: Jaroslav Kysela Cc: Takashi Iwai Cc: Chris Mason Cc: Josef Bacik Cc: David Sterba Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/printk.h | 8 ++++++++ kernel/debug/kdb/kdb_io.c | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) commit 22c2c7b2ef7864389b1b75f9fd604da14b21e2c2 Author: Petr Mladek Date: Mon Dec 12 16:45:44 2016 -0800 printk/NMI: handle continuous lines and missing newline Commit 4bcc595ccd80 ("printk: reinstate KERN_CONT for printing continuation lines") added back KERN_CONT message header. As a result it might appear in the middle of the line when the parts are squashed via the temporary NMI buffer. A reasonable solution seems to be to split the text in the NNI temporary not only by newlines but also by the message headers. Another solution would be to filter out KERN_CONT when writing to the temporary buffer. But this would complicate the lockless handling. Also it would not solve problems with a missing newline that was there even before the KERN_CONT stuff. This patch moves the temporary buffer handling into separate function. I played with it and it seems that using the char pointers make the code easier to read. Also it prints the final newline as a continuous line. Finally, it moves handling of the s->len overflow into the paranoid check. And allows to recover from the disaster. Link: http://lkml.kernel.org/r/1478695291-12169-2-git-send-email-pmladek@suse.com Signed-off-by: Petr Mladek Reviewed-by: Sergey Senozhatsky Cc: Joe Perches Cc: Steven Rostedt Cc: Jason Wessel Cc: Jaroslav Kysela Cc: Takashi Iwai Cc: Chris Mason Cc: Josef Bacik Cc: David Sterba Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds kernel/printk/nmi.c | 78 ++++++++++++++++++++++++++++++++++------------------- 1 file changed, 50 insertions(+), 28 deletions(-) commit 4a998e322abc935e95efc1a8108e6102be636a43 Author: Petr Mladek Date: Mon Dec 12 16:45:40 2016 -0800 printk/NMI: fix up handling of the full nmi log buffer vsnprintf() adds the trailing '\0' but it does not count it into the number of printed characters. The result is that there is one byte less space for the real characters in the buffer. The broken check for the free space might cause that we will repeatedly try to print 1 character into the buffer, never reach the full buffer, and do not count the messages as missed. Also vsnprintf() returns the number of characters that would be printed if the buffer was big enough. As a result, s->len might be bigger than the size of the buffer[*]. And the printk() function might return bigger len than it really printed. Both problems are fixed by using vscnprintf() instead. Note that I though about increasing the number of missed messages even when the message was shrunken. But it made the code even more complicated. I think that it is not worth it. Shrunken messages are usually easy to recognize. And it should be a corner case. [*] The overflown s->len value is crazy and unexpected. I "made a mistake" and reported this situation as an internal error when fixed handling of PR_CONT headers in some other patch. Link: http://lkml.kernel.org/r/20161208174912.GA17042@linux.suse Signed-off-by: Petr Mladek CcL Sergey Senozhatsky Cc: Chris Mason Cc: David Sterba Cc: Jason Wessel Cc: Josef Bacik Cc: Joe Perches Cc: Jaroslav Kysela Cc: Steven Rostedt Cc: Takashi Iwai Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds kernel/printk/nmi.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 8e8780a547d987b6465c9458402177fe706c5624 Author: Benjamin Peterson Date: Mon Dec 12 16:45:38 2016 -0800 compiler-gcc.h: use "proved" instead of "proofed" Link: http://lkml.kernel.org/r/1477894241.1103202.772260161.1B0A5995@webmail.messagingengine.com Signed-off-by: Benjamin Peterson Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/compiler-gcc.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 4ca5ede07c9871c13ae422c96d6d08dbd0df5eda Author: Tetsuo Handa Date: Mon Dec 12 16:45:35 2016 -0800 hung_task: decrement sysctl_hung_task_warnings only if it is positive Since sysctl_hung_task_warnings == -1 is allowed (infinite warnings), commit 48a6d64edadb ("hung_task: allow hung_task_panic when hung_task_warnings is 0") should decrement it only when it is not -1. This prevents the kernel from ceasing warnings after the first 4294967295 ;) Signed-off-by: Tetsuo Handa Cc: John Siddle Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds kernel/hung_task.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 1270dd8d994039b677d0504ba7260873d608bf75 Author: Alexey Dobriyan Date: Mon Dec 12 16:45:32 2016 -0800 fs/proc: calculate /proc/* and /proc/*/task/* nlink at init time Runtime nlink calculation works but meh. I don't know how to do it at compile time, but I know how to do it at init time. Shift "2+" part into init time as a bonus. Link: http://lkml.kernel.org/r/20161122195549.GB29812@avx2 Signed-off-by: Alexey Dobriyan Reviewed-by: Vegard Nossum Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/proc/base.c | 19 +++++++++++++------ fs/proc/internal.h | 1 + fs/proc/root.c | 1 + 3 files changed, 15 insertions(+), 6 deletions(-) commit bac5f5d56bbcb0ef7d3a926dd28b5f1db09117b7 Author: Alexey Dobriyan Date: Mon Dec 12 16:45:28 2016 -0800 fs/proc/base.c: save decrement during lookup/readdir in /proc/$PID Comparison for "<" works equally well as comparison for "<=" but one SUB/LEA is saved (no, it is not optimised away, at least here). Link: http://lkml.kernel.org/r/20161122195143.GA29812@avx2 Signed-off-by: Alexey Dobriyan Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/proc/base.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 209b14dc030760d3a17029a5c3bd92c9d6fd3f37 Author: Rasmus Villemoes Date: Mon Dec 12 16:45:25 2016 -0800 fs/proc/array.c: slightly improve render_sigset_t format_decode and vsnprintf occasionally show up in perf top, so I went looking for places that might not need the full printf power. With the help of kprobes, I gathered some statistics on which format strings we mostly pass to vsnprintf. On a trivial desktop workload, I hit "%x" 25% of the time, so something apparently reads /proc/pid/status (which does 5*16 printf("%x") calls) a lot. With this patch, reading /proc/pid/status is 30% faster according to this microbenchmark: char buf[4096]; int i, fd; for (i = 0; i < 10000; ++i) { fd = open("/proc/self/status", O_RDONLY); read(fd, buf, sizeof(buf)); close(fd); } Link: http://lkml.kernel.org/r/1474410485-1305-1-git-send-email-linux@rasmusvillemoes.dk Signed-off-by: Rasmus Villemoes Acked-by: Andrei Vagin Acked-by: Kees Cook Cc: Alexey Dobriyan Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/proc/array.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 492b2da6056e7051917516368e75e062422c3557 Author: Alexey Dobriyan Date: Mon Dec 12 16:45:22 2016 -0800 proc: tweak comments about 2 stage open and everything Some comments were obsoleted since commit 05c0ae21c034 ("try a saner locking for pde_opener..."). Some new comments added. Some confusing comments replaced with equally confusing ones. Link: http://lkml.kernel.org/r/20161029160231.GD1246@avx2 Signed-off-by: Alexey Dobriyan Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/proc/inode.c | 29 +++++++++++++++++++++-------- 1 file changed, 21 insertions(+), 8 deletions(-) commit 39a10ac23cfdb6469550e1641a2bc2ed80663ceb Author: Alexey Dobriyan Date: Mon Dec 12 16:45:20 2016 -0800 proc: kmalloc struct pde_opener kzalloc is too much, half of the fields will be reinitialized anyway. If proc file doesn't have ->release hook (some still do not), clearing is unnecessary because it will be freed immediately. Link: http://lkml.kernel.org/r/20161029155747.GC1246@avx2 Signed-off-by: Alexey Dobriyan Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/proc/inode.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit f5887c71cf682a6c27e26cb83296d49729f62b3c Author: Alexey Dobriyan Date: Mon Dec 12 16:45:17 2016 -0800 proc: fix type of struct pde_opener::closing field struct pde_opener::closing is boolean. Link: http://lkml.kernel.org/r/20161029155439.GB1246@avx2 Signed-off-by: Alexey Dobriyan Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/proc/inode.c | 2 +- fs/proc/internal.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) commit 06a0c4175db68912981fa34c24384d8b1a58c6dc Author: Alexey Dobriyan Date: Mon Dec 12 16:45:14 2016 -0800 proc: just list_del() struct pde_opener list_del_init() is too much, structure will be freed in three lines anyway. Link: http://lkml.kernel.org/r/20161029155313.GA1246@avx2 Signed-off-by: Alexey Dobriyan Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/proc/inode.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 9a87fe0d7c2d4fb62255cb69088da5a812df3516 Author: Alexey Dobriyan Date: Mon Dec 12 16:45:11 2016 -0800 proc: make struct struct map_files_info::len unsigned int Linux doesn't support 4GB+ filenames in /proc, so unsigned long is too much. MOV r64, r/m64 is larger than MOV r32, r/m32. Link: http://lkml.kernel.org/r/20161029161123.GG1246@avx2 Signed-off-by: Alexey Dobriyan Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/proc/base.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 623f594e7d20e4b5dac50aba5bd23822f2a95d6f Author: Alexey Dobriyan Date: Mon Dec 12 16:45:08 2016 -0800 proc: make struct pid_entry::len unsigned "unsigned int" is better on x86_64 because it most of the time it autoexpands to 64-bit value while "int" requires MOVSX instruction. Link: http://lkml.kernel.org/r/20161029160810.GF1246@avx2 Signed-off-by: Alexey Dobriyan Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/proc/base.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit af884cd4a5ae62fcf5e321fecf0ec1014730353d Author: Kees Cook Date: Mon Dec 12 16:45:05 2016 -0800 proc: report no_new_privs state Similar to being able to examine if a process has been correctly confined with seccomp, the state of no_new_privs is equally interesting, so this adds it to /proc/$pid/status. Link: http://lkml.kernel.org/r/20161103214041.GA58566@beast Signed-off-by: Kees Cook Reviewed-by: Jann Horn Cc: Jonathan Corbet Cc: Vlastimil Babka Cc: Michal Hocko Cc: Konstantin Khlebnikov Cc: Hugh Dickins Cc: Naoya Horiguchi Cc: Rodrigo Freire Cc: John Stultz Cc: Ross Zwisler Cc: Robert Ho Cc: Jerome Marchand Cc: Andy Lutomirski Cc: Johannes Weiner Cc: Alexey Dobriyan Cc: "Richard W.M. Jones" Cc: Joe Perches Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Documentation/filesystems/proc.txt | 2 ++ fs/proc/array.c | 5 +++-- 2 files changed, 5 insertions(+), 2 deletions(-) commit 8f6066049c54ef0f726869c27d610cef5d15e084 Author: zijun_hu Date: Mon Dec 12 16:45:02 2016 -0800 mm/percpu.c: fix panic triggered by BUG_ON() falsely As shown by pcpu_build_alloc_info(), the number of units within a percpu group is deduced by rounding up the number of CPUs within the group to @upa boundary/ Therefore, the number of CPUs isn't equal to the units's if it isn't aligned to @upa normally. However, pcpu_page_first_chunk() uses BUG_ON() to assert that one number is equal to the other roughly, so a panic is maybe triggered by the BUG_ON() incorrectly. In order to fix this issue, the number of CPUs is rounded up then compared with units's and the BUG_ON() is replaced with a warning and return of an error code as well, to keep system alive as much as possible. Link: http://lkml.kernel.org/r/57FCF07C.2020103@zoho.com Signed-off-by: zijun_hu Cc: Tejun Heo Cc: Christoph Lameter Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/percpu.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) commit c5caf21ab0cf884ef15b25af234f620e4a233139 Author: Andrey Ryabinin Date: Mon Dec 12 16:44:59 2016 -0800 kasan: turn on -fsanitize-address-use-after-scope In the upcoming gcc7 release, the -fsanitize=kernel-address option at first implied new -fsanitize-address-use-after-scope option. This would cause link errors on older kernels because they don't have two new functions required for use-after-scope support. Therefore, gcc7 changed default to -fno-sanitize-address-use-after-scope. Now the kernel has everything required for that feature since commit 828347f8f9a5 ("kasan: support use-after-scope detection"). So, to make it work, we just have to enable use-after-scope in CFLAGS. Link: http://lkml.kernel.org/r/1481207977-28654-1-git-send-email-aryabinin@virtuozzo.com Signed-off-by: Andrey Ryabinin Acked-by: Dmitry Vyukov Cc: Alexander Potapenko Cc: Andrey Konovalov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds scripts/Makefile.kasan | 2 ++ 1 file changed, 2 insertions(+) commit 64abdcb24351a27bed6e2b6a3c27348fe532c73f Author: Dmitry Vyukov Date: Mon Dec 12 16:44:56 2016 -0800 kasan: eliminate long stalls during quarantine reduction Currently we dedicate 1/32 of RAM for quarantine and then reduce it by 1/4 of total quarantine size. This can be a significant amount of memory. For example, with 4GB of RAM total quarantine size is 128MB and it is reduced by 32MB at a time. With 128GB of RAM total quarantine size is 4GB and it is reduced by 1GB. This leads to several problems: - freeing 1GB can take tens of seconds, causes rcu stall warnings and just introduces unexpected long delays at random places - if kmalloc() is called under a mutex, other threads stall on that mutex while a thread reduces quarantine - threads wait on quarantine_lock while one thread grabs a large batch of objects to evict - we walk the uncached list of object to free twice which makes all of the above worse - when a thread frees objects, they are already not accounted against global_quarantine.bytes; as the result we can have quarantine_size bytes in quarantine + unbounded amount of memory in large batches in threads that are in process of freeing Reduce size of quarantine in smaller batches to reduce the delays. The only reason to reduce it in batches is amortization of overheads, the new batch size of 1MB should be well enough to amortize spinlock lock/unlock and few function calls. Plus organize quarantine as a FIFO array of batches. This allows to not walk the list in quarantine_reduce() under quarantine_lock, which in turn reduces contention and is just faster. This improves performance of heavy load (syzkaller fuzzing) by ~20% with 4 CPUs and 32GB of RAM. Also this eliminates frequent (every 5 sec) drops of CPU consumption from ~400% to ~100% (one thread reduces quarantine while others are waiting on a mutex). Some reference numbers: 1. Machine with 4 CPUs and 4GB of memory. Quarantine size 128MB. Currently we free 32MB at at time. With new code we free 1MB at a time (1024 batches, ~128 are used). 2. Machine with 32 CPUs and 128GB of memory. Quarantine size 4GB. Currently we free 1GB at at time. With new code we free 8MB at a time (1024 batches, ~512 are used). 3. Machine with 4096 CPUs and 1TB of memory. Quarantine size 32GB. Currently we free 8GB at at time. With new code we free 4MB at a time (16K batches, ~8K are used). Link: http://lkml.kernel.org/r/1478756952-18695-1-git-send-email-dvyukov@google.com Signed-off-by: Dmitry Vyukov Cc: Eric Dumazet Cc: Greg Thelen Cc: Alexander Potapenko Cc: Andrey Ryabinin Cc: Andrey Konovalov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/kasan/quarantine.c | 94 ++++++++++++++++++++++++++------------------------- 1 file changed, 48 insertions(+), 46 deletions(-) commit 5c5c1f36cedfb51ec291181e71817f7fe7e03ee2 Author: Dmitry Vyukov Date: Mon Dec 12 16:44:53 2016 -0800 kasan: support panic_on_warn If user sets panic_on_warn, he wants kernel to panic if there is anything barely wrong with the kernel. KASAN-detected errors are definitely not less benign than an arbitrary kernel WARNING. Panic after KASAN errors if panic_on_warn is set. We use this for continuous fuzzing where we want kernel to stop and reboot on any error. Link: http://lkml.kernel.org/r/1476694764-31986-1-git-send-email-dvyukov@google.com Signed-off-by: Dmitry Vyukov Acked-by: Andrey Ryabinin Cc: Alexander Potapenko Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/kasan/report.c | 2 ++ 1 file changed, 2 insertions(+) commit 49920d28781dcced10cd30cb9a938e7d045a1c94 Author: Hugh Dickins Date: Mon Dec 12 16:44:50 2016 -0800 mm: make transparent hugepage size public Test programs want to know the size of a transparent hugepage. While it is commonly the same as the size of a hugetlbfs page (shown as Hugepagesize in /proc/meminfo), that is not always so: powerpc implements transparent hugepages in a different way from hugetlbfs pages, so it's coincidence when their sizes are the same; and x86 and others can support more than one hugetlbfs page size. Add /sys/kernel/mm/transparent_hugepage/hpage_pmd_size to show the THP size in bytes - it's the same for Anonymous and Shmem hugepages. Call it hpage_pmd_size (after HPAGE_PMD_SIZE) rather than hpage_size, in case some transparent support for pud and pgd pages is added later. Link: http://lkml.kernel.org/r/alpine.LSU.2.11.1612052200290.13021@eggly.anvils Signed-off-by: Hugh Dickins Acked-by: Michal Hocko Acked-by: Vlastimil Babka Cc: Greg Thelen Cc: David Rientjes Cc: "Kirill A. Shutemov" Cc: Andrea Arcangeli Cc: "Aneesh Kumar K.V" Cc: Dave Hansen Cc: Dan Williams Cc: Jan Kara Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Documentation/vm/transhuge.txt | 5 +++++ mm/huge_memory.c | 10 ++++++++++ 2 files changed, 15 insertions(+) commit a66c0410b97c07a5708881198528ce724f7a3226 Author: Hugh Dickins Date: Mon Dec 12 16:44:47 2016 -0800 mm: add cond_resched() in gather_pte_stats() The other pagetable walks in task_mmu.c have a cond_resched() after walking their ptes: add a cond_resched() in gather_pte_stats() too, for reading /proc//numa_maps. Only pagemap_pmd_range() has a cond_resched() in its (unusually expensive) pmd_trans_huge case: more should probably be added, but leave them unchanged for now. Link: http://lkml.kernel.org/r/alpine.LSU.2.11.1612052157400.13021@eggly.anvils Signed-off-by: Hugh Dickins Acked-by: Michal Hocko Cc: David Rientjes Cc: Gerald Schaefer Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/proc/task_mmu.c | 1 + 1 file changed, 1 insertion(+) commit dc644a073769dd8949a75691eb4a5bdeb70a7d51 Author: Hugh Dickins Date: Mon Dec 12 16:44:44 2016 -0800 mm: add three more cond_resched() in swapoff Add a cond_resched() in the unuse_pmd_range() loop (so as to call it even when pmd none or trans_huge, like zap_pmd_range() does); and in the unuse_mm() loop (since that might skip over many vmas). shmem_unuse() and radix_tree_locate_item() look good enough already. Those were the obvious places, but in fact the stalls came from find_next_to_unuse(), which sometimes scans through many unused entries. Apply scan_swap_map()'s LATENCY_LIMIT of 256 there too; and only go off to test frontswap_map when a used entry is found. Link: http://lkml.kernel.org/r/alpine.LSU.2.11.1612052155140.13021@eggly.anvils Signed-off-by: Hugh Dickins Reported-by: Eric Dumazet Cc: David Rientjes Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/swapfile.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) commit a6de734bc002fe2027ccc074fbbd87d72957b7a4 Author: Mel Gorman Date: Mon Dec 12 16:44:41 2016 -0800 mm, page_alloc: keep pcp count and list contents in sync if struct page is corrupted Vlastimil Babka pointed out that commit 479f854a207c ("mm, page_alloc: defer debugging checks of pages allocated from the PCP") will allow the per-cpu list counter to be out of sync with the per-cpu list contents if a struct page is corrupted. The consequence is an infinite loop if the per-cpu lists get fully drained by free_pcppages_bulk because all the lists are empty but the count is positive. The infinite loop occurs here do { batch_free++; if (++migratetype == MIGRATE_PCPTYPES) migratetype = 0; list = &pcp->lists[migratetype]; } while (list_empty(list)); What the user sees is a bad page warning followed by a soft lockup with interrupts disabled in free_pcppages_bulk(). This patch keeps the accounting in sync. Fixes: 479f854a207c ("mm, page_alloc: defer debugging checks of pages allocated from the PCP") Link: http://lkml.kernel.org/r/20161202112951.23346-2-mgorman@techsingularity.net Signed-off-by: Mel Gorman Acked-by: Vlastimil Babka Acked-by: Michal Hocko Acked-by: Hillf Danton Cc: Christoph Lameter Cc: Johannes Weiner Cc: Jesper Dangaard Brouer Cc: Joonsoo Kim Cc: [4.7+] Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/page_alloc.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) commit d5a187daf5856df9b997f9d208e5a7b64006eb2e Author: Vlastimil Babka Date: Mon Dec 12 16:44:38 2016 -0800 mm, rmap: handle anon_vma_prepare() common case inline anon_vma_prepare() is mostly a large "if (unlikely(...))" block, as the expected common case is that an anon_vma already exists. We could turn the condition around and return 0, but it also makes sense to do it inline and avoid a call for the common case. Bloat-o-meter naturally shows that inlining the check has some code size costs: add/remove: 1/1 grow/shrink: 4/0 up/down: 475/-373 (102) function old new delta __anon_vma_prepare - 359 +359 handle_mm_fault 2744 2796 +52 hugetlb_cow 1146 1170 +24 hugetlb_fault 2123 2145 +22 wp_page_copy 1469 1487 +18 anon_vma_prepare 373 - -373 Checking the asm however confirms that the hot paths now avoid a call, which is moved away. [akpm@linux-foundation.org: coding-style fixes] Link: http://lkml.kernel.org/r/20161116074005.22768-1-vbabka@suse.cz Signed-off-by: Vlastimil Babka Cc: "Kirill A. Shutemov" Cc: Johannes Weiner Cc: Konstantin Khlebnikov Cc: Rik van Riel Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/rmap.h | 10 +++++++- mm/rmap.c | 69 ++++++++++++++++++++++++++-------------------------- 2 files changed, 43 insertions(+), 36 deletions(-) commit 46e8a3a08c23d07d0f21fabeed182b671af68c93 Author: Vlastimil Babka Date: Mon Dec 12 16:44:35 2016 -0800 mm, debug: print raw struct page data in __dump_page() __dump_page() is used when a page metadata inconsistency is detected, either by standard runtime checks, or extra checks in CONFIG_DEBUG_VM builds. It prints some of the relevant metadata, but not the whole struct page, which is based on unions and interpretation is dependent on the context. This means that sometimes e.g. a VM_BUG_ON_PAGE() checks certain field, which is however not printed by __dump_page() and the resulting bug report may then lack clues that could help in determining the root cause. This patch solves the problem by simply printing the whole struct page word by word, so no part is missing, but the interpretation of the data is left to developers. This is similar to e.g. x86_64 raw stack dumps. Example output: page:ffffea00000475c0 count:1 mapcount:0 mapping: (null) index:0x0 flags: 0x100000000000400(reserved) raw: 0100000000000400 0000000000000000 0000000000000000 00000001ffffffff raw: ffffea00000475e0 ffffea00000475e0 0000000000000000 0000000000000000 page dumped because: VM_BUG_ON_PAGE(1) [aryabinin@virtuozzo.com: suggested print_hex_dump()] Link: http://lkml.kernel.org/r/2ff83214-70fe-741e-bf05-fe4a4073ec3e@suse.cz Signed-off-by: Vlastimil Babka Acked-by: Kirill A. Shutemov Acked-by: Andrey Ryabinin Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/debug.c | 4 ++++ 1 file changed, 4 insertions(+) commit 953c66c2b22a304dbc3c3d7fc8e8c25cd97a03d8 Author: Aneesh Kumar K.V Date: Mon Dec 12 16:44:32 2016 -0800 mm: THP page cache support for ppc64 Add arch specific callback in the generic THP page cache code that will deposit and withdarw preallocated page table. Archs like ppc64 use this preallocated table to store the hash pte slot information. Testing: kernel build of the patch series on tmpfs mounted with option huge=always The related thp stat: thp_fault_alloc 72939 thp_fault_fallback 60547 thp_collapse_alloc 603 thp_collapse_alloc_failed 0 thp_file_alloc 253763 thp_file_mapped 4251 thp_split_page 51518 thp_split_page_failed 1 thp_deferred_split_page 73566 thp_split_pmd 665 thp_zero_page_alloc 3 thp_zero_page_alloc_failed 0 [akpm@linux-foundation.org: remove unneeded parentheses, per Kirill] Link: http://lkml.kernel.org/r/20161113150025.17942-2-aneesh.kumar@linux.vnet.ibm.com Signed-off-by: Aneesh Kumar K.V Acked-by: Kirill A. Shutemov Cc: Michael Ellerman Cc: Benjamin Herrenschmidt Cc: Michael Neuling Cc: Paul Mackerras Cc: Balbir Singh Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/powerpc/include/asm/book3s/64/pgtable.h | 10 +++++ include/asm-generic/pgtable.h | 3 ++ mm/Kconfig | 6 +-- mm/huge_memory.c | 17 ++++++++ mm/khugepaged.c | 21 +++++++++- mm/memory.c | 60 +++++++++++++++++++++++----- 6 files changed, 100 insertions(+), 17 deletions(-) commit 1dd38b6c27d59414e89c08dd1ae9677a8e12cbc4 Author: Aneesh Kumar K.V Date: Mon Dec 12 16:44:29 2016 -0800 mm: move vma_is_anonymous check within pmd_move_must_withdraw Independent of whether the vma is for anonymous memory, some arches like ppc64 would like to override pmd_move_must_withdraw(). One option is to encapsulate the vma_is_anonymous() check for general architectures inside pmd_move_must_withdraw() so that is always called and architectures that need unconditional overriding can override this function. ppc64 needs to override the function when the MMU is configured to use hash PTE's. [bsingharora@gmail.com: reworked changelog] Link: http://lkml.kernel.org/r/20161113150025.17942-1-aneesh.kumar@linux.vnet.ibm.com Signed-off-by: Aneesh Kumar K.V Acked-by: Kirill A. Shutemov Acked-by: Michael Ellerman (powerpc) Cc: Benjamin Herrenschmidt Cc: Michael Neuling Cc: Paul Mackerras Cc: Balbir Singh Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/powerpc/include/asm/book3s/64/pgtable.h | 3 ++- include/asm-generic/pgtable.h | 12 ------------ mm/huge_memory.c | 18 ++++++++++++++++-- 3 files changed, 18 insertions(+), 15 deletions(-) commit 763b218ddfaf56761c19923beb7e16656f66ec62 Author: Joel Fernandes Date: Mon Dec 12 16:44:26 2016 -0800 mm: add preempt points into __purge_vmap_area_lazy() Use cond_resched_lock to avoid holding the vmap_area_lock for a potentially long time and thus creating bad latencies for various workloads. [hch: split from a larger patch by Joel, wrote the crappy changelog] Link: http://lkml.kernel.org/r/1479474236-4139-11-git-send-email-hch@lst.de Signed-off-by: Joel Fernandes Signed-off-by: Christoph Hellwig Tested-by: Jisheng Zhang Cc: Andrey Ryabinin Cc: Chris Wilson Cc: John Dias Cc: Thomas Gleixner Cc: "H. Peter Anvin" Cc: Ingo Molnar Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/vmalloc.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) commit f9e09977671b618aeb25ddc0d4c9a84d5b5cde9d Author: Christoph Hellwig Date: Mon Dec 12 16:44:23 2016 -0800 mm: turn vmap_purge_lock into a mutex The purge_lock spinlock causes high latencies with non RT kernel. This has been reported multiple times on lkml [1] [2] and affects applications like audio. This patch replaces it with a mutex to allow preemption while holding the lock. Thanks to Joel Fernandes for the detailed report and analysis as well as an earlier attempt at fixing this issue. [1] http://lists.openwall.net/linux-kernel/2016/03/23/29 [2] https://lkml.org/lkml/2016/10/9/59 Link: http://lkml.kernel.org/r/1479474236-4139-10-git-send-email-hch@lst.de Signed-off-by: Christoph Hellwig Tested-by: Jisheng Zhang Cc: Andrey Ryabinin Cc: Joel Fernandes Cc: Chris Wilson Cc: John Dias Cc: Thomas Gleixner Cc: "H. Peter Anvin" Cc: Ingo Molnar Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/vmalloc.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) commit 5803ed292e63a1bf00722d6655d0229794607183 Author: Christoph Hellwig Date: Mon Dec 12 16:44:20 2016 -0800 mm: mark all calls into the vmalloc subsystem as potentially sleeping We will take a sleeping lock in later in this series, so this adds the proper safeguards. Link: http://lkml.kernel.org/r/1479474236-4139-9-git-send-email-hch@lst.de Signed-off-by: Christoph Hellwig Tested-by: Jisheng Zhang Cc: Andrey Ryabinin Cc: Joel Fernandes Cc: Chris Wilson Cc: John Dias Cc: Thomas Gleixner Cc: "H. Peter Anvin" Cc: Ingo Molnar Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/vmalloc.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) commit 8d5341a6260a59cf15c4ae0efbf0bcd8e1b8a6bb Author: Andrey Ryabinin Date: Mon Dec 12 16:44:17 2016 -0800 x86/ldt: use vfree_atomic() to free ldt entries vfree() is going to use sleeping lock. free_ldt_struct() may be called with disabled preemption, therefore we must use vfree_atomic() here. E.g. call trace: vfree() free_ldt_struct() destroy_context_ldt() __mmdrop() finish_task_switch() schedule_tail() ret_from_fork() Link: http://lkml.kernel.org/r/1479474236-4139-7-git-send-email-hch@lst.de Signed-off-by: Andrey Ryabinin Signed-off-by: Christoph Hellwig Cc: Joel Fernandes Cc: Jisheng Zhang Cc: Chris Wilson Cc: John Dias Cc: Thomas Gleixner Cc: "H. Peter Anvin" Cc: Ingo Molnar Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/x86/kernel/ldt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 0f110a9b956c1678b53986b003d59794604807ba Author: Andrey Ryabinin Date: Mon Dec 12 16:44:14 2016 -0800 kernel/fork: use vfree_atomic() to free thread stack vfree() is going to use sleeping lock. Thread stack freed in atomic context, therefore we must use vfree_atomic() here. Link: http://lkml.kernel.org/r/1479474236-4139-6-git-send-email-hch@lst.de Signed-off-by: Andrey Ryabinin Signed-off-by: Christoph Hellwig Cc: Joel Fernandes Cc: Jisheng Zhang Cc: Chris Wilson Cc: John Dias Cc: Thomas Gleixner Cc: "H. Peter Anvin" Cc: Ingo Molnar Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds kernel/fork.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit bf22e37a641327e34681b7b6959d9646e3886770 Author: Andrey Ryabinin Date: Mon Dec 12 16:44:10 2016 -0800 mm: add vfree_atomic() We are going to use sleeping lock for freeing vmap. However some vfree() users want to free memory from atomic (but not from interrupt) context. For this we add vfree_atomic() - deferred variation of vfree() which can be used in any atomic context (except NMIs). [akpm@linux-foundation.org: tweak comment grammar] [aryabinin@virtuozzo.com: use raw_cpu_ptr() instead of this_cpu_ptr()] Link: http://lkml.kernel.org/r/1481553981-3856-1-git-send-email-aryabinin@virtuozzo.com Link: http://lkml.kernel.org/r/1479474236-4139-5-git-send-email-hch@lst.de Signed-off-by: Andrey Ryabinin Signed-off-by: Christoph Hellwig Cc: Joel Fernandes Cc: Jisheng Zhang Cc: Chris Wilson Cc: John Dias Cc: Thomas Gleixner Cc: "H. Peter Anvin" Cc: Ingo Molnar Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/vmalloc.h | 1 + mm/vmalloc.c | 42 ++++++++++++++++++++++++++++++++++++------ 2 files changed, 37 insertions(+), 6 deletions(-) commit 0574ecd141df28d573d4364adec59766ddf5f38d Author: Christoph Hellwig Date: Mon Dec 12 16:44:07 2016 -0800 mm: refactor __purge_vmap_area_lazy() Move the purge_lock synchronization to the callers, move the call to purge_fragmented_blocks_allcpus at the beginning of the function to the callers that need it, move the force_flush behavior to the caller that needs it, and pass start and end by value instead of by reference. No change in behavior. Link: http://lkml.kernel.org/r/1479474236-4139-4-git-send-email-hch@lst.de Signed-off-by: Christoph Hellwig Tested-by: Jisheng Zhang Cc: Andrey Ryabinin Cc: Joel Fernandes Cc: Chris Wilson Cc: John Dias Cc: Thomas Gleixner Cc: "H. Peter Anvin" Cc: Ingo Molnar Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/vmalloc.c | 80 ++++++++++++++++++++++++++---------------------------------- 1 file changed, 35 insertions(+), 45 deletions(-) commit 9c3acf6043ac437ae0a45de4657ee700c3dc8850 Author: Christoph Hellwig Date: Mon Dec 12 16:44:04 2016 -0800 mm: remove free_unmap_vmap_area_addr() Just inline it into the only caller. Link: http://lkml.kernel.org/r/1479474236-4139-3-git-send-email-hch@lst.de Signed-off-by: Christoph Hellwig Tested-by: Jisheng Zhang Cc: Andrey Ryabinin Cc: Joel Fernandes Cc: Chris Wilson Cc: John Dias Cc: Thomas Gleixner Cc: "H. Peter Anvin" Cc: Ingo Molnar Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/vmalloc.c | 21 ++++++++------------- 1 file changed, 8 insertions(+), 13 deletions(-) commit c8eef01e2f98e09a6733f2acdc675b4cf87a22a1 Author: Christoph Hellwig Date: Mon Dec 12 16:44:01 2016 -0800 mm: remove free_unmap_vmap_area_noflush() Patch series "reduce latency in __purge_vmap_area_lazy", v2. This patch (of 10): Sort out the long lock hold times in __purge_vmap_area_lazy. It is based on a patch from Joel. Inline free_unmap_vmap_area_noflush() it into the only caller. Link: http://lkml.kernel.org/r/1479474236-4139-2-git-send-email-hch@lst.de Signed-off-by: Christoph Hellwig Tested-by: Jisheng Zhang Cc: Andrey Ryabinin Cc: Joel Fernandes Cc: Chris Wilson Cc: John Dias Cc: Thomas Gleixner Cc: "H. Peter Anvin" Cc: Ingo Molnar Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/vmalloc.c | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) commit b53889987862b69179560e50992f7ea8a5eb61ed Author: Johannes Weiner Date: Mon Dec 12 16:43:58 2016 -0800 mm: workingset: update shadow limit to reflect bigger active list Since commit 59dc76b0d4df ("mm: vmscan: reduce size of inactive file list") the size of the active file list is no longer limited to half of memory. Increase the shadow node limit accordingly to avoid throwing out shadow entries that might still result in eligible refaults. The exact size of the active list now depends on the overall size of the page cache, but converges toward taking up most of the space: In mm/vmscan.c::inactive_list_is_low(), * total target max * memory ratio inactive * ------------------------------------- * 10MB 1 5MB * 100MB 1 50MB * 1GB 3 250MB * 10GB 10 0.9GB * 100GB 31 3GB * 1TB 101 10GB * 10TB 320 32GB It would be possible to apply the same precise ratios when determining the limit for radix tree nodes containing shadow entries, but since it is merely an approximation of the oldest refault distances in the wild and the code also makes assumptions about the node population density, keep it simple and always target the full cache size. While at it, clarify the comment and the formula for memory footprint. Link: http://lkml.kernel.org/r/20161117214701.29000-1-hannes@cmpxchg.org Signed-off-by: Johannes Weiner Cc: Rik van Riel Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/workingset.c | 44 +++++++++++++++++++++++++------------------- 1 file changed, 25 insertions(+), 19 deletions(-) commit dbc446b88e7041cb1d076e51726ccee497cb6ee3 Author: Johannes Weiner Date: Mon Dec 12 16:43:55 2016 -0800 mm: workingset: restore refault tracking for single-page files Shadow entries in the page cache used to be accounted behind the radix tree implementation's back in the upper bits of node->count, and the radix tree code extending a single-entry tree with a shadow entry in root->rnode would corrupt that counter. As a result, we could not put shadow entries at index 0 if the tree didn't have any other entries, and that means no refault detection for any single-page file. Now that the shadow entries are tracked natively in the radix tree's exceptional counter, this is no longer necessary. Extending and shrinking the tree from and to single entries in root->rnode now does the right thing when the entry is exceptional, remove that limitation. Link: http://lkml.kernel.org/r/20161117193244.GF23430@cmpxchg.org Signed-off-by: Johannes Weiner Reviewed-by: Jan Kara Cc: Kirill A. Shutemov Cc: Hugh Dickins Cc: Matthew Wilcox Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/filemap.c | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) commit 14b468791fa955d442f962fdf5207dfd39a131c8 Author: Johannes Weiner Date: Mon Dec 12 16:43:52 2016 -0800 mm: workingset: move shadow entry tracking to radix tree exceptional tracking Currently, we track the shadow entries in the page cache in the upper bits of the radix_tree_node->count, behind the back of the radix tree implementation. Because the radix tree code has no awareness of them, we rely on random subtleties throughout the implementation (such as the node->count != 1 check in the shrinking code, which is meant to exclude multi-entry nodes but also happens to skip nodes with only one shadow entry, as that's accounted in the upper bits). This is error prone and has, in fact, caused the bug fixed in d3798ae8c6f3 ("mm: filemap: don't plant shadow entries without radix tree node"). To remove these subtleties, this patch moves shadow entry tracking from the upper bits of node->count to the existing counter for exceptional entries. node->count goes back to being a simple counter of valid entries in the tree node and can be shrunk to a single byte. This vastly simplifies the page cache code. All accounting happens natively inside the radix tree implementation, and maintaining the LRU linkage of shadow nodes is consolidated into a single function in the workingset code that is called for leaf nodes affected by a change in the page cache tree. This also removes the last user of the __radix_delete_node() return value. Eliminate it. Link: http://lkml.kernel.org/r/20161117193211.GE23430@cmpxchg.org Signed-off-by: Johannes Weiner Reviewed-by: Jan Kara Cc: Kirill A. Shutemov Cc: Hugh Dickins Cc: Matthew Wilcox Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/radix-tree.h | 8 ++----- include/linux/swap.h | 34 +--------------------------- lib/radix-tree.c | 25 +++++---------------- mm/filemap.c | 54 +++++--------------------------------------- mm/truncate.c | 21 +++-------------- mm/workingset.c | 56 +++++++++++++++++++++++++++++++++++----------- 6 files changed, 60 insertions(+), 138 deletions(-) commit 4d693d08607ab319095ec8942909df4b4aebdf66 Author: Johannes Weiner Date: Mon Dec 12 16:43:49 2016 -0800 lib: radix-tree: update callback for changing leaf nodes Support handing __radix_tree_replace() a callback that gets invoked for all leaf nodes that change or get freed as a result of the slot replacement, to assist users tracking nodes with node->private_list. This prepares for putting page cache shadow entries into the radix tree root again and drastically simplifying the shadow tracking. Link: http://lkml.kernel.org/r/20161117193134.GD23430@cmpxchg.org Signed-off-by: Johannes Weiner Suggested-by: Jan Kara Reviewed-by: Jan Kara Cc: Kirill A. Shutemov Cc: Hugh Dickins Cc: Matthew Wilcox Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/dax.c | 3 ++- include/linux/radix-tree.h | 4 +++- lib/radix-tree.c | 42 +++++++++++++++++++++++++++++------------- mm/shmem.c | 3 ++- 4 files changed, 36 insertions(+), 16 deletions(-) commit f4b109c6dad54257eca837f9dd16a23f2eeab832 Author: Johannes Weiner Date: Mon Dec 12 16:43:46 2016 -0800 lib: radix-tree: add entry deletion support to __radix_tree_replace() Page cache shadow entry handling will be a lot simpler when it can use a single generic replacement function for pages, shadow entries, and emptying slots. Make __radix_tree_replace() properly account insertions and deletions in node->count and garbage collect nodes as they become empty. Then re-implement radix_tree_delete() on top of it. Link: http://lkml.kernel.org/r/20161117193058.GC23430@cmpxchg.org Signed-off-by: Johannes Weiner Reviewed-by: Jan Kara Cc: Kirill A. Shutemov Cc: Hugh Dickins Cc: Matthew Wilcox Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds lib/radix-tree.c | 227 ++++++++++++++++++++++++++++--------------------------- 1 file changed, 116 insertions(+), 111 deletions(-) commit 6d75f366b9242f9b17ed7d0b0604d7460f818f21 Author: Johannes Weiner Date: Mon Dec 12 16:43:43 2016 -0800 lib: radix-tree: check accounting of existing slot replacement users The bug in khugepaged fixed earlier in this series shows that radix tree slot replacement is fragile; and it will become more so when not only NULL<->!NULL transitions need to be caught but transitions from and to exceptional entries as well. We need checks. Re-implement radix_tree_replace_slot() on top of the sanity-checked __radix_tree_replace(). This requires existing callers to also pass the radix tree root, but it'll warn us when somebody replaces slots with contents that need proper accounting (transitions between NULL entries, real entries, exceptional entries) and where a replacement through the slot pointer would corrupt the radix tree node counts. Link: http://lkml.kernel.org/r/20161117193021.GB23430@cmpxchg.org Signed-off-by: Johannes Weiner Suggested-by: Jan Kara Reviewed-by: Jan Kara Cc: Kirill A. Shutemov Cc: Hugh Dickins Cc: Matthew Wilcox Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/s390/mm/gmap.c | 2 +- drivers/sh/intc/virq.c | 2 +- fs/dax.c | 4 +-- include/linux/radix-tree.h | 16 ++------- lib/radix-tree.c | 63 +++++++++++++++++++++++++++-------- mm/filemap.c | 4 +-- mm/khugepaged.c | 5 +-- mm/migrate.c | 4 +-- mm/truncate.c | 2 +- tools/testing/radix-tree/multiorder.c | 2 +- 10 files changed, 64 insertions(+), 40 deletions(-) commit f7942430e40f14c6d2ca48a1875add509938c07d Author: Johannes Weiner Date: Mon Dec 12 16:43:41 2016 -0800 lib: radix-tree: native accounting of exceptional entries The way the page cache is sneaking shadow entries of evicted pages into the radix tree past the node entry accounting and tracking them manually in the upper bits of node->count is fraught with problems. These shadow entries are marked in the tree as exceptional entries, which are a native concept to the radix tree. Maintain an explicit counter of exceptional entries in the radix tree node. Subsequent patches will switch shadow entry tracking over to that counter. DAX and shmem are the other users of exceptional entries. Since slot replacements that change the entry type from regular to exceptional must now be accounted, introduce a __radix_tree_replace() function that does replacement and accounting, and switch DAX and shmem over. The increase in radix tree node size is temporary. A followup patch switches the shadow tracking to this new scheme and we'll no longer need the upper bits in node->count and shrink that back to one byte. Link: http://lkml.kernel.org/r/20161117192945.GA23430@cmpxchg.org Signed-off-by: Johannes Weiner Reviewed-by: Jan Kara Cc: Kirill A. Shutemov Cc: Hugh Dickins Cc: Matthew Wilcox Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/dax.c | 5 +++-- include/linux/radix-tree.h | 10 +++++++--- lib/radix-tree.c | 46 +++++++++++++++++++++++++++++++++++++++++++--- mm/shmem.c | 8 ++++---- 4 files changed, 57 insertions(+), 12 deletions(-) commit b936887e8739d3fa83f87d899f68d136735d9816 Author: Johannes Weiner Date: Mon Dec 12 16:43:38 2016 -0800 mm: workingset: turn shadow node shrinker bugs into warnings When the shadow page shrinker tries to reclaim a radix tree node but finds it in an unexpected state - it should contain no pages, and non-zero shadow entries - there is no need to kill the executing task or even the entire system. Warn about the invalid state, then leave that tree node be. Simply don't put it back on the shadow LRU for future reclaim and move on. Link: http://lkml.kernel.org/r/20161117191138.22769-4-hannes@cmpxchg.org Signed-off-by: Johannes Weiner Reviewed-by: Jan Kara Cc: Kirill A. Shutemov Cc: Hugh Dickins Cc: Matthew Wilcox Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/workingset.c | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) commit 59749e6ce53735d8b696763742225f126e94603f Author: Johannes Weiner Date: Mon Dec 12 16:43:35 2016 -0800 mm: khugepaged: fix radix tree node leak in shmem collapse error path The radix tree counts valid entries in each tree node. Entries stored in the tree cannot be removed by simpling storing NULL in the slot or the internal counters will be off and the node never gets freed again. When collapsing a shmem page fails, restore the holes that were filled with radix_tree_insert() with a proper radix tree deletion. Fixes: f3f0e1d2150b ("khugepaged: add support of collapse for tmpfs/shmem pages") Link: http://lkml.kernel.org/r/20161117191138.22769-3-hannes@cmpxchg.org Signed-off-by: Johannes Weiner Reported-by: Jan Kara Acked-by: Kirill A. Shutemov Reviewed-by: Jan Kara Cc: Hugh Dickins Cc: Matthew Wilcox Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/khugepaged.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit 91a45f71078a6569ec3ca5bef74e1ab58121d80e Author: Johannes Weiner Date: Mon Dec 12 16:43:32 2016 -0800 mm: khugepaged: close use-after-free race during shmem collapsing Patch series "mm: workingset: radix tree subtleties & single-page file refaults", v3. This is another revision of the radix tree / workingset patches based on feedback from Jan and Kirill. This is a follow-up to d3798ae8c6f3 ("mm: filemap: don't plant shadow entries without radix tree node"). That patch fixed an issue that was caused mainly by the page cache sneaking special shadow page entries into the radix tree and relying on subtleties in the radix tree code to make that work. The fix also had to stop tracking refaults for single-page files because shadow pages stored as direct pointers in radix_tree_root->rnode weren't properly handled during tree extension. These patches make the radix tree code explicitely support and track such special entries, to eliminate the subtleties and to restore the thrash detection for single-page files. This patch (of 9): When a radix tree iteration drops the tree lock, another thread might swoop in and free the node holding the current slot. The iteration needs to do another tree lookup from the current index to continue. [kirill.shutemov@linux.intel.com: re-lookup for replacement] Fixes: f3f0e1d2150b ("khugepaged: add support of collapse for tmpfs/shmem pages") Link: http://lkml.kernel.org/r/20161117191138.22769-2-hannes@cmpxchg.org Signed-off-by: Johannes Weiner Acked-by: Kirill A. Shutemov Reviewed-by: Jan Kara Cc: Hugh Dickins Cc: Matthew Wilcox Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/khugepaged.c | 5 +++++ 1 file changed, 5 insertions(+) commit 8db378a570330fa0aaa9d75299fe264e4a5b6348 Author: Andrew Morton Date: Mon Dec 12 16:43:29 2016 -0800 include/linux/backing-dev-defs.h: shrink struct backing_dev_info Move the 4-byte `capabilities' field next to other 4-byte things. Shrinks sizeof(backing_dev_info) by 8 bytes on x86_64. Reviewed-by: Jens Axboe Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/backing-dev-defs.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 9491ae4aade6814afcfa67f4eb3e3342c2b39750 Author: Jens Axboe Date: Mon Dec 12 16:43:26 2016 -0800 mm: don't cap request size based on read-ahead setting We ran into a funky issue, where someone doing 256K buffered reads saw 128K requests at the device level. Turns out it is read-ahead capping the request size, since we use 128K as the default setting. This doesn't make a lot of sense - if someone is issuing 256K reads, they should see 256K reads, regardless of the read-ahead setting, if the underlying device can support a 256K read in a single command. This patch introduces a bdi hint, io_pages. This is the soft max IO size for the lower level, I've hooked it up to the bdev settings here. Read-ahead is modified to issue the maximum of the user request size, and the read-ahead max size, but capped to the max request size on the device side. The latter is done to avoid reading ahead too much, if the application asks for a huge read. With this patch, the kernel behaves like the application expects. Link: http://lkml.kernel.org/r/1479498073-8657-1-git-send-email-axboe@fb.com Signed-off-by: Jens Axboe Acked-by: Johannes Weiner Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds block/blk-settings.c | 1 + block/blk-sysfs.c | 1 + include/linux/backing-dev-defs.h | 1 + mm/readahead.c | 39 ++++++++++++++++++++++++++++----------- 4 files changed, 31 insertions(+), 11 deletions(-) commit f1f5929cd9715c1cdfe07a890f12ac7d2c5304ec Author: Jérémy Lefaure Date: Mon Dec 12 16:43:23 2016 -0800 shmem: fix compilation warnings on unused functions Compiling shmem.c with SHMEM and TRANSAPRENT_HUGE_PAGECACHE enabled raises warnings on two unused functions when CONFIG_TMPFS and CONFIG_SYSFS are both disabled: mm/shmem.c:390:20: warning: `shmem_format_huge' defined but not used [-Wunused-function] static const char *shmem_format_huge(int huge) ^~~~~~~~~~~~~~~~~ mm/shmem.c:373:12: warning: `shmem_parse_huge' defined but not used [-Wunused-function] static int shmem_parse_huge(const char *str) ^~~~~~~~~~~~~~~~ A conditional compilation on tmpfs or sysfs removes the warnings. Link: http://lkml.kernel.org/r/20161118055749.11313-1-jeremy.lefaure@lse.epita.fr Signed-off-by: Jérémy Lefaure Acked-by: Hugh Dickins Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/shmem.c | 2 ++ 1 file changed, 2 insertions(+) commit bace9248188f64d7490ebe59fc0733db8b6f0e57 Author: Tahsin Erdogan Date: Mon Dec 12 16:43:20 2016 -0800 fs/fs-writeback.c: remove redundant if check b_more_io non-empty check is already preceded by an opposite check. Link: http://lkml.kernel.org/r/1478591249-30641-1-git-send-email-tahsin@google.com Signed-off-by: Tahsin Erdogan Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/fs-writeback.c | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) commit c70b647d381cba1899c953b0016b7dc185892f90 Author: Kirill A. Shutemov Date: Mon Dec 12 16:43:17 2016 -0800 mm/filemap.c: add comment for confusing logic in page_cache_tree_insert() Unlike THP, hugetlb pages are represented by one entry in the radix-tree. [akpm@linux-foundation.org: tweak comment] Link: http://lkml.kernel.org/r/20161110163640.126124-1-kirill.shutemov@linux.intel.com Signed-off-by: Kirill A. Shutemov Acked-by: Johannes Weiner Cc: Jan Kara Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/filemap.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit d5e6eff265fe7537fa494e6ab125747813be76a0 Author: Thierry Reding Date: Mon Dec 12 16:43:15 2016 -0800 mm: cma: make linux/cma.h standalone includible The header uses types and definitions from the linux/init.h as well as linux/types.h headers without explicitly including them. This causes a failure to compile if they are not implicitly pulled in by includers. Link: http://lkml.kernel.org/r/20161115133235.13387-1-thierry.reding@gmail.com Signed-off-by: Thierry Reding Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/cma.h | 3 +++ 1 file changed, 3 insertions(+) commit c1ef8e2c0235bffe4b0505c3325bb8a6af954021 Author: Dan Williams Date: Mon Dec 12 16:43:12 2016 -0800 mm: disable numa migration faults for dax vmas Mark dax vmas as not migratable to exclude them from task_numa_work(). This is especially relevant for device-dax which wants to ensure predictable access latency and not incur periodic faults. [akpm@linux-foundation.org: add comment] Link: http://lkml.kernel.org/r/147892450132.22062.16875659431109209179.stgit@dwillia2-desk3.amr.corp.intel.com Signed-off-by: Dan Williams Reported-by: Aneesh Kumar K.V Cc: Michal Hocko Cc: Vlastimil Babka Cc: "Kirill A. Shutemov" Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/mempolicy.h | 8 ++++++++ 1 file changed, 8 insertions(+) commit c7142aead87aa5026e4b57671c7dbb1706b02606 Author: Heiko Carstens Date: Mon Dec 12 16:43:09 2016 -0800 mm/pkeys: generate pkey system call code only if ARCH_HAS_PKEYS is selected Having code for the pkey_mprotect, pkey_alloc and pkey_free system calls makes only sense if ARCH_HAS_PKEYS is selected. If not selected these system calls will always return -ENOSPC or -EINVAL. To simplify things and have less code generate the pkey system call code only if ARCH_HAS_PKEYS is selected. For architectures which have already wired up the system calls, but do not select ARCH_HAS_PKEYS this will result in less generated code and a different return code: the three system calls will now always return -ENOSYS, using the cond_syscall mechanism. For architectures which have not wired up the system calls less unreachable code will be generated. Link: http://lkml.kernel.org/r/20161114111251.70084-1-heiko.carstens@de.ibm.com Signed-off-by: Heiko Carstens Acked-by: Dave Hansen Cc: Mark Rutland Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/mprotect.c | 4 ++++ 1 file changed, 4 insertions(+) commit c3352cbb1bdf198e81141700eb7003b8e2de1f1a Author: Reza Arbab Date: Mon Dec 12 16:43:06 2016 -0800 dt: add documentation of "hotpluggable" memory property Summarize the "hotpluggable" property of dt memory nodes. Link: http://lkml.kernel.org/r/1479160961-25840-6-git-send-email-arbab@linux.vnet.ibm.com Signed-off-by: Reza Arbab Cc: "Aneesh Kumar K.V" Cc: "H. Peter Anvin" Cc: Alistair Popple Cc: Aneesh Kumar K.V Cc: Balbir Singh Cc: Benjamin Herrenschmidt Cc: Bharata B Rao Cc: Frank Rowand Cc: Ingo Molnar Cc: Michael Ellerman Cc: Nathan Fontenot Cc: Paul Mackerras Cc: Rob Herring Cc: Stewart Smith Cc: Thomas Gleixner Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Documentation/devicetree/booting-without-of.txt | 7 +++++++ 1 file changed, 7 insertions(+) commit 41a9ada3e6b4253f1a3ce42699c6aaeb8584306c Author: Reza Arbab Date: Mon Dec 12 16:43:02 2016 -0800 of/fdt: mark hotpluggable memory When movable nodes are enabled, any node containing only hotpluggable memory is made movable at boot time. On x86, hotpluggable memory is discovered by parsing the ACPI SRAT, making corresponding calls to memblock_mark_hotplug(). If we introduce a dt property to describe memory as hotpluggable, configs supporting early fdt may then also do this marking and use movable nodes. Link: http://lkml.kernel.org/r/1479160961-25840-5-git-send-email-arbab@linux.vnet.ibm.com Signed-off-by: Reza Arbab Tested-by: Balbir Singh Acked-by: Balbir Singh Cc: "Aneesh Kumar K.V" Cc: "H. Peter Anvin" Cc: Alistair Popple Cc: Aneesh Kumar K.V Cc: Benjamin Herrenschmidt Cc: Bharata B Rao Cc: Frank Rowand Cc: Ingo Molnar Cc: Michael Ellerman Cc: Nathan Fontenot Cc: Paul Mackerras Cc: Rob Herring Cc: Stewart Smith Cc: Thomas Gleixner Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds drivers/of/fdt.c | 19 +++++++++++++++++++ include/linux/of_fdt.h | 1 + mm/Kconfig | 2 +- 3 files changed, 21 insertions(+), 1 deletion(-) commit 114cf3cc55ec00465a59bb89e06b4e4fdcd6412e Author: Reza Arbab Date: Mon Dec 12 16:42:59 2016 -0800 mm: enable CONFIG_MOVABLE_NODE on non-x86 arches To support movable memory nodes (CONFIG_MOVABLE_NODE), at least one of the following must be true: 1. This config has the capability to identify movable nodes at boot. Right now, only x86 can do this. 2. Our config supports memory hotplug, which means that a movable node can be created by hotplugging all of its memory into ZONE_MOVABLE. Fix the Kconfig definition of CONFIG_MOVABLE_NODE, which currently recognizes (1), but not (2). Link: http://lkml.kernel.org/r/1479160961-25840-4-git-send-email-arbab@linux.vnet.ibm.com Signed-off-by: Reza Arbab Reviewed-by: Aneesh Kumar K.V Acked-by: Balbir Singh Cc: "Aneesh Kumar K.V" Cc: "H. Peter Anvin" Cc: Alistair Popple Cc: Aneesh Kumar K.V Cc: Benjamin Herrenschmidt Cc: Bharata B Rao Cc: Frank Rowand Cc: Ingo Molnar Cc: Michael Ellerman Cc: Nathan Fontenot Cc: Paul Mackerras Cc: Rob Herring Cc: Stewart Smith Cc: Thomas Gleixner Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 39fa104d5b87655c1c19d4b1990ea63d190c4817 Author: Reza Arbab Date: Mon Dec 12 16:42:55 2016 -0800 mm: remove x86-only restriction of movable_node In commit c5320926e370 ("mem-hotplug: introduce movable_node boot option"), the memblock allocation direction is changed to bottom-up and then back to top-down like this: 1. memblock_set_bottom_up(true), called by cmdline_parse_movable_node(). 2. memblock_set_bottom_up(false), called by x86's numa_init(). Even though (1) occurs in generic mm code, it is wrapped by #ifdef CONFIG_MOVABLE_NODE, which depends on X86_64. This means that when we extend CONFIG_MOVABLE_NODE to non-x86 arches, things will be unbalanced. (1) will happen for them, but (2) will not. This toggle was added in the first place because x86 has a delay between adding memblocks and marking them as hotpluggable. Since other arches do this marking either immediately or not at all, they do not require the bottom-up toggle. So, resolve things by moving (1) from cmdline_parse_movable_node() to x86's setup_arch(), immediately after the movable_node parameter has been parsed. Link: http://lkml.kernel.org/r/1479160961-25840-3-git-send-email-arbab@linux.vnet.ibm.com Signed-off-by: Reza Arbab Acked-by: Balbir Singh Cc: "Aneesh Kumar K.V" Cc: "H. Peter Anvin" Cc: Alistair Popple Cc: Aneesh Kumar K.V Cc: Benjamin Herrenschmidt Cc: Bharata B Rao Cc: Frank Rowand Cc: Ingo Molnar Cc: Michael Ellerman Cc: Nathan Fontenot Cc: Paul Mackerras Cc: Rob Herring Cc: Stewart Smith Cc: Thomas Gleixner Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds Documentation/kernel-parameters.txt | 2 +- arch/x86/kernel/setup.c | 24 ++++++++++++++++++++++++ mm/memory_hotplug.c | 20 -------------------- 3 files changed, 25 insertions(+), 21 deletions(-) commit 4a3bac4e3ac212c31edd8b124a1a2c7e8c1767ed Author: Reza Arbab Date: Mon Dec 12 16:42:52 2016 -0800 powerpc/mm: allow memory hotplug into a memoryless node Patch series "enable movable nodes on non-x86 configs", v7. This patchset allows more configs to make use of movable nodes. When CONFIG_MOVABLE_NODE is selected, there are two ways to introduce such nodes into the system: 1. Discover movable nodes at boot. Currently this is only possible on x86, but we will enable configs supporting fdt to do the same. 2. Hotplug and online all of a node's memory using online_movable. This is already possible on any config supporting memory hotplug, not just x86, but the Kconfig doesn't say so. We will fix that. We'll also remove some cruft on power which would prevent (2). This patch (of 5): Remove the check which prevents us from hotplugging into an empty node. The original commit b226e4621245 ("[PATCH] powerpc: don't add memory to empty node/zone"), states that this was intended to be a temporary measure. It is a workaround for an oops which no longer occurs. Link: http://lkml.kernel.org/r/1479160961-25840-2-git-send-email-arbab@linux.vnet.ibm.com Signed-off-by: Reza Arbab Reviewed-by: Aneesh Kumar K.V Acked-by: Balbir Singh Acked-by: Michael Ellerman Cc: "Aneesh Kumar K.V" Cc: "H. Peter Anvin" Cc: Alistair Popple Cc: Benjamin Herrenschmidt Cc: Bharata B Rao Cc: Frank Rowand Cc: Ingo Molnar Cc: Nathan Fontenot Cc: Paul Mackerras Cc: Rob Herring Cc: Stewart Smith Cc: Thomas Gleixner Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/powerpc/mm/numa.c | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) commit 8d303e44e99c2ae5cad31f3dded10a572b0fd4d7 Author: Piotr Kwapulinski Date: Mon Dec 12 16:42:49 2016 -0800 mm/mempolicy.c: forbid static or relative flags for local NUMA mode The MPOL_F_STATIC_NODES and MPOL_F_RELATIVE_NODES flags are irrelevant when setting them for MPOL_LOCAL NUMA memory policy via set_mempolicy or mbind. Return the "invalid argument" from set_mempolicy and mbind whenever any of these flags is passed along with MPOL_LOCAL. It is consistent with MPOL_PREFERRED passed with empty nodemask. It slightly shortens the execution time in paths where these flags are used e.g. when trying to rebind the NUMA nodes for changes in cgroups cpuset mems (mpol_rebind_preferred()) or when just printing the mempolicy structure (/proc/PID/numa_maps). Isolated tests done. Link: http://lkml.kernel.org/r/20161027163037.4089-1-kwapulinski.piotr@gmail.com Signed-off-by: Piotr Kwapulinski Acked-by: David Rientjes Cc: Kirill A. Shutemov Cc: Vlastimil Babka Cc: Michal Hocko Cc: Liang Chen Cc: Mel Gorman Cc: Dave Hansen Cc: Nathan Zimmer Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/mempolicy.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 80a7951627712180ed2575a20e1e442b851fc27c Author: Lorenzo Stoakes Date: Mon Dec 12 16:42:46 2016 -0800 mm: fix up get_user_pages* comments In the previous round of get_user_pages* changes comments attached to __get_user_pages_unlocked() and get_user_pages_unlocked() were rendered incorrect, this patch corrects them. In addition the get_user_pages_unlocked() comment seems to have already been outdated as it referred to tsk, mm parameters which were removed in c12d2da5 ("mm/gup: Remove the macro overload API migration helpers from the get_user*() APIs"), this patch fixes this also. Link: http://lkml.kernel.org/r/20161025233435.5338-1-lstoakes@gmail.com Signed-off-by: Lorenzo Stoakes Acked-by: Michal Hocko Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/gup.c | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) commit 692a68c1544d6be4ba7c6e929e9c7b2ba0447b91 Author: Aneesh Kumar K.V Date: Mon Dec 12 16:42:43 2016 -0800 mm: remove the page size change check in tlb_remove_page Now that we check for page size change early in the loop, we can partially revert e9d55e157034a ("mm: change the interface for __tlb_remove_page"). This simplies the code much, by removing the need to track the last address with which we adjusted the range. We also go back to the older way of filling the mmu_gather array, ie, we add an entry and then check whether the gather batch is full. Link: http://lkml.kernel.org/r/20161026084839.27299-6-aneesh.kumar@linux.vnet.ibm.com Signed-off-by: Aneesh Kumar K.V Cc: "Kirill A. Shutemov" Cc: Dan Williams Cc: Ross Zwisler Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/arm/include/asm/tlb.h | 13 +++---------- arch/ia64/include/asm/tlb.h | 16 ++++------------ arch/s390/include/asm/tlb.h | 6 ------ arch/sh/include/asm/tlb.h | 6 ------ arch/um/include/asm/tlb.h | 6 ------ include/asm-generic/tlb.h | 28 ++-------------------------- mm/memory.c | 21 ++++++--------------- 7 files changed, 15 insertions(+), 81 deletions(-) commit 07e326610e5634e5038fce32fff370949eb42101 Author: Aneesh Kumar K.V Date: Mon Dec 12 16:42:40 2016 -0800 mm: add tlb_remove_check_page_size_change to track page size change With commit e77b0852b551 ("mm/mmu_gather: track page size with mmu gather and force flush if page size change") we added the ability to force a tlb flush when the page size change in a mmu_gather loop. We did that by checking for a page size change every time we added a page to mmu_gather for lazy flush/remove. We can improve that by moving the page size change check early and not doing it every time we add a page. This also helps us to do tlb flush when invalidating a range covering dax mapping. Wrt dax mapping we don't have a backing struct page and hence we don't call tlb_remove_page, which earlier forced the tlb flush on page size change. Moving the page size change check earlier means we will do the same even for dax mapping. We also avoid doing this check on architecture other than powerpc. In a later patch we will remove page size check from tlb_remove_page(). Link: http://lkml.kernel.org/r/20161026084839.27299-5-aneesh.kumar@linux.vnet.ibm.com Signed-off-by: Aneesh Kumar K.V Cc: "Kirill A. Shutemov" Cc: Dan Williams Cc: Ross Zwisler Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/arm/include/asm/tlb.h | 6 ++++++ arch/ia64/include/asm/tlb.h | 6 ++++++ arch/powerpc/include/asm/tlb.h | 16 ++++++++++++++++ arch/s390/include/asm/tlb.h | 6 ++++++ arch/sh/include/asm/tlb.h | 6 ++++++ arch/um/include/asm/tlb.h | 6 ++++++ include/asm-generic/tlb.h | 16 ++++++++++++++++ mm/huge_memory.c | 4 ++++ mm/hugetlb.c | 5 +++++ mm/madvise.c | 1 + mm/memory.c | 7 ++++++- 11 files changed, 78 insertions(+), 1 deletion(-) commit b528e4b6405b9fd656a6a308a7e2aa6afa50e77d Author: Aneesh Kumar K.V Date: Mon Dec 12 16:42:37 2016 -0800 mm/hugetlb: add tlb_remove_hugetlb_entry for handling hugetlb pages This add tlb_remove_hugetlb_entry similar to tlb_remove_pmd_tlb_entry. Link: http://lkml.kernel.org/r/20161026084839.27299-4-aneesh.kumar@linux.vnet.ibm.com Signed-off-by: Aneesh Kumar K.V Cc: "Kirill A. Shutemov" Cc: Dan Williams Cc: Ross Zwisler Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/arm/include/asm/tlb.h | 2 ++ arch/ia64/include/asm/tlb.h | 3 +++ arch/s390/include/asm/tlb.h | 2 ++ arch/sh/include/asm/tlb.h | 3 +++ arch/um/include/asm/tlb.h | 3 +++ include/asm-generic/tlb.h | 6 ++++++ mm/hugetlb.c | 2 +- 7 files changed, 20 insertions(+), 1 deletion(-) commit b5bc66b713108710e341bb164f8ffbc11896706e Author: Aneesh Kumar K.V Date: Mon Dec 12 16:42:34 2016 -0800 mm: update mmu_gather range correctly We use __tlb_adjust_range to update range convered by mmu_gather struct. We later use the 'start' and 'end' to do a mmu_notifier_invalidate_range in tlb_flush_mmu_tlbonly(). Update the 'end' correctly in __tlb_adjust_range so that we call mmu_notifier_invalidate_range with the correct range values. Wrt tlbflush, this should not have any impact, because a flush with correct start address will flush tlb mapping for the range. Also add comment w.r.t updating the range when we free pagetable pages. For now we don't support a range based page table cache flush. Link: http://lkml.kernel.org/r/20161026084839.27299-3-aneesh.kumar@linux.vnet.ibm.com Signed-off-by: Aneesh Kumar K.V Cc: "Kirill A. Shutemov" Cc: Dan Williams Cc: Ross Zwisler Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/asm-generic/tlb.h | 43 +++++++++++++++++++++++++++++++------------ 1 file changed, 31 insertions(+), 12 deletions(-) commit c0f2e176f87bd989835bd098a52779df41a9243c Author: Aneesh Kumar K.V Date: Mon Dec 12 16:42:31 2016 -0800 mm: use the correct page size when removing the page We are removing a pmd hugepage here. Use the correct page size. Link: http://lkml.kernel.org/r/20161026084839.27299-2-aneesh.kumar@linux.vnet.ibm.com Signed-off-by: Aneesh Kumar K.V Cc: "Kirill A. Shutemov" Cc: Dan Williams Cc: Ross Zwisler Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/huge_memory.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 23f919d4ad0eb325595f10f55be4301b2965d6d6 Author: Arnd Bergmann Date: Mon Dec 12 16:42:28 2016 -0800 shmem: avoid maybe-uninitialized warning After enabling -Wmaybe-uninitialized warnings, we get a false-postive warning for shmem: mm/shmem.c: In function `shmem_getpage_gfp': include/linux/spinlock.h:332:21: error: `info' may be used uninitialized in this function [-Werror=maybe-uninitialized] This can be easily avoided, since the correct 'info' pointer is known at the time we first enter the function, so we can simply move the initialization up. Moving it before the first label avoids the warning and lets us remove two later initializations. Note that the function is so hard to read that it not only confuses the compiler, but also most readers and without this patch it could\ easily break if one of the 'goto's changed. Link: https://www.spinics.net/lists/kernel/msg2368133.html Link: http://lkml.kernel.org/r/20161024205725.786455-1-arnd@arndb.de Signed-off-by: Arnd Bergmann Acked-by: Michal Hocko Acked-by: Kirill A. Shutemov Acked-by: Vlastimil Babka Cc: Hugh Dickins Cc: Andreas Gruenbacher Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/shmem.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) commit 6afcf8ef0ca0a69d014f8edb613d94821f0ae700 Author: Ming Ling Date: Mon Dec 12 16:42:26 2016 -0800 mm, compaction: fix NR_ISOLATED_* stats for pfn based migration Since commit bda807d44454 ("mm: migrate: support non-lru movable page migration") isolate_migratepages_block) can isolate !PageLRU pages which would acct_isolated account as NR_ISOLATED_*. Accounting these non-lru pages NR_ISOLATED_{ANON,FILE} doesn't make any sense and it can misguide heuristics based on those counters such as pgdat_reclaimable_pages resp. too_many_isolated which would lead to unexpected stalls during the direct reclaim without any good reason. Note that __alloc_contig_migrate_range can isolate a lot of pages at once. On mobile devices such as 512M ram android Phone, it may use a big zram swap. In some cases zram(zsmalloc) uses too many non-lru but migratedable pages, such as: MemTotal: 468148 kB Normal free:5620kB Free swap:4736kB Total swap:409596kB ZRAM: 164616kB(zsmalloc non-lru pages) active_anon:60700kB inactive_anon:60744kB active_file:34420kB inactive_file:37532kB Fix this by only accounting lru pages to NR_ISOLATED_* in isolate_migratepages_block right after they were isolated and we still know they were on LRU. Drop acct_isolated because it is called after the fact and we've lost that information. Batching per-cpu counter doesn't make much improvement anyway. Also make sure that we uncharge only LRU pages when putting them back on the LRU in putback_movable_pages resp. when unmap_and_move migrates the page. [mhocko@suse.com: replace acct_isolated() with direct counting] Fixes: bda807d44454 ("mm: migrate: support non-lru movable page migration") Link: http://lkml.kernel.org/r/20161019080240.9682-1-mhocko@kernel.org Signed-off-by: Ming Ling Signed-off-by: Michal Hocko Acked-by: Minchan Kim Acked-by: Vlastimil Babka Cc: Mel Gorman Cc: Joonsoo Kim Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/compaction.c | 25 +++---------------------- mm/migrate.c | 15 +++++++++++---- 2 files changed, 14 insertions(+), 26 deletions(-) commit 6d8409580bee356ce418dcb94260b24dda639934 Author: Michal Hocko Date: Mon Dec 12 16:42:23 2016 -0800 mm, mempolicy: clean up __GFP_THISNODE confusion in policy_zonelist __GFP_THISNODE is documented to enforce the allocation to be satisified from the requested node with no fallbacks or placement policy enforcements. policy_zonelist seemingly breaks this semantic if the current policy is MPOL_MBIND and instead of taking the node it will fallback to the first node in the mask if the requested one is not in the mask. This is confusing to say the least because it fact we shouldn't ever go that path. First tasks shouldn't be scheduled on CPUs with nodes outside of their mempolicy binding. And secondly policy_zonelist is called only from 3 places: - huge_zonelist - never should do __GFP_THISNODE when going this path - alloc_pages_vma - which shouldn't depend on __GFP_THISNODE either - alloc_pages_current - which uses default_policy id __GFP_THISNODE is used So we shouldn't even need to care about this possibility and can drop the confusing code. Let's keep a WARN_ON_ONCE in place to catch potential users and fix them up properly (aka use a different allocation function which ignores mempolicy). [akpm@linux-foundation.org: coding-style fixes] Link: http://lkml.kernel.org/r/20161013125958.32155-1-mhocko@kernel.org Signed-off-by: Michal Hocko Acked-by: Vlastimil Babka Cc: Mel Gorman Cc: David Rientjes Cc: Anshuman Khandual Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/mempolicy.c | 24 ++++++++---------------- 1 file changed, 8 insertions(+), 16 deletions(-) commit fd60775aea802beef444881ddfa111a4b73b1bbc Author: David Rientjes Date: Mon Dec 12 16:42:20 2016 -0800 mm, thp: avoid unlikely branches for split_huge_pmd While doing MADV_DONTNEED on a large area of thp memory, I noticed we encountered many unlikely() branches in profiles for each backing hugepage. This is because zap_pmd_range() would call split_huge_pmd(), which rechecked the conditions that were already validated, but as part of an unlikely() branch. Avoid the unlikely() branch when in a context where pmd is known to be good for __split_huge_pmd() directly. Link: http://lkml.kernel.org/r/alpine.DEB.2.10.1610181600300.84525@chino.kir.corp.google.com Signed-off-by: David Rientjes Acked-by: Vlastimil Babka Cc: "Kirill A. Shutemov" Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/huge_mm.h | 2 ++ mm/memory.c | 4 ++-- mm/mempolicy.c | 2 +- mm/mprotect.c | 2 +- 4 files changed, 6 insertions(+), 4 deletions(-) commit 3f5000693f80e014fa577b67b93a0de945a4338d Author: zijun_hu Date: Mon Dec 12 16:42:17 2016 -0800 mm/vmalloc.c: simplify /proc/vmallocinfo implementation Many seq_file helpers exist for simplifying implementation of virtual files especially, for /proc nodes. however, the helpers for iteration over list_head are available but aren't adopted to implement /proc/vmallocinfo currently. Simplify /proc/vmallocinfo implementation by using existing seq_file helpers. Link: http://lkml.kernel.org/r/57FDF2E5.1000201@zoho.com Signed-off-by: zijun_hu Acked-by: Michal Hocko Cc: David Rientjes Cc: Tejun Heo Cc: Ingo Molnar Cc: Joonsoo Kim Cc: Stephen Rothwell Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/vmalloc.c | 27 +++++---------------------- 1 file changed, 5 insertions(+), 22 deletions(-) commit 29fac03bef729ef6f9fba5be56f8554093813c39 Author: Minchan Kim Date: Mon Dec 12 16:42:14 2016 -0800 mm: make unreserve highatomic functions reliable Currently, unreserve_highatomic_pageblock bails out if it found highatomic pageblock regardless of really moving free pages from the one so that it could mitigate unreserve logic's goal which saves OOM of a process. This patch makes unreserve functions bail out only if it moves some pages out of !highatomic free list to avoid such false positive. Another potential problem is that by race between page freeing and reserve highatomic function, pages could be in highatomic free list even though the pageblock is !high atomic migratetype. In that case, unreserve_highatomic_pageblock can be void if count of highatomic reserve is less than pageblock_nr_pages. We could solve it simply via draining all of reserved pages before the OOM. It would have a safeguard role to exhuast reserved pages before converging to OOM. Link: http://lkml.kernel.org/r/1476259429-18279-5-git-send-email-minchan@kernel.org Signed-off-by: Minchan Kim Signed-off-by: Michal Hocko Acked-by: Vlastimil Babka Cc: Mel Gorman Cc: Joonsoo Kim Cc: Sangseok Lee Cc: Michal Hocko Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/page_alloc.c | 24 +++++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) commit 04c8716f7b0075def05dc05646e2408f318167d2 Author: Minchan Kim Date: Mon Dec 12 16:42:11 2016 -0800 mm: try to exhaust highatomic reserve before the OOM I got OOM report from production team with v4.4 kernel. It had enough free memory but failed to allocate GFP_KERNEL order-0 page and finally encountered OOM kill. It occured during QA process which launches several apps, switching and so on. It happned rarely. IOW, In normal situation, it was not a problem but if we are unluck so that several apps uses peak memory at the same time, it can happen. If we manage to pass the phase, the system can go working well. I could reproduce it with my test(memory spike easily. Look at below. The reason is free pages(19M) of DMA32 zone are reserved for HIGHORDERATOMIC and doesn't unreserved before the OOM. balloon invoked oom-killer: gfp_mask=0x24280ca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), order=0, oom_score_adj=0 balloon cpuset=/ mems_allowed=0 CPU: 1 PID: 8473 Comm: balloon Tainted: G W OE 4.8.0-rc7-00219-g3f74c9559583-dirty #3161 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014 Call Trace: dump_stack+0x63/0x90 dump_header+0x5c/0x1ce oom_kill_process+0x22e/0x400 out_of_memory+0x1ac/0x210 __alloc_pages_nodemask+0x101e/0x1040 handle_mm_fault+0xa0a/0xbf0 __do_page_fault+0x1dd/0x4d0 trace_do_page_fault+0x43/0x130 do_async_page_fault+0x1a/0xa0 async_page_fault+0x28/0x30 Mem-Info: active_anon:383949 inactive_anon:106724 isolated_anon:0 active_file:15 inactive_file:44 isolated_file:0 unevictable:0 dirty:0 writeback:24 unstable:0 slab_reclaimable:2483 slab_unreclaimable:3326 mapped:0 shmem:0 pagetables:1906 bounce:0 free:6898 free_pcp:291 free_cma:0 Node 0 active_anon:1535796kB inactive_anon:426896kB active_file:60kB inactive_file:176kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:96kB shmem:0kB writeback_tmp:0kB unstable:0kB pages_scanned:1418 all_unreclaimable? no DMA free:8188kB min:44kB low:56kB high:68kB active_anon:7648kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB slab_reclaimable:0kB slab_unreclaimable:20kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 1952 1952 1952 DMA32 free:19404kB min:5628kB low:7624kB high:9620kB active_anon:1528148kB inactive_anon:426896kB active_file:60kB inactive_file:420kB unevictable:0kB writepending:96kB present:2080640kB managed:2030092kB mlocked:0kB slab_reclaimable:9932kB slab_unreclaimable:13284kB kernel_stack:2496kB pagetables:7624kB bounce:0kB free_pcp:900kB local_pcp:112kB free_cma:0kB lowmem_reserve[]: 0 0 0 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 2*4096kB (H) = 8192kB DMA32: 7*4kB (H) 8*8kB (H) 30*16kB (H) 31*32kB (H) 14*64kB (H) 9*128kB (H) 2*256kB (H) 2*512kB (H) 4*1024kB (H) 5*2048kB (H) 0*4096kB = 19484kB 51131 total pagecache pages 50795 pages in swap cache Swap cache stats: add 3532405601, delete 3532354806, find 124289150/1822712228 Free swap = 8kB Total swap = 255996kB 524158 pages RAM 0 pages HighMem/MovableOnly 12658 pages reserved 0 pages cma reserved 0 pages hwpoisoned Another example exceeded the limit by the race is in:imklog: page allocation failure: order:0, mode:0x2280020(GFP_ATOMIC|__GFP_NOTRACK) CPU: 0 PID: 476 Comm: in:imklog Tainted: G E 4.8.0-rc7-00217-g266ef83c51e5-dirty #3135 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014 Call Trace: dump_stack+0x63/0x90 warn_alloc_failed+0xdb/0x130 __alloc_pages_nodemask+0x4d6/0xdb0 new_slab+0x339/0x490 ___slab_alloc.constprop.74+0x367/0x480 __slab_alloc.constprop.73+0x20/0x40 __kmalloc+0x1a4/0x1e0 alloc_indirect.isra.14+0x1d/0x50 virtqueue_add_sgs+0x1c4/0x470 __virtblk_add_req+0xae/0x1f0 virtio_queue_rq+0x12d/0x290 __blk_mq_run_hw_queue+0x239/0x370 blk_mq_run_hw_queue+0x8f/0xb0 blk_mq_insert_requests+0x18c/0x1a0 blk_mq_flush_plug_list+0x125/0x140 blk_flush_plug_list+0xc7/0x220 blk_finish_plug+0x2c/0x40 __do_page_cache_readahead+0x196/0x230 filemap_fault+0x448/0x4f0 ext4_filemap_fault+0x36/0x50 __do_fault+0x75/0x140 handle_mm_fault+0x84d/0xbe0 __do_page_fault+0x1dd/0x4d0 trace_do_page_fault+0x43/0x130 do_async_page_fault+0x1a/0xa0 async_page_fault+0x28/0x30 Mem-Info: active_anon:363826 inactive_anon:121283 isolated_anon:32 active_file:65 inactive_file:152 isolated_file:0 unevictable:0 dirty:0 writeback:46 unstable:0 slab_reclaimable:2778 slab_unreclaimable:3070 mapped:112 shmem:0 pagetables:1822 bounce:0 free:9469 free_pcp:231 free_cma:0 Node 0 active_anon:1455304kB inactive_anon:485132kB active_file:260kB inactive_file:608kB unevictable:0kB isolated(anon):128kB isolated(file):0kB mapped:448kB dirty:0kB writeback:184kB shmem:0kB writeback_tmp:0kB unstable:0kB pages_scanned:13641 all_unreclaimable? no DMA free:7748kB min:44kB low:56kB high:68kB active_anon:7944kB inactive_anon:104kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB slab_reclaimable:0kB slab_unreclaimable:108kB kernel_stack:0kB pagetables:4kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 1952 1952 1952 DMA32 free:30128kB min:5628kB low:7624kB high:9620kB active_anon:1447360kB inactive_anon:485028kB active_file:260kB inactive_file:608kB unevictable:0kB writepending:184kB present:2080640kB managed:2030132kB mlocked:0kB slab_reclaimable:11112kB slab_unreclaimable:12172kB kernel_stack:2400kB pagetables:7284kB bounce:0kB free_pcp:924kB local_pcp:72kB free_cma:0kB lowmem_reserve[]: 0 0 0 0 DMA: 7*4kB (UE) 3*8kB (UH) 1*16kB (M) 0*32kB 2*64kB (U) 1*128kB (M) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 1*4096kB (H) = 7748kB DMA32: 10*4kB (H) 3*8kB (H) 47*16kB (H) 38*32kB (H) 5*64kB (H) 1*128kB (H) 2*256kB (H) 3*512kB (H) 3*1024kB (H) 3*2048kB (H) 4*4096kB (H) = 30128kB 2775 total pagecache pages 2536 pages in swap cache Swap cache stats: add 206786828, delete 206784292, find 7323106/106686077 Free swap = 108744kB Total swap = 255996kB 524158 pages RAM 0 pages HighMem/MovableOnly 12648 pages reserved 0 pages cma reserved 0 pages hwpoisoned It's weird to show that zone has enough free memory above min watermark but OOMed with 4K GFP_KERNEL allocation due to reserved highatomic pages. As last resort, try to unreserve highatomic pages again and if it has moved pages to non-highatmoc free list, retry reclaim once more. Link: http://lkml.kernel.org/r/1476259429-18279-4-git-send-email-minchan@kernel.org Signed-off-by: Minchan Kim Signed-off-by: Michal Hocko Acked-by: Vlastimil Babka Cc: Mel Gorman Cc: Joonsoo Kim Cc: Sangseok Lee Cc: Michal Hocko Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/page_alloc.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) commit 4855e4a7f29d6d10b0b9c84e189c770c9a94e91e Author: Minchan Kim Date: Mon Dec 12 16:42:08 2016 -0800 mm: prevent double decrease of nr_reserved_highatomic There is race between page freeing and unreserved highatomic. CPU 0 CPU 1 free_hot_cold_page mt = get_pfnblock_migratetype set_pcppage_migratetype(page, mt) unreserve_highatomic_pageblock spin_lock_irqsave(&zone->lock) move_freepages_block set_pageblock_migratetype(page) spin_unlock_irqrestore(&zone->lock) free_pcppages_bulk __free_one_page(mt) <- mt is stale By above race, a page on CPU 0 could go non-highorderatomic free list since the pageblock's type is changed. By that, unreserve logic of highorderatomic can decrease reserved count on a same pageblock severak times and then it will make mismatch between nr_reserved_highatomic and the number of reserved pageblock. So, this patch verifies whether the pageblock is highatomic or not and decrease the count only if the pageblock is highatomic. Link: http://lkml.kernel.org/r/1476259429-18279-3-git-send-email-minchan@kernel.org Signed-off-by: Minchan Kim Acked-by: Vlastimil Babka Acked-by: Mel Gorman Cc: Joonsoo Kim Cc: Sangseok Lee Cc: Michal Hocko Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/page_alloc.c | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) commit 88ed365ea227aa28841a8d6e196c9a261c76fffd Author: Minchan Kim Date: Mon Dec 12 16:42:05 2016 -0800 mm: don't steal highatomic pageblock Patch series "use up highorder free pages before OOM", v3. I got OOM report from production team with v4.4 kernel. It had enough free memory but failed to allocate GFP_KERNEL order-0 page and finally encountered OOM kill. It occured during QA process which launches several apps, switching and so on. It happned rarely. IOW, In normal situation, it was not a problem but if we are unluck so that several apps uses peak memory at the same time, it can happen. If we manage to pass the phase, the system can go working well. I could reproduce it with my test(memory spike easily. Look at below. The reason is free pages(19M) of DMA32 zone are reserved for HIGHORDERATOMIC and doesn't unreserved before the OOM. balloon invoked oom-killer: gfp_mask=0x24280ca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), order=0, oom_score_adj=0 balloon cpuset=/ mems_allowed=0 CPU: 1 PID: 8473 Comm: balloon Tainted: G W OE 4.8.0-rc7-00219-g3f74c9559583-dirty #3161 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014 Call Trace: dump_stack+0x63/0x90 dump_header+0x5c/0x1ce oom_kill_process+0x22e/0x400 out_of_memory+0x1ac/0x210 __alloc_pages_nodemask+0x101e/0x1040 handle_mm_fault+0xa0a/0xbf0 __do_page_fault+0x1dd/0x4d0 trace_do_page_fault+0x43/0x130 do_async_page_fault+0x1a/0xa0 async_page_fault+0x28/0x30 Mem-Info: active_anon:383949 inactive_anon:106724 isolated_anon:0 active_file:15 inactive_file:44 isolated_file:0 unevictable:0 dirty:0 writeback:24 unstable:0 slab_reclaimable:2483 slab_unreclaimable:3326 mapped:0 shmem:0 pagetables:1906 bounce:0 free:6898 free_pcp:291 free_cma:0 Node 0 active_anon:1535796kB inactive_anon:426896kB active_file:60kB inactive_file:176kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:96kB shmem:0kB writeback_tmp:0kB unstable:0kB pages_scanned:1418 all_unreclaimable? no DMA free:8188kB min:44kB low:56kB high:68kB active_anon:7648kB inactive_anon:0kB active_file:0kB inactive_file:4kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB slab_reclaimable:0kB slab_unreclaimable:20kB kernel_stack:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 1952 1952 1952 DMA32 free:19404kB min:5628kB low:7624kB high:9620kB active_anon:1528148kB inactive_anon:426896kB active_file:60kB inactive_file:420kB unevictable:0kB writepending:96kB present:2080640kB managed:2030092kB mlocked:0kB slab_reclaimable:9932kB slab_unreclaimable:13284kB kernel_stack:2496kB pagetables:7624kB bounce:0kB free_pcp:900kB local_pcp:112kB free_cma:0kB lowmem_reserve[]: 0 0 0 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 2*4096kB (H) = 8192kB DMA32: 7*4kB (H) 8*8kB (H) 30*16kB (H) 31*32kB (H) 14*64kB (H) 9*128kB (H) 2*256kB (H) 2*512kB (H) 4*1024kB (H) 5*2048kB (H) 0*4096kB = 19484kB 51131 total pagecache pages 50795 pages in swap cache Swap cache stats: add 3532405601, delete 3532354806, find 124289150/1822712228 Free swap = 8kB Total swap = 255996kB 524158 pages RAM 0 pages HighMem/MovableOnly 12658 pages reserved 0 pages cma reserved 0 pages hwpoisoned Another example exceeded the limit by the race is in:imklog: page allocation failure: order:0, mode:0x2280020(GFP_ATOMIC|__GFP_NOTRACK) CPU: 0 PID: 476 Comm: in:imklog Tainted: G E 4.8.0-rc7-00217-g266ef83c51e5-dirty #3135 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014 Call Trace: dump_stack+0x63/0x90 warn_alloc_failed+0xdb/0x130 __alloc_pages_nodemask+0x4d6/0xdb0 new_slab+0x339/0x490 ___slab_alloc.constprop.74+0x367/0x480 __slab_alloc.constprop.73+0x20/0x40 __kmalloc+0x1a4/0x1e0 alloc_indirect.isra.14+0x1d/0x50 virtqueue_add_sgs+0x1c4/0x470 __virtblk_add_req+0xae/0x1f0 virtio_queue_rq+0x12d/0x290 __blk_mq_run_hw_queue+0x239/0x370 blk_mq_run_hw_queue+0x8f/0xb0 blk_mq_insert_requests+0x18c/0x1a0 blk_mq_flush_plug_list+0x125/0x140 blk_flush_plug_list+0xc7/0x220 blk_finish_plug+0x2c/0x40 __do_page_cache_readahead+0x196/0x230 filemap_fault+0x448/0x4f0 ext4_filemap_fault+0x36/0x50 __do_fault+0x75/0x140 handle_mm_fault+0x84d/0xbe0 __do_page_fault+0x1dd/0x4d0 trace_do_page_fault+0x43/0x130 do_async_page_fault+0x1a/0xa0 async_page_fault+0x28/0x30 Mem-Info: active_anon:363826 inactive_anon:121283 isolated_anon:32 active_file:65 inactive_file:152 isolated_file:0 unevictable:0 dirty:0 writeback:46 unstable:0 slab_reclaimable:2778 slab_unreclaimable:3070 mapped:112 shmem:0 pagetables:1822 bounce:0 free:9469 free_pcp:231 free_cma:0 Node 0 active_anon:1455304kB inactive_anon:485132kB active_file:260kB inactive_file:608kB unevictable:0kB isolated(anon):128kB isolated(file):0kB mapped:448kB dirty:0kB writeback:184kB shmem:0kB writeback_tmp:0kB unstable:0kB pages_scanned:13641 all_unreclaimable? no DMA free:7748kB min:44kB low:56kB high:68kB active_anon:7944kB inactive_anon:104kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB slab_reclaimable:0kB slab_unreclaimable:108kB kernel_stack:0kB pagetables:4kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB lowmem_reserve[]: 0 1952 1952 1952 DMA32 free:30128kB min:5628kB low:7624kB high:9620kB active_anon:1447360kB inactive_anon:485028kB active_file:260kB inactive_file:608kB unevictable:0kB writepending:184kB present:2080640kB managed:2030132kB mlocked:0kB slab_reclaimable:11112kB slab_unreclaimable:12172kB kernel_stack:2400kB pagetables:7284kB bounce:0kB free_pcp:924kB local_pcp:72kB free_cma:0kB lowmem_reserve[]: 0 0 0 0 DMA: 7*4kB (UE) 3*8kB (UH) 1*16kB (M) 0*32kB 2*64kB (U) 1*128kB (M) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (U) 1*4096kB (H) = 7748kB DMA32: 10*4kB (H) 3*8kB (H) 47*16kB (H) 38*32kB (H) 5*64kB (H) 1*128kB (H) 2*256kB (H) 3*512kB (H) 3*1024kB (H) 3*2048kB (H) 4*4096kB (H) = 30128kB 2775 total pagecache pages 2536 pages in swap cache Swap cache stats: add 206786828, delete 206784292, find 7323106/106686077 Free swap = 108744kB Total swap = 255996kB 524158 pages RAM 0 pages HighMem/MovableOnly 12648 pages reserved 0 pages cma reserved 0 pages hwpoisoned During the investigation, I found some problems with highatomic so this patch aims to solve the problems and the final goal is to unreserve every highatomic free pages before the OOM kill. This patch (of 4): In page freeing path, migratetype is racy so that a highorderatomic page could free into non-highorderatomic free list. If that page is allocated, VM can change the pageblock from higorderatomic to something. In that case, highatomic pageblock accounting is broken so it doesn't work(e.g., VM cannot reserve highorderatomic pageblocks any more although it doesn't reach 1% limit). So, this patch prohibits the changing from highatomic to other type. It's no problem because MIGRATE_HIGHATOMIC is not listed in fallback array so stealing will only happen due to unexpected races which is really rare. Also, such prohibiting keeps highatomic pageblock more longer so it would be better for highorderatomic page allocation. Link: http://lkml.kernel.org/r/1476259429-18279-2-git-send-email-minchan@kernel.org Signed-off-by: Minchan Kim Acked-by: Vlastimil Babka Acked-by: Mel Gorman Cc: Joonsoo Kim Cc: Sangseok Lee Cc: Michal Hocko Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/page_alloc.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit 22901c6c9f93058c3803d343db02c14e870e3545 Author: Andreas Platschek Date: Mon Dec 12 16:42:01 2016 -0800 kmemleak: fix reference to Documentation Documentation/kmemleak.txt was moved to Documentation/dev-tools/kmemleak.rst, this fixes the reference to the new location. Link: http://lkml.kernel.org/r/1476544946-18804-1-git-send-email-andreas.platschek@opentech.at Signed-off-by: Andreas Platschek Acked-by: Catalin Marinas Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/kmemleak.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 8bea805207500068b70778b707299a9b5920ca72 Author: Aneesh Kumar K.V Date: Mon Dec 12 16:41:59 2016 -0800 mm/hugetlb.c: use huge_pte_lock instead of opencoding the lock No functional change by this patch. Link: http://lkml.kernel.org/r/20161018090234.22574-1-aneesh.kumar@linux.vnet.ibm.com Signed-off-by: Aneesh Kumar K.V Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/hugetlb.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) commit 3999f52e3198e76607446ab1a4610c1ddc406c56 Author: Aneesh Kumar K.V Date: Mon Dec 12 16:41:56 2016 -0800 mm/hugetlb.c: use the right pte val for compare in hugetlb_cow We cannot use the pte value used in set_pte_at for pte_same comparison, because archs like ppc64, filter/add new pte flag in set_pte_at. Instead fetch the pte value inside hugetlb_cow. We are comparing pte value to make sure the pte didn't change since we dropped the page table lock. hugetlb_cow get called with page table lock held, and we can take a copy of the pte value before we drop the page table lock. With hugetlbfs, we optimize the MAP_PRIVATE write fault path with no previous mapping (huge_pte_none entries), by forcing a cow in the fault path. This avoid take an addition fault to covert a read-only mapping to read/write. Here we were comparing a recently instantiated pte (via set_pte_at) to the pte values from linux page table. As explained above on ppc64 such pte_same check returned wrong result, resulting in us taking an additional fault on ppc64. Fixes: 6a119eae942c ("powerpc/mm: Add a _PAGE_PTE bit") Link: http://lkml.kernel.org/r/20161018154245.18023-1-aneesh.kumar@linux.vnet.ibm.com Signed-off-by: Aneesh Kumar K.V Reported-by: Jan Stancek Acked-by: Hillf Danton Cc: Mike Kravetz Cc: Scott Wood Cc: Michael Ellerman Cc: Kirill A. Shutemov Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/hugetlb.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) commit 771ab4302c592d1de9e6b73f58979e9e5c424f4c Author: Tobias Klauser Date: Mon Dec 12 16:41:53 2016 -0800 mm/gup.c: make unnecessarily global vma_permits_fault() static Make vma_permits_fault() static as it is only used in mm/gup.c This fixes a sparse warning. Link: http://lkml.kernel.org/r/20161017122353.31598-1-tklauser@distanz.ch Signed-off-by: Tobias Klauser Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/gup.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 5f33a0803bbd781de916f5c7448cbbbbc763d911 Author: Shaohua Li Date: Mon Dec 12 16:41:50 2016 -0800 mm/vmscan.c: set correct defer count for shrinker Our system uses significantly more slab memory with memcg enabled with the latest kernel. With 3.10 kernel, slab uses 2G memory, while with 4.6 kernel, 6G memory is used. The shrinker has problem. Let's see we have two memcg for one shrinker. In do_shrink_slab: 1. Check cg1. nr_deferred = 0, assume total_scan = 700. batch size is 1024, then no memory is freed. nr_deferred = 700 2. Check cg2. nr_deferred = 700. Assume freeable = 20, then total_scan = 10 or 40. Let's assume it's 10. No memory is freed. nr_deferred = 10. The deferred share of cg1 is lost in this case. kswapd will free no memory even run above steps again and again. The fix makes sure one memcg's deferred share isn't lost. Link: http://lkml.kernel.org/r/2414be961b5d25892060315fbb56bb19d81d0c07.1476227351.git.shli@fb.com Signed-off-by: Shaohua Li Cc: Johannes Weiner Cc: Michal Hocko Cc: Vladimir Davydov Cc: [4.0+] Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/vmscan.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) commit 3e32158767b04db60b83f760e1722fd15a715d7a Author: Andi Kleen Date: Mon Dec 12 16:41:47 2016 -0800 mm/mprotect.c: don't touch single threaded PTEs which are on the right node We had some problems with pages getting unmapped in single threaded affinitized processes. It was tracked down to NUMA scanning. In this case it doesn't make any sense to unmap pages if the process is single threaded and the page is already on the node the process is running on. Add a check for this case into the numa protection code, and skip unmapping if true. In theory the process could be migrated later, but we will eventually rescan and unmap and migrate then. In theory this could be made more fancy: remembering this state per process or even whole mm. However that would need extra tracking and be more complicated, and the simple check seems to work fine so far. [ak@linux.intel.com: v3: Minor updates from Mel. Change code layout] Link: http://lkml.kernel.org/r/1476382117-5440-1-git-send-email-andi@firstfloor.org Link: http://lkml.kernel.org/r/1476288949-20970-1-git-send-email-andi@firstfloor.org Signed-off-by: Andi Kleen Acked-by: Mel Gorman Cc: Peter Zijlstra Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/mprotect.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) commit bf00bd3458041c4643a13d80fb349d29cb66eb63 Author: David Rientjes Date: Mon Dec 12 16:41:44 2016 -0800 mm, slab: maintain total slab count instead of active count Rather than tracking the number of active slabs for each node, track the total number of slabs. This is a minor improvement that avoids active slab tracking when a slab goes from free to partial or partial to free. For slab debugging, this also removes an explicit free count since it can easily be inferred by the difference in number of total objects and number of active objects. Link: http://lkml.kernel.org/r/alpine.DEB.2.10.1612042020110.115755@chino.kir.corp.google.com Signed-off-by: David Rientjes Suggested-by: Joonsoo Kim Cc: Greg Thelen Cc: Aruna Ramakrishna Cc: Christoph Lameter Cc: Pekka Enberg Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/slab.c | 70 ++++++++++++++++++++++++++------------------------------------- mm/slab.h | 4 ++-- 2 files changed, 31 insertions(+), 43 deletions(-) commit f728b0a5d72ae99c446f933912914a61254c03b6 Author: Greg Thelen Date: Mon Dec 12 16:41:41 2016 -0800 mm, slab: faster active and free stats Reading /proc/slabinfo or monitoring slabtop(1) can become very expensive if there are many slab caches and if there are very lengthy per-node partial and/or free lists. Commit 07a63c41fa1f ("mm/slab: improve performance of gathering slabinfo stats") addressed the per-node full lists which showed a significant improvement when no objects were freed. This patch has the same motivation and optimizes the remainder of the usecases where there are very lengthy partial and free lists. This patch maintains per-node active_slabs (full and partial) and free_slabs rather than iterating the lists at runtime when reading /proc/slabinfo. When allocating 100GB of slab from a test cache where every slab page is on the partial list, reading /proc/slabinfo (includes all other slab caches on the system) takes ~247ms on average with 48 samples. As a result of this patch, the same read takes ~0.856ms on average. [rientjes@google.com: changelog] Link: http://lkml.kernel.org/r/alpine.DEB.2.10.1611081505240.13403@chino.kir.corp.google.com Signed-off-by: Greg Thelen Signed-off-by: David Rientjes Cc: Christoph Lameter Cc: Pekka Enberg Cc: Joonsoo Kim Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/slab.c | 117 +++++++++++++++++++++++++------------------------------------- mm/slab.h | 3 +- 2 files changed, 49 insertions(+), 71 deletions(-) commit e70954fd6d4b469517fd906ef1c33310e90ef9f0 Author: Thomas Garnier Date: Mon Dec 12 16:41:38 2016 -0800 mm/slab_common.c: check kmem_create_cache flags are common Verify that kmem_create_cache flags are not allocator specific. It is done before removing flags that are not available with the current configuration. The current kmem_cache_create removes incorrect flags but do not validate the callers are using them right. This change will ensure that callers are not trying to create caches with flags that won't be used because allocator specific. Link: http://lkml.kernel.org/r/1478553075-120242-2-git-send-email-thgarnie@google.com Signed-off-by: Thomas Garnier Cc: Christoph Lameter Cc: Pekka Enberg Cc: David Rientjes Cc: Joonsoo Kim Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/slab.h | 15 +++++++++++++++ mm/slab_common.c | 6 ++++++ 2 files changed, 21 insertions(+) commit 84582c8ab9479ffa4532afa95ab8d8f96b5478dc Author: Arnd Bergmann Date: Mon Dec 12 16:41:35 2016 -0800 slub: avoid false-postive warning The slub allocator gives us some incorrect warnings when CONFIG_PROFILE_ANNOTATED_BRANCHES is set, as the unlikely() macro prevents it from seeing that the return code matches what it was before: mm/slub.c: In function `kmem_cache_free_bulk': mm/slub.c:262:23: error: `df.s' may be used uninitialized in this function [-Werror=maybe-uninitialized] mm/slub.c:2943:3: error: `df.cnt' may be used uninitialized in this function [-Werror=maybe-uninitialized] mm/slub.c:2933:4470: error: `df.freelist' may be used uninitialized in this function [-Werror=maybe-uninitialized] mm/slub.c:2943:3: error: `df.tail' may be used uninitialized in this function [-Werror=maybe-uninitialized] I have not been able to come up with a perfect way for dealing with this, the three options I see are: - add a bogus initialization, which would increase the runtime overhead - replace unlikely() with unlikely_notrace() - remove the unlikely() annotation completely I checked the object code for a typical x86 configuration and the last two cases produce the same result, so I went for the last one, which is the simplest. Link: http://lkml.kernel.org/r/20161024155704.3114445-1-arnd@arndb.de Signed-off-by: Arnd Bergmann Acked-by: Jesper Dangaard Brouer Cc: Arnd Bergmann Cc: Christoph Lameter Cc: Pekka Enberg Cc: David Rientjes Cc: Joonsoo Kim Cc: Vladimir Davydov Cc: Johannes Weiner Cc: Laura Abbott Cc: Alexander Potapenko Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/slub.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 89e364db71fb5e7fc8d93228152abfa67daf35fa Author: Vladimir Davydov Date: Mon Dec 12 16:41:32 2016 -0800 slub: move synchronize_sched out of slab_mutex on shrink synchronize_sched() is a heavy operation and calling it per each cache owned by a memory cgroup being destroyed may take quite some time. What is worse, it's currently called under the slab_mutex, stalling all works doing cache creation/destruction. Actually, there isn't much point in calling synchronize_sched() for each cache - it's enough to call it just once - after setting cpu_partial for all caches and before shrinking them. This way, we can also move it out of the slab_mutex, which we have to hold for iterating over the slab cache list. Link: https://bugzilla.kernel.org/show_bug.cgi?id=172991 Link: http://lkml.kernel.org/r/0a10d71ecae3db00fb4421bcd3f82bcc911f4be4.1475329751.git.vdavydov.dev@gmail.com Signed-off-by: Vladimir Davydov Reported-by: Doug Smythies Acked-by: Joonsoo Kim Cc: Christoph Lameter Cc: David Rientjes Cc: Johannes Weiner Cc: Michal Hocko Cc: Pekka Enberg Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/slab.c | 4 ++-- mm/slab.h | 2 +- mm/slab_common.c | 27 +++++++++++++++++++++++++-- mm/slob.c | 2 +- mm/slub.c | 19 ++----------------- 5 files changed, 31 insertions(+), 23 deletions(-) commit 13583c3d3224508582ec03d881d0b68dd3ee8e10 Author: Vladimir Davydov Date: Mon Dec 12 16:41:29 2016 -0800 mm: memcontrol: use special workqueue for creating per-memcg caches Creating a lot of cgroups at the same time might stall all worker threads with kmem cache creation works, because kmem cache creation is done with the slab_mutex held. The problem was amplified by commits 801faf0db894 ("mm/slab: lockless decision to grow cache") in case of SLAB and 81ae6d03952c ("mm/slub.c: replace kick_all_cpus_sync() with synchronize_sched() in kmem_cache_shrink()") in case of SLUB, which increased the maximal time the slab_mutex can be held. To prevent that from happening, let's use a special ordered single threaded workqueue for kmem cache creation. This shouldn't introduce any functional changes regarding how kmem caches are created, as the work function holds the global slab_mutex during its whole runtime anyway, making it impossible to run more than one work at a time. By using a single threaded workqueue, we just avoid creating a thread per each work. Ordering is required to avoid a situation when a cgroup's work is put off indefinitely because there are other cgroups to serve, in other words to guarantee fairness. Link: https://bugzilla.kernel.org/show_bug.cgi?id=172981 Link: http://lkml.kernel.org/r/20161004131417.GC1862@esperanza Signed-off-by: Vladimir Davydov Reported-by: Doug Smythies Acked-by: Michal Hocko Cc: Christoph Lameter Cc: David Rientjes Cc: Johannes Weiner Cc: Joonsoo Kim Cc: Pekka Enberg Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds mm/memcontrol.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) commit c62c38f6b91b87a013bccd3637c2a1850d8e590c Author: Deepa Dinamani Date: Mon Dec 12 16:41:26 2016 -0800 ocfs2: replace CURRENT_TIME macro CURRENT_TIME is not y2038 safe. Use y2038 safe ktime_get_real_seconds() here for timestamps. struct heartbeat_block's hb_seq and deletetion time are already 64 bits wide and accommodate times beyond y2038. Also use y2038 safe ktime_get_real_ts64() for on disk inode timestamps. These are also wide enough to accommodate time64_t. Link: http://lkml.kernel.org/r/1475365298-29236-1-git-send-email-deepa.kernel@gmail.com Signed-off-by: Deepa Dinamani Reviewed-by: Arnd Bergmann Cc: Mark Fasheh Cc: Joel Becker Cc: Junxiao Bi Cc: Joseph Qi Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/ocfs2/cluster/heartbeat.c | 2 +- fs/ocfs2/inode.c | 2 +- fs/ocfs2/namei.c | 6 ++++-- 3 files changed, 6 insertions(+), 4 deletions(-) commit 395627b0718b6d4252c451c766cfc00ec155ddaf Author: Deepa Dinamani Date: Mon Dec 12 16:41:23 2016 -0800 ocfs2: use time64_t to represent orphan scan times struct timespec is not y2038 safe. Use time64_t which is y2038 safe to represent orphan scan times. time64_t is sufficient here as only the seconds delta times are relevant. Also use appropriate time functions that return time in time64_t format. Time functions now return monotonic time instead of real time as only delta scan times are relevant and these values are not persistent across reboots. The format string for the debug print is still using long as this is only the time elapsed since the last scan and long is sufficient to represent this value. Link: http://lkml.kernel.org/r/1475365138-20567-1-git-send-email-deepa.kernel@gmail.com Signed-off-by: Deepa Dinamani Reviewed-by: Arnd Bergmann Cc: Mark Fasheh Cc: Joel Becker Cc: Junxiao Bi Cc: Joseph Qi Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/ocfs2/journal.c | 4 ++-- fs/ocfs2/ocfs2.h | 2 +- fs/ocfs2/super.c | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) commit 4131d53810681e4f0a2ff00f5c137478a7f0ef69 Author: Ashish Samant Date: Mon Dec 12 16:41:20 2016 -0800 ocfs2: fix double put of recount tree in ocfs2_lock_refcount_tree() In ocfs2_lock_refcount_tree, if ocfs2_read_refcount_block() returns an error, we do ocfs2_refcount_tree_put twice (once in ocfs2_unlock_refcount_tree and once outside it), thereby reducing the refcount of the refcount tree twice, but we dont delete the tree in this case. This will make refcnt of the tree = 0 and the ocfs2_refcount_tree_put will eventually call ocfs2_mark_lockres_freeing, setting OCFS2_LOCK_FREEING for the refcount_tree->rf_lockres. The error returned by ocfs2_read_refcount_block is propagated all the way back and for next iteration of write, ocfs2_lock_refcount_tree gets the same tree back from ocfs2_get_refcount_tree because we havent deleted the tree. Now we have the same tree, but OCFS2_LOCK_FREEING is set for rf_lockres and eventually, when _ocfs2_lock_refcount_tree is called in this iteration, BUG_ON( __ocfs2_cluster_lock:1395 ERROR: Cluster lock called on freeing lockres T00000000000000000386019775b08d! flags 0x81) is triggerred. Call stack: (loop16,11155,0):ocfs2_lock_refcount_tree:482 ERROR: status = -5 (loop16,11155,0):ocfs2_refcount_cow_hunk:3497 ERROR: status = -5 (loop16,11155,0):ocfs2_refcount_cow:3560 ERROR: status = -5 (loop16,11155,0):ocfs2_prepare_inode_for_refcount:2111 ERROR: status = -5 (loop16,11155,0):ocfs2_prepare_inode_for_write:2190 ERROR: status = -5 (loop16,11155,0):ocfs2_file_write_iter:2331 ERROR: status = -5 (loop16,11155,0):__ocfs2_cluster_lock:1395 ERROR: bug expression: lockres->l_flags & OCFS2_LOCK_FREEING (loop16,11155,0):__ocfs2_cluster_lock:1395 ERROR: Cluster lock called on freeing lockres T00000000000000000386019775b08d! flags 0x81 kernel BUG at fs/ocfs2/dlmglue.c:1395! invalid opcode: 0000 [#1] SMP CPU 0 Modules linked in: tun ocfs2 jbd2 xen_blkback xen_netback xen_gntdev .. sd_mod crc_t10dif ext3 jbd mbcache RIP: __ocfs2_cluster_lock+0x31c/0x740 [ocfs2] RSP: e02b:ffff88017c0138a0 EFLAGS: 00010086 Process loop16 (pid: 11155, threadinfo ffff88017c010000, task ffff8801b5374300) Call Trace: ocfs2_refcount_lock+0xae/0x130 [ocfs2] __ocfs2_lock_refcount_tree+0x29/0xe0 [ocfs2] ocfs2_lock_refcount_tree+0xdd/0x320 [ocfs2] ocfs2_refcount_cow_hunk+0x1cb/0x440 [ocfs2] ocfs2_refcount_cow+0xa9/0x1d0 [ocfs2] ocfs2_prepare_inode_for_refcount+0x115/0x200 [ocfs2] ocfs2_prepare_inode_for_write+0x33b/0x470 [ocfs2] ocfs2_file_write_iter+0x220/0x8c0 [ocfs2] aio_write_iter+0x2e/0x30 Fix this by avoiding the second call to ocfs2_refcount_tree_put() Link: http://lkml.kernel.org/r/1473984404-32011-1-git-send-email-ashish.samant@oracle.com Signed-off-by: Ashish Samant Reviewed-by: Eric Ren Cc: Mark Fasheh Cc: Joel Becker Cc: Junxiao Bi Cc: Joseph Qi Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/ocfs2/refcounttree.c | 1 - 1 file changed, 1 deletion(-) commit 07f38d971cd92d06adeaa50240f0235a2479d543 Author: piaojun Date: Mon Dec 12 16:41:17 2016 -0800 ocfs2: clean up unused 'page' parameter in ocfs2_write_end_nolock() 'page' parameter in ocfs2_write_end_nolock() is never used. Link: http://lkml.kernel.org/r/582FD91A.5000902@huawei.com Signed-off-by: Jun Piao Reviewed-by: Joseph Qi Cc: Mark Fasheh Cc: Joel Becker Cc: Junxiao Bi Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/ocfs2/aops.c | 7 +++---- fs/ocfs2/aops.h | 3 +-- fs/ocfs2/mmap.c | 3 +-- 3 files changed, 5 insertions(+), 8 deletions(-) commit 28bb5ef485d3e96da056124e9b60df4486d38265 Author: piaojun Date: Mon Dec 12 16:41:14 2016 -0800 ocfs2/dlm: clean up deadcode in dlm_master_request_handler() When 'dispatch_assert' is set, 'response' must be DLM_MASTER_RESP_YES, and 'res' won't be null, so execution can't reach these two branch. Link: http://lkml.kernel.org/r/58174C91.3040004@huawei.com Signed-off-by: Jun Piao Reviewed-by: Joseph Qi Joseph Qi Cc: Mark Fasheh Cc: Joel Becker Cc: Junxiao Bi Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/ocfs2/dlm/dlmmaster.c | 6 ------ 1 file changed, 6 deletions(-) commit aa7b58597f48b93e9d08b4bac90e41690f586e46 Author: Guozhonghua Date: Mon Dec 12 16:41:11 2016 -0800 ocfs2: delete redundant code and set the node bit into maybe_map directly The variable `set_maybe' is redundant when the mle has been found in the map. So it is ok to set the node_idx into mle's maybe_map directly. Link: http://lkml.kernel.org/r/71604351584F6A4EBAE558C676F37CA4A3D490DD@H3CMLB12-EX.srv.huawei-3com.com Signed-off-by: Guozhonghua Reviewed-by: Mark Fasheh Reviewed-by: Joseph Qi Cc: Joel Becker Cc: Junxiao Bi Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/ocfs2/dlm/dlmmaster.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) commit 46832b2de5fa42519c4924a9d0751d9297012ca9 Author: piaojun Date: Mon Dec 12 16:41:08 2016 -0800 ocfs2/dlm: clean up useless BUG_ON default case in dlm_finalize_reco_handler() The value of 'stage' must be between 1 and 2, so the switch can't reach the default case. Link: http://lkml.kernel.org/r/57FB5EB2.7050002@huawei.com Signed-off-by: Jun Piao Cc: Mark Fasheh Cc: Joel Becker Cc: Junxiao Bi Cc: Joseph Qi Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds fs/ocfs2/dlm/dlmrecovery.c | 2 -- 1 file changed, 2 deletions(-) commit 3da82065f1e59fd280742cd792cbf2fb2052958f Author: Sudip Mukherjee Date: Mon Dec 12 16:41:05 2016 -0800 drivers/pcmcia/m32r_pcc.c: check return from add_pcc_socket If request_irq() fails it passes the error to the caller. The caller now checks it and jumps to the common error path on failure. Link: http://lkml.kernel.org/r/1474237304-897-3-git-send-email-sudipm.mukherjee@gmail.com Signed-off-by: Sudip Mukherjee Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds drivers/pcmcia/m32r_pcc.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) commit c795cf4f1865659b40a286a9997e64f4c15bbc9b Author: Sudip Mukherjee Date: Mon Dec 12 16:41:02 2016 -0800 drivers/pcmcia/m32r_pcc.c: use common error path Use a common error path for the failure. Link: http://lkml.kernel.org/r/1474237304-897-2-git-send-email-sudipm.mukherjee@gmail.com Signed-off-by: Sudip Mukherjee Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds drivers/pcmcia/m32r_pcc.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) commit 4170a20f21e734b14317a65baaccc4078eef5198 Author: Sudip Mukherjee Date: Mon Dec 12 16:40:59 2016 -0800 drivers/pcmcia/m32r_pcc.c: check return from request_irq While building m32r allmodconfig we were getting warning: drivers/pcmcia/m32r_pcc.c:331:2: warning: ignoring return value of 'request_irq', declared with attribute warn_unused_result request_irq() can fail and we should always be checking the result from it. Check the result and return it to the caller. Link: http://lkml.kernel.org/r/1474237304-897-1-git-send-email-sudipm.mukherjee@gmail.com Signed-off-by: Sudip Mukherjee Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds drivers/pcmcia/m32r_pcc.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) commit 17e96230d95cc2b7eb7d039415d3506340257b5e Author: Sudip Mukherjee Date: Mon Dec 12 16:40:57 2016 -0800 m32r: fix build warning While building m32r defconfig we got warnings: arch/m32r/platforms/m32700ut/setup.c:249:24: warning: 'm32700ut_lcdpld_irq_type' defined but not used [-Wunused-variable] m32700ut_lcdpld_irq_type is only used when CONFIG_USB is enabled. Modify the code to declare the related variables and functions only when CONFIG_USB is enabled. Link: http://lkml.kernel.org/r/1479244406-7507-1-git-send-email-sudipm.mukherjee@gmail.com Signed-off-by: Sudip Mukherjee Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/m32r/platforms/m32700ut/setup.c | 2 ++ 1 file changed, 2 insertions(+) commit eb17726b00b327b3c0544f6970738204f09676a4 Author: Sudip Mukherjee Date: Mon Dec 12 16:40:54 2016 -0800 m32r: add simple dma Some builds of m32r were failing as it tried to build few drivers which needed dma but m32r is not having dma support. Objections were raised when it was tried to make those drivers depend on HAS_DMA. So the next best thing is to add dma support to m32r. dma_noop is a very simple dma with 1:1 memory mapping. Link: http://lkml.kernel.org/r/1475949198-31623-1-git-send-email-sudipm.mukherjee@gmail.com Signed-off-by: Sudip Mukherjee Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds arch/m32r/Kconfig | 2 +- arch/m32r/include/asm/device.h | 6 +++++- arch/m32r/include/asm/dma-mapping.h | 32 ++++++++++++++++++++++++++++++++ 3 files changed, 38 insertions(+), 2 deletions(-) commit 779d5eb375f8f3aa9b83d24cc8e3e56fe5dc9864 Author: Sam Protsenko Date: Mon Dec 12 16:40:51 2016 -0800 scripts/tags.sh: handle OMAP platforms properly When SUBARCH is "omap1" or "omap2", plat-omap/ directory must be indexed. Handle this special case properly. While at it, check if mach- directory exists at all. Link: http://lkml.kernel.org/r/20161202122148.15001-1-joe.skb7@gmail.com Signed-off-by: Sam Protsenko Cc: Michal Marek Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds scripts/tags.sh | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) commit 0d7bbb43641c35390378e951785f2351bc36650a Author: Alexey Dobriyan Date: Mon Dec 12 16:40:48 2016 -0800 scripts/bloat-o-meter: compile .NUMBER regex Every often used regex is better be compiled in Python. Speedup is about ~9.8% (whee!) $ perf stat -r 16 taskset -c 15 ./scripts/bloat-o-meter ../vmlinux-000 ../obj/vmlinux >/dev/null 7.091202853 seconds time elapsed ( +- 0.15% ) +re.compile 6.397564973 seconds time elapsed ( +- 0.34% ) Link: http://lkml.kernel.org/r/20161119004417.GB1200@avx2 Signed-off-by: Alexey Dobriyan Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds scripts/bloat-o-meter | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 3af06fd96aae18561830745880ca6e289053edae Author: Alexey Dobriyan Date: Mon Dec 12 16:40:45 2016 -0800 scripts/bloat-o-meter: don't use readlines() readlines() conses whole list before doing anything which is slower for big object files. Use per line iterator. Speed up is ~2% on "allyesconfig" type of kernel. $ perf stat -r 16 taskset -c 15 ./scripts/bloat-o-meter ../vmlinux-000 ../obj/vmlinux >/dev/null ... Before: 7.247708646 seconds time elapsed ( +- 0.28% ) After: 7.091202853 seconds time elapsed ( +- 0.15% ) Link: http://lkml.kernel.org/r/20161119004143.GA1200@avx2 Signed-off-by: Alexey Dobriyan Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds scripts/bloat-o-meter | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) commit 3fb4afd9a504c2386b8435028d43283216bf588e Author: Stanislav Kinsburskiy Date: Mon Dec 12 16:40:42 2016 -0800 prctl: remove one-shot limitation for changing exe link This limitation came with the reason to remove "another way for malicious code to obscure a compromised program and masquerade as a benign process" by allowing "security-concious program can use this prctl once during its early initialization to ensure the prctl cannot later be abused for this purpose": http://marc.info/?l=linux-kernel&m=133160684517468&w=2 This explanation doesn't look sufficient. The only thing "exe" link is indicating is the file, used to execve, which is basically nothing and not reliable immediately after process has returned from execve system call. Moreover, to use this feture, all the mappings to previous exe file have to be unmapped and all the new exe file permissions must be satisfied. Which means, that changing exe link is very similar to calling execve on the binary. The need to remove this limitations comes from migration of NFS mount point, which is not accessible during restore and replaced by other file system. Because of this exe link has to be changed twice. [akpm@linux-foundation.org: fix up comment] Link: http://lkml.kernel.org/r/20160927153755.9337.69650.stgit@localhost.localdomain Signed-off-by: Stanislav Kinsburskiy Acked-by: Oleg Nesterov Acked-by: Cyrill Gorcunov Cc: Peter Zijlstra Cc: Ingo Molnar Cc: Michal Hocko Cc: Kees Cook Cc: Andy Lutomirski Cc: John Stultz Cc: Matt Helsley Cc: Pavel Emelyanov Cc: Vlastimil Babka Cc: Eric W. Biederman Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/sched.h | 6 +++++- kernel/sys.c | 10 ---------- 2 files changed, 5 insertions(+), 11 deletions(-) commit c0b942a76361e08fc9fb17989e0f266e64ff0688 Author: Nicolas Iooss Date: Mon Dec 12 16:40:39 2016 -0800 kthread: add __printf attributes When commit fbae2d44aa1d ("kthread: add kthread_create_worker*()") introduced some kthread_create_...() functions which were taking printf-like parametter, it introduced __printf attributes to some functions (e.g. kthread_create_worker()). Nevertheless some new functions were forgotten (they have been detected thanks to -Wmissing-format-attribute warning flag). Add the missing __printf attributes to the newly-introduced functions in order to detect formatting issues at build-time with -Wformat flag. Link: http://lkml.kernel.org/r/20161126193543.22672-1-nicolas.iooss_linux@m4x.org Signed-off-by: Nicolas Iooss Reviewed-by: Petr Mladek Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds include/linux/kthread.h | 2 +- kernel/kthread.c | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) commit a551d7c8deefb6d9fb45a1de03a617dd064e0419 Merge: 0cb80b4 6a34e4d Author: Theodore Ts'o Date: Mon Dec 12 21:50:28 2016 -0500 Merge branch 'fscrypt' into dev commit 0cb80b4847553582830a59da2c022c37a1f4a119 Author: Jan Kara Date: Mon Dec 12 21:34:12 2016 -0500 dax: Fix sleep in atomic contex in grab_mapping_entry() Commit 642261ac995e: "dax: add struct iomap based DAX PMD support" has introduced unmapping of page tables if huge page needs to be split in grab_mapping_entry(). However the unmapping happens after radix_tree_preload() call which disables preemption and thus unmap_mapping_range() tries to acquire i_mmap_lock in atomic context which is a bug. Fix the problem by moving unmapping before radix_tree_preload() call. Fixes: 642261ac995e01d7837db1f4b90181496f7e6835 Signed-off-by: Jan Kara Signed-off-by: Theodore Ts'o fs/dax.c | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) commit d4d7ccc834fe2401084e01fb043ad70ac410b19d Author: Marcin Nowakowski Date: Fri Dec 9 15:19:38 2016 +0100 kprobes/trace: Fix kprobe selftest for newer gcc Commit 265a5b7ee3eb ("kprobes/trace: Fix kprobe selftest for gcc 4.6") has added __used attribute to kprobe_trace_selftest_target to ensure that the method is listed in kallsyms table. However, even though the method remains in the kernel image, the actual call is optimized away as there are no side effects and the return value is never checked. Add a return value check and a 'noinline' attribute to ensure that an inlined copy of the method is not used by the caller. Also add checks that verify that the kprobe was really hit, as at the moment the tests show positive results despite the test method being optimized away. Finally, add __init annotations to find_trace_probe_file() and kprobe_trace_selftest_target() as they are only called from within an __init method. Link: http://lkml.kernel.org/r/1481293178-3128-2-git-send-email-marcin.nowakowski@imgtec.com Acked-by: Masami Hiramatsu Signed-off-by: Marcin Nowakowski Signed-off-by: Steven Rostedt kernel/trace/trace_kprobe.c | 28 +++++++++++++++++++++++----- 1 file changed, 23 insertions(+), 5 deletions(-) commit f18f97ac43d72ae84fe012dd4f19fe3f8f901469 Author: Marcin Nowakowski Date: Fri Dec 9 15:19:37 2016 +0100 tracing/kprobes: Add a helper method to return number of probe hits The number of probe hits is stored in a percpu variable and therefore can't be read directly. Add a helper method trace_kprobe_nhit() that performs the required calculation. It will be used in a follow-up commit that changes kprobe selftests to verify the number of probe hits. Link: http://lkml.kernel.org/r/1481293178-3128-1-git-send-email-marcin.nowakowski@imgtec.com Acked-by: Masami Hiramatsu Signed-off-by: Marcin Nowakowski Signed-off-by: Steven Rostedt kernel/trace/trace_kprobe.c | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) commit 2601a15d5d9b7f262e94b88784b1e1cf28ec020d Merge: 25dfd7c c167df4 Author: Dave Airlie Date: Tue Dec 13 12:05:12 2016 +1000 Merge tag 'drm-vc4-next-2016-12-09' of https://github.com/anholt/linux into drm-next This pull request brings in VEC (TV-out) support for vc4, along with a pageflipping race fix. * tag 'drm-vc4-next-2016-12-09' of https://github.com/anholt/linux: drm/vc4: Don't use drm_put_dev drm/vc4: Document VEC DT binding drm/vc4: Add support for the VEC (Video Encoder) IP drm: Add TV connector states to drm_connector_state drm: Turn DRM_MODE_SUBCONNECTOR_xx definitions into an enum drm/vc4: Fix ->clock_select setting for the VEC encoder drm/vc4: Fix race between page flip completion event and clean-up commit 19d53d014776d1c31c1b431ebcaec375301c74cd Author: Ben Skeggs Date: Tue Dec 13 11:18:46 2016 +1000 drm/nouveau/kms/nv50: fix atomic regression on original G80 Reported-by: Pierre Moreau Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/nv50_display.c | 5 +++++ 1 file changed, 5 insertions(+) commit b53ac1ee12a330dea59243e240aef398e951ff32 Author: Pierre Moreau Date: Thu Dec 8 00:57:09 2016 +0100 drm/nouveau/bl: Do not register interface if Apple GMUX detected The Apple GMUX is the one managing the backlight, so there is no need for Nouveau to register its own backlight interface. v2: Do not split information message on two lines as it prevents from grepping it, as pointed out by Lukas Wunner v3: Add a missing end-of-line character to the printed message Signed-off-by: Pierre Moreau Reviewed-by: Lukas Wunner Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/nouveau_backlight.c | 6 ++++++ 1 file changed, 6 insertions(+) commit db1a0ae21461afa4bc435651a6dd55e0e6ef4a8b Author: Pierre Moreau Date: Thu Dec 8 00:57:08 2016 +0100 drm/nouveau/bl: Assign different names to interfaces Currently, every backlight interface created by Nouveau uses the same name, nv_backlight. This leads to a sysfs warning as it tries to create an already existing folder. This patch adds a incremented number to the name, but keeps the initial name as nv_backlight, to avoid possibly breaking userspace; the second interface will be named nv_backlight1, and so on. Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=86539 v2: * Switch to using ida for generating unique IDs, as suggested by Ilia Mirkin; * Allocate backlight name on the stack, as suggested by Ilia Mirkin; * Move `nouveau_get_backlight_name()` to avoid forward declaration, as suggested by Ilia Mirkin; * Fix reference to bug report formatting, as reported by Nick Tenney. v3: * Define a macro for the size of the backlight name, to avoid defining it multiple times; * Use snprintf in place of sprintf. v4: * Do not create similarly named interfaces when reaching the maximum amount of unique names, but fail instead, as pointed out by Lukas Wunner Signed-off-by: Pierre Moreau Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/nouveau_backlight.c | 74 +++++++++++++++++++++++++++-- drivers/gpu/drm/nouveau/nouveau_display.h | 10 ++++ drivers/gpu/drm/nouveau/nouveau_drm.c | 2 + drivers/gpu/drm/nouveau/nouveau_drv.h | 1 + 4 files changed, 83 insertions(+), 4 deletions(-) commit 79d48dadb0a71ec31ec8ce234ad0811a50123580 Author: Ben Skeggs Date: Tue Dec 13 10:22:53 2016 +1000 drm/nouveau/bios/dp: fix handling of LevelEntryTableIndex on DP table 4.2 Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/nvkm/subdev/bios/dp.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit f4e65efc88b64c1dbca275d42a188edccedb56c6 Author: Ben Skeggs Date: Tue Dec 13 09:29:55 2016 +1000 drm/nouveau/ltc: protect clearing of comptags with mutex Signed-off-by: Ben Skeggs Cc: stable@vger.kernel.org drivers/gpu/drm/nouveau/nvkm/subdev/ltc/base.c | 2 ++ 1 file changed, 2 insertions(+) commit 64373e4bb6e13f571145d32202907cdffe861550 Author: Ben Skeggs Date: Sat Dec 10 16:42:50 2016 +1000 drm/nouveau/gr/gf100-: handle GPC/TPC/MPC trap Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/nvkm/engine/gr/gf100.c | 7 +++++++ 1 file changed, 7 insertions(+) commit 1fe487d7d2858265e23f10fa6b4565112f9a17fe Author: Ben Skeggs Date: Fri Dec 9 10:24:14 2016 +1000 drm/nouveau/core: recognise GP106 chipset Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/nvkm/engine/device/base.c | 30 +++++++++++++++++++++++ 1 file changed, 30 insertions(+) commit 10dcab3e7f477bffee88d518aad57d06777cfdf4 Author: Ben Skeggs Date: Mon Dec 12 17:52:45 2016 +1000 drm/nouveau/ttm: wait for bo fence to signal before unmapping vmas TTM was changed a while back to allow for pipelining of buffer moves, and part of this was the removal of waiting for a BO to idle before calling move(), placing the responsibility on the driver to do this if required. That's all well and good, except, we make use of move_notify() to handle mapping/unmapping from the GPU VMM as move() isn't called on all paths. This commit adds a wait before unmapping from a VMM in move_notify(), to prevent GPU page faults where a buffer is still being accessed. Signed-off-by: Ben Skeggs Cc: stable@vger.kernel.org [v4.8+] drivers/gpu/drm/nouveau/nouveau_bo.c | 1 + 1 file changed, 1 insertion(+) commit 732be80743e72a2e9f04e8a9f369f0c6432b85d1 Author: Ben Skeggs Date: Fri Dec 9 18:50:23 2016 +1000 drm/nouveau/gr/gf100-: FECS intr handling is not relevant on proprietary ucode Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/nvkm/engine/gr/gf100.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 48dac93506973eadb27769bb7486340096c7f2f7 Author: Ben Skeggs Date: Fri Dec 9 18:02:17 2016 +1000 drm/nouveau/gr/gf100-: properly ack all FECS error interrupts Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/nvkm/engine/gr/gf100.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) commit ec884f74f1ec8ffa6a77a2769087117aeec80c1f Author: Ben Skeggs Date: Fri Dec 9 17:13:08 2016 +1000 drm/nouveau/fifo/gf100-: recover from host mmu faults This has been on the TODO list for a while now, recovering from things such as attempting to execute a push buffer or touch a semaphore in an unmapped memory area. The only thing required on the HW side here is that the offending channel is removed from the runlist, and *not* a full reset of PFIFO. This used to be a bit messier to handle before the rework to make use of engine topology info, but is apparently now trivial. Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/nvkm/engine/fifo/gf100.c | 3 ++- drivers/gpu/drm/nouveau/nvkm/engine/fifo/gk104.c | 16 ++++++++-------- drivers/gpu/drm/nouveau/nvkm/engine/fifo/gm107.c | 16 ++++++++-------- drivers/gpu/drm/nouveau/nvkm/engine/fifo/gp100.c | 22 +++++++++++----------- 4 files changed, 29 insertions(+), 28 deletions(-) commit f797484c26300fec842fb669c69a3a60eb66e240 Merge: 991bc36 80e9a4f Author: Linus Torvalds Date: Mon Dec 12 15:29:06 2016 -0800 Merge branch 'x86-platform-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 platform updates from Ingo Molnar: "Two changes: - implement various VMWare guest OS improvements/fixes (Alexey Makhalov) - unexport a spurious export from the intel-mid platform driver (Lukas Wunner)" * 'x86-platform-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/vmware: Add paravirt sched clock x86/vmware: Add basic paravirt ops support x86/vmware: Use tsc_khz value for calibrate_cpu() x86/platform/intel-mid: Unexport intel_mid_pci_set_power_state() x86/vmware: Read tsc_khz only once at boot time commit 991bc36254457f7f5695c0a28b39a91b104067a3 Merge: 212f300 14cfbe5 Author: Linus Torvalds Date: Mon Dec 12 15:23:02 2016 -0800 Merge branch 'x86-microcode-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 microcode update from Ingo Molnar: "The biggest change (by Borislav Petkov) is a thorough rewrite of the Intel microcode loader and its interactions with the core code. The biggest conceptual change is the decoupling of the microcode loading on boot and application processors (which load the microcode in different scenarios), so that both parse the input patches with as few assumptions as possible - this also fixes various kernel address space randomization bugs. (The AP side then goes on and caches the result to improve boot performance.) Since the AMD side already did this, this change also opened up the path towards more unification/simplification of the core microcode loading infrastructure: 10 files changed, 647 insertions(+), 940 deletions(-) which speaks for itself" * 'x86-microcode-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/microcode: Bump driver version, update copyrights x86/microcode: Rework microcode loading x86/microcode/intel: Remove intel_lib.c x86/microcode/amd: Move private inlines to .c and mark local functions static x86/microcode: Collect CPU info on resume x86/microcode: Issue the debug printk on resume only on success x86/microcode/amd: Hand down the CPU family x86/microcode: Export the microcode cache linked list x86/microcode: Remove one #ifdef clause x86/microcode/intel: Simplify generic_load_microcode() x86/microcode: Move driver authors to CREDITS x86/microcode: Run the AP-loading routine only on the application processors commit 99e6f6e8134b0c9d5d82eb2af1068a57199125e4 Author: Sebastian Andrzej Siewior Date: Wed Dec 7 14:31:33 2016 +0100 tracing/rb: Init the CPU mask on allocation Before commit b32614c03413 ("tracing/rb: Convert to hotplug state machine") the allocated cpumask was initialized to the mask of ONLINE or POSSIBLE CPUs. After the CPU hotplug changes the buffer initialisation moved to trace_rb_cpu_prepare() but I forgot to initially set the cpumask to zero. This is done now. Link: http://lkml.kernel.org/r/20161207133133.hzkcqfllxcdi3joz@linutronix.de Fixes: b32614c03413 ("tracing/rb: Convert to hotplug state machine") Reported-by: Tetsuo Handa Tested-by: Tetsuo Handa Signed-off-by: Sebastian Andrzej Siewior Signed-off-by: Steven Rostedt kernel/trace/ring_buffer.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 212f30008a284a9312d95dad6cc237ff81173d73 Merge: 6f3be0f 34bc356 Author: Linus Torvalds Date: Mon Dec 12 14:55:04 2016 -0800 Merge branch 'x86-idle-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 idle updates from Ingo Molnar: "There were two bigger changes in this development cycle: - remove idle notifiers: 32 files changed, 74 insertions(+), 803 deletions(-) These notifiers were of questionable value and the main usecase, the i7300 driver, was essentially unmaintained and can be removed, plus modern power management concepts don't need the callback - so use this golden opportunity and get rid of this opaque and fragile callback from a latency sensitive code path. (Len Brown, Thomas Gleixner) - improve the AMD Erratum 400 workaround that used high overhead MSR polling in the idle loop (Borisla Petkov, Thomas Gleixner)" * 'x86-idle-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86: Remove empty idle.h header x86/amd: Simplify AMD E400 aware idle routine x86/amd: Check for the C1E bug post ACPI subsystem init x86/bugs: Separate AMD E400 erratum and C1E bug x86/cpufeature: Provide helper to set bugs bits x86/idle: Remove enter_idle(), exit_idle() x86: Remove x86_test_and_clear_bit_percpu() x86/idle: Remove is_idle flag x86/idle: Remove idle_notifier i7300_idle: Remove this driver commit dc24de82d61b1edc3d195badd178e7875ba9398f Author: Yan, Zheng Date: Thu Nov 17 19:55:30 2016 +0800 ceph: properly set issue_seq for cap release Signed-off-by: Yan, Zheng fs/ceph/caps.c | 1 + 1 file changed, 1 insertion(+) commit 1e4ef0c6332bd90e6c70afc07b35dffaf1eab1a7 Author: Jeff Layton Date: Thu Nov 10 07:42:06 2016 -0500 ceph: add flags parameter to send_cap_msg Add a flags parameter to send_cap_msg, so we can request expedited service from the MDS when we know we'll be waiting on the result. Set that flag in the case of try_flush_caps. The callers of that function generally wait synchronously on the result, so it's beneficial to ask the server to expedite it. Signed-off-by: Jeff Layton Reviewed-by: Yan, Zheng fs/ceph/caps.c | 25 +++++++++++++++---------- include/linux/ceph/ceph_fs.h | 3 +++ 2 files changed, 18 insertions(+), 10 deletions(-) commit 43b29673307387f7b939fceeedefd08ece13c41d Author: Jeff Layton Date: Thu Nov 10 07:42:05 2016 -0500 ceph: update cap message struct version to 10 The userland ceph has MClientCaps at struct version 10. This brings the kernel up the same version. For now, all of the the new stuff is set to default values including the flags field, which will be conditionally set in a later patch. Note that we don't need to set the change_attr and btime to anything since we aren't currently setting the feature flag. The MDS should ignore those values. Signed-off-by: Jeff Layton Reviewed-by: Yan, Zheng fs/ceph/caps.c | 39 +++++++++++++++++++++++++++++++++------ 1 file changed, 33 insertions(+), 6 deletions(-) commit 0ff8bfb394124a7ff4f5a4cd3dc9e8dc52dbe5c9 Author: Jeff Layton Date: Thu Nov 10 07:42:03 2016 -0500 ceph: define new argument structure for send_cap_msg When we get to this many arguments, it's hard to work with positional parameters. send_cap_msg is already at 25 arguments, with more needed. Define a new args structure and pass a pointer to it to send_cap_msg. Eventually it might make sense to embed one of these inside ceph_cap_snap instead of tracking individual fields. Signed-off-by: Jeff Layton Reviewed-by: Yan, Zheng fs/ceph/caps.c | 225 ++++++++++++++++++++++++++++++++------------------------- 1 file changed, 126 insertions(+), 99 deletions(-) commit 9670079f5f0a52b4ddcc16c407cfe9ff42633e04 Author: Jeff Layton Date: Thu Nov 10 07:42:02 2016 -0500 ceph: move xattr initialzation before the encoding past the ceph_mds_caps Just for clarity. This part is inside the header, so it makes sense to group it with the rest of the stuff in the header. Signed-off-by: Jeff Layton Reviewed-by: Yan, Zheng fs/ceph/caps.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) commit 4945a084799e24f0954e20f81b9004749cba93e4 Author: Jeff Layton Date: Wed Nov 16 09:45:22 2016 -0500 ceph: fix minor typo in unsafe_request_wait Signed-off-by: Jeff Layton Reviewed-by: Yan, Zheng fs/ceph/caps.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 5f743e4566063c3944c8a2e525ed2fe9d25fc271 Author: Yan, Zheng Date: Tue Nov 15 16:04:37 2016 +0800 ceph: record truncate size/seq for snap data writeback Dirty snapshot data needs to be flushed unconditionally. If they were created before truncation, writeback should use old truncate size/seq. Signed-off-by: Yan, Zheng fs/ceph/addr.c | 31 ++++++++++++++++++------------- fs/ceph/snap.c | 2 ++ fs/ceph/super.h | 2 ++ 3 files changed, 22 insertions(+), 13 deletions(-) commit e9e427f0a14f7e4773896dd7af357819a56d097a Author: Yan, Zheng Date: Thu Nov 10 16:02:06 2016 +0800 ceph: check availability of mds cluster on mount Signed-off-by: Yan, Zheng fs/ceph/mds_client.c | 19 ++++-- fs/ceph/mdsmap.c | 163 ++++++++++++++++++++++++++++++++++++++++++-- fs/ceph/super.c | 10 +++ fs/ceph/super.h | 1 + include/linux/ceph/mdsmap.h | 5 ++ 5 files changed, 187 insertions(+), 11 deletions(-) commit 7ce469a53e7106acdaca2e25027941d0f7c12a8e Author: Yan, Zheng Date: Tue Nov 8 21:54:34 2016 +0800 ceph: fix splice read for no Fc capability case When iov_iter type is ITER_PIPE, copy_page_to_iter() increases the page's reference and add the page to a pipe_buffer. It also set the pipe_buffer's ops to page_cache_pipe_buf_ops. The comfirm callback in page_cache_pipe_buf_ops expects the page is from page cache and uptodate, otherwise it return error. For ceph_sync_read() case, pages are not from page cache. So we can't call copy_page_to_iter() when iov_iter type is ITER_PIPE. The fix is using iov_iter_get_pages_alloc() to allocate pages for the pipe. (the code is similar to default_file_splice_read) Signed-off-by: Yan, Zheng fs/ceph/file.c | 120 +++++++++++++++++++++++++++++++-------------------------- 1 file changed, 66 insertions(+), 54 deletions(-) commit 2b1ac852eb67a6e95595e576371d23519105559f Author: Yan, Zheng Date: Tue Oct 25 10:51:55 2016 +0800 ceph: try getting buffer capability for readahead/fadvise For readahead/fadvise cases, caller of ceph_readpages does not hold buffer capability. Pages can be added to page cache while there is no buffer capability. This can cause data integrity issue. Signed-off-by: Yan, Zheng fs/ceph/addr.c | 58 +++++++++++++++++++++++++++++++++++++++++++++++---------- fs/ceph/caps.c | 21 +++++++++++++++++++++ fs/ceph/file.c | 3 ++- fs/ceph/super.h | 2 ++ 4 files changed, 73 insertions(+), 11 deletions(-) commit 5c341ee32881c554727ec14b71ec3e8832f01989 Author: Nikolay Borisov Date: Tue Oct 11 12:04:09 2016 +0300 ceph: fix scheduler warning due to nested blocking try_get_cap_refs can be used as a condition in a wait_event* calls. This is all fine until it has to call __ceph_do_pending_vmtruncate, which in turn acquires the i_truncate_mutex. This leads to a situation in which a task's state is !TASK_RUNNING and at the same time it's trying to acquire a sleeping primitive. In essence a nested sleeping primitives are being used. This causes the following warning: WARNING: CPU: 22 PID: 11064 at kernel/sched/core.c:7631 __might_sleep+0x9f/0xb0() do not call blocking ops when !TASK_RUNNING; state=1 set at [] prepare_to_wait_event+0x5d/0x110 ipmi_msghandler tcp_scalable ib_qib dca ib_mad ib_core ib_addr ipv6 CPU: 22 PID: 11064 Comm: fs_checker.pl Tainted: G O 4.4.20-clouder2 #6 Hardware name: Supermicro X10DRi/X10DRi, BIOS 1.1a 10/16/2015 0000000000000000 ffff8838b416fa88 ffffffff812f4409 ffff8838b416fad0 ffffffff81a034f2 ffff8838b416fac0 ffffffff81052b46 ffffffff81a0432c 0000000000000061 0000000000000000 0000000000000000 ffff88167bda54a0 Call Trace: [] dump_stack+0x67/0x9e [] warn_slowpath_common+0x86/0xc0 [] warn_slowpath_fmt+0x4c/0x50 [] ? prepare_to_wait_event+0x5d/0x110 [] ? prepare_to_wait_event+0x5d/0x110 [] __might_sleep+0x9f/0xb0 [] mutex_lock+0x20/0x40 [] __ceph_do_pending_vmtruncate+0x44/0x1a0 [ceph] [] try_get_cap_refs+0xa2/0x320 [ceph] [] ceph_get_caps+0x255/0x2b0 [ceph] [] ? wait_woken+0xb0/0xb0 [] ceph_write_iter+0x2b1/0xde0 [ceph] [] ? schedule_timeout+0x202/0x260 [] ? kmem_cache_free+0x1ea/0x200 [] ? iput+0x9e/0x230 [] ? __might_sleep+0x52/0xb0 [] ? __might_fault+0x37/0x40 [] ? cp_new_stat+0x153/0x170 [] __vfs_write+0xaa/0xe0 [] vfs_write+0xa9/0x190 [] ? set_close_on_exec+0x31/0x70 [] SyS_write+0x46/0xa0 This happens since wait_event_interruptible can interfere with the mutex locking code, since they both fiddle with the task state. Fix the issue by using the newly-added nested blocking infrastructure in 61ada528dea0 ("sched/wait: Provide infrastructure to deal with nested blocking") Link: https://lwn.net/Articles/628628/ Signed-off-by: Nikolay Borisov Signed-off-by: Yan, Zheng fs/ceph/caps.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) commit a380a031cbe4323a3f638a8468c862510ace1919 Author: Zhi Zhang Date: Tue Nov 8 14:35:59 2016 +0100 ceph: fix printing wrong return variable in ceph_direct_read_write() Fix printing wrong return variable for invalidate_inode_pages2_range in ceph_direct_read_write(). Signed-off-by: Zhi Zhang Signed-off-by: Ilya Dryomov fs/ceph/file.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit f6c0d1a3edb5862c21ddb57bd4dfa175b01136ca Author: Tobias Klauser Date: Fri Oct 28 13:23:24 2016 +0200 crush: include mapper.h in mapper.c Include linux/crush/mapper.h in crush/mapper.c to get the prototypes of crush_find_rule and crush_do_rule which are defined there. This fixes the following GCC warnings when building with 'W=1': net/ceph/crush/mapper.c:40:5: warning: no previous prototype for ‘crush_find_rule’ [-Wmissing-prototypes] net/ceph/crush/mapper.c:793:5: warning: no previous prototype for ‘crush_do_rule’ [-Wmissing-prototypes] Signed-off-by: Tobias Klauser [idryomov@gmail.com: corresponding !__KERNEL__ include] Signed-off-by: Ilya Dryomov net/ceph/crush/mapper.c | 2 ++ 1 file changed, 2 insertions(+) commit d4c2269b3d5d06a8ea434b1841fbcaec336ed396 Author: Ilya Dryomov Date: Tue Sep 6 11:15:48 2016 +0200 rbd: silence bogus -Wmaybe-uninitialized warning drivers/block/rbd.c: In function ‘rbd_watch_cb’: drivers/block/rbd.c:3690:5: error: ‘struct_v’ may be used uninitialized in this function [-Werror=maybe-uninitialized] drivers/block/rbd.c:3759:5: note: ‘struct_v’ was declared here Signed-off-by: Ilya Dryomov drivers/block/rbd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 6f3be0f04354185e81a006b8e4dfc307edad75e7 Merge: 518bacf 523d0fb Author: Linus Torvalds Date: Mon Dec 12 14:53:24 2016 -0800 Merge branch 'x86-headers-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 header fixlet from Ingo Molnar: "Remove unnecessary module.h inclusion from core code (Paul Gortmaker)" * 'x86-headers-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/percpu: Remove unnecessary include of module.h, add asm/desc.h commit 28076483afac9dd77df269f5d460e51a09dfb19f Author: Rafael J. Wysocki Date: Sat Dec 10 00:52:28 2016 +0100 ACPI / CPPC: Fix per-CPU pointer management in acpi_cppc_processor_probe() Fix a possible use-after-free scenario in acpi_cppc_processor_probe() that can happen if the function returns without cleaning up the per-CPU pointer set by it previously. Reported-by: Sebastian Andrzej Siewior Signed-off-by: Rafael J. Wysocki drivers/acpi/cppc_acpi.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) commit 9e9d68dad58c70f40f50adfeabd2fdaa39a743fd Author: Sebastian Andrzej Siewior Date: Wed Dec 7 20:06:08 2016 +0100 ACPI / CPPC: Fix crash in acpi_cppc_processor_exit() First I had crashed what I bisected down to de966cf4a4fa (sched/x86: Change CONFIG_SCHED_ITMT to CONFIG_SCHED_MC_PRIO) because it made SCHED_ITMT the default. Then I run another bisect round and got here with the same backtrace: |BUG: unable to handle kernel NULL pointer dereference at (null) |IP: [] acpi_cppc_processor_exit+0x40/0x60 |PGD 0 [ 0.577616] |Oops: 0000 [#1] SMP |Modules linked in: |CPU: 3 PID: 1 Comm: swapper/0 Not tainted 4.9.0-rc6-00146-g17669006adf6 #51 |task: ffff88003f878000 task.stack: ffffc90000008000 |RIP: 0010:[] [] acpi_cppc_processor_exit+0x40/0x60 |RSP: 0000:ffffc9000000bd48 EFLAGS: 00010296 |RAX: 00000000000137e0 RBX: 0000000000000000 RCX: 0000000000000001 |RDX: ffff88003fc00000 RSI: 0000000000000000 RDI: ffff88003fbca130 |RBP: ffffc9000000bd60 R08: 0000000000000514 R09: 0000000000000000 |R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000002 |R13: 0000000000000020 R14: ffffffff8167cb00 R15: 0000000000000000 |FS: 0000000000000000(0000) GS:ffff88003fcc0000(0000) knlGS:0000000000000000 |CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 |CR2: 0000000000000000 CR3: 0000000001618000 CR4: 00000000000406e0 |Stack: | ffff88003f939848 ffff88003fbca130 0000000000000001 ffffc9000000bd80 | ffffffff812a4ccb ffff88003fc0cee8 0000000000000000 ffffc9000000bdb8 | ffffffff812dc20d ffff88003fc0cee8 ffffffff8167cb00 ffff88003fc0cf48 |Call Trace: | [] acpi_processor_stop+0xb2/0xc5 | [] driver_probe_device+0x14d/0x2f0 | [] __driver_attach+0x6e/0x90 | [] bus_for_each_dev+0x54/0x90 | [] driver_attach+0x19/0x20 | [] bus_add_driver+0xe6/0x200 | [] driver_register+0x83/0xc0 | [] acpi_processor_driver_init+0x20/0x94 | [] do_one_initcall+0x97/0x180 | [] kernel_init_freeable+0x112/0x1a6 | [] kernel_init+0x9/0xf0 | [] ret_from_fork+0x25/0x30 |Code: 02 00 00 00 48 8b 14 d5 e0 c3 55 81 48 8b 1c 02 4c 8d 6b 20 eb 15 49 8b 7d 00 48 85 ff 74 05 e8 39 8c d9 ff 41 ff c4 49 83 c5 20 <44> 3b 23 72 e6 48 8d bb a0 02 00 00 e8 b1 6f f9 ff 48 89 df e8 |RIP [] acpi_cppc_processor_exit+0x40/0x60 | RSP |CR2: 0000000000000000 |---[ end trace 917a625107b09711 ]--- Fix it. Fixes: 17669006adf6 (cpufreq/intel_pstate: Use CPPC to get max performance) Signed-off-by: Sebastian Andrzej Siewior [ rjw: Subject ] Signed-off-by: Rafael J. Wysocki drivers/acpi/cppc_acpi.c | 2 ++ 1 file changed, 2 insertions(+) commit 518bacf5a569d111e256d58b9fbc8d7b80ec42ea Merge: 535b2f7 064e6a8 Author: Linus Torvalds Date: Mon Dec 12 14:27:49 2016 -0800 Merge branch 'x86-fpu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 FPU updates from Ingo Molnar: "The main changes in this cycle were: - do a large round of simplifications after all CPUs do 'eager' FPU context switching in v4.9: remove CR0 twiddling, remove leftover eager/lazy bts, etc (Andy Lutomirski) - more FPU code simplifications: remove struct fpu::counter, clarify nomenclature, remove unnecessary arguments/functions and better structure the code (Rik van Riel)" * 'x86-fpu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/fpu: Remove clts() x86/fpu: Remove stts() x86/fpu: Handle #NM without FPU emulation as an error x86/fpu, lguest: Remove CR0.TS support x86/fpu, kvm: Remove host CR0.TS manipulation x86/fpu: Remove irq_ts_save() and irq_ts_restore() x86/fpu: Stop saving and restoring CR0.TS in fpu__init_check_bugs() x86/fpu: Get rid of two redundant clts() calls x86/fpu: Finish excising 'eagerfpu' x86/fpu: Split old_fpu & new_fpu handling into separate functions x86/fpu: Remove 'cpu' argument from __cpu_invalidate_fpregs_state() x86/fpu: Split old & new FPU code paths x86/fpu: Remove __fpregs_(de)activate() x86/fpu: Rename lazy restore functions to "register state valid" x86/fpu, kvm: Remove KVM vcpu->fpu_counter x86/fpu: Remove struct fpu::counter x86/fpu: Remove use_eager_fpu() x86/fpu: Remove the XFEATURE_MASK_EAGER/LAZY distinction x86/fpu: Hard-disable lazy FPU mode x86/crypto, x86/fpu: Remove X86_FEATURE_EAGER_FPU #ifdef from the crc32c code commit 535b2f73f6f60fb227b700136c134c5d7c8f8ad3 Merge: ef486c5 b6a50cd Author: Linus Torvalds Date: Mon Dec 12 14:25:21 2016 -0800 Merge branch 'x86-cpu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 CPU updates from Ingo Molnar: "The changes in this development cycle were: - AMD CPU topology enhancements that are cleanups on current CPUs but which enable future Fam17 hardware. (Yazen Ghannam) - unify bugs.c and bugs_64.c (Borislav Petkov) - remove the show_msr= boot option (Borislav Petkov) - simplify a boot message (Borislav Petkov)" * 'x86-cpu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/cpu/AMD: Clean up cpu_llc_id assignment per topology feature x86/cpu: Get rid of the show_msr= boot option x86/cpu: Merge bugs.c and bugs_64.c x86/cpu: Remove the printk format specifier in "CPU0: " commit 34888602eb99df174e76eafeb613ad857f534ebb Author: Jingkui Wang Date: Sat Dec 10 22:44:10 2016 -0800 Input: drv260x - use generic device properties Update driver drv260x to use generic device properties so that it can be used on non-DT systems. We also remove platform data as generic device properties work on static board code as well. Signed-off-by: Jingkui Wang Signed-off-by: Dmitry Torokhov drivers/input/misc/drv260x.c | 83 +++++++---------------------- include/linux/platform_data/drv260x-pdata.h | 28 ---------- 2 files changed, 19 insertions(+), 92 deletions(-) commit ba4cf3783854346051ed5a243220f37c0c865350 Author: Dmitry Torokhov Date: Sat Dec 10 23:03:33 2016 -0800 Input: drv260x - use temporary for &client->dev Let's introduce a temporary for "client->dev" is probe() as we use it quite a few times and "dev" is shorter. Signed-off-by: Dmitry Torokhov drivers/input/misc/drv260x.c | 37 +++++++++++++++---------------------- 1 file changed, 15 insertions(+), 22 deletions(-) commit 5a8a6b89c15766446d845671d574a9243b6d8786 Author: Jingkui Wang Date: Mon Dec 12 13:51:46 2016 -0800 Input: drv260x - fix input device's parent assignment We were assigning I2C bus controller instead of client as parent device. Besides being logically wrong, it messed up with devm handling of input device. As a result we were leaving input device and event node behind after rmmod-ing the driver, which lead to a kernel oops if one were to access the event node later. Let's remove the assignment and rely on devm_input_allocate_device() to set it up properly for us. Signed-off-by: Jingkui Wang Fixes: 7132fe4f5687 ("Input: drv260x - add TI drv260x haptics driver") Cc: stable@vger.kernel.org Signed-off-by: Dmitry Torokhov drivers/input/misc/drv260x.c | 1 - 1 file changed, 1 deletion(-) commit d6f7bbcc2e419c8afd4a426af78b3dac44632268 Author: Henry Orosco Date: Tue Dec 6 16:16:20 2016 -0600 i40iw: Reorganize structures to align with HW capabilities Some resources are incorrectly organized and at odds with HW capabilities. Specifically, ILQ, IEQ, QPs, MSS, QOS and statistics belong in a VSI. Signed-off-by: Faisal Latif Signed-off-by: Mustafa Ismail Signed-off-by: Henry Orosco Signed-off-by: Doug Ledford drivers/infiniband/hw/i40iw/i40iw.h | 7 +- drivers/infiniband/hw/i40iw/i40iw_cm.c | 36 +- drivers/infiniband/hw/i40iw/i40iw_ctrl.c | 527 +++++++++++++++------------ drivers/infiniband/hw/i40iw/i40iw_d.h | 21 +- drivers/infiniband/hw/i40iw/i40iw_hw.c | 4 +- drivers/infiniband/hw/i40iw/i40iw_main.c | 53 ++- drivers/infiniband/hw/i40iw/i40iw_osdep.h | 6 +- drivers/infiniband/hw/i40iw/i40iw_p.h | 23 +- drivers/infiniband/hw/i40iw/i40iw_puda.c | 268 ++++++++------ drivers/infiniband/hw/i40iw/i40iw_puda.h | 20 +- drivers/infiniband/hw/i40iw/i40iw_type.h | 79 ++-- drivers/infiniband/hw/i40iw/i40iw_utils.c | 150 +++++++- drivers/infiniband/hw/i40iw/i40iw_verbs.c | 17 +- drivers/infiniband/hw/i40iw/i40iw_virtchnl.c | 29 +- 14 files changed, 775 insertions(+), 465 deletions(-) commit 0cc0d851ccf1746466822c1b7ce02c980406d57f Author: Mustafa Ismail Date: Tue Dec 6 15:49:35 2016 -0600 i40iw: Fix incorrect check for error In i40iw_ieq_handle_partial() the check for !status is incorrect. Signed-off-by: Mustafa Ismail Signed-off-by: Henry Orosco Signed-off-by: Doug Ledford drivers/infiniband/hw/i40iw/i40iw_puda.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 6b0805c25657f9b702607ed4617c2821343158c0 Author: Mustafa Ismail Date: Tue Dec 6 15:49:34 2016 -0600 i40iw: Assign MSS only when it is a new MTU Currently we are changing the MSS regardless of whether there is a change or not in MTU. Fix to make the assignment of MSS dependent on an MTU change. Signed-off-by: Mustafa Ismail Signed-off-by: Henry Orosco Signed-off-by: Shiraz Saleem Signed-off-by: Doug Ledford drivers/infiniband/hw/i40iw/i40iw_main.c | 2 ++ 1 file changed, 2 insertions(+) commit d627b506313c887e7159580cde926f5d14797aaa Author: Shiraz Saleem Date: Tue Dec 6 15:49:33 2016 -0600 i40iw: Fix race condition in terminate timer's handler Add a QP reference when terminate timer is started to ensure the destroy QP doesn't race ahead to free the QP while it is being referenced in the terminate timer's handler. Signed-off-by: Shiraz Saleem Signed-off-by: Doug Ledford drivers/infiniband/hw/i40iw/i40iw_cm.c | 2 +- drivers/infiniband/hw/i40iw/i40iw_utils.c | 5 ++++- drivers/infiniband/hw/i40iw/i40iw_verbs.c | 2 +- 3 files changed, 6 insertions(+), 3 deletions(-) commit fd90d4d4c2dc815ef5a5f5d50a9c65c266c68ace Author: Mustafa Ismail Date: Tue Dec 6 15:49:32 2016 -0600 i40iw: Fix memory leak in CQP destroy when in reset On a device close, the control QP (CQP) is destroyed by calling cqp_destroy which destroys the CQP and frees its SD buffer memory. However, if the reset flag is true, cqp_destroy is never called and leads to a memory leak on SD buffer memory. Fix this by always calling cqp_destroy, on device close, regardless of reset. The exception to this when CQP create fails. In this case, the SD buffer memory is already freed on an error check and there is no need to call cqp_destroy. Signed-off-by: Mustafa Ismail Signed-off-by: Shiraz Saleem Signed-off-by: Doug Ledford drivers/infiniband/hw/i40iw/i40iw_main.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) commit 1cda28bb5b503bab734072d97a41b2e7eda6b6b9 Author: Shiraz Saleem Date: Tue Dec 6 15:49:31 2016 -0600 i40iw: Fix QP flush to not hang on empty queues or failure When flush QP and there are no pending work requests, signal completion to unblock i40iw_drain_sq and i40iw_drain_rq which are waiting on completion for iwqp->sq_drained and iwqp->sq_drained respectively. Also, signal completion if flush QP fails to prevent the drain SQ or RQ from being blocked indefintely. Signed-off-by: Shiraz Saleem Signed-off-by: Doug Ledford drivers/infiniband/hw/i40iw/i40iw.h | 9 ++++++--- drivers/infiniband/hw/i40iw/i40iw_hw.c | 26 ++++++++++++++++++++++++-- 2 files changed, 30 insertions(+), 5 deletions(-) commit f4a87ca12a1c203913a5cc889ec49b817a1f45fc Author: Mustafa Ismail Date: Tue Dec 6 15:49:30 2016 -0600 i40iw: Fix double free of QP A QP can be double freed if i40iw_cm_disconn() is called while it is currently being freed by i40iw_rem_ref(). The fix in i40iw_cm_disconn() will first check if the QP is already freed before making another request for the QP to be freed. Signed-off-by: Mustafa Ismail Signed-off-by: Shiraz Saleem Signed-off-by: Henry Orosco Signed-off-by: Doug Ledford drivers/infiniband/hw/i40iw/i40iw.h | 2 +- drivers/infiniband/hw/i40iw/i40iw_cm.c | 20 ++++++++++++++++---- drivers/infiniband/hw/i40iw/i40iw_hw.c | 4 +++- 3 files changed, 20 insertions(+), 6 deletions(-) commit ef486c599a1f20c465ea196cd2019474708fbe52 Merge: 5fc0363 990e9dc Author: Linus Torvalds Date: Mon Dec 12 14:20:14 2016 -0800 Merge branch 'x86-cleanups-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 cleanups from Ingo Molnar: "Two cleanups in the LDT handling code, by Dan Carpenter and Thomas Gleixner" * 'x86-cleanups-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/ldt: Make all size computations unsigned x86/ldt: Make a size argument unsigned commit 91c42b72f8e8b45961ff05a05009b644e6316ca2 Author: Shiraz Saleem Date: Fri Nov 11 10:55:41 2016 -0600 i40iw: Use correct src address in memcpy to rdma stats counters hw_stats is a pointer to i40_iw_dev_stats struct in i40iw_get_hw_stats(). Use hw_stats and not &hw_stats in the memcpy to copy the i40iw device stats data into rdma_hw_stats counters. Fixes: b40f4757daa1 ("IB/core: Make device counter infrastructure dynamic") Cc: stable@vger.kernel.org # 4.7+ Signed-off-by: Shiraz Saleem Signed-off-by: Faisal Latif Signed-off-by: Doug Ledford drivers/infiniband/hw/i40iw/i40iw_verbs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 5fc0363d439ff15d2b9b1a5abe8265fa17512975 Merge: 06cc6b9 9190e21 Author: Linus Torvalds Date: Mon Dec 12 14:16:19 2016 -0800 Merge branch 'x86-build-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 build updates from Ingo Molnar: "The main changes in this cycle were: - Makefile improvements (Paul Bolle) - KConfig cleanups to better separate 32-bit only, 64-bit only and generic feature enablement sections (Ingo Molnar)" * 'x86-build-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/build: Remove three unneeded genhdr-y entries x86/build: Don't use $(LINUXINCLUDE) twice x86/kconfig: Sort the 'config X86' selects alphabetically x86/kconfig: Clean up 32-bit compat options x86/kconfig: Clean up IA32_EMULATION select x86/kconfig, x86/pkeys: Move pkeys selects to X86_INTEL_MEMORY_PROTECTION_KEYS x86/kconfig: Move 64-bit only arch Kconfig selects to 'config X86_64' x86/kconfig: Move 32-bit only arch Kconfig selects to 'config X86_32' commit 06cc6b969c6375c65d0abbe4113af7949da29ab8 Merge: 5645688 6248f45 Author: Linus Torvalds Date: Mon Dec 12 14:13:30 2016 -0800 Merge branch 'x86-boot-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 boot updates from Ingo Molnar: "Misc cleanups/simplifications by Borislav Petkov, Paul Bolle and Wei Yang" * 'x86-boot-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/boot/64: Optimize fixmap page fixup x86/boot: Simplify the GDTR calculation assembly code a bit x86/boot/build: Remove always empty $(USERINCLUDE) commit 5e589171225b6aeac5eaca0b0887bd83dc9376d8 Author: Thomas Huth Date: Wed Oct 5 13:55:38 2016 +0200 i40iw: Remove macros I40IW_STAG_KEY_FROM_STAG and I40IW_STAG_INDEX_FROM_STAG The macros I40IW_STAG_KEY_FROM_STAG and I40IW_STAG_INDEX_FROM_STAG are apparently bad - they are using the logical "&&" operation which does not make sense here. It should have been a bitwise "&" instead. Since the macros seem to be completely unused, let's simply remove them so that nobody accidentially uses them in the future. And while we're at it, also remove the unused macro I40IW_CREATE_STAG. Signed-off-by: Thomas Huth Reviewed-by: Leon Romanovsky Acked-by: Faisal Latif Signed-off-by: Doug Ledford drivers/infiniband/hw/i40iw/i40iw_user.h | 6 ------ 1 file changed, 6 deletions(-) commit b3bbd3f2ab19c8ca319003b4b51ce4c4ca74da06 Author: Ilya Dryomov Date: Fri Dec 2 16:35:09 2016 +0100 libceph: no need to drop con->mutex for ->get_authorizer() ->get_authorizer(), ->verify_authorizer_reply(), ->sign_message() and ->check_message_signature() shouldn't be doing anything with or on the connection (like closing it or sending messages). Signed-off-by: Ilya Dryomov Reviewed-by: Sage Weil net/ceph/messenger.c | 6 ------ 1 file changed, 6 deletions(-) commit 0dde584882ade13dc9708d611fbf69b0ae8a9e48 Author: Ilya Dryomov Date: Fri Dec 2 16:35:09 2016 +0100 libceph: drop len argument of *verify_authorizer_reply() The length of the reply is protocol-dependent - for cephx it's ceph_x_authorize_reply. Nothing sensible can be passed from the messenger layer anyway. Signed-off-by: Ilya Dryomov Reviewed-by: Sage Weil fs/ceph/mds_client.c | 4 ++-- include/linux/ceph/auth.h | 5 ++--- include/linux/ceph/messenger.h | 2 +- net/ceph/auth.c | 4 ++-- net/ceph/auth_x.c | 2 +- net/ceph/messenger.c | 2 +- net/ceph/osd_client.c | 4 ++-- 7 files changed, 11 insertions(+), 12 deletions(-) commit 5c056fdc5b474329037f2aa18401bd73033e0ce0 Author: Ilya Dryomov Date: Fri Dec 2 16:35:09 2016 +0100 libceph: verify authorize reply on connect After sending an authorizer (ceph_x_authorize_a + ceph_x_authorize_b), the client gets back a ceph_x_authorize_reply, which it is supposed to verify to ensure the authenticity and protect against replay attacks. The code for doing this is there (ceph_x_verify_authorizer_reply(), ceph_auth_verify_authorizer_reply() + plumbing), but it is never invoked by the the messenger. AFAICT this goes back to 2009, when ceph authentication protocols support was added to the kernel client in 4e7a5dcd1bba ("ceph: negotiate authentication protocol; implement AUTH_NONE protocol"). The second param of ceph_connection_operations::verify_authorizer_reply is unused all the way down. Pass 0 to facilitate backporting, and kill it in the next commit. Cc: stable@vger.kernel.org Signed-off-by: Ilya Dryomov Reviewed-by: Sage Weil net/ceph/messenger.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) commit 5418d0a2c859abca2e59d7db36ba477ee4a3ebc6 Author: Ilya Dryomov Date: Fri Dec 2 16:35:08 2016 +0100 libceph: no need for GFP_NOFS in ceph_monc_init() It's called during inital setup, when everything should be allocated with GFP_KERNEL. Signed-off-by: Ilya Dryomov Reviewed-by: Sage Weil net/ceph/mon_client.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) commit 7af3ea189a9a13f090de51c97f676215dabc1205 Author: Ilya Dryomov Date: Fri Dec 2 16:35:08 2016 +0100 libceph: stop allocating a new cipher on every crypto request This is useless and more importantly not allowed on the writeback path, because crypto_alloc_skcipher() allocates memory with GFP_KERNEL, which can recurse back into the filesystem: kworker/9:3 D ffff92303f318180 0 20732 2 0x00000080 Workqueue: ceph-msgr ceph_con_workfn [libceph] ffff923035dd4480 ffff923038f8a0c0 0000000000000001 000000009eb27318 ffff92269eb28000 ffff92269eb27338 ffff923036b145ac ffff923035dd4480 00000000ffffffff ffff923036b145b0 ffffffff951eb4e1 ffff923036b145a8 Call Trace: [] ? schedule+0x31/0x80 [] ? schedule_preempt_disabled+0xa/0x10 [] ? __mutex_lock_slowpath+0xb4/0x130 [] ? mutex_lock+0x1b/0x30 [] ? xfs_reclaim_inodes_ag+0x233/0x2d0 [xfs] [] ? move_active_pages_to_lru+0x125/0x270 [] ? radix_tree_gang_lookup_tag+0xc5/0x1c0 [] ? __list_lru_walk_one.isra.3+0x33/0x120 [] ? xfs_reclaim_inodes_nr+0x31/0x40 [xfs] [] ? super_cache_scan+0x17e/0x190 [] ? shrink_slab.part.38+0x1e3/0x3d0 [] ? shrink_node+0x10a/0x320 [] ? do_try_to_free_pages+0xf4/0x350 [] ? try_to_free_pages+0xea/0x1b0 [] ? __alloc_pages_nodemask+0x61d/0xe60 [] ? cache_grow_begin+0x9d/0x560 [] ? fallback_alloc+0x148/0x1c0 [] ? __crypto_alloc_tfm+0x37/0x130 [] ? __kmalloc+0x1eb/0x580 [] ? crush_choose_firstn+0x3eb/0x470 [libceph] [] ? __crypto_alloc_tfm+0x37/0x130 [] ? crypto_spawn_tfm+0x39/0x60 [] ? crypto_cbc_init_tfm+0x23/0x40 [cbc] [] ? __crypto_alloc_tfm+0xcc/0x130 [] ? crypto_skcipher_init_tfm+0x113/0x180 [] ? crypto_create_tfm+0x43/0xb0 [] ? crypto_larval_lookup+0x150/0x150 [] ? crypto_alloc_tfm+0x72/0x120 [] ? ceph_aes_encrypt2+0x67/0x400 [libceph] [] ? ceph_pg_to_up_acting_osds+0x84/0x5b0 [libceph] [] ? release_sock+0x40/0x90 [] ? tcp_recvmsg+0x4b4/0xae0 [] ? ceph_encrypt2+0x54/0xc0 [libceph] [] ? ceph_x_encrypt+0x5d/0x90 [libceph] [] ? calcu_signature+0x5f/0x90 [libceph] [] ? ceph_x_sign_message+0x35/0x50 [libceph] [] ? prepare_write_message_footer+0x5c/0xa0 [libceph] [] ? ceph_con_workfn+0x2258/0x2dd0 [libceph] [] ? queue_con_delay+0x33/0xd0 [libceph] [] ? __submit_request+0x20d/0x2f0 [libceph] [] ? ceph_osdc_start_request+0x28/0x30 [libceph] [] ? rbd_queue_workfn+0x2f3/0x350 [rbd] [] ? process_one_work+0x160/0x410 [] ? worker_thread+0x4d/0x480 [] ? process_one_work+0x410/0x410 [] ? kthread+0xcd/0xf0 [] ? ret_from_fork+0x1f/0x40 [] ? kthread_create_on_node+0x190/0x190 Allocating the cipher along with the key fixes the issue - as long the key doesn't change, a single cipher context can be used concurrently in multiple requests. We still can't take that GFP_KERNEL allocation though. Both ceph_crypto_key_clone() and ceph_crypto_key_decode() are called from GFP_NOFS context, so resort to memalloc_noio_{save,restore}() here. Reported-by: Lucas Stach Signed-off-by: Ilya Dryomov Reviewed-by: Sage Weil net/ceph/crypto.c | 85 +++++++++++++++++++++++++++++++++++++++---------------- net/ceph/crypto.h | 1 + 2 files changed, 61 insertions(+), 25 deletions(-) commit 6db2304aabb070261ad34923bfd83c43dfb000e3 Author: Ilya Dryomov Date: Fri Dec 2 16:35:08 2016 +0100 libceph: uninline ceph_crypto_key_destroy() Signed-off-by: Ilya Dryomov Reviewed-by: Sage Weil net/ceph/crypto.c | 8 ++++++++ net/ceph/crypto.h | 9 +-------- 2 files changed, 9 insertions(+), 8 deletions(-) commit 2b1e1a7cd0a615d57455567a549f9965023321b5 Author: Ilya Dryomov Date: Fri Dec 2 16:35:08 2016 +0100 libceph: remove now unused ceph_*{en,de}crypt*() functions Signed-off-by: Ilya Dryomov Reviewed-by: Sage Weil net/ceph/crypto.c | 369 ------------------------------------------------------ net/ceph/crypto.h | 14 --- 2 files changed, 383 deletions(-) commit e15fd0a11db00fc7f470a9fc804657ec3f6d04a5 Author: Ilya Dryomov Date: Fri Dec 2 16:35:08 2016 +0100 libceph: switch ceph_x_decrypt() to ceph_crypt() Signed-off-by: Ilya Dryomov Reviewed-by: Sage Weil net/ceph/auth_x.c | 78 +++++++++++++++++++++++-------------------------------- 1 file changed, 32 insertions(+), 46 deletions(-) commit d03857c63bb036edff0aa7a107276360173aca4e Author: Ilya Dryomov Date: Fri Dec 2 16:35:07 2016 +0100 libceph: switch ceph_x_encrypt() to ceph_crypt() Signed-off-by: Ilya Dryomov Reviewed-by: Sage Weil net/ceph/auth_x.c | 71 +++++++++++++++++++++++++++++-------------------------- 1 file changed, 37 insertions(+), 34 deletions(-) commit 4eb4517ce7c9c573b6c823de403aeccb40018cfc Author: Ilya Dryomov Date: Fri Dec 2 16:35:07 2016 +0100 libceph: tweak calcu_signature() a little - replace an ad-hoc array with a struct - rename to calc_signature() for consistency Signed-off-by: Ilya Dryomov Reviewed-by: Sage Weil net/ceph/auth_x.c | 43 ++++++++++++++++++++++++++++--------------- 1 file changed, 28 insertions(+), 15 deletions(-) commit 7882a26d2e2e520099e2961d5e2e870f8e4172dc Author: Ilya Dryomov Date: Fri Dec 2 16:35:07 2016 +0100 libceph: rename and align ceph_x_authorizer::reply_buf It's going to be used as a temporary buffer for in-place en/decryption with ceph_crypt() instead of on-stack buffers, so rename to enc_buf. Ensure alignment to avoid GFP_ATOMIC allocations in the crypto stack. Signed-off-by: Ilya Dryomov Reviewed-by: Sage Weil net/ceph/auth_x.c | 10 +++++----- net/ceph/auth_x.h | 3 ++- 2 files changed, 7 insertions(+), 6 deletions(-) commit a45f795c65b479b4ba107b6ccde29b896d51ee98 Author: Ilya Dryomov Date: Fri Dec 2 16:35:07 2016 +0100 libceph: introduce ceph_crypt() for in-place en/decryption Starting with 4.9, kernel stacks may be vmalloced and therefore not guaranteed to be physically contiguous; the new CONFIG_VMAP_STACK option is enabled by default on x86. This makes it invalid to use on-stack buffers with the crypto scatterlist API, as sg_set_buf() expects a logical address and won't work with vmalloced addresses. There isn't a different (e.g. kvec-based) crypto API we could switch net/ceph/crypto.c to and the current scatterlist.h API isn't getting updated to accommodate this use case. Allocating a new header and padding for each operation is a non-starter, so do the en/decryption in-place on a single pre-assembled (header + data + padding) heap buffer. This is explicitly supported by the crypto API: "... the caller may provide the same scatter/gather list for the plaintext and cipher text. After the completion of the cipher operation, the plaintext data is replaced with the ciphertext data in case of an encryption and vice versa for a decryption." Signed-off-by: Ilya Dryomov Reviewed-by: Sage Weil net/ceph/crypto.c | 87 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ net/ceph/crypto.h | 2 ++ 2 files changed, 89 insertions(+) commit 55d9cc834f933698fc864f0d36f3cca533d30a8d Author: Ilya Dryomov Date: Fri Dec 2 16:35:07 2016 +0100 libceph: introduce ceph_x_encrypt_offset() Signed-off-by: Ilya Dryomov Reviewed-by: Sage Weil net/ceph/auth_x.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) commit 462e650451c577d15eeb4d883d70fa9e4e529fad Author: Ilya Dryomov Date: Fri Dec 2 16:35:06 2016 +0100 libceph: old_key in process_one_ticket() is redundant Since commit 0a990e709356 ("ceph: clean up service ticket decoding"), th->session_key isn't assigned until everything is decoded. Signed-off-by: Ilya Dryomov Reviewed-by: Sage Weil net/ceph/auth_x.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) commit 36721ece1e84a25130c4befb930509b3f96de020 Author: Ilya Dryomov Date: Fri Dec 2 16:35:06 2016 +0100 libceph: ceph_x_encrypt_buflen() takes in_len Pass what's going to be encrypted - that's msg_b, not ticket_blob. ceph_x_encrypt_buflen() returns the upper bound, so this doesn't change the maxlen calculation, but makes it a bit clearer. Signed-off-by: Ilya Dryomov Reviewed-by: Sage Weil net/ceph/auth_x.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) commit fc4b891bbefa73b496bb44b076bb5274b6bfba68 Author: Richard Weinberger Date: Wed Oct 19 23:46:39 2016 +0200 ubifs: Raise write version to 5 Starting with version 5 the following properties change: - UBIFS_FLG_DOUBLE_HASH is mandatory - UBIFS_FLG_ENCRYPTION is optional but depdens on UBIFS_FLG_DOUBLE_HASH - Filesystems with unknown super block flags will be rejected, this allows us in future to add new features without raising the UBIFS write version. Signed-off-by: Richard Weinberger fs/ubifs/sb.c | 17 +++++++++++++++++ fs/ubifs/ubifs-media.h | 4 +++- 2 files changed, 20 insertions(+), 1 deletion(-) commit e021986ee4119e487febb9a5f077ec77dff85865 Author: Richard Weinberger Date: Wed Oct 19 23:24:47 2016 +0200 ubifs: Implement UBIFS_FLG_ENCRYPTION This feature flag indicates that the filesystem contains encrypted files. Signed-off-by: Richard Weinberger fs/ubifs/ioctl.c | 5 +++++ fs/ubifs/sb.c | 40 ++++++++++++++++++++++++++++++++++++++++ fs/ubifs/ubifs-media.h | 2 ++ fs/ubifs/ubifs.h | 3 +++ 4 files changed, 50 insertions(+) commit d63d61c16972c667d770f713c21aa04e2c0489d2 Author: Richard Weinberger Date: Wed Oct 19 15:59:12 2016 +0200 ubifs: Implement UBIFS_FLG_DOUBLE_HASH This feature flag indicates that all directory entry nodes have a 32bit cookie set and therefore UBIFS is allowed to perform lookups by hash. Signed-off-by: Richard Weinberger fs/ubifs/journal.c | 14 +++++++++++--- fs/ubifs/sb.c | 2 ++ fs/ubifs/tnc.c | 3 +++ fs/ubifs/ubifs-media.h | 3 +++ fs/ubifs/ubifs.h | 2 ++ 5 files changed, 21 insertions(+), 3 deletions(-) commit cc41a536524fba126ab11c41a866cf9037adbaf8 Author: Richard Weinberger Date: Sun Oct 16 19:51:51 2016 +0200 ubifs: Use a random number for cookies Signed-off-by: Richard Weinberger fs/ubifs/journal.c | 3 +++ fs/ubifs/ubifs.h | 1 + 2 files changed, 4 insertions(+) commit 528e3d178f257e36001345d4d61ae5af35422017 Author: Richard Weinberger Date: Fri Nov 11 20:46:06 2016 +0100 ubifs: Add full hash lookup support UBIFS stores a 32bit hash of every file, for traditional lookups by name this scheme is fine since UBIFS can first try to find the file by the hash of the filename and upon collisions it can walk through all entries with the same hash and do a string compare. When filesnames are encrypted fscrypto will ask the filesystem for a unique cookie, based on this cookie the filesystem has to be able to locate the target file again. With 32bit hashes this is impossible because the chance for collisions is very high. Do deal with that we store a 32bit cookie directly in the UBIFS directory entry node such that we get a 64bit cookie (32bit from filename hash and the dent cookie). For a lookup by hash UBIFS finds the entry by the first 32bit and then compares the dent cookie. If it does not match, it has to do a linear search of the whole directory and compares all dent cookies until the correct entry is found. Signed-off-by: Richard Weinberger fs/ubifs/dir.c | 7 ++-- fs/ubifs/journal.c | 1 - fs/ubifs/tnc.c | 90 ++++++++++++++++++++++++++++++++++++++++++++++++-- fs/ubifs/ubifs-media.h | 5 +-- fs/ubifs/ubifs.h | 2 ++ 5 files changed, 98 insertions(+), 7 deletions(-) commit b91dc9816e5cd684b0d131fe6ec608a99bfbe3ee Author: Richard Weinberger Date: Mon Oct 10 10:14:40 2016 +0200 ubifs: Rename tnc_read_node_nm tnc_read_hashed_node() is a better name since we read a node by a given hash, not a name. Signed-off-by: Richard Weinberger fs/ubifs/tnc.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) commit ca7f85be8d6cf9ad1b6597e5d907ddbe392082a9 Author: Richard Weinberger Date: Sat Oct 8 13:24:26 2016 +0200 ubifs: Add support for encrypted symlinks Signed-off-by: Richard Weinberger fs/ubifs/dir.c | 83 ++++++++++++++++++++++++++++++++++++++++++++++++-------- fs/ubifs/file.c | 55 ++++++++++++++++++++++++++++++++++++- fs/ubifs/super.c | 1 - 3 files changed, 126 insertions(+), 13 deletions(-) commit f4f61d2cc6d8789a52245a4733b3e5643be154f3 Author: Richard Weinberger Date: Fri Nov 11 22:50:29 2016 +0100 ubifs: Implement encrypted filenames Signed-off-by: Richard Weinberger Signed-off-by: David Gstir Signed-off-by: Richard Weinberger fs/ubifs/debug.c | 14 +-- fs/ubifs/dir.c | 323 +++++++++++++++++++++++++++++++++++++++++++---------- fs/ubifs/journal.c | 123 ++++++++++---------- fs/ubifs/key.h | 19 ++-- fs/ubifs/replay.c | 8 +- fs/ubifs/tnc.c | 54 ++++----- fs/ubifs/ubifs.h | 24 ++-- fs/ubifs/xattr.c | 46 ++++---- 8 files changed, 414 insertions(+), 197 deletions(-) commit b9bc8c7bdbbcba1a0d0b86d55f4730a060d4315a Author: Richard Weinberger Date: Thu Oct 6 22:04:58 2016 +0200 ubifs: Make r5 hash binary string aware As of now all filenames known by UBIFS are strings with a NUL terminator. With encrypted filenames a filename can be any binary string and the r5 function cannot search for the NUL terminator. UBIFS always knows how long a filename is, therefore we can change the hash function to iterate over the filename length to work correctly with binary strings. Signed-off-by: Richard Weinberger fs/ubifs/key.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 304790c038bc4af4f19774705409db27eafb09fc Author: Richard Weinberger Date: Tue Oct 4 22:38:33 2016 +0200 ubifs: Relax checks in ubifs_validate_entry() With encrypted filenames we store raw binary data, doing string tests is no longer possible. Signed-off-by: Richard Weinberger fs/ubifs/replay.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 7799953b34d1838b30e3d69fd36aa3288ac1e89d Author: Richard Weinberger Date: Thu Sep 29 22:20:19 2016 +0200 ubifs: Implement encrypt/decrypt for all IO Signed-off-by: Richard Weinberger Signed-off-by: David Gstir Signed-off-by: Richard Weinberger fs/ubifs/crypto.c | 51 +++++++++++++++++++++++++++++++++++ fs/ubifs/file.c | 14 ++++++++++ fs/ubifs/journal.c | 78 +++++++++++++++++++++++++++++++++++++----------------- fs/ubifs/super.c | 6 +++-- fs/ubifs/ubifs.h | 31 ++++++++++++++++++++-- 5 files changed, 152 insertions(+), 28 deletions(-) commit 1ee77870c9ea954871e4424a7b5ae260fe198b13 Author: Richard Weinberger Date: Fri Oct 21 14:03:19 2016 +0200 ubifs: Constify struct inode pointer in ubifs_crypt_is_encrypted() ...and provide a non const variant for fscrypto Signed-off-by: Richard Weinberger fs/ubifs/crypto.c | 2 +- fs/ubifs/super.c | 2 +- fs/ubifs/ubifs.h | 7 ++++++- 3 files changed, 8 insertions(+), 3 deletions(-) commit f1f52d6b029776bef4a60cc30011a81f0420a873 Author: Richard Weinberger Date: Thu Sep 29 21:17:15 2016 +0200 ubifs: Introduce new data node field, compr_size When data of a data node is compressed and encrypted we need to store the size of the compressed data because before encryption we may have to add padding bytes. For the new field we consume the last two padding bytes in struct ubifs_data_node. Two bytes are fine because the data length is at most 4096. Signed-off-by: Richard Weinberger fs/ubifs/journal.c | 11 ----------- fs/ubifs/ubifs-media.h | 6 ++---- 2 files changed, 2 insertions(+), 15 deletions(-) commit 959c2de2b30bd09582392105889f68a96cb94fa4 Author: Richard Weinberger Date: Thu Sep 29 20:44:05 2016 +0200 ubifs: Enforce crypto policy in mmap We need this extra check in mmap because a process could gain an already opened fd. Signed-off-by: Richard Weinberger fs/ubifs/file.c | 9 +++++++++ 1 file changed, 9 insertions(+) commit 700eada82a349f0aeadd43ce4b182b32e4adc5b5 Author: Richard Weinberger Date: Thu Sep 29 20:11:03 2016 +0200 ubifs: Massage assert in ubifs_xattr_set() wrt. fscrypto When we're creating a new inode in UBIFS the inode is not yet exposed and fscrypto calls ubifs_xattr_set() without holding the inode mutex. This is okay but ubifs_xattr_set() has to know about this. Signed-off-by: Richard Weinberger fs/ubifs/xattr.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) commit 9270b2f4cd9d903ed638c6cb93206baf458bdf46 Author: Richard Weinberger Date: Thu Sep 29 20:10:06 2016 +0200 ubifs: Preload crypto context in ->lookup() ...and mark the dentry as encrypted. Signed-off-by: Richard Weinberger fs/ubifs/dir.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) commit ac7e47a9ed1b22b1c71345fcdec35a5d2727ef2c Author: Richard Weinberger Date: Thu Sep 29 20:00:38 2016 +0200 ubifs: Enforce crypto policy in ->link and ->rename When a file is moved or linked into another directory its current crypto policy has to be compatible with the target policy. Signed-off-by: Richard Weinberger fs/ubifs/dir.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) commit a79bff21c120a615dc8ba6df9258e9e2ef022e3b Author: Richard Weinberger Date: Thu Sep 29 18:00:57 2016 +0200 ubifs: Implement file open operation We need ->open() for files to load the crypto key. If the no key is present and the file is encrypted, refuse to open. Signed-off-by: Richard Weinberger fs/ubifs/file.c | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) commit ba40e6a3c40514f6cd50df50033107c1c6794c20 Author: Richard Weinberger Date: Thu Sep 29 17:20:27 2016 +0200 ubifs: Implement directory open operation We need the ->open() hook to load the crypto context which is needed for all crypto operations within that directory. Signed-off-by: Richard Weinberger fs/ubifs/dir.c | 9 +++++++++ 1 file changed, 9 insertions(+) commit 43b113fea2d427e17e7663494fc70c4e93e83d5e Author: Richard Weinberger Date: Wed Sep 21 12:21:29 2016 +0200 ubifs: Massage ubifs_listxattr() for encryption context We have to make sure that we don't expose our internal crypto context to userspace. Signed-off-by: Richard Weinberger fs/ubifs/xattr.c | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) commit d475a507457b5cafa428871a473d0dcc828c5f68 Author: Richard Weinberger Date: Thu Oct 20 16:47:56 2016 +0200 ubifs: Add skeleton for fscrypto This is the first building block to provide file level encryption on UBIFS. Signed-off-by: Richard Weinberger fs/ubifs/Kconfig | 11 +++++++++++ fs/ubifs/Makefile | 1 + fs/ubifs/crypto.c | 46 ++++++++++++++++++++++++++++++++++++++++++++++ fs/ubifs/dir.c | 28 +++++++++++++++++++++++++++- fs/ubifs/ioctl.c | 35 +++++++++++++++++++++++++++++++++++ fs/ubifs/super.c | 10 ++++++++++ fs/ubifs/ubifs-media.h | 2 ++ fs/ubifs/ubifs.h | 37 ++++++++++++++++++++++++++++++++++++- fs/ubifs/xattr.c | 10 ++++++++++ 9 files changed, 178 insertions(+), 2 deletions(-) commit 6a5e98ab7d8665d2faddbd91a8a2bf9addb79aff Author: Richard Weinberger Date: Mon Sep 19 22:05:18 2016 +0200 ubifs: Define UBIFS crypto context xattr Like ext4 UBIFS will store the crypto context in a xattr attribute. Signed-off-by: Richard Weinberger fs/ubifs/ubifs-media.h | 7 +++++++ 1 file changed, 7 insertions(+) commit ade46c3a6029dea49dbc6c7734b0f6a78d3f104c Author: Richard Weinberger Date: Mon Sep 19 21:42:06 2016 +0200 ubifs: Export xattr get and set functions For fscrypto we need this function outside of xattr.c. Signed-off-by: Richard Weinberger fs/ubifs/ubifs.h | 4 ++++ fs/ubifs/xattr.c | 35 ++++++++++++++++++----------------- 2 files changed, 22 insertions(+), 17 deletions(-) commit f6337d842668ad47f01d5f2dcd3730484f09d6fa Author: Richard Weinberger Date: Mon Sep 19 20:54:19 2016 +0200 ubifs: Export ubifs_check_dir_empty() fscrypto will need this function too. Also get struct ubifs_info from the provided inode. Not all callers will have a reference to struct ubifs_info. Signed-off-by: Richard Weinberger fs/ubifs/dir.c | 8 ++++---- fs/ubifs/ubifs.h | 1 + 2 files changed, 5 insertions(+), 4 deletions(-) commit d40a7962174f1144869f18d1fc68a385c9ab21ec Author: Christophe Jaillet Date: Tue Nov 1 07:45:25 2016 +0100 ubifs: Remove some dead code 'ubifs_fast_find_freeable()' can not return an error pointer, so this test can be removed. Signed-off-by: Christophe JAILLET Signed-off-by: Richard Weinberger fs/ubifs/gc.c | 4 ---- 1 file changed, 4 deletions(-) commit 1b7fc2c0069f3864a3dda15430b7aded31c0bfcc Author: Rafał Miłecki Date: Tue Sep 20 10:36:15 2016 +0200 ubifs: Use dirty_writeback_interval value for wbuf timer Right now wbuf timer has hardcoded timeouts and there is no place for manual adjustments. Some projects / cases many need that though. Few file systems allow doing that by respecting dirty_writeback_interval that can be set using sysctl (dirty_writeback_centisecs). Lowering dirty_writeback_interval could be some way of dealing with user space apps lacking proper fsyncs. This is definitely *not* a perfect solution but we don't have ideal (user space) world. There were already advanced discussions on this matter, mostly when ext4 was introduced and it wasn't behaving as ext3. Anyway, the final decision was to add some hacks to the ext4, as trying to fix whole user space or adding new API was pointless. We can't (and shouldn't?) just follow ext4. We can't e.g. sync on close as this would cause too many commits and flash wearing. On the other hand we still should allow some trade-off between -o sync and default wbuf timeout. Respecting dirty_writeback_interval should allow some sane cutomizations if used warily. Signed-off-by: Rafał Miłecki Reviewed-by: Boris Brezillon Signed-off-by: Richard Weinberger fs/ubifs/io.c | 8 ++++---- fs/ubifs/ubifs.h | 4 ---- 2 files changed, 4 insertions(+), 8 deletions(-) commit 854826c9d526fd81077742c3b000e3f7fcaef3ce Author: Rafał Miłecki Date: Tue Sep 20 10:36:14 2016 +0200 ubifs: Drop softlimit and delta fields from struct ubifs_wbuf Values of these fields are set during init and never modified. They are used (read) in a single function only. There isn't really any reason to keep them in a struct. It only makes struct just a bit bigger without any visible gain. Signed-off-by: Rafał Miłecki Reviewed-by: Boris Brezillon Signed-off-by: Richard Weinberger fs/ubifs/io.c | 18 ++++++++++-------- fs/ubifs/ubifs.h | 5 ----- 2 files changed, 10 insertions(+), 13 deletions(-) commit 5645688f9d0d5a32f030f9c5429e1a58bedca23b Merge: 4ade5b2 53938ee Author: Linus Torvalds Date: Mon Dec 12 13:49:57 2016 -0800 Merge branch 'x86-asm-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 asm updates from Ingo Molnar: "The main changes in this development cycle were: - a large number of call stack dumping/printing improvements: higher robustness, better cross-context dumping, improved output, etc. (Josh Poimboeuf) - vDSO getcpu() performance improvement for future Intel CPUs with the RDPID instruction (Andy Lutomirski) - add two new Intel AVX512 features and the CPUID support infrastructure for it: AVX512IFMA and AVX512VBMI. (Gayatri Kammela, He Chen) - more copy-user unification (Borislav Petkov) - entry code assembly macro simplifications (Alexander Kuleshov) - vDSO C/R support improvements (Dmitry Safonov) - misc fixes and cleanups (Borislav Petkov, Paul Bolle)" * 'x86-asm-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (40 commits) scripts/decode_stacktrace.sh: Fix address line detection on x86 x86/boot/64: Use defines for page size x86/dumpstack: Make stack name tags more comprehensible selftests/x86: Add test_vdso to test getcpu() x86/vdso: Use RDPID in preference to LSL when available x86/dumpstack: Handle NULL stack pointer in show_trace_log_lvl() x86/cpufeatures: Enable new AVX512 cpu features x86/cpuid: Provide get_scattered_cpuid_leaf() x86/cpuid: Cleanup cpuid_regs definitions x86/copy_user: Unify the code by removing the 64-bit asm _copy_*_user() variants x86/unwind: Ensure stack grows down x86/vdso: Set vDSO pointer only after success x86/prctl/uapi: Remove #ifdef for CHECKPOINT_RESTORE x86/unwind: Detect bad stack return address x86/dumpstack: Warn on stack recursion x86/unwind: Warn on bad frame pointer x86/decoder: Use stderr if insn sanity test fails x86/decoder: Use stdout if insn decoder test is successful mm/page_alloc: Remove kernel address exposure in free_reserved_area() x86/dumpstack: Remove raw stack dump ... commit 995c6a7fd9b9212abdf01160f6ce3193176be503 Author: Jussi Laako Date: Mon Nov 28 11:27:45 2016 +0200 ALSA: hiface: Fix M2Tech hiFace driver sampling rate change Sampling rate changes after first set one are not reflected to the hardware, while driver and ALSA think the rate has been changed. Fix the problem by properly stopping the interface at the beginning of prepare call, allowing new rate to be set to the hardware. This keeps the hardware in sync with the driver. Signed-off-by: Jussi Laako Cc: Signed-off-by: Takashi Iwai sound/usb/hiface/pcm.c | 2 ++ 1 file changed, 2 insertions(+) commit 012007309133d21a5a7eae3f552c03ac061a2b51 Author: Nobutaka Okabe Date: Tue Dec 13 02:52:58 2016 +0900 ALSA: usb-audio: Eliminate noise at the start of DSD playback. [Problem] In some USB DACs, a terrible pop noise comes to be heard at the start of DSD playback (in the following situations). - play first DSD track - change from PCM track to DSD track - change from DSD64 track to DSD128 track (and etc...) - seek DSD track - Fast-Forward/Rewind DSD track [Cause] At the start of playback, there is a little silence. The silence bit pattern "0x69" is required on DSD mode, but it is not like that. [Solution] This patch adds DSD silence pattern to the endpoint settings. Signed-off-by: Nobutaka Okabe Signed-off-by: Takashi Iwai sound/usb/endpoint.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) commit 7f38ca047b0cb54df7f6d9e4110e292e45dba6ad Author: Nobutaka Okabe Date: Tue Dec 13 01:24:08 2016 +0900 ALSA: usb-audio: Add native DSD support for TEAC 501/503 DAC This patch adds native DSD support for the following devices. - TEAC NT-503 - TEAC UD-503 - TEAC UD-501 (1) Add quirks for native DSD support for TEAC devices. (2) A specific vendor command is needed to switch between PCM/DOP and DSD mode, same as Denon/Marantz devices. Signed-off-by: Nobutaka Okabe Signed-off-by: Takashi Iwai sound/usb/quirks.c | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) commit 37f69f43fb5aba4288d38ea32bbe0dfdb412c763 Author: Andrew Boyer Date: Mon Dec 5 08:43:21 2016 -0500 IB/rxe: Hold refs when running tasklets It might be possible for all of a QP's references to be dropped while one of that QP's tasklets is running. For example, the completer might run during QP destroy. If qp->valid is false, it will drop all of the packets on the resp_pkts list, potentially removing the last reference. Then it tries to advance the SQ consumer pointer. If the SQ's buffer has already been destroyed, the system will panic. To be safe, hold a reference on the QP for the duration of each tasklet. Signed-off-by: Andrew Boyer Signed-off-by: Doug Ledford drivers/infiniband/sw/rxe/rxe_comp.c | 4 ++++ drivers/infiniband/sw/rxe/rxe_req.c | 5 ++++- drivers/infiniband/sw/rxe/rxe_resp.c | 3 +++ 3 files changed, 11 insertions(+), 1 deletion(-) commit 07bf9627d5f1c0334fc543a5435a31a3b5907944 Author: Andrew Boyer Date: Mon Dec 5 08:43:20 2016 -0500 IB/rxe: Wait for tasklets to finish before tearing down QP The system may crash when a malformed request is received and the error is detected by the responder. NodeA: $ ibv_rc_pingpong -g 0 -d rxe0 -i 1 -n 1 -s 50000 NodeB: $ ibv_rc_pingpong -g 0 -d rxe0 -i 1 -n 1 -s 1024 The responder generates a receive error on node B since the incoming SEND is oversized. If the client tears down the QP before the responder or the completer finish running, a page fault may occur. The fix makes the destroy operation spin until the tasks complete, which appears to be original intent of the design. Signed-off-by: Andrew Boyer Reviewed-by: Yuval Shaia Signed-off-by: Doug Ledford drivers/infiniband/sw/rxe/rxe_task.c | 19 +++++++++++++++++++ drivers/infiniband/sw/rxe/rxe_task.h | 1 + 2 files changed, 20 insertions(+) commit 5407f530122aa63cf304eb0874c938b3bdb8d3fb Author: Andrew Boyer Date: Wed Nov 23 12:39:24 2016 -0500 IB/rxe: Fix ref leak in duplicate_request() A ref was added after the call to skb_clone(). Signed-off-by: Andrew Boyer Signed-off-by: Doug Ledford drivers/infiniband/sw/rxe/rxe_resp.c | 1 + 1 file changed, 1 insertion(+) commit 5b9ea16c5488e577b26cc198ac63550b746ce3b9 Author: Andrew Boyer Date: Wed Nov 23 12:39:23 2016 -0500 IB/rxe: Fix ref leak in rxe_create_qp() The udata->inlen error path needs to clean up the ref added by rxe_alloc(). Signed-off-by: Andrew Boyer Signed-off-by: Doug Ledford drivers/infiniband/sw/rxe/rxe_verbs.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) commit accacb8f51c299965939ac56926d1c718e2691a1 Author: Andrew Boyer Date: Wed Nov 23 12:39:22 2016 -0500 IB/rxe: Add support for IB_CQ_REPORT_MISSED_EVENTS Peek at the CQ after arming it so that we can return a hint. This avoids missed completions due to a race between posting CQEs and arming the CQ. For example, CM teardown waits on MAD requests to complete with ib_cq_poll_work(). Without this fix, the last completion might be left on the CQ, hanging the kthread doing the teardown. The console backtraces look like this: [ 4199.911284] Call Trace: [ 4199.911401] [] schedule+0x35/0x80 [ 4199.911556] [] schedule_timeout+0x22f/0x2c0 [ 4199.911727] [] ? __schedule+0x368/0xa20 [ 4199.911891] [] wait_for_completion+0xb3/0x130 [ 4199.912067] [] ? wake_up_q+0x70/0x70 [ 4199.912243] [] cm_destroy_id+0x13d/0x450 [ib_cm] [ 4199.912422] [] ? printk+0x57/0x73 [ 4199.912578] [] ib_destroy_cm_id+0x10/0x20 [ib_cm] [ 4199.912759] [] rdma_destroy_id+0xac/0x340 [rdma_cm] [ 4199.912941] [] 0xffffffffc076f2cc Signed-off-by: Andrew Boyer Signed-off-by: Doug Ledford drivers/infiniband/sw/rxe/rxe_verbs.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) commit d4fb59256ac03d84f68e36c430b58d6fc76dd651 Author: Andrew Boyer Date: Wed Nov 23 12:39:21 2016 -0500 IB/rxe: Add support for zero-byte operations The last_psn algorithm fails in the zero-byte case: it calculates first_psn = N, last_psn = N-1. This makes the operation unretryable since the res structure will fail the (first_psn <= psn <= last_psn) test in find_resource(). While here, use BTH_PSN_MASK to mask the calculated last_psn. Signed-off-by: Andrew Boyer Reviewed-by: Moni Shoua Signed-off-by: Doug Ledford drivers/infiniband/sw/rxe/rxe_mr.c | 3 +++ drivers/infiniband/sw/rxe/rxe_resp.c | 18 +++++++++++++++--- 2 files changed, 18 insertions(+), 3 deletions(-) commit d38eb801aa145aedf4b97e8e0bb2e65763aa6149 Author: Andrew Boyer Date: Wed Nov 23 12:39:20 2016 -0500 IB/rxe: Unblock loopback by moving skb_out increment skb_out is decremented in rxe_skb_tx_dtor(), which is not called in the loopback() path. Move the increment to the send() path rather than rxe_xmit_packet(). Signed-off-by: Andrew Boyer Acked-by: Moni Shoua Signed-off-by: Doug Ledford drivers/infiniband/sw/rxe/rxe_loc.h | 2 -- drivers/infiniband/sw/rxe/rxe_net.c | 2 ++ 2 files changed, 2 insertions(+), 2 deletions(-) commit 2a7a85487e5432424eef7a394ed26ef1d8f0d192 Author: Andrew Boyer Date: Wed Nov 23 12:39:19 2016 -0500 IB/rxe: Don't update the response PSN unless it's going forwards A client might post a read followed by a send. The partner receives and acknowledges both transactions, posting an RCQ entry for the send, but something goes wrong with the read ACK. When the client retries the read, the partner's responder processes the duplicate read but incorrectly resets the PSN to the value preceding the original send. When the duplicate send arrives, the responder cannot tell that it is a duplicate, so the responder generates a duplicate RCQ entry, confusing the client. Signed-off-by: Andrew Boyer Reviewed-by: Yonatan Cohen Signed-off-by: Doug Ledford drivers/infiniband/sw/rxe/rxe_resp.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit dd753d87436ce7ef2a958d684b38d5acc99c9f5c Author: Andrew Boyer Date: Wed Nov 23 12:39:18 2016 -0500 IB/rxe: Advance the consumer pointer before posting the CQE A simple userspace application might poll the CQ, find a completion, and then attempt to post a new WQE to the SQ. A spurious error can occur if the userspace application detects a full SQ in the instant before the kernel is able to advance the SQ consumer pointer. This is noticeable when using single-entry SQs with ibv_rc_pingpong if lots of kernel and userspace library debugging is enabled. Signed-off-by: Andrew Boyer Reviewed-by: Yonatan Cohen Signed-off-by: Doug Ledford drivers/infiniband/sw/rxe/rxe_comp.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 6e9bb530ff8b07b3bbce79c937fc9dcb32da4eb9 Author: Andrew Boyer Date: Wed Nov 23 12:39:17 2016 -0500 IB/rxe: Remove buffer used for printing IP address Avoid smashing the stack when an ICRC error occurs on an IPv6 network. Signed-off-by: Andrew Boyer Signed-off-by: Doug Ledford drivers/infiniband/sw/rxe/rxe_recv.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) commit 95db9d05b717b1ec242799103c09acda8d728974 Author: Dan Carpenter Date: Thu Nov 17 14:00:05 2016 +0300 IB/rxe: Remove unneeded cast in rxe_srq_from_attr() It makes me nervous when we cast pointer parameters. I would estimate that around 50% of the time, it indicates a bug. Here the cast is not needed becaue u32 and and unsigned int are the same thing. Removing the cast makes the code more robust and future proof in case any of the types change. Signed-off-by: Dan Carpenter Reviewed-by: Leon Romanovsky Reviewed-by: Yuval Shaia Acked-by: Moni Shoua Reviewed-by: Yuval Shaia Signed-off-by: Doug Ledford drivers/infiniband/sw/rxe/rxe_srq.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 4ac4707102d9ea1ffc9b5735891f6c5ee3d236e5 Author: Wei Yongjun Date: Sat Oct 29 16:19:33 2016 +0000 IB/rxe: Use DEFINE_SPINLOCK() for spinlock spinlock can be initialized automatically with DEFINE_SPINLOCK() rather than explicitly calling spin_lock_init(). Signed-off-by: Wei Yongjun Reviewed-by: Leon Romanosky Reviewed-by: Moni Shoua Signed-off-by: Doug Ledford drivers/infiniband/sw/rxe/rxe_net.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) commit a0fa72683e78979ef1123d679b1c40ae28bd9096 Author: Arnd Bergmann Date: Mon Sep 19 13:57:26 2016 +0200 IB/rxe: avoid putting a large struct rxe_qp on stack A race condition fix added an rxe_qp structure to the stack in order to be able to perform rollback in rxe_requester(), but the structure is large enough to trigger the warning for possible stack overflow: drivers/infiniband/sw/rxe/rxe_req.c: In function 'rxe_requester': drivers/infiniband/sw/rxe/rxe_req.c:757:1: error: the frame size of 2064 bytes is larger than 1024 bytes [-Werror=frame-larger-than=] This changes the rollback function to only save the psn inside the qp, which is the only field we access in the rollback_qp anyway. Fixes: 3050b9985024 ("IB/rxe: Fix race condition between requester and completer") Signed-off-by: Arnd Bergmann Reviewed-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/sw/rxe/rxe_req.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) commit 82cbd568bc5aa4c70f2a694f169d39ddef3b1aba Author: Dan Carpenter Date: Sat Dec 10 12:06:25 2016 +0300 parisc: perf: return -EFAULT on error The copy_from_user() returns the number of bytes remaining to be copied but we want to return -EFAULT if it's non-zero. Signed-off-by: Dan Carpenter Signed-off-by: Helge Deller arch/parisc/kernel/perf.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) commit 637250cc8f5e2bfc5c3a96802d1d96b4987a1d62 Author: Helge Deller Date: Thu Nov 17 21:27:50 2016 +0100 parisc: Enhance CPU detection code on PAT machines This patch fixes the debug code which runs during the inventory scan on machines with PAT firmware. Additionally print out the relationship between the detected logical CPU number and it's physical location and physical cpu number. This leads to information which can be used to feed numa-structures in the kernel in later patches. An example output is from my single-CPU (2 cores) C8000 machine is: Logical CPU #0 is physical cpu #0 at 0xffff0000ffff15, hpa 0xfffffffffe780000 Logical CPU #1 is physical cpu #1 at 0xffff0000ffff15, hpa 0xfffffffffe781000 Signed-off-by: Helge Deller arch/parisc/include/asm/pdcpat.h | 2 +- arch/parisc/kernel/firmware.c | 2 +- arch/parisc/kernel/inventory.c | 8 ++++---- arch/parisc/kernel/processor.c | 24 +++++++++++++----------- 4 files changed, 19 insertions(+), 17 deletions(-) commit 4ade5b2268b9ff05e48a9cb99689c4fd15fbe9c3 Merge: df5f0f0 5d07c2c Author: Linus Torvalds Date: Mon Dec 12 13:24:04 2016 -0800 Merge branch 'x86-apic-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 apic updates from Ingo Molnar: "Misc changes: - optimize (reduce) IRQ handler tracing overhead (Wanpeng Li) - clean up MSR helpers (Borislav Petkov) - fix build warning on some configs (Sebastian Andrzej Siewior)" * 'x86-apic-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/msr: Cleanup/streamline MSR helpers x86/apic: Prevent tracing on apic_msr_write_eoi() x86/msr: Add wrmsr_notrace() x86/apic: Get rid of "warning: 'acpi_ioapic_lock' defined but not used" commit 5c38602d83e584047906b41b162ababd4db4106d Author: Helge Deller Date: Mon Oct 24 21:55:58 2016 +0200 parisc: Re-enable interrupts early Since kernel 3.9 we re-enable interrupts quite late due to commit c207a76bf15 ("parisc: only re-enable interrupts if we need to schedule or deliver signals when returning to userspace"). At that time the parisc kernel had no dedicated IRQ stack, and this commit prevented kernel stack overflows. But since commit 200c880420a ("parisc: implement irq stacks") we now have an IRQ stack, so we may be safe now. And when CONFIG_DEBUG_STACKOVERFLOW=y is enabled, we can even check at runtime for overflows. Signed-off-by: Helge Deller arch/parisc/kernel/entry.S | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) commit 18d98a79382cbe5a7569788d5b7b18e7015506f2 Author: Helge Deller Date: Sun Oct 16 00:02:27 2016 +0200 parisc: Enable KASLR Add missing code for userspace executable address randomization, e.g. applications compiled with the gcc -pie option. Signed-off-by: Helge Deller arch/parisc/Kconfig | 1 + arch/parisc/include/asm/elf.h | 7 ++++--- arch/parisc/kernel/process.c | 6 +----- arch/parisc/kernel/sys_parisc.c | 18 ++++++++---------- 4 files changed, 14 insertions(+), 18 deletions(-) commit 152fce5a2371f64c57abf99dbb0600cc18d399d4 Merge: d71bb23 a5de5b7 Author: Takashi Iwai Date: Mon Dec 12 22:05:20 2016 +0100 Merge tag 'asoc-v4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into for-linus ASoC: Updates for v4.10 There's been a few bits of framework work this time around and quite a lot of cleanups and improvements to existing code: - Support for stereo DAPM controls from Chen-yu Tsai. - Some initial work on the of-graph sound card from Morimoto-san, the main bulk of this is currently in binding review. - Lots of Renesas cleanups from Morimoto-san and sunxi work from Chen-yu Tsai. - regmap conversions of the remaining AC'97 drivers from Lars-Peter Clausen. - A new version of the topology ABI from Mengdong Lin. - New drivers for Cirrus Logic CS42L42, Qualcomm MSM8916-WCD, and Realtek RT5665. commit df5f0f0a028c9bf43949398a175dbaafaf513e14 Merge: cbaa157 3f5a789 Author: Linus Torvalds Date: Mon Dec 12 12:58:50 2016 -0800 Merge branch 'ras-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull x86 RAS updates from Ingo Molnar: "The main changes in this development cycle were: - more AMD northbridge support work, mostly in preparation for Fam17h CPUs (Yazen Ghannam, Borislav Petkov) - cleanups/refactorings and fixes (Borislav Petkov, Tony Luck, Yinghai Lu)" * 'ras-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/mce: Include the PPIN in MCE records when available x86/mce/AMD: Add system physical address translation for AMD Fam17h x86/amd_nb: Add SMN and Indirect Data Fabric access for AMD Fam17h x86/amd_nb: Add Fam17h Data Fabric as "Northbridge" x86/amd_nb: Make all exports EXPORT_SYMBOL_GPL x86/amd_nb: Make amd_northbridges internal to amd_nb.c x86/mce/AMD: Reset Threshold Limit after logging error x86/mce/AMD: Fix HWID_MCATYPE calculation by grouping arguments x86/MCE: Correct TSC timestamping of error records x86/RAS: Hide SMCA bank names x86/RAS: Rename smca_bank_names to smca_names x86/RAS: Simplify SMCA HWID descriptor struct x86/RAS: Simplify SMCA bank descriptor struct x86/MCE: Dump MCE to dmesg if no consumers x86/RAS: Add TSC timestamp to the injected MCE x86/MCE: Do not look at panic_on_oops in the severity grading commit cbaa1576c4547b97cd7064469dcb5f7752def99f Merge: 92c020d 777c6e0 Author: Linus Torvalds Date: Mon Dec 12 12:53:54 2016 -0800 Merge branch 'smp-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull hotplug API fix from Ingo Molnar: "Late breaking fix from the v4.9 cycle: fix a hotplug register/ unregister notifier API asymmetry bug that can cause kernel warnings (and worse) with certain Kconfig combinations" * 'smp-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: hotplug: Make register and unregister notifier API symmetric commit 070cbd1d42aa0e359c9957cd73c2a529dec62047 Author: Martin Wilck Date: Fri Nov 25 10:55:36 2016 +0100 ipmi: create hardware-independent softdep for ipmi_devintf When a computer has an IPMI system interface, the device interface is most probably also desired. Autoloading of ipmi_devintf currently works only if ipmi_si has allocated a platform device. That doesn't happen if the SI interface was detected e.g. via ACPI. But ACPI detection is preferred these days, see e.g. kernel.org bug 46741. This patch introduces a softdep in place of the existing modalias for ipmi_devintf. Signed-off-by: Martin Wilck Suggested-by: Takashi Iwai I moved this to ipmi_msghandler.c, so it works for all IPMI interfaces. Retested by Martin. Tested-by: Martin Wilck Signed-off-by: Corey Minyard drivers/char/ipmi/ipmi_devintf.c | 1 - drivers/char/ipmi/ipmi_msghandler.c | 1 + 2 files changed, 1 insertion(+), 1 deletion(-) commit 92c020d08d83673ecd15a9069d4457378668da31 Merge: bca13ce 6b94780 Author: Linus Torvalds Date: Mon Dec 12 12:15:10 2016 -0800 Merge branch 'sched-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull scheduler updates from Ingo Molnar: "The main scheduler changes in this cycle were: - support Intel Turbo Boost Max Technology 3.0 (TBM3) by introducig a notion of 'better cores', which the scheduler will prefer to schedule single threaded workloads on. (Tim Chen, Srinivas Pandruvada) - enhance the handling of asymmetric capacity CPUs further (Morten Rasmussen) - improve/fix load handling when moving tasks between task groups (Vincent Guittot) - simplify and clean up the cputime code (Stanislaw Gruszka) - improve mass fork()ed task spread a.k.a. hackbench speedup (Vincent Guittot) - make struct kthread kmalloc()ed and related fixes (Oleg Nesterov) - add uaccess atomicity debugging (when using access_ok() in the wrong context), under CONFIG_DEBUG_ATOMIC_SLEEP=y (Peter Zijlstra) - implement various fixes, cleanups and other enhancements (Daniel Bristot de Oliveira, Martin Schwidefsky, Rafael J. Wysocki)" * 'sched-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (41 commits) sched/core: Use load_avg for selecting idlest group sched/core: Fix find_idlest_group() for fork kthread: Don't abuse kthread_create_on_cpu() in __kthread_create_worker() kthread: Don't use to_live_kthread() in kthread_[un]park() kthread: Don't use to_live_kthread() in kthread_stop() Revert "kthread: Pin the stack via try_get_task_stack()/put_task_stack() in to_live_kthread() function" kthread: Make struct kthread kmalloc'ed x86/uaccess, sched/preempt: Verify access_ok() context sched/x86: Make CONFIG_SCHED_MC_PRIO=y easier to enable sched/x86: Change CONFIG_SCHED_ITMT to CONFIG_SCHED_MC_PRIO x86/sched: Use #include instead of #include cpufreq/intel_pstate: Use CPPC to get max performance acpi/bus: Set _OSC for diverse core support acpi/bus: Enable HWP CPPC objects x86/sched: Add SD_ASYM_PACKING flags to x86 ITMT CPU x86/sysctl: Add sysctl for ITMT scheduling feature x86: Enable Intel Turbo Boost Max Technology 3.0 x86/topology: Define x86's arch_update_cpu_topology sched: Extend scheduler's asym packing sched/fair: Clean up the tunable parameter definitions ... commit 80f1b3dea9d4262817b5510547b1313681669f66 Merge: d2c2ba6 ee39222 Author: Rafael J. Wysocki Date: Mon Dec 12 20:48:18 2016 +0100 Merge branch 'device-properties' * device-properties: ACPI / property: Document usage rules for _DSD properties ACPI / property: Hierarchical properties support update commit d2c2ba690180da366bdc5ca037c2d4f077bd5ffd Merge: 3e16164 d132d6d 2d09af4 6276e53 5016347 9f9a35a Author: Rafael J. Wysocki Date: Mon Dec 12 20:48:01 2016 +0100 Merge branches 'acpi-soc', 'acpi-battery', 'acpi-video', 'acpi-cppc' and 'acpi-apei' * acpi-soc: ACPI / LPSS: enable hard LLP for DMA ACPI / APD: Add clock frequency for future AMD I2C controller * acpi-battery: ACPI / battery: If _BIX fails, retry with _BIF * acpi-video: ACPI / video: Add force_native quirk for HP Pavilion dv6 ACPI / video: Add force_native quirk for Dell XPS 17 L702X ACPI / video: Move ACPI_VIDEO_NOTIFY_* defines to acpi/video.h * acpi-cppc: ACPI / CPPC: set an error code on probe error path * acpi-apei: ACPI / APEI / ARM64: APEI initial support for ARM64 ACPI / APEI: Fix NMI notification handling commit 3e16164e1509b5e2a210862a02ea865bef6f6915 Merge: 496c9a9 c139c6b bc18461 2fb65f0 708f5dc Author: Rafael J. Wysocki Date: Mon Dec 12 20:47:35 2016 +0100 Merge branches 'acpi-tables', 'acpi-osi', 'acpi-osl' and 'acpi-blacklist' * acpi-tables: ACPI / tebles: remove redundant declare of acpi_table_parse_entries() * acpi-osi: ACPI: Document _OSI and _REV for Linux BIOS writers * acpi-osl: ACPI / osl: Refactor acpi_os_get_root_pointer() to drop 'else':s ACPI / osl: Propagate actual error code for kstrtoul() * acpi-blacklist: ACPI / blacklist: Make Dell Latitude 3350 ethernet work ACPI / blacklist: add _REV quirks for Dell Precision 5520 and 3520 commit 496c9a929384bfb5c829847ee1b068e96dcbaaf8 Merge: 69973b8 5a6e7ec Author: Rafael J. Wysocki Date: Mon Dec 12 20:47:18 2016 +0100 Merge branch 'acpica' * acpica: ACPICA: Utilities: Add new decode function for parser values ACPICA: Tables: Add an error message complaining driver bugs ACPICA: Tables: Add acpi_tb_unload_table() ACPICA: Tables: Cleanup acpi_tb_install_and_load_table() ACPICA: Events: Fix acpi_ev_initialize_region() return value ACPICA: Back port of "ACPICA: Dispatcher: Tune interpreter lock around AcpiEvInitializeRegion()" ACPICA: Namespace: Add acpi_ns_handle_to_name() ACPICA: Update version to 20160930 ACPICA: Move acpi_gbl_max_loop_iterations to the public globals file ACPICA: Disassembler: Fix for Divide() support, new support for test suite ACPICA: Increase loop limit for AE_AML_INFINITE_LOOP exception ACPICA: MacOSX: Fix wrong sem_destroy definition ACPICA: MacOSX: Fix anonymous semaphore implementation ACPICA: Update an info message during table load phase commit bbc17bb8a89b3eb31520abf3a9b362d5ee54f908 Merge: 631ddab e37d350 Author: Rafael J. Wysocki Date: Mon Dec 12 20:46:48 2016 +0100 Merge branch 'pm-devfreq' * pm-devfreq: devfreq: rk3399_dmc: Don't use OPP structures outside of RCU locks devfreq: rk3399_dmc: Remove dangling rcu_read_unlock() devfreq: exynos: Don't use OPP structures outside of RCU locks PM / devfreq: rk3399_dmc: Use the resource-managed function to add devfreq dev PM / devfreq: correct comment typo. PM / devfreq: exynos-ppmu: Remove unused mutex from struct exynos_ppmu PM / devfreq: exynos-ppmu: ppmu_events array should not be NULL terminated PM / devfreq: exynos-ppmu: Fix module autoload PM / devfreq: rockchip-dfi: Fix module autoload PM / devfreq: exynos-nocp: Fix module autoload PM / devfreq: rk3399_dmc: Fix module autoload commit 631ddaba5905c4348c88a62af4367b8e12737533 Merge: b19ad3b 9320f95 bd90891 Author: Rafael J. Wysocki Date: Mon Dec 12 20:46:35 2016 +0100 Merge branches 'pm-sleep' and 'powercap' * pm-sleep: PM / sleep: Print active wakeup sources when blocking on wakeup_count reads x86/suspend: fix false positive KASAN warning on suspend/resume PM / sleep / ACPI: Use the ACPI_FADT_LOW_POWER_S0 flag PM / sleep: System sleep state selection interface rework PM / hibernate: Verify the consistent of e820 memory map by md5 digest * powercap: powercap / RAPL: Add Knights Mill CPUID powercap/intel_rapl: fix and tidy up error handling powercap/intel_rapl: Track active CPUs internally powercap/intel_rapl: Cleanup duplicated init code powercap/intel rapl: Convert to hotplug state machine powercap/intel_rapl: Propagate error code when registration fails powercap/intel_rapl: Add missing domain data update on hotplug commit bca13ce4554ae9cf5083e5adf395ad2266cb571b Merge: 0719dbf b0c1ef5 Author: Linus Torvalds Date: Mon Dec 12 11:46:21 2016 -0800 Merge branch 'perf-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull perf updates from Ingo Molnar: "This update is pretty big and almost exclusively includes tooling changes, because v4.9's LTS status forced to completion most of the pending kernel side hardware enablement work and because we tried to freeze core perf work a bit to give a time window for the fuzzing efforts. The diff is large mostly due to the JSON hardware event tables added for Intel and Power8 CPUs. This was a popular feature request from people working close to hardware and from the HPC community. Tree size is big because this added the CPU event tables for over a decade of Intel CPUs. Future changes for a CPU vendor alrady support should be much smaller, as events for new models are added. The new events are listed in 'perf list', for the CPU model the tool is running on. If you find an interesting event it can be used as-is: $ perf stat -a -e l2_lines_out.pf_clean sleep 1 Performance counter stats for 'system wide': 7,860,403 l2_lines_out.pf_clean 1.000624918 seconds time elapsed The event lists can be searched the usual 'perf list' fashion for (case insensitive) substrings as well: $ perf list l2_lines_out List of pre-defined events (to be used in -e): cache: l2_lines_out.demand_clean [Clean L2 cache lines evicted by demand] l2_lines_out.demand_dirty [Dirty L2 cache lines evicted by demand] l2_lines_out.dirty_all [Dirty L2 cache lines filling the L2] l2_lines_out.pf_clean [Clean L2 cache lines evicted by L2 prefetch] l2_lines_out.pf_dirty [Dirty L2 cache lines evicted by L2 prefetch] etc. There's a few high level categories as well that can be listed: 'cache', 'floating point', 'frontend', 'memory', 'pipeline', 'virtual memory'. Existing generic events and workflows should work as-is. The only kernel side change is a late breaking fix for an older regression, related to Intel BTS, LBR and PT feature interaction. On the tooling side there are three new tools / major features: - The new 'perf c2c' tool provides means for Shared Data C2C/HITM analysis. This allows you to track down cacheline contention. The tool is based on x86's load latency and precise store facility events provided by Intel CPUs. It was tested by Joe Mario and has proven to be useful, finding some cacheline contentions. Joe also wrote a blog about c2c tool with examples: https://joemario.github.io/blog/2016/09/01/c2c-blog/ excerpt of the content on this site: At a high level, “perf c2c” will show you: * The cachelines where false sharing was detected. * The readers and writers to those cachelines, and the offsets where those accesses occurred. * The pid, tid, instruction addr, function name, binary object name for those readers and writers. * The source file and line number for each reader and writer. * The average load latency for the loads to those cachelines. * Which numa nodes the samples a cacheline came from and which CPUs were involved. Using perf c2c is similar to using the Linux perf tool today. First collect data with “perf c2c record”, then generate a report output with “perf c2c report” There one finds extensive details on using the tool, with tips on reducing the volume of samples while still capturing enough to do its job. (Dick Fowles, Joe Mario, Don Zickus, Jiri Olsa) - The new 'perf sched timehist' tool provides tailored analysis of scheduling events. Example usage: perf sched record -- sleep 1 perf sched timehist By default it shows the individual schedule events, including the wait time (time between sched-out and next sched-in events for the task), the task scheduling delay (time between wakeup and actually running) and run time for the task: time cpu task name wait time sch delay run time [tid/pid] (msec) (msec) (msec) -------- ------ ---------------- --------- --------- -------- 1.874569 [0011] gcc[31949] 0.014 0.000 1.148 1.874591 [0010] gcc[31951] 0.000 0.000 0.024 1.874603 [0010] migration/10[59] 3.350 0.004 0.011 1.874604 [0011] 1.148 0.000 0.035 1.874723 [0005] 0.016 0.000 1.383 1.874746 [0005] gcc[31949] 0.153 0.078 0.022 ... Times are in msec.usec. (David Ahern, Namhyung Kim) - Add CPU vendor hardware event tables: Add JSON files with vendor event naming for Intel and Power8 processors, allowing users of tools like oprofile to keep using the event names they are used to, as well as people reading vendor documentation, where such naming is used. (Andi Kleen, Sukadev Bhattiprolu) You should see all the new events with 'perf list' and you should be able to search them, for example 'perf list miss' will list all the myriads of miss events. Other tooling features added were: - Cross-arch annotation support: o Improve ARM support in the annotation code, affecting 'perf annotate', 'perf report' and live annotation in 'perf top' (Kim Phillips) o Initial support for PowerPC in the annotation code (Ravi Bangoria) o Support AArch64 in the 'annotate' code, native/local and cross-arch/remote (Kim Phillips) - Allow considering just events in a given time interval, via the '--time start.s.ms,end.s.ms' command line, added to 'perf kmem', 'perf report', 'perf sched timehist' and 'perf script' (David Ahern) - Add option to stop printing a callchain at one of a given group of symbol names (David Ahern) - Track memory freed in 'perf kmem stat' (David Ahern) - Allow querying and setting .perfconfig variables (Taeung Song) - Show branch information in callchains (predicted, TSX aborts, loop iteractions, etc) (Jin Yao) - Dynamicly change verbosity level by pressing 'V' in the 'perf top/report' hists TUI browser (Alexis Berlemont) - Implement 'perf trace --delay' in the same fashion as in 'perf record --delay', to skip sampling workload initialization events (Alexis Berlemont) - Make vendor named events case insensitive in 'perf list', i.e. 'perf list LONGEST_LAT' works just the same as 'perf list longest_lat' (Andi Kleen) - Add unwinding support for jitdump (Stefano Sanfilippo) Tooling infrastructure changes: - Support linking perf with clang and LLVM libraries, initially statically, but this limitation will be lifted and shared libraries, when available, will be preferred to the static build, that should, as with other features, be enabled explicitly (Wang Nan) - Add initial support (and perf test entry) for tooling hooks, starting with 'record_start' and 'record_end', that will have as its initial user the eBPF infrastructure, where perf_ prefixed functions will be JITed and run when such hooks are called (Wang Nan) - Implement assorted libbpf improvements (Wang Nan)" ... and lots of other changes, features, cleanups and refactorings I did not list, see the shortlog and the git log for details" * 'perf-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (220 commits) perf/x86: Fix exclusion of BTS and LBR for Goldmont perf tools: Explicitly document that --children is enabled by default perf sched timehist: Cleanup idle_max_cpu handling perf sched timehist: Handle zero sample->tid properly perf callchain: Introduce callchain_cursor__copy() perf sched: Cleanup option processing perf sched timehist: Improve error message when analyzing wrong file perf tools: Move perf build related variables under non fixdep leg perf tools: Force fixdep compilation at the start of the build perf tools: Move PERF-VERSION-FILE target into rules area perf build: Check LLVM version in feature check perf annotate: Show raw form for jump instruction with indirect target perf tools: Add non config targets perf tools: Cleanup build directory before each test perf tools: Move python/perf.so target into rules area perf tools: Move install-gtk target into rules area tools build: Move tabs to spaces where suitable tools build: Make the .cmd file more readable perf clang: Compile BPF script using builtin clang support perf clang: Support compile IR to BPF object and add testcase ... commit b19ad3b9f1fd46bb7d4ac623a4f2cb46fa2cb7a0 Merge: fecc8c0 404ea9f1 Author: Rafael J. Wysocki Date: Mon Dec 12 20:46:15 2016 +0100 Merge branch 'pm-cpuidle' * pm-cpuidle: cpuidle: Add a kerneldoc comment to cpuidle_use_deepest_state() cpuidle: fix improper return value on error intel_idle: Convert to hotplug state machine intel_idle: Remove superfluous SMP fuction call MAINTAINERS: Add Jacob Pan as a new intel_idle maintainer MAINTAINERS: Add bug tracking system location entries for cpuidle x86/intel_idle: Add Knights Mill CPUID x86/intel_idle: Add CPU model 0x4a (Atom Z34xx series) thermal/intel_powerclamp: stop sched tick in forced idle thermal/intel_powerclamp: Convert to CPU hotplug state thermal/intel_powerclamp: Convert the kthread to kthread worker API thermal/intel_powerclamp: Remove duplicated code that starts the kthread sched/idle: Add support for tasks that inject idle cpuidle: Allow enforcing deepest idle state selection cpuidle/powernv: staticise powernv_idle_driver cpuidle: dt: assign ->enter_freeze to same as ->enter callback function cpuidle: governors: Remove remaining old module code commit 404ea9f1a792eebdc208d53fd38bdd1619531430 Merge: 0e7414b feb6cd6 Author: Rafael J. Wysocki Date: Mon Dec 12 20:45:22 2016 +0100 Merge powerclamp driver updates (that depend on cpuidle material) for v4.10. commit fecc8c0ebd30c41cc66303b6f9476481c5d6d260 Merge: 57def85 2bf3b68 Author: Rafael J. Wysocki Date: Mon Dec 12 20:45:01 2016 +0100 Merge branch 'pm-cpufreq' * pm-cpufreq: (51 commits) Documentation: intel_pstate: Document HWP energy/performance hints cpufreq: intel_pstate: Support for energy performance hints with HWP cpufreq: intel_pstate: Add locking around HWP requests cpufreq: ondemand: Set MIN_FREQUENCY_UP_THRESHOLD to 1 cpufreq: intel_pstate: Add Knights Mill CPUID MAINTAINERS: Add bug tracking system location entry for cpufreq cpufreq: dt: Add support for zx296718 cpufreq: acpi-cpufreq: drop rdmsr_on_cpus() usage cpufreq: acpi-cpufreq: Convert to hotplug state machine cpufreq: intel_pstate: fix intel_pstate_exit_perf_limits() prototype cpufreq: intel_pstate: Set EPP/EPB to 0 in performance mode cpufreq: schedutil: Rectify comment in sugov_irq_work() function cpufreq: intel_pstate: increase precision of performance limits cpufreq: intel_pstate: round up min_perf limits cpufreq: Make cpufreq_update_policy() void ACPI / processor: Make acpi_processor_ppc_has_changed() void cpufreq: Avoid using inactive policies cpufreq: intel_pstate: Generic governors support cpufreq: intel_pstate: Request P-states control from SMM if needed cpufreq: dt: Add support for r8a7743 and r8a7745 ... commit 2bf3b685a35c80fe368dad9da0e77ba48b460939 Merge: bf006e1 d06e622 Author: Rafael J. Wysocki Date: Mon Dec 12 20:44:25 2016 +0100 Merge schedutil governor updates for v4.10. commit 57def856f33a5b50c71d3d40faf73d00b034e29c Merge: 852b7fa e231f8d Author: Rafael J. Wysocki Date: Mon Dec 12 20:44:01 2016 +0100 Merge branch 'pm-opp' * pm-opp: PM / OPP: Don't WARN on multiple calls to dev_pm_opp_set_regulators() PM / OPP: Allow platform specific custom set_opp() callbacks PM / OPP: Separate out _generic_set_opp() PM / OPP: Add infrastructure to manage multiple regulators PM / OPP: Pass struct dev_pm_opp_supply to _set_opp_voltage() PM / OPP: Manage supply's voltage/current in a separate structure PM / OPP: Don't use OPP structure outside of rcu protected section PM / OPP: Reword binding supporting multiple regulators per device PM / OPP: Fix incorrect cpu-supply property in binding PM / OPP: Pass opp_table to dev_pm_opp_put_regulator() PM / OPP: fix debug/error messages in dev_pm_opp_of_get_sharing_cpus() PM / OPP: make _of_get_opp_desc_node() a static function commit 852b7fa228567f397fe5e5a1e060794e0f0125fe Merge: cc773e7 05a9262 034e790 f526140 Author: Rafael J. Wysocki Date: Mon Dec 12 20:43:44 2016 +0100 Merge branches 'pm-core', 'pm-qos' and 'pm-avs' * pm-core: PM / core: Fix bug in the error handling of async suspend PM / wakeirq: Fix dedicated wakeirq for drivers not using autosuspend PM / Runtime: Defer resuming of the device in pm_runtime_force_resume() PM / Runtime: Don't allow to suspend a device with an active child net: smsc911x: Synchronize the runtime PM status during system suspend PM / Runtime: Convert pm_runtime_set_suspended() to return an int PM / Runtime: Clarify comment in rpm_resume() when resuming the parent PM / Runtime: Remove the exported function pm_children_suspended() * pm-qos: PM / QoS: Export dev_pm_qos_update_user_latency_tolerance PM / QoS: Fix writing 'auto' to pm_qos_latency_tolerance_us PM / QoS: Improve sysfs pm_qos_latency_tolerance validation * pm-avs: PM / AVS: rockchip-io: make the log more consistent commit cc773e75a0e21deca6f7e6621a1a7bbc3ad92b88 Merge: 69973b8 598da54 Author: Rafael J. Wysocki Date: Mon Dec 12 20:43:19 2016 +0100 Merge branch 'pm-domains' * pm-domains: PM / Domains: Fix compatible for domain idle state PM / Domains: Do not print PM domain add error message if EPROBE_DEFER PM / Domains: Fix a warning message PM / Domains: check for negative return from of_count_phandle_with_args() PM / doc: Update device documentation for devices in IRQ-safe PM domains PM / Domains: Support IRQ safe PM domains PM / Domains: Abstract genpd locking dt/bindings / PM/Domains: Update binding for PM domain idle states PM / Domains: Save the fwnode in genpd_power_state PM / Domains: Allow domain power states to be read from DT PM / Domains: Add residency property to genpd states PM / Domains: Make genpd state allocation dynamic Conflicts: arch/arm/mach-imx/gpc.c commit 4fccd4a1e8944033bcd7693ea4e8fb478cd2059a Author: Guenter Roeck Date: Sun Dec 11 13:27:42 2016 -0800 hwmon: (g762) Fix overflows and crash seen when writing limit attributes Fix overflows seen when writing into fan speed limit attributes. Also fix crash due to division by zero, seen when certain very large values (such as 2147483648, or 0x80000000) are written into fan speed limit attributes. Fixes: 594fbe713bf60 ("Add support for GMT G762/G763 PWM fan controllers") Cc: Arnaud Ebalard Reviewed-by: Jean Delvare Signed-off-by: Guenter Roeck drivers/hwmon/g762.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) commit 59715f4d16c27985b6866ebdced76e4e9cd63c33 Author: Guenter Roeck Date: Sun Dec 4 18:20:52 2016 -0800 hwmon: (emcw201) Fix overflows seen when writing into limit attributes Writes into temperature and voltage limit attributes can overflow due to multiplications with unchecked parameters. Also, the input parameter to DIV_ROUND_CLOSEST() needis to be range checked. Reviewed-by: Jean Delvare Signed-off-by: Guenter Roeck drivers/hwmon/emc6w201.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) commit ca1b10b8250247fb5f241d1cb894c102203378bb Author: Guenter Roeck Date: Sun Dec 4 18:19:51 2016 -0800 hwmon: (emc2103) Fix overflows seen when temperature limit attributes Writes into temperature limit attributes can overflow due to unbound values passed to DIV_ROUND_CLOSEST(). Cc: Steve Glendinning Reviewed-by: Jean Delvare Signed-off-by: Guenter Roeck drivers/hwmon/emc2103.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 67b2003485ee48dcfcb5338171defa4093bba02e Author: Guenter Roeck Date: Sun Dec 4 18:16:48 2016 -0800 hwmon: (lm85) Fix overflows seen when writing voltage limit attributes Writes into voltage limit attributes can overflow due to an unbound multiplication. Reviewed-by: Jean Delvare Signed-off-by: Guenter Roeck drivers/hwmon/lm85.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 12fa55ccc49df52617d7454ba448c1876e189bac Author: Guenter Roeck Date: Sun Dec 4 18:16:02 2016 -0800 hwmon: (lm87) Fix overflow seen when writing voltage limit attributes Writes into voltage limit attributes can overflow due to an unbound multiplication. Reviewed-by: Jean Delvare Signed-off-by: Guenter Roeck drivers/hwmon/lm87.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit c0d04e9112ad59d73f23f3b0f6726c5e798dfcbf Author: Guenter Roeck Date: Sun Dec 4 18:15:25 2016 -0800 hwmon: (nct7802) Fix overflows seen when writing into limit attributes Fix overflows seen when writing voltage and temperature limit attributes. The value passed to DIV_ROUND_CLOSEST() needs to be clamped, and the value parameter passed to nct7802_write_fan_min() is an unsigned long. Also, writing values larger than 2700000 into a fan limit attribute results in writing 0 into the chip's limit registers. The exact behavior when writing this value is unspecified. For consistency, report a limit of 1350000 if the chip register reads 0. This may be wrong, and the chip behavior should be verified with the actual chip, but it is better than reporting a value of 0 (which, when written, results in writing a value of 0x1fff into the chip register). Fixes: 3434f3783580 ("hwmon: Driver for Nuvoton NCT7802Y") Reviewed-by: Jean Delvare Signed-off-by: Guenter Roeck drivers/hwmon/nct7802.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) commit 5191d88acc688743eef56f1c598a4e4cddf6c6cd Author: Nick Dyer Date: Sat Dec 10 23:27:32 2016 -0800 Input: synaptics-rmi4 - add support for F34 V7 bootloader Port firmware update code from Samsung Galaxy S7 driver into mainline framework. This patch has been tested on Synaptics S7813. Signed-off-by: Nick Dyer Tested-by: Chris Healy Signed-off-by: Dmitry Torokhov drivers/input/rmi4/Makefile | 2 +- drivers/input/rmi4/rmi_driver.c | 56 +- drivers/input/rmi4/rmi_f34.c | 40 +- drivers/input/rmi4/rmi_f34.h | 250 ++++++- drivers/input/rmi4/rmi_f34v7.c | 1372 +++++++++++++++++++++++++++++++++++++++ include/linux/rmi.h | 2 +- 6 files changed, 1688 insertions(+), 34 deletions(-) commit 74c82dae6c474933f2be401976e1530b5f623221 Author: Dmitry Torokhov Date: Sat Dec 10 22:56:21 2016 -0800 Input: drv260x - fix initializing overdrive voltage We were accidentally initializing haptics->rated_voltage twice, and did not initialize overdrive voltage. Acked-by: Dan Murphy Signed-off-by: Dmitry Torokhov drivers/input/misc/drv260x.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 7343d11906788214220b124c379f5b0e1cec834f Author: Marcos Paulo de Souza Date: Mon Dec 12 10:59:56 2016 -0800 Input: ALPS - fix protcol -> protocol Signed-off-by: Marcos Paulo de Souza Reviewed-by: Pali Rohár Signed-off-by: Dmitry Torokhov drivers/input/mouse/alps.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 4d46f0148ed1bfaaf74e30653a140927b1d3a809 Author: Marcos Paulo de Souza Date: Fri Dec 9 17:59:56 2016 -0800 Input: i8042 - comment #else/#endif of CONFIG_PNP As this define check if huge, this makes easier to read the code. Signed-off-by: Marcos Paulo de Souza Signed-off-by: Dmitry Torokhov drivers/input/serio/i8042-x86ia64io.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 2aab7a2055a1705c9e30920d95a596226999eb21 Author: Boris Brezillon Date: Mon Dec 12 09:00:53 2016 +0100 clk: bcm: Fix 'maybe-uninitialized' warning in bcm2835_clock_choose_div_and_prate() best_rate is reported as potentially uninitialized by gcc. Signed-off-by: Boris Brezillon Fixes: 155e8b3b0ee3 ("clk: bcm: Support rate change propagation on bcm2835 clocks") Reported-by: Stephen Rothwell Reviewed-by: Eric Anholt Signed-off-by: Stephen Boyd drivers/clk/bcm/clk-bcm2835.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 0719dbf5e1e802f1bcd0b8d8fc7639d5d1584d48 Merge: 6cdf89b 308a047 Author: Linus Torvalds Date: Mon Dec 12 11:14:52 2016 -0800 Merge branch 'mm-pat-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull mm/PAT cleanup from Ingo Molnar: "A single cleanup for a generic interface that was originally introduced for PAT" * 'mm-pat-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: x86/pat, mm: Make track_pfn_insert() return void commit c0ed4405a99ec9be2a0f062eaafc002d8d26c99f Author: Yunlei He Date: Sun Dec 11 15:35:15 2016 +0800 f2fs: fix a missing size change in f2fs_setattr This patch fix a missing size change in f2fs_setattr Signed-off-by: Yunlei He Reviewed-by: Chao Yu Signed-off-by: Jaegeuk Kim fs/f2fs/file.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) commit c59f29cb144a6a0dfac16ede9dc8eafc02dc56ca Author: Pavankumar Kondeti Date: Fri Dec 9 21:50:17 2016 +0530 tracing: Use SOFTIRQ_OFFSET for softirq dectection for more accurate results The 's' flag is supposed to indicate that a softirq is running. This can be detected by testing the preempt_count with SOFTIRQ_OFFSET. The current code tests the preempt_count with SOFTIRQ_MASK, which would be true even when softirqs are disabled but not serving a softirq. Link: http://lkml.kernel.org/r/1481300417-3564-1-git-send-email-pkondeti@codeaurora.org Signed-off-by: Pavankumar Kondeti Signed-off-by: Steven Rostedt kernel/trace/trace.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 6cdf89b1ca803b2d2d097466516431b1fc5bf985 Merge: 3940cf0 11f254d Author: Linus Torvalds Date: Mon Dec 12 10:48:02 2016 -0800 Merge branch 'locking-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull locking updates from Ingo Molnar: "The tree got pretty big in this development cycle, but the net effect is pretty good: 115 files changed, 673 insertions(+), 1522 deletions(-) The main changes were: - Rework and generalize the mutex code to remove per arch mutex primitives. (Peter Zijlstra) - Add vCPU preemption support: add an interface to query the preemption status of vCPUs and use it in locking primitives - this optimizes paravirt performance. (Pan Xinhui, Juergen Gross, Christian Borntraeger) - Introduce cpu_relax_yield() and remov cpu_relax_lowlatency() to clean up and improve the s390 lock yielding machinery and its core kernel impact. (Christian Borntraeger) - Micro-optimize mutexes some more. (Waiman Long) - Reluctantly add the to-be-deprecated mutex_trylock_recursive() interface on a temporary basis, to give the DRM code more time to get rid of its locking hacks. Any other users will be NAK-ed on sight. (We turned off the deprecation warning for the time being to not pollute the build log.) (Peter Zijlstra) - Improve the rtmutex code a bit, in light of recent long lived bugs/races. (Thomas Gleixner) - Misc fixes, cleanups" * 'locking-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (36 commits) x86/paravirt: Fix bool return type for PVOP_CALL() x86/paravirt: Fix native_patch() locking/ww_mutex: Use relaxed atomics locking/rtmutex: Explain locking rules for rt_mutex_proxy_unlock()/init_proxy_locked() locking/rtmutex: Get rid of RT_MUTEX_OWNER_MASKALL x86/paravirt: Optimize native pv_lock_ops.vcpu_is_preempted() locking/mutex: Break out of expensive busy-loop on {mutex,rwsem}_spin_on_owner() when owner vCPU is preempted locking/osq: Break out of spin-wait busy waiting loop for a preempted vCPU in osq_lock() Documentation/virtual/kvm: Support the vCPU preemption check x86/xen: Support the vCPU preemption check x86/kvm: Support the vCPU preemption check x86/kvm: Support the vCPU preemption check kvm: Introduce kvm_write_guest_offset_cached() locking/core, x86/paravirt: Implement vcpu_is_preempted(cpu) for KVM and Xen guests locking/spinlocks, s390: Implement vcpu_is_preempted(cpu) locking/core, powerpc: Implement vcpu_is_preempted(cpu) sched/core: Introduce the vcpu_is_preempted(cpu) interface sched/wake_q: Rename WAKE_Q to DEFINE_WAKE_Q locking/core: Provide common cpu_relax_yield() definition locking/mutex: Don't mark mutex_trylock_recursive() as deprecated, temporarily ... commit 3940cf0b3d3c6c5817bb86f61a02277cd33f953a Merge: 9ad1aee 018edcf Author: Linus Torvalds Date: Mon Dec 12 10:03:44 2016 -0800 Merge branch 'efi-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull EFI updates from Ingo Molnar: "The main changes in this development cycle were: - Implement EFI dev path parser and other changes to fully support thunderbolt devices on Apple Macbooks (Lukas Wunner) - Add RNG seeding via the EFI stub, on ARM/arm64 (Ard Biesheuvel) - Expose EFI framebuffer configuration to user-space, to improve tooling (Peter Jones) - Misc fixes and cleanups (Ivan Hu, Wei Yongjun, Yisheng Xie, Dan Carpenter, Roy Franz)" * 'efi-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: efi/libstub: Make efi_random_alloc() allocate below 4 GB on 32-bit thunderbolt: Compile on x86 only thunderbolt, efi: Fix Kconfig dependencies harder thunderbolt, efi: Fix Kconfig dependencies thunderbolt: Use Device ROM retrieved from EFI x86/efi: Retrieve and assign Apple device properties efi: Allow bitness-agnostic protocol calls efi: Add device path parser efi/arm*/libstub: Invoke EFI_RNG_PROTOCOL to seed the UEFI RNG table efi/libstub: Add random.c to ARM build efi: Add support for seeding the RNG from a UEFI config table MAINTAINERS: Add ARM and arm64 EFI specific files to EFI subsystem efi/libstub: Fix allocation size calculations efi/efivar_ssdt_load: Don't return success on allocation failure efifb: Show framebuffer layout as device attributes efi/efi_test: Use memdup_user() as a cleanup efi/efi_test: Fix uninitialized variable 'rv' efi/efi_test: Fix uninitialized variable 'datasize' efi/arm*: Fix efi_init() error handling efi: Remove unused include of commit 9ad1aeecdbbf002637f0466e8935a3248d1843ad Merge: 718c0dd 51111dc Author: Linus Torvalds Date: Mon Dec 12 10:02:01 2016 -0800 Merge branch 'core-smp-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull SMP bootup updates from Ingo Molnar: "Three changes to unify/standardize some of the bootup message printing in kernel/smp.c between architectures" * 'core-smp-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: kernel/smp: Tell the user we're bringing up secondary CPUs kernel/smp: Make the SMP boot message common on all arches kernel/smp: Define pr_fmt() for smp.c commit 75037120e62b58c536999eb23d70cfcb6d6c0bcc Author: Marc Zyngier Date: Mon Dec 12 13:50:26 2016 +0000 arm64: Disable PAN on uaccess_enable() Commit 4b65a5db3627 ("arm64: Introduce uaccess_{disable,enable} functionality based on TTBR0_EL1") added conditional user access enable/disable. Unfortunately, a typo prevents the PAN bit from being cleared for user access functions. Restore the PAN functionality by adding the missing '!'. Fixes: b65a5db3627 ("arm64: Introduce uaccess_{disable,enable} functionality based on TTBR0_EL1") Reported-by: Christoffer Dall Signed-off-by: Marc Zyngier Signed-off-by: Catalin Marinas arch/arm64/include/asm/uaccess.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 04102c76a779f1c4cec4f0fb51cacc360117b522 Author: Christophe JAILLET Date: Mon Nov 21 23:17:02 2016 +0100 orangefs: Axe some dead code The "perf_counter_reset" case has already been handled above. Moreover "ORANGEFS_PARAM_REQUEST_OP_READAHEAD_COUNT_SIZE" is not a really consistent. It is likely that this (dead) code is a cut and paste left over. Signed-off-by: Christophe JAILLET Reviewed-by: Martin Brandenburg Signed-off-by: Mike Marshall fs/orangefs/orangefs-sysfs.c | 9 --------- 1 file changed, 9 deletions(-) commit b08d2e61a6f9ebf5210a047868362a5a4ff37144 Merge: d34efd2 42db500 Author: Bjorn Helgaas Date: Mon Dec 12 11:25:13 2016 -0600 Merge branch 'pci/host-vmd' into next * pci/host-vmd: PCI: vmd: Fix suspend handlers defined-but-not-used warning PCI: vmd: Use SRCU as a local RCU to prevent delaying global RCU PCI: vmd: Remove unnecessary pci_set_drvdata() commit d34efd22acace472ad33887842117933ee631391 Merge: f77b324 af099ea Author: Bjorn Helgaas Date: Mon Dec 12 11:25:12 2016 -0600 Merge branch 'pci/host-tegra' into next * pci/host-tegra: arm64: tegra: Enable PCIe on Jetson TX1 arm64: tegra: Add PCIe host bridge on Tegra210 PCI: tegra: Enable the driver on 64-bit ARM PCI: tegra: Add Tegra210 support PCI: tegra: Implement PCA enable workaround dt-bindings: pci: tegra: Add Tegra210 support PCI: tegra: Use new pci_register_host_bridge() interface PCI: Export host bridge registration interface PCI: Allow driver-specific data in host bridge PCI: Add pci_register_host_bridge() interface commit f77b3244c18781d3b6bb7ffd7273a6c79d135f9e Merge: 44b83b3 554d9ec Author: Bjorn Helgaas Date: Mon Dec 12 11:25:11 2016 -0600 Merge branch 'pci/host-spear' into next * pci/host-spear: PCI: spear: Use builtin_platform_driver() to simplify the code commit 44b83b32e7c8d6fcd6a7e877ce3db65f6afdf87c Merge: a1d9190 0722bdd Author: Bjorn Helgaas Date: Mon Dec 12 11:25:11 2016 -0600 Merge branch 'pci/host-rockchip' into next * pci/host-rockchip: PCI: rockchip: Move the deassert of pm/aclk/pclk after phy_init() PCI: rockchip: Split out rockchip_cfg_atu() PCI: rockchip: Clean up bit definitions for PCIE_RC_CONFIG_LCS PCI: rockchip: Correct the use of FTS mask PCI: rockchip: Remove the pointer to L1 substate cap PCI: rockchip: Specify the link capability PCI: rockchip: Fix negotiated lanes calculation PCI: rockchip: Add Kconfig COMPILE_TEST PCI: rockchip: Mark RC as common clock architecture PCI: rockchip: Provide captured slot power limit and scale PCI: rockchip: Add three new resets as required properties PCI: Don't attempt to claim shadow copies of ROM PCI: designware: Check for iATU unroll support after initializing host PCI: qcom: Fix pp->dev usage before assignment PCI: designware-plat: Update author email address PCI: layerscape: Fix drvdata usage before assignment PCI: designware-plat: Change maintainer to Jose Abreu commit a1d9190d9682fd5cb8af811228f492b2ddd41366 Merge: aee10cd 49da211 Author: Bjorn Helgaas Date: Mon Dec 12 11:25:10 2016 -0600 Merge branch 'pci/host-rcar' into next * pci/host-rcar: PCI: rcar: Add gen3 fallback compatibility string for pcie-rcar PCI: rcar: Use gen2 fallback compatibility last PCI: rcar-gen2: Use gen2 fallback compatibility last commit aee10cd4c12aaa4d89d3355e669eb5025885094d Merge: 46275d4 d0491fc Author: Bjorn Helgaas Date: Mon Dec 12 11:25:10 2016 -0600 Merge branch 'pci/host-qcom' into next * pci/host-qcom: PCI: qcom: Add support for MSM8996 PCIe controller commit 46275d43c8dbf13d8b0c6e7a455608eeb220a677 Merge: f887e24 1d77040 Author: Bjorn Helgaas Date: Mon Dec 12 11:25:09 2016 -0600 Merge branch 'pci/host-layerscape' into next * pci/host-layerscape: PCI: layerscape: Add LS1046a support PCI: layerscape: Remove redundant error message from ls_pcie_probe() commit f887e24e0544cb239531c171f835e7e7aac4863b Merge: 36e649f ffbd796 Author: Bjorn Helgaas Date: Mon Dec 12 11:25:08 2016 -0600 Merge branch 'pci/host-iproc' into next * pci/host-iproc: PCI: iproc: Skip check for legacy IRQ on PAXC buses PCI: iproc: Fix incorrect MSI address alignment PCI: iproc: Add support for the next-gen PAXB controller PCI: iproc: Add PAXBv2 binding info PCI: iproc: Add inbound DMA mapping support PCI: iproc: Add optional dma-ranges PCI: iproc: Make outbound mapping code more generic PCI: iproc: Remove redundant outbound properties PCI: iproc: Add PAXC v2 support PCI: iproc: Add PAXCv2 related binding PCI: iproc: Fix exception with multi-function devices PCI: iproc: Add BCMA type PCI: iproc: Do not reset PAXC when initializing the driver PCI: iproc: Improve core register population commit 36e649f3bb8859c4b498b27a4d1a01df6964e1bd Merge: b0b8975 b3449ea Author: Bjorn Helgaas Date: Mon Dec 12 11:25:08 2016 -0600 Merge branch 'pci/host-imx6' into next * pci/host-imx6: MAINTAINERS: Add devicetree binding to PCI i.MX6 entry MAINTAINERS: Update Richard Zhu's email address commit b0b89759061a114f107c79bff63b37c445209a2d Merge: 9fb7454 0de8ce3 Author: Bjorn Helgaas Date: Mon Dec 12 11:25:07 2016 -0600 Merge branch 'pci/host-hv' into next * pci/host-hv: PCI: hv: Allocate physically contiguous hypercall params buffer PCI: hv: Delete the device earlier from hbus->children for hot-remove PCI: hv: Fix hv_pci_remove() for hot-remove PCI: hv: Use the correct buffer size in new_pcichild_device() PCI: hv: Make unnecessarily global IRQ masking functions static commit 9fb7454b1d8acdd9767f4cdc2f878c8c6de5ee9a Merge: a739d56 ad71995 Author: Bjorn Helgaas Date: Mon Dec 12 11:25:07 2016 -0600 Merge branch 'pci/host-hisi' into next * pci/host-hisi: PCI: hisi: Remove redundant error message from hisi_pcie_probe() commit a739d56dfba690e26fd5728f041e8910a16ede31 Merge: b5332d0 c19699a Author: Bjorn Helgaas Date: Mon Dec 12 11:25:06 2016 -0600 Merge branch 'pci/host-altera' into next * pci/host-altera: PCI: altera: Remove redundant error message in altera_pcie_parse_dt() PCI: altera: Use builtin_platform_driver() to simplify the code commit b5332d0073f706bc0b31e21965c60e21ffa6cda9 Merge: 2583157 9a1dc38 Author: Bjorn Helgaas Date: Mon Dec 12 11:25:06 2016 -0600 Merge branch 'pci/host' into next * pci/host: of/pci: Add of_pci_get_max_link_speed() to parse max-link-speed from DT Documentation/devicetree: Add PCIe max-link-speed property commit 258315714198c122c819cbeb5fd3fb236cb245b4 Merge: daaed10 0b457dde Author: Bjorn Helgaas Date: Mon Dec 12 11:25:05 2016 -0600 Merge branch 'pci/virtualization' into next * pci/virtualization: PCI: Add comments about ROM BAR updating PCI: Decouple IORESOURCE_ROM_ENABLE and PCI_ROM_ADDRESS_ENABLE PCI: Remove pci_resource_bar() and pci_iov_resource_bar() PCI: Don't update VF BARs while VF memory space is enabled PCI: Separate VF BAR updates from standard BAR updates PCI: Update BARs using property bits appropriate for type PCI: Ignore BAR updates on virtual functions PCI: Do any VF BAR updates before enabling the BARs PCI: Support INTx masking on ConnectX-4 with firmware x.14.1100+ PCI: Convert Mellanox broken INTx quirks to be for listed devices only PCI: Convert broken INTx masking quirks from HEADER to FINAL net/mlx4_core: Use device ID defines PCI: Add Mellanox device IDs commit daaed10443da09ad0d2042b71cb99f3927d52164 Merge: db5ba86 c931225 Author: Bjorn Helgaas Date: Mon Dec 12 11:25:04 2016 -0600 Merge branch 'pci/pm' into next * pci/pm: x86/platform/intel-mid: Constify mid_pci_platform_pm PCI: pciehp: Add runtime PM support for PCIe hotplug ports ACPI / hotplug / PCI: Make device_is_managed_by_native_pciehp() public ACPI / hotplug / PCI: Use cached copy of PCI_EXP_SLTCAP_HPC bit PCI: Unfold conditions to block runtime PM on PCIe ports PCI: Consolidate conditions to allow runtime PM on PCIe ports PCI: Activate runtime PM on a PCIe port only if it can suspend PCI: Speed up algorithm in pci_bridge_d3_update() PCI: Autosense device removal in pci_bridge_d3_update() PCI: Don't acquire ref on parent in pci_bridge_d3_update() USB: UHCI: report non-PME wakeup signalling for Intel hardware PCI: Check for PME in targeted sleep state commit db5ba864126476fcaa3778b40d12f25168af206b Merge: c1f2e80 d1d111e Author: Bjorn Helgaas Date: Mon Dec 12 11:25:04 2016 -0600 Merge branch 'pci/msi' into next * pci/msi: PCI/MSI: Check for NULL affinity mask in pci_irq_get_affinity() commit c1f2e80c1973ffdc1e772fcab32fb30fb2a8def8 Merge: 4617aed 1c7de2b Author: Bjorn Helgaas Date: Mon Dec 12 11:25:03 2016 -0600 Merge branch 'pci/misc' into next * pci/misc: PCI: Enable access to non-standard VPD for Chelsio devices (cxgb3) PCI: Expand "VPD access disabled" quirk message PCI: pciehp: Remove loading message PCI: hotplug: Remove hotplug core message PCI: Remove service driver load/unload messages PCI/AER: Log AER IRQ when claiming Root Port PCI/AER: Log errors with PCI device, not PCIe service device PCI/AER: Remove unused version macros PCI/PME: Log PME IRQ when claiming Root Port PCI/PME: Drop unused support for PMEs from Root Complex Event Collectors PCI: Move config space size macros to pci_regs.h commit 4617aedbd2a718f3c7ad5858fb64ea0f0a46f7da Merge: 2f0f373 c4ae2ad Author: Bjorn Helgaas Date: Mon Dec 12 11:25:03 2016 -0600 Merge branch 'pci/hotplug' into next * pci/hotplug: PCI: pciehp: Leave power indicator on when enabling already-enabled slot PCI: pciehp: Prioritize data-link event over presence detect PCI: cpqphp: Add missing call to pci_disable_device() commit 2f0f3733c4c6376853bfc2f4801888bcbc99308f Merge: 5e0ad9f fb26592 Author: Bjorn Helgaas Date: Mon Dec 12 11:25:02 2016 -0600 Merge branch 'pci/enumeration' into next * pci/enumeration: PCI: Warn on possible RW1C corruption for sub-32 bit config writes PCI: Create revision file in sysfs commit 5e0ad9f68653b711f9f4bec9a7f4d579842fd796 Merge: a7d5149 ca5ab37 Author: Bjorn Helgaas Date: Mon Dec 12 11:25:02 2016 -0600 Merge branch 'pci/ecam' into next * pci/ecam: PCI: Explain ARM64 ACPI/MCFG quirk Kconfig and build strategy PCI: Add MCFG quirks for X-Gene host controller PCI: Add MCFG quirks for Cavium ThunderX pass1.x host controller PCI: Add MCFG quirks for Cavium ThunderX pass2.x host controller PCI: thunder-pem: Factor out resource lookup PCI: Add MCFG quirks for HiSilicon Hip05/06/07 host controllers PCI: Add MCFG quirks for Qualcomm QDF2432 host controller PCI/ACPI: Provide acpi_get_rc_resources() for ARM64 platform PCI/ACPI: Check for platform-specific MCFG quirks PCI/ACPI: Extend pci_mcfg_lookup() to return ECAM config accessors arm64: PCI: Exclude ACPI "consumer" resources from host bridge windows arm64: PCI: Manage controller-specific data on per-controller basis arm64: PCI: Search ACPI namespace to ensure ECAM space is reserved arm64: PCI: Add local struct device pointers ACPI: Add acpi_resource_consumer() to find device that claims a resource commit a7d51491110d039e42ea881aa4d9c08ea8b7d6ea Merge: 1001354 e53f9a2 Author: Bjorn Helgaas Date: Mon Dec 12 11:25:01 2016 -0600 Merge branch 'pci/aspm' into next * pci/aspm: PCI/ASPM: Don't retrain link if ASPM not possible PCI/ASPM: Use permission-specific DEVICE_ATTR variants commit 718c0ddd6aa911fd2a6fb1b6e050fbaee8060e61 Merge: 8fa3b6f af91a81 Author: Linus Torvalds Date: Mon Dec 12 09:09:54 2016 -0800 Merge branch 'core-rcu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip Pull RCU updates from Ingo Molnar: "The main RCU changes in this development cycle were: - Miscellaneous fixes, including a change to call_rcu()'s rcu_head alignment check. - Security-motivated list consistency checks, which are disabled by default behind DEBUG_LIST. - Torture-test updates. - Documentation updates, yet again just simple changes" * 'core-rcu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: torture: Prevent jitter from delaying build-only runs torture: Remove obsolete files from rcutorture .gitignore rcu: Don't kick unless grace period or request rcu: Make expedited grace periods recheck dyntick idle state torture: Trace long read-side delays rcu: RCU_TRACE enables event tracing as well as debugfs rcu: Remove obsolete comment from __call_rcu() rcu: Remove obsolete rcu_check_callbacks() header comment rcu: Tighten up __call_rcu() rcu_head alignment check Documentation/RCU: Fix minor typo documentation: Present updated RCU guarantee bug: Avoid Kconfig warning for BUG_ON_DATA_CORRUPTION lib/Kconfig.debug: Fix typo in select statement lkdtm: Add tests for struct list corruption bug: Provide toggle for BUG on data corruption list: Split list_del() debug checking into separate function rculist: Consolidate DEBUG_LIST for list_add_rcu() list: Split list_add() debug checking into separate function commit 8fa3b6f9392bf6d90cb7b908e07bd90166639f0a Merge: 56e9461 8f50f2a Author: Linus Torvalds Date: Mon Dec 12 09:06:38 2016 -0800 Merge tag 'cris-for-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/jesper/cris Pull CRIS updates from Jesper Nilsson: "Three patches for minor issues" * tag 'cris-for-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/jesper/cris: cris: No need to append -O2 and $(LINUXINCLUDE) tty: serial: make crisv10 explicitly non-modular cris: Only build flash rescue image if CONFIG_ETRAX_AXISFLASHMAP is selected commit 2ef7ff03a9b050f393344a4537efb176de0c7eb2 Author: Vinod Koul Date: Fri Dec 9 15:24:12 2016 +0530 dmaengine: sirf-dma: remove unused ‘sdesc’ In sirfsoc_dma_pm_suspend(), variable ‘sdesc’ is initialized but never used, which leads to warning with W=1. drivers/dma/sirf-dma.c: In function 'sirfsoc_dma_pm_suspend': drivers/dma/sirf-dma.c:1014:27: warning: variable 'sdesc' set but not used [-Wunused-but-set-variable] So remove it. Signed-off-by: Vinod Koul drivers/dma/sirf-dma.c | 4 ---- 1 file changed, 4 deletions(-) commit 920e00d62ef9a818a4af7b2f9e1dbca23f846fc1 Author: Vinod Koul Date: Fri Dec 9 15:24:12 2016 +0530 dmaengine: pl330: remove unused ‘regs’ In pl330_add(), variable ‘regs’ is initialized but never used, which leads to warning with W=1. drivers/dma/pl330.c: In function 'pl330_add': drivers/dma/pl330.c:1891:16: warning: variable 'regs' set but not used [-Wunused-but-set-variable] So remove it. Cc: Linus Walleij Signed-off-by: Vinod Koul drivers/dma/pl330.c | 3 --- 1 file changed, 3 deletions(-) commit 963173fe4875d77320360628f827b0a818d6772e Author: Vinod Koul Date: Fri Dec 9 15:24:12 2016 +0530 dmaengine: s3c24xx: remove unused ‘cdata’ In s3c24xx_dma_get_phy(), variable ‘cdata’ is initialized but never used, which leads to warning with W=1. Removing this make pdata unused. drivers/dma/s3c24xx-dma.c: In function ‘s3c24xx_dma_get_phy’: drivers/dma/s3c24xx-dma.c:293:30: warning: variable ‘cdata’ set but not used [-Wunused-but-set-variable] struct s3c24xx_dma_channel *cdata; So remove both of them. Reviewed-by: Krzysztof Kozlowski Signed-off-by: Vinod Koul drivers/dma/s3c24xx-dma.c | 5 ----- 1 file changed, 5 deletions(-) commit cad0eca39fc001e17d422f08e64d67c6f9155cbe Author: Vinod Koul Date: Fri Dec 9 15:24:12 2016 +0530 dmaengine: stm32-dma: remove unused ‘src_addr’ In stm32_dma_set_xfer_param(), variable ‘src_addr’ is initialized but never used, which leads to warning with W=1 drivers/dma/stm32-dma.c: In function ‘stm32_dma_set_xfer_param’: drivers/dma/stm32-dma.c:577:13: warning: variable ‘src_addr’ set but not used [-Wunused-but-set-variable] dma_addr_t src_addr, dst_addr; So remove it. Reviewed-by: M'boumba Cedric Madianga Signed-off-by: Vinod Koul drivers/dma/stm32-dma.c | 2 -- 1 file changed, 2 deletions(-) commit 2a440bd417a57d26453c361951052656e4c837b1 Author: Vinod Koul Date: Fri Dec 9 15:24:12 2016 +0530 dmaengine: stm32-dma: remove unused ‘dst_addr’ In stm32_dma_set_xfer_param(), variable ‘dst_addr’ is initialized but never used, which leads to warning with W=1 drivers/dma/stm32-dma.c: In function ‘stm32_dma_set_xfer_param’: drivers/dma/stm32-dma.c:577:23: warning: variable ‘dst_addr’ set but not used [-Wunused-but-set-variable] dma_addr_t src_addr, dst_addr; So remove it. Reviewed-by: M'boumba Cedric Madianga Signed-off-by: Vinod Koul drivers/dma/stm32-dma.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 1bc4f06c24a0fccd2ff9d81ca4b2ee4d3acb7fbb Author: Vinod Koul Date: Fri Dec 9 15:24:12 2016 +0530 dmaengine: stm32-dma: remove unused ‘sfcr’ In stm32_dma_chan_irq(), variable ‘sfcr’ is initialized but never used, which leads to warning with W=1 drivers/dma/stm32-dma.c: In function ‘stm32_dma_chan_irq’: drivers/dma/stm32-dma.c:530:19: warning: variable ‘sfcr’ set but not used [-Wunused-but-set-variable] u32 status, scr, sfcr; So remove it. Reviewed-by: M'boumba Cedric Madianga Signed-off-by: Vinod Koul drivers/dma/stm32-dma.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit b33f7832bbf24dd40322fd673b2d7e3493c8515f Author: Vinod Koul Date: Fri Dec 9 15:24:12 2016 +0530 dmaengine: pch_dma: remove unused ‘cookie’ In pd_tx_submit(), variable ‘cookie’ is initialized but never used, which leads to warning with W=1 drivers/dma/pch_dma.c: In function ‘pd_tx_submit’: drivers/dma/pch_dma.c:420:15: warning: variable ‘cookie’ set but not used [-Wunused-but-set-variable] dma_cookie_t cookie; So remove it. Signed-off-by: Vinod Koul drivers/dma/pch_dma.c | 2 -- 1 file changed, 2 deletions(-) commit 765d2a6548f6e5b2968001481d19322bf9b78d83 Author: Vinod Koul Date: Fri Dec 9 15:24:12 2016 +0530 dmaengine: mic_x100_dma: remove unused ‘data’ In mic_dma_init(), variable ‘data’ is initialized but never used, which leads to warning with W=1 drivers/dma/mic_x100_dma.c: In function ‘mic_dma_init’: drivers/dma/mic_x100_dma.c:557:17: warning: variable ‘data’ set but not used [-Wunused-but-set-variable] unsigned long data; So remove it. Cc: Sudeep Dutt Signed-off-by: Vinod Koul drivers/dma/mic_x100_dma.c | 2 -- 1 file changed, 2 deletions(-) commit e5a6b3d5deeee7b7b45fe8765b5e48033adc9e8a Author: Vinod Koul Date: Fri Dec 9 15:24:12 2016 +0530 dmaengine: img-mdc: remove unused ‘prev_phys’ In mdc_prep_dma_memcpy(), mdc_prep_dma_cyclic() and mdc_prep_slave_sg() variable ‘prev_phys’ is initialized but never used, which leads to warning with W=1 drivers/dma/img-mdc-dma.c: In function ‘mdc_prep_dma_memcpy’: drivers/dma/img-mdc-dma.c:295:24: warning: variable ‘prev_phys’ set but not used [-Wunused-but-set-variable] dma_addr_t curr_phys, prev_phys; drivers/dma/img-mdc-dma.c: In function ‘mdc_prep_dma_cyclic’: drivers/dma/img-mdc-dma.c:378:24: warning: variable ‘prev_phys’ set but not used [-Wunused-but-set-variable] dma_addr_t curr_phys, prev_phys; drivers/dma/img-mdc-dma.c: In function ‘mdc_prep_slave_sg’: drivers/dma/img-mdc-dma.c:461:24: warning: variable ‘prev_phys’ set but not used [-Wunused-but-set-variable] dma_addr_t curr_phys, prev_phys; So remove it. Cc: Damien.Horsley Signed-off-by: Vinod Koul drivers/dma/img-mdc-dma.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) commit 7833a31df71dea6cd7342a5a0cc5277f0016c515 Author: Vinod Koul Date: Fri Dec 9 15:24:12 2016 +0530 dmaengine: usb-dmac: remove unused ‘uchan’ In usb_dmac_of_xlate(), variable ‘uchan’ is initialized but never used, which leads to warning with W=1 drivers/dma/sh/usb-dmac.c: In function ‘usb_dmac_of_xlate’: drivers/dma/sh/usb-dmac.c:655:24: warning: variable ‘uchan’ set but not used [-Wunused-but-set-variable] struct usb_dmac_chan *uchan; So remove it. Cc: Yoshihiro Shimoda Signed-off-by: Vinod Koul drivers/dma/sh/usb-dmac.c | 3 --- 1 file changed, 3 deletions(-) commit eef2c22cc3397bb8cf9f47226241fc65c04339aa Author: Vinod Koul Date: Fri Dec 9 15:24:12 2016 +0530 dmaengine: ioat: remove unused ‘res’ In __cleanup(), variable ‘res’ is initialized but never used, which leads to warning with W=1 drivers/dma/ioat/dma.c: In function ‘__cleanup’: drivers/dma/ioat/dma.c:614:28: warning: variable ‘res’ set but not used [-Wunused-but-set-variable] struct dmaengine_result res; So remove it. Cc: Dave Jiang Signed-off-by: Vinod Koul drivers/dma/ioat/dma.c | 3 --- 1 file changed, 3 deletions(-) commit 4cc8044148e7c3b1de3074b061d5b1aa224f3635 Author: Vinod Koul Date: Fri Dec 9 15:24:12 2016 +0530 dmaengine: ioat: remove unused ‘ioat_dma’ In ioat_tx_submit_unlock(), variable ‘ioat_dma’ is initialized but never used, which leads to warning with W=1 drivers/dma/ioat/dma.c: In function ‘ioat_alloc_ring_ent’: drivers/dma/ioat/dma.c:341:25: warning: variable ‘ioat_dma’ set but not used [-Wunused-but-set-variable] struct ioatdma_device *ioat_dma; So remove it. Cc: Dave Jiang Signed-off-by: Vinod Koul drivers/dma/ioat/dma.c | 3 --- 1 file changed, 3 deletions(-) commit 56c492f34110f85d6af3686df48755b85a912827 Author: Vinod Koul Date: Fri Dec 9 15:24:12 2016 +0530 dmaengine: ioat: remove unused ‘is_raid_device’ In ioat3_dma_probe(), variable ‘is_raid_device’ is initialized but never used, which leads to warning with W=1 drivers/dma/ioat/init.c: In function ‘ioat3_dma_probe’: drivers/dma/ioat/init.c:1084:7: warning: variable ‘is_raid_device’ set but not used [-Wunused-but-set-variable] bool is_raid_device = false; So remove it. Cc: Dave Jiang Signed-off-by: Vinod Koul drivers/dma/ioat/init.c | 3 --- 1 file changed, 3 deletions(-) commit 56e9461a496488a73c54e550e1614068957267f8 Merge: 709c12e 7c7808c Author: Linus Torvalds Date: Mon Dec 12 08:51:37 2016 -0800 Merge tag 'openrisc-for-linus' of git://github.com/openrisc/linux Pull Openrisc updates from Stafford Horne: - changes to MAINTAINER for openrisc - probably biggest actual change is the move to memblock from bootmem - ... plus several bug and build fixes * tag 'openrisc-for-linus' of git://github.com/openrisc/linux: openrisc: prevent VGA console, fix builds openrisc: include l.swa in check for write data pagefault openrisc: Updates after openrisc.net has been lost openrisc: Consolidate setup to use memblock instead of bootmem openrisc: remove the redundant of_platform_populate openrisc: add NR_CPUS Kconfig default value openrisc: Support both old (or32) and new (or1k) toolchain openrisc: Add thread-local storage (TLS) support openrisc: restore all regs on rt_sigreturn openrisc: fix PTRS_PER_PGD define commit 709c12e3f5c5f3efd11d3fbd43d35535dc3a34d0 Merge: 669bb4c ad595b7 Author: Linus Torvalds Date: Mon Dec 12 08:48:28 2016 -0800 Merge tag 'm68k-for-v4.10-tag1' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/linux-m68k Pull m68k updates from Geert Uytterhoeven: "Use seq_puts() for fixed strings" * tag 'm68k-for-v4.10-tag1' of git://git.kernel.org/pub/scm/linux/kernel/git/geert/linux-m68k: m68k/atari: Use seq_puts() in atari_get_hardware_list() m68k/amiga: Use seq_puts() in amiga_get_hardware_list() commit 669bb4c58c3091cd54650e37c5f4e345dd12c564 Merge: 0261b5d 8712a5b Author: Linus Torvalds Date: Mon Dec 12 08:46:34 2016 -0800 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/egtvedt/linux-avr32 Pull AVR32 updates from Hans-Christian Noren Egtvedt. * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/egtvedt/linux-avr32: avr32: wire up pkey syscalls AVR32-pio: Replace two seq_printf() calls by seq_puts() in pio_bank_show() AVR32-pio: Use seq_putc() in pio_bank_show() AVR32-clock: Combine nine seq_printf() calls into one call in clk_show() AVR32-clock: Use seq_putc() in two functions commit 0261b5d3a6ed43fa8f801ded6e265d1f3403ad24 Merge: 067d14f 07c65a6 Author: Linus Torvalds Date: Mon Dec 12 08:44:23 2016 -0800 Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/gerg/m68knommu Pull m68knommu updates from Greg Ungerer: "There are two sets of changes in this pull. The largest is the addition of the ColdFire platform side i2c support (the IO addressing, setup and clock definitions). The i2c hardware module itself is driven by the kernels existing iMX i2c driver. The other change is the addition of support for the Amcore board" * 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/gerg/m68knommu: m68knommu: AMCORE board, add iMX i2c support m68k: add Sysam AMCORE open board support m68knommu: platform support for i2c devices on ColdFire SoC commit 4defb5f912a0ba60e07e91a4b62634814cd99b7f Author: Colin Ian King Date: Fri Dec 2 15:18:06 2016 +0000 orangefs: fix memory leak of string 'new' on exit path allocates string 'new' is not free'd on the exit path when cdm_element_count <= 0. Fix this by kfree'ing it. Fixes CoverityScan CID#1375923 "Resource Leak" Signed-off-by: Colin Ian King Signed-off-by: Mike Marshall fs/orangefs/orangefs-debugfs.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 067d14f0dde8c7d7c41064e7eb021db7477c9aac Merge: ce38aa9 541cc39 Author: Linus Torvalds Date: Mon Dec 12 08:18:41 2016 -0800 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc Pull sparc updates from David Miller: "Just a bunch of small cleanups and fixes here, and support for user probes from Allen Pais" * git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc: sparc: fix a building error reported by kbuild sparc64: fix typo in pgd_clear() sparc64: restore irq in error paths in iommu sparc: leon: Fix a retry loop in leon_init_timers() sparc64: make string buffers large enough sparc64: move dereference after check for NULL sparc: kernel: use builtin_platform_driver sparc64:Support User Probes for sparc commit 1c7de2b4ff886a45fbd2f4c3d4627e0f37a9dd77 Author: Alexey Kardashevskiy Date: Mon Oct 24 18:04:17 2016 +1100 PCI: Enable access to non-standard VPD for Chelsio devices (cxgb3) There is at least one Chelsio 10Gb card which uses VPD area to store some non-standard blocks (example below). However pci_vpd_size() returns the length of the first block only assuming that there can be only one VPD "End Tag". Since 4e1a635552d3 ("vfio/pci: Use kernel VPD access functions"), VFIO blocks access beyond that offset, which prevents the guest "cxgb3" driver from probing the device. The host system does not have this problem as its driver accesses the config space directly without pci_read_vpd(). Add a quirk to override the VPD size to a bigger value. The maximum size is taken from EEPROMSIZE in drivers/net/ethernet/chelsio/cxgb3/common.h. We do not read the tag as the cxgb3 driver does as the driver supports writing to EEPROM/VPD and when it writes, it only checks for 8192 bytes boundary. The quirk is registered for all devices supported by the cxgb3 driver. This adds a quirk to the PCI layer (not to the cxgb3 driver) as the cxgb3 driver itself accesses VPD directly and the problem only exists with the vfio-pci driver (when cxgb3 is not running on the host and may not be even loaded) which blocks accesses beyond the first block of VPD data. However vfio-pci itself does not have quirks mechanism so we add it to PCI. This is the controller: Ethernet controller [0200]: Chelsio Communications Inc T310 10GbE Single Port Adapter [1425:0030] This is what I parsed from its VPD: === b'\x82*\x0010 Gigabit Ethernet-SR PCI Express Adapter\x90J\x00EC\x07D76809 FN\x0746K' 0000 Large item 42 bytes; name 0x2 Identifier String b'10 Gigabit Ethernet-SR PCI Express Adapter' 002d Large item 74 bytes; name 0x10 #00 [EC] len=7: b'D76809 ' #0a [FN] len=7: b'46K7897' #14 [PN] len=7: b'46K7897' #1e [MN] len=4: b'1037' #25 [FC] len=4: b'5769' #2c [SN] len=12: b'YL102035603V' #3b [NA] len=12: b'00145E992ED1' 007a Small item 1 bytes; name 0xf End Tag 0c00 Large item 16 bytes; name 0x2 Identifier String b'S310E-SR-X ' 0c13 Large item 234 bytes; name 0x10 #00 [PN] len=16: b'TBD ' #13 [EC] len=16: b'110107730D2 ' #26 [SN] len=16: b'97YL102035603V ' #39 [NA] len=12: b'00145E992ED1' #48 [V0] len=6: b'175000' #51 [V1] len=6: b'266666' #5a [V2] len=6: b'266666' #63 [V3] len=6: b'2000 ' #6c [V4] len=2: b'1 ' #71 [V5] len=6: b'c2 ' #7a [V6] len=6: b'0 ' #83 [V7] len=2: b'1 ' #88 [V8] len=2: b'0 ' #8d [V9] len=2: b'0 ' #92 [VA] len=2: b'0 ' #97 [RV] len=80: b's\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'... 0d00 Large item 252 bytes; name 0x11 #00 [VC] len=16: b'122310_1222 dp ' #13 [VD] len=16: b'610-0001-00 H1\x00\x00' #26 [VE] len=16: b'122310_1353 fp ' #39 [VF] len=16: b'610-0001-00 H1\x00\x00' #4c [RW] len=173: b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'... 0dff Small item 0 bytes; name 0xf End Tag 10f3 Large item 13315 bytes; name 0x62 !!! unknown item name 98: b'\xd0\x03\x00@`\x0c\x08\x00\x00\x00\x00\x00\x00\x00\x00\x00' === Signed-off-by: Alexey Kardashevskiy Signed-off-by: Bjorn Helgaas drivers/pci/quirks.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) commit 044bc425bb72ffdecfb2a66d50cb1d024ecb96d0 Author: Bjorn Helgaas Date: Tue Nov 15 08:01:17 2016 -0600 PCI: Expand "VPD access disabled" quirk message It's not very enlightening to see pci 0000:07:00.0: [Firmware Bug]: VPD access disabled in the dmesg log because there's no clue about what the firmware bug is. Expand the message to explain why we're disabling VPD. Signed-off-by: Bjorn Helgaas drivers/pci/quirks.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 5fbeef63774878548a4a9244c8a5f5456a1b38a7 Author: Bjorn Helgaas Date: Tue Nov 15 07:57:30 2016 -0600 PCI: pciehp: Remove loading message Remove the "PCI Express Hot Plug Controller Driver" version message. I don't think it contains any useful information. Remove unused #defines and move the author information to a comment. Signed-off-by: Bjorn Helgaas drivers/pci/hotplug/pciehp_core.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) commit d9b47d5496fa613d0a091b1832245f65a3e8fc0a Author: Bjorn Helgaas Date: Tue Nov 15 07:55:51 2016 -0600 PCI: hotplug: Remove hotplug core message Remove the "PCI Hot Plug PCI Core" version message. I don't think it contains any useful information. Remove unused #defines and move the author information to a comment. Signed-off-by: Bjorn Helgaas drivers/pci/hotplug/pci_hotplug_core.c | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) commit 98892fae40ed03ddf6f3bff847993e9d9dd8946a Author: Bjorn Helgaas Date: Tue Nov 15 07:54:19 2016 -0600 PCI: Remove service driver load/unload messages Remove the "service driver %s loaded" and unloaded messages. All service drivers already log something in their probe functions, where they can log more useful details. Signed-off-by: Bjorn Helgaas drivers/pci/pcie/portdrv_core.c | 3 --- 1 file changed, 3 deletions(-) commit 68a55ae5c01356c4c45a3a26d8abd8186638b2a7 Author: Bjorn Helgaas Date: Mon Nov 21 15:34:02 2016 -0600 PCI/AER: Log AER IRQ when claiming Root Port Add a log message when we enable AER on a Root Port and the hierarchy below it. Signed-off-by: Bjorn Helgaas drivers/pci/pcie/aer/aerdrv.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 576700b67a39ea422d28af085458748b50d591dc Author: Bjorn Helgaas Date: Mon Nov 21 15:24:25 2016 -0600 PCI/AER: Log errors with PCI device, not PCIe service device All other AER-related log messages use the PCI device, e.g., "pci 0000:00:1c.0", not the PCIe service device, e.g., "aer 0000:00:1c.0:pcie02". Change the probe error messages to match the rest and include a little context. Signed-off-by: Bjorn Helgaas drivers/pci/pcie/aer/aerdrv.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) commit 2298a7aaa837f460ac28458851d388b4abb38faa Author: Bjorn Helgaas Date: Mon Nov 21 15:19:29 2016 -0600 PCI/AER: Remove unused version macros Remove the unused DRIVER_VERSION, DRIVER_AUTHOR, and DRIVER_DESC macros. The author information is already included in a comment above. Signed-off-by: Bjorn Helgaas drivers/pci/pcie/aer/aerdrv.c | 7 ------- 1 file changed, 7 deletions(-) commit a902d81ac802ca5eb06a140e024b903825117eaf Author: Bjorn Helgaas Date: Mon Nov 21 15:07:53 2016 -0600 PCI/PME: Log PME IRQ when claiming Root Port We already log a "Signaling PME" whenever the PME service driver claims a Root Port. In fact, we also log the same message for every device in the hierarchy below the Root Port. Log the "Signaling PME" once (only for the Root Port, since we can trivially find out which devices are below the Root Port), and include the IRQ number in the message to help connect the dots with /proc/interrupts. Signed-off-by: Bjorn Helgaas Acked-by: Rafael J. Wysocki drivers/pci/pcie/pme.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) commit 0a1e1b26f560411cb58066201dddad5c224e8b9e Author: Bjorn Helgaas Date: Mon Nov 21 11:30:45 2016 -0600 PCI/PME: Drop unused support for PMEs from Root Complex Event Collectors Since we register pcie_pme_driver only for PCI_EXP_TYPE_ROOT_PORT, the PME driver never claims Root Complex Event Collectors. Remove unused code related to Root Complex Event Collectors. Signed-off-by: Bjorn Helgaas Acked-by: Rafael J. Wysocki drivers/pci/pcie/pme.c | 17 +---------------- 1 file changed, 1 insertion(+), 16 deletions(-) commit cc10385b6fde3e5d3a3edaabf10a4e211ee8fe72 Author: Wang Sheng-Hui Date: Thu Sep 22 09:05:46 2016 +0800 PCI: Move config space size macros to pci_regs.h Move PCI configuration space size macros (PCI_CFG_SPACE_SIZE and PCI_CFG_SPACE_EXP_SIZE) from drivers/pci/pci.h to include/uapi/linux/pci_regs.h so they can be used by more drivers and eliminate duplicate definitions. [bhelgaas: Expand comment to include PCI-X details] Signed-off-by: Wang Sheng-Hui Signed-off-by: Bjorn Helgaas drivers/pci/pci.h | 3 --- drivers/vfio/pci/vfio_pci_config.c | 2 -- include/uapi/linux/pci_regs.h | 8 ++++++++ 3 files changed, 8 insertions(+), 5 deletions(-) commit fafd67940774733fa97f4b09412aea6981b82e0a Merge: 6694430 144235e 10565df d06a350 9677e7d b87c701 Author: Mark Brown Date: Mon Dec 12 15:54:20 2016 +0000 Merge remote-tracking branches 'spi/topic/spidev', 'spi/topic/sunxi', 'spi/topic/ti-qspi', 'spi/topic/topcliff-pch' and 'spi/topic/xlp' into spi-next commit 669443013042f57ecdd912c26cbe2fa9687640bc Merge: 830d705 7348291 6906b0e db30083 b099b13 Author: Mark Brown Date: Mon Dec 12 15:54:17 2016 +0000 Merge remote-tracking branches 'spi/topic/orion', 'spi/topic/pxa2xx', 'spi/topic/rspi' and 'spi/topic/s3c64xx' into spi-next commit ce38aa9cbed3d109355b0169b520362c409c0541 Merge: 69973b8 d84701e Author: Linus Torvalds Date: Mon Dec 12 07:54:15 2016 -0800 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next Pull networking updates from David Miller: 1) Platform regulatory domain support for ath10k, from Bartosz Markowski. 2) Centralize min/max MTU checking, thus removing tons of duplicated code all of the the various drivers. From Jarod Wilson. 3) Support ingress actions in act_mirred, from Shmulik Ladkani. 4) Improve device adjacency tracking, from David Ahern. 5) Add support for LED triggers on PHY link state changes, from Zach Brown. 6) Improve UDP socket memory accounting, from Paolo Abeni. 7) Set SK_MEM_QUANTUM to a fixed size of 4096, instead of PAGE_SIZE. From Eric Dumazet. 8) Collapse TCP SKBs at retransmit time even if the right side SKB has frags. Also from Eric Dumazet. 9) Add IP_RECVFRAGSIZE and IPV6_RECVFRAGSIZE cmsgs, from Willem de Bruijn. 10) Support routing by UID, from Lorenzo Colitti. 11) Handle L3 domain binding (ie. VRF) for RAW sockets, from David Ahern. 12) tcp_get_info() can run lockless, from Eric Dumazet. 13) 4-tuple UDP hashing in SFC driver, from Edward Cree. 14) Avoid reorders in GRO code, from Eric Dumazet. 15) IPV6 Segment Routing support, from David Lebrun. 16) Support MPLS push and pop for L3 packets in openvswitch, from Jiri Benc. 17) Add LRU datastructure support for BPF, Martin KaFai Lau. 18) VF support in liquidio driver, from Raghu Vatsavayi. 19) Multiqueue support in alx driver, from Tobias Regnery. 20) Networking cgroup BPF support, from Daniel Mack. 21) TCP chronograph measurements, from Francis Yan. 22) XDP support for qed driver, from Yuval Mintz. 23) BPF based lwtunnels, from Thomas Graf. 24) Consistent FIB dumping to offloading drivers, from Ido Schimmel. 25) Many optimizations for UDP under high load, from Eric Dumazet. * git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next: (1522 commits) netfilter: nft_counter: rework atomic dump and reset e1000: use disable_hardirq() for e1000_netpoll() i40e: don't truncate match_method assignment net: ethernet: ti: netcp: add support of cpts net: phy: phy drivers should not set SUPPORTED_[Asym_]Pause net: l2tp: ppp: change PPPOL2TP_MSG_* => L2TP_MSG_* net: l2tp: deprecate PPPOL2TP_MSG_* in favour of L2TP_MSG_* net: l2tp: export debug flags to UAPI net: ethernet: stmmac: remove private tx queue lock net: ethernet: sxgbe: remove private tx queue lock net: bridge: shorten ageing time on topology change net: bridge: add helper to set topology change net: bridge: add helper to offload ageing time net: nicvf: use new api ethtool_{get|set}_link_ksettings net: ethernet: ti: cpsw: sync rates for channels in dual emac mode net: ethernet: ti: cpsw: re-split res only when speed is changed net: ethernet: ti: cpsw: combine budget and weight split and check net: ethernet: ti: cpsw: don't start queue twice net: ethernet: ti: cpsw: use same macros to get active slave net: mvneta: select GENERIC_ALLOCATOR ... commit 830d705f26a73efccdc9c4ed686d86a959fe7291 Merge: 3bc1ad25 d989eed 32df9ff aa12c1a 2e9c079 Author: Mark Brown Date: Mon Dec 12 15:54:14 2016 +0000 Merge remote-tracking branches 'spi/topic/fsl-lpspi', 'spi/topic/imx', 'spi/topic/jcore' and 'spi/topic/omap' into spi-next commit 3bc1ad252d4f740a7600ded3bf7bee16043f052d Merge: 0afa072 8244bd3 80b444e ccf7d8e 7e2ef00 Author: Mark Brown Date: Mon Dec 12 15:54:09 2016 +0000 Merge remote-tracking branches 'spi/topic/delay', 'spi/topic/dw', 'spi/topic/fsl-dspi' and 'spi/topic/fsl-espi' into spi-next commit 0afa0724dfb0ee94bc1c85eee9e90318413af463 Merge: 9b12be6 5762ab7 d7a3239 768f3d9 01affe2 Author: Mark Brown Date: Mon Dec 12 15:54:05 2016 +0000 Merge remote-tracking branches 'spi/topic/armada', 'spi/topic/ath79', 'spi/topic/atmel' and 'spi/topic/axi' into spi-next commit 9b12be63021a20fc3b76a7b6194e23ef66c903c9 Merge: cc93993 eb51cff Author: Mark Brown Date: Mon Dec 12 15:54:04 2016 +0000 Merge remote-tracking branch 'spi/topic/rcar' into spi-next commit cc939939d81e787fd6a5e86cf81b2ad1cd600bd4 Merge: 0523266 8dd4a01 Author: Mark Brown Date: Mon Dec 12 15:54:03 2016 +0000 Merge remote-tracking branch 'spi/topic/dma' into spi-next commit 05232669503f54babf9f899748baf02934fd1051 Merge: b14a8a8 8eee6b9 Author: Mark Brown Date: Mon Dec 12 15:54:03 2016 +0000 Merge remote-tracking branch 'spi/topic/core' into spi-next commit b14a8a8028a0699d1aafa9a610b01a2ba5a749a6 Merge: 69973b8 39fe33f 7243e0b e634b76 Author: Mark Brown Date: Mon Dec 12 15:53:58 2016 +0000 Merge remote-tracking branches 'spi/fix/atmel', 'spi/fix/mvbeu' and 'spi/fix/spidev' into spi-linus commit a5de5b74a50113564a1e0850e2da96c37c35e55d Merge: fb4587d 0d895e1 50d1236 44b1c9a Author: Mark Brown Date: Mon Dec 12 15:53:32 2016 +0000 Merge remote-tracking branches 'asoc/topic/wm9712', 'asoc/topic/wm9713' and 'asoc/topic/zte' into asoc-next commit fb4587da5b1da8415a716193522c395280b4049b Merge: dc42c6c 60bc617 68b24a2 fbd972d e2d5759 d41a5b4 Author: Mark Brown Date: Mon Dec 12 15:53:29 2016 +0000 Merge remote-tracking branches 'asoc/topic/wm8580', 'asoc/topic/wm8753', 'asoc/topic/wm8978', 'asoc/topic/wm9081' and 'asoc/topic/wm9705' into asoc-next commit dc42c6cb309e09fb81c235350b3a7e7976caf52f Merge: da644e2 4e2cc81 dd5abb7 222e728 4090d63 f196e9a Author: Mark Brown Date: Mon Dec 12 15:53:25 2016 +0000 Merge remote-tracking branches 'asoc/topic/tlv320aic31xx', 'asoc/topic/topology', 'asoc/topic/uda1380', 'asoc/topic/wm2200' and 'asoc/topic/wm8523' into asoc-next commit da644e2edea7e3b03f4a9df15d9125902b52c804 Merge: f617134 7aacbc7 4db61af 92591ef 4a15b24 8a7a282 Author: Mark Brown Date: Mon Dec 12 15:53:21 2016 +0000 Merge remote-tracking branches 'asoc/topic/stac9766', 'asoc/topic/sti', 'asoc/topic/sti-codec', 'asoc/topic/sunxi' and 'asoc/topic/tegra' into asoc-next commit f617134f75bc52cd59bed0b0d43d8fa7fece689e Merge: b35ddfd f2826c1 d252800 a40db07 1bfbc26 29a43aa Author: Mark Brown Date: Mon Dec 12 15:53:18 2016 +0000 Merge remote-tracking branches 'asoc/topic/rt5665', 'asoc/topic/rt5670', 'asoc/topic/rt5677', 'asoc/topic/samsung' and 'asoc/topic/simple' into asoc-next commit b35ddfd41b116eb29c3971ac733f267289f6e3bb Merge: 2f69b4b 6342ad6 33ada14 ca5f17c d01580c 7344472 Author: Mark Brown Date: Mon Dec 12 15:53:14 2016 +0000 Merge remote-tracking branches 'asoc/topic/rt5514', 'asoc/topic/rt5616', 'asoc/topic/rt5640', 'asoc/topic/rt5660' and 'asoc/topic/rt5663' into asoc-next commit 2f69b4b2c8c61b687512d3098e570d7f26b0705f Merge: 2f028b1 59b0113 d3a5866 705e999 4774e27 e3d62cb Author: Mark Brown Date: Mon Dec 12 15:53:11 2016 +0000 Merge remote-tracking branches 'asoc/topic/rl6231', 'asoc/topic/rl6347a', 'asoc/topic/rockchip', 'asoc/topic/rt286' and 'asoc/topic/rt298' into asoc-next commit 2f028b15a232737ba8dd5b883adcca3471a8280e Merge: b8f04c1 1ef5bcd 92be581 b4f89a0 bf8e276 Author: Mark Brown Date: Mon Dec 12 15:53:07 2016 +0000 Merge remote-tracking branches 'asoc/topic/of-graph', 'asoc/topic/pxa', 'asoc/topic/qcom' and 'asoc/topic/rk808' into asoc-next commit b8f04c19432624950be5a303679257cafbaa5b1a Merge: fba3040 9a58725 931afc4 fa80b4e 5f1516d Author: Mark Brown Date: Mon Dec 12 15:53:03 2016 +0000 Merge remote-tracking branches 'asoc/topic/inntel', 'asoc/topic/input', 'asoc/topic/max98504' and 'asoc/topic/nau8825' into asoc-next commit fba3040105d878d44b485cc337a4097788712013 Merge: a3d9190 85280141 5841ce1 efd95c7 b3af6d3 Author: Mark Brown Date: Mon Dec 12 15:52:58 2016 +0000 Merge remote-tracking branches 'asoc/topic/dpcm', 'asoc/topic/es8328', 'asoc/topic/extcon' and 'asoc/topic/fsl' into asoc-next commit a3d91900a69b7fc840a55461c9105762bd4cde87 Merge: b177e7a a545f5d 452a256 Author: Mark Brown Date: Mon Dec 12 15:52:57 2016 +0000 Merge remote-tracking branches 'asoc/topic/davinci' and 'asoc/topic/doc' into asoc-next commit b177e7a5aeb5a9d18cfafbadc1bbca5386f24829 Merge: cc96247 45ee1d8 8c317fa ca493da 03d2ec4 Author: Mark Brown Date: Mon Dec 12 15:52:54 2016 +0000 Merge remote-tracking branches 'asoc/topic/cs42l42', 'asoc/topic/cs42l56', 'asoc/topic/cs42l73' and 'asoc/topic/cs42xx8' into asoc-next commit cc9624790d5f9c6c3bf8cd992706d97d3912290f Merge: ffe9c4f 2e622ae ddba7fa 914657c Author: Mark Brown Date: Mon Dec 12 15:52:51 2016 +0000 Merge remote-tracking branches 'asoc/topic/compress', 'asoc/topic/const' and 'asoc/topic/cs35l34' into asoc-next commit ffe9c4f330328b884e51b8665b392ed6c538bf43 Merge: 43b64af 0a69516 4d41c74 aa43112 fe36837 39b2238 Author: Mark Brown Date: Mon Dec 12 15:52:48 2016 +0000 Merge remote-tracking branches 'asoc/topic/ab8500', 'asoc/topic/arizona', 'asoc/topic/atmel', 'asoc/topic/bcm' and 'asoc/topic/bitfield' into asoc-next commit 43b64af5350119e2e4f0a1423caceab4bd40dd73 Merge: 52708d0 b99258a Author: Mark Brown Date: Mon Dec 12 15:52:47 2016 +0000 Merge remote-tracking branch 'asoc/topic/rcar' into asoc-next commit 52708d05bad11ea2cd2c1391af13321b80982332 Merge: 14eec47 c1aee1d Author: Mark Brown Date: Mon Dec 12 15:52:46 2016 +0000 Merge remote-tracking branch 'asoc/topic/intel' into asoc-next commit 14eec47753216e185396be5b0e6f04f274bfe4a5 Merge: e6c6fd8 c664411 Author: Mark Brown Date: Mon Dec 12 15:52:46 2016 +0000 Merge remote-tracking branch 'asoc/topic/dmaengine' into asoc-next commit e6c6fd896bbe4fe8967c5ba6f2d5db056a1da688 Merge: c0f2302 1b4d9c2 Author: Mark Brown Date: Mon Dec 12 15:52:45 2016 +0000 Merge remote-tracking branch 'asoc/topic/dapm-pin' into asoc-next commit c0f2302a6ac310bcacccafbefe414a8026375b60 Merge: 3f1b861 02866ea Author: Mark Brown Date: Mon Dec 12 15:52:44 2016 +0000 Merge remote-tracking branch 'asoc/topic/dapm' into asoc-next commit 3f1b86139e94289289b00f745cc483b1fef5fd46 Merge: 66f8990 06859fc Author: Mark Brown Date: Mon Dec 12 15:52:43 2016 +0000 Merge remote-tracking branch 'asoc/topic/core' into asoc-next commit 66f89906f07e102aece00b80d99f6e1039529bc6 Merge: 1e570a8 9178feb Author: Mark Brown Date: Mon Dec 12 15:52:43 2016 +0000 Merge remote-tracking branch 'asoc/topic/component' into asoc-next commit 1e570a83ad90f1e47540acd11cf1fac9da120815 Merge: 2e8239e 8683451 3b89e4b Author: Mark Brown Date: Mon Dec 12 15:52:37 2016 +0000 Merge remote-tracking branches 'asoc/fix/da7219-pops' and 'asoc/fix/qcom' into asoc-linus commit 2e8239e792ba9c86310e76e98017a11dc2173969 Merge: 69973b8 2fc995a Author: Mark Brown Date: Mon Dec 12 15:52:34 2016 +0000 Merge remote-tracking branch 'asoc/fix/intel' into asoc-linus commit 4d41c74dcb6778ae92d985e4d32055345c3a1fed Author: Richard Fitzgerald Date: Fri Dec 9 09:57:41 2016 +0000 ASoC: wm_adsp: wm_adsp_buf_alloc should use kfree in error path buf was allocated by kzalloc() so it should be passed to kfree() Signed-off-by: Richard Fitzgerald Signed-off-by: Mark Brown sound/soc/codecs/wm_adsp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit c931225480aeabc6f867f2c1dea3738b3e1622a4 Author: Lukas Wunner Date: Mon Dec 12 09:45:47 2016 -0600 x86/platform/intel-mid: Constify mid_pci_platform_pm This struct never needs to be modified. The size of pci-mid.o ELF sections changes thusly: -.data 56 +.data 0 -.rodata 32 +.rodata 88 Signed-off-by: Lukas Wunner Acked-by: Andy Shevchenko Acked-by: Bjorn Helgaas drivers/pci/pci-mid.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit dd5abb742071a962be4403f171063ed1e9d4202d Author: Arnd Bergmann Date: Fri Dec 9 12:51:46 2016 +0100 ASoC: topology: avoid uninitialized kcontrol_type When num_kcontrols is zero, widget->dobj.widget.kcontrol_type gets set to an uninitialized local variable: sound/soc/soc-topology.c: In function 'soc_tplg_dapm_widget_create': sound/soc/soc-topology.c:1566:36: error: 'kcontrol_type' may be used uninitialized in this function [-Werror=maybe-uninitialized] I could not figure out which of the valid types would be appropriate here, so this sets it to '0', which is invalid but at least well-defined here. There is probably a better way to address the issue. Fixes: eea3dd4f1247 ("ASoC: topology: Only free TLV for volume mixers of a widget") Signed-off-by: Arnd Bergmann Reported-by: Dan Carpenter Reviewed-by: Takashi Sakamoto Signed-off-by: Mark Brown sound/soc/soc-topology.c | 1 + 1 file changed, 1 insertion(+) commit f397c8d80a5e413984bd9ccdf4161c7156b365ce Author: Ulf Hansson Date: Thu Dec 8 11:23:49 2016 +0100 mmc: block: Move files to core Once upon a time it made sense to keep the mmc block device driver and its related code, in its own directory called card. Over time, more an more functions/structures have become shared through generic mmc header files, between the core and the card directory. In other words, the relationship between them has become closer. By sharing functions/structures via generic header files, it becomes easy for outside users to abuse them. In a way to avoid that from happen, let's move the files from card directory into the core directory, as it enables us to move definitions of functions/structures into mmc core specific header files. Note, this is only the first step in providing a cleaner mmc interface for outside users. Following changes will do the actual cleanup, as that is not part of this change. Signed-off-by: Ulf Hansson Reviewed-by: Linus Walleij drivers/mmc/Kconfig | 2 - drivers/mmc/Makefile | 1 - drivers/mmc/card/Kconfig | 70 - drivers/mmc/card/Makefile | 10 - drivers/mmc/card/block.c | 2336 ----------------------------- drivers/mmc/card/block.h | 1 - drivers/mmc/card/mmc_test.c | 3314 ------------------------------------------ drivers/mmc/card/queue.c | 491 ------- drivers/mmc/card/queue.h | 64 - drivers/mmc/card/sdio_uart.c | 1200 --------------- drivers/mmc/core/Kconfig | 66 + drivers/mmc/core/Makefile | 4 + drivers/mmc/core/block.c | 2336 +++++++++++++++++++++++++++++ drivers/mmc/core/block.h | 1 + drivers/mmc/core/mmc_test.c | 3312 +++++++++++++++++++++++++++++++++++++++++ drivers/mmc/core/queue.c | 489 +++++++ drivers/mmc/core/queue.h | 64 + drivers/mmc/core/sdio_uart.c | 1200 +++++++++++++++ 18 files changed, 7472 insertions(+), 7489 deletions(-) commit 709613ad2b3c9eaeb2a3e24284b7c8feffc17326 Author: Ross Lagerwall Date: Fri Dec 9 17:10:22 2016 +0000 xen/balloon: Only mark a page as managed when it is released Only mark a page as managed when it is released back to the allocator. This ensures that the managed page count does not get falsely increased when a VM is running. Correspondingly change it so that pages are marked as unmanaged after getting them from the allocator. Signed-off-by: Ross Lagerwall Reviewed-by: Boris Ostrovsky Signed-off-by: Juergen Gross drivers/xen/balloon.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) commit 581d21a2d02a798ee34e56dbfa13f891b3a90c30 Author: David Vrabel Date: Fri Dec 9 14:41:13 2016 +0000 xenbus: fix deadlock on writes to /proc/xen/xenbus /proc/xen/xenbus does not work correctly. A read blocked waiting for a xenstore message holds the mutex needed for atomic file position updates. This blocks any writes on the same file handle, which can deadlock if the write is needed to unblock the read. Clear FMODE_ATOMIC_POS when opening this device to always get character device like sematics. Signed-off-by: David Vrabel Reviewed-by: Juergen Gross Signed-off-by: Juergen Gross drivers/xen/xenbus/xenbus_dev_frontend.c | 2 ++ 1 file changed, 2 insertions(+) commit 7c7808ce107d63e158dbbc3af085980985a0c3c4 Author: Randy Dunlap Date: Mon Nov 21 08:40:32 2016 +0900 openrisc: prevent VGA console, fix builds OpenRISC does not support VGA console, so prevent that kconfig symbol from being enabled for OpenRISC, thus fixing these build errors: drivers/built-in.o: In function `vgacon_save_screen': vgacon.c:(.text+0x20e0): undefined reference to `screen_info' vgacon.c:(.text+0x20e8): undefined reference to `screen_info' drivers/built-in.o: In function `vgacon_init': vgacon.c:(.text+0x284c): undefined reference to `screen_info' vgacon.c:(.text+0x2850): undefined reference to `screen_info' drivers/built-in.o: In function `vgacon_startup': vgacon.c:(.text+0x28d8): undefined reference to `screen_info' drivers/built-in.o:vgacon.c:(.text+0x28f0): more undefined references to `screen_info' follow Signed-off-by: Randy Dunlap Reported-by: kbuild test robot Cc: Chen Gang Cc: Jonas Bonn Signed-off-by: Stafford Horne drivers/video/console/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit cdb75442fedff8cc3ddedbe6e41d00b471634e17 Author: Stefan Kristiansson Date: Thu Jul 3 20:46:40 2014 +0300 openrisc: include l.swa in check for write data pagefault During page fault handling we check the last instruction to understand if the fault was for a read or for a write. By default we fall back to read. New instructions were added to the openrisc 1.1 spec for an atomic load/store pair (l.lwa/l.swa). This patch adds the opcode for l.swa (0x33) allowing it to be treated as a write operation. Signed-off-by: Stefan Kristiansson [shorne@gmail.com: expanded a bit on the comment] Signed-off-by: Stafford Horne arch/openrisc/kernel/entry.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d01e1f35fee54fd7131e161956e609dfd47c1056 Author: Stafford Horne Date: Mon Mar 21 17:11:10 2016 +0900 openrisc: Updates after openrisc.net has been lost The openrisc.net domain expired and was taken over by squatters. These updates point documentation to the new domain, mailing lists and git repos. Also, Jonas is not the main maintainer anylonger, he reviews changes but does not maintain a repo or sent pull requests. Updating this to add Stafford and Stefan who are the active maintainers. Acked-by: Olof Kindgren Signed-off-by: Stafford Horne MAINTAINERS | 6 ++++-- arch/openrisc/README.openrisc | 8 ++++---- arch/openrisc/kernel/setup.c | 2 +- 3 files changed, 9 insertions(+), 7 deletions(-) commit 266c7fad157265bb54d17db1c9545f2aaa488643 Author: Stafford Horne Date: Sun Apr 3 19:14:49 2016 +0900 openrisc: Consolidate setup to use memblock instead of bootmem Clearing out one todo item. Use the memblock boot time memory which is the current standard. Tested-by: Guenter Roeck Acked-by: Jonas Signed-off-by: Stafford Horne arch/openrisc/Kconfig | 1 + arch/openrisc/TODO.openrisc | 3 --- arch/openrisc/include/asm/pgalloc.h | 1 - arch/openrisc/kernel/setup.c | 36 ++++++++++++------------------------ arch/openrisc/mm/init.c | 2 +- arch/openrisc/mm/ioremap.c | 4 ---- 6 files changed, 14 insertions(+), 33 deletions(-) commit 994894c3f710f5d8ca89d22988fe715db57bbc87 Author: Rob Herring Date: Wed Aug 31 00:10:59 2016 +0900 openrisc: remove the redundant of_platform_populate The of_platform_populate call in the openrisc arch code is now redundant as the DT core provides a default call. Openrisc has a NULL match table which means only top level nodes with compatible strings will have devices creates. The default version will also descend nodes in the match table such as "simple-bus" which should be fine as openrisc doesn't have any of these (though it is preferred that memory-mapped peripherals be grouped under a bus node(s)). Signed-off-by: Rob Herring Cc: Jonas Bonn Tested-by: Guenter Roeck Signed-off-by: Stafford Horne arch/openrisc/kernel/setup.c | 10 ---------- 1 file changed, 10 deletions(-) commit 34bbdcdcda88a24ef4d0f58ea84a9fdf14aea7af Author: Stafford Horne Date: Sat Sep 24 22:20:42 2016 +0900 openrisc: add NR_CPUS Kconfig default value The build system now expects that NR_CPUS is defined. Follow 4cbbbb4 ("microblaze: Fix missing NR_CPUS in menuconfig") Signed-off-by: Stafford Horne arch/openrisc/Kconfig | 3 +++ 1 file changed, 3 insertions(+) commit 1f43e235dfc44be335e484dae88928e997036026 Author: Guenter Roeck Date: Sun Jul 20 00:39:08 2014 +0300 openrisc: Support both old (or32) and new (or1k) toolchain The output file format for or1k has changed from "elf32-or32" to "elf32-or1k". Select the correct output format automatically to be able to compile the kernel with both toolchain variants. Signed-off-by: Guenter Roeck Tested-by: Guenter Roeck Signed-off-by: Stafford Horne arch/openrisc/kernel/vmlinux.lds.S | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) commit e60aa2fba4678d4e7e2d28ef4f2110084d0b150a Author: Christian Svensson Date: Sat Jan 25 15:48:54 2014 +0000 openrisc: Add thread-local storage (TLS) support Historically OpenRISC GCC has reserved r10 which we now use to hold the thread pointer for thread-local storage (TLS). Signed-off-by: Christian Svensson Signed-off-by: Stefan Kristiansson Tested-by: Guenter Roeck Signed-off-by: Stafford Horne arch/openrisc/kernel/process.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) commit c79902190f7e61fcae7c3f4b613c75062f385678 Author: Jonas Bonn Date: Mon Sep 23 12:04:20 2013 +0200 openrisc: restore all regs on rt_sigreturn Fix signal handling for when signals are handled as the result of timers or exceptions, previous code assumed syscalls. This was noticeable with X crashing where it uses SIGALRM. This patch restores all regs before returning to userspace via _resume_userspace instead of via syscall return path. The rt_sigreturn syscall is more like a context switch than a function call; it entails a return from one context (the signal handler) to another (the process in question). For a context switch like this there are effectively no call-saved regs that remain constant across the transition. Reported-by: Sebastian Macke Signed-off-by: Jonas Bonn Tested-by: Guenter Roeck [shorne@gmail.com: Updated comment better reflect change and issue] Signed-off-by: Stafford Horne arch/openrisc/kernel/entry.S | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) commit f47706099bdb8c0e6300d6f5ba8e542861aa3ac5 Author: Stefan Kristiansson Date: Sat Jan 11 00:17:38 2014 +0200 openrisc: fix PTRS_PER_PGD define On OpenRISC, with its 8k pages, PAGE_SHIFT is defined to be 13. That makes the expression (1UL << (PAGE_SHIFT-2)) evaluate to 2048. The correct value for PTRS_PER_PGD should be 256. Correcting the PTRS_PER_PGD define unveiled a bug in map_ram(), where PTRS_PER_PGD was used when the intent was to iterate over a set of page table entries. This patch corrects that issue as well. Signed-off-by: Stefan Kristiansson Acked-by: Jonas Bonn Tested-by: Guenter Roeck Signed-off-by: Stafford Horne arch/openrisc/include/asm/pgtable.h | 2 +- arch/openrisc/mm/init.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) commit d00b74613fb18dfd0a5aa99270ee2e72d5c808d7 Merge: 56e3d92 f819288 3498c5e Author: Mark Brown Date: Mon Dec 12 12:17:31 2016 +0000 Merge remote-tracking branches 'regulator/topic/tps65086' and 'regulator/topic/twl' into regulator-next commit 56e3d92ddb97d9584622b29d4ecb268e30242b1e Merge: bed6972 09f2ba0 205321f 9837792 53a2046 e98d5fe Author: Mark Brown Date: Mon Dec 12 12:17:27 2016 +0000 Merge remote-tracking branches 'regulator/topic/gpio', 'regulator/topic/lp873x', 'regulator/topic/max77620', 'regulator/topic/pwm' and 'regulator/topic/tps6507x' into regulator-next commit bed69721b67aeb3616e983ed32acc131968188f5 Merge: 6b46856 88f0e3a 85b0374 30103b5 cc9b9402 Author: Mark Brown Date: Mon Dec 12 12:17:24 2016 +0000 Merge remote-tracking branches 'regulator/topic/arizona', 'regulator/topic/bypass', 'regulator/topic/error' and 'regulator/topic/fixed' into regulator-next commit 6b46856246592f860840acf32fcb732111c1c9eb Merge: 99305bd b2661e9 Author: Mark Brown Date: Mon Dec 12 12:17:23 2016 +0000 Merge remote-tracking branch 'regulator/topic/core' into regulator-next commit 99305bdc7c84e61635e542f3cd81f29d1964ea5a Merge: c1b0789 295070e d8ca5bd Author: Mark Brown Date: Mon Dec 12 12:17:19 2016 +0000 Merge remote-tracking branches 'regulator/fix/stw481x' and 'regulator/fix/tps65086' into regulator-linus commit c1b0789271b13dd7561f78370122c3183cd74ab0 Merge: 69973b8 618c808 Author: Mark Brown Date: Mon Dec 12 12:17:19 2016 +0000 Merge remote-tracking branch 'regulator/fix/axp20x' into regulator-linus commit c19805f870c1fa87c69819eb1e18d9c5fc398f58 Author: Christian Borntraeger Date: Tue Nov 8 09:53:34 2016 +0100 s390/cpumf: Use configuration level indication for sampling data Newer hardware provides the level of virtualization that a particular sample belongs to. Use that information and fall back to the old heuristics if the sample does not contain that information. Reviewed-by: Heiko Carstens Reviewed-by: Hendrik Brueckner Signed-off-by: Christian Borntraeger Signed-off-by: Martin Schwidefsky arch/s390/include/asm/cpu_mf.h | 3 ++- arch/s390/kernel/perf_cpum_sf.c | 27 ++++++++++++++++++++------- 2 files changed, 22 insertions(+), 8 deletions(-) commit b4623d4e5b2370fcf1200cbf832aaa53f6e96ef3 Author: Heiko Carstens Date: Wed Dec 7 13:45:38 2016 +0100 s390: provide memmove implementation Provide an s390 specific memmove implementation which is faster than the generic implementation which copies byte-wise. For non-destructive (as defined by the mvc instruction) memmove operations the following table compares the old default implementation versus the new s390 specific implementation: size old new 1 1ns 8ns 2 2ns 8ns 4 4ns 8ns 8 7ns 8ns 16 17ns 8ns 32 35ns 8ns 64 65ns 9ns 128 146ns 10ns 256 298ns 11ns 512 537ns 11ns 1024 1193ns 19ns 2048 2405ns 36ns So only for very small sizes the old implementation is faster. For overlapping memmoves, where the mvc instruction can't be used, the new implementation is as slow as the old one. Signed-off-by: Heiko Carstens Signed-off-by: Martin Schwidefsky arch/s390/include/asm/string.h | 3 ++- arch/s390/lib/mem.S | 39 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 41 insertions(+), 1 deletion(-) commit 82897ede9235d31c50074ce1da81828aa2f3d70c Author: Heiko Carstens Date: Wed Dec 7 10:38:36 2016 +0100 s390: cleanup arch/s390/kernel Makefile Group all compiler flag modification lines together and sort them alphabetically. This should hopefully prevent future bugs due to missing flag modifications. Also fix indentation at some places. Reviewed-by: Peter Oberparleiter Signed-off-by: Heiko Carstens Signed-off-by: Martin Schwidefsky arch/s390/kernel/Makefile | 66 ++++++++++++++++++++++++++--------------------- 1 file changed, 36 insertions(+), 30 deletions(-) commit d543a106f96d6f15e4507cf349128912d44356d9 Author: Heiko Carstens Date: Tue Dec 6 15:52:10 2016 +0100 s390: fix initrd corruptions with gcov/kcov instrumented kernels The early C code within arch/s390/kernel/early.c saves ipl parameters before the bss section is cleared. When doing that it jumps to code that is potentially gcov/kcov instrumented. That code in turn will corrupt an initrd that potentially may reside in the not yet ready to be used bss section. Instead of excluding more and more code from gcov/kcov instrumentation provide an early memmove function which will be used to save ipl parameters. The verification if these parameters are actually valid will be done later. Reviewed-by: Peter Oberparleiter Signed-off-by: Heiko Carstens Signed-off-by: Martin Schwidefsky arch/s390/include/asm/ipl.h | 2 +- arch/s390/kernel/early.c | 47 +++++++++++++++++++++++++++++++++++++++++++-- arch/s390/kernel/ipl.c | 7 +------ 3 files changed, 47 insertions(+), 9 deletions(-) commit b5cb9bf8dd2ce94a2de507bc7546d965cbd421a6 Author: Heiko Carstens Date: Wed Dec 7 10:36:05 2016 +0100 s390: exclude early C code from gcov profiling Early C code must be excluded from gcov profiling since it may write to the bss section before - a potential initrd that resides there is rescued - the bss section is initialized (zeroed) This patch only addresses the problem that early code is instrumented for profiling, but not the problem that it jumps into other code that is still instrumented. That problem will be fixed with a follow-on patch. Reviewed-by: Peter Oberparleiter Signed-off-by: Heiko Carstens Signed-off-by: Martin Schwidefsky arch/s390/kernel/Makefile | 1 + 1 file changed, 1 insertion(+) commit a521b048bc8c5d3c57a468c2cba70eb60e873616 Author: Stefan Haberland Date: Mon Aug 8 15:56:54 2016 +0200 s390/dasd: channel path aware error recovery With this feature, the DASD device driver more robustly handles DASDs that are attached via multiple channel paths and are subject to constant Interface-Control-Checks (IFCCs) and Channel-Control-Checks (CCCs) or loss of High-Performance-FICON (HPF) functionality on one or more of these paths. If a channel path does not work correctly, it is removed from normal operation as long as other channel paths are available. All extended error recovery states can be queried and reset via user space interfaces. Signed-off-by: Stefan Haberland Reviewed-by: Sebastian Ott Reviewed-by: Jan Hoeppner Signed-off-by: Martin Schwidefsky arch/s390/include/asm/scsw.h | 6 +- drivers/s390/block/dasd.c | 149 +++++++++++++++++++------- drivers/s390/block/dasd_3990_erp.c | 46 ++++++++ drivers/s390/block/dasd_devmap.c | 157 +++++++++++++++++++++++++-- drivers/s390/block/dasd_eckd.c | 210 ++++++++++++++++++++++++++----------- drivers/s390/block/dasd_eckd.h | 2 + drivers/s390/block/dasd_int.h | 68 ++++++++++++ 7 files changed, 529 insertions(+), 109 deletions(-) commit c93461515a1a16486f4e483cb34170366fa73ea1 Author: Stefan Haberland Date: Mon Aug 8 15:53:54 2016 +0200 s390/dasd: extend dasd path handling Store flags and path_data per channel path. Implement get/set functions for various path masks. The patch does not add functional changes. Signed-off-by: Stefan Haberland Reviewed-by: Sebastian Ott Reviewed-by: Jan Hoeppner Signed-off-by: Martin Schwidefsky drivers/s390/block/dasd.c | 101 +++++----- drivers/s390/block/dasd_3990_erp.c | 6 +- drivers/s390/block/dasd_devmap.c | 10 +- drivers/s390/block/dasd_eckd.c | 113 +++++------ drivers/s390/block/dasd_eckd.h | 3 +- drivers/s390/block/dasd_erp.c | 2 +- drivers/s390/block/dasd_fba.c | 2 +- drivers/s390/block/dasd_int.h | 381 ++++++++++++++++++++++++++++++++++++- 8 files changed, 475 insertions(+), 143 deletions(-) commit 7df11604592b579bce2762783c21569d02272332 Author: Heiko Carstens Date: Wed Dec 7 10:16:13 2016 +0100 s390: remove unused labels from entry.S Signed-off-by: Heiko Carstens Signed-off-by: Martin Schwidefsky arch/s390/kernel/entry.S | 5 ----- 1 file changed, 5 deletions(-) commit d183e4efcae8d88a2f252e546978658ca6d273cc Author: Laurent Pinchart Date: Thu Dec 8 20:22:43 2016 -0200 [media] v4l: tvp5150: Add missing break in set control handler A break is missing resulting in the hue control enabling or disabling the decode completely. Fix it. Fixes: c43875f66140 ("[media] tvp5150: replace MEDIA_ENT_F_CONN_TEST by a control") Cc: stable@vger.kernel.org Signed-off-by: Laurent Pinchart Signed-off-by: Mauro Carvalho Chehab drivers/media/i2c/tvp5150.c | 1 + 1 file changed, 1 insertion(+) commit 6e98bee2899549c7482b05b0740bf195493ef9dc Author: Laurent Pinchart Date: Thu Dec 8 20:22:42 2016 -0200 [media] v4l: tvp5150: Don't inline the tvp5150_selmux() function The function is large and called in several places, don't inline it. Signed-off-by: Laurent Pinchart Signed-off-by: Mauro Carvalho Chehab Signed-off-by: Mauro Carvalho Chehab drivers/media/i2c/tvp5150.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 406ff67d5820f592ff2b5ac2643a75f001b1d21f Author: Laurent Pinchart Date: Thu Dec 8 20:22:41 2016 -0200 [media] v4l: tvp5150: Compile tvp5150_link_setup out if !CONFIG_MEDIA_CONTROLLER The function is only referenced as a handler in the tvp5150_sd_media_ops structure, which is only used when CONFIG_MEDIA_CONTROLLER is set. Don't define the function and the structure when the configuration option is unset to avoid an unused function warning. Signed-off-by: Laurent Pinchart Signed-off-by: Mauro Carvalho Chehab Signed-off-by: Mauro Carvalho Chehab drivers/media/i2c/tvp5150.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit c6d48134cb2682516ed50ca0cea2675d27d985e8 Author: Mauro Carvalho Chehab Date: Wed Dec 7 14:34:22 2016 -0200 [media] em28xx: don't store usb_device at struct em28xx Now that we're storing usb_interface at em28xx struct, there's no good reason to keep storing usb_device, as we can get it from usb_interface. So, get rid of it. Signed-off-by: Mauro Carvalho Chehab drivers/media/usb/em28xx/em28xx-audio.c | 23 ++++++++++++++--------- drivers/media/usb/em28xx/em28xx-cards.c | 10 +++++----- drivers/media/usb/em28xx/em28xx-core.c | 29 +++++++++++++++++------------ drivers/media/usb/em28xx/em28xx-dvb.c | 3 ++- drivers/media/usb/em28xx/em28xx-input.c | 14 ++++++++------ drivers/media/usb/em28xx/em28xx-video.c | 9 ++++++--- drivers/media/usb/em28xx/em28xx.h | 1 - 7 files changed, 52 insertions(+), 37 deletions(-) commit 29b05e22f5c68c657f5ec30a31023b81124287fb Author: Mauro Carvalho Chehab Date: Wed Dec 7 13:48:10 2016 -0200 [media] em28xx: use usb_interface for dev_foo() calls The usb_device->dev is not the right device for dev_foo() calls. Instead, it should use usb_interface->dev. Tested-by: Antti Palosaari Signed-off-by: Mauro Carvalho Chehab drivers/media/usb/em28xx/em28xx-audio.c | 34 ++++++------ drivers/media/usb/em28xx/em28xx-camera.c | 30 +++++------ drivers/media/usb/em28xx/em28xx-cards.c | 61 ++++++++++----------- drivers/media/usb/em28xx/em28xx-core.c | 48 ++++++++--------- drivers/media/usb/em28xx/em28xx-dvb.c | 61 ++++++++++----------- drivers/media/usb/em28xx/em28xx-i2c.c | 92 ++++++++++++++++---------------- drivers/media/usb/em28xx/em28xx-input.c | 32 +++++------ drivers/media/usb/em28xx/em28xx-vbi.c | 2 +- drivers/media/usb/em28xx/em28xx-video.c | 68 +++++++++++------------ drivers/media/usb/em28xx/em28xx.h | 1 + 10 files changed, 216 insertions(+), 213 deletions(-) commit ea48c3680829c0c522a799a4a9e0fb6cc5afd0a4 Author: Mauro Carvalho Chehab Date: Wed Dec 7 14:53:26 2016 -0200 [media] em28xx: don't change the device's name Changing the device name, causes it to be unable to remove the sysfs file, causing troubles if a device is removed and then re-inserted. [ 1010.310320] WARNING: CPU: 3 PID: 119 at fs/sysfs/dir.c:31 sysfs_warn_dup+0x7b/0x90 [ 1010.310323] sysfs: cannot create duplicate filename '/bus/usb/devices/1-3.3' [ 1010.310325] Modules linked in: lgdt330x em28xx_dvb dvb_core em28xx_alsa tuner_xc2028 tuner tvp5150 em28xx_v4l videobuf2_vmalloc videobuf2_memops videobuf2_v4l2 videobuf2_core em28xx tveeprom v4l2_common videodev media xt_CHECKSUM iptable_mangle ipt_MASQUERADE nf_nat_masquerade_ipv4 iptable_nat nf_nat_ipv4 nf_nat nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack ipt_REJECT nf_reject_ipv4 xt_tcpudp tun bridge stp llc ebtable_filter ebtables ip6table_filter ip6_tables iptable_filter ip_tables x_tables cmac bnep cpufreq_powersave cpufreq_conservative cpufreq_userspace binfmt_misc parport_pc ppdev lp parport snd_hda_codec_hdmi iTCO_wdt snd_hda_codec_realtek iTCO_vendor_support snd_hda_codec_generic arc4 intel_rapl x86_pkg_temp_thermal iwlmvm intel_powerclamp coretemp kvm_intel mac80211 kvm i915 [ 1010.310383] irqbypass crct10dif_pclmul crc32_pclmul ghash_clmulni_intel iwlwifi pl2303 aesni_intel btusb aes_x86_64 usbserial lrw btrtl gf128mul glue_helper btbcm ablk_helper cryptd btintel bluetooth drm_kms_helper cfg80211 drm psmouse pcspkr i2c_i801 e1000e serio_raw snd_hda_intel snd_soc_rt5640 snd_hda_codec snd_soc_rl6231 snd_soc_ssm4567 mei_me i2c_smbus rfkill snd_hda_core ptp mei snd_soc_core ehci_pci sg lpc_ich shpchp mfd_core ehci_hcd pps_core snd_hwdep i2c_algo_bit snd_compress snd_pcm sdhci_acpi snd_timer battery snd sdhci elan_i2c snd_soc_sst_acpi mmc_core fjes dw_dmac i2c_hid soundcore snd_soc_sst_match i2c_designware_platform video i2c_designware_core acpi_pad acpi_als kfifo_buf tpm_tis button industrialio tpm_tis_core tpm ext4 crc16 jbd2 fscrypto mbcache dm_mod joydev evdev hid_logitech_hidpp [ 1010.310449] sd_mod hid_logitech_dj usbhid hid ahci libahci crc32c_intel libata xhci_pci xhci_hcd scsi_mod usbcore fan thermal [ 1010.310464] CPU: 3 PID: 119 Comm: kworker/3:2 Not tainted 4.9.0-rc8+ #14 [ 1010.310466] Hardware name: /NUC5i7RYB, BIOS RYBDWi35.86A.0350.2015.0812.1722 08/12/2015 [ 1010.310487] Workqueue: usb_hub_wq hub_event [usbcore] [ 1010.310490] 0000000000000000 ffffffff848f56c5 ffff8803b1f7f858 0000000000000000 [ 1010.310496] ffffffff8414f8f8 ffff88030000001f ffffed00763eff07 ffff8803b1f7f8f0 [ 1010.310501] ffff8803b3ea1e60 0000000000000001 ffffffffffffffef ffff8803b45c6840 [ 1010.310505] Call Trace: [ 1010.310517] [] ? dump_stack+0x5c/0x77 [ 1010.310522] [] ? __warn+0x168/0x1a0 [ 1010.310526] [] ? warn_slowpath_fmt+0xb4/0xf0 [ 1010.310529] [] ? __warn+0x1a0/0x1a0 [ 1010.310534] [] ? kasan_kmalloc+0xa6/0xd0 [ 1010.310539] [] ? kernfs_path_from_node+0x4a/0x60 [ 1010.310543] [] ? sysfs_warn_dup+0x7b/0x90 [ 1010.310547] [] ? sysfs_do_create_link_sd.isra.2+0xb6/0xd0 [ 1010.310553] [] ? bus_add_device+0x318/0x6b0 [ 1010.310557] [] ? sysfs_create_groups+0x83/0x110 [ 1010.310562] [] ? device_add+0x777/0x1350 [ 1010.310567] [] ? device_private_init+0x180/0x180 [ 1010.310583] [] ? usb_new_device+0x707/0x1030 [usbcore] [ 1010.310598] [] ? hub_event+0x1d65/0x3280 [usbcore] [ 1010.310604] [] ? account_entity_dequeue+0x30b/0x4a0 [ 1010.310618] [] ? hub_port_debounce+0x280/0x280 [usbcore] [ 1010.310624] [] ? compat_start_thread+0x80/0x80 [ 1010.310629] [] ? __schedule+0x704/0x1770 [ 1010.310633] [] ? io_schedule_timeout+0x390/0x390 [ 1010.310638] [] ? cache_reap+0x173/0x200 [ 1010.310642] [] ? process_one_work+0x4ed/0xe60 [ 1010.310646] [] ? worker_thread+0xe2/0xfd0 [ 1010.310650] [] ? __wake_up_common+0xbc/0x160 [ 1010.310654] [] ? process_one_work+0xe60/0xe60 [ 1010.310658] [] ? kthread+0x1cc/0x220 [ 1010.310663] [] ? kthread_park+0x80/0x80 [ 1010.310667] [] ? kthread_park+0x80/0x80 [ 1010.310671] [] ? kthread_park+0x80/0x80 [ 1010.310675] [] ? ret_from_fork+0x25/0x30 Tested-by: Antti Palosaari Signed-off-by: Mauro Carvalho Chehab drivers/media/usb/em28xx/em28xx-cards.c | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) commit 8cd16166b0002df427ed39e4970e0be4830199b2 Author: Benjamin Tissoires Date: Sat Dec 10 21:58:55 2016 +0100 HID: fix missing irq field commit ba18a9314a94 ("Revert "HID: i2c-hid: Add support for ACPI GPIO interrupts"") removed the need for storing the irq in struct i2c_hid. But then commit de3c99488609 ("HID: i2c-hid: Disable IRQ before freeing buffers") forgot to update the location of the irq. Fix this by using the actual I2C client irq. Reported-by: kbuild test robot Signed-off-by: Benjamin Tissoires Signed-off-by: Jiri Kosina drivers/hid/i2c-hid/i2c-hid.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit ba1660f1791f31a76da247caebf273b3f3d5071c Author: Jiri Kosina Date: Fri Dec 9 13:37:07 2016 +0100 HID: i2c-hid: fix build Add a forgotten include that I've by mistake omitted when resolving merge conflict in ead0687fe30 ("HID: i2c-hid: support regulator power on/off"). Fixes: ead0687fe30 ("HID: i2c-hid: support regulator power on/off") Reported-by: kbuild test robot Signed-off-by: Jiri Kosina drivers/hid/i2c-hid/i2c-hid.c | 1 + 1 file changed, 1 insertion(+) commit d46ddc593f4da8d6c1b068503c04e063fa3a0e70 Author: João Paulo Rechi Vita Date: Tue Dec 6 15:48:35 2016 -0500 HID: i2c-hid: Disable IRQ before freeing buffers The HID report buffers that are initially allocated on i2c_hid_probe() might not be big enough to hold the HID reports from a specific device, in which case they will be freed and new ones will be allocated in i2c_hid_start(), at point which the device's report size is known. But at this point ihid->irq is already running, and may call i2c_hid_get_input() which passes ihid->inbuf to i2c_master_recv(). Since this handler runs in a separate thread, ihid->inbuf may be freed at this very moment, and i2c_master_recv() will write on memory which may be already owned by a different part of the kernel, corrupting its data. This problem has been observed on an Asus UX360UA laptop which has an I2C touchpad, and results in a complete system freeze or an unusable slowness with a lof of "BUG: unable to handle kernel paging request at
" warnings. Enabling SLUB debugging shows a use-after-free warning on memory allocated in i2c_hid_alloc_buffers() and freed in i2c_hid_free_buffers(): ============================================================================= BUG kmalloc-64 (Not tainted): Poison overwritten ----------------------------------------------------------------------------- Disabling lock debugging due to kernel taint INFO: 0xffff880264083273-0xffff88026408329e. first byte 0x0 instead of 0x6b INFO: Allocated in i2c_hid_alloc_buffers+0x25/0xa0 [i2c_hid] age=35793 cpu=2 pid=430 ___slab_alloc+0x41e/0x460 __slab_alloc+0x20/0x40 __kmalloc+0x210/0x280 i2c_hid_alloc_buffers+0x25/0xa0 [i2c_hid] i2c_hid_probe+0x12f/0x5e0 [i2c_hid] i2c_device_probe+0x10a/0x1b0 driver_probe_device+0x220/0x4a0 __device_attach_driver+0x71/0xa0 bus_for_each_drv+0x67/0xb0 __device_attach+0xdc/0x170 device_initial_probe+0x13/0x20 bus_probe_device+0x92/0xa0 device_add+0x4aa/0x670 device_register+0x1a/0x20 i2c_new_device+0x18e/0x230 acpi_i2c_add_device+0x1a0/0x210 INFO: Freed in i2c_hid_free_buffers+0x16/0x60 [i2c_hid] age=7552 cpu=1 pid=1473 __slab_free+0x221/0x330 kfree+0x139/0x160 i2c_hid_free_buffers+0x16/0x60 [i2c_hid] i2c_hid_start+0x2a9/0x2df [i2c_hid] mt_probe+0x160/0x22e [hid_multitouch] hid_device_probe+0xd7/0x150 [hid] driver_probe_device+0x220/0x4a0 __driver_attach+0x84/0x90 bus_for_each_dev+0x6c/0xc0 driver_attach+0x1e/0x20 bus_add_driver+0x1c3/0x280 driver_register+0x60/0xe0 __hid_register_driver+0x53/0x90 [hid] 0xffffffffc004f01e do_one_initcall+0xb3/0x1f0 do_init_module+0x5f/0x1d0 INFO: Slab 0xffffea0009902080 objects=20 used=20 fp=0x (null) flags=0x17fff8000004080 INFO: Object 0xffff880264083260 @offset=4704 fp=0x (null) Bytes b4 ffff880264083250: 8d e6 fe ff 00 00 00 00 5a 5a 5a 5a 5a 5a 5a 5a ........ZZZZZZZZ Object ffff880264083260: 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk Object ffff880264083270: 6b 6b 6b 00 00 00 00 00 00 00 00 00 00 00 00 00 kkk............. Object ffff880264083280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Object ffff880264083290: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ Redzone ffff8802640832a0: bb bb bb bb bb bb bb bb ........ Padding ffff8802640833e0: 5a 5a 5a 5a 5a 5a 5a 5a ZZZZZZZZ CPU: 1 PID: 1503 Comm: python3 Tainted: G B 4.4.21+ #10 Hardware name: ASUSTeK COMPUTER INC. UX360UA/UX360UA, BIOS UX360UA.200 05/05/2016 0000000000000086 00000000622d48a2 ffff88026061ba38 ffffffff813f6044 ffff880264082010 ffff880264083260 ffff88026061ba78 ffffffff811e8eab 0000000000000008 ffff880200000001 ffff88026408329f ffff88026a007700 Call Trace: [] dump_stack+0x63/0x8f [] print_trailer+0x14b/0x1f0 [] check_bytes_and_report+0xc1/0x100 [] check_object+0x1c4/0x240 [] ? ext4_htree_store_dirent+0x3e/0x120 [] alloc_debug_processing+0x104/0x180 [] ___slab_alloc+0x41e/0x460 [] ? ext4_htree_store_dirent+0x3e/0x120 [] ? __getblk_gfp+0x2b/0x60 [] ? ext4_getblk+0xa9/0x190 [] __slab_alloc+0x20/0x40 [] __kmalloc+0x210/0x280 [] ? ext4_htree_store_dirent+0x3e/0x120 [] ? ext4fs_dirhash+0xc2/0x2a0 [] ext4_htree_store_dirent+0x3e/0x120 [] htree_dirblock_to_tree+0x187/0x1b0 [] ext4_htree_fill_tree+0xb2/0x2e0 [] ? kmem_cache_alloc_trace+0x1fa/0x220 [] ? ext4_readdir+0x775/0x8b0 [] ext4_readdir+0x5e1/0x8b0 [] iterate_dir+0x92/0x120 [] SyS_getdents+0x98/0x110 [] ? iterate_dir+0x120/0x120 [] entry_SYSCALL_64_fastpath+0x16/0x71 FIX kmalloc-64: Restoring 0xffff880264083273-0xffff88026408329e=0x6b FIX kmalloc-64: Marking all objects used Signed-off-by: João Paulo Rechi Vita Reviewed-by: Benjamin Tissoires Signed-off-by: Jiri Kosina drivers/hid/i2c-hid/i2c-hid.c | 2 ++ 1 file changed, 2 insertions(+) commit 8712a5b807502e0772a5127ef6de4ff4a42edc21 Author: Hans-Christian Noren Egtvedt Date: Mon Dec 12 09:23:09 2016 +0100 avr32: wire up pkey syscalls This patch wires up the new pkey_mprotect, pkey_alloc and pkey_free syscalls on AVR32. arch/avr32/include/uapi/asm/unistd.h | 3 +++ arch/avr32/kernel/syscall_table.S | 3 +++ 2 files changed, 6 insertions(+) commit 79ba1814dafc8f23fc518f7fe1ab79055b60803e Author: Markus Elfring Date: Sun Oct 16 22:18:31 2016 +0200 AVR32-pio: Replace two seq_printf() calls by seq_puts() in pio_bank_show() Strings which did not contain data format specifications should be put into a sequence. Thus use the corresponding function "seq_puts". This issue was detected by using the Coccinelle software. Signed-off-by: Markus Elfring arch/avr32/mach-at32ap/pio.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 78b7c6bff173b35b7a65659564e466149ef6f90b Author: Markus Elfring Date: Sun Oct 16 22:13:19 2016 +0200 AVR32-pio: Use seq_putc() in pio_bank_show() A single character (line break) should be put into a sequence. Thus use the corresponding function "seq_putc". This issue was detected by using the Coccinelle software. Signed-off-by: Markus Elfring arch/avr32/mach-at32ap/pio.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 017e7d0246911796938dd30e7be3b0b76423af8a Author: Markus Elfring Date: Sun Oct 16 22:04:10 2016 +0200 AVR32-clock: Combine nine seq_printf() calls into one call in clk_show() Some data were printed into a sequence by nine separate function calls. Print the same data by a single function call instead. Signed-off-by: Markus Elfring arch/avr32/mach-at32ap/clock.c | 28 +++++++++++++++++++--------- 1 file changed, 19 insertions(+), 9 deletions(-) commit 65c0787ce09634aa5ca3b632c2dbf086722d28fe Author: Markus Elfring Date: Sun Oct 16 21:51:09 2016 +0200 AVR32-clock: Use seq_putc() in two functions A single character (line break) should be put into two sequences. Thus use the corresponding function "seq_putc". This issue was detected by using the Coccinelle software. Signed-off-by: Markus Elfring arch/avr32/mach-at32ap/clock.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) commit 5457e03de918f7a3e294eb9d26a608ab8a579976 Author: Gerald Schaefer Date: Mon Nov 21 12:13:58 2016 +0100 s390/vmlogrdr: fix IUCV buffer allocation The buffer for iucv_message_receive() needs to be below 2 GB. In __iucv_message_receive(), the buffer address is casted to an u32, which would result in either memory corruption or an addressing exception when using addresses >= 2 GB. Fix this by using GFP_DMA for the buffer allocation. Cc: stable@vger.kernel.org Signed-off-by: Gerald Schaefer Signed-off-by: Martin Schwidefsky drivers/s390/char/vmlogrdr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 9e6e7c74315095fd40f41003850690c711e44420 Author: Dan Carpenter Date: Fri Nov 18 14:11:00 2016 +0300 s390/crypto: unlock on error in prng_tdes_read() We added some new locking but forgot to unlock on error. Fixes: 57127645d79d ("s390/zcrypt: Introduce new SHA-512 based Pseudo Random Generator.") Signed-off-by: Dan Carpenter Signed-off-by: Martin Schwidefsky arch/s390/crypto/prng.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit f673b5b2a66332da5358def524dbfb3305c76d8c Merge: 36da91b 21cbe3c Author: Paolo Bonzini Date: Mon Dec 12 07:29:39 2016 +0100 Merge tag 'kvm-arm-for-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/kvmarm/kvmarm into HEAD KVM/ARM updates for 4.10: - Support for the GICv3 ITS on 32bit platforms - A handful of timer and GIC emulation fixes - A PMU architecture fix commit 541cc39433a81d581f2738f59f7bd310ff1d512a Author: Gonglei \(Arei\) Date: Thu Dec 8 12:37:08 2016 +0800 sparc: fix a building error reported by kbuild >> arch/sparc/include/asm/topology_64.h:44:44: error: implicit declaration of function 'cpu_data' [-Werror=implicit-function-declaration] #define topology_physical_package_id(cpu) (cpu_data(cpu).proc_id) ^ Let's include cpudata.h in topology_64.h. Cc: Sam Ravnborg Cc: David S. Miller Cc: sparclinux@vger.kernel.org Suggested-by: Sam Ravnborg Signed-off-by: Gonglei Acked-by: Sam Ravnborg Signed-off-by: David S. Miller arch/sparc/include/asm/topology_64.h | 1 + 1 file changed, 1 insertion(+) commit acff7fdbc3c14c1f1a5e1eead99e412c5e9fe5a4 Author: Kirill A. Shutemov Date: Fri Dec 9 14:24:00 2016 +0300 sparc64: fix typo in pgd_clear() It really has to be pgdp, not pgd. It just happend to work since all callers have 'pgd' as an argument. Signed-off-by: Kirill A. Shutemov Signed-off-by: David S. Miller arch/sparc/include/asm/pgtable_64.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit e241cfd3bd3503ef6a909f41f0adf06be193fe25 Author: Dan Carpenter Date: Sat Nov 26 00:15:37 2016 +0300 sparc64: restore irq in error paths in iommu There are some error paths where we should restore IRQs but we don't. Fixes: bb620c3d3925 ("sparc: Make sparc64 use scalable lib/iommu-common.c functions") Signed-off-by: Dan Carpenter Signed-off-by: David S. Miller arch/sparc/kernel/pci_sun4v.c | 2 ++ 1 file changed, 2 insertions(+) commit 601e6e3cc5bf6adb7d076fe24d10f6191a25ba9b Author: Dan Carpenter Date: Fri Nov 25 14:25:54 2016 +0300 sparc: leon: Fix a retry loop in leon_init_timers() The original code causes a static checker warning because it has a continue inside a do { } while (0); loop. In that context, a continue and a break are equivalent. The intent was to go back to the start of the loop so the continue was a bug. I've added a retry label at the start and changed the continue to a goto retry. Then I removed the do { } while (0) loop and pulled the code in one indent level. Fixes: 2791c1a43900 ("SPARC/LEON: added support for selecting Timer Core and Timer within core") Signed-off-by: Dan Carpenter Signed-off-by: David S. Miller arch/sparc/kernel/leon_kernel.c | 56 ++++++++++++++++++++--------------------- 1 file changed, 28 insertions(+), 28 deletions(-) commit b5c3206190f1fddd100b3060eb15f0d775ffeab8 Author: Dan Carpenter Date: Fri Nov 25 14:03:55 2016 +0300 sparc64: make string buffers large enough My static checker complains that if "lvl" is ULONG_MAX (this is 64 bit) then some of the strings will overflow. I don't know if that's possible but it seems simple enough to make the buffers slightly larger. Signed-off-by: Dan Carpenter Signed-off-by: David S. Miller arch/sparc/kernel/traps_64.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit efca4885b5dea6af906d27b3516f68e0bc1ff9c3 Author: Dan Carpenter Date: Fri Nov 25 14:01:32 2016 +0300 sparc64: move dereference after check for NULL We shouldn't dereference "iommu" until after we have checked that it is non-NULL. Fixes: f08978b0fdbf ("sparc64: Enable sun4v dma ops to use IOMMU v2 APIs") Signed-off-by: Dan Carpenter Signed-off-by: David S. Miller arch/sparc/kernel/pci_sun4v.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) commit b1ebb975507d07d3ce84695273acc872786194da Author: Geliang Tang Date: Wed Nov 23 23:06:05 2016 +0800 sparc: kernel: use builtin_platform_driver Use builtin_platform_driver() helper to simplify the code. Signed-off-by: Geliang Tang Signed-off-by: David S. Miller arch/sparc/kernel/power.c | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) commit e8f4aa6087fa80732382881ef7c0c96733bb1984 Author: Allen Pais Date: Thu Oct 13 10:06:13 2016 +0530 sparc64:Support User Probes for sparc Signed-off-by: Eric Saint Etienne Signed-off-by: Allen Pais Signed-off-by: David S. Miller arch/Kconfig | 1 + arch/sparc/Kconfig | 3 + arch/sparc/configs/sparc64_defconfig | 1 + arch/sparc/include/asm/kdebug_64.h | 2 + arch/sparc/include/asm/ptrace.h | 35 +++- arch/sparc/include/asm/thread_info_64.h | 6 +- arch/sparc/include/asm/ttable.h | 6 + arch/sparc/include/asm/uprobes.h | 59 ++++++ arch/sparc/kernel/Makefile | 1 + arch/sparc/kernel/ptrace_64.c | 54 ++++++ arch/sparc/kernel/signal_64.c | 2 + arch/sparc/kernel/ttable_64.S | 2 +- arch/sparc/kernel/uprobes.c | 331 ++++++++++++++++++++++++++++++++ include/linux/uprobes.h | 1 + 14 files changed, 500 insertions(+), 4 deletions(-) commit 7c4c71ac8a72aea595f4cc7e09c2bcc61929c4ac Author: Chris Mason Date: Thu Dec 8 17:55:03 2016 -0800 Revert "Btrfs: adjust len of writes if following a preallocated extent" This is exposing an existing deadlock between fsync and AIO. Until we have the deadlock fixed, I'm pulling this one out. This reverts commit a23eaa875f0f1d89eb866b8c9860e78273ff5daf. Signed-off-by: Chris Mason fs/btrfs/inode.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) commit 6eb89ef029fe22aee518a9dc75b9ee5d6ef9b3fe Author: Gao Pan Date: Fri Dec 2 11:38:16 2016 +0800 i2c: fsl-lpi2c: read lpi2c fifo size in probe() The lpi2c fifo size is a read only parameter resides Parameter Register. It's better to read lpi2c tx/rx fifo size in probe() other than just define a macro for it. Signed-off-by: Gao Pan Reviewed-by: Vladimir Zapolskiy Signed-off-by: Wolfram Sang drivers/i2c/busses/i2c-imx-lpi2c.c | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) commit 38190dfb7056678e388f85cb9c79f8e479a4b263 Author: Jan Glauber Date: Fri Dec 9 10:31:56 2016 +0100 i2c: octeon: thunderx: Remove double-check after interrupt Commit 1bb1ff3e7c74 ("i2c: octeon: Improve performance if interrupt is early") added a double-check around the wait_event_timeout() condition. The performance problem that this commit tried to work-around could not be reproduced. It also makes the wait condition more complicated then it should be. Therefore remove the double-check. Signed-off-by: Jan Glauber Signed-off-by: Wolfram Sang drivers/i2c/busses/i2c-octeon-core.c | 43 ++---------------------------------- 1 file changed, 2 insertions(+), 41 deletions(-) commit ccee1a4cdcd02e748d39d2b121f7f82041893121 Author: Jan Glauber Date: Fri Dec 9 10:31:55 2016 +0100 i2c: octeon: thunderx: TWSI software reset in recovery I've seen i2c recovery reporting long loops of: [ 1035.887818] i2c i2c-4: SCL is stuck low, exit recovery [ 1037.999748] i2c i2c-4: SCL is stuck low, exit recovery [ 1040.111694] i2c i2c-4: SCL is stuck low, exit recovery ... Add a TWSI software reset which clears the status and STA,STP,IFLG in SW_TWSI_EOP_TWSI_CTL. With this the recovery works fine and above message is not seen. Signed-off-by: Jan Glauber Signed-off-by: Wolfram Sang drivers/i2c/busses/i2c-octeon-core.c | 3 +++ 1 file changed, 3 insertions(+) commit f8989783d7a4b076cf11eea1347ed068ff4c2c77 Author: Jan Kotas Date: Thu Dec 8 09:47:58 2016 +0000 i2c: cadence: Allow Cadence I2C to be selected for Cadence Xtensa CPUs This patch allows Cadence I2C controller to be selected in systems using Cadence Xtensa processors. Signed-off-by: Jan Kotas Signed-off-by: Wolfram Sang drivers/i2c/busses/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit b880ccaf1742c28e91534ad7820c4405c04dabf9 Author: Simon Horman Date: Wed Dec 7 11:39:36 2016 +0100 i2c: sh_mobile: Add per-Generation fallback bindings Add per-Generation fallback bindings for R-Car SoCs. This is in keeping with the compatibility string scheme is being adopted for drivers for Renesas SoCs. Also, improve readability by listing the rmobile fallback compatibility string after the more-specific compatibility strings they provide a fallback for. Signed-off-by: Simon Horman Acked-by: Geert Uytterhoeven Signed-off-by: Wolfram Sang Documentation/devicetree/bindings/i2c/i2c-sh_mobile.txt | 17 ++++++++++++++--- drivers/i2c/busses/i2c-sh_mobile.c | 4 +++- 2 files changed, 17 insertions(+), 4 deletions(-) commit ad4a8dc3fec6485b18654d1090ef8012fcfc37b8 Author: Simon Horman Date: Tue Dec 6 17:01:28 2016 +0100 i2c: rcar: Add per-Generation fallback bindings In the case of Renesas R-Car hardware we know that there are generations of SoCs, e.g. Gen 2 and Gen 3. But beyond that it's not clear what the relationship between IP blocks might be. For example, I believe that r8a7790 is older than r8a7791 but that doesn't imply that the latter is a descendant of the former or vice versa. We can, however, by examining the documentation and behaviour of the hardware at run-time observe that the current driver implementation appears to be compatible with the IP blocks on SoCs within a given generation. For the above reasons and convenience when enabling new SoCs a per-generation fallback compatibility string scheme is being adopted for drivers for Renesas SoCs. Also: * Deprecate renesas,i2c-rcar. It seems poorly named as it is only compatible with R-Car Gen 1. It also appears unused in mainline. * Add some text to describe per-SoC bindings Signed-off-by: Simon Horman Reviewed-by: Geert Uytterhoeven Signed-off-by: Wolfram Sang Documentation/devicetree/bindings/i2c/i2c-rcar.txt | 32 ++++++++++++++-------- drivers/i2c/busses/i2c-rcar.c | 5 +++- 2 files changed, 24 insertions(+), 13 deletions(-) commit 6a34e4d2be07255cc59e6ccaf820669cfd7f815c Author: David Gstir Date: Tue Dec 6 23:53:58 2016 +0100 fscrypt: Rename FS_WRITE_PATH_FL to FS_CTX_HAS_BOUNCE_BUFFER_FL ... to better explain its purpose after introducing in-place encryption without bounce buffer. Signed-off-by: David Gstir Signed-off-by: Theodore Ts'o fs/crypto/crypto.c | 6 +++--- fs/crypto/fscrypt_private.h | 2 +- include/linux/fscrypto.h | 1 - 3 files changed, 4 insertions(+), 5 deletions(-) commit f32d7ac20a5864483c1f96e4970daa083e18bfd1 Author: David Gstir Date: Tue Dec 6 23:53:57 2016 +0100 fscrypt: Delay bounce page pool allocation until needed Since fscrypt users can now indicated if fscrypt_encrypt_page() should use a bounce page, we can delay the bounce page pool initialization util it is really needed. That is until fscrypt_operations has no FS_CFLG_OWN_PAGES flag set. Signed-off-by: David Gstir Signed-off-by: Theodore Ts'o fs/crypto/crypto.c | 9 +++++++-- fs/crypto/fscrypt_private.h | 2 +- fs/crypto/keyinfo.c | 2 +- include/linux/fscrypto.h | 1 - 4 files changed, 9 insertions(+), 5 deletions(-) commit d073472ac26f44f269d9234acd6871bbc6289532 Author: Nicolas Pitre Date: Thu Dec 8 14:17:03 2016 -0500 kbuild: fix scripts/adjust_autoksyms.sh* for the no modules case When CONFIG_TRIM_UNUSED_KSYMS=y and no modules are actually selected, the adjust_autoksyms.sh script fails with: sed: can't read .tmp_versions/*.mod: No such file or directory Let's cope with that case gracefully. Signed-off-by: Nicolas Pitre Signed-off-by: Michal Marek scripts/adjust_autoksyms.sh | 1 + 1 file changed, 1 insertion(+) commit bd7b8290388dd58a8c0a3710b171e58ef952ca4d Author: David Gstir Date: Tue Dec 6 23:53:56 2016 +0100 fscrypt: Cleanup page locking requirements for fscrypt_{decrypt,encrypt}_page() Rename the FS_CFLG_INPLACE_ENCRYPTION flag to FS_CFLG_OWN_PAGES which, when set, indicates that the fs uses pages under its own control as opposed to writeback pages which require locking and a bounce buffer for encryption. Signed-off-by: David Gstir Signed-off-by: Theodore Ts'o fs/crypto/crypto.c | 11 ++++++++--- fs/ext4/inode.c | 1 - fs/f2fs/data.c | 1 - include/linux/fscrypto.h | 2 +- 4 files changed, 9 insertions(+), 6 deletions(-) commit 1400451f04f2ff28b658b92557495e5090914aee Author: David Gstir Date: Tue Dec 6 23:53:55 2016 +0100 fscrypt: Cleanup fscrypt_{decrypt,encrypt}_page() - Improve documentation - Add BUG_ON(len == 0) to avoid accidental switch of offs and len parameters - Improve variable names for readability Signed-off-by: David Gstir Signed-off-by: Theodore Ts'o fs/crypto/crypto.c | 93 +++++++++++++++++++++++++++--------------------- include/linux/fscrypto.h | 8 ++--- 2 files changed, 56 insertions(+), 45 deletions(-) commit 9e532772b4e36888584efc7a9531143bd43355b3 Author: David Gstir Date: Tue Dec 6 23:53:54 2016 +0100 fscrypt: Never allocate fscrypt_ctx on in-place encryption In case of in-place encryption fscrypt_ctx was allocated but never released. Since we don't need it for in-place encryption, we skip allocating it. Fixes: 1c7dcf69eea3 ("fscrypt: Add in-place encryption mode") Signed-off-by: David Gstir Signed-off-by: Theodore Ts'o fs/crypto/crypto.c | 30 +++++++++++++++++++----------- 1 file changed, 19 insertions(+), 11 deletions(-) commit e550c16c8aab95c7996b0c864d5fcedc2c430a43 Author: David Gstir Date: Tue Dec 6 23:53:53 2016 +0100 fscrypt: Use correct index in decrypt path. Actually use the fs-provided index instead of always using page->index which is only set for page-cache pages. Fixes: 9c4bb8a3a9b4 ("fscrypt: Let fs select encryption index/tweak") Signed-off-by: David Gstir Signed-off-by: Theodore Ts'o fs/crypto/crypto.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 41d5319af3368127b55f6587f1c747dd6a7b9b04 Author: Theodore Ts'o Date: Sat Nov 26 22:18:59 2016 -0500 fscrypt: move the policy flags and encryption mode definitions to uapi header These constants are part of the UAPI, so they belong in include/uapi/linux/fs.h instead of include/linux/fscrypto.h Signed-off-by: Theodore Ts'o Reviewed-by: Eric Biggers include/linux/fscrypto.h | 14 -------------- include/uapi/linux/fs.h | 14 ++++++++++++++ 2 files changed, 14 insertions(+), 14 deletions(-) commit cc4e0df038ddb73510c01712abf302b3f0130147 Author: Theodore Ts'o Date: Sat Nov 26 22:05:18 2016 -0500 fscrypt: move non-public structures and constants to fscrypt_private.h Signed-off-by: Theodore Ts'o Reviewed-by: Eric Biggers fs/crypto/crypto.c | 2 +- fs/crypto/fscrypt_private.h | 71 +++++++++++++++++++++++++++++++++++++++++++++ fs/crypto/policy.c | 2 +- include/linux/fscrypto.h | 68 ++----------------------------------------- 4 files changed, 76 insertions(+), 67 deletions(-) commit b98701df349b7003efd52d9330acbb7be5a255c6 Author: Theodore Ts'o Date: Sat Nov 26 20:43:09 2016 -0500 fscrypt: unexport fscrypt_initialize() The fscrypt_initalize() function isn't used outside fs/crypto, so there's no point making it be an exported symbol. Signed-off-by: Theodore Ts'o Reviewed-by: Eric Biggers fs/crypto/crypto.c | 1 - fs/crypto/fscrypt_private.h | 3 +++ include/linux/fscrypto.h | 1 - 3 files changed, 3 insertions(+), 2 deletions(-) commit 3325bea5b26ac67e2521383f10e5ea0156c9a4b6 Author: Theodore Ts'o Date: Sat Nov 26 20:32:46 2016 -0500 fscrypt: rename get_crypt_info() to fscrypt_get_crypt_info() To avoid namespace collisions, rename get_crypt_info() to fscrypt_get_crypt_info(). The function is only used inside the fs/crypto directory, so declare it in the new header file, fscrypt_private.h. Signed-off-by: Theodore Ts'o Reviewed-by: Eric Biggers fs/crypto/fname.c | 4 ++-- fs/crypto/fscrypt_private.h | 19 +++++++++++++++++++ fs/crypto/keyinfo.c | 6 +++--- include/linux/fscrypto.h | 1 - 4 files changed, 24 insertions(+), 6 deletions(-) commit db717d8e26c2d1b0dba3e08668a1e6a7f665adde Author: Eric Biggers Date: Sat Nov 26 19:07:49 2016 -0500 fscrypto: move ioctl processing more fully into common code Multiple bugs were recently fixed in the "set encryption policy" ioctl. To make it clear that fscrypt_process_policy() and fscrypt_get_policy() implement ioctls and therefore their implementations must take standard security and correctness precautions, rename them to fscrypt_ioctl_set_policy() and fscrypt_ioctl_get_policy(). Make the latter take in a struct file * to make it consistent with the former. Signed-off-by: Eric Biggers Signed-off-by: Theodore Ts'o fs/crypto/policy.c | 34 +++++++++++++++++++++------------- fs/ext4/ext4.h | 4 ++-- fs/ext4/ioctl.c | 34 +++++----------------------------- fs/f2fs/f2fs.h | 4 ++-- fs/f2fs/file.c | 19 ++----------------- include/linux/fscrypto.h | 12 ++++++------ 6 files changed, 38 insertions(+), 69 deletions(-) commit 8048123576d1011e186b1f62478bcd06ac7cabc8 Author: Eric Biggers Date: Sat Nov 26 15:06:43 2016 -0500 fscrypto: remove unneeded Kconfig dependencies SHA256 and ENCRYPTED_KEYS are not needed. CTR shouldn't be needed either, but I left it for now because it was intentionally added by commit 71dea01ea2ed ("ext4 crypto: require CONFIG_CRYPTO_CTR if ext4 encryption is enabled"). So it sounds like there may be a dependency problem elsewhere, which I have not been able to identify specifically, that must be solved before CTR can be removed. Signed-off-by: Eric Biggers Signed-off-by: Theodore Ts'o fs/crypto/Kconfig | 2 -- 1 file changed, 2 deletions(-) commit c1b2212990e1567dc4a4d130e89b0f946e1c38f5 Author: Eric Biggers Date: Sat Nov 26 14:33:40 2016 -0500 MAINTAINERS: fscrypto: recommend linux-fsdevel for fscrypto patches The filesystem level encryption support, currently used by ext4 and f2fs and proposed for ubifs, does not yet have a dedicated mailing list. Since no mailing lists were specified in MAINTAINERS, get_maintainer.pl only recommended to send patches directly to the maintainers and to linux-kernel. This patch adds linux-fsdevel as the preferred mailing list for fscrypto patches for the time being. Signed-off-by: Eric Biggers Signed-off-by: Theodore Ts'o MAINTAINERS | 1 + 1 file changed, 1 insertion(+) commit 83c3a1bad224189f22ca2c1955337c3478bd3ab2 Author: Boris Barbulovski Date: Wed Nov 30 14:57:55 2016 -0800 xconfig: fix missing suboption and help panels on first run qconfig initial slider sizes fix. On first `make xconfig`, suboption and help panels were hidden. Now we properly detect the first run, and show those panels. Reported-by: Jason Vas Dias Signed-off-by: Boris Barbulovski Signed-off-by: Randy Dunlap Tested-by: Randy Dunlap Signed-off-by: Michal Marek scripts/kconfig/qconf.cc | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) commit e039303ff71a0fd89d009a24b1eab230ce907288 Author: Boris Barbulovski Date: Wed Nov 30 14:57:52 2016 -0800 xconfig: fix 'Show Debug' functionality xconfig - Fix missing 'Show Debug' functionality. xconfig Help mentions 'Show Debug Info' but it was missing from any menu. * Add 'Show debug' menu to the main menu. * Properly load showDebug settings. Reported-by: Jason Vas Dias Signed-off-by: Boris Barbulovski Signed-off-by: Randy Dunlap Tested-by: Randy Dunlap Signed-off-by: Michal Marek scripts/kconfig/qconf.cc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 868c97a846a73e937d835b09b8c885a69df50ec8 Author: Daniel Vetter Date: Fri Dec 9 19:53:05 2016 +0100 dma-buf: Extract dma-buf.rst Just prep work to polish and consolidate all the dma-buf related documenation. Unfortunately I didn't discover a way to both integrate this new file into the overall toc while keeping it at the current place. Work around that by moving it into the overall driver-api/index.rst. Cc: linux-doc@vger.kernel.org Cc: Jonathan Corbet Cc: Sumit Semwal Signed-off-by: Daniel Vetter Signed-off-by: Jonathan Corbet Documentation/driver-api/dma-buf.rst | 73 +++++++++++++++++++++++++++++ Documentation/driver-api/index.rst | 1 + Documentation/driver-api/infrastructure.rst | 70 --------------------------- 3 files changed, 74 insertions(+), 70 deletions(-) commit 66431b0e8657e2406742105f89175f571340090b Author: Bart Van Assche Date: Mon Dec 5 16:48:11 2016 -0800 IB/hfi1: Define platform_config_table_limits once Defining static data structures in a header file is wrong because this causes the data structure to be instantiated once in every .c file it is included in. Hence move the definition of a static array from a header file into the only .c file in which it is used. Signed-off-by: Bart Van Assche Cc: Dennis Dalessandro Cc: Dean Luick Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/firmware.c | 10 ++++++++++ drivers/infiniband/hw/hfi1/platform.h | 10 ---------- 2 files changed, 10 insertions(+), 10 deletions(-) commit 0fc859a6576aaa747c5359c2bf622aac3158e2c7 Author: Bhumika Goyal Date: Sat Nov 19 15:17:48 2016 +0530 IB/hfi1: constify mmu_notifier_ops structure Declare the structure mmu_notifier_ops as const as it is only stored in the ops field of a mmu_notifier structure. The ops field is of type const struct mmu_notifier_ops *, so mmu_notifier_ops structures having this property can be declared as const. Done using coccinelle: @r1 disable optional_qualifier @ identifier i; position p; @@ static struct mmu_notifier_ops i@p = {...}; @ok1@ identifier r1.i; position p; struct mmu_rb_handler handler; @@ handler.mn.ops=&i@p @bad@ position p!={r1.p,ok1.p}; identifier r1.i; @@ i@p @depends on !bad disable optional_qualifier@ identifier r1.i; @@ static +const struct mmu_notifier_ops i={...}; @depends on !bad disable optional_qualifier@ identifier r1.i; @@ +const struct mmu_notifier_ops i; File size before: text data bss dec hex filename 3566 72 16 3654 e46 drivers/infiniband/hw/hfi1/mmu_rb.o File size after: text data bss dec hex filename 3658 0 16 3674 e5a drivers/infiniband/hw/hfi1/mmu_rb.o Signed-off-by: Bhumika Goyal Reviewed-by: Ira Weiny Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/mmu_rb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 5dc806052a9fc8c44e111646f9a9f436877749d0 Author: Mike Marciniszyn Date: Wed Dec 7 19:34:37 2016 -0800 IB/rdmavt, IB/hfi1, IB/qib: Add inlines for mtu division Add rvt_div_round_up_mtu() and rvt_div_mtu() routines to do the computation based on the pmtu and the log_pmtu. Change divides in qib, hfi1 to use the new inlines. Reviewed-by: Kaike Wan Signed-off-by: Mike Marciniszyn Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/rc.c | 3 +-- drivers/infiniband/hw/qib/qib_rc.c | 3 +-- include/rdma/rdmavt_qp.h | 24 +++++++++++++++++++++++- 3 files changed, 25 insertions(+), 5 deletions(-) commit c64607aa8abd16ba584523bdf83a708fae91986a Author: Mike Marciniszyn Date: Wed Dec 7 19:34:31 2016 -0800 IB/hfi1,IB/qib: use rvt swqe mr deref helper Convert to use new swqe put routine. Reviewed-by: Brian Welty Signed-off-by: Mike Marciniszyn Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/rc.c | 15 ++------------- drivers/infiniband/hw/hfi1/ruc.c | 7 +------ drivers/infiniband/hw/qib/qib_rc.c | 15 ++------------- drivers/infiniband/hw/qib/qib_ruc.c | 7 +------ 4 files changed, 6 insertions(+), 38 deletions(-) commit f6475223b12b3a38298976506edb042e13158798 Author: Mike Marciniszyn Date: Wed Dec 7 19:34:25 2016 -0800 IB/rdmavt: Add swqe mr deref helper Add a helper to release mr references held by an swqe. Reviewed-by: Brian Welty Signed-off-by: Mike Marciniszyn Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford include/rdma/rdmavt_qp.h | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) commit 9d8145a604937780898c0e4bdb124a57988fc2ed Author: Harish Chegondi Date: Wed Dec 7 19:34:19 2016 -0800 IB/hfi1: Avoid credit return allocation for cpu-less NUMA nodes Do not allocate credit return base and DMA memory for NUMA nodes without CPUs. Reviewed-by: Mike Marciniszyn Signed-off-by: Harish Chegondi Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/affinity.c | 3 ++- drivers/infiniband/hw/hfi1/affinity.h | 1 + drivers/infiniband/hw/hfi1/pio.c | 20 +++----------------- 3 files changed, 6 insertions(+), 18 deletions(-) commit 0771da5a6e9d67e48207a81ddf6c8e739e9493bd Author: Mike Marciniszyn Date: Wed Dec 7 19:34:12 2016 -0800 IB/hfi1,IB/qib: Use new send completion helper Convert cq completion returns in both rdmavt drivers to use the new helper. Reviewed-by: Ashutosh Dixit Signed-off-by: Mike Marciniszyn Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/rc.c | 26 ++------------------------ drivers/infiniband/hw/hfi1/ruc.c | 17 +---------------- drivers/infiniband/hw/hfi1/verbs.c | 16 ---------------- drivers/infiniband/hw/qib/qib_rc.c | 26 ++------------------------ drivers/infiniband/hw/qib/qib_ruc.c | 17 +---------------- drivers/infiniband/hw/qib/qib_verbs.c | 13 ------------- 6 files changed, 6 insertions(+), 109 deletions(-) commit f2dc9cdce83c4aac2f8b6c803b0327df1c7d44a6 Author: Mike Marciniszyn Date: Wed Dec 7 19:34:06 2016 -0800 IB/rdmavt: Add a send completion helper This is for use by client drivers to drive send completions into a CQ. A new exported table allows for the mapping of ib_wr_opcode into a ib_wc_opcode. Reviewed-by: Ashutosh Dixit Signed-off-by: Mike Marciniszyn Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/sw/rdmavt/qp.c | 17 +++++++++++++++++ include/rdma/rdmavt_qp.h | 40 ++++++++++++++++++++++++++++++++++++++- 2 files changed, 56 insertions(+), 1 deletion(-) commit 238b1862b4608ee8c28733be67e08f0447963090 Author: Sebastian Sanchez Date: Wed Dec 7 19:34:00 2016 -0800 IB/qib: Use standard refcount wrapper for QPs Use the standard driver wrapper for QP reference counters. This makes the code more maintainable. Fixes: Commit 4d6f85c3fa55 ("IB/rdmavt, IB/qib, IB/hfi1: Use new QP put get routines") Reviewed-by: Mike Marciniszyn Signed-off-by: Sebastian Sanchez Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/qib/qib_driver.c | 3 +-- drivers/infiniband/hw/qib/qib_verbs.c | 20 ++++++++------------ 2 files changed, 9 insertions(+), 14 deletions(-) commit f84dfa26e61c6f31a3a0366532296911df763170 Author: Sebastian Sanchez Date: Wed Dec 7 19:33:53 2016 -0800 IB/hfi1: Use reference count wrapper for MRs Some parts of the code don't use the standard driver wrapper for memory region reference counters. Use the standard driver wrapper throughout the code. Reviewed-by: Mike Marciniszyn Signed-off-by: Sebastian Sanchez Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/sw/rdmavt/mr.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit b44980f8794faf3561d970fe8c05e34765fbdc9b Author: Sebastian Sanchez Date: Wed Dec 7 19:33:46 2016 -0800 IB/hfi1: Replace qp->refcount release code with standard driver wrapper Some parts of the code don't use the standard release wrapper rvt_put_qp() for decrementing and testing the refcount to then try to use a resource. Replace this code with the standard driver wrapper. Fixes: Commit 4d6f85c3fa55 ("IB/rdmavt, IB/qib, IB/hfi1: Use new QP put get routines") Reviewed-by: Mike Marciniszyn Signed-off-by: Sebastian Sanchez Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/driver.c | 3 +-- drivers/infiniband/sw/rdmavt/mcast.c | 5 ++--- 2 files changed, 3 insertions(+), 5 deletions(-) commit 008016746720d4295e38e940e22dbd116c90c95b Author: Dean Luick Date: Wed Dec 7 19:33:40 2016 -0800 IB/hfi1: Preserve external device completed bit The driver should not change the external device request completed bit when not actually doing an external device request. Reviewed-by: Easwar Hariharan Signed-off-by: Dean Luick Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/chip.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit 9b86071c5ef7a8c0a0d6d541cb79df5a8b115d91 Author: Sebastian Sanchez Date: Wed Dec 7 19:33:33 2016 -0800 IB/hfi1: Remove critical section gap in sc_buffer_alloc() In sc_buffer_alloc(), the sc->alloc_lock is released before calling sc_release_update(), and it is reacquired after the function call. This causes CPU lock trading. Fix it by not dropping the lock before calling sc_release_update(). Reviewed-by: Mike Marciniszyn Signed-off-by: Sebastian Sanchez Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/pio.c | 2 -- 1 file changed, 2 deletions(-) commit b777f154a0c21e1187c1806ababf9c5ba3e49eea Author: Mitko Haralanov Date: Wed Dec 7 19:33:27 2016 -0800 IB/hfi1: Remove usage of qp->s_cur_sge The s_cur_sge field in the qp structure holds a pointer to the SGE of the currently processed WQE. It assumes the protection of the RVT_S_BUSY flag to prevent the changing of this field while the send engine is using it. This scheme works as long as there is only one instance of the send engine running at a time. Scaling of the send engine to multiple cores would break this assumption as there could be multiple instances of the send engine running on different CPUs. This opens a window where the QP's RVT_S_BUSY flag is not set but the send engine is still running. To prevent accidental changing of the s_cur_sge pointer, the QP's dependence on it is removed. The SGE pointer is now stored in the verbs_txreq, which is a per-packet data structure. This ensures that each individual packet has it's own pointer, which is setup while the RVT_S_BUSY flag is set. Reviewed-by: Mike Marciniszyn Reviewed-by: Dennis Dalessandro Signed-off-by: Mitko Haralanov Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/rc.c | 10 +++++----- drivers/infiniband/hw/hfi1/uc.c | 2 +- drivers/infiniband/hw/hfi1/ud.c | 2 +- drivers/infiniband/hw/hfi1/verbs.c | 14 ++++++-------- 4 files changed, 13 insertions(+), 15 deletions(-) commit fcb29a6668a254104d38c0132d1853d0644af066 Author: Mike Marciniszyn Date: Wed Dec 7 19:33:20 2016 -0800 IB/rdmavt: Add trace of MR segs Add tracing of MR segment information. Reviewed-by: Dennis Dalessandro Signed-off-by: Mike Marciniszyn Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/sw/rdmavt/mr.c | 4 ++ drivers/infiniband/sw/rdmavt/trace.h | 1 + drivers/infiniband/sw/rdmavt/trace_mr.h | 112 ++++++++++++++++++++++++++++++++ 3 files changed, 117 insertions(+) commit 5213006ade47153f5f2c2e5a42e84312afccabfd Author: Dean Luick Date: Wed Dec 7 19:33:13 2016 -0800 IB/hfi1: Add special setting for low power AOC Low power QSFP AOC cables require a different SerDes Tx PLL bandwidth setting than the default. The 8051 firmware does not know the details, so the driver needs to tell the firmware through a special setting. Reviewed-by: Easwar Hariharan Signed-off-by: Dean Luick Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/platform.c | 44 ++++++++++++++++++++++++++++++++++- 1 file changed, 43 insertions(+), 1 deletion(-) commit 6e40b59cfa99710fcbf849439783e8fc98d183bf Author: Tadeusz Struk Date: Wed Dec 7 19:33:06 2016 -0800 IB/hfi1: Remove definition of unused hfi1_affinity struct The struct hfi1_affinity is not used anymore. We use the struct hfi1_affinity_node and hfi1_affinity_node_list instead. Reviewed-by: Dennis Dalessandro Signed-off-by: Tadeusz Struk Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/affinity.h | 8 -------- drivers/infiniband/hw/hfi1/hfi.h | 1 - 2 files changed, 9 deletions(-) commit e922ae06e90a37ab0b212f844e8aed9b6021cf21 Author: Don Hiatt Date: Wed Dec 7 19:33:00 2016 -0800 IB/hfi1: Remove dependence on qp->s_cur_size The qp->s_cur_size field assumes that the S_BUSY bit protects the field from modification after the slock is dropped. Scaling the send engine to multiple cores would break that assumption. Correct the issue by carrying the payload size in the txreq structure. Reviewed-by: Mike Marciniszyn Signed-off-by: Don Hiatt Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/rc.c | 4 ++-- drivers/infiniband/hw/hfi1/ruc.c | 4 ++-- drivers/infiniband/hw/hfi1/uc.c | 2 +- drivers/infiniband/hw/hfi1/ud.c | 2 +- drivers/infiniband/hw/hfi1/verbs.c | 6 +++--- drivers/infiniband/hw/hfi1/verbs_txreq.h | 1 + 6 files changed, 10 insertions(+), 9 deletions(-) commit b7481944b06e99dc84f4c7da2681ac89528b2020 Author: Jianxin Xiong Date: Wed Dec 7 19:32:53 2016 -0800 IB/hfi1: Show statistics counters under IB stats interface Previously tools like hfi1stats had to access these counters through debugfs, which often caused permission issue for non-root users. It is not always acceptable to change the debugfs mounting permission due to security concerns. When exposed under the IB stats interface, the counters are universally readable by default. Reviewed-by: Ira Weiny Signed-off-by: Jianxin Xiong Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/verbs.c | 154 +++++++++++++++++++++++++++++++++++++ 1 file changed, 154 insertions(+) commit cf4c2f8c9d0483f7585883d3f6733ebf09ea837c Author: Dennis Dalessandro Date: Wed Dec 7 19:32:47 2016 -0800 IB/rdmavt: Fix trace hierarchy Split rdmavt traces into separate files to preserve the original hierarchy since only one trace sub system may now be defined per header file. Reviewed-by: Mike Marciniszyn Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/sw/rdmavt/trace.h | 140 +------------------------------ drivers/infiniband/sw/rdmavt/trace_qp.h | 96 +++++++++++++++++++++ drivers/infiniband/sw/rdmavt/trace_rvt.h | 81 ++++++++++++++++++ drivers/infiniband/sw/rdmavt/trace_tx.h | 132 +++++++++++++++++++++++++++++ 4 files changed, 312 insertions(+), 137 deletions(-) commit e730139b3464cc740c33131c872f7d173744ef11 Author: Jakub Pawlak Date: Wed Dec 7 19:32:41 2016 -0800 IB/hfi1: Disable header suppression for short packets For the received packets with payload less or equal 8DWS RxDmaDataFifoRdUncErr is not reported. There is set RHF.EccErr if the header is not suppressed. When such packet is detected on the send side the header suppression mechanism is disabled by clearing SH bit in the packet header. Reviewed-by: Mitko Haralanov Signed-off-by: Jakub Pawlak Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/user_sdma.c | 60 ++++++++++++++++++++++++---------- include/uapi/rdma/hfi/hfi1_user.h | 2 +- 2 files changed, 44 insertions(+), 18 deletions(-) commit 1b9e7749335281c086243c2dc75d2ad7c2b32abe Author: Dean Luick Date: Wed Dec 7 19:32:34 2016 -0800 IB/hfi1: Export 8051 memory and LCB registers via debugfs Both the 8051 memory and LCB register access require multiple steps and coordination with the driver. This cannot be safely done with resource0 alone. The 8051 memory is exported read-only. LCB is exported read/write. Reviewed-by: Dennis Dalessandro Signed-off-by: Dean Luick Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/debugfs.c | 110 +++++++++++++++++++++++++++++++++++ 1 file changed, 110 insertions(+) commit 53e91d264be9e9adbf34b83b8ce5c12452f6765e Author: Sebastian Sanchez Date: Wed Dec 7 19:32:28 2016 -0800 IB/hfi1: Use non-atomic __test_and_clear_bit in hot path qp->r_aflags is already protected by qp->r_lock, therefore, test_and_clear_bit() doesn't need to be atomic. Profile shows this function call is costly. Change the test_and_clear_bit() call to use the non-atomic variant. Reviewed-by: Mike Marciniszyn Signed-off-by: Sebastian Sanchez Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/rc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d7cf4ccf6fe52694142f65cce82decb3fe833f48 Author: Dean Luick Date: Wed Dec 7 19:32:22 2016 -0800 IB/hfi1: Fix dc8051 multiple qword memory reads When reading multiple dc8051 data memory locations at once, the read enabled field must be toggled at every address change. Do that by writing only the address first, then writing the enable. Reviewed-by: Ira Weiny Reviewed-by: Dennis Dalessandro Signed-off-by: Dean Luick Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/firmware.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) commit 62aeddbf28fa63872e8f13f47177338b0f1fd8b5 Author: Dean Luick Date: Wed Dec 7 19:32:15 2016 -0800 IB/hfi1: Read new EPROM format Add the ability to read the new EPROM format. Reviewed-by: Easwar Hariharan Signed-off-by: Dean Luick Signed-off-by: Dennis Dalessandro Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/eprom.c | 211 +++++++++++++++++++++++++++++++++++-- 1 file changed, 203 insertions(+), 8 deletions(-) commit ff5b1ce6b22080379fd1ae9076ff2f5ca6519861 Merge: d1e774f 152b695 Author: Michal Marek Date: Sun Dec 11 21:20:34 2016 +0100 Merge branch 'kbuild/rc-fixes' into kbuild/misc commit d84701ecbcd6ad63faa7a9c18ad670d1c4d561c0 Author: Pablo Neira Date: Sun Dec 11 11:43:59 2016 +0100 netfilter: nft_counter: rework atomic dump and reset Dump and reset doesn't work unless cmpxchg64() is used both from packet and control plane paths. This approach is going to be slow though. Instead, use a percpu seqcount to fetch counters consistently, then subtract bytes and packets in case a reset was requested. The cpu that running over the reset code is guaranteed to own this stats exclusively, we have to turn counters into signed 64bit though so stats update on reset don't get wrong on underflow. This patch is based on original sketch from Eric Dumazet. Fixes: 43da04a593d8 ("netfilter: nf_tables: atomic dump and reset for stateful objects") Suggested-by: Eric Dumazet Signed-off-by: Pablo Neira Ayuso Signed-off-by: David S. Miller net/netfilter/nft_counter.c | 127 +++++++++++++++++++------------------------- 1 file changed, 55 insertions(+), 72 deletions(-) commit 6b94780e45c17b83e3e75f8aaca5a328db583c74 Author: Vincent Guittot Date: Thu Dec 8 17:56:54 2016 +0100 sched/core: Use load_avg for selecting idlest group find_idlest_group() only compares the runnable_load_avg when looking for the least loaded group. But on fork intensive use case like hackbench where tasks blocked quickly after the fork, this can lead to selecting the same CPU instead of other CPUs, which have similar runnable load but a lower load_avg. When the runnable_load_avg of 2 CPUs are close, we now take into account the amount of blocked load as a 2nd selection factor. There is now 3 zones for the runnable_load of the rq: - [0 .. (runnable_load - imbalance)]: Select the new rq which has significantly less runnable_load - [(runnable_load - imbalance) .. (runnable_load + imbalance)]: The runnable loads are close so we use load_avg to chose between the 2 rq - [(runnable_load + imbalance) .. ULONG_MAX]: Keep the current rq which has significantly less runnable_load The scale factor that is currently used for comparing runnable_load, doesn't work well with small value. As an example, the use of a scaling factor fails as soon as this_runnable_load == 0 because we always select local rq even if min_runnable_load is only 1, which doesn't really make sense because they are just the same. So instead of scaling factor, we use an absolute margin for runnable_load to detect CPUs with similar runnable_load and we keep using scaling factor for blocked load. For use case like hackbench, this enable the scheduler to select different CPUs during the fork sequence and to spread tasks across the system. Tests have been done on a Hikey board (ARM based octo cores) for several kernel. The result below gives min, max, avg and stdev values of 18 runs with each configuration. The patches depend on the "no missing update_rq_clock()" work. hackbench -P -g 1 ea86cb4b7621 7dc603c9028e v4.8 v4.8+patches min 0.049 0.050 0.051 0,048 avg 0.057 0.057(0%) 0.057(0%) 0,055(+5%) max 0.066 0.068 0.070 0,063 stdev +/-9% +/-9% +/-8% +/-9% More performance numbers here: https://lkml.kernel.org/r/20161203214707.GI20785@codeblueprint.co.uk Tested-by: Matt Fleming Signed-off-by: Vincent Guittot Signed-off-by: Peter Zijlstra (Intel) Reviewed-by: Matt Fleming Cc: Linus Torvalds Cc: Morten.Rasmussen@arm.com Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: dietmar.eggemann@arm.com Cc: kernellwp@gmail.com Cc: umgwanakikbuti@gmail.com Cc: yuyang.du@intel.comc Link: http://lkml.kernel.org/r/1481216215-24651-3-git-send-email-vincent.guittot@linaro.org Signed-off-by: Ingo Molnar kernel/sched/fair.c | 55 ++++++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 44 insertions(+), 11 deletions(-) commit f519a3f1c6b7a990e5aed37a8f853c6ecfdee945 Author: Vincent Guittot Date: Thu Dec 8 17:56:53 2016 +0100 sched/core: Fix find_idlest_group() for fork During fork, the utilization of a task is init once the rq has been selected because the current utilization level of the rq is used to set the utilization of the fork task. As the task's utilization is still 0 at this step of the fork sequence, it doesn't make sense to look for some spare capacity that can fit the task's utilization. Furthermore, I can see perf regressions for the test: hackbench -P -g 1 because the least loaded policy is always bypassed and tasks are not spread during fork. With this patch and the fix below, we are back to same performances as for v4.8. The fix below is only a temporary one used for the test until a smarter solution is found because we can't simply remove the test which is useful for others benchmarks | @@ -5708,13 +5708,6 @@ static int select_idle_cpu(struct task_struct *p, struct sched_domain *sd, int t | | avg_cost = this_sd->avg_scan_cost; | | - /* | - * Due to large variance we need a large fuzz factor; hackbench in | - * particularly is sensitive here. | - */ | - if ((avg_idle / 512) < avg_cost) | - return -1; | - | time = local_clock(); | | for_each_cpu_wrap(cpu, sched_domain_span(sd), target, wrap) { Tested-by: Matt Fleming Signed-off-by: Vincent Guittot Signed-off-by: Peter Zijlstra (Intel) Reviewed-by: Matt Fleming Acked-by: Morten Rasmussen Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: dietmar.eggemann@arm.com Cc: kernellwp@gmail.com Cc: umgwanakikbuti@gmail.com Cc: yuyang.du@intel.comc Link: http://lkml.kernel.org/r/1481216215-24651-2-git-send-email-vincent.guittot@linaro.org Signed-off-by: Ingo Molnar kernel/sched/fair.c | 8 ++++++++ 1 file changed, 8 insertions(+) commit 6643aab30f88e2929bcc401a9ae39bf6f1c0b61d Merge: 8fb9dcb 0451698 Author: Ingo Molnar Date: Sun Dec 11 13:10:40 2016 +0100 Merge branch 'linus' into sched/core, to pick up fixes Signed-off-by: Ingo Molnar commit 11f254dbb3a2e3f0d8552d0dd37f4faa432b6b16 Author: Peter Zijlstra Date: Thu Dec 8 16:42:15 2016 +0100 x86/paravirt: Fix bool return type for PVOP_CALL() Commit: 3cded4179481 ("x86/paravirt: Optimize native pv_lock_ops.vcpu_is_preempted()") introduced a paravirt op with bool return type [*] It turns out that the PVOP_CALL*() macros miscompile when rettype is bool. Code that looked like: 83 ef 01 sub $0x1,%edi ff 15 32 a0 d8 00 callq *0xd8a032(%rip) # ffffffff81e28120 84 c0 test %al,%al ended up looking like so after PVOP_CALL1() was applied: 83 ef 01 sub $0x1,%edi 48 63 ff movslq %edi,%rdi ff 14 25 20 81 e2 81 callq *0xffffffff81e28120 48 85 c0 test %rax,%rax Note how it tests the whole of %rax, even though a typical bool return function only sets %al, like: 0f 95 c0 setne %al c3 retq This is because ____PVOP_CALL() does: __ret = (rettype)__eax; and while regular integer type casts truncate the result, a cast to bool tests for any !0 value. Fix this by explicitly truncating to sizeof(rettype) before casting. [*] The actual bug should've been exposed in commit: 446f3dc8cc0a ("locking/core, x86/paravirt: Implement vcpu_is_preempted(cpu) for KVM and Xen guests") but that didn't properly implement the paravirt call. Reported-by: kernel test robot Signed-off-by: Peter Zijlstra (Intel) Cc: Alok Kataria Cc: Borislav Petkov Cc: Chris Wright Cc: Jeremy Fitzhardinge Cc: Linus Torvalds Cc: Pan Xinhui Cc: Paolo Bonzini Cc: Peter Anvin Cc: Peter Zijlstra Cc: Rusty Russell Cc: Thomas Gleixner Fixes: 3cded4179481 ("x86/paravirt: Optimize native pv_lock_ops.vcpu_is_preempted()") Link: http://lkml.kernel.org/r/20161208154349.346057680@infradead.org Signed-off-by: Ingo Molnar arch/x86/include/asm/paravirt_types.h | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) commit 45dbea5f55c05980cbb4c30047c71a820cd3f282 Author: Peter Zijlstra Date: Thu Dec 8 16:42:14 2016 +0100 x86/paravirt: Fix native_patch() While chasing a regression I noticed we potentially patch the wrong code in native_patch(). If we do not select the native code sequence, we must use the default patcher, not fall-through the switch case. Signed-off-by: Peter Zijlstra (Intel) Cc: Alok Kataria Cc: Borislav Petkov Cc: Chris Wright Cc: Jeremy Fitzhardinge Cc: Linus Torvalds Cc: Pan Xinhui Cc: Paolo Bonzini Cc: Peter Anvin Cc: Peter Zijlstra Cc: Rusty Russell Cc: Thomas Gleixner Cc: kernel test robot Fixes: 3cded4179481 ("x86/paravirt: Optimize native pv_lock_ops.vcpu_is_preempted()") Link: http://lkml.kernel.org/r/20161208154349.270616999@infradead.org Signed-off-by: Ingo Molnar arch/x86/kernel/paravirt_patch_32.c | 4 ++++ arch/x86/kernel/paravirt_patch_64.c | 4 ++++ 2 files changed, 8 insertions(+) commit 6f38751510073cc054c5dffc3339b22f9385ceed Merge: f4ec57b 0451698 Author: Ingo Molnar Date: Sun Dec 11 13:07:13 2016 +0100 Merge branch 'linus' into locking/core, to pick up fixes Signed-off-by: Ingo Molnar commit b0c1ef52959582144bbea9a2b37db7f4c9e399f7 Author: Andi Kleen Date: Thu Dec 8 16:14:17 2016 -0800 perf/x86: Fix exclusion of BTS and LBR for Goldmont An earlier patch allowed enabling PT and LBR at the same time on Goldmont. However it also allowed enabling BTS and LBR at the same time, which is still not supported. Fix this by bypassing the check only for PT. Signed-off-by: Andi Kleen Signed-off-by: Peter Zijlstra (Intel) Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: alexander.shishkin@intel.com Cc: kan.liang@intel.com Cc: Fixes: ccbebba4c6bf ("perf/x86/intel/pt: Bypass PT vs. LBR exclusivity if the core supports it") Link: http://lkml.kernel.org/r/20161209001417.4713-1-andi@firstfloor.org Signed-off-by: Ingo Molnar arch/x86/events/core.c | 8 ++++++-- arch/x86/events/perf_event.h | 2 +- 2 files changed, 7 insertions(+), 3 deletions(-) commit 6de75a37b8e82e3e6bbc773c1fbc7df8338efb90 Merge: 080c259 0451698 Author: Ingo Molnar Date: Sun Dec 11 13:05:59 2016 +0100 Merge branch 'linus' into perf/core, to pick up fixes Signed-off-by: Ingo Molnar commit 0f66784ae2eb6ac5bc7540b891786ff062bbf630 Author: Ard Biesheuvel Date: Fri Oct 28 18:09:05 2016 +0100 scripts/kallsyms: remove last remnants of --page-offset option The implementation of the --page-offset kallsyms command line option has been removed, so remove it from the usage string as well. Signed-off-by: Ard Biesheuvel Signed-off-by: Michal Marek scripts/kallsyms.c | 1 - 1 file changed, 1 deletion(-) commit 79e51b5c2deea542b3bb8c66e0d502230b017dde Author: Ben Hutchings Date: Thu Nov 24 22:10:23 2016 +0000 kconfig/nconf: Fix hang when editing symbol with a long prompt Currently it is impossible to edit the value of a config symbol with a prompt longer than (terminal width - 2) characters. dialog_inputbox() calculates a negative x-offset for the input window and newwin() fails as this is invalid. It also doesn't check for this failure, so it busy-loops calling wgetch(NULL) which immediately returns -1. The additions in the offset calculations also don't match the intended size of the window. Limit the window size and calculate the offset similarly to show_scroll_win(). Cc: stable Fixes: 692d97c380c6 ("kconfig: new configuration interface (nconfig)") Signed-off-by: Ben Hutchings scripts/kconfig/nconf.gui.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) commit e19b7cee020441dd690613d223aed7abb0bcda81 Author: Uwe Kleine-König Date: Tue Nov 22 09:30:26 2016 +0100 make use of make variable CURDIR instead of calling pwd make already provides the current working directory in a variable, so make use of it instead of forking a shell. Also replace usage of PWD by CURDIR. PWD is provided by most shells, but not all, so this makes the build system more robust. Signed-off-by: Uwe Kleine-König Signed-off-by: Michal Marek samples/bpf/Makefile | 4 ++-- samples/connector/Makefile | 2 +- tools/build/Makefile | 2 +- tools/gpio/Makefile | 2 +- tools/lib/api/Makefile | 2 +- tools/lib/bpf/Makefile | 2 +- tools/lib/lockdep/Makefile | 2 +- tools/lib/subcmd/Makefile | 2 +- tools/lib/traceevent/Makefile | 2 +- tools/objtool/Makefile | 4 ++-- tools/perf/Makefile.perf | 2 +- tools/perf/tests/make | 2 +- tools/power/cpupower/Makefile | 3 --- tools/power/cpupower/debug/kernel/Makefile | 3 +-- 14 files changed, 15 insertions(+), 19 deletions(-) commit d1e774f49f0305092c9975d9070aefe318f49872 Author: Vaishali Thakkar Date: Wed Nov 23 14:16:42 2016 +0530 Coccinelle: misc: Add support for devm variant in all modes Add missing support for the devm_request_threaded_irq in the rules of context, report and org modes. Misc: ---- To be consistent with other scripts, change confidence level of the script to 'Moderate'. Signed-off-by: Vaishali Thakkar Acked-by: Julia Lawall Signed-off-by: Michal Marek scripts/coccinelle/misc/irqf_oneshot.cocci | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) commit 35b303ae361611a6b418e385fee06fa08732b2e6 Author: Vaishali Thakkar Date: Wed Nov 23 14:16:46 2016 +0530 Coccinelle: misc: Improve the result given by context mode To eliminate false positives given by the context mode, add necessary arguments for the function request_threaded_irq. Signed-off-by: Vaishali Thakkar Acked-by: Julia Lawall Signed-off-by: Michal Marek scripts/coccinelle/misc/irqf_oneshot.cocci | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit dca24c4544d96989f521b5aa49fd44ae0ae5a5b6 Author: Vaishali Thakkar Date: Wed Nov 23 14:16:39 2016 +0530 Coccinelle: misc: Improve the matching of rules Currently because of the left associativity of the operators, pattern IRQF_ONESHOT | flags does not match with the pattern when we have more than one flag after the disjunction. This eventually results in giving false positives by the script. This patch eliminates these FPs by improving the rule. Signed-off-by: Vaishali Thakkar Signed-off-by: Michal Marek scripts/coccinelle/misc/irqf_oneshot.cocci | 36 +++++++++++++++++++----------- 1 file changed, 23 insertions(+), 13 deletions(-) commit 51a5f81079bfbd146b7162580c2170289c7cb413 Author: Anton Tikhomirov Date: Tue Oct 25 18:00:44 2016 +0900 kbuild/mkspec: avoid using brace expansion Brace expansion might not work properly if _buildshell RPM macro points to a shell other than bash. Particularly, with _bulidshell defined to /bin/dash it leads to broken build and source symlinks. Signed-off-by: Anton Tikhomirov Signed-off-by: Michal Marek scripts/package/mkspec | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 75238b9e6aadca6d9255d4b385e026385e78bb15 Author: Andrew F. Davis Date: Mon Oct 17 11:52:24 2016 -0500 Coccinelle: Add misc/boolconv.cocci Add a script to check for unneeded conversions to bool. Signed-off-by: Andrew F. Davis Acked-by: Julia Lawall Signed-off-by: Michal Marek scripts/coccinelle/misc/boolconv.cocci | 90 ++++++++++++++++++++++++++++++++++ 1 file changed, 90 insertions(+) commit 76bee23411f8510fbf5fc5641bae2c203b726eb6 Author: Nicolas Pitre Date: Wed Nov 16 19:28:39 2016 -0500 kbuild: cmd_export_list: tighten the sed script When LTO is used, some ___ksymtab_string sections are seen by this sed script, creating lines containing a single ) such as: EXPORT(foo) ) ) EXPORT(bar) Let's make it so the + character is also required for any line to be printed. Signed-off-by: Nicolas Pitre Signed-off-by: Michal Marek scripts/Makefile.build | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 311191297125156319be8f86d546ea1c569f7e95 Author: WANG Cong Date: Sat Dec 10 14:22:42 2016 -0800 e1000: use disable_hardirq() for e1000_netpoll() In commit 02cea3958664 ("genirq: Provide disable_hardirq()") Peter introduced disable_hardirq() for netpoll, but it is forgotten to use it for e1000. This patch changes disable_irq() to disable_hardirq() for e1000. Reported-by: Dave Jones Suggested-by: Sabrina Dubroca Cc: Peter Zijlstra (Intel) Cc: Jeff Kirsher Signed-off-by: Cong Wang Signed-off-by: David S. Miller drivers/net/ethernet/intel/e1000/e1000_main.c | 4 ++-- drivers/net/ethernet/intel/e1000e/netdev.c | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) commit 0266ac4536cdbf37e0bed918b97b6763aa8b84e2 Author: Keller, Jacob E Date: Fri Dec 9 13:39:21 2016 -0800 i40e: don't truncate match_method assignment The .match_method field is a u8, so we shouldn't be casting to a u16, and because it is only one byte, we do not need to byte swap anything. Just assign the value directly. This avoids issues on Big Endian architectures which would have byte swapped and then incorrectly truncated the value. Signed-off-by: Jacob Keller Cc: Stephen Rothwell Cc: Bimmy Pujari Signed-off-by: David S. Miller drivers/net/ethernet/intel/i40e/i40e_main.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 6246168b4a38357b135d07370464f27d4f3a68ce Author: WingMan Kwok Date: Thu Dec 8 16:21:56 2016 -0600 net: ethernet: ti: netcp: add support of cpts This patch adds support of the cpts device found in the gbe and 10gbe ethernet switches on the keystone 2 SoCs (66AK2E/L/Hx, 66AK2Gx). Cc: Richard Cochran Signed-off-by: WingMan Kwok Signed-off-by: Grygorii Strashko Signed-off-by: David S. Miller drivers/net/ethernet/ti/Kconfig | 7 +- drivers/net/ethernet/ti/netcp.h | 2 +- drivers/net/ethernet/ti/netcp_core.c | 20 +- drivers/net/ethernet/ti/netcp_ethss.c | 437 +++++++++++++++++++++++++++++++++- 4 files changed, 452 insertions(+), 14 deletions(-) commit 529ed12752635ba8a35dc78ec70ed6f42570b4ca Author: Timur Tabi Date: Wed Dec 7 13:20:51 2016 -0600 net: phy: phy drivers should not set SUPPORTED_[Asym_]Pause Instead of having individual PHY drivers set the SUPPORTED_Pause and SUPPORTED_Asym_Pause flags, phylib itself should set those flags, unless there is a hardware erratum or other special case. During autonegotiation, the PHYs will determine whether to enable pause frame support. Pause frames are a feature that is supported by the MAC. It is the MAC that generates the frames and that processes them. The PHY can only be configured to allow them to pass through. This commit also effectively reverts the recently applied c7a61319 ("net: phy: dp83848: Support ethernet pause frames"). So the new process is: 1) Unless the PHY driver overrides it, phylib sets the SUPPORTED_Pause and SUPPORTED_AsymPause bits in phydev->supported. This indicates that the PHY supports pause frames. 2) The MAC driver checks phydev->supported before it calls phy_start(). If (SUPPORTED_Pause | SUPPORTED_AsymPause) is set, then the MAC driver sets those bits in phydev->advertising, if it wants to enable pause frame support. 3) When the link state changes, the MAC driver checks phydev->pause and phydev->asym_pause, If the bits are set, then it enables the corresponding features in the MAC. The algorithm is: if (phydev->pause) The MAC should be programmed to receive and honor pause frames it receives, i.e. enable receive flow control. if (phydev->pause != phydev->asym_pause) The MAC should be programmed to transmit pause frames when needed, i.e. enable transmit flow control. Signed-off-by: Timur Tabi Signed-off-by: David S. Miller drivers/net/phy/bcm-cygnus.c | 3 +-- drivers/net/phy/bcm7xxx.c | 6 ++---- drivers/net/phy/broadcom.c | 42 ++++++++++++++---------------------------- drivers/net/phy/dp83848.c | 4 +--- drivers/net/phy/icplus.c | 6 ++---- drivers/net/phy/intel-xway.c | 24 ++++++++---------------- drivers/net/phy/micrel.c | 30 ++++++++++++------------------ drivers/net/phy/microchip.c | 3 +-- drivers/net/phy/national.c | 2 +- drivers/net/phy/phy_device.c | 19 +++++++++++++++++++ drivers/net/phy/smsc.c | 18 ++++++------------ 11 files changed, 67 insertions(+), 90 deletions(-) commit fba40c632c6473fa89660e870a6042c0fe733f8c Author: Asbjørn Sloth Tønnesen Date: Sun Dec 11 00:18:59 2016 +0000 net: l2tp: ppp: change PPPOL2TP_MSG_* => L2TP_MSG_* Signed-off-by: Asbjoern Sloth Toennesen Signed-off-by: David S. Miller net/l2tp/l2tp_ppp.c | 54 ++++++++++++++++++++++++++--------------------------- 1 file changed, 27 insertions(+), 27 deletions(-) commit 47c3e7783be4e142b861d34b5c2e223330b05d8a Author: Asbjørn Sloth Tønnesen Date: Sun Dec 11 00:18:58 2016 +0000 net: l2tp: deprecate PPPOL2TP_MSG_* in favour of L2TP_MSG_* PPPOL2TP_MSG_* and L2TP_MSG_* are duplicates, and are being used interchangeably in the kernel, so let's standardize on L2TP_MSG_* internally, and keep PPPOL2TP_MSG_* defined in UAPI for compatibility. Signed-off-by: Asbjoern Sloth Toennesen Signed-off-by: David S. Miller Documentation/networking/l2tp.txt | 8 ++++---- include/uapi/linux/if_pppol2tp.h | 13 ++++++------- 2 files changed, 10 insertions(+), 11 deletions(-) commit 41c43fbee68f4f9a2a9675d83bca91c77862d7f0 Author: Asbjørn Sloth Tønnesen Date: Sun Dec 11 00:18:57 2016 +0000 net: l2tp: export debug flags to UAPI Move the L2TP_MSG_* definitions to UAPI, as it is part of the netlink API. Signed-off-by: Asbjoern Sloth Toennesen Signed-off-by: David S. Miller include/uapi/linux/l2tp.h | 17 ++++++++++++++++- net/l2tp/l2tp_core.h | 10 ---------- 2 files changed, 16 insertions(+), 11 deletions(-) commit 0972770eeac218cc2a55e3532d7afe114a9dd73e Merge: c280b48 739c8e1 Author: David S. Miller Date: Sat Dec 10 23:27:02 2016 -0500 Merge branch 'sxgbe-stmmac-remove-private-tx-lock' Lino Sanfilippo says: ==================== Remove private tx queue locks this patch series removes unnecessary private locks in the sxgbe and the stmmac driver. v2: - adjust commit message ==================== Signed-off-by: David S. Miller commit 739c8e149ae40a1eb044edb92a133b93b59369d8 Author: Lino Sanfilippo Date: Fri Dec 9 00:55:43 2016 +0100 net: ethernet: stmmac: remove private tx queue lock The driver uses a private lock for synchronization of the xmit function and the xmit completion handler, but since the NETIF_F_LLTX flag is not set, the xmit function is also called with the xmit_lock held. On the other hand the completion handler uses the reverse locking order by first taking the private lock and (in case that the tx queue had been stopped) then the xmit_lock. Improve the locking by removing the private lock and using only the xmit_lock for synchronization instead. Signed-off-by: Lino Sanfilippo Signed-off-by: David S. Miller drivers/net/ethernet/stmicro/stmmac/stmmac.h | 1 - drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 28 +++++------------------ 2 files changed, 6 insertions(+), 23 deletions(-) commit 980f140493b6d9d9e1fc67ce594170186be848a1 Author: Lino Sanfilippo Date: Fri Dec 9 00:55:42 2016 +0100 net: ethernet: sxgbe: remove private tx queue lock The driver uses a private lock for synchronization of the xmit function and the xmit completion handler, but since the NETIF_F_LLTX flag is not set, the xmit function is also called with the xmit_lock held. On the other hand the completion handler uses the reverse locking order by first taking the private lock and (in case that the tx queue had been stopped) then the xmit_lock. Improve the locking by removing the private lock and using only the xmit_lock for synchronization instead. Signed-off-by: Lino Sanfilippo Signed-off-by: David S. Miller drivers/net/ethernet/samsung/sxgbe/sxgbe_common.h | 1 - drivers/net/ethernet/samsung/sxgbe/sxgbe_main.c | 27 +++++------------------ 2 files changed, 6 insertions(+), 22 deletions(-) commit c280b482662018b2178f67ea017275191c30823e Merge: bfd8d97 34d8acd Author: David S. Miller Date: Sat Dec 10 21:28:39 2016 -0500 Merge branch 'bridge-fast-ageing-on-topology-change' Vivien Didelot says: ==================== net: bridge: fast ageing on topology change 802.1D [1] specifies that the bridges in a network must use a short value to age out dynamic entries in the Filtering Database for a period, once a topology change has been communicated by the root bridge. This patchset fixes this for the in-kernel STP implementation. Once the topology change flag is set in a net_bridge instance, the ageing time value is shorten to twice the forward delay used by the topology. When the topology change flag is cleared, the ageing time configured for the bridge is restored. To accomplish that, a new bridge_ageing_time member is added to the net_bridge structure, to store the user configured bridge ageing time. Two helpers are added to offload the ageing time and set the topology change flag in the net_bridge instance. Then the required logic is added in the topology change helper if in-kernel STP is used. This has been tested on the following topology: +--------------+ | root bridge | | 1 2 3 4 | +--+--+--+--+--+ | | | | +--------+ | | | +------| laptop | | | | +--------+ +--+--+--+-----+ | 1 2 3 | | slave bridge | +--------------+ When unplugging/replugging the laptop, the slave bridge (under test) gets the topology change flag sent by the root bridge, and fast ageing is triggered on the bridges. Once the topology change timer of the root bridge expires, the topology change flag is cleared and the configured ageing time is restored on the bridges. A similar test has been done between two bridges under test. When changing the forward delay of the root bridge with: # echo 3000 > /sys/class/net/br0/bridge/forward_delay the ageing time correctly changes on both bridges from 300s to 60s while the TOPOLOGY_CHANGE flag is present. [1] "8.3.5 Notifying topology changes", http://profesores.elo.utfsm.cl/~agv/elo309/doc/802.1D-1998.pdf No change since RFC: https://lkml.org/lkml/2016/10/19/828 ==================== Signed-off-by: David S. Miller commit 34d8acd8aabb6e070b6fb718909db80458ef32ec Author: Vivien Didelot Date: Sat Dec 10 13:44:29 2016 -0500 net: bridge: shorten ageing time on topology change 802.1D [1] specifies that the bridges must use a short value to age out dynamic entries in the Filtering Database for a period, once a topology change has been communicated by the root bridge. Add a bridge_ageing_time member in the net_bridge structure to store the bridge ageing time value configured by the user (ioctl/netlink/sysfs). If we are using in-kernel STP, shorten the ageing time value to twice the forward delay used by the topology when the topology change flag is set. When the flag is cleared, restore the configured ageing time. [1] "8.3.5 Notifying topology changes ", http://profesores.elo.utfsm.cl/~agv/elo309/doc/802.1D-1998.pdf Signed-off-by: Vivien Didelot Signed-off-by: David S. Miller net/bridge/br_device.c | 2 +- net/bridge/br_private.h | 3 ++- net/bridge/br_stp.c | 27 +++++++++++++++++++++++++++ 3 files changed, 30 insertions(+), 2 deletions(-) commit 8384b5f5b293389a42cc65bfca2d767d15809aa1 Author: Vivien Didelot Date: Sat Dec 10 13:44:28 2016 -0500 net: bridge: add helper to set topology change Add a __br_set_topology_change helper to set the topology change value. This can be later extended to add actions when the topology change flag is set or cleared. Signed-off-by: Vivien Didelot Signed-off-by: David S. Miller net/bridge/br_private_stp.h | 1 + net/bridge/br_stp.c | 10 ++++++++-- net/bridge/br_stp_if.c | 2 +- net/bridge/br_stp_timer.c | 2 +- 4 files changed, 11 insertions(+), 4 deletions(-) commit 82dd4332aa07843f7444c55bc17fee9bd76aa0f7 Author: Vivien Didelot Date: Sat Dec 10 13:44:27 2016 -0500 net: bridge: add helper to offload ageing time The SWITCHDEV_ATTR_ID_BRIDGE_AGEING_TIME switchdev attr is actually set when initializing a bridge port, and when configuring the bridge ageing time from ioctl/netlink/sysfs. Add a __set_ageing_time helper to offload the ageing time to physical switches, and add the SWITCHDEV_F_DEFER flag since it can be called under bridge lock. Signed-off-by: Vivien Didelot Signed-off-by: David S. Miller net/bridge/br_private.h | 1 + net/bridge/br_stp.c | 28 ++++++++++++++++++++-------- net/bridge/br_stp_if.c | 12 +++--------- 3 files changed, 24 insertions(+), 17 deletions(-) commit 73b92a2a5e97d17cc4d5c4fe9d724d3273fb6fd2 Author: Sergey Karamov Date: Sat Dec 10 17:54:58 2016 -0500 ext4: do not perform data journaling when data is encrypted Currently data journalling is incompatible with encryption: enabling both at the same time has never been supported by design, and would result in unpredictable behavior. However, users are not precluded from turning on both features simultaneously. This change programmatically replaces data journaling for encrypted regular files with ordered data journaling mode. Background: Journaling encrypted data has not been supported because it operates on buffer heads of the page in the page cache. Namely, when the commit happens, which could be up to five seconds after caching, the commit thread uses the buffer heads attached to the page to copy the contents of the page to the journal. With encryption, it would have been required to keep the bounce buffer with ciphertext for up to the aforementioned five seconds, since the page cache can only hold plaintext and could not be used for journaling. Alternatively, it would be required to setup the journal to initiate a callback at the commit time to perform deferred encryption - in this case, not only would the data have to be written twice, but it would also have to be encrypted twice. This level of complexity was not justified for a mode that in practice is very rarely used because of the overhead from the data journalling. Solution: If data=journaled has been set as a mount option for a filesystem, or if journaling is enabled on a regular file, do not perform journaling if the file is also encrypted, instead fall back to the data=ordered mode for the file. Rationale: The intent is to allow seamless and proper filesystem operation when journaling and encryption have both been enabled, and have these two conflicting features gracefully resolved by the filesystem. Fixes: 4461471107b7 Signed-off-by: Sergey Karamov Signed-off-by: Theodore Ts'o Cc: stable@vger.kernel.org fs/ext4/ext4_jbd2.h | 14 ++++++++------ fs/ext4/super.c | 5 +++++ 2 files changed, 13 insertions(+), 6 deletions(-) commit bfd8d977af2390e646d4a5df8e88c1d7a1ae63d9 Author: Philippe Reynes Date: Sat Dec 10 15:00:48 2016 +0100 net: nicvf: use new api ethtool_{get|set}_link_ksettings The ethtool api {get|set}_settings is deprecated. We move this driver to new api {get|set}_link_ksettings. Signed-off-by: Philippe Reynes Signed-off-by: David S. Miller .../net/ethernet/cavium/thunder/nicvf_ethtool.c | 56 ++++++++++++---------- 1 file changed, 31 insertions(+), 25 deletions(-) commit 52986a2f926cc0de544e32005a3436bb6db39f10 Author: Ivan Khoronzhuk Date: Sat Dec 10 14:23:50 2016 +0200 net: ethernet: ti: cpsw: sync rates for channels in dual emac mode The channels are common for both ndevs in dual emac mode. Hence, keep in sync their rates. Signed-off-by: Ivan Khoronzhuk Signed-off-by: David S. Miller drivers/net/ethernet/ti/cpsw.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) commit 0be01b8e0a365138e8f94315de13ab3751d199e2 Author: Ivan Khoronzhuk Date: Sat Dec 10 14:23:49 2016 +0200 net: ethernet: ti: cpsw: re-split res only when speed is changed Don't re-split res in the following cases: - speed of phys is not changed - speed of phys is changed and no rate limited channels - speed of phys is changed and all channels are rate limited - phy is unlinked while dev is open - phy is linked back but speed is not changed The maximum speed is sum of "linked" phys, thus res are split taken in account two interfaces, both for dual emac mode and for switch mode. Signed-off-by: Ivan Khoronzhuk Signed-off-by: David S. Miller drivers/net/ethernet/ti/cpsw.c | 64 ++++++++++++++++++++++++++++++++++++++---- 1 file changed, 59 insertions(+), 5 deletions(-) commit 32b78d8563c57fc1d68ae73a5ae15359cb243f89 Author: Ivan Khoronzhuk Date: Sat Dec 10 14:23:48 2016 +0200 net: ethernet: ti: cpsw: combine budget and weight split and check Re-split weight along with budget. It simplify code a little and update state after every rate change. Also it's necessarily to move arguments checks to this combined function. Replace maximum rate check for an interface on maximum possible rate. Signed-off-by: Ivan Khoronzhuk Signed-off-by: David S. Miller drivers/net/ethernet/ti/cpsw.c | 107 +++++++++++++---------------------------- 1 file changed, 34 insertions(+), 73 deletions(-) commit 32b5f2d1f9bf653491b6c03a55e26177211f8218 Author: Ivan Khoronzhuk Date: Sat Dec 10 14:23:47 2016 +0200 net: ethernet: ti: cpsw: don't start queue twice No need to start queues after cpsw is started as it will be done while cpsw_adjust_link(), after phy connection. Signed-off-by: Ivan Khoronzhuk Signed-off-by: David S. Miller drivers/net/ethernet/ti/cpsw.c | 2 -- 1 file changed, 2 deletions(-) commit cb7d78d045579831fbf40112f93bf2064a7ef14f Author: Ivan Khoronzhuk Date: Sat Dec 10 14:23:46 2016 +0200 net: ethernet: ti: cpsw: use same macros to get active slave Use the same, more convenient macros, to get active slave. Signed-off-by: Ivan Khoronzhuk Signed-off-by: David S. Miller drivers/net/ethernet/ti/cpsw.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) commit 0e85663b887aa7c87d64965952fbf436c209fbe4 Author: Arnd Bergmann Date: Sat Dec 10 11:38:32 2016 +0100 net: mvneta: select GENERIC_ALLOCATOR We previously relied on GENERIC_ALLOCATOR to be selected by CONFIG_ARM, but now we can compile-test the driver on other architectures that don't select it: drivers/net/built-in.o: In function `mvneta_bm_remove': mvneta_bm.c:(.text+0x4ee35): undefined reference to `gen_pool_free' This adds an explicit select for the part of the driver that has the dependency. Fixes: a0627f776a45 ("net: marvell: Allow drivers to be built with COMPILE_TEST") Signed-off-by: Arnd Bergmann Signed-off-by: David S. Miller drivers/net/ethernet/marvell/Kconfig | 1 + 1 file changed, 1 insertion(+) commit fa1bd57a63773f56877c7629a7ff69081ce3ca01 Author: Amit Kushwaha Date: Sat Dec 10 11:14:47 2016 +0530 net: socket: removed an unnecessary newline This patch removes a newline which was added in socket.c file in net-next Signed-off-by: Amit Kushwaha Signed-off-by: David S. Miller net/socket.c | 1 - 1 file changed, 1 deletion(-) commit efa172f42836477bf1ac3c9a3053140df764699c Author: WANG Cong Date: Fri Dec 9 21:10:59 2016 -0800 netlink: use blocking notifier netlink_chain is called in ->release(), which is apparently a process context, so we don't have to use an atomic notifier here. Signed-off-by: Cong Wang Signed-off-by: David S. Miller net/netlink/af_netlink.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 6449b088dd51dd5aa6b38455888bbf538d21f2fc Author: Daniel Vetter Date: Fri Dec 9 14:56:56 2016 +0100 drm: Add fake controlD* symlinks for backwards compat We thought that no userspace is using them, but oops libdrm is using them to figure out whether a driver supports modesetting. Check out drmCheckModesettingSupported but maybe don't because it's horrible and totally runs counter to where we want to go with libdrm device handling. The function looks in the device hierarchy for whether controlD* exist using the following format string: /sys/bus/pci/devices/%04x:%02x:%02x.%d/drm/controlD%d The "/drm" subdirectory is the glue directory from the sysfs class stuff, and the only way to get at it seems to through kdev->kobj.parent (when kdev is represents e.g. the card0 chardev instance in sysfs). Git grep says we're not the only ones touching that, so I hope it's ok we dig into such internals - I couldn't find a proper interface for getting at the glue directory. Quick git grep shows that at least -amdgpu, -ati are using this. -modesetting do not, and on -intel it's only about the 4th fallback path for device lookup, which is why this didn't blow up earlier. Oh well, we need to keep it working, and the simplest way is to add a symlink at the right place in sysfs from controlD* to card*. v2: - Fix error path handling by adding if (!minor) return checks (David) - Fix the controlD* numbers to match what's been there (David) - Add a comment what exactly userspace minimally needs. - Correct the analysis for -intel (Chris). Fixes: 8a357d10043c ("drm: Nerf DRM_CONTROL nodes") Cc: Dave Airlie Reported-and-tested-by: Alex Deucher Acked-by: Emil Velikov Reviewed-by: David Herrmann Acked-by: Greg Kroah-Hartman Cc: Alex Deucher Cc: David Herrmann Cc: Greg Kroah-Hartman Signed-off-by: Daniel Vetter Link: http://patchwork.freedesktop.org/patch/msgid/20161209135656.14881-1-daniel.vetter@ffwll.ch drivers/gpu/drm/drm_drv.c | 62 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 62 insertions(+) commit 821781a9f40673c2aa0f29d9d8226ec320dff20c Merge: 3174fed 0451698 Author: David S. Miller Date: Sat Dec 10 16:21:55 2016 -0500 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net commit 29ac8e856cb3694e004037de595dec4ec53d42f2 Author: Darrick J. Wong Date: Wed Nov 9 14:13:11 2016 -0800 ocfs2: implement the VFS clone_range, copy_range, and dedupe_range features Connect the new VFS clone_range, copy_range, and dedupe_range features to the existing reflink capability of ocfs2. Compared to the existing ocfs2 reflink ioctl We have to do things a little differently to support the VFS semantics (we can clone subranges of a file but we don't clone xattrs), but the VFS ioctls are more broadly supported. Signed-off-by: Darrick J. Wong --- v2: Convert inline data files to extents files before reflinking, and fix i_blocks so that stat(2) output is correct. v3: Make zero-length dedupe consistent with btrfs behavior. v4: Use VFS double-inode lock routines and remove MAX_DEDUPE_LEN. fs/ocfs2/file.c | 35 +++- fs/ocfs2/file.h | 3 + fs/ocfs2/refcounttree.c | 432 ++++++++++++++++++++++++++++++++++++++++++++++++ fs/ocfs2/refcounttree.h | 7 + 4 files changed, 474 insertions(+), 3 deletions(-) commit 86e59436d406d833a5da4a94aefb3c3be6b26053 Author: Darrick J. Wong Date: Tue Nov 22 13:40:27 2016 -0800 ocfs2: charge quota for reflinked blocks When ocfs2 shares blocks from one file to another, it's necessary to charge that many blocks to the quota because ocfs2 tallies block charges according to the number of blocks mapped, not the number of physical blocks used. Without this patch, reflinking X blocks and then CoWing all of them causes quota usage to *decrease* by X as seen in generic/305. Signed-off-by: Darrick J. Wong fs/ocfs2/refcounttree.c | 7 +++++++ 1 file changed, 7 insertions(+) commit aef73a61c01a4dca3f26c22df05039f78fe9d468 Author: Darrick J. Wong Date: Fri Dec 9 16:10:15 2016 -0800 ocfs2: fix bad pointer cast generic/188 triggered a dmesg stack trace because the dio completion was casting a buffer head to an on-disk inode, which is whacky. Signed-off-by: Darrick J. Wong fs/ocfs2/aops.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit dbf896fc286a62bf215b904c6ff5d197df93e685 Author: Darrick J. Wong Date: Thu Dec 1 16:31:14 2016 -0800 ocfs2: always unlock when completing dio writes Always unlock the inode when completing dio writes, even if an error has occurrred. The caller already checks the inode and unlocks it if needed, so we might as well reduce contention. Signed-off-by: Darrick J. Wong fs/ocfs2/aops.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) commit 085549553dca86c866f26d233d9cfe19f169c288 Author: Darrick J. Wong Date: Wed Nov 9 14:42:49 2016 -0800 ocfs2: don't eat io errors during _dio_end_io_write ocfs2_dio_end_io_write eats whatever errors may happen, which means that write errors do not propagate to userspace. Fix that. Signed-off-by: Darrick J. Wong fs/ocfs2/aops.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) commit 3e10b793fc40dfdbe51762e0d084bd6f2c8acaaa Author: Darrick J. Wong Date: Wed Nov 9 14:13:11 2016 -0800 ocfs2: budget for extent tree splits when adding refcount flag When we're adding the refcount flag to an extent, we have to budget enough space to handle a full extent btree split in addition to whatever modifications have to be made to the refcount btree. We don't currently do this, with the result that generic/186 crashes when we need an extent split but not a refcount split because meta_ac never gets allocated. Signed-off-by: Darrick J. Wong fs/ocfs2/refcounttree.c | 3 +++ 1 file changed, 3 insertions(+) commit 06a70305812c3973c66824f26223656283c59b27 Author: Darrick J. Wong Date: Wed Nov 9 14:13:10 2016 -0800 ocfs2: prohibit refcounted swapfiles The swapfile mechanism calls bmap once to find all the swap file mappings, which means that we cannot properly support CoW remapping. Therefore, error out if the swap code tries to call bmap on a refcounted file. Signed-off-by: Darrick J. Wong fs/ocfs2/aops.c | 9 +++++++++ 1 file changed, 9 insertions(+) commit 86544fbd853c49a9eccb3d0f4e7eb9317f3fccf9 Author: Darrick J. Wong Date: Wed Nov 9 14:13:09 2016 -0800 ocfs2: add newlines to some error messages These two error messages are missing the trailing newline. Signed-off-by: Darrick J. Wong fs/ocfs2/alloc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 84e40080bd6f363ddbcab75b04cb7bc742efbf12 Author: Darrick J. Wong Date: Wed Nov 9 14:13:09 2016 -0800 ocfs2: convert inode refcount test to a helper Replace the open-coded inode refcount flag test with a helper function to reduce the potential for bugs. Signed-off-by: Darrick J. Wong fs/ocfs2/alloc.c | 3 +-- fs/ocfs2/file.c | 7 +++---- fs/ocfs2/inode.h | 6 ++++++ fs/ocfs2/move_extents.c | 10 ++-------- fs/ocfs2/refcounttree.c | 22 +++++++++------------- fs/ocfs2/xattr.c | 4 ++-- 6 files changed, 23 insertions(+), 29 deletions(-) commit 04fff6416cb7876091f0b2f413caf43e3618d5ad Author: Al Viro Date: Mon Aug 29 22:39:56 2016 -0400 simple_write_end(): don't zero in short copy into uptodate Signed-off-by: Al Viro fs/libfs.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) commit 92e50d2d42d7cb9fcd816b47b580622032d38293 Author: Al Viro Date: Mon Aug 29 22:04:51 2016 -0400 exofs: don't mess with simple_write_{begin,end} ... and don't zero anything on short copy; just unlock and return 0 if that has happened on non-uptodate page. Signed-off-by: Al Viro fs/exofs/inode.c | 68 +++++++++++++++++++++++++------------------------------- 1 file changed, 30 insertions(+), 38 deletions(-) commit 77469c3f570e329acb631c5c03780eacdca2a534 Author: Al Viro Date: Mon Aug 29 20:56:35 2016 -0400 9p: saner ->write_end() on failing copy into non-uptodate page If we had a short copy into an uptodate page, there's no reason whatsoever to zero anything; OTOH, if that page had _not_ been uptodate, we must have been trying to overwrite it completely and got a short copy. In that case, overwriting the end with zeroes, marking uptodate and sending to server is just plain wrong. Just unlock, keep it non-uptodate and return 0. Signed-off-by: Al Viro fs/9p/vfs_addr.c | 15 ++++----------- 1 file changed, 4 insertions(+), 11 deletions(-) commit 43388b21e72d36204822bcc3119e42abe6ebceef Author: Al Viro Date: Mon Sep 5 22:06:35 2016 -0400 fix gfs2_stuffed_write_end() on short copies a) the page is uptodate - ->write_begin() would either fail (in which case we don't reach ->write_end()), or unstuff the inode, or find the page already uptodate, or do a successful call of stuffed_readpage(), which would've made it uptodate b) zeroing the tail in pagecache is wrong. kill -9 at the right time while writing unmodified file contents to the same file should _not_ leave us in a situation when read() from the file will be reporting it full of zeroes. Especially since that effect will be transient - at some later point the page will be evicted and then we'll be back to the real file contents. Signed-off-by: Al Viro fs/gfs2/aops.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) commit b9de313cf05fe08fa59efaf19756ec5283af672a Author: Al Viro Date: Mon Sep 5 22:20:03 2016 -0400 fix ceph_write_end() don't zero on short copies; if the page was uptodate it's just plain wrong, and if it wasn't we'll be better off just returning 0 and buggering off. Signed-off-by: Al Viro fs/ceph/addr.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) commit af7d9f0c57941b465043681cb5c3410f7f3f1a41 Author: Dan Williams Date: Sat Dec 10 08:12:05 2016 -0800 libnvdimm, pfn: fix align attribute Fix the format specifier so that the attribute can be parsed correctly. Currently it returns decimal 1000 for a 4096-byte alignment. Cc: Reported-by: Dave Jiang Fixes: 315c562536c4 ("libnvdimm, pfn: add 'align' attribute, default to HPAGE_SIZE") Signed-off-by: Dan Williams drivers/nvdimm/pfn_devs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 2549f307b5997bf5dd91071428e8090d9faa8b1b Merge: 1cded9d 3a72dc7 Author: Trond Myklebust Date: Sat Dec 10 10:31:44 2016 -0500 Merge tag 'nfs-rdma-4.10-1' of git://git.linux-nfs.org/projects/anna/nfs-rdma NFS: NFSoRDMA Client Side Changes New Features: - Support for SG_GAP devices Bugfixes and cleanups: - Cap size of callback buffer resources - Improve send queue and RPC metric accounting - Fix coverity warning - Avoid calls to ro_unmap_safe() - Refactor FRMR invalidation - Error message improvements commit 1cded9d2974fe4fe339fc0ccd6638b80d465ab2c Author: NeilBrown Date: Mon Dec 5 15:10:11 2016 +1100 SUNRPC: fix refcounting problems with auth_gss messages. There are two problems with refcounting of auth_gss messages. First, the reference on the pipe->pipe list (taken by a call to rpc_queue_upcall()) is not counted. It seems to be assumed that a message in pipe->pipe will always also be in pipe->in_downcall, where it is correctly reference counted. However there is no guaranty of this. I have a report of a NULL dereferences in rpc_pipe_read() which suggests a msg that has been freed is still on the pipe->pipe list. One way I imagine this might happen is: - message is queued for uid=U and auth->service=S1 - rpc.gssd reads this message and starts processing. This removes the message from pipe->pipe - message is queued for uid=U and auth->service=S2 - rpc.gssd replies to the first message. gss_pipe_downcall() calls __gss_find_upcall(pipe, U, NULL) and it finds the *second* message, as new messages are placed at the head of ->in_downcall, and the service type is not checked. - This second message is removed from ->in_downcall and freed by gss_release_msg() (even though it is still on pipe->pipe) - rpc.gssd tries to read another message, and dereferences a pointer to this message that has just been freed. I fix this by incrementing the reference count before calling rpc_queue_upcall(), and decrementing it if that fails, or normally in gss_pipe_destroy_msg(). It seems strange that the reply doesn't target the message more precisely, but I don't know all the details. In any case, I think the reference counting irregularity became a measureable bug when the extra arg was added to __gss_find_upcall(), hence the Fixes: line below. The second problem is that if rpc_queue_upcall() fails, the new message is not freed. gss_alloc_msg() set the ->count to 1, gss_add_msg() increments this to 2, gss_unhash_msg() decrements to 1, then the pointer is discarded so the memory never gets freed. Fixes: 9130b8dbc6ac ("SUNRPC: allow for upcalls for same uid but different gss service") Cc: stable@vger.kernel.org Link: https://bugzilla.opensuse.org/show_bug.cgi?id=1011250 Signed-off-by: NeilBrown Signed-off-by: Trond Myklebust net/sunrpc/auth_gss/auth_gss.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) commit 578620f451f836389424833f1454eeeb2ffc9e9f Author: Dan Carpenter Date: Sat Dec 10 09:56:01 2016 -0500 ext4: return -ENOMEM instead of success We should set the error code if kzalloc() fails. Fixes: 67cf5b09a46f ("ext4: add the basic function for inline data support") Signed-off-by: Dan Carpenter Signed-off-by: Theodore Ts'o Cc: stable@vger.kernel.org fs/ext4/inline.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 7e6e1ef48fc02f3ac5d0edecbb0c6087cd758d58 Author: Darrick J. Wong Date: Sat Dec 10 09:55:01 2016 -0500 ext4: reject inodes with negative size Don't load an inode with a negative size; this causes integer overflow problems in the VFS. [ Added EXT4_ERROR_INODE() to mark file system as corrupted. -TYT] Fixes: a48380f769df (ext4: rename i_dir_acl to i_size_high) Signed-off-by: Darrick J. Wong Signed-off-by: Theodore Ts'o Cc: stable@kernel.org fs/ext4/inode.c | 6 ++++++ 1 file changed, 6 insertions(+) commit 190cc65e912de7e8f7ebddcecfbf55a610281a8c Author: Arnd Bergmann Date: Fri Dec 9 12:44:40 2016 +0100 uio-hv-generic: store physical addresses instead of virtual gcc warns about the newly added driver when phys_addr_t is wider than a pointer: drivers/uio/uio_hv_generic.c: In function 'hv_uio_mmap': drivers/uio/uio_hv_generic.c:71:17: error: cast to pointer from integer of different size [-Werror=int-to-pointer-cast] virt_to_phys((void *)info->mem[mi].addr) >> PAGE_SHIFT, drivers/uio/uio_hv_generic.c: In function 'hv_uio_probe': drivers/uio/uio_hv_generic.c:140:5: error: cast from pointer to integer of different size [-Werror=pointer-to-int-cast] = (phys_addr_t)dev->channel->ringbuffer_pages; drivers/uio/uio_hv_generic.c:147:3: error: cast from pointer to integer of different size [-Werror=pointer-to-int-cast] (phys_addr_t)vmbus_connection.int_page; drivers/uio/uio_hv_generic.c:153:3: error: cast from pointer to integer of different size [-Werror=pointer-to-int-cast] (phys_addr_t)vmbus_connection.monitor_pages[1]; I can't see why we store a virtual address in a phys_addr_t here, as the only user of that variable converts it into a physical address anyway, so this moves the conversion to where it logically fits according to the types. Fixes: 95096f2fbd10 ("uio-hv-generic: new userspace i/o driver for VMBus") Signed-off-by: Arnd Bergmann Acked-by: Stephen Hemminger Signed-off-by: Greg Kroah-Hartman drivers/uio/uio_hv_generic.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 64bd708ae0edced5eee764c2321b280bc1e16550 Author: Guenter Roeck Date: Sat Dec 3 11:10:34 2016 -0800 hwmon: (adt7470) Fix overflows seen when writing into limit attributes Fix overflows seen when writing large values into various temperature limit attributes. The input value passed to DIV_ROUND_CLOSEST() needs to be clamped to avoid such overflows. Reviewed-by: Jean Delvare Signed-off-by: Guenter Roeck drivers/hwmon/adt7470.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit b94793b4da1011f24321e2ecc5e173a7198358a5 Author: Guenter Roeck Date: Sat Dec 3 11:09:55 2016 -0800 hwmon: (adt7462) Fix overflows seen when writing into limit attributes Fix overflows seen when writing large values into temperature limit, voltage limit, and pwm hysteresis attributes. The input parameter to DIV_ROUND_CLOSEST() needs to be clamped to avoid such overflows. Reviewed-by: Jean Delvare Signed-off-by: Guenter Roeck drivers/hwmon/adt7462.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) commit f1b9baa99bd98f83e8601e5cfd3bd28027a6f5a8 Author: Guenter Roeck Date: Sat Dec 3 11:08:07 2016 -0800 hwmon: (adm1026) Fix overflows seen when writing into limit attributes Fix overflows seen when writing large values into voltage limit, temperature limit, temperature offset, and DAC attributes. Overflows are seen due to unbound multiplications and additions. While at it, change the low temperature limit to -128 degrees C, since this is the minimum temperature accepted by the chip. Reviewed-by: Jean Delvare Signed-off-by: Guenter Roeck drivers/hwmon/adm1026.c | 26 +++++++++++++++++--------- 1 file changed, 17 insertions(+), 9 deletions(-) commit 7cb53e28b03006fa655632fe07b27a862f3f5cb5 Author: Guenter Roeck Date: Sat Dec 3 11:07:14 2016 -0800 hwmon: (adm1025) Fix overflows seen when writing voltage limits Writes into voltage limit attributes can overflow due to an unbound multiplication. Reviewed-by: Jean Delvare Signed-off-by: Guenter Roeck drivers/hwmon/adm1025.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit df60d7013c36f86f7653af387915019d7da49613 Author: Sebastian Andrzej Siewior Date: Fri Nov 18 16:09:50 2016 +0100 hwmon: (via-cputemp) Convert to hotplug state machine Install the callbacks via the state machine and let the core invoke the callbacks on the already online CPUs. When the hotplug state is unregistered the cleanup function is called for each cpu. So both cpu loops in init() and exit() are not longer required. Cc: Jean Delvare Cc: Guenter Roeck Cc: linux-hwmon@vger.kernel.org Signed-off-by: Sebastian Andrzej Siewior Signed-off-by: Guenter Roeck drivers/hwmon/via-cputemp.c | 63 ++++++++++++--------------------------------- 1 file changed, 17 insertions(+), 46 deletions(-) commit 8017c0f2989f077a665bbf7881a1154ecd8334e7 Author: John Muir Date: Thu Dec 1 18:32:42 2016 -0800 devicetree: hwmon: Add documentation for TMP108 driver. Simple hwmon binding documentation. Signed-off-by: John Muir Signed-off-by: Guenter Roeck Documentation/devicetree/bindings/hwmon/tmp108.txt | 14 ++++++++++++++ 1 file changed, 14 insertions(+) commit 66e1c91713396734f8cf778a2fc5212876c04bc0 Author: John Muir Date: Thu Dec 1 18:32:41 2016 -0800 hwmon: Add Texas Instruments TMP108 temperature sensor driver. Add support for the TI TMP108 temperature sensor with some device configuration parameters. Signed-off-by: John Muir [groeck: Initialize of_match_table] Signed-off-by: Guenter Roeck Documentation/hwmon/tmp108 | 36 ++++ drivers/hwmon/Kconfig | 11 ++ drivers/hwmon/Makefile | 1 + drivers/hwmon/tmp108.c | 469 +++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 517 insertions(+) commit 3a412d5e4a1c831723d0aaf305f1cf9a78ad9c90 Author: Guenter Roeck Date: Sun Oct 16 10:52:04 2016 -0700 hwmon: (core) Simplify sysfs attribute name allocation Allocating the sysfs attribute name only if needed and only with the required minimum length looks optimal, but does not take the additional overhead for both devm_ data structures and the allocation header itself into account. This also results in unnecessary memory fragmentation. Move the sysfs name string into struct hwmon_device_attribute and give it a sufficient length to reduce this overhead. Signed-off-by: Guenter Roeck drivers/hwmon/hwmon.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) commit 848ba0a2f20dc121a3ef5272a24641d2bd963d8b Author: Guenter Roeck Date: Sun Oct 16 17:20:43 2016 -0700 hwmon: (core) Rename groups parameter in API to extra_groups The 'groups' parameter of hwmon_device_register_with_info() and devm_hwmon_device_register_with_info() is only necessary if extra non-standard attributes need to be provided. Rename the parameter to extra_groups and clarify the documentation. Signed-off-by: Guenter Roeck Documentation/hwmon/hwmon-kernel-api.txt | 22 +++++++++++----------- drivers/hwmon/hwmon.c | 8 ++++---- include/linux/hwmon.h | 8 ++++---- 3 files changed, 19 insertions(+), 19 deletions(-) commit b2a4cc3a060da0de17ab1e854cef89f5e74e2064 Author: Guenter Roeck Date: Sun Oct 16 17:11:52 2016 -0700 hwmon: (core) Explain why at least two attribute groups are allocated A list of sysfs attribute groups is NULL-terminated, so we always need to allocate data for at least two groups (the dynamically generated group plus the NULL pointer). Add a comment to explain the situation. Signed-off-by: Guenter Roeck drivers/hwmon/hwmon.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 239552f495b91fc8f3fba4b5094233e053d265cb Author: Guenter Roeck Date: Sun Oct 16 17:06:20 2016 -0700 hwmon: (core) Make is_visible callback truly mandatory The is_visible callback provides the sysfs attribute mode and is thus truly mandatory as documented. Check it once at registration and remove other checks for its existence. Signed-off-by: Guenter Roeck drivers/hwmon/hwmon.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit af1bd36c06b5fad33baa7ee16820226efbd96cd9 Author: Guenter Roeck Date: Sun Oct 16 11:31:08 2016 -0700 hwmon: (core) Deprecate hwmon_device_register() Inform the user that hwmon_device_register() is deprecated, and suggest conversion to the newest API. Also remove hwmon_device_register() from the kernel API documentation. Note that hwmon_device_register() is not marked as __deprecated() since doing so might result in build errors. Signed-off-by: Guenter Roeck Documentation/hwmon/hwmon-kernel-api.txt | 34 +++++++++++++------------------- drivers/hwmon/hwmon.c | 3 +++ include/linux/hwmon.h | 2 ++ 3 files changed, 19 insertions(+), 20 deletions(-) commit f4d325d5ed099c3ca9b2c23a53dc64e871a659c8 Author: Guenter Roeck Date: Sun Oct 16 10:38:52 2016 -0700 hwmon: (core) Clarify use of chip attributes Describing chip attributes as "attributes which apply to the entire chip" is confusing. Rephrase to "attributes which are not bound to a specific input or output". Also rename hwmon_chip_attr_templates[] to hwmon_chip_attrs[] to indicate that the respective strings strings are not templates but actual attribute names. Signed-off-by: Guenter Roeck Documentation/hwmon/hwmon-kernel-api.txt | 2 +- drivers/hwmon/hwmon.c | 10 +++++++--- 2 files changed, 8 insertions(+), 4 deletions(-) commit e159ab5cb1afb519601a961405933c61cdd5a56a Author: Guenter Roeck Date: Sun Aug 7 20:51:25 2016 -0700 hwmon: (core) Add support for string attributes to new API The new API is so far only suited for data attributes and does not work well for string attributes, specifically for the 'label' attributes. Provide a separate callback function for those. Signed-off-by: Guenter Roeck drivers/hwmon/hwmon.c | 33 +++++++++++++++++++++++++++++++-- include/linux/hwmon.h | 19 +++++++++++++++++-- 2 files changed, 48 insertions(+), 4 deletions(-) commit f680b2845694a197e7bfc9f56b241f9a3f17296e Author: Guenter Roeck Date: Sun Nov 20 02:55:45 2016 -0800 hwmon: (core) Clarify when read and write callbacks are mandatory The callback descrption in hwmon.h was misleading and stated that read and write callbacks would be optional. More accurate is is that the callbacks are mandatory if readable / writeable attributes are present. Signed-off-by: Guenter Roeck include/linux/hwmon.h | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) commit a2a0c3c57a8c3c92d63ae7025829bc508e347aab Author: Tobias Klauser Date: Thu Nov 24 14:34:25 2016 +0100 hwmon: (lm90) Mention support for TI TMP451 in Kconfig description The lm90 driver also supports the Texas Instruments TMP451 sensor chip. Since the Kconfig description for the driver includes a list of all compatible chips, mention the TI TMP451 there as well. Signed-off-by: Tobias Klauser Signed-off-by: Guenter Roeck drivers/hwmon/Kconfig | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 712668460594294d74c13f2a023398a597fbe95f Author: Thomas Gleixner Date: Tue Nov 22 17:42:06 2016 +0000 hwmon: (coretemp) Simplify package management Keeping track of the per package platform devices requires an extra object, which is held in a linked list. The maximum number of packages is known at init() time. So the extra object and linked list management can be replaced by an array of platform device pointers in which the per package devices pointers can be stored. Lookup becomes a simple array lookup instead of a list walk. The mutex protecting the list can be removed as well because the array is only accessed from cpu hotplug callbacks which are already serialized. Signed-off-by: Thomas Gleixner Signed-off-by: Guenter Roeck drivers/hwmon/coretemp.c | 120 +++++++++++++++-------------------------------- 1 file changed, 38 insertions(+), 82 deletions(-) commit 2195c31b127def509c806fe8a9d3b4092a28ce31 Author: Thomas Gleixner Date: Tue Nov 22 17:42:05 2016 +0000 hwmon: (coretemp) Use proper error codes in cpu online callback The cpu online callback returns success unconditionally even when the device has no support, micro code mismatches or device allocation fails. Only if CPU_HOTPLUG is disabled, the init function checks whether the device list is empty and removes the driver. This does not make sense. If CPU HOTPLUG is enabled then there is no point to keep the driver around when it failed to initialize on the already online cpus. The chance that not yet online CPUs will provide a functional interface later is very close to zero. Add proper error return codes, so the setup of the cpu hotplug states fails when the device cannot be initialized and remove all the magic cruft. Signed-off-by: Thomas Gleixner Signed-off-by: Guenter Roeck drivers/hwmon/coretemp.c | 24 +++++------------------- 1 file changed, 5 insertions(+), 19 deletions(-) commit e00ca5df37adc68052ea699cbd010ee4e19e39e4 Author: Thomas Gleixner Date: Tue Nov 22 17:42:04 2016 +0000 hwmon: (coretemp) Convert to hotplug state machine Install the callbacks via the state machine. Setup and teardown are handled by the hotplug core. Signed-off-by: Sebastian Andrzej Siewior Cc: linux-hwmon@vger.kernel.org Cc: Fenghua Yu Cc: Jean Delvare Cc: rt@linuxtronix.de Cc: Guenter Roeck Link: http://lkml.kernel.org/r/20161117183541.8588-5-bigeasy@linutronix.de Signed-off-by: Guenter Roeck drivers/hwmon/coretemp.c | 86 ++++++++++++++++-------------------------------- 1 file changed, 29 insertions(+), 57 deletions(-) commit 4b138cf73f4548d256f26006a756bc0fe3ad786e Author: Thomas Gleixner Date: Tue Nov 22 17:42:03 2016 +0000 hwmon: (coretemp) Avoid redundant lookups No point in looking up the same thing over and over. Signed-off-by: Thomas Gleixner Signed-off-by: Guenter Roeck drivers/hwmon/coretemp.c | 19 ++++++------------- 1 file changed, 6 insertions(+), 13 deletions(-) commit e1b370b64031a01bb0c4158ce250073a88921fe1 Author: Thomas Gleixner Date: Tue Nov 22 17:42:02 2016 +0000 hwmon: (coretemp) Simplify sibling management The coretemp driver provides a sysfs interface per physical core. If hyperthreading is enabled and one of the siblings goes offline the sysfs interface is removed and then immeditately created again for the sibling. The only difference of them is the target cpu for the rdmsr_on_cpu() in the sysfs show functions. It's way simpler to keep a cpumask of cpus which are active in a package and only remove the interface when the last sibling goes offline. Otherwise just move the target cpu for the sysfs show functions to the still online sibling. Signed-off-by: Thomas Gleixner Signed-off-by: Guenter Roeck drivers/hwmon/coretemp.c | 93 +++++++++++++++++++----------------------------- 1 file changed, 37 insertions(+), 56 deletions(-) commit 723f573433b2900f1d4539b8eb0d24cd17a42c65 Author: Thomas Gleixner Date: Tue Nov 22 17:42:02 2016 +0000 hwmon: (coretemp) Fixup target cpu for package when cpu is offlined When a CPU is offlined nothing checks whether it is the target CPU for the package temperature sysfs interface. As a consequence all future readouts of the package temperature return crap: 90000 which is Tjmax of that package. Check whether the outgoing CPU is the target for the package and assign it to some other still online CPU in the package. Protect the change against the rdmsr_on_cpu() in show_crit_alarm(). Signed-off-by: Thomas Gleixner Signed-off-by: Guenter Roeck drivers/hwmon/coretemp.c | 31 ++++++++++++++++++++++++------- 1 file changed, 24 insertions(+), 7 deletions(-) commit 78305ae70cbad28acba65b69d3497cd301cf3479 Author: Guenter Roeck Date: Sun Nov 20 14:16:16 2016 -0800 hwmon: (smsc47m192) Fix overflows seen when writing into limit attributes Module test reports overflows when writing into temperature and voltage limit attributes temp1_min: Suspected overflow: [127000 vs. 0] temp1_max: Suspected overflow: [127000 vs. 0] temp1_offset: Suspected overflow: [127000 vs. 0] temp2_min: Suspected overflow: [127000 vs. 0] temp2_max: Suspected overflow: [127000 vs. 0] temp2_offset: Suspected overflow: [127000 vs. 0] temp3_min: Suspected overflow: [127000 vs. 0] temp3_max: Suspected overflow: [127000 vs. 0] temp3_offset: Suspected overflow: [127000 vs. 0] in0_min: Suspected overflow: [3320 vs. 0] in0_max: Suspected overflow: [3320 vs. 0] in4_min: Suspected overflow: [15938 vs. 0] in4_max: Suspected overflow: [15938 vs. 0] in6_min: Suspected overflow: [1992 vs. 0] in6_max: Suspected overflow: [1992 vs. 0] in7_min: Suspected overflow: [2391 vs. 0] in7_max: Suspected overflow: [2391 vs. 0] The problem is caused by conversions from unsigned long to long and from long to int. Reviewed-by: Jean Delvare Signed-off-by: Guenter Roeck drivers/hwmon/smsc47m192.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit baae856ebdeeaefbadd4a02cdb54b7c2277ff4dd Author: Madalin Bucur Date: Wed Dec 7 17:14:56 2016 +0200 powerpc/fsl/dts: add FMan node for t1042d4rdb Signed-off-by: Madalin Bucur Signed-off-by: Scott Wood arch/powerpc/boot/dts/fsl/t1042d4rdb.dts | 52 ++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) commit f93ace2b22e993bafca117a295a42a7774bff4a4 Author: Madalin Bucur Date: Wed Dec 7 17:14:55 2016 +0200 powerpc/fsl/dts: add sg_2500_aqr105_phy4 alias on t1024rdb The alias is used by the boot loader to perform a device tree fixup. Signed-off-by: Madalin Bucur Signed-off-by: Scott Wood arch/powerpc/boot/dts/fsl/t1024rdb.dts | 4 ++++ 1 file changed, 4 insertions(+) commit 138bde87876c10fedf8756f55a775246fe0d3f7e Author: Madalin Bucur Date: Wed Dec 7 17:14:54 2016 +0200 powerpc/fsl/dts: add QMan and BMan nodes on t1024 Signed-off-by: Madalin Bucur Signed-off-by: Scott Wood arch/powerpc/boot/dts/fsl/t1024qds.dts | 29 +++++++++++++++++++++++++++++ arch/powerpc/boot/dts/fsl/t1024rdb.dts | 29 +++++++++++++++++++++++++++++ 2 files changed, 58 insertions(+) commit 056f96577c83c38bc22a6b384a388112f130244d Author: Madalin Bucur Date: Wed Dec 7 17:14:53 2016 +0200 powerpc/fsl/dts: add QMan and BMan nodes on t1023 Signed-off-by: Madalin Bucur Signed-off-by: Scott Wood arch/powerpc/boot/dts/fsl/t1023rdb.dts | 29 ++++++++ arch/powerpc/boot/dts/fsl/t1023si-post.dtsi | 103 ++++++++++++++++++++++++++++ 2 files changed, 132 insertions(+) commit 39e7ac1bcf0fd1e2a607a35c30ebba4012a12d90 Author: Fabian Frederick Date: Sun Dec 4 13:44:59 2016 +0100 soc/fsl/qman: test: use DEFINE_SPINLOCK() Signed-off-by: Fabian Frederick Signed-off-by: Scott Wood drivers/soc/fsl/qbman/qman_test_stash.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit ec5a0171c78db604d8744095554d930efff67b69 Author: Fabian Frederick Date: Sun Dec 4 13:47:28 2016 +0100 powerpc/fsl-lbc: use DEFINE_SPINLOCK() Signed-off-by: Fabian Frederick Signed-off-by: Scott Wood arch/powerpc/sysdev/fsl_lbc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 4b91428699477532ab1255c2dd5819713e9e8985 Author: Christophe Leroy Date: Wed Dec 7 08:47:28 2016 +0100 powerpc/8xx: Implement support of hugepages 8xx uses a two level page table with two different linux page size support (4k and 16k). 8xx also support two different hugepage sizes 512k and 8M. In order to support them on linux we define two different page table layout. The size of pages is in the PGD entry, using PS field (bits 28-29): 00 : Small pages (4k or 16k) 01 : 512k pages 10 : reserved 11 : 8M pages For 512K hugepage size a pgd entry have the below format [0101] . The hugepte table allocated will contain 8 entries pointing to 512K huge pte in 4k pages mode and 64 entries in 16k pages mode. For 8M in 16k mode, a pgd entry have the below format [1101] . The hugepte table allocated will contain 8 entries pointing to 8M huge pte. For 8M in 4k mode, multiple pgd entries point to the same hugepte address and pgd entry will have the below format [1101]. The hugepte table allocated will only have one entry. For the time being, we do not support CPU15 ERRATA when HUGETLB is selected Signed-off-by: Christophe Leroy Reviewed-by: Aneesh Kumar K.V (v3, for the generic bits) Signed-off-by: Scott Wood arch/powerpc/include/asm/hugetlb.h | 19 ++++- arch/powerpc/include/asm/mmu-8xx.h | 35 ++++++++ arch/powerpc/include/asm/mmu.h | 23 +++--- arch/powerpc/include/asm/nohash/32/pte-8xx.h | 1 + arch/powerpc/include/asm/nohash/pgtable.h | 4 + arch/powerpc/include/asm/reg_8xx.h | 2 +- arch/powerpc/kernel/head_8xx.S | 119 +++++++++++++++++++++++++-- arch/powerpc/mm/hugetlbpage.c | 29 ++++--- arch/powerpc/mm/tlb_nohash.c | 21 ++++- arch/powerpc/platforms/8xx/Kconfig | 1 + arch/powerpc/platforms/Kconfig.cputype | 1 + 11 files changed, 225 insertions(+), 30 deletions(-) commit 03bb2d65900c87a6cc860310b4d598c68fb83393 Author: Christophe Leroy Date: Wed Dec 7 08:47:26 2016 +0100 powerpc: get hugetlbpage handling more generic Today there are two implementations of hugetlbpages which are managed by exclusive #ifdefs: * FSL_BOOKE: several directory entries points to the same single hugepage * BOOK3S: one upper level directory entry points to a table of hugepages In preparation of implementation of hugepage support on the 8xx, we need a mix of the two above solutions, because the 8xx needs both cases depending on the size of pages: * In 4k page size mode, each PGD entry covers a 4M bytes area. It means that 2 PGD entries will be necessary to cover an 8M hugepage while a single PGD entry will cover 8x 512k hugepages. * In 16 page size mode, each PGD entry covers a 64M bytes area. It means that 8x 8M hugepages will be covered by one PGD entry and 64x 512k hugepages will be covers by one PGD entry. This patch: * removes #ifdefs in favor of if/else based on the range sizes * merges the two huge_pte_alloc() functions as they are pretty similar * merges the two hugetlbpage_init() functions as they are pretty similar Signed-off-by: Christophe Leroy Reviewed-by: Aneesh Kumar K.V (v3) Signed-off-by: Scott Wood arch/powerpc/mm/hugetlbpage.c | 195 ++++++++++++++++++------------------------ 1 file changed, 81 insertions(+), 114 deletions(-) commit 9b081e10805cd8e356f30ded1cb2008d67af26c9 Author: Christophe Leroy Date: Wed Dec 7 08:47:24 2016 +0100 powerpc: port 64 bits pgtable_cache to 32 bits Today powerpc64 uses a set of pgtable_caches while powerpc32 uses standard pages when using 4k pages and a single pgtable_cache if using other size pages. In preparation of implementing huge pages on the 8xx, this patch replaces the specific powerpc32 handling by the 64 bits approach. This is done by: * moving 64 bits pgtable_cache_add() and pgtable_cache_init() in a new file called init-common.c * modifying pgtable_cache_init() to also handle the case without PMD * removing the 32 bits version of pgtable_cache_add() and pgtable_cache_init() * copying related header contents from 64 bits into both the book3s/32 and nohash/32 header files On the 8xx, the following cache sizes will be used: * 4k pages mode: - PGT_CACHE(10) for PGD - PGT_CACHE(3) for 512k hugepage tables * 16k pages mode: - PGT_CACHE(6) for PGD - PGT_CACHE(7) for 512k hugepage tables - PGT_CACHE(3) for 8M hugepage tables Signed-off-by: Christophe Leroy Reviewed-by: Aneesh Kumar K.V Signed-off-by: Scott Wood arch/powerpc/include/asm/book3s/32/pgalloc.h | 44 +++++++++-- arch/powerpc/include/asm/book3s/32/pgtable.h | 40 +++++----- arch/powerpc/include/asm/book3s/64/pgtable.h | 3 - arch/powerpc/include/asm/nohash/32/pgalloc.h | 44 +++++++++-- arch/powerpc/include/asm/nohash/32/pgtable.h | 42 +++++------ arch/powerpc/include/asm/nohash/64/pgtable.h | 2 - arch/powerpc/include/asm/pgtable.h | 2 + arch/powerpc/mm/Makefile | 3 +- arch/powerpc/mm/init-common.c | 107 +++++++++++++++++++++++++++ arch/powerpc/mm/init_64.c | 77 ------------------- arch/powerpc/mm/pgtable_32.c | 37 --------- 11 files changed, 227 insertions(+), 174 deletions(-) commit dff25ddb48086afcb434770caa3d6849a4489b85 Author: Andreas Gruenbacher Date: Fri Dec 2 22:53:30 2016 -0500 nfs: add support for the umask attribute Clients can set the umask attribute when creating files to cause the server to apply it always except when inheriting permissions from the parent directory. That way, the new files will end up with the same permissions as files created locally. See https://tools.ietf.org/html/draft-ietf-nfsv4-umask-02 for more details. Signed-off-by: Andreas Gruenbacher Signed-off-by: J. Bruce Fields Signed-off-by: Trond Myklebust fs/nfs/dir.c | 7 ++++++- fs/nfs/nfs4proc.c | 16 ++++++++++++---- fs/nfs/nfs4xdr.c | 36 ++++++++++++++++++++++++------------ include/linux/nfs4.h | 1 + include/linux/nfs_xdr.h | 2 ++ 5 files changed, 45 insertions(+), 17 deletions(-) commit 3174fed9820edc95cff74ad0934c3240c7fb5115 Author: Eric Dumazet Date: Fri Dec 9 08:02:05 2016 -0800 net: skb_condense() can also deal with empty skbs It seems attackers can also send UDP packets with no payload at all. skb_condense() can still be a win in this case. It will be possible to replace the custom code in tcp_add_backlog() to get full benefit from skb_condense() Signed-off-by: Eric Dumazet Signed-off-by: David S. Miller net/core/skbuff.c | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) commit 5ac9efbe1c825d624eb557e633683c07ee03465b Merge: 524a64c e6f462d Author: David S. Miller Date: Fri Dec 9 22:59:05 2016 -0500 Merge tag 'mac80211-next-for-davem-2016-12-09' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211-next Johannes Berg says: ==================== Three fixes: * fix a logic bug introduced by a previous cleanup * fix nl80211 attribute confusing (trying to use a single attribute for two purposes) * fix a long-standing BSS leak that happens when an association attempt is abandoned ==================== Signed-off-by: David S. Miller commit c0cf3ef5e0f47e385920450b245d22bead93e7ad Author: Al Viro Date: Mon Sep 5 21:42:32 2016 -0400 nfs_write_end(): fix handling of short copies What matters when deciding if we should make a page uptodate is not how much we _wanted_ to copy, but how much we actually have copied. As it is, on architectures that do not zero tail on short copy we can leave uninitialized data in page marked uptodate. Cc: stable@vger.kernel.org Signed-off-by: Al Viro fs/nfs/file.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 524a64c7268f8c8c7f22ab37ef0e72529de727c9 Merge: d96dac1 02ab0d1 Author: David S. Miller Date: Fri Dec 9 22:12:30 2016 -0500 Merge branch 'udp-receive-path-optimizations' Eric Dumazet says: ==================== udp: receive path optimizations This patch series provides about 100 % performance increase under flood. v2: added Paolo feedback on udp_rmem_release() for tiny sk_rcvbuf added the last patch touching sk_rmem_alloc later ==================== Signed-off-by: David S. Miller commit 02ab0d139cff1efc5aa1fb4378c727668334fe97 Author: Eric Dumazet Date: Thu Dec 8 11:41:57 2016 -0800 udp: udp_rmem_release() should touch sk_rmem_alloc later In flood situations, keeping sk_rmem_alloc at a high value prevents producers from touching the socket. It makes sense to lower sk_rmem_alloc only at the end of udp_rmem_release() after the thread draining receive queue in udp_recvmsg() finished the writes to sk_forward_alloc. Signed-off-by: Eric Dumazet Signed-off-by: David S. Miller net/ipv4/udp.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 6b229cf77d683f634f0edd876c6d1015402303ad Author: Eric Dumazet Date: Thu Dec 8 11:41:56 2016 -0800 udp: add batching to udp_rmem_release() If udp_recvmsg() constantly releases sk_rmem_alloc for every read packet, it gives opportunity for producers to immediately grab spinlocks and desperatly try adding another packet, causing false sharing. We can add a simple heuristic to give the signal by batches of ~25 % of the queue capacity. This patch considerably increases performance under flood by about 50 %, since the thread draining the queue is no longer slowed by false sharing. Signed-off-by: Eric Dumazet Signed-off-by: David S. Miller include/linux/udp.h | 3 +++ net/ipv4/udp.c | 12 ++++++++++++ 2 files changed, 15 insertions(+) commit c84d949057cab262b4d3110ead9a42a58c2958f7 Author: Eric Dumazet Date: Thu Dec 8 11:41:55 2016 -0800 udp: copy skb->truesize in the first cache line In UDP RX handler, we currently clear skb->dev before skb is added to receive queue, because device pointer is no longer available once we exit from RCU section. Since this first cache line is always hot, lets reuse this space to store skb->truesize and thus avoid a cache line miss at udp_recvmsg()/udp_skb_destructor time while receive queue spinlock is held. Signed-off-by: Eric Dumazet Signed-off-by: David S. Miller include/linux/skbuff.h | 9 ++++++++- net/ipv4/udp.c | 13 ++++++++++--- 2 files changed, 18 insertions(+), 4 deletions(-) commit 4b272750dbe6f92a8d39a0ee1c7bd50d6cc1a2c8 Author: Eric Dumazet Date: Thu Dec 8 11:41:54 2016 -0800 udp: add busylocks in RX path Idea of busylocks is to let producers grab an extra spinlock to relieve pressure on the receive_queue spinlock shared by consumer. This behavior is requested only once socket receive queue is above half occupancy. Under flood, this means that only one producer can be in line trying to acquire the receive_queue spinlock. These busylock can be allocated on a per cpu manner, instead of a per socket one (that would consume a cache line per socket) This patch considerably improves UDP behavior under stress, depending on number of NIC RX queues and/or RPS spread. Signed-off-by: Eric Dumazet Signed-off-by: David S. Miller net/ipv4/udp.c | 43 ++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 42 insertions(+), 1 deletion(-) commit d96dac145492ff54e32967dc486e2a90e51664ea Merge: f006b2c a51f40472 Author: David S. Miller Date: Fri Dec 9 22:11:15 2016 -0500 Merge branch 'qcom-emac' Timur Tabi says: ==================== net: qcom/emac: simplify support for different SOCs On SOCs that have the Qualcomm EMAC network controller, the internal PHY block is always different. Sometimes the differences are small, sometimes it might be a completely different IP. Either way, using version numbers to differentiate them and putting all of the init code in one file does not scale. This patchset does two things: The first breaks up the current code into different files, and the second patch adds support for a third SOC, the Qualcomm Technologies QDF2400 ARM Server SOC. ==================== Signed-off-by: David S. Miller commit a51f4047232aeb4aee85268b351c7a84b83b36c5 Author: Timur Tabi Date: Thu Dec 8 13:24:21 2016 -0600 net: qcom/emac: add support for the Qualcomm Technologies QDF2400 The QDF2432 and the QDF2400 have slightly different internal PHYs, so there are some programming differences. Some of the registers in the QDF2400 have moved, and some registers require different values during initialization. Because of the differences, and because HIDs are a scare resource, the ACPI tables specify the hardware version in an _HRV property. Version 1 is the QDF2432, and version 2 is the QDF2400. Any future SOC that has the same internal PHY but different programming requirements will be assigned the next available version number. Signed-off-by: Timur Tabi Signed-off-by: David S. Miller drivers/net/ethernet/qualcomm/emac/Makefile | 3 +- .../ethernet/qualcomm/emac/emac-sgmii-qdf2400.c | 217 +++++++++++++++++++++ drivers/net/ethernet/qualcomm/emac/emac-sgmii.c | 33 +++- drivers/net/ethernet/qualcomm/emac/emac-sgmii.h | 1 + 4 files changed, 249 insertions(+), 5 deletions(-) commit 1e88ab6fbbaacbd79dd14ab9ceec7a595611248d Author: Timur Tabi Date: Thu Dec 8 13:24:20 2016 -0600 net: qcom/emac: move phy init code to separate files The internal PHY of the EMAC differs on each SOC, and the list will only continue to grow. By separating the code into individual files, we can add support for more SOCs more cleanly. Note: The internal PHY is also sometimes called the SGMII device. We also stop referring to the various PHY variations by version number, so no more "v2", "v3", etc. Instead, the devices are named after the SOC they are, which is in sync with the device tree property names. Future patches will probably rearrange more code among the files. Signed-off-by: Timur Tabi Signed-off-by: David S. Miller drivers/net/ethernet/qualcomm/emac/Makefile | 3 +- .../ethernet/qualcomm/emac/emac-sgmii-fsm9900.c | 245 ++++++++++ .../ethernet/qualcomm/emac/emac-sgmii-qdf2432.c | 210 ++++++++ drivers/net/ethernet/qualcomm/emac/emac-sgmii.c | 538 +-------------------- drivers/net/ethernet/qualcomm/emac/emac-sgmii.h | 5 +- 5 files changed, 478 insertions(+), 523 deletions(-) commit d9152114f7c9abb096275b72db8527c004d57bf9 Author: Trond Myklebust Date: Fri Dec 9 18:07:51 2016 -0500 pNFS/flexfiles: Ensure we have enough buffer for layoutreturn The flexfiles client can piggyback both layout errors and layoutstats as part of the layoutreturn. Both these payloads can get large, with 20 layout error entries taking up about 1.2K, and 4 layoutstats entries taking up another 1K. This patch allows a maximum payload of 4k by allocating a full page. Signed-off-by: Trond Myklebust fs/nfs/flexfilelayout/flexfilelayout.c | 32 ++++++++++++++++++++++++++------ fs/nfs/flexfilelayout/flexfilelayout.h | 1 + 2 files changed, 27 insertions(+), 6 deletions(-) commit 5ba6a09e92342e40b63af1654da8b8bc8b5a83c6 Author: Trond Myklebust Date: Fri Dec 9 18:24:18 2016 -0500 pNFS/flexfiles: Remove a redundant parameter in ff_layout_encode_ioerr() Signed-off-by: Trond Myklebust fs/nfs/flexfilelayout/flexfilelayout.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) commit 876bec6f9bbfcb394916d17e35226b086c04dc45 Author: Darrick J. Wong Date: Fri Dec 9 16:18:30 2016 -0800 vfs: refactor clone/dedupe_file_range common functions Hoist both the XFS reflink inode state and preparation code and the XFS file blocks compare functions into the VFS so that ocfs2 can take advantage of it for reflink and dedupe. Signed-off-by: Darrick J. Wong fs/read_write.c | 204 ++++++++++++++++++++++++++++++++++++++++++++++++ fs/xfs/xfs_reflink.c | 213 +++------------------------------------------------ include/linux/fs.h | 6 ++ 3 files changed, 219 insertions(+), 204 deletions(-) commit a76b5b04375f974579c83433b06466758c0c552c Author: Christoph Hellwig Date: Fri Dec 9 16:17:19 2016 -0800 fs: try to clone files first in vfs_copy_file_range A clone is a perfectly fine implementation of a file copy, so most file systems just implement the copy that way. Instead of duplicating this logic move it to the VFS. Currently btrfs and XFS implement copies the same way as clones and there is no behavior change for them, cifs only implements clones and grow support for copy_file_range with this patch. NFS implements both, so this will allow copy_file_range to work on servers that only implement CLONE and be lot more efficient on servers that implements CLONE and COPY. Signed-off-by: Christoph Hellwig fs/btrfs/ctree.h | 3 --- fs/btrfs/file.c | 1 - fs/btrfs/ioctl.c | 12 ------------ fs/read_write.c | 27 ++++++++++++++++++++++----- fs/xfs/xfs_file.c | 19 ------------------- 5 files changed, 22 insertions(+), 40 deletions(-) commit e2a32b6bb59c3274f466559b897d0d6acded507d Author: Arnd Bergmann Date: Fri Dec 9 12:47:02 2016 +0100 remoteproc: qcom_adsp_pil: select qcom_scm The adsp-pil driver relies on SCM and causes a build error without it: ERROR: "qcom_scm_pas_supported" [drivers/remoteproc/qcom_adsp_pil.ko] undefined! ERROR: "qcom_scm_is_available" [drivers/remoteproc/qcom_adsp_pil.ko] undefined! ERROR: "qcom_scm_pas_auth_and_reset" [drivers/remoteproc/qcom_adsp_pil.ko] undefined! ERROR: "qcom_scm_pas_shutdown" [drivers/remoteproc/qcom_adsp_pil.ko] undefined! ERROR: "qcom_scm_pas_mem_setup" [drivers/remoteproc/qcom_adsp_pil.ko] undefined! ERROR: "qcom_scm_pas_init_image" [drivers/remoteproc/qcom_adsp_pil.ko] undefined! This adds a 'select', as SCM is a silent Kconfig symbol that gets enabled implicitly by all its users. Fixes: b9e718e950c3 ("remoteproc: Introduce Qualcomm ADSP PIL") Signed-off-by: Arnd Bergmann Signed-off-by: Bjorn Andersson drivers/remoteproc/Kconfig | 1 + 1 file changed, 1 insertion(+) commit 2bfc311a57f5694106fdd0db7ca1eb6a4b35f2a9 Author: Bjorn Andersson Date: Tue Dec 6 17:04:45 2016 -0800 remoteproc: Drop wait in __rproc_boot() In the event that rproc_boot() is called before the firmware loaded completion has been flagged it will wait with the mutex held, obstructing the request_firmware_nowait() callback from completing the wait. As rproc_fw_config_virtio() has been reduced to only triggering auto-boot there is no longer a reason for waiting in rproc_boot(), so drop this. Cc: Sarangdhar Joshi Signed-off-by: Bjorn Andersson drivers/remoteproc/remoteproc_core.c | 22 +++------------------- 1 file changed, 3 insertions(+), 19 deletions(-) commit 394c62000acb0b47b105d1b52e7d8f827c3293e3 Author: Jean Delvare Date: Mon Dec 5 14:10:21 2016 +0100 remoteproc/ste: Delete unused driver Back in July 2014 I asked around what was the intended target platform for the STE Modem remoteproc driver, so that I could add the proper hardware dependency to its config option. The answer I got was that there was no known publicly available hardware needing it and it was unlikely that there ever would. So I think it's time to delete this driver to lower the maintenance burden. Signed-off-by: Jean Delvare Cc: Linus Walleij Cc: Ohad Ben-Cohen Cc: Bjorn Andersson Cc: Suman Anna Acked-by: Linus Walleij Acked-by: Loic Pallardy Signed-off-by: Bjorn Andersson drivers/remoteproc/Kconfig | 10 - drivers/remoteproc/Makefile | 1 - drivers/remoteproc/ste_modem_rproc.c | 342 ----------------------------------- 3 files changed, 353 deletions(-) commit a4ff18e9ed1ddde1f0bcc26bd05730b50b227f48 Author: Bjorn Andersson Date: Fri Dec 2 20:43:50 2016 -0800 remoteproc: Remove "experimental" warning Warning users that remoteproc and it's binary format are under development doesn't serve much of a purpose. Different drivers support different image formats and the resource table has a version field that would need to be bumped when incompatible changes are introduced. So lets drop this warning to clean up the kernel log. Signed-off-by: Bjorn Andersson drivers/remoteproc/remoteproc_core.c | 3 --- 1 file changed, 3 deletions(-) commit c167df443b4a8d97d25a8e69bd9f490a1e3fe646 Author: Daniel Vetter Date: Thu Dec 8 12:07:39 2016 +0100 drm/vc4: Don't use drm_put_dev vc4 already has a proper load sequence, but the unload one needed some fixups: First unregister, and last drop the final ref. Signed-off-by: Daniel Vetter Signed-off-by: Eric Anholt drivers/gpu/drm/vc4/vc4_drv.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 6e89a3ce7c5806fdf07aa64c0d32620592e83d38 Author: Boris Brezillon Date: Fri Dec 2 14:48:11 2016 +0100 drm/vc4: Document VEC DT binding Document the DT binding for the VEC (Video EnCoder) IP. Signed-off-by: Boris Brezillon Signed-off-by: Eric Anholt Acked-by: Rob Herring Documentation/devicetree/bindings/display/brcm,bcm-vc4.txt | 14 ++++++++++++++ 1 file changed, 14 insertions(+) commit e4b81f8c74c82dbc0cb0e5ceb5ef9b713b325fc9 Author: Boris Brezillon Date: Fri Dec 2 14:48:10 2016 +0100 drm/vc4: Add support for the VEC (Video Encoder) IP The VEC IP is a TV DAC, providing support for PAL and NTSC standards. Signed-off-by: Boris Brezillon Signed-off-by: Eric Anholt drivers/gpu/drm/vc4/Makefile | 1 + drivers/gpu/drm/vc4/vc4_debugfs.c | 1 + drivers/gpu/drm/vc4/vc4_drv.c | 1 + drivers/gpu/drm/vc4/vc4_drv.h | 5 + drivers/gpu/drm/vc4/vc4_vec.c | 657 ++++++++++++++++++++++++++++++++++++++ 5 files changed, 665 insertions(+) commit 299a16b163c95fbe1e3b1e142ba9c6ce9dab2c23 Author: Boris Brezillon Date: Fri Dec 2 14:48:09 2016 +0100 drm: Add TV connector states to drm_connector_state Some generic TV connector properties are exposed in drm_mode_config, but they are currently handled independently in each DRM encoder driver. Extend the drm_connector_state to store TV related states, and modify the drm_atomic_connector_{set,get}_property() helpers to fill the connector state accordingly. Each driver is then responsible for checking and applying the new config in its ->atomic_mode_{check,set}() operations. Signed-off-by: Boris Brezillon Reviewed-by: Daniel Vetter Signed-off-by: Eric Anholt drivers/gpu/drm/drm_atomic.c | 50 ++++++++++++++++++++++++++++++++++++++++++++ include/drm/drm_connector.h | 32 ++++++++++++++++++++++++++++ 2 files changed, 82 insertions(+) commit dee7a4fee730ca8908f335b6b66174cba4598ecd Author: Boris Brezillon Date: Fri Dec 2 14:48:08 2016 +0100 drm: Turn DRM_MODE_SUBCONNECTOR_xx definitions into an enum List of values like the DRM_MODE_SUBCONNECTOR_xx ones are better represented with enums. Turn the DRM_MODE_SUBCONNECTOR_xx macros into an enum. Signed-off-by: Boris Brezillon Suggested-by: Daniel Vetter Reviewed-by: Daniel Vetter Signed-off-by: Eric Anholt include/uapi/drm/drm_mode.h | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) commit ab8df60e3a3b68420d0d4477c5f07c00fbfb078b Author: Boris Brezillon Date: Fri Dec 2 14:48:07 2016 +0100 drm/vc4: Fix ->clock_select setting for the VEC encoder PV_CONTROL_CLK_SELECT_VEC is actually 2 and not 0. Fix the definition and rework the vc4_set_crtc_possible_masks() to cover the full range of the PV_CONTROL_CLK_SELECT field. Signed-off-by: Boris Brezillon Signed-off-by: Eric Anholt drivers/gpu/drm/vc4/vc4_crtc.c | 38 +++++++++++++++++++++++--------------- drivers/gpu/drm/vc4/vc4_drv.h | 1 + drivers/gpu/drm/vc4/vc4_regs.h | 3 ++- 3 files changed, 26 insertions(+), 16 deletions(-) commit 990e9dc381e6999a0eba8ebaf8747daaa8c58337 Author: Thomas Gleixner Date: Sat Dec 10 00:13:51 2016 +0100 x86/ldt: Make all size computations unsigned ldt->size can never be negative. The helper functions take 'unsigned int' arguments which are assigned from ldt->size. The related user space user_desc struct member entry_number is unsigned as well. But ldt->size itself and a few local variables which are related to ldt->size are type 'int' which makes no sense whatsoever and results in typecasts which make the eyes bleed. Clean it up and convert everything which is related to ldt->size to unsigned it. Signed-off-by: Thomas Gleixner Cc: Andy Lutomirski Cc: Dave Hansen Cc: Andrey Ryabinin Cc: Dan Carpenter arch/x86/events/core.c | 2 +- arch/x86/include/asm/mmu_context.h | 2 +- arch/x86/kernel/ldt.c | 10 +++++----- 3 files changed, 7 insertions(+), 7 deletions(-) commit 296dc5806de57dc84fce000d60fc201ba40f96e8 Author: Dan Carpenter Date: Thu Dec 8 13:56:03 2016 +0300 x86/ldt: Make a size argument unsigned My static checker complains that we put an upper bound on the "size" argument but not a lower bound. The checker is not smart enough to know the possible ranges of "old_mm->context.ldt->size" from init_new_context_ldt() so it thinks maybe it could be negative. Let's make it unsigned to silence the warning and future proof the code a bit. Signed-off-by: Dan Carpenter Acked-by: Andy Lutomirski Cc: Dave Hansen Cc: kernel-janitors@vger.kernel.org Cc: Andrey Ryabinin Cc: Andrew Morton Link: http://lkml.kernel.org/r/20161208105602.GA11382@elgon.mountain Signed-off-by: Thomas Gleixner arch/x86/kernel/ldt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 61eb3a04f9789c5e4f7498a2f171b82a567cea6b Author: Vladimir Zapolskiy Date: Mon Dec 5 02:10:25 2016 +0200 dt: pwm: bcm2835: fix typo in clocks property name According to the examples of BCM2835 PWM device nodes there is a typo in 'clocks' property name, which is a common property name on clock consumer side to store a phandle to an input clock. Signed-off-by: Vladimir Zapolskiy Signed-off-by: Rob Herring Documentation/devicetree/bindings/pwm/pwm-bcm2835.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 1a85ff590440a257aa985747bc4c8bc3f7569c8a Author: Nathan Sullivan Date: Fri Dec 2 09:31:48 2016 -0600 devicetree: add vendor prefix for National Instruments Signed-off-by: Nathan Sullivan Signed-off-by: Rob Herring Documentation/devicetree/bindings/vendor-prefixes.txt | 1 + 1 file changed, 1 insertion(+) commit 34bc3560c657d3d4fb17367ed9bfda803166dce0 Author: Thomas Gleixner Date: Fri Dec 9 19:29:12 2016 +0100 x86: Remove empty idle.h header One include less is always a good thing(tm). Good riddance. Signed-off-by: Thomas Gleixner Signed-off-by: Borislav Petkov Cc: Jiri Olsa Link: http://lkml.kernel.org/r/20161209182912.2726-6-bp@alien8.de Signed-off-by: Thomas Gleixner arch/x86/include/asm/apic.h | 1 - arch/x86/include/asm/idle.h | 6 ------ arch/x86/kernel/apic/apic.c | 1 - arch/x86/kernel/apic/io_apic.c | 1 - arch/x86/kernel/cpu/mcheck/mce_amd.c | 1 - arch/x86/kernel/cpu/mcheck/therm_throt.c | 1 - arch/x86/kernel/cpu/mcheck/threshold.c | 1 - arch/x86/kernel/cpu/mshyperv.c | 1 - arch/x86/kernel/irq.c | 1 - arch/x86/kernel/irq_64.c | 1 - arch/x86/kernel/kvm.c | 1 - arch/x86/kernel/process.c | 1 - arch/x86/kernel/process_32.c | 1 - arch/x86/kernel/process_64.c | 1 - arch/x86/kernel/smpboot.c | 1 - arch/x86/platform/uv/tlb_uv.c | 1 - drivers/thermal/intel_powerclamp.c | 1 - drivers/xen/events/events_base.c | 1 - 18 files changed, 23 deletions(-) commit 07c94a38125376d70d156bd8bff98ddfe4c8ea95 Author: Borislav Petkov Date: Fri Dec 9 19:29:11 2016 +0100 x86/amd: Simplify AMD E400 aware idle routine Reorganize the E400 detection now that we have everything in place: switch the CPUs to broadcast mode after the LAPIC has been initialized and remove the facilities that were used previously on the idle path. Unfortunately static_cpu_has_bug() cannpt be used in the E400 idle routine because alternatives have been applied when the actual detection happens, so the static switching does not take effect and the test will stay false. Use boot_cpu_has_bug() instead which is definitely an improvement over the RDMSR and the cpumask handling. Suggested-by: Thomas Gleixner Signed-off-by: Borislav Petkov Cc: Jiri Olsa Link: http://lkml.kernel.org/r/20161209182912.2726-5-bp@alien8.de Signed-off-by: Thomas Gleixner arch/x86/include/asm/acpi.h | 2 +- arch/x86/include/asm/processor.h | 3 +- arch/x86/kernel/apic/apic.c | 2 ++ arch/x86/kernel/cpu/common.c | 1 - arch/x86/kernel/process.c | 75 ++++++++++++++-------------------------- arch/x86/kernel/smpboot.c | 1 - drivers/acpi/processor_idle.c | 2 +- 7 files changed, 31 insertions(+), 55 deletions(-) commit e7ff3a47630d9512d0bcbdfa73660021087ba445 Author: Thomas Gleixner Date: Fri Dec 9 19:29:10 2016 +0100 x86/amd: Check for the C1E bug post ACPI subsystem init AMD CPUs affected by the E400 erratum suffer from the issue that the local APIC timer stops when the CPU goes into C1E. Unfortunately there is no way to detect the affected CPUs on early boot. It's only possible to determine the range of possibly affected CPUs from the family/model range. The actual decision whether to enter C1E and thus cause the bug is done by the firmware and we need to detect that case late, after ACPI has been initialized. The current solution is to check in the idle routine whether the CPU is affected by reading the MSR_K8_INT_PENDING_MSG MSR and checking for the K8_INTP_C1E_ACTIVE_MASK bits. If one of the bits is set then the CPU is affected and the system is switched into forced broadcast mode. This is ineffective and on non-affected CPUs every entry to idle does the extra RDMSR. After doing some research it turns out that the bits are visible on the boot CPU right after the ACPI subsystem is initialized in the early boot process. So instead of polling for the bits in the idle loop, add a detection function after acpi_subsystem_init() and check for the MSR bits. If set, then the X86_BUG_AMD_APIC_C1E is set on the boot CPU and the TSC is marked unstable when X86_FEATURE_NONSTOP_TSC is not set as it will stop in C1E state as well. The switch to broadcast mode cannot be done at this point because the boot CPU still uses HPET as a clockevent device and the local APIC timer is not yet calibrated and installed. The switch to broadcast mode on the affected CPUs needs to be done when the local APIC timer is actually set up. This allows to cleanup the amd_e400_idle() function in the next step. Signed-off-by: Thomas Gleixner Signed-off-by: Borislav Petkov Cc: Jiri Olsa Link: http://lkml.kernel.org/r/20161209182912.2726-4-bp@alien8.de Signed-off-by: Thomas Gleixner arch/x86/kernel/process.c | 23 +++++++++++++++++++++++ init/main.c | 3 +++ 2 files changed, 26 insertions(+) commit 3344ed30791af66dbbad5f375008f3d1863b6c99 Author: Thomas Gleixner Date: Fri Dec 9 19:29:09 2016 +0100 x86/bugs: Separate AMD E400 erratum and C1E bug The workaround for the AMD Erratum E400 (Local APIC timer stops in C1E state) is a two step process: - Selection of the E400 aware idle routine - Detection whether the platform is affected The idle routine selection happens for possibly affected CPUs depending on family/model/stepping information. These range of CPUs is not necessarily affected as the decision whether to enable the C1E feature is made by the firmware. Unfortunately there is no way to query this at early boot. The current implementation polls a MSR in the E400 aware idle routine to detect whether the CPU is affected. This is inefficient on non affected CPUs because every idle entry has to do the MSR read. There is a better way to detect this before going idle for the first time which requires to seperate the bug flags: X86_BUG_AMD_E400 - Selects the E400 aware idle routine and enables the detection X86_BUG_AMD_APIC_C1E - Set when the platform is affected by E400 Replace the current X86_BUG_AMD_APIC_C1E usage by the new X86_BUG_AMD_E400 bug bit to select the idle routine which currently does an unconditional detection poll. X86_BUG_AMD_APIC_C1E is going to be used in later patches to remove the MSR polling and simplify the handling of this misfeature. Signed-off-by: Thomas Gleixner Signed-off-by: Borislav Petkov Cc: Jiri Olsa Link: http://lkml.kernel.org/r/20161209182912.2726-3-bp@alien8.de Signed-off-by: Thomas Gleixner arch/x86/include/asm/cpufeatures.h | 2 ++ arch/x86/kernel/cpu/amd.c | 20 +++++++++++++------- arch/x86/kernel/process.c | 3 +-- 3 files changed, 16 insertions(+), 9 deletions(-) commit a588b9836447ac683a8f63949ad55265813826f5 Author: Borislav Petkov Date: Fri Dec 9 19:29:08 2016 +0100 x86/cpufeature: Provide helper to set bugs bits Will be used in a later patch to set bug bits for bugs which need late detection. Signed-off-by: Borislav Petkov Cc: Jiri Olsa Link: http://lkml.kernel.org/r/20161209182912.2726-2-bp@alien8.de Signed-off-by: Thomas Gleixner arch/x86/include/asm/cpufeature.h | 1 + 1 file changed, 1 insertion(+) commit 7cd54aa8438947602cf68eda1db327822b9b8e6b Author: Jens Axboe Date: Fri Dec 9 13:08:35 2016 -0700 blk-stat: fix a few cases of missing batch flushing Everytime we need to read ->nr_samples, we should have flushed the batch first. The non-mq read path also needs to flush the batch. Signed-off-by: Jens Axboe block/blk-stat.c | 8 ++++++++ 1 file changed, 8 insertions(+) commit 8af1d63e638b7e9cbfa5469cda0c041c1b64b791 Author: Arnd Bergmann Date: Fri Dec 9 12:47:02 2016 +0100 remoteproc: qcom_adsp_pil: select qcom_scm The adsp-pil driver relies on SCM and causes a build error without it: ERROR: "qcom_scm_pas_supported" [drivers/remoteproc/qcom_adsp_pil.ko] undefined! ERROR: "qcom_scm_is_available" [drivers/remoteproc/qcom_adsp_pil.ko] undefined! ERROR: "qcom_scm_pas_auth_and_reset" [drivers/remoteproc/qcom_adsp_pil.ko] undefined! ERROR: "qcom_scm_pas_shutdown" [drivers/remoteproc/qcom_adsp_pil.ko] undefined! ERROR: "qcom_scm_pas_mem_setup" [drivers/remoteproc/qcom_adsp_pil.ko] undefined! ERROR: "qcom_scm_pas_init_image" [drivers/remoteproc/qcom_adsp_pil.ko] undefined! This adds a 'select', as SCM is a silent Kconfig symbol that gets enabled implicitly by all its users. Fixes: b9e718e950c3 ("remoteproc: Introduce Qualcomm ADSP PIL") Signed-off-by: Arnd Bergmann Signed-off-by: Bjorn Andersson drivers/remoteproc/Kconfig | 1 + 1 file changed, 1 insertion(+) commit 8dcf07be2d0bcbfcebc49b9451a4feaf83e3428b Author: Bart Van Assche Date: Mon Nov 14 15:47:14 2016 -0800 target: Minimize #include directives Remove superfluous #include directives from the include/target/*.h files. Add missing #include directives to other *.h and *.c files. Use forward declarations for structures where possible. This change reduces the build time for make M=drivers/target on my laptop from 27.1s to 18.7s or by about 30%. Signed-off-by: Bart Van Assche Cc: Christoph Hellwig Cc: Bryant G. Ly drivers/target/iscsi/iscsi_target.c | 2 ++ drivers/target/iscsi/iscsi_target.h | 12 ++++++++++++ drivers/target/iscsi/iscsi_target_auth.c | 2 +- drivers/target/iscsi/iscsi_target_auth.h | 5 +++++ drivers/target/iscsi/iscsi_target_configfs.c | 3 ++- drivers/target/iscsi/iscsi_target_datain_values.c | 2 +- drivers/target/iscsi/iscsi_target_datain_values.h | 3 +++ drivers/target/iscsi/iscsi_target_device.h | 3 +++ drivers/target/iscsi/iscsi_target_erl0.h | 6 ++++++ drivers/target/iscsi/iscsi_target_erl1.c | 1 + drivers/target/iscsi/iscsi_target_erl1.h | 10 ++++++++++ drivers/target/iscsi/iscsi_target_erl2.c | 1 + drivers/target/iscsi/iscsi_target_erl2.h | 7 +++++++ drivers/target/iscsi/iscsi_target_login.c | 2 ++ drivers/target/iscsi/iscsi_target_login.h | 7 +++++++ drivers/target/iscsi/iscsi_target_nego.c | 2 ++ drivers/target/iscsi/iscsi_target_nego.h | 4 ++++ drivers/target/iscsi/iscsi_target_nodeattrib.h | 5 +++++ drivers/target/iscsi/iscsi_target_parameters.c | 2 +- drivers/target/iscsi/iscsi_target_parameters.h | 6 ++++++ drivers/target/iscsi/iscsi_target_seq_pdu_list.h | 5 +++++ drivers/target/iscsi/iscsi_target_tmr.h | 6 ++++++ drivers/target/iscsi/iscsi_target_tpg.c | 2 +- drivers/target/iscsi/iscsi_target_tpg.h | 9 +++++++++ drivers/target/iscsi/iscsi_target_transport.c | 1 + drivers/target/iscsi/iscsi_target_util.c | 1 + drivers/target/iscsi/iscsi_target_util.h | 8 ++++++++ drivers/target/loopback/tcm_loop.h | 4 ++++ drivers/target/target_core_alua.c | 3 +++ drivers/target/target_core_alua.h | 2 ++ drivers/target/target_core_device.c | 1 + drivers/target/target_core_file.c | 1 + drivers/target/target_core_file.h | 2 ++ drivers/target/target_core_iblock.h | 3 +++ drivers/target/target_core_internal.h | 5 +++++ drivers/target/target_core_pr.c | 2 ++ drivers/target/target_core_pr.h | 4 ++++ drivers/target/target_core_pscsi.h | 7 ++++--- drivers/target/target_core_rd.c | 2 ++ drivers/target/target_core_rd.h | 4 ++++ drivers/target/target_core_sbc.c | 1 + drivers/target/target_core_ua.h | 2 ++ drivers/target/target_core_xcopy.c | 1 + drivers/target/target_core_xcopy.h | 2 ++ drivers/target/tcm_fc/tcm_fc.h | 3 +++ include/target/iscsi/iscsi_target_core.h | 14 ++++++++------ include/target/iscsi/iscsi_target_stat.h | 4 ++++ include/target/iscsi/iscsi_transport.h | 6 +++--- include/target/target_core_backend.h | 6 ++++++ include/target/target_core_base.h | 12 ++++-------- include/target/target_core_fabric.h | 4 ++++ 51 files changed, 187 insertions(+), 25 deletions(-) commit f5045724578babc7bd3460087f34cc787a8b0e20 Author: Bart Van Assche Date: Fri Nov 18 15:31:45 2016 -0800 target/user: Add an #include directive Since this driver uses kmap_atomic(), include the highmem header file. Signed-off-by: Bart Van Assche Cc: Nicholas Bellinger Cc: Andy Grover drivers/target/target_core_user.c | 1 + 1 file changed, 1 insertion(+) commit 3bc71e1f43d52cca2c1823bf7816f68cf84f0d2c Author: Bart Van Assche Date: Sun Nov 20 09:09:53 2016 -0800 cxgbit: Add an #include directive Include header to ensure that the definition of before() is available. Signed-off-by: Bart Van Assche Cc: Varun Prakash Cc: Nicholas Bellinger drivers/target/iscsi/cxgbit/cxgbit_target.c | 1 + 1 file changed, 1 insertion(+) commit e9409b2672500ed53374377d861337f594f38f58 Author: Bryant G. Ly Date: Wed Nov 16 09:06:23 2016 -0800 ibmvscsi_tgt: Add two #include directives Signed-off-by: Bryant G. Ly Signed-off-by: Bart Van Assche drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.c | 1 + drivers/scsi/ibmvscsi_tgt/ibmvscsi_tgt.h | 1 + 2 files changed, 2 insertions(+) commit 4323e65b79e587b2f5ba27e1bdd91b6b54aea6b2 Author: Bart Van Assche Date: Tue Nov 15 11:23:01 2016 -0800 sbp-target: Add an #include directive usleep_range() is called from sbp_target.c. Hence include header file . Signed-off-by: Bart Van Assche Cc: Chris Boot drivers/target/sbp/sbp_target.c | 1 + 1 file changed, 1 insertion(+) commit 09ce66aee7763686a22ab26fbe8a889e0cec64e9 Author: Bart Van Assche Date: Tue Nov 15 11:21:46 2016 -0800 qla2xxx: Add an #include directive The following statement in qla_isr.c needs the size of struct t10_pi_tuple: spt += j; Hence include the header file. Signed-off-by: Bart Van Assche Acked-by: Himanshu Madhani drivers/scsi/qla2xxx/qla_isr.c | 1 + 1 file changed, 1 insertion(+) commit a6ab53742a52786ca594438eff2c80c3a242aaf3 Author: Bart Van Assche Date: Mon Nov 14 15:53:05 2016 -0800 configfs: Minimize #include directives Only include the header files that are needed by configfs.h itself. Add #include . Signed-off-by: Bart Van Assche Cc: Christoph Hellwig include/linux/configfs.h | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) commit 03274445c01562d5352ea522431ab8c6175e2bbf Author: Bart Van Assche Date: Fri Nov 18 15:42:41 2016 -0800 usb: gadget: Fix second argument of percpu_ida_alloc() Pass a task state as second argument to percpu_ida_alloc(). Fixes: commit 71e7ae8e1fb2 ("usb-gadget/tcm: Conversion to percpu_ida tag pre-allocation") Signed-off-by: Bart Van Assche Cc: Nicholas Bellinger Cc: Andrzej Pietrasiewicz Cc: Sebastian Andrzej Siewior Cc: Felipe Balbi drivers/usb/gadget/function/f_tcm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 8456066a57940b3884aa080c58b166567dc9de39 Author: Bart Van Assche Date: Fri Nov 18 15:40:31 2016 -0800 sbp-target: Fix second argument of percpu_ida_alloc() Pass a task state as second argument to percpu_ida_alloc(). Fixes: commit 5a3ee221b543 ("sbp-target: Conversion to percpu_ida tag pre-allocation") Signed-off-by: Bart Van Assche Cc: Chris Boot drivers/target/sbp/sbp_target.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit ecaf597b411e9a7b071bf7a36a4cf750c529cd28 Author: Bart Van Assche Date: Fri Nov 18 15:32:59 2016 -0800 target/user: Fix a data type in tcmu_queue_cmd() This patch avoids that sparse reports the following error messages: drivers/target/target_core_user.c:547:13: warning: incorrect type in assignment (different base types) drivers/target/target_core_user.c:547:13: expected int [signed] ret drivers/target/target_core_user.c:547:13: got restricted sense_reason_t drivers/target/target_core_user.c:548:20: warning: restricted sense_reason_t degrades to integer drivers/target/target_core_user.c:557:16: warning: incorrect type in return expression (different base types) drivers/target/target_core_user.c:557:16: expected restricted sense_reason_t drivers/target/target_core_user.c:557:16: got int [signed] ret Signed-off-by: Bart Van Assche drivers/target/target_core_user.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 8cc3bb0789eab91e5543c7b9fbc3bde7f9c8973b Author: Bart Van Assche Date: Fri Nov 18 15:45:56 2016 -0800 target: Use NULL instead of 0 to represent a pointer This has been detected by sparse. Signed-off-by: Bart Van Assche drivers/target/target_core_configfs.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 0a8b13eab1349337db4a4b5755466460bfbbaa1e Author: Rob Herring Date: Fri Dec 9 10:33:48 2016 -0600 Revert "of: base: add support to get machine model name" This reverts commit e5269794d2e9046dd45be15bdb213a229df46b7e. drivers/of/base.c | 32 -------------------------------- include/linux/of.h | 6 ------ 2 files changed, 38 deletions(-) commit 32bed310ad32b1cf66525fae89913d76dde4d797 Author: Moritz Fischer Date: Thu Dec 1 22:10:25 2016 -0800 of: Fix issue where code would fall through to error case. No longer fall through into the error case that prints out an error if no error (err = 0) occurred. Fixes d9181b20a83(of: Add back an error message, restructured) Signed-off-by: Moritz Fischer Reviewed-by: Frank Rowand Signed-off-by: Rob Herring drivers/of/resolver.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) commit 4aa663444048396799b49b5b782552c1ba15c39d Author: Marcin Nowakowski Date: Thu Dec 1 09:00:55 2016 +0100 drivers/of: fix missing pr_cont()s in of_print_phandle_args Since the KERN_CONT changes, the current debug printks have a lot of empty lines making the log messages very hard to read. Signed-off-by: Marcin Nowakowski Signed-off-by: Rob Herring drivers/of/base.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) commit 5f01f26375a96cae899d8f148612f2903d6b083a Author: Geert Uytterhoeven Date: Fri Nov 25 11:15:45 2016 +0100 devicetree: bindings: Add vendor prefix for Oki Already in use for "oki,ml86v7667". Signed-off-by: Geert Uytterhoeven Reviewed-by: Simon Horman Signed-off-by: Rob Herring Documentation/devicetree/bindings/vendor-prefixes.txt | 1 + 1 file changed, 1 insertion(+) commit e0e3a19c18ab84d98a57fed112cf23e52645f2ec Author: Greentime Hu Date: Tue Nov 22 15:15:05 2016 +0800 devicetree: bindings: Add vendor prefix for Andes Technology Corporation Add vendor-prefix for Andes Technology Corporation Signed-off-by: Greentime Hu Signed-off-by: Rob Herring Documentation/devicetree/bindings/vendor-prefixes.txt | 1 + 1 file changed, 1 insertion(+) commit c8e52ba5e2d6df5acaaeedda20d74f4ec3adcc82 Author: Jens Axboe Date: Wed Dec 7 15:53:18 2016 -0700 blk-flush: run the queue when inserting blk-mq flush Currently we pass in to run the queue async, but don't flag the queue to be run. We don't need to run it async here, but we should run it. So fixup the parameters. Signed-off-by: Jens Axboe Reviewed-by: Hannes Reinecke block/blk-flush.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 70b3ea056f3074be6d9256c312b64c0d90a4a683 Author: Jens Axboe Date: Wed Dec 7 08:43:31 2016 -0700 elevator: make the rqhash helpers exported Signed-off-by: Jens Axboe Reviewed-by: Hannes Reinecke block/elevator.c | 8 ++++---- include/linux/elevator.h | 5 +++++ 2 files changed, 9 insertions(+), 4 deletions(-) commit f04c3df3efeca0d226aeff7ef595e12a0b807ab2 Author: Jens Axboe Date: Wed Dec 7 08:41:17 2016 -0700 blk-mq: abstract out blk_mq_dispatch_rq_list() helper Takes a list of requests, and dispatches it. Moves any residual requests to the dispatch list. Signed-off-by: Jens Axboe Reviewed-by: Hannes Reinecke block/blk-mq.c | 85 ++++++++++++++++++++++++++++++++-------------------------- block/blk-mq.h | 1 + 2 files changed, 48 insertions(+), 38 deletions(-) commit ae911c5e796d51cb2d1ed3a55e73b9cc88d176cf Author: Jens Axboe Date: Thu Dec 8 13:19:30 2016 -0700 blk-mq: add blk_mq_start_stopped_hw_queue() We have a variant for all hardware queues, but not one for a single hardware queue. Signed-off-by: Jens Axboe Reviewed-by: Hannes Reinecke block/blk-mq.c | 19 ++++++++++++------- include/linux/blk-mq.h | 1 + 2 files changed, 13 insertions(+), 7 deletions(-) commit 21cbe3cc8a48ff17059912e019fbde28ed54745a Author: Marc Zyngier Date: Tue Dec 6 14:34:22 2016 +0000 arm64: KVM: pmu: Reset PMSELR_EL0.SEL to a sane value before entering the guest The ARMv8 architecture allows the cycle counter to be configured by setting PMSELR_EL0.SEL==0x1f and then accessing PMXEVTYPER_EL0, hence accessing PMCCFILTR_EL0. But it disallows the use of PMSELR_EL0.SEL==0x1f to access the cycle counter itself through PMXEVCNTR_EL0. Linux itself doesn't violate this rule, but we may end up with PMSELR_EL0.SEL being set to 0x1f when we enter a guest. If that guest accesses PMXEVCNTR_EL0, the access may UNDEF at EL1, despite the guest not having done anything wrong. In order to avoid this unfortunate course of events (haha!), let's sanitize PMSELR_EL0 on guest entry. This ensures that the guest won't explode unexpectedly. Cc: stable@vger.kernel.org #4.6+ Acked-by: Will Deacon Signed-off-by: Marc Zyngier arch/arm64/kvm/hyp/switch.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) commit 8e1a0476f8563cadfa32e9b4fff39c4224553b1e Author: Christoffer Dall Date: Mon Dec 5 10:32:11 2016 +0100 KVM: arm/arm64: timer: Check for properly initialized timer on init When the arch timer code fails to initialize (for example because the memory mapped timer doesn't work, which is currently seen with the AEM model), then KVM just continues happily with a final result that KVM eventually does a NULL pointer dereference of the uninitialized cycle counter. Check directly for this in the init path and give the user a reasonable error in this case. Cc: Shih-Wei Li Signed-off-by: Christoffer Dall Signed-off-by: Marc Zyngier virt/kvm/arm/arch_timer.c | 5 +++++ 1 file changed, 5 insertions(+) commit 266068eabb1077adf7d74a66de6610e7a6205d02 Author: Andre Przywara Date: Wed Nov 16 17:57:16 2016 +0000 KVM: arm/arm64: vgic-v2: Limit ITARGETSR bits to number of VCPUs The GICv2 spec says in section 4.3.12 that a "CPU targets field bit that corresponds to an unimplemented CPU interface is RAZ/WI." Currently we allow the guest to write any value in there and it can read that back. Mask the written value with the proper CPU mask to be spec compliant. Signed-off-by: Andre Przywara Signed-off-by: Marc Zyngier virt/kvm/arm/vgic/vgic-mmio-v2.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit d16744ec8ad011793144bb932ce822cc0c1733cb Author: Miklos Szeredi Date: Fri Dec 9 16:45:04 2016 +0100 vfs: make generic_readlink() static Signed-off-by: Miklos Szeredi fs/namei.c | 4 ++-- include/linux/fs.h | 1 - 2 files changed, 2 insertions(+), 3 deletions(-) commit dfeef68862edd7d4bafe68ef7aeb5f658ef24bb5 Author: Miklos Szeredi Date: Fri Dec 9 16:45:04 2016 +0100 vfs: remove ".readlink = generic_readlink" assignments If .readlink == NULL implies generic_readlink(). Generated by: to_del="\.readlink.*=.*generic_readlink" for i in `git grep -l $to_del`; do sed -i "/$to_del"/d $i; done Signed-off-by: Miklos Szeredi drivers/staging/lustre/lustre/llite/symlink.c | 1 - fs/9p/vfs_inode.c | 1 - fs/9p/vfs_inode_dotl.c | 1 - fs/affs/symlink.c | 1 - fs/autofs4/symlink.c | 1 - fs/btrfs/inode.c | 1 - fs/ceph/inode.c | 1 - fs/cifs/cifsfs.c | 1 - fs/coda/cnode.c | 1 - fs/configfs/symlink.c | 1 - fs/ecryptfs/inode.c | 1 - fs/ext2/symlink.c | 2 -- fs/ext4/symlink.c | 3 --- fs/f2fs/namei.c | 2 -- fs/fuse/dir.c | 1 - fs/gfs2/inode.c | 1 - fs/hostfs/hostfs_kern.c | 1 - fs/jffs2/symlink.c | 1 - fs/jfs/symlink.c | 2 -- fs/kernfs/symlink.c | 1 - fs/libfs.c | 1 - fs/minix/inode.c | 1 - fs/namei.c | 1 - fs/ncpfs/inode.c | 1 - fs/nfs/symlink.c | 1 - fs/nilfs2/namei.c | 1 - fs/ocfs2/symlink.c | 1 - fs/orangefs/symlink.c | 1 - fs/overlayfs/inode.c | 1 - fs/proc/inode.c | 1 - fs/proc/self.c | 1 - fs/proc/thread_self.c | 1 - fs/reiserfs/namei.c | 1 - fs/squashfs/symlink.c | 1 - fs/sysv/inode.c | 1 - fs/ubifs/file.c | 1 - fs/xfs/xfs_iops.c | 2 -- mm/shmem.c | 2 -- 38 files changed, 45 deletions(-) commit 76fca90e9f3abc82114d9d02d8e14e0324a18ca2 Author: Miklos Szeredi Date: Fri Dec 9 16:45:04 2016 +0100 vfs: default to generic_readlink() If i_op->readlink is NULL, but i_op->get_link is set then vfs_readlink() defaults to calling generic_readlink(). The IOP_DEFAULT_READLINK flag indicates that the above conditions are met and the default action can be taken. Signed-off-by: Miklos Szeredi Documentation/filesystems/porting | 4 ++++ Documentation/filesystems/vfs.txt | 9 ++++++--- fs/namei.c | 15 ++++++++++++--- include/linux/fs.h | 1 + 4 files changed, 23 insertions(+), 6 deletions(-) commit fd4a0edf2a3d781c6ae07d2810776ce22302ee1c Author: Miklos Szeredi Date: Fri Dec 9 16:45:04 2016 +0100 vfs: replace calling i_op->readlink with vfs_readlink() Also check d_is_symlink() in callers instead of inode->i_op->readlink because following patches will allow NULL ->readlink for symlinks. Signed-off-by: Miklos Szeredi fs/namei.c | 21 +++++++++++++++++++++ fs/nfsd/nfs4xdr.c | 8 ++++---- fs/nfsd/vfs.c | 6 ++---- fs/stat.c | 8 +++++--- fs/xfs/xfs_ioctl.c | 4 ++-- include/linux/fs.h | 1 + 6 files changed, 35 insertions(+), 13 deletions(-) commit 2a07a1f5abba308729bd082dce4d035365165d85 Author: Miklos Szeredi Date: Fri Dec 9 16:45:03 2016 +0100 proc/self: use generic_readlink The /proc/self and /proc/self-thread symlinks have separate but identical functionality for reading and following. This cleanup utilizes generic_readlink to remove the duplication. Signed-off-by: Miklos Szeredi fs/proc/self.c | 14 +------------- fs/proc/thread_self.c | 15 +-------------- 2 files changed, 2 insertions(+), 27 deletions(-) commit 6c988f575915ab5162332d61f91dca99dcc17335 Author: Miklos Szeredi Date: Fri Dec 9 16:45:03 2016 +0100 ecryptfs: use vfs_get_link() Here again we are copying form one buffer to another, while jumping through hoops to make kernel memory look like userspace memory. For no good reason, since vfs_get_link() provides exactly what is needed. As a bonus, now the security hook for readlink is also called on the underlying inode. Note: this can be called from link-following context. But this is okay: - not in RCU mode - commit e54ad7f1ee26 ("proc: prevent stacking filesystems on top") - ecryptfs is *reading* the underlying symlink not following it, so the right security hook is being called Signed-off-by: Miklos Szeredi Cc: Tyler Hicks fs/ecryptfs/inode.c | 29 ++++++++++++----------------- 1 file changed, 12 insertions(+), 17 deletions(-) commit f9d03f96b988002027d4b28ea1b7a24729a4c9b5 Author: Christoph Hellwig Date: Thu Dec 8 15:20:32 2016 -0700 block: improve handling of the magic discard payload Instead of allocating a single unused biovec for discard requests, send them down without any payload. Instead we allow the driver to add a "special" payload using a biovec embedded into struct request (unioned over other fields never used while in the driver), and overloading the number of segments for this case. This has a couple of advantages: - we don't have to allocate the bio_vec - the amount of special casing for discard requests in the block layer is significantly reduced - using this same scheme for other request types is trivial, which will be important for implementing the new WRITE_ZEROES op on devices where it actually requires a payload (e.g. SCSI) - we can get rid of playing games with the request length, as we'll never touch it and completions will work just fine - it will allow us to support ranged discard operations in the future by merging non-contiguous discard bios into a single request - last but not least it removes a lot of code This patch is the common base for my WIP series for ranges discards and to remove discard_zeroes_data in favor of always using REQ_OP_WRITE_ZEROES, so it would be good to get it in quickly. Signed-off-by: Christoph Hellwig Signed-off-by: Jens Axboe block/bio.c | 10 +-------- block/blk-core.c | 34 ++--------------------------- block/blk-lib.c | 2 +- block/blk-merge.c | 53 +++++++++++++++------------------------------- drivers/nvme/host/core.c | 17 ++++----------- drivers/nvme/host/nvme.h | 6 ++++-- drivers/nvme/host/pci.c | 27 +++++++++++------------ drivers/nvme/host/rdma.c | 13 +++++------- drivers/nvme/target/loop.c | 4 ++-- drivers/scsi/scsi_lib.c | 6 +++--- drivers/scsi/sd.c | 24 ++++++++------------- include/linux/bio.h | 3 ++- include/linux/blkdev.h | 15 ++++++++++--- 13 files changed, 76 insertions(+), 138 deletions(-) commit be07e14f96e3121483339a64d917fddb3b86ba98 Author: Christoph Hellwig Date: Fri Dec 9 14:19:06 2016 +0100 blk-wbt: don't throttle discard or write zeroes Both of these are metadata only commands that are not issued by the writeback code and not directly relevant to the writeback bandwith. Signed-off-by: Christoph Hellwig Signed-off-by: Jens Axboe block/blk-wbt.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) commit 1a41442864e35bff859582fe9c5d051d0b1040ba Author: Steven Rostedt (Red Hat) Date: Thu Dec 8 19:28:28 2016 -0500 tracing/fgraph: Have wakeup and irqsoff tracers ignore graph functions too Currently both the wakeup and irqsoff traces do not handle set_graph_notrace well. The ftrace infrastructure will ignore the return paths of all functions leaving them hanging without an end: # echo '*spin*' > set_graph_notrace # cat trace [...] _raw_spin_lock() { preempt_count_add() { do_raw_spin_lock() { update_rq_clock(); Where the '*spin*' functions should have looked like this: _raw_spin_lock() { preempt_count_add(); do_raw_spin_lock(); } update_rq_clock(); Instead, have the wakeup and irqsoff tracers ignore the functions that are set by the set_graph_notrace like the function_graph tracer does. Move the logic in the function_graph tracer into a header to allow wakeup and irqsoff tracers to use it as well. Cc: Namhyung Kim Signed-off-by: Steven Rostedt kernel/trace/trace.h | 11 +++++++++++ kernel/trace/trace_functions_graph.c | 14 +++++++------- kernel/trace/trace_irqsoff.c | 12 ++++++++++++ kernel/trace/trace_sched_wakeup.c | 12 ++++++++++++ 4 files changed, 42 insertions(+), 7 deletions(-) commit 794de08a16cf1fc1bf785dc48f66d36218cf6d88 Author: Steven Rostedt (Red Hat) Date: Thu Dec 8 20:54:49 2016 -0500 fgraph: Handle a case where a tracer ignores set_graph_notrace Both the wakeup and irqsoff tracers can use the function graph tracer when the display-graph option is set. The problem is that they ignore the notrace file, and record the entry of functions that would be ignored by the function_graph tracer. This causes the trace->depth to be recorded into the ring buffer. The set_graph_notrace uses a trick by adding a large negative number to the trace->depth when a graph function is to be ignored. On trace output, the graph function uses the depth to record a stack of functions. But since the depth is negative, it accesses the array with a negative number and causes an out of bounds access that can cause a kernel oops or corrupt data. Have the print functions handle cases where a tracer still records functions even when they are in set_graph_notrace. Also add warnings if the depth is below zero before accessing the array. Note, the function graph logic will still prevent the return of these functions from being recorded, which means that they will be left hanging without a return. For example: # echo '*spin*' > set_graph_notrace # echo 1 > options/display-graph # echo wakeup > current_tracer # cat trace [...] _raw_spin_lock() { preempt_count_add() { do_raw_spin_lock() { update_rq_clock(); Where it should look like: _raw_spin_lock() { preempt_count_add(); do_raw_spin_lock(); } update_rq_clock(); Cc: stable@vger.kernel.org Cc: Namhyung Kim Fixes: 29ad23b00474 ("ftrace: Add set_graph_notrace filter") Signed-off-by: Steven Rostedt kernel/trace/trace_functions_graph.c | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) commit 656c7f0d2d2b3237a31b105d5ed217a65350104f Author: Steven Rostedt (Red Hat) Date: Thu Dec 8 12:40:18 2016 -0500 tracing: Replace kmap with copy_from_user() in trace_marker writing Instead of using get_user_pages_fast() and kmap_atomic() when writing to the trace_marker file, just allocate enough space on the ring buffer directly, and write into it via copy_from_user(). Writing into the trace_marker file use to allocate a temporary buffer to perform the copy_from_user(), as we didn't want to write into the ring buffer if the copy failed. But as a trace_marker write is suppose to be extremely fast, and allocating memory causes other tracepoints to trigger, Peter Zijlstra suggested using get_user_pages_fast() and kmap_atomic() to keep the user space pages in memory and reading it directly. But Henrik Austad had issues with this because it required taking the mm->mmap_sem and causing long delays with the write. Instead, just allocate the space in the ring buffer and use copy_from_user() directly. If it faults, return -EFAULT and write "" into the ring buffer. Link: http://lkml.kernel.org/r/20161208124018.72dd0f86@gandalf.local.home Cc: Ingo Molnar Cc: Henrik Austad Cc: Peter Zijlstra Updates: d696b58ca2c3ca "tracing: Do not allocate buffer for trace_marker" Suggested-by: Thomas Gleixner Signed-off-by: Steven Rostedt kernel/trace/trace.c | 139 ++++++++++++++------------------------------------- 1 file changed, 37 insertions(+), 102 deletions(-) commit 847fa1a6d3d00f3bdf68ef5fa4a786f644a0dd67 Author: Steven Rostedt (Red Hat) Date: Thu Dec 8 12:48:26 2016 -0500 ftrace/x86_32: Set ftrace_stub to weak to prevent gcc from using short jumps to it With new binutils, gcc may get smart with its optimization and change a jmp from a 5 byte jump to a 2 byte one even though it was jumping to a global function. But that global function existed within a 2 byte radius, and gcc was able to optimize it. Unfortunately, that jump was also being modified when function graph tracing begins. Since ftrace expected that jump to be 5 bytes, but it was only two, it overwrote code after the jump, causing a crash. This was fixed for x86_64 with commit 8329e818f149, with the same subject as this commit, but nothing was done for x86_32. Cc: stable@vger.kernel.org Fixes: d61f82d06672 ("ftrace: use dynamic patching for updating mcount calls") Reported-by: Colin Ian King Tested-by: Colin Ian King Signed-off-by: Steven Rostedt arch/x86/entry/entry_32.S | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 9c1f6bb8c88ab6c2779bdaf12d4f3407d336f085 Author: Steven Rostedt (Red Hat) Date: Mon Nov 28 17:48:07 2016 -0500 tracing: Allow benchmark to be enabled at early_initcall() The trace event start up selftests fails when the trace benchmark is enabled, because it is disabled during boot. It really only needs to be disabled before scheduling is set up, as it creates a thread. Signed-off-by: Steven Rostedt kernel/trace/trace_benchmark.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) commit 989a0a3d248192b6f5d16cc2aea95faed89bb7ce Author: Steven Rostedt (Red Hat) Date: Mon Nov 28 13:54:57 2016 -0500 tracing: Have system enable return error if one of the events fail If one of the events within a system fails to enable when "1" is written to the system "enable" file, it should return an error. Note, some events may still be enabled, but the user should know that something did go wrong. Signed-off-by: Steven Rostedt kernel/trace/trace_events.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) commit 1dd349ab74d278cee50fc24dc26c023f3b149642 Author: Steven Rostedt (Red Hat) Date: Mon Nov 28 13:17:25 2016 -0500 tracing: Do not start benchmark on boot up Trace events are enabled very early on boot up via the boot command line parameter. The benchmark tool creates a new thread to perform the trace event benchmarking. But at start up, it is called before scheduling is set up and because it creates a new thread before the init thread is created, this crashes the kernel. Have the benchmark fail to register when started via the kernel command line. Also, since the registering of a tracepoint now can handle failure cases, return -ENOMEM instead of warning if the thread cannot be created. Signed-off-by: Steven Rostedt kernel/trace/trace_benchmark.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) commit 8cf868affdc459beee1a941df0cfaba1673740e3 Author: Steven Rostedt (Red Hat) Date: Mon Nov 28 13:03:21 2016 -0500 tracing: Have the reg function allow to fail Some tracepoints have a registration function that gets enabled when the tracepoint is enabled. There may be cases that the registraction function must fail (for example, can't allocate enough memory). In this case, the tracepoint should also fail to register, otherwise the user would not know why the tracepoint is not working. Cc: David Howells Cc: Seiji Aguchi Cc: Anton Blanchard Cc: Mathieu Desnoyers Signed-off-by: Steven Rostedt arch/powerpc/include/asm/trace.h | 4 ++-- arch/powerpc/platforms/powernv/opal-tracepoints.c | 6 ++++-- arch/powerpc/platforms/pseries/lpar.c | 6 ++++-- arch/x86/include/asm/trace/exceptions.h | 2 +- arch/x86/include/asm/trace/irq_vectors.h | 2 +- arch/x86/kernel/tracepoint.c | 3 ++- drivers/i2c/i2c-core.c | 3 ++- include/linux/tracepoint-defs.h | 2 +- include/linux/tracepoint.h | 2 +- include/trace/events/i2c.h | 2 +- kernel/trace/trace_benchmark.c | 3 ++- kernel/trace/trace_benchmark.h | 2 +- kernel/tracepoint.c | 12 +++++++++--- samples/trace_events/trace-events-sample.c | 3 ++- samples/trace_events/trace-events-sample.h | 2 +- 15 files changed, 34 insertions(+), 20 deletions(-) commit e36ce99ee0815d7919a7b589bfb66f3de50b6bc7 Author: Guenter Roeck Date: Sun Nov 20 10:37:39 2016 -0800 hwmon: (ds620) Fix overflows seen when writing temperature limits Module test reports: temp1_max: Suspected overflow: [160000 vs. 0] temp1_min: Suspected overflow: [160000 vs. 0] This is seen because the values passed when writing temperature limits are unbound. Reviewed-by: Jean Delvare Fixes: 6099469805c2 ("hwmon: Support for Dallas Semiconductor DS620") Signed-off-by: Guenter Roeck drivers/hwmon/ds620.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 0fb620c4334eab14e85b7f66389e9061a225fb7e Author: Guenter Roeck Date: Sun Nov 20 10:14:09 2016 -0800 hwmon: (adm9240) Fix overflows seen when writing into limit attributes Module test reports: in0_min: Suspected overflow: [3320 vs. 0] in0_max: Suspected overflow: [3320 vs. 0] in4_min: Suspected overflow: [15938 vs. 0] in4_max: Suspected overflow: [15938 vs. 0] temp1_max: Suspected overflow: [127000 vs. 0] temp1_max_hyst: Suspected overflow: [127000 vs. 0] aout_output: Suspected overflow: [1250 vs. 0] Code analysis reveals that the overflows are caused by conversions from unsigned long to long to int, combined with multiplications on passed values. Reviewed-by: Jean Delvare Signed-off-by: Guenter Roeck drivers/hwmon/adm9240.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) commit e5d6b12fe14e89ea1c494585c47b1dfb31d71183 Author: Chris Mason Date: Fri Dec 9 05:56:33 2016 -0800 Btrfs: don't WARN() in btrfs_transaction_abort() for IO errors btrfs_transaction_abort() has a WARN() to help us nail down whatever problem lead to the abort. But most of the time, we're aborting for EIO, and the warning just adds noise. Signed-off-by: Chris Mason fs/btrfs/ctree.h | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) commit 76ae054c69a745ded388fc4ae70422d74c5bc77d Author: Shaohua Li Date: Fri Dec 2 14:21:06 2016 -0800 x86/intel_rdt: Implement show_options() for resctrlfs Implement show_options() callback for intel resource control filesystem to expose the active mount options in /proc/ Signed-off-by: Shaohua Li Cc: Fenghua Yu Link: http://lkml.kernel.org/r/7dce7c1886ac9289442d254ea18322c92bd968da.1480717072.git.shli@fb.com Signed-off-by: Thomas Gleixner arch/x86/kernel/cpu/intel_rdt_rdtgroup.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) commit c60fa555b11b25386b355c141d90cbee361c3eec Author: Pan Bian Date: Mon Dec 5 19:37:24 2016 +0800 HID: usbhid: fix improper return value Function hid_post_reset() should return negative error codes on failures. However, in its implementation, it incorrectly returns 1. This patch fixes the bug, returning proper error codes on failures. Signed-off-by: Pan Bian Signed-off-by: Jiri Kosina drivers/hid/usbhid/hid-core.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 59024954a1e7e26b62680e1f2b5725249a6c09f7 Author: Petr Mladek Date: Tue Dec 6 16:09:49 2016 +0100 Documentation/livepatch: Fix stale link to gmame gmame archive does not longer exist. Use the message id and generic redirector instead. Reported-by: John Donnelly Signed-off-by: Petr Mladek Signed-off-by: Jiri Kosina Documentation/livepatch/livepatch.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit c9cfb2aca26505729fc37716038c692208b2a8c9 Author: Ping Cheng Date: Thu Dec 8 22:06:15 2016 -0800 HID: wacom: generic: Don't sync input on empty input packets post input_sync only when there are input events posted Signed-off-by: Ping Cheng Reviewed-By: Jason Gerecke Signed-off-by: Jiri Kosina drivers/hid/wacom_wac.c | 76 +++++++++++++++++++++++++++++++++---------------- drivers/hid/wacom_wac.h | 1 + 2 files changed, 52 insertions(+), 25 deletions(-) commit f3f24e7b69841214b62cb0669527b7121d637a9e Author: Ping Cheng Date: Thu Dec 8 22:05:44 2016 -0800 HID: wacom: generic: Pad supports more than buttons Make sure everything reported from pad are registered Signed-off-by: Ping Cheng Reviewed-By: Jason Gerecke Signed-off-by: Jiri Kosina drivers/hid/wacom_wac.c | 9 +++++++++ 1 file changed, 9 insertions(+) commit 6f46cf9b40df7d181f11989bab6f4cc08787cdfe Author: Ping Cheng Date: Thu Dec 8 22:04:52 2016 -0800 HID: wacom: generic: Send data only when the interface is defined Sometime valid events may not be supported by the driver yet. Make sure we don't process them when the code is not ready. This fix prevents a kernel panic due to unsupported HID events. Signed-off-by: Ping Cheng Reviewed-By: Jason Gerecke Signed-off-by: Jiri Kosina drivers/hid/wacom_wac.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) commit 354a32985a863c9eecd381a5f9eea480d5abc6dc Author: Ping Cheng Date: Thu Dec 8 22:03:27 2016 -0800 HID: wacom: generic: Don't return a value for wacom_wac_event It is unnecessary to return a value since nothing is expecting a value from it. Signed-off-by: Ping Cheng Reviewed-By: Jason Gerecke Signed-off-by: Jiri Kosina drivers/hid/wacom.h | 2 +- drivers/hid/wacom_wac.c | 62 +++++++++++++++++++++---------------------------- 2 files changed, 28 insertions(+), 36 deletions(-) commit e6f462df9acd2a3295e5d34eb29e2823220cf129 Author: Johannes Berg Date: Thu Dec 8 17:22:09 2016 +0100 cfg80211/mac80211: fix BSS leaks when abandoning assoc attempts When mac80211 abandons an association attempt, it may free all the data structures, but inform cfg80211 and userspace about it only by sending the deauth frame it received, in which case cfg80211 has no link to the BSS struct that was used and will not cfg80211_unhold_bss() it. Fix this by providing a way to inform cfg80211 of this with the BSS entry passed, so that it can clean up properly, and use this ability in the appropriate places in mac80211. This isn't ideal: some code is more or less duplicated and tracing is missing. However, it's a fairly small change and it's thus easier to backport - cleanups can come later. Cc: stable@vger.kernel.org Signed-off-by: Johannes Berg include/net/cfg80211.h | 11 +++++++++++ net/mac80211/mlme.c | 21 ++++++++++++--------- net/wireless/core.h | 1 + net/wireless/mlme.c | 12 ++++++++++++ net/wireless/sme.c | 14 ++++++++++++++ 5 files changed, 50 insertions(+), 9 deletions(-) commit 2fa436b3a2a7009c11a3bc03fe0ff4c26e80fd87 Author: Vamsi Krishna Date: Fri Dec 2 23:59:08 2016 +0200 nl80211: Use different attrs for BSSID and random MAC addr in scan req NL80211_ATTR_MAC was used to set both the specific BSSID to be scanned and the random MAC address to be used when privacy is enabled. When both the features are enabled, both the BSSID and the local MAC address were getting same value causing Probe Request frames to go with unintended DA. Hence, this has been fixed by using a different NL80211_ATTR_BSSID attribute to set the specific BSSID (which was the more recent addition in cfg80211) for a scan. Backwards compatibility with old userspace software is maintained to some extent by allowing NL80211_ATTR_MAC to be used to set the specific BSSID when scanning without enabling random MAC address use. Scanning with random source MAC address was introduced by commit ad2b26abc157 ("cfg80211: allow drivers to support random MAC addresses for scan") and the issue was introduced with the addition of the second user for the same attribute in commit 818965d39177 ("cfg80211: Allow a scan request for a specific BSSID"). Fixes: 818965d39177 ("cfg80211: Allow a scan request for a specific BSSID") Signed-off-by: Vamsi Krishna Signed-off-by: Jouni Malinen Signed-off-by: Johannes Berg include/uapi/linux/nl80211.h | 7 ++++++- net/wireless/nl80211.c | 16 +++++++++++++++- 2 files changed, 21 insertions(+), 2 deletions(-) commit eeb04a9688f4f939f2a0eaec5a2d53e05e75e691 Author: Johannes Berg Date: Mon Nov 21 13:55:48 2016 +0100 nl80211: fix logic inversion in start_nan() Arend inadvertently inverted the logic while converting to wdev_running(), fix that. Fixes: 73c7da3dae1e ("cfg80211: add generic helper to check interface is running") Signed-off-by: Johannes Berg net/wireless/nl80211.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit c029a2bec66e42e57538cb65e28618baf6a4b311 Author: Thomas Gleixner Date: Thu Dec 8 20:49:38 2016 +0000 timekeeping: Use mul_u64_u32_shr() instead of open coding it The resume code must deal with a clocksource delta which is potentially big enough to overflow the 64bit mult. Replace the open coded handling with the proper function. Signed-off-by: Thomas Gleixner Reviewed-by: David Gibson Acked-by: Peter Zijlstra (Intel) Cc: Parit Bhargava Cc: Laurent Vivier Cc: "Christopher S. Hall" Cc: Chris Metcalf Cc: Richard Cochran Cc: Liav Rehana Cc: John Stultz Link: http://lkml.kernel.org/r/20161208204228.921674404@linutronix.de Signed-off-by: Thomas Gleixner kernel/time/timekeeping.c | 26 +++++--------------------- 1 file changed, 5 insertions(+), 21 deletions(-) commit cbd99e3b289e43000c29aa4aa9b94b394cdc68bd Author: Thomas Gleixner Date: Thu Dec 8 20:49:36 2016 +0000 timekeeping: Get rid of pointless typecasts cycle_t is defined as u64, so casting it to u64 is a pointless and confusing exercise. cycle_t should simply go away and be replaced with a plain u64 to avoid further confusion. Signed-off-by: Thomas Gleixner Reviewed-by: David Gibson Acked-by: Peter Zijlstra (Intel) Cc: Parit Bhargava Cc: Laurent Vivier Cc: "Christopher S. Hall" Cc: Chris Metcalf Cc: Richard Cochran Cc: Liav Rehana Cc: John Stultz Link: http://lkml.kernel.org/r/20161208204228.844699737@linutronix.de Signed-off-by: Thomas Gleixner kernel/time/timekeeping.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) commit acc89612a70e370a5640fd77a83f15b7b94d85e4 Author: Thomas Gleixner Date: Thu Dec 8 20:49:34 2016 +0000 timekeeping: Make the conversion call chain consistently unsigned Propagating a unsigned value through signed variables and functions makes absolutely no sense and is just prone to (re)introduce subtle signed vs. unsigned issues as happened recently. Clean it up. Signed-off-by: Thomas Gleixner Reviewed-by: David Gibson Acked-by: Peter Zijlstra (Intel) Cc: Parit Bhargava Cc: Laurent Vivier Cc: "Christopher S. Hall" Cc: Chris Metcalf Cc: Richard Cochran Cc: Liav Rehana Cc: John Stultz Link: http://lkml.kernel.org/r/20161208204228.765843099@linutronix.de Signed-off-by: Thomas Gleixner kernel/time/timekeeping.c | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) commit 9c1645727b8fa90d07256fdfcc45bf831242a3ab Author: Thomas Gleixner Date: Thu Dec 8 20:49:32 2016 +0000 timekeeping_Force_unsigned_clocksource_to_nanoseconds_conversion The clocksource delta to nanoseconds conversion is using signed math, but the delta is unsigned. This makes the conversion space smaller than necessary and in case of a multiplication overflow the conversion can become negative. The conversion is done with scaled math: s64 nsec_delta = ((s64)clkdelta * clk->mult) >> clk->shift; Shifting a signed integer right obvioulsy preserves the sign, which has interesting consequences: - Time jumps backwards - __iter_div_u64_rem() which is used in one of the calling code pathes will take forever to piecewise calculate the seconds/nanoseconds part. This has been reported by several people with different scenarios: David observed that when stopping a VM with a debugger: "It was essentially the stopped by debugger case. I forget exactly why, but the guest was being explicitly stopped from outside, it wasn't just scheduling lag. I think it was something in the vicinity of 10 minutes stopped." When lifting the stop the machine went dead. The stopped by debugger case is not really interesting, but nevertheless it would be a good thing not to die completely. But this was also observed on a live system by Liav: "When the OS is too overloaded, delta will get a high enough value for the msb of the sum delta * tkr->mult + tkr->xtime_nsec to be set, and so after the shift the nsec variable will gain a value similar to 0xffffffffff000000." Unfortunately this has been reintroduced recently with commit 6bd58f09e1d8 ("time: Add cycles to nanoseconds translation"). It had been fixed a year ago already in commit 35a4933a8959 ("time: Avoid signed overflow in timekeeping_get_ns()"). Though it's not surprising that the issue has been reintroduced because the function itself and the whole call chain uses s64 for the result and the propagation of it. The change in this recent commit is subtle: s64 nsec; - nsec = (d * m + n) >> s: + nsec = d * m + n; + nsec >>= s; d being type of cycle_t adds another level of obfuscation. This wouldn't have happened if the previous change to unsigned computation would have made the 'nsec' variable u64 right away and a follow up patch had cleaned up the whole call chain. There have been patches submitted which basically did a revert of the above patch leaving everything else unchanged as signed. Back to square one. This spawned a admittedly pointless discussion about potential users which rely on the unsigned behaviour until someone pointed out that it had been fixed before. The changelogs of said patches added further confusion as they made finally false claims about the consequences for eventual users which expect signed results. Despite delta being cycle_t, aka. u64, it's very well possible to hand in a signed negative value and the signed computation will happily return the correct result. But nobody actually sat down and analyzed the code which was added as user after the propably unintended signed conversion. Though in sensitive code like this it's better to analyze it proper and make sure that nothing relies on this than hunting the subtle wreckage half a year later. After analyzing all call chains it stands that no caller can hand in a negative value (which actually would work due to the s64 cast) and rely on the signed math to do the right thing. Change the conversion function to unsigned math. The conversion of all call chains is done in a follow up patch. This solves the starvation issue, which was caused by the negative result, but it does not solve the underlying problem. It merily procrastinates it. When the timekeeper update is deferred long enough that the unsigned multiplication overflows, then time going backwards is observable again. It does neither solve the issue of clocksources with a small counter width which will wrap around possibly several times and cause random time stamps to be generated. But those are usually not found on systems used for virtualization, so this is likely a non issue. I took the liberty to claim authorship for this simply because analyzing all callsites and writing the changelog took substantially more time than just making the simple s/s64/u64/ change and ignore the rest. Fixes: 6bd58f09e1d8 ("time: Add cycles to nanoseconds translation") Reported-by: David Gibson Reported-by: Liav Rehana Signed-off-by: Thomas Gleixner Reviewed-by: David Gibson Acked-by: Peter Zijlstra (Intel) Cc: Parit Bhargava Cc: Laurent Vivier Cc: "Christopher S. Hall" Cc: Chris Metcalf Cc: Richard Cochran Cc: John Stultz Cc: stable@vger.kernel.org Link: http://lkml.kernel.org/r/20161208204228.688545601@linutronix.de Signed-off-by: Thomas Gleixner kernel/time/timekeeping.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 3f9ca75516a7e581ff803f751a869c1da5ae5fa5 Author: Miklos Szeredi Date: Fri Dec 9 11:57:43 2016 +0100 bad_inode: add missing i_op initializers New inode operations were forgotten to be added to bad_inode. Most of the time the op is checked for NULL before being called but marking the inode bad and the check can race (very unlikely). However in case of ->get_link() only DCACHE_SYMLINK_TYPE is checked before calling the op, so there's no race and will definitely oops when trying to follow links on such a beast. Also remove comments about extinct ops. Signed-off-by: Miklos Szeredi Cc: fs/bad_inode.c | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 51 insertions(+), 4 deletions(-) commit d8a12b7117b42fd708f1e908498350232bdbd5ff Author: Giuseppe Lippolis Date: Tue Dec 6 21:24:19 2016 +0100 USB: serial: option: add dlink dwm-158 Adding registration for 3G modem DWM-158 in usb-serial-option Signed-off-by: Giuseppe Lippolis Cc: stable Signed-off-by: Johan Hovold Signed-off-by: Greg Kroah-Hartman drivers/usb/serial/option.c | 1 + 1 file changed, 1 insertion(+) commit 5b09eff0c379002527ad72ea5ea38f25da8a8650 Author: Daniele Palmas Date: Thu Dec 1 16:38:39 2016 +0100 USB: serial: option: add support for Telit LE922A PIDs 0x1040, 0x1041 This patch adds support for PIDs 0x1040, 0x1041 of Telit LE922A. Since the interface positions are the same than the ones used for other Telit compositions, previous defined blacklists are used. Signed-off-by: Daniele Palmas Cc: stable Signed-off-by: Johan Hovold Signed-off-by: Greg Kroah-Hartman drivers/usb/serial/option.c | 6 ++++++ 1 file changed, 6 insertions(+) commit d71bb23a81f80eeb5291e5c782377024e7265a23 Merge: 17f08b0 82ffb6f Author: Takashi Iwai Date: Fri Dec 9 11:21:35 2016 +0100 Merge branch 'for-linus' into for-next commit 82ffb6fc637150b279f49e174166d2aa3853eaf4 Author: Con Kolivas Date: Fri Dec 9 15:15:57 2016 +1100 ALSA: usb-audio: Add QuickCam Communicate Deluxe/S7500 to volume_control_quirks The Logitech QuickCam Communicate Deluxe/S7500 microphone fails with the following warning. [ 6.778995] usb 2-1.2.2.2: Warning! Unlikely big volume range (=3072), cval->res is probably wrong. [ 6.778996] usb 2-1.2.2.2: [5] FU [Mic Capture Volume] ch = 1, val = 4608/7680/1 Adding it to the list of devices in volume_control_quirks makes it work properly, fixing related typo. Signed-off-by: Con Kolivas Cc: Signed-off-by: Takashi Iwai sound/usb/mixer.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 17f08b0d9aafccdb10038ab6dbd9ddb6433c13e2 Author: Alberto Aguirre Date: Thu Dec 8 00:36:48 2016 -0600 ALSA: usb-audio: add implicit fb quirk for Axe-Fx II The Axe-Fx II implicit feedback end point and the data sync endpoint are in different interface descriptors. Add quirk to ensure a sync endpoint is properly configured. Signed-off-by: Alberto Aguirre Signed-off-by: Takashi Iwai sound/usb/pcm.c | 10 ++++++++++ 1 file changed, 10 insertions(+) commit 3da96be58f2c8aaa86cfe78b16f837e610dfcfe2 Author: Juergen Gross Date: Fri Dec 2 07:15:45 2016 +0100 xen/scsifront: don't request a slot on the ring until request is ready Instead of requesting a new slot on the ring to the backend early, do so only after all has been setup for the request to be sent. This makes error handling easier as we don't need to undo the request id allocation and ring slot allocation. Suggested-by: Jan Beulich Signed-off-by: Juergen Gross Reviewed-by: Boris Ostrovsky Signed-off-by: Juergen Gross drivers/scsi/xen-scsifront.c | 188 +++++++++++++++++++------------------------ 1 file changed, 83 insertions(+), 105 deletions(-) commit 738662c35c491fc360bb6adcb8a0db88d87b5d88 Author: Alex Thorlton Date: Mon Dec 5 11:49:14 2016 -0600 xen/x86: Increase xen_e820_map to E820_X_MAX possible entries On systems with sufficiently large e820 tables, and several IOAPICs, it is possible for the XENMEM_machine_memory_map callback (and its counterpart, XENMEM_memory_map) to attempt to return an e820 table with more than 128 entries. This callback adds entries to the BIOS-provided e820 table to account for IOAPIC registers, which, on sufficiently large systems, can result in an e820 table that is too large to copy back into xen_e820_map. This change simply increases the size of xen_e820_map to E820_X_MAX to ensure that there is enough room to store the entire e820 map returned from this callback. Signed-off-by: Alex Thorlton Suggested-by: Boris Ostrovsky Reviewed-by: Juergen Gross Acked-by: Ingo Molnar Signed-off-by: Juergen Gross arch/x86/xen/setup.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 9d2f86c6cad5a8a3f0b38a80136ba68364ca7278 Author: Alex Thorlton Date: Mon Dec 5 11:49:13 2016 -0600 x86: Make E820_X_MAX unconditionally larger than E820MAX It's really not necessary to limit E820_X_MAX to 128 in the non-EFI case. This commit drops E820_X_MAX's dependency on CONFIG_EFI, so that E820_X_MAX is always at least slightly larger than E820MAX. The real motivation behind this is actually to prevent some issues in the Xen kernel, where the XENMEM_machine_memory_map hypercall can produce an e820 map larger than 128 entries, even on systems where the original e820 table was quite a bit smaller than that, depending on how many IOAPICs are installed on the system. Signed-off-by: Alex Thorlton Suggested-by: Ingo Molnar Acked-by: Ingo Molnar Signed-off-by: Juergen Gross arch/x86/include/asm/e820.h | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) commit ad595b77c4a8553516a5d76c9ecf68a0ff13960e Author: Markus Elfring Date: Sun Oct 23 23:00:22 2016 +0200 m68k/atari: Use seq_puts() in atari_get_hardware_list() A string which did not contain a data format specification should be put into a sequence. Thus use the corresponding function "seq_puts". This issue was detected by using the Coccinelle software. Signed-off-by: Markus Elfring Signed-off-by: Geert Uytterhoeven arch/m68k/atari/config.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit f2a0c53402990ee106a8ec329b00fc527d6e0773 Author: Markus Elfring Date: Sun Oct 23 22:55:03 2016 +0200 m68k/amiga: Use seq_puts() in amiga_get_hardware_list() A string which did not contain a data format specification should be put into a sequence. Thus use the corresponding function "seq_puts". This issue was detected by using the Coccinelle software. Signed-off-by: Markus Elfring Signed-off-by: Geert Uytterhoeven arch/m68k/amiga/config.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 2953079c692da067aeb6345659875b97378f9b0a Author: Shaohua Li Date: Thu Dec 8 15:48:19 2016 -0800 md: separate flags for superblock changes The mddev->flags are used for different purposes. There are a lot of places we check/change the flags without masking unrelated flags, we could check/change unrelated flags. These usage are most for superblock write, so spearate superblock related flags. This should make the code clearer and also fix real bugs. Reviewed-by: NeilBrown Signed-off-by: Shaohua Li drivers/md/bitmap.c | 4 +- drivers/md/dm-raid.c | 4 +- drivers/md/md.c | 115 ++++++++++++++++++++++++----------------------- drivers/md/md.h | 16 ++++--- drivers/md/multipath.c | 2 +- drivers/md/raid1.c | 12 ++--- drivers/md/raid10.c | 22 ++++----- drivers/md/raid5-cache.c | 6 +-- drivers/md/raid5.c | 26 +++++------ 9 files changed, 106 insertions(+), 101 deletions(-) commit 82a301cb0ea2df8a5c88213094a01660067c7fb4 Author: Shaohua Li Date: Thu Dec 8 15:48:18 2016 -0800 md: MD_RECOVERY_NEEDED is set for mddev->recovery Fixes: 90f5f7ad4f38("md: Wait for md_check_recovery before attempting device removal.") Reviewed-by: NeilBrown Signed-off-by: Shaohua Li drivers/md/md.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 6995f0b247e15e34fbcd10852c08b30bdc1a78da Author: Shaohua Li Date: Thu Dec 8 15:48:17 2016 -0800 md: takeover should clear unrelated bits When we change level from raid1 to raid5, the MD_FAILFAST_SUPPORTED bit will be accidentally set, but raid5 doesn't support it. The same is true for the MD_HAS_JOURNAL bit. Fix: 46533ff (md: Use REQ_FAILFAST_* on metadata writes where appropriate) Reviewed-by: NeilBrown Signed-off-by: Shaohua Li drivers/md/raid0.c | 5 +++++ drivers/md/raid1.c | 5 ++++- drivers/md/raid5.c | 6 +++++- 3 files changed, 14 insertions(+), 2 deletions(-) commit 9807b773dad4555665931d57065d7f8adab58e0f Merge: a444d72 9875258 Author: Dave Chinner Date: Fri Dec 9 16:56:26 2016 +1100 Merge branch 'xfs-4.10-misc-fixes-4' into for-next commit 9875258ca7ab238a08bb9ad17e0c9b9984eac7df Author: Eric Sandeen Date: Fri Dec 9 16:49:54 2016 +1100 xfs: nuke unused tracepoint definitions This is all unused code, so remove it. Signed-off-by: Eric Sandeen Reviewed-by: Dave Chinner Signed-off-by: Dave Chinner fs/xfs/xfs_trace.h | 109 ----------------------------------------------------- 1 file changed, 109 deletions(-) commit b24a978c377be5f14e798cb41238e66fe51aab2f Author: Darrick J. Wong Date: Fri Dec 9 16:49:54 2016 +1100 xfs: use GPF_NOFS when allocating btree cursors Use NOFS for allocating btree cursors, since they can be called under the ilock. Signed-off-by: Darrick J. Wong Reviewed-by: Dave Chinner Signed-off-by: Dave Chinner fs/xfs/libxfs/xfs_alloc_btree.c | 2 +- fs/xfs/libxfs/xfs_bmap_btree.c | 2 +- fs/xfs/libxfs/xfs_ialloc_btree.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) commit 0c187dc508d7d8520319c0dcaa0601775f69ab5a Author: Eryu Guan Date: Fri Dec 9 16:49:54 2016 +1100 xfs: use xfs_vn_setattr_size to check on new size Commit 6552321831dc ("xfs: remove i_iolock and use i_rwsem in the VFS inode instead") introduced a regression that truncate(2) doesn't check on new size, so it succeeds even if the new size exceeds the current resource limit. Because xfs_setattr_size() was used instead of xfs_vn_setattr_size(), and the latter calls xfs_vn_change_ok() first to do sanity check on permission and new size. This is found by truncate03 test from ltp, and the following is a simplified reproducer: #!/bin/bash dev=/dev/sda5 mnt=/mnt/xfs mkfs -t xfs -f $dev mount $dev $mnt # set max file size to 16k ulimit -f 16 truncate -s $((16 * 1024 + 1)) /mnt/xfs/testfile [ $? -eq 0 ] && echo "FAIL: truncate exceeded max file size" ulimit -f unlimited umount $mnt Signed-off-by: Eryu Guan Reviewed-by: Christoph Hellwig Signed-off-by: Dave Chinner fs/xfs/xfs_iops.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 4cf4573d899cd80d8578c050061dc342f99f3a32 Author: Dave Chinner Date: Fri Dec 9 16:49:54 2016 +1100 xfs: deprecate barrier/nobarrier mount option We always perform integrity operations now, so these mount options don't do anything. Deprecate them and mark them for removal in in a year. Signed-Off-By: Dave Chinner Reviewed-by: Christoph Hellwig Signed-off-by: Dave Chinner Documentation/filesystems/xfs.txt | 12 ++++-------- fs/xfs/xfs_super.c | 25 ++++++++++++++++--------- 2 files changed, 20 insertions(+), 17 deletions(-) commit 2291dab2c9d1880efd19469df2042e2277c8b7a4 Author: Dave Chinner Date: Fri Dec 9 16:49:54 2016 +1100 xfs: Always flush caches when integrity is required There is no reason anymore for not issuing device integrity operations when teh filesystem requires ordering or data integrity guarantees. We should always issue cache flushes and FUA writes where necessary and let the underlying storage optimise them as necessary for correct integrity operation. Signed-Off-By: Dave Chinner Reviewed-by: Christoph Hellwig Signed-off-by: Dave Chinner fs/xfs/xfs_buf.c | 3 +-- fs/xfs/xfs_file.c | 29 ++++++++++++----------------- fs/xfs/xfs_log.c | 39 ++++++++++++++++----------------------- 3 files changed, 29 insertions(+), 42 deletions(-) commit 2e1d23370e75d7d89350d41b4ab58c7f6a0e26b2 Author: Eric Sandeen Date: Fri Dec 9 16:49:47 2016 +1100 xfs: ignore leaf attr ichdr.count in verifier during log replay When we create a new attribute, we first create a shortform attribute, and try to fit the new attribute into it. If that fails, we copy the (empty) attribute into a leaf attribute, and do the copy again. Thus there can be a transient state where we have an empty leaf attribute. If we encounter this during log replay, the verifier will fail. So add a test to ignore this part of the leaf attr verification during log replay. Thanks as usual to dchinner for spotting the problem. Signed-off-by: Eric Sandeen Reviewed-by: Christoph Hellwig Signed-off-by: Dave Chinner fs/xfs/libxfs/xfs_attr_leaf.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) commit 65990d1afbd2d6fc23c6ecbd6f1899aa760a024f Author: Fred Isaman Date: Fri Sep 30 14:37:41 2016 -0400 pNFS/flexfiles: Fix a deadlock on LAYOUTGET We encountered a deadlock where the SEQUENCE that accompanied the LAYOUTGET triggered a session drain, while ff_layout_alloc_lseg triggered a GETDEVICEINFO. The GETDEVICEINFO hung waiting for the session drain, while the LAYOUTGET held the slot waiting for alloc_lseg to finish. Avoid this by moving the call to nfs4_find_get_deviceid out of ff_layout_alloc_lseg and into nfs4_ff_layout_prepare_ds. Signed-off-by: Fred Isaman [dros@primarydata.com: pNFS/flexfiles: fix races in ff_layout_mirror_valid] Signed-off-by: Weston Andros Adamson Signed-off-by: Trond Myklebust fs/nfs/flexfilelayout/flexfilelayout.c | 37 ++--------------------- fs/nfs/flexfilelayout/flexfilelayout.h | 2 +- fs/nfs/flexfilelayout/flexfilelayoutdev.c | 50 ++++++++++++++++++++++++------- 3 files changed, 43 insertions(+), 46 deletions(-) commit 25dfd7cfefeea5bddd48da5763ecbe686579c922 Merge: acc5ddd 73fe26a Author: Dave Airlie Date: Fri Dec 9 12:43:17 2016 +1000 Merge tag 'drm-fsl-dcu-for-next' of http://git.agner.ch/git/linux-drm-fsl-dcu into drm-next Some fixes and cleanup, mainly around fbdev emulation. It also adds a new module parameter which allows to specify the color depth/bpp for the fbdev emulation (like the IMX DRM driver). * tag 'drm-fsl-dcu-for-next' of http://git.agner.ch/git/linux-drm-fsl-dcu: drm/fsl-dcu: introduce kernel parameter to specify fbdev depth drm/fsl-dcu: remove separate compilation unit for fbdev emulation drm/fsl-dcu: Propagate the real error code drm/fsl-dcu: Remove unneeded NULL check drm/fsl-dcu: disable outputs before unloading driver drm/fsl-dcu: unload driver before disabling clocks commit f006b2c5dff35cb32ee77a0cbcabb52d90118c19 Author: Arnd Bergmann Date: Thu Dec 8 22:57:05 2016 +0100 net: xgene: avoid bogus maybe-uninitialized warning In some configurations, gcc cannot trace the state of variables across a spin_unlock() barrier, leading to a warning about correct code: xgene_enet_main.c: In function 'xgene_enet_start_xmit': ../../../phy/mdio-xgene.h:112:14: error: 'mss_index' may be used uninitialized in this function [-Werror=maybe-uninitialized] Here we can trivially move the assignment before that spin_unlock, which reliably avoids the warning. Fixes: e3978673f514 ("drivers: net: xgene: Fix MSS programming") Signed-off-by: Arnd Bergmann Signed-off-by: David S. Miller drivers/net/ethernet/apm/xgene/xgene_enet_main.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit dece303fa3aaaf1dbaf4ddd95e8af1c16ceb7bb1 Author: Arnd Bergmann Date: Thu Dec 8 22:57:04 2016 +0100 net: xgene: move xgene_cle_ptree_ewdn data off stack The array for initializing the cle is set up on the stack with almost entirely constant data and then passed to a function that converts it into HW specific bit patterns. With the latest addition, the size of this array has grown to the point that we get a warning about potential stack overflow in allmodconfig builds: xgene_enet_cle.c: In function ‘xgene_enet_cle_init’: xgene_enet_cle.c:836:1: error: the frame size of 1032 bytes is larger than 1024 bytes [-Werror=frame-larger-than=] Looking a bit deeper at the usage, I noticed that the only modification of the data is in dead code, as we don't even use the cle module for phy_mode other than PHY_INTERFACE_MODE_XGMII. This means we can simply mark the structure constant and access it directly rather than passing the pointer down through another structure, making the code more efficient at the same time as avoiding the warning. Fixes: a809701fed15 ("drivers: net: xgene: fix: RSS for non-TCP/UDP") Signed-off-by: Arnd Bergmann Signed-off-by: David S. Miller drivers/net/ethernet/apm/xgene/xgene_enet_cle.c | 768 ++++++++++++------------ drivers/net/ethernet/apm/xgene/xgene_enet_cle.h | 2 - 2 files changed, 381 insertions(+), 389 deletions(-) commit 9afd895271d91cd6ed743d22fce043f8c28b30ce Author: Arnd Bergmann Date: Thu Dec 8 22:57:03 2016 +0100 net/mlx5e: use %pad format string for dma_addr_t On 32-bit ARM with 64-bit dma_addr_t I get this warning about an incorrect format string: In file included from /git/arm-soc/drivers/net/ethernet/mellanox/mlx5/core/alloc.c:42:0: drivers/net/ethernet/mellanox/mlx5/core/alloc.c: In function ‘mlx5_frag_buf_alloc_node’: drivers/net/ethernet/mellanox/mlx5/core/alloc.c:134:12: error: cast to pointer from integer of different size [-Werror=int-to-pointer-cast] We have the special %pad format for printing dma_addr_t, so use that to print the correct address and avoid the warning. Fixes: 1c1b522808a1 ("net/mlx5e: Implement Fragmented Work Queue (WQ)") Signed-off-by: Arnd Bergmann Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/alloc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit acc5ddd972793d6ec7e51a9543f24b7e932134dc Merge: bfd5be0 72a93e8 Author: Dave Airlie Date: Fri Dec 9 12:29:10 2016 +1000 Merge tag 'drm-misc-next-2016-12-08' of git://anongit.freedesktop.org/git/drm-misc into drm-next Another pile of misc stuff, final one for 4.10. If there's some serious bugfix still I'll send you a pull for drm-misc-next-fixes (like we do with intel), otherwise this is it and next pull next year for 4.11. Most interesting bits are probably Chris' fb helper fixes against mst hotplug oopses. * tag 'drm-misc-next-2016-12-08' of git://anongit.freedesktop.org/git/drm-misc: (22 commits) drm: Take ownership of the dmabuf->obj when exporting drm: Allow CAP_PRIME on !MODESET drm/fence: add drm_crtc_create_fence() drm/bridge: analogix: Don't return -EINVAL when panel doesn't support PSR drm/atomic: doc: remove old comment about nonblocking commits drm: Don't block the kworker waiting for mode_config.mutex in output_poll() drm: Return -ENOTSUPP when called for KMS cap with a non-KMS driver drm/amdgpu: don't add files at control minor debugfs directory drm: allow changing DPMS mode drm/qxl: fix use of uninitialized variable drm/qxl: Don't register debugfs for control minors drm/radeon: don't add files at control minor debugfs directory drm/vmwgfx: Switch to mode_cmd2 drm/vgem: Use ww_mutex_(un)lock even with a NULL context drm: Make the connector .detect() callback optional drm/bridge: tc358767: don't warn if display side ASSR enable fails drm: Initialise drm_mm.head_node.allocated drm: Fix locking cargo-cult in encoder/plane init/cleanup drm/doc: Fix indenting in drm_modeset_lock.c comment drm: Protect fb_helper list manipulation with a mutex ... commit bfd5be0f9e0cdcaafaeaa1d59fbcfb5bacb1105a Merge: 6f21890 32859f7 Author: Dave Airlie Date: Fri Dec 9 12:28:16 2016 +1000 Merge branch 'drm-next-4.10' of git://people.freedesktop.org/~agd5f/linux into drm-next Misc fixes and cleanups for 4.10. Highlights: - Cursor fixes for radeon and amdgpu - DPM fixes for some new SI variants - Powerplay fixes - Clock and powergating fixes * 'drm-next-4.10' of git://people.freedesktop.org/~agd5f/linux: (39 commits) drm/amdgpu/dce6: Set MASTER_UPDATE_MODE to 0 in resume_mc_access as well drm/amdgpu: use pin rather than pin_restricted in a few cases drm/amd/powerplay: use pr_debug to print function not implemented message drm/amd/amdgpu: Add gpr reading for GFX v7 drm/amd/amdgpu: Add gpr reading for GFX v6 drm/amd/amdgpu: Add debugfs support for reading GPRs (v2) drm/amd/amdgpu: export vbios information (v2) drm/amd/amdgpu: stored bios_size drm/amdgpu: update golden setting of tonga drm/amdgpu/si: load the proper firmware on 0x87 oland boards drm/amdgpu: add additional pci revision to dpm workaround drm/radeon/si: load the proper firmware on 0x87 oland boards drm/radeon: add additional pci revision to dpm workaround drm/amd/powerplay: Fix potential NULL pointer issue drm/amdgpu: Don't touch GFX hw during HW fini drm/amd/powerplay: Adjust the position of data size initial drm/amd/powerplay: Ignore smu buffer usage drm/amd/powerplay: cut digest part drm/amdgpu: drop redundant vi_mqd define drm/amdgpu: fix gtt available page num accounting ... commit 6f21890989b761d2f5a0d89a4dac1f6531be7d44 Merge: e783fd0 5c2a392 Author: Dave Airlie Date: Fri Dec 9 12:27:54 2016 +1000 Merge tag 'omapdrm-4.10-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tomba/linux into drm-next omapdrm fixes for v4.10 * fix tpd12s015's error handling, which causes omap5 uevm HDMI to fail * fix omapdrm primary plane allocation bug, which makes the display to fail to come up * tag 'omapdrm-4.10-fixes' of git://git.kernel.org/pub/scm/linux/kernel/git/tomba/linux: drm/omap: tpd12s015: fix error handling drm/omap: fix primary-plane's possible_crtcs drm: fix possible_crtc's type commit 5a6e7ec3bfef2ea518061d8d5d77367952770efb Author: Bob Moore Date: Wed Nov 30 15:21:57 2016 +0800 ACPICA: Utilities: Add new decode function for parser values ACPICA commit 198fde8a061ac77357bcf1752e3c988fbe59f128 Implements a decode function for the ARGP_* parser info values for all AML opcodes. Link: https://github.com/acpica/acpica/commit/198fde8a Signed-off-by: Bob Moore Signed-off-by: Lv Zheng Signed-off-by: Rafael J. Wysocki drivers/acpi/acpica/acutils.h | 2 ++ drivers/acpi/acpica/amlcode.h | 1 + drivers/acpi/acpica/utdecode.c | 49 ++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 52 insertions(+) commit e99dda8fc4567db6e39ec25b60bbcd68182dfd7b Author: Mike Snitzer Date: Thu Dec 8 19:42:37 2016 -0500 dm cache policy smq: use hash_32() instead of hash_32_generic() Switch to using hash_32() because hash_32_generic() should only be used by the kernel's selftests. Signed-off-by: Mike Snitzer drivers/md/dm-cache-policy-smq.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 71a2f11511b4d1dc8b8e326e10ec6533b534ddf1 Author: Kuninori Morimoto Date: Mon Dec 5 05:23:20 2016 +0000 clk: add devm_get_clk_from_child() API Some driver is using this type of DT bindings for clock (more detail, see ${LINUX}/Documentation/devicetree/bindings/sound/simple-card.txt). sound_soc { ... cpu { clocks = <&xxx>; ... }; codec { clocks = <&xxx>; ... }; }; Current driver in this case uses of_clk_get() for each node, but there is no devm_of_clk_get() today. OTOH, the problem of having devm_of_clk_get() is that it encourages the use of of_clk_get() when clk_get() is more desirable. Thus, this patch adds new devm_get_clk_from_chile() which explicitly reads as get a clock from a child node of this device. By this function, we can also use this type of DT bindings sound_soc { clocks = <&xxx>, <&xxx>; clock-names = "cpu", "codec"; clock-ranges; ... cpu { ... }; codec { ... }; }; Signed-off-by: Kuninori Morimoto [sboyd@codeurora.org: Rename subject to clk + add API] Signed-off-by: Stephen Boyd drivers/clk/clk-devres.c | 21 +++++++++++++++++++++ include/linux/clk.h | 29 +++++++++++++++++++++++++---- 2 files changed, 46 insertions(+), 4 deletions(-) commit 16cd77645bddbcee951c63b964f23826dadbfd2e Author: Arvind Yadav Date: Mon Sep 19 13:51:24 2016 +0530 clk: st: clk-flexgen: Unmap region obtained by of_iomap Free memory mapping, if probe is not successful. Signed-off-by: Arvind Yadav Signed-off-by: Stephen Boyd drivers/clk/st/clk-flexgen.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit 113ff9c99a6926047e279cdf4479c186b41c5eae Author: Arvind Yadav Date: Tue Sep 20 17:16:55 2016 +0530 clk: keystone: pll: Unmap region obtained by of_iomap Free memory mapping, if of_pll_div_clk_init is not successful. Signed-off-by: Arvind Yadav Signed-off-by: Stephen Boyd drivers/clk/keystone/pll.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) commit 81ba3cc29a03b2cd9360739014b7d8ade88a9863 Author: Arvind Yadav Date: Tue Sep 20 16:38:58 2016 +0530 clk:mmp:clk-of-mmp2: Free memory and Unmap region obtained by kzalloc and of_iomap Free memory and memory mapping , if mmp2_clk_init is not successful. Signed-off-by: Arvind Yadav [sboyd@codeaurora.org: Put return at the right place] Signed-off-by: Stephen Boyd drivers/clk/mmp/clk-of-mmp2.c | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) commit 19b9f29d256f5b088b30109169a711967788fb56 Author: Arvind Yadav Date: Tue Sep 20 16:29:38 2016 +0530 clk:mmp:clk-of-pxa910: Free memory and Unmap region obtained by kzmalloc and of_iomap Free memory and memory mapping , if pxa910_clk_init is not successful. Signed-off-by: Arvind Yadav Signed-off-by: Stephen Boyd drivers/clk/mmp/clk-of-pxa910.c | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) commit 8daa528204de0d8f085013a3ea1d8af755636885 Author: Arvind Yadav Date: Tue Sep 20 15:22:48 2016 +0530 clk: mmp: clk-of-pxa1928: Free memory obtained by kzalloc Free memory, if init is not successful. Signed-off-by: Arvind Yadav Signed-off-by: Stephen Boyd drivers/clk/mmp/clk-of-pxa1928.c | 3 +++ 1 file changed, 3 insertions(+) commit 5785271ef2bb9ca37ba1b40ec56b8d127caf3b2c Author: Christophe JAILLET Date: Fri Nov 11 22:49:05 2016 +0100 clk: cdce925: Fix limit check It is likely that instead of '1>64', 'q>64' was expected. Moreover, according to datasheet, http://www.ti.com/lit/ds/symlink/cdce925.pdf SCAS847I - JULY 2007 - REVISED OCTOBER 2016 PLL settings limits are: 16 <= q <= 63 So change the upper limit check from 64 to 63. Signed-off-by: Christophe JAILLET Signed-off-by: Stephen Boyd drivers/clk/clk-cdce925.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 100edfe33a313f2d076a5edf4b105eeb6137ab9a Author: Stephen Boyd Date: Wed Nov 23 14:41:59 2016 -0800 clk: bcm: Make COMMON_CLK_IPROC into a library The broadcom clk driver Kconfig file selects and depends on the COMMON_CLK_IPROC config for different SoC specific drivers. Let's simplify this by always selecting the COMMON_CLK_IPROC config, turning it into a set of library code. We still want to retain the SoC specific options, so we leave those in place. Since we're here we also drop COMMON_CLK dependency because that's implicitly handled by including this file in drivers/clk/Kconfig in the right place and also make CLK_BCM_KONA default to y on the architecture it exists for instead of plain default y. Cc: Florian Fainelli Cc: Ray Jui Cc: Jon Mason Signed-off-by: Stephen Boyd drivers/clk/bcm/Kconfig | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) commit 447093584fa38fe9cc4862c946007a07b0e6cbd0 Author: Tang Yuantian Date: Thu Nov 24 10:36:55 2016 +0800 clk: qoriq: added ls1012a clock configuration Acked-by: Scott Wood Signed-off-by: Tang Yuantian [sboyd@codeaurora.org: Sorted list] Signed-off-by: Stephen Boyd drivers/clk/clk-qoriq.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) commit 846cc1231a0a020c6e16017ff37d3000c18bd957 Author: Amit Kushwaha Date: Thu Dec 8 18:21:53 2016 +0530 net: socket: preferred __aligned(size) for control buffer This patch cleanup checkpatch.pl warning WARNING: __aligned(size) is preferred over __attribute__((aligned(size))) Signed-off-by: Amit Kushwaha Signed-off-by: David S. Miller net/socket.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 7c43644890414391c41ea5c6887f9da0e6c6839b Merge: 107bc0a b0d6636 Author: David S. Miller Date: Thu Dec 8 18:16:52 2016 -0500 Merge branch 'liquidio-VF-offloads-and-stats' Raghu Vatsavayi says: ==================== liquidio VF offloads and stats Following is final patch series in completing the liquidio VF driver support. These patches have minor changes related to offloads and stats. Please apply patches in following order as some of them depend on earlier patches. ==================== Signed-off-by: David S. Miller commit b0d66369edcdb35003feceeb05eb39844dab9769 Author: Raghu Vatsavayi Date: Thu Dec 8 13:00:48 2016 -0800 liquidio VF error handling Adds support for VF error handling. Signed-off-by: Raghu Vatsavayi Signed-off-by: Derek Chickles Signed-off-by: Satanand Burla Signed-off-by: Felix Manlunas Signed-off-by: David S. Miller drivers/net/ethernet/cavium/liquidio/lio_vf_main.c | 139 +++++++++++++++++++++ 1 file changed, 139 insertions(+) commit f625fe620815403676a012b18c3ddc501c73f03d Author: Raghu Vatsavayi Date: Thu Dec 8 13:00:47 2016 -0800 liquidio VF timestamp Adds support for VF timestamp. Signed-off-by: Raghu Vatsavayi Signed-off-by: Derek Chickles Signed-off-by: Satanand Burla Signed-off-by: Felix Manlunas Signed-off-by: David S. Miller drivers/net/ethernet/cavium/liquidio/lio_vf_main.c | 180 ++++++++++++++++++++- 1 file changed, 179 insertions(+), 1 deletion(-) commit d8ab848c6b4fc2efee14fd37afdc4d27fc237f4f Author: Raghu Vatsavayi Date: Thu Dec 8 13:00:46 2016 -0800 liquidio VF ethtool stats Adds support for VF ethtool stats Signed-off-by: Raghu Vatsavayi Signed-off-by: Derek Chickles Signed-off-by: Satanand Burla Signed-off-by: Felix Manlunas Signed-off-by: David S. Miller .../ethernet/cavium/liquidio/cn23xx_vf_device.h | 2 + drivers/net/ethernet/cavium/liquidio/lio_ethtool.c | 512 +++++++++++++++++---- drivers/net/ethernet/cavium/liquidio/lio_vf_main.c | 79 ++++ 3 files changed, 495 insertions(+), 98 deletions(-) commit c05ebcc8a5136a44dc1c5122372ccf725109a13b Author: Raghu Vatsavayi Date: Thu Dec 8 13:00:45 2016 -0800 liquidio VF vxlan Adds VF vxlan offload support. Signed-off-by: Raghu Vatsavayi Signed-off-by: Derek Chickles Signed-off-by: Satanand Burla Signed-off-by: Felix Manlunas Signed-off-by: David S. Miller drivers/net/ethernet/cavium/liquidio/lio_vf_main.c | 97 +++++++++++++++++++++- 1 file changed, 94 insertions(+), 3 deletions(-) commit 2135f9b112b8d0670f5328486da6047e1b49dd8c Author: Raghu Vatsavayi Date: Thu Dec 8 13:00:44 2016 -0800 liquidio VF vlan support Adds support for VF vlan features. Signed-off-by: Raghu Vatsavayi Signed-off-by: Derek Chickles Signed-off-by: Satanand Burla Signed-off-by: Felix Manlunas Signed-off-by: David S. Miller drivers/net/ethernet/cavium/liquidio/lio_vf_main.c | 80 ++++++++++++++++++++++ 1 file changed, 80 insertions(+) commit f8d17344a60921c2387759fc0a85aa64299d1ec6 Author: Grygorii Strashko Date: Tue Nov 29 17:07:57 2016 -0600 clk: ti: dra7: fix "failed to lookup clock node gmac_gmii_ref_clk_div" boot message Prevent creating clk alias for non existing gmac_gmii_ref_clk_div clock and, this way, eliminate excessive error message during boot: "ti_dt_clocks_register: failed to lookup clock node gmac_gmii_ref_clk_div" Fixes: c097338ebd3f ("ARM: dts: dra7: cpsw: fix clocks tree") Signed-off-by: Grygorii Strashko Signed-off-by: Stephen Boyd drivers/clk/ti/clk-7xx.c | 1 - 1 file changed, 1 deletion(-) commit d86d46af84855403c00018be1c3e7bc190f2a6cd Author: Boris Brezillon Date: Thu Dec 1 22:00:20 2016 +0100 clk: bcm: Allow rate change propagation to PLLH_AUX on VEC clock The VEC clock requires needs to be set at exactly 108MHz. Allow rate change propagation on PLLH_AUX to match this requirement wihtout impacting other IPs (PLLH is currently only used by the HDMI encoder, which cannot be enabled when the VEC encoder is enabled). Signed-off-by: Boris Brezillon Reviewed-by: Eric Anholt Signed-off-by: Stephen Boyd drivers/clk/bcm/clk-bcm2835.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) commit 155e8b3b0ee320ae866b97dd31eba8a1f080a772 Author: Boris Brezillon Date: Thu Dec 1 22:00:19 2016 +0100 clk: bcm: Support rate change propagation on bcm2835 clocks Some peripheral clocks, like the VEC (Video EnCoder) clock need to be set to a precise rate (in our case 108MHz). With the current implementation, where peripheral clocks are not allowed to forward rate change requests to their parents, it is impossible to match this requirement unless the bootloader has configured things correctly, or a specific rate has been assigned through the DT (with the assigned-clk-rates property). Add a new field to struct bcm2835_clock_data to specify which parent clocks accept rate change propagation, and support set rate propagation in bcm2835_clock_determine_rate(). Signed-off-by: Boris Brezillon Reviewed-by: Eric Anholt Signed-off-by: Stephen Boyd drivers/clk/bcm/clk-bcm2835.c | 67 ++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 63 insertions(+), 4 deletions(-) commit 68af4fa8f39b542a6cde7ac19518d88e9b3099dc Author: Boris Brezillon Date: Thu Dec 1 20:27:21 2016 +0100 clk: bcm2835: Avoid overwriting the div info when disabling a pll_div clk bcm2835_pll_divider_off() is resetting the divider field in the A2W reg to zero when disabling the clock. Make sure we preserve this value by reading the previous a2w_reg value first and ORing the result with A2W_PLL_CHANNEL_DISABLE. Signed-off-by: Boris Brezillon Fixes: 41691b8862e2 ("clk: bcm2835: Add support for programming the audio domain clocks") Cc: Reviewed-by: Eric Anholt Signed-off-by: Stephen Boyd drivers/clk/bcm/clk-bcm2835.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit a897b6664e9565c980f76af1c123cb0597d79822 Author: Josef Bacik Date: Mon Dec 5 16:20:29 2016 -0500 nbd: use dev_err_ratelimited in io path While doing stress tests we noticed that we'd get a lot of dmesg spam if we suddenly disconnected the nbd device out of band. Rate limit the messages in the io path in order to deal with this. Signed-off-by: Josef Bacik Signed-off-by: Jens Axboe drivers/block/nbd.c | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) commit 20032ec38d1614f29c5a8e6cfc5b5326685fa99b Author: Josef Bacik Date: Thu Dec 8 09:52:35 2016 -0500 nbd: reset the setup task for NBD_CLEAR_SOCK If an app exits before running NBD_DO_IT but after adding sockets we can end up not being allowed to do a new nbd device. Fix this by making NBD_CLEAR_SOCK reset the setup_task. Signed-off-by: Josef Bacik Signed-off-by: Jens Axboe drivers/block/nbd.c | 1 + 1 file changed, 1 insertion(+) commit ae2aae2421983f6f68eb7c4692624bc43ea50712 Author: Kevin Barnett Date: Thu Dec 8 10:29:29 2016 -0600 scsi: aacraid: remove wildcard for series 9 controllers Controllers with this PCI ID never shipped outside of PMCS/Microsemi. Remove the ID from the aacraid driver. smartpqi is the correct driver for these controllers. [mkp: patch description] Reviewed-by: Scott Teel Signed-off-by: Kevin Barnett Signed-off-by: Don Brace Signed-off-by: Martin K. Petersen drivers/scsi/aacraid/linit.c | 2 -- 1 file changed, 2 deletions(-) commit b39205d248b9c3ce0548859ed786badb2e0db0bd Author: Tyrel Datwyler Date: Wed Dec 7 17:31:26 2016 -0600 scsi: ibmvscsi: add write memory barrier to CRQ processing The first byte of each CRQ entry is used to indicate whether an entry is a valid response or free for the VIOS to use. After processing a response the driver sets the valid byte to zero to indicate the entry is now free to be reused. Add a memory barrier after this write to ensure no other stores are reordered when updating the valid byte. Signed-off-by: Tyrel Datwyler Reviewed-by: Brian King Signed-off-by: Martin K. Petersen drivers/scsi/ibmvscsi/ibmvscsi.c | 2 ++ 1 file changed, 2 insertions(+) commit 15c9274699e8b6dd4bfd7a205c0dc06653e6400d Author: Tyrel Datwyler Date: Wed Dec 7 16:04:36 2016 -0600 scsi: ibmvscsi: log bad SRP response opcode in hex format An unrecogonized or unsupported SRP response has its opcode currently logged in decimal format. Log it in hex format instead so it can easily be validated against the SRP specs values which are in hex. Signed-off-by: Tyrel Datwyler Reviewed-by: Johannes Thumshirn Signed-off-by: Martin K. Petersen drivers/scsi/ibmvscsi/ibmvscsi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 32d6e4b6e4ea589cf46518e99f8e6a25ccef023e Author: Tyrel Datwyler Date: Wed Dec 7 16:04:35 2016 -0600 scsi: ibmvscsi: add vscsi hosts to global list_head Add each vscsi host adatper to a new global list_head named ibmvscsi_head. There is no functional change. This is meant primarily as a convience for locating adapters from within the debugger or crash utility. [mkp: fixed typo] Signed-off-by: Tyrel Datwyler Reviewed-by: Johannes Thumshirn Signed-off-by: Martin K. Petersen drivers/scsi/ibmvscsi/ibmvscsi.c | 3 +++ drivers/scsi/ibmvscsi/ibmvscsi.h | 1 + 2 files changed, 4 insertions(+) commit b84ca6e9c74d30e4a1ebc19a7f6a6e616e08dfd4 Author: Subhash Jadavani Date: Mon Dec 5 19:25:42 2016 -0800 scsi: ufs-qcom: fix bug with read/modify write of UFS_CFG1 ufs_qcom_print_hw_debug_reg_all() function is having a bug where it might incorrectly modify undesired bits in UFS_CFG1 register, this change fixes it. Reviewed-by: Venkat Gopalakrishnan Signed-off-by: Subhash Jadavani Signed-off-by: Martin K. Petersen drivers/scsi/ufs/ufs-qcom.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 56d4a1866d748732fd8d690b2c2156bbc9c9eb02 Author: Subhash Jadavani Date: Mon Dec 5 19:25:32 2016 -0800 scsi: ufs: add quirk to increase host PA_SaveConfigTime The maximum value PA_SaveConfigTime is 250 (10us) but this is not enough for some vendors. Gear switch from PWM to HS may fail even with this max. PA_SaveConfigTime. Gear switch can be issued by host controller as an error recovery and any software delay will not help on this case so we need to increase PA_SaveConfigTime to >32us as per vendor recommendation. This change adds a quirk to increase the PA_SaveConfigTime parameter. Reviewed-by: Venkat Gopalakrishnan Signed-off-by: Subhash Jadavani Signed-off-by: Martin K. Petersen drivers/scsi/ufs/ufs-qcom.c | 30 ++++++++++++++++++++++++++++++ drivers/scsi/ufs/ufs-qcom.h | 1 + drivers/scsi/ufs/ufs_quirks.h | 30 +++++++++--------------------- drivers/scsi/ufs/ufshcd.c | 26 ++++++++++++++++++++++++++ drivers/scsi/ufs/ufshcd.h | 12 ++++++++++-- 5 files changed, 76 insertions(+), 23 deletions(-) commit ab436706e4a86719595012424ecefbdf4a84cc30 Author: Yaniv Gardi Date: Mon Dec 5 19:25:15 2016 -0800 scsi: ufs-qcom: add probe_defer in case phy driver not probed yet In case UFS driver is probed before the phy driver does, the UFS driver should return a PROBE_DEFER code. Signed-off-by: Yaniv Gardi Signed-off-by: Subhash Jadavani Signed-off-by: Martin K. Petersen drivers/scsi/ufs/ufs-qcom.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) commit c01848c67d48aa51c4e80c76e1d08d9891d27a5a Author: Yaniv Gardi Date: Mon Dec 5 19:25:02 2016 -0800 scsi: ufs: add support for UFS HCI 2.1 The UFS HCI v2.1 includes a few additional registers. This change updates the HCI register, the UFS version register content and the Interrupt Status register. Signed-off-by: Yaniv Gardi Signed-off-by: Subhash Jadavani Signed-off-by: Martin K. Petersen drivers/scsi/ufs/ufshcd.c | 29 +++++++++++++++++++++++++---- drivers/scsi/ufs/ufshci.h | 7 +++++++ 2 files changed, 32 insertions(+), 4 deletions(-) commit 70439e93345ec5605f1cb3fa7a8f70bc968e6cb2 Author: Finn Thain Date: Mon Dec 5 01:07:20 2016 -0500 scsi: g_NCR5380: Autoprobe board IRQ by default Automatically probe the board irq when no irq parameter is provided, to simulate PnP. The old default behaviour was to disable the irq. Update driver documentation accordingly and add some printk messages to make this behaviour visible. Signed-off-by: Finn Thain Tested-by: Ondrej Zary Signed-off-by: Martin K. Petersen Documentation/scsi/g_NCR5380.txt | 46 ++++++++++++++++++++-------------------- drivers/scsi/g_NCR5380.c | 30 +++++++++++++++----------- 2 files changed, 41 insertions(+), 35 deletions(-) commit 145c3ae4c1933d0dceb11d19a36de3458d1872cb Author: Finn Thain Date: Mon Dec 5 01:07:20 2016 -0500 scsi: g_NCR5380: Fix automatic IRQ on HP C2502 cards When IRQ_AUTO is used, the interrupt for HP C2502 cards gets disabled. Fix this by programming the card for a suitable free irq. The code for the free irq search comes from ALSA. Also allow IRQ 9 to work (it aliases to IRQ 2 on the card), as per Ondrej Zary's patch. Suggested-by: Ondrej Zary Signed-off-by: Finn Thain Tested-by: Ondrej Zary Signed-off-by: Martin K. Petersen drivers/scsi/g_NCR5380.c | 70 +++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 57 insertions(+), 13 deletions(-) commit 906e4a3c7e03701008d343daec8952d6cf49f82b Author: Ondrej Zary Date: Mon Dec 5 01:07:20 2016 -0500 scsi: g_NCR5380: Use probe_irq_*() for IRQ probing Use standard probe_irq_on() and probe_irq_off() functions instead of own implementation. This prevents warning messages like this in the kernel log: genirq: Flags mismatch irq 1. 00000000 (NCR-probe) vs. 00000080 (i8042) Move the IRQ trigger code from NCR5380 to g_NCR5380 where it is used. Also clear interrupt flag before and after the probe. Signed-off-by: Ondrej Zary Signed-off-by: Finn Thain Tested-by: Ondrej Zary Signed-off-by: Martin K. Petersen drivers/scsi/NCR5380.c | 77 +----------------------------------------------- drivers/scsi/NCR5380.h | 11 ------- drivers/scsi/g_NCR5380.c | 52 +++++++++++++++++++++++++++++++- drivers/scsi/g_NCR5380.h | 2 ++ 4 files changed, 54 insertions(+), 88 deletions(-) commit 89fa9b5cb08c9d8ad709415b88395be463eceeee Author: Ondrej Zary Date: Mon Dec 5 01:07:19 2016 -0500 scsi: g_NCR5380: Check for chip presence before calling NCR5380_init() Write and read back mode register to check that a chip is really there. If no card is present, reads result in 0xff. Signed-off-by: Ondrej Zary Signed-off-by: Finn Thain Tested-by: Ondrej Zary Signed-off-by: Martin K. Petersen drivers/scsi/g_NCR5380.c | 7 +++++++ 1 file changed, 7 insertions(+) commit 035cd485a47dda64f25ccf8a90b11a07d0b7aa7a Author: Richard Watts Date: Fri Dec 2 23:14:38 2016 +0200 clk: ti: omap36xx: Work around sprz319 advisory 2.1 The OMAP36xx DPLL5, driving EHCI USB, can be subject to a long-term frequency drift. The frequency drift magnitude depends on the VCO update rate, which is inversely proportional to the PLL divider. The kernel DPLL configuration code results in a high value for the divider, leading to a long term drift high enough to cause USB transmission errors. In the worst case the USB PHY's ULPI interface can stop responding, breaking USB operation completely. This manifests itself on the Beagleboard xM by the LAN9514 reporting 'Cannot enable port 2. Maybe the cable is bad?' in the kernel log. Errata sprz319 advisory 2.1 documents PLL values that minimize the drift. Use them automatically when DPLL5 is used for USB operation, which we detect based on the requested clock rate. The clock framework will still compute the PLL parameters and resulting rate as usual, but the PLL M and N values will then be overridden. This can result in the effective clock rate being slightly different than the rate cached by the clock framework, but won't cause any adverse effect to USB operation. Signed-off-by: Richard Watts [Upported from v3.2 to v4.9] Signed-off-by: Laurent Pinchart Tested-by: Ladislav Michl Signed-off-by: Stephen Boyd drivers/clk/ti/clk-3xxx.c | 20 +++++++------- drivers/clk/ti/clock.h | 9 +++++++ drivers/clk/ti/dpll.c | 19 +++++++++++++- drivers/clk/ti/dpll3xxx.c | 67 +++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 104 insertions(+), 11 deletions(-) commit e53f9a28bee35932a0ae4d2ec2784f55491ec6d3 Author: David Daney Date: Thu Nov 17 14:25:01 2016 -0800 PCI/ASPM: Don't retrain link if ASPM not possible Some (defective) PCIe devices are not able to reliably do link retraining. Check to see if ASPM is possible between link partners before configuring common clocking, and doing the resulting link retraining. If ASPM is not possible, there is no reason to risk losing access to a device due to an unnecessary link retraining. Signed-off-by: David Daney Signed-off-by: Bjorn Helgaas drivers/pci/pcie/aspm.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) commit 5d47ec02c37ea632398cb251c884e3a488dff794 Author: Bjorn Andersson Date: Tue Dec 6 17:01:45 2016 -0800 firmware: Correct handling of fw_state_wait() return value When request_firmware() finds an already open firmware object it will wait for that object to become fully loaded and then check the status. As __fw_state_wait_common() succeeds the timeout value returned will be truncated in _request_firmware_prepare() and interpreted as -EPERM. Prior to "firmware: do not use fw_lock for fw_state protection" the code did test if we where in the "done" state before sleeping, causing this particular code path to succeed, in some cases. As the callers are interested in the result of the wait and not the remaining timeout the return value of __fw_state_wait_common() is changed to signal "done" or "error", which simplifies the logic in _request_firmware_load() as well. Fixes: 5b029624948d ("firmware: do not use fw_lock for fw_state protection") Signed-off-by: Bjorn Andersson Reviewed-by: Daniel Wagner Acked-by: Luis R. Rodriguez Signed-off-by: Greg Kroah-Hartman drivers/base/firmware_class.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) commit 3e0f9b2ca8e4839335e4d64ec0a75f4fd5111c4b Author: Ian Abbott Date: Thu Dec 8 13:53:10 2016 +0000 staging: comedi: comedidev.h: Document usage of 'detach' handler Document when the "detach" handler function pointed to by the `detach` member of a `struct comedi_driver` is called by the comedi core, and how the "attach" and "auto_attach" handlers can defer clean-up to it when they return an error to the comedi core. This is already mentioned as part of the documentation for `comedi_auto_config()`, but is useful to document it for `struct comedi_driver` as well, since `comedi_auto_config()` is not usually called directly by low-level comedi drivers, and it is not called at all for "legacy" comedi devices that are configured manually. Signed-off-by: Ian Abbott Signed-off-by: Greg Kroah-Hartman drivers/staging/comedi/comedidev.h | 12 ++++++++++++ 1 file changed, 12 insertions(+) commit 3c87f653af6f5a94d30786903fe79f5816ec08f3 Author: Stuart Yoder Date: Wed Dec 7 17:29:01 2016 -0600 staging: fsl-mc: remove unnecessary info prints from bus driver remove pr_info/dev_info prints that add unnecessary verbosity Signed-off-by: Stuart Yoder Signed-off-by: Greg Kroah-Hartman drivers/staging/fsl-mc/bus/fsl-mc-bus.c | 6 ------ 1 file changed, 6 deletions(-) commit b4904595e624cf0a62ab3bce7d08cdbe1c22443c Author: Stuart Yoder Date: Wed Dec 7 17:29:00 2016 -0600 staging: fsl-mc: add sysfs ABI doc define the bind/unbind sysfs interfaces for the fsl-mc bus Signed-off-by: Stuart Yoder Signed-off-by: Greg Kroah-Hartman Documentation/ABI/testing/sysfs-bus-fsl-mc | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) commit 107bc0aa95ca572df42da43c30a2079266e992e4 Merge: ea1e76f a62da6f Author: David S. Miller Date: Thu Dec 8 14:33:17 2016 -0500 Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next Johan Hedberg says: ==================== pull request: bluetooth-next 2016-12-08 I didn't miss your "net-next is closed" email, but it did come as a bit of a surprise, and due to time-zone differences I didn't have a chance to react to it until now. We would have had a couple of patches in bluetooth-next that we'd still have wanted to get to 4.10. Out of these the most critical one is the H7/CT2 patch for Bluetooth Security Manager Protocol, something that couldn't be published before the Bluetooth 5.0 specification went public (yesterday). If these really can't go to net-next we'll likely be sending at least this patch through bluetooth.git to net.git for rc1 inclusion. ==================== Signed-off-by: David S. Miller commit ea1e76f78a30c7055afd9e94f785743eeda71c52 Author: Ganesh Goudar Date: Thu Dec 8 13:16:25 2016 +0530 cxgb4/cxgb4vf: Remove deprecated module parameters Remove deprecated module parameters num_vf, dflt_msg_enable and force_init. Signed-off-by: Ganesh Goudar Signed-off-by: David S. Miller drivers/net/ethernet/chelsio/cxgb4/cxgb4_main.c | 41 +--------------------- .../net/ethernet/chelsio/cxgb4vf/cxgb4vf_main.c | 9 +---- 2 files changed, 2 insertions(+), 48 deletions(-) commit 293bfa9b48614137c1514bd091dff8e2a894dad7 Merge: 8a03cf2 12d8bb6 Author: David S. Miller Date: Thu Dec 8 14:25:14 2016 -0500 Merge branch 'xdp-head-adjustment' Martin KaFai Lau says: ==================== Allow head adjustment in XDP prog This series adds a helper to allow head adjusting in XDP prog. mlx4 driver has been modified to support this feature. An example is written to encapsulate a packet with an IPv4/v6 header and then XDP_TX it out. v4: 1. Remove XDP_QUERY_FEATURES command. Instead, check the prog->xdp_adjust_head bit inside the driver itself during XDP_SETUP_PROG in patch 1of4. Thanks for everybody's ideas. 2. Nit changes on sample code per Jesper v3: 1. Check if the driver supports head adjustment before setting the xdp_prog fd to the device in patch 1of4. 2. Remove the page alignment assumption on the data_hard_start. Instead, add data_hard_start to the struct xdp_buff and the driver has to fill it if it supports head adjustment. 3. Keep the wire MTU as before in mlx4 4. Set map0_byte_count to PAGE_SIZE in patch 3of4 v2: 1. Make a variable name change in bpf_xdp_adjust_head() in patch 1 2. Ensure no less than ETH_HLEN data in bpf_xdp_adjust_head() in patch 1 3. Some clarifications in commit log messages of patch 2 and 3 ==================== Signed-off-by: David S. Miller commit 12d8bb64e3f65f5287ff17c084d076a28daa8096 Author: Martin KaFai Lau Date: Wed Dec 7 15:53:14 2016 -0800 bpf: xdp: Add XDP example for head adjustment The XDP prog checks if the incoming packet matches any VIP:PORT combination in the BPF hashmap. If it is, it will encapsulate the packet with a IPv4/v6 header as instructed by the value of the BPF hashmap and then XDP_TX it out. The VIP:PORT -> IP-Encap-Info can be specified by the cmd args of the user prog. Acked-by: Alexei Starovoitov Signed-off-by: Martin KaFai Lau Signed-off-by: David S. Miller samples/bpf/Makefile | 4 + samples/bpf/bpf_helpers.h | 2 + samples/bpf/bpf_load.c | 94 +++++++++++++ samples/bpf/bpf_load.h | 1 + samples/bpf/xdp1_user.c | 93 ------------- samples/bpf/xdp_tx_iptunnel_common.h | 37 +++++ samples/bpf/xdp_tx_iptunnel_kern.c | 236 ++++++++++++++++++++++++++++++++ samples/bpf/xdp_tx_iptunnel_user.c | 256 +++++++++++++++++++++++++++++++++++ 8 files changed, 630 insertions(+), 93 deletions(-) commit ea3349a03519dcd4f32d949cd80ab995623dc5ac Author: Martin KaFai Lau Date: Wed Dec 7 15:53:13 2016 -0800 mlx4: xdp: Reserve headroom for receiving packet when XDP prog is active Reserve XDP_PACKET_HEADROOM for packet and enable bpf_xdp_adjust_head() support. This patch only affects the code path when XDP is active. After testing, the tx_dropped counter is incremented if the xdp_prog sends more than wire MTU. Signed-off-by: Martin KaFai Lau Acked-by: Saeed Mahameed Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx4/en_netdev.c | 8 ++------ drivers/net/ethernet/mellanox/mlx4/en_rx.c | 24 ++++++++++++++++++------ drivers/net/ethernet/mellanox/mlx4/en_tx.c | 9 +++++---- drivers/net/ethernet/mellanox/mlx4/mlx4_en.h | 3 ++- 4 files changed, 27 insertions(+), 17 deletions(-) commit b45f0674b997ee769907d6092dfa9ee8f59bb51d Author: Martin KaFai Lau Date: Wed Dec 7 15:53:12 2016 -0800 mlx4: xdp: Allow raising MTU up to one page minus eth and vlan hdrs When XDP is active in mlx4, mlx4 is using one page/pkt. At the same time (i.e. when XDP is active), it is currently limiting MTU to be FRAG_SZ0 - ETH_HLEN - (2 * VLAN_HLEN) which is 1514 in x86. AFAICT, we can at least raise the MTU limit up to PAGE_SIZE - ETH_HLEN - (2 * VLAN_HLEN) which this patch is doing. It will be useful in the next patch which allows XDP program to extend the packet by adding new header(s). Note: In the earlier XDP patches, there is already existing guard to ensure the page/pkt scheme only applies when XDP is active in mlx4. Signed-off-by: Martin KaFai Lau Acked-by: Saeed Mahameed Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx4/en_netdev.c | 28 +++++++++++----- drivers/net/ethernet/mellanox/mlx4/en_rx.c | 46 ++++++++++++++------------ 2 files changed, 44 insertions(+), 30 deletions(-) commit 17bedab2723145d17b14084430743549e6943d03 Author: Martin KaFai Lau Date: Wed Dec 7 15:53:11 2016 -0800 bpf: xdp: Allow head adjustment in XDP prog This patch allows XDP prog to extend/remove the packet data at the head (like adding or removing header). It is done by adding a new XDP helper bpf_xdp_adjust_head(). It also renames bpf_helper_changes_skb_data() to bpf_helper_changes_pkt_data() to better reflect that XDP prog does not work on skb. This patch adds one "xdp_adjust_head" bit to bpf_prog for the XDP-capable driver to check if the XDP prog requires bpf_xdp_adjust_head() support. The driver can then decide to error out during XDP_SETUP_PROG. Signed-off-by: Martin KaFai Lau Acked-by: Daniel Borkmann Acked-by: Alexei Starovoitov Acked-by: John Fastabend Signed-off-by: David S. Miller arch/powerpc/net/bpf_jit_comp64.c | 4 ++-- arch/s390/net/bpf_jit_comp.c | 2 +- arch/x86/net/bpf_jit_comp.c | 2 +- drivers/net/ethernet/mellanox/mlx4/en_netdev.c | 5 ++++ drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 5 ++++ .../net/ethernet/netronome/nfp/nfp_net_common.c | 4 ++++ drivers/net/ethernet/qlogic/qede/qede_main.c | 5 ++++ include/linux/filter.h | 6 +++-- include/uapi/linux/bpf.h | 11 ++++++++- kernel/bpf/core.c | 2 +- kernel/bpf/syscall.c | 2 ++ kernel/bpf/verifier.c | 2 +- net/core/filter.c | 28 ++++++++++++++++++++-- 13 files changed, 67 insertions(+), 11 deletions(-) commit 8a03cf2cb7efe269913db079afb8c31f20bf0bef Merge: d2a4dd3 02dc1f3 Author: David S. Miller Date: Thu Dec 8 14:21:48 2016 -0500 Merge branch 'lan7801-mac-only' Woojung Huh says: ==================== phy: lan78xx: add phy fixup unregister functions & LAN7801 update V2 patch of adding phy fixup unregister function with use in LAN7801 update. ==================== Signed-off-by: David S. Miller commit 02dc1f3d613d5a859513d7416c9aca370425a7e0 Author: Woojung Huh Date: Wed Dec 7 20:26:25 2016 +0000 lan78xx: add LAN7801 MAC only support Add LAN7801 MAC only support with phy fixup functions. Signed-off-by: Woojung Huh Signed-off-by: David S. Miller drivers/net/usb/Kconfig | 5 +++ drivers/net/usb/lan78xx.c | 109 +++++++++++++++++++++++++++++++++++++++++++++- drivers/net/usb/lan78xx.h | 14 ++++++ 3 files changed, 126 insertions(+), 2 deletions(-) commit f38e7a32ee4fc9c8aeeac59e6e0462cd281586e3 Author: Woojung.Huh@microchip.com Date: Wed Dec 7 20:26:07 2016 +0000 phy: add phy fixup unregister functions >From : Woojung Huh Add functions to unregister phy fixup for modules. int phy_unregister_fixup(const char *bus_id, u32 phy_uid, u32 phy_uid_mask) Unregister phy fixup from phy_fixup_list per bus_id, phy_uid & phy_uid_mask int phy_unregister_fixup_for_uid(u32 phy_uid, u32 phy_uid_mask) Unregister phy fixup from phy_fixup_list. Use it for fixup registered by phy_register_fixup_for_uid() int phy_unregister_fixup_for_id(const char *bus_id) Unregister phy fixup from phy_fixup_list. Use it for fixup registered by phy_register_fixup_for_id() Signed-off-by: Woojung Huh Signed-off-by: David S. Miller Documentation/networking/phy.txt | 9 ++++++++ drivers/net/phy/phy_device.c | 47 ++++++++++++++++++++++++++++++++++++++++ include/linux/phy.h | 4 ++++ 3 files changed, 60 insertions(+) commit 32859f7335d838ee373c40ee0b3c0c6ebc87a488 Author: Michel Dänzer Date: Tue Dec 6 18:33:03 2016 +0900 drm/amdgpu/dce6: Set MASTER_UPDATE_MODE to 0 in resume_mc_access as well Looks like this was missed when dce_v6_0.c was added. Fixes: e2cdf640cbb5 ("drm/amdgpu: add display controller implementation for si v10") Reviewed-by: Christian König Reviewed-by: Alex Deucher Signed-off-by: Michel Dänzer Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org drivers/gpu/drm/amd/amdgpu/dce_v6_0.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 027c431ccfcc89f7398d9f3e9bc2eb60e6cc57ad Author: Ondrej Kozina Date: Thu Dec 1 18:20:52 2016 +0100 dm crypt: reject key strings containing whitespace chars Unfortunately key_string may theoretically contain whitespace even after it's processed by dm_split_args(). The reason for this is DM core supports escaping of almost all chars including any whitespace. If userspace passes a key to the kernel in format ":32:logon:my_prefix:my\ key" dm-crypt will look up key "my_prefix:my key" in kernel keyring service. So far everything's fine. Unfortunately if userspace later calls DM_TABLE_STATUS ioctl, it will not receive back expected ":32:logon:my_prefix:my\ key" but the unescaped version instead. Also userpace (most notably cryptsetup) is not ready to parse single target argument containing (even escaped) whitespace chars and any whitespace is simply taken as delimiter of another argument. This effect is mitigated by the fact libdevmapper curently performs double escaping of '\' char. Any user input in format "x\ x" is transformed into "x\\ x" before being passed to the kernel. Nonetheless dm-crypt may be used without libdevmapper. Therefore the near-term solution to this is to reject any key string containing whitespace. Signed-off-by: Ondrej Kozina Signed-off-by: Mike Snitzer drivers/md/dm-crypt.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) commit b446396b7482938c859bfaa42320026d158616ae Author: Benjamin Marzinski Date: Sun Dec 4 23:26:38 2016 -0600 dm space map: always set ev if sm_ll_mutate() succeeds If no block was allocated or freed, sm_ll_mutate() wasn't setting *ev, leaving the variable unitialized. sm_ll_insert(), sm_disk_inc_block(), and sm_disk_new_block() all check ev to see if there was an allocation event in sm_ll_mutate(), possibly reading unitialized data. If no allocation event occured, sm_ll_mutate() should set *ev to SM_NONE. Signed-off-by: Benjamin Marzinski Acked-by: Joe Thornber Signed-off-by: Mike Snitzer drivers/md/persistent-data/dm-space-map-common.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 0c79ce0b75304fbbe42282a7d40af4367e31efc6 Author: Benjamin Marzinski Date: Fri Dec 2 15:14:17 2016 -0600 dm space map metadata: skip useless memcpy in metadata_ll_init_index() When metadata_ll_init_index() is called by sm_ll_new_metadata(), ll->mi_le hasn't been initialized yet. So, when metadata_ll_init_index() copies the contents of ll->mi_le into the newly allocated bitmap_root, it is just copying garbage. ll->mi_le will be allocated later in sm_ll_extend() and copied into the bitmap_root, in sm_ll_commit(). Signed-off-by: Benjamin Marzinski Signed-off-by: Mike Snitzer drivers/md/persistent-data/dm-space-map-common.c | 1 - 1 file changed, 1 deletion(-) commit 314c25c56c1ee5026cf99c570bdfe01847927acb Author: Benjamin Marzinski Date: Wed Nov 30 17:56:14 2016 -0600 dm space map metadata: fix 'struct sm_metadata' leak on failed create In dm_sm_metadata_create() we temporarily change the dm_space_map operations from 'ops' (whose .destroy function deallocates the sm_metadata) to 'bootstrap_ops' (whose .destroy function doesn't). If dm_sm_metadata_create() fails in sm_ll_new_metadata() or sm_ll_extend(), it exits back to dm_tm_create_internal(), which calls dm_sm_destroy() with the intention of freeing the sm_metadata, but it doesn't (because the dm_space_map operations is still set to 'bootstrap_ops'). Fix this by setting the dm_space_map operations back to 'ops' if dm_sm_metadata_create() fails when it is set to 'bootstrap_ops'. Signed-off-by: Benjamin Marzinski Acked-by: Joe Thornber Signed-off-by: Mike Snitzer Cc: stable@vger.kernel.org drivers/md/persistent-data/dm-space-map-metadata.c | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) commit 58fc4fedee4a6e6e42f01da6ebaa0de0088fc8e3 Author: Heinz Mauelshagen Date: Tue Nov 29 19:26:08 2016 +0100 Documentation: dm raid: define data_offset status field Signed-off-by: Heinz Mauelshagen Signed-off-by: Mike Snitzer Documentation/device-mapper/dm-raid.txt | 4 ++++ 1 file changed, 4 insertions(+) commit 11e2968478edc07a75ee1efb45011b3033c621c2 Author: Heinz Mauelshagen Date: Tue Nov 29 22:37:30 2016 +0100 dm raid: fix discard support regression Commit ecbfb9f118 ("dm raid: add raid level takeover support") moved the configure_discard_support() call from raid_ctr() to raid_preresume(). Enabling/disabling discard _must_ happen during table load (through the .ctr hook). Fix this regression by moving the configure_discard_support() call back to raid_ctr(). Fixes: ecbfb9f118 ("dm raid: add raid level takeover support") Cc: stable@vger.kernel.org # 4.8+ Signed-off-by: Heinz Mauelshagen Signed-off-by: Mike Snitzer drivers/md/dm-raid.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) commit affa9d28f7e9a802c8f497ed54fe79a5689d95e9 Author: Heinz Mauelshagen Date: Thu Nov 24 18:53:44 2016 +0100 dm raid: don't allow "write behind" with raid4/5/6 Remove CTR_FLAG_MAX_WRITE_BEHIND from raid4/5/6's valid ctr flags. Only the md raid1 personality supports setting a maximum number of "write behind" write IOs on any legs set to "write mostly". "write mostly" enhances throughput with slow links/disks. Technically the "write behind" value is a write intent bitmap property only being respected by the raid1 personality. It allows a maximum number of "write behind" writes to any "write mostly" raid1 mirror legs to be delayed and avoids reads from such legs. No other MD personalities supported via dm-raid make use of "write behind", thus setting this property is superfluous; it wouldn't cause harm but it is correct to reject it. Signed-off-by: Heinz Mauelshagen Signed-off-by: Mike Snitzer drivers/md/dm-raid.c | 2 -- 1 file changed, 2 deletions(-) commit 54cd640d20de46bb54747286ca19f3995be921f2 Author: tang.junhui Date: Thu Nov 24 15:11:48 2016 +0800 dm mpath: use hw_handler_params if attached hw_handler is same as requested Let the requested m->hw_handler_params be used if the attached hardware handler is the same handler as requested with m->hw_handler_name. Signed-off-by: tang.junhui Signed-off-by: Mike Snitzer drivers/md/dm-mpath.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) commit c538f6ec9f56996677c58cfd1f7f8108b0a944cb Author: Ondrej Kozina Date: Mon Nov 21 15:58:51 2016 +0100 dm crypt: add ability to use keys from the kernel key retention service The kernel key service is a generic way to store keys for the use of other subsystems. Currently there is no way to use kernel keys in dm-crypt. This patch aims to fix that. Instead of key userspace may pass a key description with preceding ':'. So message that constructs encryption mapping now looks like this: [|:] [<#opt_params> ] where is in format: :: Currently we only support two elementary key types: 'user' and 'logon'. Keys may be loaded in dm-crypt either via or using classical method and pass the key in hex representation directly. dm-crypt device initialised with a key passed in hex representation may be replaced with key passed in key_string format and vice versa. (Based on original work by Andrey Ryabinin) Signed-off-by: Ondrej Kozina Reviewed-by: David Howells Signed-off-by: Mike Snitzer Documentation/device-mapper/dm-crypt.txt | 25 ++++- drivers/md/dm-crypt.c | 159 ++++++++++++++++++++++++++++--- 2 files changed, 170 insertions(+), 14 deletions(-) commit 0637018dff106e2591c1baa628e27a24a37ccf44 Author: Bart Van Assche Date: Fri Nov 18 14:28:32 2016 -0800 dm array: remove a dead assignment in populate_ablock_with_values() A value is assigned to 'nr_entries' but is never used, remove it. Signed-off-by: Bart Van Assche Signed-off-by: Mike Snitzer drivers/md/persistent-data/dm-array.c | 2 -- 1 file changed, 2 deletions(-) commit 6080758d441acd7765314f3e9b6ca843e18e9a68 Author: Bart Van Assche Date: Fri Nov 18 14:28:00 2016 -0800 dm ioctl: use offsetof() instead of open-coding it Subtracting sizes is a fragile approach because the result is only correct if the compiler has not added any padding at the end of the structure. Hence use offsetof() instead of size subtraction. An additional advantage of offsetof() is that it makes the intent more clear. Signed-off-by: Bart Van Assche Signed-off-by: Mike Snitzer drivers/md/dm-ioctl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit b23df0d048e5f137ad5c2a116ec0849a98d43b96 Author: Bart Van Assche Date: Fri Nov 18 14:27:42 2016 -0800 dm rq: simplify use_blk_mq initialization Use a single statement to declare and initialize 'use_blk_mq' instead of two statements. Signed-off-by: Bart Van Assche Signed-off-by: Mike Snitzer drivers/md/dm-rq.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) commit 2e91c3694181dc500faffec16c5aaa0ac5e15449 Author: Bart Van Assche Date: Fri Nov 18 14:26:47 2016 -0800 dm: use blk_set_queue_dying() in __dm_destroy() After QUEUE_FLAG_DYING has been set any code that is waiting in get_request() should be woken up. But to get this behaviour blk_set_queue_dying() must be used instead of only setting QUEUE_FLAG_DYING. Signed-off-by: Bart Van Assche Signed-off-by: Mike Snitzer drivers/md/dm.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) commit 41c73a49df31151f4ff868f28fe4f129f113fa2c Author: Mikulas Patocka Date: Wed Nov 23 17:04:00 2016 -0500 dm bufio: drop the lock when doing GFP_NOIO allocation If the first allocation attempt using GFP_NOWAIT fails, drop the lock and retry using GFP_NOIO allocation (lock is dropped because the allocation can take some time). Note that we won't do GFP_NOIO allocation when we loop for the second time, because the lock shouldn't be dropped between __wait_for_free_buffer and __get_unclaimed_buffer. Signed-off-by: Mikulas Patocka Signed-off-by: Mike Snitzer drivers/md/dm-bufio.c | 10 ++++++++++ 1 file changed, 10 insertions(+) commit d12067f428c037b4575aaeb2be00847fc214c24a Author: Mikulas Patocka Date: Wed Nov 23 16:52:01 2016 -0500 dm bufio: don't take the lock in dm_bufio_shrink_count dm_bufio_shrink_count() is called from do_shrink_slab to find out how many freeable objects are there. The reported value doesn't have to be precise, so we don't need to take the dm-bufio lock. Suggested-by: David Rientjes Signed-off-by: Mikulas Patocka Signed-off-by: Mike Snitzer drivers/md/dm-bufio.c | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) commit 9ea61cac0b1ad0c09022f39fd97e9b99a2cfc2dc Author: Douglas Anderson Date: Thu Nov 17 11:24:20 2016 -0800 dm bufio: avoid sleeping while holding the dm_bufio lock We've seen in-field reports showing _lots_ (18 in one case, 41 in another) of tasks all sitting there blocked on: mutex_lock+0x4c/0x68 dm_bufio_shrink_count+0x38/0x78 shrink_slab.part.54.constprop.65+0x100/0x464 shrink_zone+0xa8/0x198 In the two cases analyzed, we see one task that looks like this: Workqueue: kverityd verity_prefetch_io __switch_to+0x9c/0xa8 __schedule+0x440/0x6d8 schedule+0x94/0xb4 schedule_timeout+0x204/0x27c schedule_timeout_uninterruptible+0x44/0x50 wait_iff_congested+0x9c/0x1f0 shrink_inactive_list+0x3a0/0x4cc shrink_lruvec+0x418/0x5cc shrink_zone+0x88/0x198 try_to_free_pages+0x51c/0x588 __alloc_pages_nodemask+0x648/0xa88 __get_free_pages+0x34/0x7c alloc_buffer+0xa4/0x144 __bufio_new+0x84/0x278 dm_bufio_prefetch+0x9c/0x154 verity_prefetch_io+0xe8/0x10c process_one_work+0x240/0x424 worker_thread+0x2fc/0x424 kthread+0x10c/0x114 ...and that looks to be the one holding the mutex. The problem has been reproduced on fairly easily: 0. Be running Chrome OS w/ verity enabled on the root filesystem 1. Pick test patch: http://crosreview.com/412360 2. Install launchBalloons.sh and balloon.arm from http://crbug.com/468342 ...that's just a memory stress test app. 3. On a 4GB rk3399 machine, run nice ./launchBalloons.sh 4 900 100000 ...that tries to eat 4 * 900 MB of memory and keep accessing. 4. Login to the Chrome web browser and restore many tabs With that, I've seen printouts like: DOUG: long bufio 90758 ms ...and stack trace always show's we're in dm_bufio_prefetch(). The problem is that we try to allocate memory with GFP_NOIO while we're holding the dm_bufio lock. Instead we should be using GFP_NOWAIT. Using GFP_NOIO can cause us to sleep while holding the lock and that causes the above problems. The current behavior explained by David Rientjes: It will still try reclaim initially because __GFP_WAIT (or __GFP_KSWAPD_RECLAIM) is set by GFP_NOIO. This is the cause of contention on dm_bufio_lock() that the thread holds. You want to pass GFP_NOWAIT instead of GFP_NOIO to alloc_buffer() when holding a mutex that can be contended by a concurrent slab shrinker (if count_objects didn't use a trylock, this pattern would trivially deadlock). This change significantly increases responsiveness of the system while in this state. It makes a real difference because it unblocks kswapd. In the bug report analyzed, kswapd was hung: kswapd0 D ffffffc000204fd8 0 72 2 0x00000000 Call trace: [] __switch_to+0x9c/0xa8 [] __schedule+0x440/0x6d8 [] schedule+0x94/0xb4 [] schedule_preempt_disabled+0x28/0x44 [] __mutex_lock_slowpath+0x120/0x1ac [] mutex_lock+0x4c/0x68 [] dm_bufio_shrink_count+0x38/0x78 [] shrink_slab.part.54.constprop.65+0x100/0x464 [] shrink_zone+0xa8/0x198 [] balance_pgdat+0x328/0x508 [] kswapd+0x424/0x51c [] kthread+0x10c/0x114 [] ret_from_fork+0x10/0x40 By unblocking kswapd memory pressure should be reduced. Suggested-by: David Rientjes Reviewed-by: Guenter Roeck Signed-off-by: Douglas Anderson Signed-off-by: Mike Snitzer drivers/md/dm-bufio.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 5b8c01f74cf03b1ec013fcf358b384706233f2f0 Author: Bart Van Assche Date: Tue Nov 15 15:33:16 2016 -0800 dm table: simplify dm_table_determine_type() Use a single loop instead of two loops to determine whether or not all_blk_mq has to be set. Signed-off-by: Bart Van Assche Signed-off-by: Mike Snitzer drivers/md/dm-table.c | 21 ++++++++------------- 1 file changed, 8 insertions(+), 13 deletions(-) commit 301fc3f5efb98633115bd887655b19f42c6dfaa8 Author: Bart Van Assche Date: Wed Dec 7 16:56:06 2016 -0800 dm table: an 'all_blk_mq' table must be loaded for a blk-mq DM device When dm_table_set_type() is used by a target to establish a DM table's type (e.g. DM_TYPE_MQ_REQUEST_BASED in the case of DM multipath) the DM core must go on to verify that the devices in the table are compatible with the established type. Fixes: e83068a5 ("dm mpath: add optional "queue_mode" feature") Cc: stable@vger.kernel.org # 4.8+ Signed-off-by: Bart Van Assche Signed-off-by: Mike Snitzer drivers/md/dm-table.c | 5 +++++ 1 file changed, 5 insertions(+) commit 6936c12cf809850180b24947271b8f068fdb15e9 Author: Mike Snitzer Date: Wed Nov 23 13:51:09 2016 -0500 dm table: fix 'all_blk_mq' inconsistency when an empty table is loaded An earlier DM multipath table could have been build ontop of underlying devices that were all using blk-mq. In that case, if that active multipath table is replaced with an empty DM multipath table (that reflects all paths have failed) then it is important that the 'all_blk_mq' state of the active table is transfered to the new empty DM table. Otherwise dm-rq.c:dm_old_prep_tio() will incorrectly clone a request that isn't needed by the DM multipath target when it is to issue IO to an underlying blk-mq device. Fixes: e83068a5 ("dm mpath: add optional "queue_mode" feature") Cc: stable@vger.kernel.org # 4.8+ Reported-by: Bart Van Assche Tested-by: Bart Van Assche Signed-off-by: Mike Snitzer drivers/md/dm-table.c | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) commit 7fe285769cf64ff3029eed01ba4e1c020cf0db10 Author: Alex Deucher Date: Wed Dec 7 16:14:38 2016 -0500 drm/amdgpu: use pin rather than pin_restricted in a few cases We don't require a resticted pinning in these cases, so just use plain pin. Reviewed-by: Edward O'Callaghan Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/amdgpu_display.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_fb.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) commit d2939bc780078ef2f707d961cde6c59779497425 Author: Arindam Nath Date: Tue Dec 6 13:28:12 2016 +0530 drm/amd/powerplay: use pr_debug to print function not implemented message For CZ, some function pointers like display_configuration_changed are not set. So when HW manager tries to configure display, we end up with messages like "[ powerplay ] this function not implement!" in the logs. This message is informational, but lacks details on which function is not implemented and why. Rather than using KERN_INFO to print the message everytime the system boots, we rather use pr_debug so that it is only printed when debug prints are enabled at runtime. Reviewed-by: Edward O'Callaghan Reviewed-by: Huang Rui Signed-off-by: Arindam Nath Signed-off-by: Alex Deucher drivers/gpu/drm/amd/powerplay/hwmgr/functiontables.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit cc3f5b8df9fc5306fa9da245c6f41ed75cd9c608 Author: Tom St Denis Date: Mon Dec 5 13:24:49 2016 -0500 drm/amd/amdgpu: Add gpr reading for GFX v7 Signed-off-by: Tom St Denis Acked-by: Edward O'Callaghan Reviewed-by: Alex Deucher Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/gfx_v7_0.c | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) commit 34e646f44412b366940d859686449f1d02496905 Author: Tom St Denis Date: Mon Dec 5 13:24:07 2016 -0500 drm/amd/amdgpu: Add gpr reading for GFX v6 Signed-off-by: Tom St Denis Acked-by: Edward O'Callaghan Reviewed-by: Alex Deucher Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/gfx_v6_0.c | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) commit c5a60ce81b4962d35a6bbb328fb234d33254cfb7 Author: Tom St Denis Date: Mon Dec 5 11:39:19 2016 -0500 drm/amd/amdgpu: Add debugfs support for reading GPRs (v2) Implemented for SGPRs for GFX v8 initially. (v2) cleanup minor whitespace and remove sanity check and addressing is in dwords not bytes Signed-off-by: Tom St Denis Acked-by: Edward O'Callaghan Reviewed-by: Alex Deucher Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/amdgpu.h | 2 + drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 67 ++++++++++++++++++++++++++++++ drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c | 25 +++++++++++ 3 files changed, 94 insertions(+) commit 40ee5888faecf4ea5423dbe94c862d03c3e7e12c Author: Evan Quan Date: Wed Dec 7 10:05:09 2016 +0800 drm/amd/amdgpu: export vbios information (v2) Allows userspace components to fetch information from the vbios image. v2: agd: fix warning Reviewed-by: Edward O'Callaghan Signed-off-by: Evan Quan Reviewed-by: Alex Deucher Reviewed-by: Christian Koenig Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/amdgpu_kms.c | 26 ++++++++++++++++++++++++++ include/uapi/drm/amdgpu_drm.h | 11 +++++++++++ 2 files changed, 37 insertions(+) commit a9f5db9ca7a92aa00af82b3d10416e34b31a9493 Author: Evan Quan Date: Wed Dec 7 09:56:46 2016 +0800 drm/amd/amdgpu: stored bios_size It's necessary if we want to export vbios image out. Reviewed-by: Edward O'Callaghan Signed-off-by: Evan Quan Reviewed-by: Alex Deucher Reviewed-by: Christian Koenig Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/amdgpu.h | 1 + drivers/gpu/drm/amd/amdgpu/amdgpu_bios.c | 6 ++++++ 2 files changed, 7 insertions(+) commit 5c8a934349ee61027a48e3e6c0bba2b7d3dd09d1 Author: Bjorn Andersson Date: Wed Oct 19 19:38:10 2016 -0700 dt-binding: soc: qcom: smd: Add label property The label property can be used to specify a name of the edge, for consistent naming purposes. Acked-by: Rob Herring Acked-by: Andy Gross Signed-off-by: Bjorn Andersson Documentation/devicetree/bindings/soc/qcom/qcom,smd.txt | 7 +++++++ 1 file changed, 7 insertions(+) commit 3c6edc66085e1d895a698c572bbfaf4d57fdb771 Author: Song Liu Date: Wed Dec 7 09:42:06 2016 -0800 md/r5cache: after recovery, increase journal seq by 10000 Currently, we increase journal entry seq by 10 after recovery. However, this is not sufficient in the following case. After crash the journal looks like | seq+0 | +1 | +2 | +3 | +4 | +5 | +6 | +7 | ... | +11 | +12 | If +1 is not valid, we dropped all entries from +1 to +12; and write seq+10: | seq+0 | +10 | +2 | +3 | +4 | +5 | +6 | +7 | ... | +11 | +12 | However, if we write a big journal entry with seq+11, it will connect with some stale journal entry: | seq+0 | +10 | +11 | +12 | To reduce the risk of this issue, we increase seq by 10000 instead. Shaohua: use 10000 instead of 1000. The risk should be very unlikely. The total stripe cache size is less than 2k typically, and several stripes can fit into one meta data block. So the total inflight meta data blocks would be quite small, which means the the total sequence number used should be quite small. The 10000 sequence number increase should be far more than safe. Signed-off-by: Song Liu Signed-off-by: Shaohua Li drivers/md/raid5-cache.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) commit 5c88f403a5d2bd75911c6faaacc9bea97ac7d121 Author: Song Liu Date: Wed Dec 7 09:42:05 2016 -0800 md/raid5-cache: fix crc in rewrite_data_only_stripes() r5l_recovery_create_empty_meta_block() creates crc for the empty metablock. After the metablock is updated, we need clear the checksum before recalculate it. Shaohua: moved checksum calculation out of r5l_recovery_create_empty_meta_block. We should calculate it after all fields are updated. Signed-off-by: Song Liu Signed-off-by: Shaohua Li drivers/md/raid5-cache.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) commit d2a4dd37f6b41fbcad76efbf63124eb3126c66fe Author: Alexei Starovoitov Date: Wed Dec 7 10:57:59 2016 -0800 bpf: fix state equivalence Commmits 57a09bf0a416 ("bpf: Detect identical PTR_TO_MAP_VALUE_OR_NULL registers") and 484611357c19 ("bpf: allow access into map value arrays") by themselves are correct, but in combination they make state equivalence ignore 'id' field of the register state which can lead to accepting invalid program. Fixes: 57a09bf0a416 ("bpf: Detect identical PTR_TO_MAP_VALUE_OR_NULL registers") Fixes: 484611357c19 ("bpf: allow access into map value arrays") Signed-off-by: Alexei Starovoitov Acked-by: Daniel Borkmann Acked-by: Thomas Graf Signed-off-by: David S. Miller include/linux/bpf_verifier.h | 14 +++++++------- kernel/bpf/verifier.c | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) commit 3665f3817cd354ab7a811b3a4f282c4f5cb1a0d0 Author: Eric Dumazet Date: Wed Dec 7 10:05:36 2016 -0800 net: do not read sk_drops if application does not care sk_drops can be an often written field, do not read it unless application showed interest. Note that sk_drops can be read via inet_diag, so applications can avoid getting this info from every received packet. In the future, 'reading' sk_drops might require folding per node or per cpu fields, and thus become even more expensive than today. Signed-off-by: Eric Dumazet Cc: Paolo Abeni Signed-off-by: David S. Miller include/net/sock.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit c8c8b127091b758f5768f906bcdeeb88bc9951ca Author: Eric Dumazet Date: Wed Dec 7 09:19:33 2016 -0800 udp: under rx pressure, try to condense skbs Under UDP flood, many softirq producers try to add packets to UDP receive queue, and one user thread is burning one cpu trying to dequeue packets as fast as possible. Two parts of the per packet cost are : - copying payload from kernel space to user space, - freeing memory pieces associated with skb. If socket is under pressure, softirq handler(s) can try to pull in skb->head the payload of the packet if it fits. Meaning the softirq handler(s) can free/reuse the page fragment immediately, instead of letting udp_recvmsg() do this hundreds of usec later, possibly from another node. Additional gains : - We reduce skb->truesize and thus can store more packets per SO_RCVBUF - We avoid cache line misses at copyout() time and consume_skb() time, and avoid one put_page() with potential alien freeing on NUMA hosts. This comes at the cost of a copy, bounded to available tail room, which is usually small. (We might have to fix GRO_MAX_HEAD which looks bigger than necessary) This patch gave me about 5 % increase in throughput in my tests. skb_condense() helper could probably used in other contexts. Signed-off-by: Eric Dumazet Cc: Paolo Abeni Signed-off-by: David S. Miller include/linux/skbuff.h | 2 ++ net/core/skbuff.c | 28 ++++++++++++++++++++++++++++ net/ipv4/udp.c | 12 +++++++++++- 3 files changed, 41 insertions(+), 1 deletion(-) commit ffbd796821472c6571b09962cdbd13cd2815e2c1 Author: Andy Gospodarek Date: Thu Dec 1 15:34:52 2016 -0500 PCI: iproc: Skip check for legacy IRQ on PAXC buses PAXC and PAXCv2 buses do not support legacy IRQs so there is no reason to even try and map them. Without a change like this, one cannot create VFs on Nitro ports since legacy interrupts are checked as part of the PCI device creation process. Testing on PAXC hardware showed that VFs are properly created with only the change to not set pcie->map_irq, but just to be safe the change in iproc_pcie_setup() will ensure that pdev_fixup_irq() will not panic. Signed-off-by: Andy Gospodarek Signed-off-by: Bjorn Helgaas Acked-by: Ray Jui drivers/pci/host/pcie-iproc-platform.c | 9 ++++++++- drivers/pci/host/pcie-iproc.c | 5 ++++- 2 files changed, 12 insertions(+), 2 deletions(-) commit 2408022eeada9b0d96cb6a40bccf0ec2aa280bab Merge: 13bfff2 9217c3c Author: David S. Miller Date: Thu Dec 8 13:21:40 2016 -0500 Merge branch 'liqudio-VF-data-path' Raghu Vatsavayi says: ==================== liquidio VF data path Following is V3 patch series that adds support for VF data path related features. It also has following changes related to previous comments: 1) Remove unnecessary "void *" casting. 2) Remove inline for functions and let gcc decide. Please apply patches in following order as some of them depend on earlier patches. ==================== Signed-off-by: David S. Miller commit 9217c3cf84d736bffe674a5fc3722cd9a8ef8898 Author: Raghu Vatsavayi Date: Wed Dec 7 08:54:37 2016 -0800 liquidio VF rx data and ctl path Adds support for VF receive data control path. Signed-off-by: Raghu Vatsavayi Signed-off-by: Derek Chickles Signed-off-by: Satanand Burla Signed-off-by: Felix Manlunas Signed-off-by: David S. Miller drivers/net/ethernet/cavium/liquidio/lio_vf_main.c | 412 ++++++++++++++++++++- .../net/ethernet/cavium/liquidio/octeon_device.c | 2 +- drivers/net/ethernet/cavium/liquidio/octeon_droq.c | 10 + .../ethernet/cavium/liquidio/response_manager.c | 3 +- 4 files changed, 423 insertions(+), 4 deletions(-) commit 9bdca5c66b40e10589b96e70343e9ff11d69531e Author: Raghu Vatsavayi Date: Wed Dec 7 08:54:36 2016 -0800 liquidio CN23XX: VF TX buffers Adds support for freeing VF xmit buffers. Signed-off-by: Raghu Vatsavayi Signed-off-by: Derek Chickles Signed-off-by: Satanand Burla Signed-off-by: Felix Manlunas Signed-off-by: David S. Miller drivers/net/ethernet/cavium/liquidio/lio_vf_main.c | 182 +++++++++++++++++++++ 1 file changed, 182 insertions(+) commit 9981328a8722f0649190fdd7d027ee745fb01189 Author: Raghu Vatsavayi Date: Wed Dec 7 08:54:35 2016 -0800 liquidio CN23XX: VF xmit Adds support for transmit functionality in VF. Signed-off-by: Raghu Vatsavayi Signed-off-by: Derek Chickles Signed-off-by: Satanand Burla Signed-off-by: Felix Manlunas Signed-off-by: David S. Miller .../ethernet/cavium/liquidio/cn23xx_vf_device.c | 21 ++ drivers/net/ethernet/cavium/liquidio/lio_vf_main.c | 340 +++++++++++++++++++++ .../net/ethernet/cavium/liquidio/request_manager.c | 6 +- 3 files changed, 364 insertions(+), 3 deletions(-) commit beea50a5d56bfff2c3589d1ebff715e46dceffbd Author: Raghu Vatsavayi Date: Wed Dec 7 08:54:34 2016 -0800 liquidio CN23XX: VF scatter gather lists Adds support for VF scatter gather lists. Signed-off-by: Raghu Vatsavayi Signed-off-by: Derek Chickles Signed-off-by: Satanand Burla Signed-off-by: Felix Manlunas Signed-off-by: David S. Miller drivers/net/ethernet/cavium/liquidio/lio_vf_main.c | 134 +++++++++++++++++++++ 1 file changed, 134 insertions(+) commit 50f7f94b96a9b9dad1996953b86ece3417cd0983 Author: Raghu Vatsavayi Date: Wed Dec 7 08:54:33 2016 -0800 liquidio CN23XX: VF mac address Adds support for configuring mtu, multicast and mac address. Signed-off-by: Raghu Vatsavayi Signed-off-by: Derek Chickles Signed-off-by: Satanand Burla Signed-off-by: Felix Manlunas Signed-off-by: David S. Miller drivers/net/ethernet/cavium/liquidio/lio_vf_main.c | 195 +++++++++++++++++++++ .../net/ethernet/cavium/liquidio/liquidio_common.h | 1 + .../net/ethernet/cavium/liquidio/octeon_network.h | 1 + 3 files changed, 197 insertions(+) commit 3cd25e48215ff0b2968d00856fcfb0664ad1c495 Author: Raghu Vatsavayi Date: Wed Dec 7 08:54:32 2016 -0800 liquidio CN23XX: VF link status Adds support for VF link status related changes. Signed-off-by: Raghu Vatsavayi Signed-off-by: Derek Chickles Signed-off-by: Satanand Burla Signed-off-by: Felix Manlunas Signed-off-by: David S. Miller drivers/net/ethernet/cavium/liquidio/lio_vf_main.c | 249 +++++++++++++++++++++ 1 file changed, 249 insertions(+) commit 846b46873eeb3baf40f7e6d8fe8f98aec95e7727 Author: Raghu Vatsavayi Date: Wed Dec 7 08:54:31 2016 -0800 liquidio CN23XX: VF offload features Adds support for VF link initialization and offload features. Signed-off-by: Raghu Vatsavayi Signed-off-by: Derek Chickles Signed-off-by: Satanand Burla Signed-off-by: Felix Manlunas Signed-off-by: David S. Miller drivers/net/ethernet/cavium/liquidio/lio_vf_main.c | 562 +++++++++++++++++++++ .../net/ethernet/cavium/liquidio/octeon_device.c | 3 + 2 files changed, 565 insertions(+) commit 13bfff25c081f4e060af761c4082b5a96f756810 Author: Eric Dumazet Date: Wed Dec 7 08:29:10 2016 -0800 net: rfs: add a jump label RFS is not commonly used, so add a jump label to avoid some conditionals in fast path. Signed-off-by: Eric Dumazet Cc: Paolo Abeni Signed-off-by: David S. Miller include/linux/netdevice.h | 1 + include/net/sock.h | 25 ++++++++++++++----------- net/core/dev.c | 2 ++ net/core/sysctl_net_core.c | 5 ++++- 4 files changed, 21 insertions(+), 12 deletions(-) commit c9fba3ed3a43709789a7a2a8b15b6595d3faf887 Author: Zhang Shengju Date: Wed Dec 7 23:02:09 2016 +0800 macsec: remove first zero and add attribute name in comments Remove first zero for add, and use full attribute name in comments. Signed-off-by: Zhang Shengju Signed-off-by: David S. Miller drivers/net/macsec.c | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) commit 797149d0342d2f890d78b760acae5a6a9b6753f4 Merge: 3f0dd6b 4022d03 Author: David S. Miller Date: Thu Dec 8 13:07:11 2016 -0500 Merge branch 'stmmac-DMA-burst' Niklas Cassel says: ==================== net: stmmac: make DMA programmable burst length more configurable Make DMA programmable burst length more configurable in the stmmac driver. This is done by adding support for independent pbl for tx/rx through DT. More fine grained tuning of pbl is possible thanks to a DT property saying that we should NOT multiply pbl values by x8/x4 in hardware. All new DT properties are optional, and created in a way that it will not affect any existing DT configurations. Changes since V1: Created cover-letter. Rebased patch set against next-20161205, since conflicting patches to stmmac_platform.c has been merged since V1. Changes since V2: Moved default value initialization of pbl to stmmac_platform.c and added a check for pbl != 0 in stmmac_main.c, to catch a possble pbl == 0 from pci glue. ==================== Signed-off-by: David S. Miller commit 4022d039a315951e59d95d22e79198d861ce4490 Author: Niklas Cassel Date: Wed Dec 7 15:20:08 2016 +0100 net: smmac: allow configuring lower pbl values The driver currently always sets the PBLx8/PBLx4 bit, which means that the pbl values configured via the pbl/txpbl/rxpbl DT properties are always multiplied by 8/4 in the hardware. In order to allow the DT to configure lower pbl values, while at the same time not changing behavior of any existing device trees using the pbl/txpbl/rxpbl settings, add a property to disable the multiplication of the pbl by 8/4 in the hardware. Suggested-by: Rabin Vincent Signed-off-by: Niklas Cassel Acked-by: Alexandre Torgue Signed-off-by: David S. Miller Documentation/devicetree/bindings/net/stmmac.txt | 2 ++ Documentation/networking/stmmac.txt | 5 ++++- drivers/net/ethernet/stmicro/stmmac/dwmac1000_dma.c | 3 ++- drivers/net/ethernet/stmicro/stmmac/dwmac4_dma.c | 3 ++- drivers/net/ethernet/stmicro/stmmac/stmmac_pci.c | 2 ++ drivers/net/ethernet/stmicro/stmmac/stmmac_platform.c | 1 + include/linux/stmmac.h | 1 + 7 files changed, 14 insertions(+), 3 deletions(-) commit 89caaa2d80b7bf9bd8632cd3137254f8c685e5db Author: Niklas Cassel Date: Wed Dec 7 15:20:07 2016 +0100 net: stmmac: add support for independent DMA pbl for tx/rx GMAC and newer supports independent programmable burst lengths for DMA tx/rx. Add new optional devicetree properties representing this. To be backwards compatible, snps,pbl will still be valid, but snps,txpbl/snps,rxpbl will override the value in snps,pbl if set. If the IP is synthesized to use the AXI interface, there is a register and a matching DT property inside the optional stmmac-axi-config DT node for controlling burst lengths, named snps,blen. However, using this register, it is not possible to control tx and rx independently. Also, this register is not available if the IP was synthesized with, e.g., the AHB interface. Signed-off-by: Niklas Cassel Acked-by: Alexandre Torgue Signed-off-by: David S. Miller Documentation/devicetree/bindings/net/stmmac.txt | 6 +++++- Documentation/networking/stmmac.txt | 19 +++++++++++++------ drivers/net/ethernet/stmicro/stmmac/dwmac1000_dma.c | 12 ++++++------ drivers/net/ethernet/stmicro/stmmac/dwmac4_dma.c | 12 +++++++----- drivers/net/ethernet/stmicro/stmmac/stmmac_platform.c | 2 ++ include/linux/stmmac.h | 2 ++ 6 files changed, 35 insertions(+), 18 deletions(-) commit 825658a27361c67c14c10bfa0359fc23d76a42b8 Author: Niklas Cassel Date: Wed Dec 7 15:20:06 2016 +0100 net: stmmac: dwmac1000: fix define DMA_BUS_MODE_RPBL_MASK DMA_BUS_MODE_RPBL_MASK is really 6 bits, just like DMA_BUS_MODE_PBL_MASK. Signed-off-by: Niklas Cassel Acked-by: Alexandre Torgue Signed-off-by: David S. Miller drivers/net/ethernet/stmicro/stmmac/dwmac1000.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit a332e2fa56343ca5f11f05f90e53d0d471384e0e Author: Niklas Cassel Date: Wed Dec 7 15:20:05 2016 +0100 net: stmmac: stmmac_platform: fix parsing of DT binding commit 64c3b252e9fc ("net: stmmac: fixed the pbl setting with DT") changed the parsing of the DT binding. Before 64c3b252e9fc, snps,fixed-burst and snps,mixed-burst were parsed regardless if the property snps,pbl existed or not. After the commit, fixed burst and mixed burst are only parsed if snps,pbl exists. Now when snps,aal has been added, it too is only parsed if snps,pbl exists. Since the DT binding does not specify that fixed burst, mixed burst or aal depend on snps,pbl being specified, undo changes introduced by 64c3b252e9fc. The issue commit 64c3b252e9fc ("net: stmmac: fixed the pbl setting with DT") tries to address is solved in another way: The databook specifies that all values other than 1, 2, 4, 8, 16, or 32 results in undefined behavior, so snps,pbl = <0> is invalid. If pbl is 0 after parsing, set pbl to DEFAULT_DMA_PBL. This handles the case where the property is omitted, and also handles the case where the property is specified without any data. Signed-off-by: Niklas Cassel Acked-by: Alexandre Torgue Signed-off-by: David S. Miller drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 4 +-- .../net/ethernet/stmicro/stmmac/stmmac_platform.c | 29 +++++++++++----------- 2 files changed, 17 insertions(+), 16 deletions(-) commit 50ca903afc2a4ccf7efd25744577fecb0ce6fb49 Author: Niklas Cassel Date: Wed Dec 7 15:20:04 2016 +0100 net: stmmac: simplify the common DMA init API Use struct stmmac_dma_cfg *dma_cfg as an argument rather than using all the struct members as individual arguments. Signed-off-by: Niklas Cassel Acked-by: Alexandre Torgue Signed-off-by: David S. Miller drivers/net/ethernet/stmicro/stmmac/common.h | 4 ++-- drivers/net/ethernet/stmicro/stmmac/dwmac1000_dma.c | 13 +++++++------ drivers/net/ethernet/stmicro/stmmac/dwmac100_dma.c | 7 ++++--- drivers/net/ethernet/stmicro/stmmac/dwmac4_dma.c | 14 ++++++++------ drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 6 +----- 5 files changed, 22 insertions(+), 22 deletions(-) commit 89ab75bf7253271c0ca805931105a298bc22bfdf Author: Niklas Cassel Date: Wed Dec 7 15:20:03 2016 +0100 net: stmmac: return error if no DMA configuration is found All drivers except pci glue layer calls stmmac_probe_config_dt. stmmac_probe_config_dt does a kzalloc dma_cfg. pci glue layer does kzalloc dma_cfg explicitly, so all current drivers does a kzalloc dma_cfg. Return an error if no DMA configuration is found, that way we can assume that the DMA configuration always exists. Signed-off-by: Niklas Cassel Acked-by: Alexandre Torgue Signed-off-by: David S. Miller drivers/net/ethernet/stmicro/stmmac/stmmac_main.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) commit c4ae2adedb38240be5a1a16588406980b948a3e7 Author: Ashok Raj Date: Sat Nov 19 00:32:46 2016 -0800 PCI: pciehp: Leave power indicator on when enabling already-enabled slot If an error occurs when enabling a slot, pciehp_power_thread() turns off the power indicator. But if the only error is that the slot was already enabled, we should leave the power indicator on. Return success if called to enable an already-enabled slot. This is in the same spirit of the special handling for EEXISTS when pciehp_configure_device() determines the slot devices already exist. Signed-off-by: Ashok Raj Signed-off-by: Bjorn Helgaas Reviewed-by: Keith Busch drivers/pci/hotplug/pciehp_ctrl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d30dfeb9be25c67c9cfdfd932db57a571fd347b4 Author: JackieLiu Date: Thu Dec 8 08:47:39 2016 +0800 md/raid5-cache: no recovery is required when create super-block When create the super-block information, We do not need to do this recovery stage, only need to initialize some variables. Signed-off-by: JackieLiu Reviewed-by: Song Liu Signed-off-by: Shaohua Li drivers/md/raid5-cache.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) commit 3f0dd6b79c014231e671f754a499aa017c2b955c Author: Tobias Klauser Date: Wed Dec 7 14:43:30 2016 +0100 net: ethernet: slicoss: use module_pci_driver() Use module_pci_driver() to get rid of some boilerplate code. Signed-off-by: Tobias Klauser Acked-by: Lino Sanfilippo Signed-off-by: David S. Miller drivers/net/ethernet/alacritech/slicoss.c | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) commit 7243e0b20729d372e97763617a7a9c89f29b33e1 Author: Uwe Kleine-König Date: Thu Dec 8 17:37:08 2016 +0100 spi: mvebu: fix baudrate calculation for armada variant The calculation of SPR and SPPR doesn't round correctly at several places which might result in baud rates that are too big. For example with tclk_hz = 250000001 and target rate 25000000 it determined a divider of 10 which is wrong. Instead of fixing all the corner cases replace the calculation by an algorithm without a loop which should even be quicker to execute apart from being correct. Fixes: df59fa7f4bca ("spi: orion: support armada extended baud rates") Signed-off-by: Uwe Kleine-König Signed-off-by: Mark Brown drivers/spi/spi-orion.c | 83 ++++++++++++++++++++++++++++++++----------------- 1 file changed, 54 insertions(+), 29 deletions(-) commit 5c5a94a50fb8396f54ab9c69643fbe2506443648 Author: Manjunath Goudar Date: Wed Dec 7 23:54:11 2016 +0000 USB: OHCI: nxp: fix code warnings This patch will fix the checkpatch.pl following warnings: WARNING: Missing a blank line after declarations WARNING: braces {} are not necessary for single statement blocks Signed-off-by: Manjunath Goudar Acked-by: Vladimir Zapolskiy Cc: Sylvain Lemieux Cc: Alan Stern Cc: linux-arm-kernel@lists.infradead.org Cc: linux-usb@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Greg Kroah-Hartman drivers/usb/host/ohci-nxp.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 890f670756ec53d69ddadc1c151ad7377cec523a Author: Manjunath Goudar Date: Wed Dec 7 22:34:16 2016 +0000 USB: OHCI: nxp: remove useless extern declaration Remove usb_disabled() extern declaration as it is already declared as extern in include/linux/usb.h. Signed-off-by: Manjunath Goudar Acked-by: Vladimir Zapolskiy Cc: Sylvain Lemieux Cc: Alan Stern Cc: linux-arm-kernel@lists.infradead.org Cc: linux-usb@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Greg Kroah-Hartman drivers/usb/host/ohci-nxp.c | 2 -- 1 file changed, 2 deletions(-) commit baf50a6f22e8d1405b3f4a13931cc6b6604d483e Author: Manjunath Goudar Date: Wed Dec 7 22:34:14 2016 +0000 USB: OHCI: at91: remove useless extern declaration Remove usb_disabled() extern declaration as it is already declared as extern in include/linux/usb.h. Signed-off-by: Manjunath Goudar Cc: Alan Stern Cc: Greg Kroah-Hartman Cc: linux-usb@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Greg Kroah-Hartman drivers/usb/host/ohci-at91.c | 2 -- 1 file changed, 2 deletions(-) commit 651b297c9bc538934a8f2ba216cf5d2f1ac8f9c8 Author: Kim Jae Joong Date: Wed Dec 7 20:12:10 2016 +0900 usb: misc: rio500: fix result type for error message Fix variable type for dev_err about usb_bulk_msg() Signed-off-by: Kim Jae Joong Signed-off-by: Greg Kroah-Hartman drivers/usb/misc/rio500.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 334c5e2ba718c9c2f74d56316624f048169ebfd6 Merge: 7cc99fd 7b68488 Author: David S. Miller Date: Thu Dec 8 11:47:14 2016 -0500 Merge branch 'cls_flower-ICMP' Simon Horman says: ==================== net/sched: cls_flower: Support matching on ICMP this series adds support for matching on ICMP type and code to cls_flower. Changes v5->v6: * Restore missing signed-off-by Changes v4->v5: * Drop all helpers Changes v3->v4: * Do not add icmp to struct flow_keys, it is not needed * Do not test for ICMP protocols in packet in __skb_flow_dissect, this is also not needed Changes v2->v3: * Add FLOW_DISSECTOR_KEY_ICMP and use separate structure for ICMP Changes v1->v2: * Include all dissector helpers in first patch ==================== Signed-off-by: David S. Miller commit 7b684884fbfab33251115fa5054fb821c34b93be Author: Simon Horman Date: Wed Dec 7 13:48:28 2016 +0100 net/sched: cls_flower: Support matching on ICMP type and code Support matching on ICMP type and code. Example usage: tc qdisc add dev eth0 ingress tc filter add dev eth0 protocol ip parent ffff: flower \ indev eth0 ip_proto icmp type 8 code 0 action drop tc filter add dev eth0 protocol ipv6 parent ffff: flower \ indev eth0 ip_proto icmpv6 type 128 code 0 action drop Signed-off-by: Simon Horman Acked-by: Jiri Pirko Signed-off-by: David S. Miller include/uapi/linux/pkt_cls.h | 10 +++++++++ net/sched/cls_flower.c | 53 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 63 insertions(+) commit 972d3876faa8a9195122b2d2bcd3155f904fff37 Author: Simon Horman Date: Wed Dec 7 13:48:27 2016 +0100 flow dissector: ICMP support Allow dissection of ICMP(V6) type and code. This should only occur if a packet is ICMP(V6) and the dissector has FLOW_DISSECTOR_KEY_ICMP set. There are currently no users of FLOW_DISSECTOR_KEY_ICMP. A follow-up patch will allow FLOW_DISSECTOR_KEY_ICMP to be used by the flower classifier. Signed-off-by: Simon Horman Acked-by: Jiri Pirko Signed-off-by: David S. Miller include/net/flow_dissector.h | 17 +++++++++++++++++ net/core/flow_dissector.c | 31 +++++++++++++++++++++++++++++++ 2 files changed, 48 insertions(+) commit 7cc99fd29b982964e63afa92a7e29db49b69c90e Author: Niklas Cassel Date: Wed Dec 7 13:41:08 2016 +0100 net: stmmac: stmmac_platform: use correct setup function for gmac4 devicetree binding for stmmac states: - compatible: Should be "snps,dwmac-", "snps,dwmac" For backwards compatibility: "st,spear600-gmac" is also supported. Previously, when specifying "snps,dwmac-4.10a", "snps,dwmac" as your compatible string, plat_stmmacenet_data would have both has_gmac and has_gmac4 set. This would lead to stmmac_hw_init calling dwmac1000_setup rather than dwmac4_setup, resulting in a non-functional driver. This happened since the check for has_gmac is done before the check for has_gmac4. However, the order should not matter, so it does not make sense to have both set. If something is valid for both, you should do as the stmmac_interrupt does: if (priv->plat->has_gmac || priv->plat->has_gmac4) ... The places where it was obvious that the author actually meant if (has_gmac || has_gmac4) rather than if (has_gmac) has been updated. Signed-off-by: Niklas Cassel Acked-by: Alexandre TORGUE Signed-off-by: David S. Miller drivers/net/ethernet/stmicro/stmmac/stmmac_ethtool.c | 4 ++-- drivers/net/ethernet/stmicro/stmmac/stmmac_platform.c | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) commit 4966a692d055c97f83a17da6035e93806b407473 Author: Niklas Cassel Date: Wed Dec 7 13:41:07 2016 +0100 net: stmmac: dwmac-generic: add missing compatible strings devicetree binding for stmmac states: - compatible: Should be "snps,dwmac-", "snps,dwmac" For backwards compatibility: "st,spear600-gmac" is also supported. Since dwmac-generic.c calls stmmac_probe_config_dt explicitly, another alternative would have been to remove all compatible strings other than "snps,dwmac" and "st,spear600-gmac" from dwmac-generic.c. However, that would probably do more good than harm, since when trying to figure out what hardware a certain driver supports, you usually look at the compatible strings in the struct of_device_id, and not in some function defined in a completely different file. No functional change intended. Signed-off-by: Niklas Cassel Acked-by: Giuseppe Cavallaro Signed-off-by: David S. Miller drivers/net/ethernet/stmicro/stmmac/dwmac-generic.c | 3 +++ 1 file changed, 3 insertions(+) commit 6357d15e48dfad6d8cec187bf4f032d1deb715d9 Author: Niklas Cassel Date: Wed Dec 7 13:41:06 2016 +0100 bindings: net: stmmac: correct note about TSO snps,tso was previously placed under AXI BUS Mode parameters, suggesting that the property should be in the stmmac-axi-config node. TSO (TCP Segmentation Offloading) has nothing to do with AXI BUS Mode parameters, and the parser actually expects it to be in the root node, not in the stmmac-axi-config. Also added a note about snps,tso only being available on GMAC4 and newer. Signed-off-by: Niklas Cassel Acked-by: Alexandre TORGUE Acked-by: Rob Herring Acked-by: Giuseppe Cavallaro Signed-off-by: David S. Miller Documentation/devicetree/bindings/net/stmmac.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit c461265679ce934c26339897bba2ff5c2120262f Author: Chris Wilson Date: Wed Dec 7 13:58:19 2016 +0000 kselftests: Exercise hw-independent mock tests for i915.ko Although being a GPU driver most functionality of i915.ko depends upon real hardware, many of its internal interfaces can be "mocked" and so tested independently of any hardware. Expanding the test coverage is not only useful for i915.ko, but should provide some integration tests for core infrastructure as well. Loading i915.ko with mock_selftests=-1 will cause it to execute its mock tests then fail with -ENOTTY. If the driver is already loaded and bound to hardware, it requires a few more steps to unbind, and so the simple preliminary modprobe -r will fail. Signed-off-by: Chris Wilson Cc: Shuah Khan Cc: linux-kselftest@vger.kernel.org Signed-off-by: Shuah Khan tools/testing/selftests/drivers/gpu/i915.sh | 14 ++++++++++++++ 1 file changed, 14 insertions(+) commit 06205472765437fc3a6cae7c67052f40e08e120e Author: Tobias Klauser Date: Wed Dec 7 13:25:29 2016 +0100 net: ll_temac: Utilize of_get_mac_address() Do not open code getting the MAC address exclusively from the "local-mac-address" property, but instead use of_get_mac_address() which looks up the MAC address using the 3 typical property names. Also avoid casting away the const qualifier of the return value by making temac_init_mac_address() take a const void* address. Follows commit b34296a9c047 ("net: ethoc: Utilize of_get_mac_address()"). Cc: Florian Fainelli Signed-off-by: Tobias Klauser Signed-off-by: David S. Miller drivers/net/ethernet/xilinx/ll_temac_main.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) commit da90e38003e2f052d5d6a28df63ac42c9ea87323 Author: Tobias Klauser Date: Wed Dec 7 13:24:44 2016 +0100 net: axienet: Utilize of_get_mac_address() Do not open code getting the MAC address exclusively from the "local-mac-address" property, but instead use of_get_mac_address() which looks up the MAC address using the 3 typical property names. Also avoid casting away the const qualifier of the return value by making axienet_set_mac_address() take a const void* address. Follows commit b34296a9c047 ("net: ethoc: Utilize of_get_mac_address()"). Cc: Florian Fainelli Signed-off-by: Tobias Klauser Signed-off-by: David S. Miller drivers/net/ethernet/xilinx/xilinx_axienet_main.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) commit 8b7b707a3c2746566d21871e1715ce325fb2e656 Merge: d26aac2 3f7d0eb Author: David S. Miller Date: Thu Dec 8 11:32:50 2016 -0500 Merge branch 'cls_flower-flags' Or Gerlitz says: ==================== net/sched: cls_flower: Add support for matching on dissection flags This series add the UAPI to provide set of flags for matching, where the flags provided from user-space are mapped to flow-dissector flags. The 1st flag allows to match on whether the packet is an IP fragment and corresponds to the FLOW_DIS_IS_FRAGMENT flag. v2->v3: - replace BIT() with << (kbuild test robot) v1->v2: - dropped the flow dissector patch (#1) as no changes are needed there (Jiri) - applied code review comments from Jiri to the flower patch ==================== Signed-off-by: David S. Miller commit 3f7d0eb42d593a3326617dac0a247d981b3356d9 Author: Or Gerlitz Date: Wed Dec 7 14:03:11 2016 +0200 net/mlx5e: Offload TC matching on packets being IP fragments Enable offloading of matching on packets being fragments. Signed-off-by: Or Gerlitz Reviewed-by: Paul Blakey Reviewed-by: Jiri Pirko Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) commit faa3ffce78298b2b782297765cffd05f52fed9d4 Author: Or Gerlitz Date: Wed Dec 7 14:03:10 2016 +0200 net/sched: cls_flower: Add support for matching on flags Add UAPI to provide set of flags for matching, where the flags provided from user-space are mapped to flow-dissector flags. The 1st flag allows to match on whether the packet is an IP fragment and corresponds to the FLOW_DIS_IS_FRAGMENT flag. Signed-off-by: Or Gerlitz Reviewed-by: Paul Blakey Acked-by: Jiri Pirko Signed-off-by: David S. Miller include/uapi/linux/pkt_cls.h | 7 ++++ net/sched/cls_flower.c | 76 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 83 insertions(+) commit d26aac2d8783ab7ec94e07d412d785b3ac183606 Author: Dan Carpenter Date: Wed Dec 7 14:32:17 2016 +0300 net: mvneta: Indent some statements These two statements were not indented correctly so it's sort of confusing. Signed-off-by: Dan Carpenter Signed-off-by: David S. Miller drivers/net/ethernet/marvell/mvneta.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) commit 0b801290ea9468a3ed9577281afdb458001ce0d1 Author: Dan Carpenter Date: Wed Dec 7 14:14:24 2016 +0300 drivers: net: xgene: uninitialized variable in xgene_enet_free_pagepool() We never set "slots" in this function. Fixes: a9380b0f7be8 ("drivers: net: xgene: Add support for Jumbo frame") Signed-off-by: Dan Carpenter Acked-by: Iyappan Subramanian Signed-off-by: David S. Miller drivers/net/ethernet/apm/xgene/xgene_enet_main.c | 1 + 1 file changed, 1 insertion(+) commit 635abf01918157e61dc9cfdfd70c40bd5957b6a3 Author: Peng Tao Date: Wed Dec 7 17:52:19 2016 +0800 vhost: remove unnecessary smp_mb from vhost_work_queue test_and_set_bit() already implies a memory barrier. Signed-off-by: Peng Tao Reviewed-by: Stefan Hajnoczi Signed-off-by: David S. Miller drivers/vhost/vhost.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 1440a3a12ba0a00f9fec7e6a62e49b11e079d381 Author: Peng Tao Date: Wed Dec 7 17:52:18 2016 +0800 vhost-vsock: remove unused vq variable Signed-off-by: Peng Tao Reviewed-by: Stefan Hajnoczi Signed-off-by: David S. Miller drivers/vhost/vsock.c | 3 --- 1 file changed, 3 deletions(-) commit f91c58d68b8638530e0eb2fec76c5b9e429ca39a Author: Zhang Shengju Date: Wed Dec 7 14:52:53 2016 +0800 icmp: correct return value of icmp_rcv() Currently, icmp_rcv() always return zero on a packet delivery upcall. To make its behavior more compliant with the way this API should be used, this patch changes this to let it return NET_RX_SUCCESS when the packet is proper handled, and NET_RX_DROP otherwise. Signed-off-by: Zhang Shengju Signed-off-by: David S. Miller net/ipv4/icmp.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 44b1c9a6e7a2692e761e35ada2ffe84b20c2a377 Author: Shawn Guo Date: Thu Dec 8 16:44:15 2016 +0800 ASoC: zte: spdif: correct ZX_SPDIF_CLK_RAT define The macro ZX_SPDIF_CLK_RAT should be 2 instead of 4. With this fix, we can get correct audio output on HDMI through SPDIF interface. Signed-off-by: Shawn Guo Acked-by: Jun Nie Signed-off-by: Mark Brown sound/soc/zte/zx-spdif.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit de7975c2a42de889e2b3fd2f7d46f899ad8ccd45 Author: Shawn Guo Date: Thu Dec 8 16:44:14 2016 +0800 ASoC: zte: spdif and i2s drivers are not zx296702 specific ZTE ZX SPDIF and I2S drivers can work on not only ZX296702 but also other ZTE ZX family SoCs like ZX296718, which is an arm64 platform. Let's make a few renaming and tweak the Kconfig a bit to get the drivers available for other ZTE ZX platforms. Signed-off-by: Shawn Guo Reviewed-by: Jun Nie Signed-off-by: Mark Brown sound/soc/zte/Kconfig | 16 +- sound/soc/zte/Makefile | 4 +- sound/soc/zte/zx-i2s.c | 436 +++++++++++++++++++++++++++++++++++++++++ sound/soc/zte/zx-spdif.c | 365 ++++++++++++++++++++++++++++++++++ sound/soc/zte/zx296702-i2s.c | 436 ----------------------------------------- sound/soc/zte/zx296702-spdif.c | 365 ---------------------------------- 6 files changed, 811 insertions(+), 811 deletions(-) commit 5762ab71eb24a8393a167361510d7ca5e18c99f9 Author: Romain Perier Date: Thu Dec 8 15:58:44 2016 +0100 spi: Add support for Armada 3700 SPI Controller Marvell Armada 3700 SoC comprises an SPI Controller. This Controller supports up to 4 SPI slave devices, with dedicated chip selects,supports SPI mode 0/1/2 and 3, CPIO or Fifo mode with DMA transfers and different SPI transfer mode (Single, Dual or Quad). This commit adds basic driver support for FIFO mode. In this mode, dedicated registers are used to store the instruction, the address, the read mode and the data. Write and Read FIFO are used to store the outcoming or incoming data. The data FIFOs are accessible via DMA or by the CPU. Only the CPU is supported for now. Signed-off-by: Romain Perier Tested-by: Gregory CLEMENT Signed-off-by: Mark Brown drivers/spi/Kconfig | 7 + drivers/spi/Makefile | 1 + drivers/spi/spi-armada-3700.c | 923 ++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 931 insertions(+) commit 4049537742b3ed39fac4da10d31f3171a2ee9a3e Author: Romain Perier Date: Thu Dec 8 15:58:45 2016 +0100 spi: armada-3700: Add documentation for the Armada 3700 SPI Controller This adds the devicetree bindings documentation for the SPI controller present in the Marvell Armada 3700 SoCs. Signed-off-by: Romain Perier Tested-by: Gregory CLEMENT Acked-by: Rob Herring Signed-off-by: Mark Brown .../devicetree/bindings/spi/spi-armada-3700.txt | 25 ++++++++++++++++++++++ 1 file changed, 25 insertions(+) commit 1d74e7ed5dc1903ac081574a9b6aa94e7ba4ad45 Author: Bjorn Andersson Date: Thu Dec 1 16:59:55 2016 -0800 rpmsg: qcom_smd: Correct return value for O_NONBLOCK qcom_smd_send() should return -EAGAIN for non-blocking channels with insufficient space, so that we can propagate this event to user space. Fixes: 53e2822e56c7 ("rpmsg: Introduce Qualcomm SMD backend") Signed-off-by: Bjorn Andersson drivers/rpmsg/qcom_smd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d07c9e1e212c9687f9198bfeba582e86cae3f6f9 Author: Vladimir Murzin Date: Wed Dec 7 13:17:40 2016 +0000 dmaengine: pl330: do not generate unaligned access When PL330 is used with !MMU the following fault is seen: Unhandled fault: alignment exception (0x801) at 0x8f26a002 Internal error: : 801 [#1] ARM Modules linked in: CPU: 0 PID: 640 Comm: dma0chan0-copy0 Not tainted 4.8.0-6a82063-clean+ #1600 Hardware name: ARM-Versatile Express task: 8f1baa80 task.stack: 8e6fe000 PC is at _setup_req+0x4c/0x350 LR is at 0x8f2cbc00 pc : [<801ea538>] lr : [<8f2cbc00>] psr: 60000093 sp : 8e6ffdc0 ip : 00000000 fp : 00000000 r10: 00000000 r9 : 8f2cba10 r8 : 8f2cbc00 r7 : 80000013 r6 : 8f21a050 r5 : 8f21a000 r4 : 8f2ac800 r3 : 8e6ffe18 r2 : 00944251 r1 : ffffffbc r0 : 8f26a000 Flags: nZCv IRQs off FIQs on Mode SVC_32 ISA ARM Segment none Control: 00c5387c Process dma0chan0-copy0 (pid: 640, stack limit = 0x8e6fe210) Stack: (0x8e6ffdc0 to 0x8e700000) fdc0: 00000001 60000093 00000000 8f2cba10 8f26a000 00000004 8f0ae000 8f2cbc00 fde0: 8f0ae000 8f2ac800 8f21a000 8f21a050 80000013 8f2cbc00 8f2cba10 00000000 fe00: 60000093 801ebca0 8e6ffe18 000013ff 40000093 00000000 00944251 8f2ac800 fe20: a0000013 8f2b1320 00001986 00000000 00000001 000013ff 8f1e4f00 8f2cba10 fe40: 8e6fff6c 801e9044 00000003 00000000 fef98c80 002faf07 8e6ffe7c 00000000 fe60: 00000002 00000000 00001986 8f1f158d 8f1e4f00 80568de4 00000002 00000000 fe80: 00001986 8f1f53ff 40000001 80580500 8f1f158d 8001e00c 00000000 cfdfdfdf fea0: fdae2a25 00000001 00000004 8e6fe000 00000008 00000010 00000000 00000005 fec0: 8f2b1330 8f2b1334 8e6ffe80 8e6ffe8c 00001986 00000000 8f21a014 00000001 fee0: 8e6ffe60 8e6ffe78 00000002 00000000 000013ff 00000001 80568de4 8f1e8018 ff00: 0000158d 8055ec30 00000001 803f6b00 00001986 8f2cba10 fdae2a25 00000001 ff20: 8f1baca8 8e6fff24 8e6fff24 00000000 8e6fff24 ac6f3037 00000000 00000000 ff40: 00000000 8e6fe000 8f1e4f40 00000000 8f1e4f40 8f1e4f00 801e84ec 00000000 ff60: 00000000 00000000 00000000 80031714 dfdfdfcf 00000000 dfdfdfcf 8f1e4f00 ff80: 00000000 8e6fff84 8e6fff84 00000000 8e6fff90 8e6fff90 8e6fffac 8f1e4f40 ffa0: 80031640 00000000 00000000 8000f548 00000000 00000000 00000000 00000000 ffc0: 00000000 00000000 00000000 00000000 00000000 00000000 00000000 00000000 ffe0: 00000000 00000000 00000000 00000000 00000013 00000000 dfdfdfcf cfdfdfdf [<801ea538>] (_setup_req) from [<801ebca0>] (pl330_tasklet+0x41c/0x490) [<801ebca0>] (pl330_tasklet) from [<801e9044>] (dmatest_func+0xb58/0x149c) [<801e9044>] (dmatest_func) from [<80031714>] (kthread+0xd4/0xec) [<80031714>] (kthread) from [<8000f548>] (ret_from_fork+0x14/0x2c) Code: e3a03001 e3e01043 e5c03001 e59d3048 (e5802002) This happens because _emit_{ADDH,MOV,GO) accessing to unaligned data while writing to buffer. Fix it with writing to buffer byte by byte. Reviewed-by: Robin Murphy Tested-by: Robin Murphy Signed-off-by: Vladimir Murzin Signed-off-by: Vinod Koul drivers/dma/pl330.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) commit 646b3b569e9ac54436b93bd91e0c0e111178bec0 Author: Vinod Koul Date: Wed Dec 7 09:36:22 2016 +0530 dmaengine: k3dma: move to dma_pool_zalloc Replace dma_pool_alloc & memset with dma_pool_zalloc. Acked-by: Zhangfei Gao Signed-off-by: Vinod Koul drivers/dma/k3dma.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 12154c87374c90b3b6bc169e1162aa4a27e91a63 Author: Vinod Koul Date: Wed Dec 7 09:36:22 2016 +0530 dmaengine: at_hdmac: move to dma_pool_zalloc Replace dma_pool_alloc & memset with dma_pool_zalloc. Signed-off-by: Vinod Koul drivers/dma/at_hdmac.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 8b27787a6dda01c5281d8fb22ae79063f8b21e33 Author: Shuah Khan Date: Wed Dec 7 12:01:10 2016 -0700 selftests: add missing gitignore files/dirs Add missing files and directories to gitignore. Create .gitignore files as needed. Signed-off-by: Shuah Khan tools/testing/selftests/.gitignore | 1 + tools/testing/selftests/nsfs/.gitignore | 2 ++ tools/testing/selftests/sigaltstack/.gitignore | 1 + 3 files changed, 4 insertions(+) commit 1dbbf44178e38b2f6c0af9e011615e6cd7ab3a01 Author: Shuah Khan Date: Wed Dec 7 11:59:30 2016 -0700 selftests: add missing set-tz to timers .gitignore set-tz is missing from timers/.gitignore. Add it. Signed-off-by: Shuah Khan tools/testing/selftests/timers/.gitignore | 1 + 1 file changed, 1 insertion(+) commit 15f7e3c21b76598bc6e5816d2577ce843b2b963f Author: Wei Yongjun Date: Sat Sep 17 00:41:37 2016 +0000 iw_cxgb4: Fix error return code in c4iw_rdev_open() Fix to return error code -ENOMEM from the __get_free_page() error handling case instead of 0, as done elsewhere in this function. Fixes: 05eb23893c2c ("cxgb4/iw_cxgb4: Doorbell Drop Avoidance Bug Fixes") Signed-off-by: Wei Yongjun Acked-by: Steve Wise Signed-off-by: Doug Ledford drivers/infiniband/hw/cxgb4/device.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 36da91bdf568e804aac3ef02a5e3d867585f08fb Author: Petr Mladek Date: Wed Oct 19 13:50:47 2016 +0200 KVM: x86: Handle the kthread worker using the new API Use the new API to create and destroy the "kvm-pit" kthread worker. The API hides some implementation details. In particular, kthread_create_worker() allocates and initializes struct kthread_worker. It runs the kthread the right way and stores task_struct into the worker structure. kthread_destroy_worker() flushes all pending works, stops the kthread and frees the structure. This patch does not change the existing behavior except for dynamically allocating struct kthread_worker and storing only the pointer of this structure. It is compile tested only because I did not find an easy way how to run the code. Well, it should be pretty safe given the nature of the change. Signed-off-by: Petr Mladek Message-Id: <1476877847-11217-1-git-send-email-pmladek@suse.com> Signed-off-by: Paolo Bonzini arch/x86/kvm/i8254.c | 15 ++++++--------- arch/x86/kvm/i8254.h | 3 +-- 2 files changed, 7 insertions(+), 11 deletions(-) commit 16c2aec6a295f8a4916dbcbaa5051cf5c78be56a Author: Jan Dakinevich Date: Fri Oct 28 07:00:30 2016 +0300 KVM: nVMX: invvpid handling improvements - Expose all invalidation types to the L1 - Reject invvpid instruction, if L1 passed zero vpid value to single context invalidations Signed-off-by: Jan Dakinevich Signed-off-by: Paolo Bonzini arch/x86/kvm/vmx.c | 10 ++++++++++ 1 file changed, 10 insertions(+) commit 1dc35dacc16b4f13547125c5df2d026d9e46ea01 Author: Ladi Prosek Date: Wed Nov 30 16:03:11 2016 +0100 KVM: nVMX: check host CR3 on vmentry and vmexit This commit adds missing host CR3 checks. Before entering guest mode, the value of CR3 is checked for reserved bits. After returning, nested_vmx_load_cr3 is called to set the new CR3 value and check and load PDPTRs. Signed-off-by: Ladi Prosek Signed-off-by: Radim Krčmář arch/x86/include/uapi/asm/vmx.h | 1 + arch/x86/kvm/vmx.c | 25 ++++++++++++++++++------- 2 files changed, 19 insertions(+), 7 deletions(-) commit 9ed38ffad47316dbdc16de0de275868c7771754d Author: Ladi Prosek Date: Wed Nov 30 16:03:10 2016 +0100 KVM: nVMX: introduce nested_vmx_load_cr3 and call it on vmentry Loading CR3 as part of emulating vmentry is different from regular CR3 loads, as implemented in kvm_set_cr3, in several ways. * different rules are followed to check CR3 and it is desirable for the caller to distinguish between the possible failures * PDPTRs are not loaded if PAE paging and nested EPT are both enabled * many MMU operations are not necessary This patch introduces nested_vmx_load_cr3 suitable for CR3 loads as part of nested vmentry and vmexit, and makes use of it on the nested vmentry path. Signed-off-by: Ladi Prosek Signed-off-by: Radim Krčmář arch/x86/include/asm/kvm_host.h | 1 + arch/x86/kvm/vmx.c | 57 ++++++++++++++++++++++++++++++----------- arch/x86/kvm/x86.c | 3 ++- 3 files changed, 45 insertions(+), 16 deletions(-) commit ee146c1c100dbe9ca92252be2e901b957476b253 Author: Ladi Prosek Date: Wed Nov 30 16:03:09 2016 +0100 KVM: nVMX: propagate errors from prepare_vmcs02 It is possible that prepare_vmcs02 fails to load the guest state. This patch adds the proper error handling for such a case. L1 will receive an INVALID_STATE vmexit with the appropriate exit qualification if it happens. A failure to set guest CR3 is the only error propagated from prepare_vmcs02 at the moment. Signed-off-by: Ladi Prosek Signed-off-by: Radim Krčmář arch/x86/kvm/vmx.c | 23 +++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) commit 7ca29de21362de242025fbc1c22436e19e39dddc Author: Ladi Prosek Date: Wed Nov 30 16:03:08 2016 +0100 KVM: nVMX: fix CR3 load if L2 uses PAE paging and EPT KVM does not correctly handle L1 hypervisors that emulate L2 real mode with PAE and EPT, such as Hyper-V. In this mode, the L1 hypervisor populates guest PDPTE VMCS fields and leaves guest CR3 uninitialized because it is not used (see 26.3.2.4 Loading Page-Directory-Pointer-Table Entries). KVM always dereferences CR3 and tries to load PDPTEs if PAE is on. This leads to two related issues: 1) On the first nested vmentry, the guest PDPTEs, as populated by L1, are overwritten in ept_load_pdptrs because the registers are believed to have been loaded in load_pdptrs as part of kvm_set_cr3. This is incorrect. L2 is running with PAE enabled but PDPTRs have been set up by L1. 2) When L2 is about to enable paging and loads its CR3, we, again, attempt to load PDPTEs in load_pdptrs called from kvm_set_cr3. There are no guarantees that this will succeed (it's just a CR3 load, paging is not enabled yet) and if it doesn't, kvm_set_cr3 returns early without persisting the CR3 which is then lost and L2 crashes right after it enables paging. This patch replaces the kvm_set_cr3 call with a simple register write if PAE and EPT are both on. CR3 is not to be interpreted in this case. Signed-off-by: Ladi Prosek Signed-off-by: Radim Krčmář arch/x86/kvm/vmx.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) commit 5a6a9748b4b41c1708dca12342256a19434513f2 Author: David Matlack Date: Tue Nov 29 18:14:10 2016 -0800 KVM: nVMX: load GUEST_EFER after GUEST_CR0 during emulated VM-entry vmx_set_cr0() modifies GUEST_EFER and "IA-32e mode guest" in the current VMCS. Call vmx_set_efer() after vmx_set_cr0() so that emulated VM-entry is more faithful to VMCS12. This patch correctly causes VM-entry to fail when "IA-32e mode guest" is 1 and GUEST_CR0.PG is 0. Previously this configuration would succeed and "IA-32e mode guest" would silently be disabled by KVM. Signed-off-by: David Matlack Signed-off-by: Radim Krčmář arch/x86/kvm/vmx.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) commit 8322ebbb24088c22049ef53cd066c6c220640edb Author: David Matlack Date: Tue Nov 29 18:14:09 2016 -0800 KVM: nVMX: generate MSR_IA32_CR{0,4}_FIXED1 from guest CPUID MSR_IA32_CR{0,4}_FIXED1 define which bits in CR0 and CR4 are allowed to be 1 during VMX operation. Since the set of allowed-1 bits is the same in and out of VMX operation, we can generate these MSRs entirely from the guest's CPUID. This lets userspace avoiding having to save/restore these MSRs. This patch also initializes MSR_IA32_CR{0,4}_FIXED1 from the CPU's MSRs by default. This is a saner than the current default of -1ull, which includes bits that the host CPU does not support. Signed-off-by: David Matlack Signed-off-by: Radim Krčmář arch/x86/kvm/vmx.c | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 52 insertions(+), 3 deletions(-) commit 3899152ccbf42d7e3d3c7830b1fae75a575a1ed6 Author: David Matlack Date: Tue Nov 29 18:14:08 2016 -0800 KVM: nVMX: fix checks on CR{0,4} during virtual VMX operation KVM emulates MSR_IA32_VMX_CR{0,4}_FIXED1 with the value -1ULL, meaning all CR0 and CR4 bits are allowed to be 1 during VMX operation. This does not match real hardware, which disallows the high 32 bits of CR0 to be 1, and disallows reserved bits of CR4 to be 1 (including bits which are defined in the SDM but missing according to CPUID). A guest can induce a VM-entry failure by setting these bits in GUEST_CR0 and GUEST_CR4, despite MSR_IA32_VMX_CR{0,4}_FIXED1 indicating they are valid. Since KVM has allowed all bits to be 1 in CR0 and CR4, the existing checks on these registers do not verify must-be-0 bits. Fix these checks to identify must-be-0 bits according to MSR_IA32_VMX_CR{0,4}_FIXED1. This patch should introduce no change in behavior in KVM, since these MSRs are still -1ULL. Signed-off-by: David Matlack Signed-off-by: Radim Krčmář arch/x86/kvm/vmx.c | 77 +++++++++++++++++++++++++++++++++++++----------------- 1 file changed, 53 insertions(+), 24 deletions(-) commit 62cc6b9dc61eeedd96c862daa7adc08ff1b2b23b Author: David Matlack Date: Tue Nov 29 18:14:07 2016 -0800 KVM: nVMX: support restore of VMX capability MSRs The VMX capability MSRs advertise the set of features the KVM virtual CPU can support. This set of features varies across different host CPUs and KVM versions. This patch aims to addresses both sources of differences, allowing VMs to be migrated across CPUs and KVM versions without guest-visible changes to these MSRs. Note that cross-KVM- version migration is only supported from this point forward. When the VMX capability MSRs are restored, they are audited to check that the set of features advertised are a subset of what KVM and the CPU support. Since the VMX capability MSRs are read-only, they do not need to be on the default MSR save/restore lists. The userspace hypervisor can set the values of these MSRs or read them from KVM at VCPU creation time, and restore the same value after every save/restore. Signed-off-by: David Matlack Signed-off-by: Radim Krčmář arch/x86/include/asm/vmx.h | 31 +++++ arch/x86/kvm/vmx.c | 290 +++++++++++++++++++++++++++++++++++++++++---- 2 files changed, 297 insertions(+), 24 deletions(-) commit 0115f9cbac61918363cbaf26c8521ff9176ccc35 Author: David Matlack Date: Tue Nov 29 18:14:06 2016 -0800 KVM: nVMX: generate non-true VMX MSRs based on true versions The "non-true" VMX capability MSRs can be generated from their "true" counterparts, by OR-ing the default1 bits. The default1 bits are fixed and defined in the SDM. Since we can generate the non-true VMX MSRs from the true versions, there's no need to store both in struct nested_vmx. This also lets userspace avoid having to restore the non-true MSRs. Note this does not preclude emulating MSR_IA32_VMX_BASIC[55]=0. To do so, we simply need to set all the default1 bits in the true MSRs (such that the true MSRs and the generated non-true MSRs are equal). Signed-off-by: David Matlack Suggested-by: Paolo Bonzini Signed-off-by: Radim Krčmář arch/x86/kvm/vmx.c | 45 +++++++++++++++++++-------------------------- 1 file changed, 19 insertions(+), 26 deletions(-) commit ea07e42dec5644105db8a853575a0a271f93d294 Author: Kyle Huey Date: Tue Nov 29 12:40:41 2016 -0800 KVM: x86: Do not clear RFLAGS.TF when a singlestep trap occurs. The trap flag stays set until software clears it. Signed-off-by: Kyle Huey Signed-off-by: Radim Krčmář arch/x86/kvm/x86.c | 1 - 1 file changed, 1 deletion(-) commit 6affcbedcac79b01c8d01948a693461040133e46 Author: Kyle Huey Date: Tue Nov 29 12:40:40 2016 -0800 KVM: x86: Add kvm_skip_emulated_instruction and use it. kvm_skip_emulated_instruction calls both kvm_x86_ops->skip_emulated_instruction and kvm_vcpu_check_singlestep, skipping the emulated instruction and generating a trap if necessary. Replacing skip_emulated_instruction calls with kvm_skip_emulated_instruction is straightforward, except for: - ICEBP, which is already inside a trap, so avoid triggering another trap. - Instructions that can trigger exits to userspace, such as the IO insns, MOVs to CR8, and HALT. If kvm_skip_emulated_instruction does trigger a KVM_GUESTDBG_SINGLESTEP exit, and the handling code for IN/OUT/MOV CR8/HALT also triggers an exit to userspace, the latter will take precedence. The singlestep will be triggered again on the next instruction, which is the current behavior. - Task switch instructions which would require additional handling (e.g. the task switch bit) and are instead left alone. - Cases where VMLAUNCH/VMRESUME do not proceed to the next instruction, which do not trigger singlestep traps as mentioned previously. Signed-off-by: Kyle Huey Signed-off-by: Radim Krčmář arch/x86/include/asm/kvm_host.h | 3 +- arch/x86/kvm/cpuid.c | 3 +- arch/x86/kvm/svm.c | 11 +-- arch/x86/kvm/vmx.c | 177 ++++++++++++++++------------------------ arch/x86/kvm/x86.c | 33 ++++++-- 5 files changed, 103 insertions(+), 124 deletions(-) commit eb2775621701e6ee3ea2a474437d04e93ccdcb2f Author: Kyle Huey Date: Tue Nov 29 12:40:39 2016 -0800 KVM: VMX: Move skip_emulated_instruction out of nested_vmx_check_vmcs12 We can't return both the pass/fail boolean for the vmcs and the upcoming continue/exit-to-userspace boolean for skip_emulated_instruction out of nested_vmx_check_vmcs, so move skip_emulated_instruction out of it instead. Additionally, VMENTER/VMRESUME only trigger singlestep exceptions when they advance the IP to the following instruction, not when they a) succeed, b) fail MSR validation or c) throw an exception. Add a separate call to skip_emulated_instruction that will later not be converted to the variant that checks the singlestep flag. Signed-off-by: Kyle Huey Signed-off-by: Radim Krčmář arch/x86/kvm/vmx.c | 53 +++++++++++++++++++++++++++++++++-------------------- 1 file changed, 33 insertions(+), 20 deletions(-) commit 09ca3f20492fb0b03060b56a47afa211476740a8 Author: Kyle Huey Date: Tue Nov 29 12:40:38 2016 -0800 KVM: VMX: Reorder some skip_emulated_instruction calls The functions being moved ahead of skip_emulated_instruction here don't need updated IPs, and skipping the emulated instruction at the end will make it easier to return its value. Signed-off-by: Kyle Huey Signed-off-by: Radim Krčmář arch/x86/kvm/vmx.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) commit 6a908b628cff81d3f1eb737327c8b726c8fdfd4e Author: Kyle Huey Date: Tue Nov 29 12:40:37 2016 -0800 KVM: x86: Add a return value to kvm_emulate_cpuid Once skipping the emulated instruction can potentially trigger an exit to userspace (via KVM_GUESTDBG_SINGLESTEP) kvm_emulate_cpuid will need to propagate a return value. Signed-off-by: Kyle Huey Signed-off-by: Radim Krčmář arch/x86/include/asm/kvm_host.h | 2 +- arch/x86/kvm/cpuid.c | 3 ++- arch/x86/kvm/svm.c | 3 +-- arch/x86/kvm/vmx.c | 3 +-- 4 files changed, 5 insertions(+), 6 deletions(-) commit ff6af28faff53a7389230026b83e543385f7b21d Author: Masahiro Yamada Date: Thu Dec 8 21:50:55 2016 +0900 mmc: sdhci-cadence: add Cadence SD4HC support Add a driver for the Cadence SD4HC SD/SDIO/eMMC Controller. For SD, it basically relies on the SDHCI standard code. For eMMC, this driver provides some callbacks to support the hardware part that is specific to this IP design. Signed-off-by: Masahiro Yamada Acked-by: Adrian Hunter Signed-off-by: Ulf Hansson .../devicetree/bindings/mmc/sdhci-cadence.txt | 30 +++ drivers/mmc/host/Kconfig | 11 + drivers/mmc/host/Makefile | 1 + drivers/mmc/host/sdhci-cadence.c | 283 +++++++++++++++++++++ 4 files changed, 325 insertions(+) commit 85a882c2e91d3655927ecdc1db823d1420a65b8f Author: Masahiro Yamada Date: Thu Dec 8 21:50:54 2016 +0900 mmc: sdhci: export sdhci_execute_tuning() Some SDHCI-compat controllers support not only SD, but also eMMC, but they use different commands for tuning: CMD19 for SD, CMD21 for eMMC. Due to the difference of the underlying mechanism, some controllers (at least, the Cadence IP is the case) provide their own registers for the eMMC tuning. This commit will be useful when we want to override .execute_tuning callback (for eMMC HS200 tuning), but still let it fall back to sdhci_execute_tuning() for SD timing. Signed-off-by: Masahiro Yamada Acked-by: Adrian Hunter Signed-off-by: Ulf Hansson drivers/mmc/host/sdhci.c | 3 ++- drivers/mmc/host/sdhci.h | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) commit 8fb9dcbdc3619741c10c573199d804161c34c89a Author: Oleg Nesterov Date: Tue Nov 29 18:51:10 2016 +0100 kthread: Don't abuse kthread_create_on_cpu() in __kthread_create_worker() kthread_create_on_cpu() sets KTHREAD_IS_PER_CPU and kthread->cpu, this only makes sense if this kthread can be parked/unparked by cpuhp code. kthread workers never call kthread_parkme() so this has no effect. Change __kthread_create_worker() to simply call kthread_bind(task, cpu). The very fact that kthread_create_on_cpu() doesn't accept a generic fmt shows that it should not be used outside of smpboot.c. Now, the only reason we can not unexport this helper and move it into smpboot.c is that it sets kthread->cpu and struct kthread is not exported. And the only reason we can not kill kthread->cpu is that kthread_unpark() is used by drivers/gpu/drm/amd/scheduler/gpu_scheduler.c and thus we can not turn _unpark into kthread_unpark(struct smp_hotplug_thread *, cpu). Signed-off-by: Oleg Nesterov Tested-by: Petr Mladek Acked-by: Peter Zijlstra (Intel) Reviewed-by: Petr Mladek Cc: Chunming Zhou Cc: Roman Pen Cc: Andy Lutomirski Cc: Tejun Heo Cc: Andy Lutomirski Cc: Alex Deucher Cc: Andrew Morton Link: http://lkml.kernel.org/r/20161129175110.GA5342@redhat.com Signed-off-by: Thomas Gleixner kernel/kthread.c | 23 ++++++++--------------- 1 file changed, 8 insertions(+), 15 deletions(-) commit cf380a4a96e2260742051fa7fc831596bb26cc8b Author: Oleg Nesterov Date: Tue Nov 29 18:51:07 2016 +0100 kthread: Don't use to_live_kthread() in kthread_[un]park() Now that to_kthread() is always validm change kthread_park() and kthread_unpark() to use it and kill to_live_kthread(). The conversion of kthread_unpark() is trivial. If KTHREAD_IS_PARKED is set then the task has called complete(&self->parked) and there the function cannot race against a concurrent kthread_stop() and exit. kthread_park() is more tricky, because its semantics are not well defined. It returns -ENOSYS if the thread exited but this can never happen and as Roman pointed out kthread_park() can obviously block forever if it would race with the exiting kthread. The usage of kthread_park() in cpuhp code (cpu.c, smpboot.c, stop_machine.c) is fine. It can never see an exiting/exited kthread, smpboot_destroy_threads() clears *ht->store, smpboot_park_thread() checks it is not NULL under the same smpboot_threads_lock. cpuhp_threads and cpu_stop_threads never exit, so other callers are fine too. But it has two more users: - watchdog_park_threads(): The code is actually correct, get_online_cpus() ensures that kthread_park() can't race with itself (note that kthread_park() can't handle this race correctly), but it should not use kthread_park() directly. - drivers/gpu/drm/amd/scheduler/gpu_scheduler.c should not use kthread_park() either. kthread_park() must not be called after amd_sched_fini() which does kthread_stop(), otherwise even to_live_kthread() is not safe because task_struct can be already freed and sched->thread can point to nowhere. The usage of kthread_park/unpark should either be restricted to core code which is properly protected against the exit race or made more robust so it is safe to use it in drivers. To catch eventual exit issues, add a WARN_ON(PF_EXITING) for now. Signed-off-by: Oleg Nesterov Acked-by: Peter Zijlstra (Intel) Reviewed-by: Thomas Gleixner Cc: Chunming Zhou Cc: Roman Pen Cc: Petr Mladek Cc: Andy Lutomirski Cc: Tejun Heo Cc: Andy Lutomirski Cc: Alex Deucher Cc: Andrew Morton Link: http://lkml.kernel.org/r/20161129175107.GA5339@redhat.com Signed-off-by: Thomas Gleixner kernel/kthread.c | 69 ++++++++++++++++++++------------------------------------ 1 file changed, 24 insertions(+), 45 deletions(-) commit efb29fbfa50c490dac64a9418ebe553be82df781 Author: Oleg Nesterov Date: Tue Nov 29 18:51:03 2016 +0100 kthread: Don't use to_live_kthread() in kthread_stop() kthread_stop() had to use to_live_kthread() simply because it was not possible to access kthread->exited after the exiting task clears task_struct->vfork_done. Now that to_kthread() is always valid, wake_up_process() + wait_for_completion() can be done ununconditionally. It's not an issue anymore if the task has already issued complete_vfork_done() or died. The exiting task can get the spurious wakeup after mm_release() but this is possible without this change too and is fine; do_task_dead() ensures that this can't make any harm. As a further enhancement this could be converted to task_work_add() later, so ->vfork_done can be avoided completely. Signed-off-by: Oleg Nesterov Acked-by: Peter Zijlstra (Intel) Reviewed-by: Thomas Gleixner Cc: Chunming Zhou Cc: Roman Pen Cc: Petr Mladek Cc: Andy Lutomirski Cc: Tejun Heo Cc: Andy Lutomirski Cc: Alex Deucher Cc: Andrew Morton Link: http://lkml.kernel.org/r/20161129175103.GA5336@redhat.com Signed-off-by: Thomas Gleixner kernel/kthread.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) commit eff9662547f358239b98dfc4a8e6905b494e14d6 Author: Oleg Nesterov Date: Tue Nov 29 18:51:00 2016 +0100 Revert "kthread: Pin the stack via try_get_task_stack()/put_task_stack() in to_live_kthread() function" This reverts commit 23196f2e5f5d810578a772785807dcdc2b9fdce9. Now that struct kthread is kmalloc'ed and not longer on the task stack there is no need anymore to pin the stack. Signed-off-by: Oleg Nesterov Acked-by: Peter Zijlstra (Intel) Acked-by: Thomas Gleixner Cc: Chunming Zhou Cc: Roman Pen Cc: Petr Mladek Cc: Andy Lutomirski Cc: Tejun Heo Cc: Andy Lutomirski Cc: Alex Deucher Cc: Andrew Morton Link: http://lkml.kernel.org/r/20161129175100.GA5333@redhat.com Signed-off-by: Thomas Gleixner kernel/kthread.c | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) commit 1da5c46fa965ff90f5ffc080b6ab3fae5e227bc3 Author: Oleg Nesterov Date: Tue Nov 29 18:50:57 2016 +0100 kthread: Make struct kthread kmalloc'ed commit 23196f2e5f5d "kthread: Pin the stack via try_get_task_stack() / put_task_stack() in to_live_kthread() function" is a workaround for the fragile design of struct kthread being allocated on the task stack. struct kthread in its current form should be removed, but this needs cleanups outside of kthread.c. As a first step move struct kthread away from the task stack by making it kmalloc'ed. This allows to access kthread.exited without the magic of trying to pin task stack and the try logic in to_live_kthread(). Signed-off-by: Oleg Nesterov Acked-by: Peter Zijlstra (Intel) Reviewed-by: Thomas Gleixner Cc: Chunming Zhou Cc: Roman Pen Cc: Petr Mladek Cc: Andy Lutomirski Cc: Tejun Heo Cc: Andy Lutomirski Cc: Alex Deucher Cc: Andrew Morton Link: http://lkml.kernel.org/r/20161129175057.GA5330@redhat.com Signed-off-by: Thomas Gleixner include/linux/kthread.h | 1 + kernel/fork.c | 2 ++ kernel/kthread.c | 58 ++++++++++++++++++++++++++++++++++++++----------- 3 files changed, 48 insertions(+), 13 deletions(-) commit 8ebcb400af619ee0ddeb39c06fc35511b20cc697 Author: Simon Horman Date: Thu Dec 1 10:07:26 2016 +0100 arm64: dts: h3ulcb: Provide sd0_uhs node Provide separaate sd0 and sd0_uhs nodes rather than duplicate sd0 nodes. Cc: Vladimir Barinov Cc: Sergei Shtylyov Fixes: 93373c309a70 ("arm64: dts: h3ulcb: rename SDHI0 pins") Signed-off-by: Simon Horman arch/arm64/boot/dts/renesas/r8a7795-h3ulcb.dts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 04b46fbdea5e31ffd745a34fa61269a69ba9f47a Author: Ard Biesheuvel Date: Thu Dec 8 08:23:52 2016 +0000 crypto: testmgr - fix overlap in chunked tests again Commit 7e4c7f17cde2 ("crypto: testmgr - avoid overlap in chunked tests") attempted to address a problem in the crypto testmgr code where chunked test cases are copied to memory in a way that results in overlap. However, the fix recreated the exact same issue for other chunked tests, by putting IDX3 within 492 bytes of IDX1, which causes overlap if the first chunk exceeds 492 bytes, which is the case for at least one of the xts(aes) test cases. So increase IDX3 by another 1000 bytes. Signed-off-by: Ard Biesheuvel Signed-off-by: Herbert Xu crypto/testmgr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 5c2a392d574231793a156bff4d4391b3c1ba11c5 Author: Tomi Valkeinen Date: Tue Nov 22 10:11:07 2016 +0200 drm/omap: tpd12s015: fix error handling tpd12s015 driver is missing error value handling for gpio initialization, causing 0 to be returned as an error if gpiod_get_* fails. This may cause deferred probing to fail. Signed-off-by: Tomi Valkeinen drivers/gpu/drm/omapdrm/displays/encoder-tpd12s015.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) commit e43f2c3395fd36ec9f8d069af07bcd3eae5fde17 Author: Tomi Valkeinen Date: Fri Dec 2 16:07:11 2016 +0200 drm/omap: fix primary-plane's possible_crtcs We set the possible_crtc for all planes to "(1 << priv->num_crtcs) - 1", which is fine as the HW planes can be used fro all crtcs. However, when we're doing that, we are still incrementing 'num_crtcs', and we'll end up with bad possible_crtcs, preventing the use of the primary planes. This patch passes a possible_crtcs mask to plane init function so that we get correct possible_crtc. Signed-off-by: Tomi Valkeinen drivers/gpu/drm/omapdrm/omap_drv.c | 17 ++++++++++++----- drivers/gpu/drm/omapdrm/omap_drv.h | 3 ++- drivers/gpu/drm/omapdrm/omap_plane.c | 6 +++--- 3 files changed, 17 insertions(+), 9 deletions(-) commit 5cd57a46e3e3dc088b50bbfcdc85d9e0d9c22159 Author: Tomi Valkeinen Date: Fri Dec 2 15:45:35 2016 +0200 drm: fix possible_crtc's type drm_universal_plane_init() and drm_plane_init() take "unsigned long possible_crtcs" parameter, but then stuff it into uint32_t. Change the parameter to uint32_t. Signed-off-by: Tomi Valkeinen Cc: Ville Syrjälä Reviewed-by: Laurent Pinchart Reviewed-by: Ville Syrjälä drivers/gpu/drm/drm_plane.c | 4 ++-- include/drm/drm_plane.h | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) commit 8f50f2a1b46a11a9a9fb46c5d8325dfc88281a76 Author: Paul Bolle Date: Fri Nov 25 13:30:04 2016 +0100 cris: No need to append -O2 and $(LINUXINCLUDE) The make variables asflags-y and ccflags-y are appended with -O2 and $(LINUXINCLUDE). But the build already picks up -O2 from the top Makefile and $(LINUXINCLUDE) from scripts/Makefile.lib. The net effect is that -O2 and the (long) list of include directories are used twice. This is harmless but pointless. So stop appending to these flags. Signed-off-by: Paul Bolle Signed-off-by: Jesper Nilsson arch/cris/boot/compressed/Makefile | 3 --- arch/cris/boot/rescue/Makefile | 3 --- 2 files changed, 6 deletions(-) commit 72a93e8dd52c9feea42f1258d555e6070680a347 Author: Chris Wilson Date: Wed Dec 7 21:45:27 2016 +0000 drm: Take ownership of the dmabuf->obj when exporting Currently the reference for the dmabuf->obj is incremented for the dmabuf in drm_gem_prime_handle_to_fd() (at the high level userspace interface), but is released in drm_gem_dmabuf_release() (the lowlevel handler). Improve the symmetry of the dmabuf->obj ownership by acquiring the reference in drm_gem_dmabuf_export(). This makes it easier to use the prime functions directly. Signed-off-by: Chris Wilson [danvet: Update kerneldoc.] Signed-off-by: Daniel Vetter Link: http://patchwork.freedesktop.org/patch/msgid/20161207214527.22533-1-chris@chris-wilson.co.uk drivers/gpu/drm/drm_prime.c | 12 +++++++----- drivers/gpu/drm/vgem/vgem_fence.c | 1 - 2 files changed, 7 insertions(+), 6 deletions(-) commit 777c6e0daebb3fcefbbd6f620410a946b07ef6d0 Author: Michal Hocko Date: Wed Dec 7 14:54:38 2016 +0100 hotplug: Make register and unregister notifier API symmetric Yu Zhao has noticed that __unregister_cpu_notifier only unregisters its notifiers when HOTPLUG_CPU=y while the registration might succeed even when HOTPLUG_CPU=n if MODULE is enabled. This means that e.g. zswap might keep a stale notifier on the list on the manual clean up during the pool tear down and thus corrupt the list. Resulting in the following [ 144.964346] BUG: unable to handle kernel paging request at ffff880658a2be78 [ 144.971337] IP: [] raw_notifier_chain_register+0x1b/0x40 [ 145.122628] Call Trace: [ 145.125086] [] __register_cpu_notifier+0x18/0x20 [ 145.131350] [] zswap_pool_create+0x273/0x400 [ 145.137268] [] __zswap_param_set+0x1fc/0x300 [ 145.143188] [] ? trace_hardirqs_on+0xd/0x10 [ 145.149018] [] ? kernel_param_lock+0x28/0x30 [ 145.154940] [] ? __might_fault+0x4f/0xa0 [ 145.160511] [] zswap_compressor_param_set+0x17/0x20 [ 145.167035] [] param_attr_store+0x5c/0xb0 [ 145.172694] [] module_attr_store+0x1d/0x30 [ 145.178443] [] sysfs_kf_write+0x4f/0x70 [ 145.183925] [] kernfs_fop_write+0x149/0x180 [ 145.189761] [] __vfs_write+0x18/0x40 [ 145.194982] [] vfs_write+0xb2/0x1a0 [ 145.200122] [] SyS_write+0x52/0xa0 [ 145.205177] [] entry_SYSCALL_64_fastpath+0x12/0x17 This can be even triggered manually by changing /sys/module/zswap/parameters/compressor multiple times. Fix this issue by making unregister APIs symmetric to the register so there are no surprises. Fixes: 47e627bc8c9a ("[PATCH] hotplug: Allow modules to use the cpu hotplug notifiers even if !CONFIG_HOTPLUG_CPU") Reported-and-tested-by: Yu Zhao Signed-off-by: Michal Hocko Cc: linux-mm@kvack.org Cc: Andrew Morton Cc: Dan Streetman Link: http://lkml.kernel.org/r/20161207135438.4310-1-mhocko@kernel.org Signed-off-by: Thomas Gleixner include/linux/cpu.h | 15 ++++----------- kernel/cpu.c | 2 +- 2 files changed, 5 insertions(+), 12 deletions(-) commit f3f4c4d68a2862c361fd9890998275da5ef02724 Author: Daniel Vetter Date: Wed Dec 7 15:49:39 2016 +0100 drm: Allow CAP_PRIME on !MODESET vgem (and our igt tests using vgem) need this. I suspect etnaviv will fare similarly. v2. Make it build. Oops. Fixes: d5264ed3823a ("drm: Return -ENOTSUPP when called for KMS cap with a non-KMS driver") Cc: Michel Dänzer Cc: Alex Deucher Cc: Chris Wilson Reviewed-by: Chris Wilson Reviewed-by: Michel Dänzer Signed-off-by: Daniel Vetter Link: http://patchwork.freedesktop.org/patch/msgid/20161207144939.22756-1-daniel.vetter@ffwll.ch drivers/gpu/drm/drm_ioctl.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) commit 238600783d7470bec19350b0ee79e01825d3c84f Author: Tomi Valkeinen Date: Thu Dec 8 10:30:21 2016 +0200 fbdev: remove current maintainer Remove Tomi Valkeinen from fbdev maintainer and mark fbdev as orphan. Signed-off-by: Tomi Valkeinen MAINTAINERS | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 577f79e411b7a81a8ae7ae4daf5d4056ebbfbc58 Author: Konrad Rzeszutek Wilk Date: Tue Dec 6 09:28:21 2016 -0500 xen/pci: Bubble up error and fix description. The function is never called under PV guests, and only shows up when MSI (or MSI-X) cannot be allocated. Convert the message to include the error value. Signed-off-by: Konrad Rzeszutek Wilk Reviewed-by: Juergen Gross Signed-off-by: Juergen Gross arch/x86/pci/xen.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 2466d4b9d0c21e6c28cd63516dea65806bf5a307 Author: Pan Bian Date: Mon Dec 5 16:22:22 2016 +0800 xen: xenbus: set error code on failure Variable err is initialized with 0. As a result, the return value may be 0 even if get_zeroed_page() fails to allocate memory. This patch fixes the bug, initializing err with "-ENOMEM". Signed-off-by: Pan Bian Reviewed-by: Juergen Gross Signed-off-by: Juergen Gross drivers/xen/xenbus/xenbus_probe.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 0fdb47440203ce06e09923c4d578cf3c20aef69a Author: Pan Bian Date: Mon Dec 5 16:23:05 2016 +0800 xen: set error code on failures Variable rc is reset in the loop, and its value will be non-negative during the second and after repeat of the loop. If it fails to allocate memory then, it may return a non-negative integer, which indicates no error. This patch fixes the bug, assigning "-ENOMEM" to rc when kzalloc() or alloc_page() returns NULL, and removing the initialization of rc outside of the loop. Signed-off-by: Pan Bian Reviewed-by: Juergen Gross Signed-off-by: Juergen Gross drivers/xen/gntalloc.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) commit a62da6f14db79bd7ea435ab095e998b31b3dbb22 Author: Johan Hedberg Date: Thu Dec 8 08:32:54 2016 +0200 Bluetooth: SMP: Add support for H7 crypto function and CT2 auth flag Bluetooth 5.0 introduces a new H7 key generation function that's used when both sides of the pairing set the CT2 authentication flag to 1. Signed-off-by: Johan Hedberg Signed-off-by: Marcel Holtmann net/bluetooth/smp.c | 85 ++++++++++++++++++++++++++++++++++++++++++----------- net/bluetooth/smp.h | 1 + 2 files changed, 69 insertions(+), 17 deletions(-) commit 0705f7b12b57f94032bc1b6cde05d12a0bafc7fa Author: Geliang Tang Date: Wed Nov 23 23:14:01 2016 +0800 Bluetooth: btmrvl: drop duplicate header slab.h Drop duplicate header slab.h from btmrvl_drv.h. Signed-off-by: Geliang Tang Signed-off-by: Marcel Holtmann drivers/bluetooth/btmrvl_drv.h | 1 - 1 file changed, 1 deletion(-) commit 5d82288b93db3bc7e943464f89079f1360ac3c50 Author: Stefan Schmidt Date: Mon Dec 5 14:47:20 2016 +0100 ieee802154: atusb: implement .set_frame_retries ops callback From firmware version 0.3 onwards we use the TX_ARET mode allowing for automatic frame retransmissions. To actually make use of this feature we need to implement the callback for setting the frame retries. If the firmware version is to old print a warning and return with invalid value. Signed-off-by: Stefan Schmidt Signed-off-by: Marcel Holtmann drivers/net/ieee802154/atusb.c | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) commit 6cc33eba232cebc9918c558b21b1e3b5fcab27b7 Author: Stefan Schmidt Date: Mon Dec 5 14:47:19 2016 +0100 ieee802154: atusb: try to read permanent extended address from device With version 0.3 the atusb firmware offers an interface to read a permanent EUI64 address from the devices EEPROM. This patch checks if the firmware is new enough and tries to read out and use the address. If this does not work we fall back to the original randomly generated address. Signed-off-by: Stefan Schmidt Signed-off-by: Marcel Holtmann drivers/net/ieee802154/atusb.c | 40 +++++++++++++++++++++++++++++++++++++++- 1 file changed, 39 insertions(+), 1 deletion(-) commit 46551564a28e07325140057876f92881d58a219a Author: Stefan Schmidt Date: Mon Dec 5 14:47:18 2016 +0100 ieee802154: atusb: store firmware version after retrieval for later use The firmware versions will be used to enable selective features based on the available firmware on the device. Make sure we do not need to fetch it for every check but store it after the initial retrieval. Signed-off-by: Stefan Schmidt Signed-off-by: Marcel Holtmann drivers/net/ieee802154/atusb.c | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) commit c84d59e72830ce7a7ce67cf7509d37342aa235db Author: Stefan Schmidt Date: Mon Dec 5 14:47:17 2016 +0100 ieee802154: atusb: sync header file from firmware for new features This file is shared between the atusb firmware and the kernel driver. In this update it brings the new interfaces from version 0.3 of the firmware. Signed-off-by: Stefan Schmidt Signed-off-by: Marcel Holtmann drivers/net/ieee802154/atusb.h | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) commit 951a086437b7c29a9f352e0ee6272fa1d90d783e Author: Vladimir Zapolskiy Date: Wed Dec 7 17:22:36 2016 -0800 Input: lpc32xx-keys - fix invalid error handling of a requested irq Semantics of NR_IRQS is different on machines with SPARSE_IRQ option disabled or enabled, in the latter case IRQs are allocated starting at least from the value specified by NR_IRQS and going upwards, so the check of (irq >= NR_IRQ) to decide about an error code returned by platform_get_irq() is completely invalid, don't attempt to overrule irq subsystem in the driver. The change fixes lpc32xx_keys driver initialization on boot: lpc32xx_keys 40050000.key: failed to get platform irq lpc32xx_keys: probe of 40050000.key failed with error -22 Signed-off-by: Vladimir Zapolskiy Acked-by: Sylvain Lemieux Signed-off-by: Dmitry Torokhov drivers/input/keyboard/lpc32xx-keys.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 5d244f7effafeaa5272ca5daa37d8b7bb17967a8 Author: Nick Dyer Date: Wed Dec 7 17:20:06 2016 -0800 Input: synaptics-rmi4 - fix debug for sensor clip The debug would only ever output zero for the clip information. Signed-off-by: Nick Dyer Reviewed-by: Andrew Duggan Tested-by: Chris Healy Signed-off-by: Dmitry Torokhov drivers/input/rmi4/rmi_f12.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) commit 5eba8c5d1fb3af28b2073ba5228d4998196c1bcc Author: Jaegeuk Kim Date: Wed Dec 7 16:23:32 2016 -0800 f2fs: fix to access nullified flush_cmd_control pointer f2fs_sync_file() remount_ro - f2fs_readonly - destroy_flush_cmd_control - f2fs_issue_flush - no fcc pointer! So, this patch doesn't free fcc in this case, but just stop its kernel thread which sends flush commands. Signed-off-by: Jaegeuk Kim fs/f2fs/f2fs.h | 2 +- fs/f2fs/segment.c | 33 +++++++++++++++++++++++++-------- fs/f2fs/super.c | 5 +++-- 3 files changed, 29 insertions(+), 11 deletions(-) commit e37d35082e75982ef714f9e25bfa43a061d0c5e6 Author: Viresh Kumar Date: Mon Dec 5 08:53:52 2016 +0530 devfreq: rk3399_dmc: Don't use OPP structures outside of RCU locks The OPP structures are abused to the best here, without understanding how the OPP core and RCU locks work. In short, the OPP pointer saved in 'rk3399_dmcfreq' can become invalid under your nose, as the OPP core may free it. Fix various abuses around OPP structures and calls. Reviewed-by: Chanwoo Choi Signed-off-by: Viresh Kumar Signed-off-by: Rafael J. Wysocki drivers/devfreq/rk3399_dmc.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) commit d8323de3d4062e1b5a5aa7e9c0f935138405a582 Author: Viresh Kumar Date: Thu Dec 1 16:12:14 2016 +0530 devfreq: rk3399_dmc: Remove dangling rcu_read_unlock() This call never had the rcu_read_lock() counterpart. Remove the unlock part as well. Signed-off-by: Viresh Kumar Reviewed-by: Chanwoo Choi Signed-off-by: Rafael J. Wysocki drivers/devfreq/rk3399_dmc.c | 1 - 1 file changed, 1 deletion(-) commit c8ce82b9b9c40d66709cce588f6281dd47cc3922 Author: Viresh Kumar Date: Thu Dec 1 15:55:40 2016 +0530 devfreq: exynos: Don't use OPP structures outside of RCU locks The OPP structures are abused to the best here, without understanding how the OPP core and RCU locks work. In short, the OPP pointer saved 'struct exynos_bus' can become invalid under your nose, as the OPP core may free it. Fix various abuses around OPP structures and calls. Signed-off-by: Viresh Kumar Acked-by: Chanwoo Choi Tested-by: Chanwoo Choi Signed-off-by: Rafael J. Wysocki drivers/devfreq/exynos-bus.c | 29 ++++++++++++++--------------- 1 file changed, 14 insertions(+), 15 deletions(-) commit bf006e149a5717a4614d44a62090ae98775af7a0 Author: Srinivas Pandruvada Date: Tue Dec 6 13:32:17 2016 -0800 Documentation: intel_pstate: Document HWP energy/performance hints Updated documentation for the support of energy performance hint in the HWP mode. Signed-off-by: Srinivas Pandruvada [ rjw: Subject & changelog ] Signed-off-by: Rafael J. Wysocki Documentation/cpu-freq/intel-pstate.txt | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) commit 984edbdccc6ff01b953492f72296685ce3ea2497 Author: Srinivas Pandruvada Date: Tue Dec 6 13:32:16 2016 -0800 cpufreq: intel_pstate: Support for energy performance hints with HWP It is possible to provide hints to the HWP algorithms in the processor to be more performance centric to more energy centric. These hints are provided by using HWP energy performance preference (EPP) or energy performance bias (EPB) settings. The scope of these settings is per logical processor, which means that each of the logical processors in the package can be programmed with a different value. This change provides cpufreq sysfs interface to provide hint. For each policy, two additional attributes will be available to check and provide hint. These attributes will only be present when the intel_pstate driver is using HWP mode. These attributes are: - energy_performance_available_preferences - energy_performance_preference To get list of supported hints: $ cat energy_performance_available_preferences default performance balance_performance balance_power power The current preference can be read or changed via cpufreq sysfs attribute "energy_performance_preference". Reading from this attribute will display current effective setting changed via any method. User can write any of the valid preference string to this attribute. User can always restore to power-on default by writing "default". Implementation Since these hints can be provided by direct MSR write or using some tools like x86_energy_perf_policy, the driver internally doesn't maintain any state. The user operation will result in direct read/write of MSR: 0x774 (HWP_REQUEST_MSR). Also driver use read modify write to update other fields in this MSR. Summary of changes: - struct cpudata field epp_saved is renamed to epp_powersave, as this stores the value to restore once policy is switched from performance to powersave to restore original powersave EPP value. - A new struct cpudata field epp_saved is used to store the raw MSR EPP/EPB value when a CPU goes offline or on suspend and restore on online/resume. This ensures that EPP value is restored to correct value irrespective of the means used to set. - EPP/EPB value ranges are fixed for each preference, which can be set for the cpufreq sysfs, so user request is mapped to/from this range. - New attributes are only added when HWP is present. - Since EPP value of 0 is valid the fields are initialized to -EINVAL when not valid. The field epp_default is read only once after powerup to avoid reading on subsequent CPU online operation - New suspend callback to store epp on suspend operation - Don't invalidate old epp_saved field on resume and online as now we can restore last epp value on suspend and this field can still have old EPP value sampled during switch to performance from powersave. - While here optimized setting of cpu_data->epp_powersave = epp in intel_pstate_hwp_set() as this was done in both true and false paths. - epp/epb set function returns error to caller on failure to pass on to user space for display. Signed-off-by: Srinivas Pandruvada Signed-off-by: Rafael J. Wysocki drivers/cpufreq/intel_pstate.c | 242 ++++++++++++++++++++++++++++++++++++++--- 1 file changed, 224 insertions(+), 18 deletions(-) commit b59fe540539623767cf18045a78fb672b40270d6 Author: Srinivas Pandruvada Date: Tue Dec 6 13:32:15 2016 -0800 cpufreq: intel_pstate: Add locking around HWP requests To avoid race conditions from multiple threads, increase the scope of intel_pstate_limits_lock to include HWP requests also. Signed-off-by: Srinivas Pandruvada [ rjw: Subject ] Signed-off-by: Rafael J. Wysocki drivers/cpufreq/intel_pstate.c | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) commit e783fd0cdc749716155ddebff660a98236f23f97 Merge: 3eff97b 1de7ac6 Author: Dave Airlie Date: Thu Dec 8 10:35:52 2016 +1000 Merge tag 'meson-drm-for-4.10' of github.com:superna9999/linux into drm-next Add support for the Amlogic Meson Video Processing Unit - Only CVBS/Composite output for Amlogic Meson GXBB/GXL/GXM SoCs - Add MAINTAINERS entry - Add DT bindings documentation * tag 'meson-drm-for-4.10' of github.com:superna9999/linux: MAINTAINERS: add entry for Amlogic DRM drivers dt-bindings: display: add Amlogic Meson DRM Bindings drm: Add support for Amlogic Meson Graphic Controller commit 3eff97b2d6d06fa381f456e5a786d576d62eb95e Merge: 8166255 7a9e102 Author: Dave Airlie Date: Thu Dec 8 10:33:26 2016 +1000 Merge tag 'drm-intel-next-fixes-2016-12-07' of git://anongit.freedesktop.org/git/drm-intel into drm-next first set of fixes for -next. * tag 'drm-intel-next-fixes-2016-12-07' of git://anongit.freedesktop.org/git/drm-intel: drm/i915: Move priority bumping for flips earlier drm/i915: Hold a reference on the request for its fence chain drm/i915/audio: fix hdmi audio noise issue drm/i915/debugfs: Increment return value of gt.next_seqno drm/i915/debugfs: Drop i915_hws_info drm/i915: Initialize dev_priv->atomic_cdclk_freq at init time drm/i915: Fix cdclk vs. dev_cdclk mess when not recomputing things drm/i915: Make skl_write_{plane,cursor}_wm() static drm/i915: Complete requests in nop_submit_request drm/i915/gvt: fix lock not released bug for dispatch_workload() err path drm/i915/gvt: fix getting 64bit bar size error drm/i915/gvt: fix missing init param.primary commit 9320f95c0b8f1d074f570385e6855d4554f693e4 Author: xing wei Date: Wed Dec 7 19:31:16 2016 +0800 PM / sleep: Print active wakeup sources when blocking on wakeup_count reads If there are any wakeup events being processed, read operation on /sys/power/wakeup_count will be blocked, so print the names of all active wakeup sources to help to find out who is preventing system suspend from triggering. While at it change pr_info() in pm_print_active_wakeup_sources() to pr_debug() to avoid excessive log noise. Signed-off-by: xing wei [ rjw: Subject & changelog ] Signed-off-by: Rafael J. Wysocki drivers/base/power/wakeup.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 8166255704edea288bb116375b3c2a47af2fe28c Author: Marek Vasut Date: Wed Dec 7 22:23:29 2016 +0100 drm: mxsfb: Select DRM_PANEL Select DRM_PANEL, since the MXSFB driver depends on it. Otherwise, we get the following error when compiling: drivers/built-in.o: In function `mxsfb_probe': core.c:(.text+0x9ce9c): undefined reference to `drm_panel_attach' core.c:(.text+0x9cff0): undefined reference to `drm_panel_detach' drivers/built-in.o: In function `mxsfb_panel_connector_destroy': core.c:(.text+0x9d614): undefined reference to `drm_panel_detach' drivers/built-in.o: In function `mxsfb_create_output': core.c:(.text+0x9d68c): undefined reference to `of_drm_find_panel' make: *** [Makefile:962: vmlinux] Error 1 Signed-off-by: Marek Vasut Cc: Daniel Vetter Cc: Dave Airlie Reported-by: Stefan Agner Signed-off-by: Dave Airlie drivers/gpu/drm/mxsfb/Kconfig | 1 + 1 file changed, 1 insertion(+) commit 20979202ee6e4c68dab7bcf408787225a656d18e Author: Pan Bian Date: Thu Dec 1 14:25:44 2016 +0800 clk: clk-wm831x: fix a logic error Fix bug https://bugzilla.kernel.org/show_bug.cgi?id=188561. Function wm831x_clkout_is_prepared() returns "true" when it fails to read CLOCK_CONTROL_1. "true" means the device is already prepared. So return "true" on the read failure seems improper. Signed-off-by: Pan Bian Acked-by: Charles Keepax Fixes: f05259a6ffa4 ("clk: wm831x: Add initial WM831x clock driver") Signed-off-by: Stephen Boyd drivers/clk/clk-wm831x.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 05a926227742b0bcbef366bbd710c4f6631c7d9f Author: Sahitya Tummala Date: Wed Dec 7 20:10:32 2016 +0530 PM / core: Fix bug in the error handling of async suspend If async_suspend is enabled for parent and child devices, then PM framework has to ensure that parent's async suspend gets called only after child's async suspend is done. In case if child's async suspend fails with error, then parent's async suspend must not be invoked. The current code uses async_error to ensure this but there is a problem with it in __device_suspend(). This function notifies the completion of child's async suspend before updating its error via async_error variable. As a result, parent's async suspend gets invoked even though it's child suspend has failed. Fix this bug by updating the async_error before notifying the child's completion. Signed-off-by: Sahitya Tummala [ rjw: Rearranged wthitespace ] Signed-off-by: Rafael J. Wysocki drivers/base/power/main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 1221ae211f64207f5caf40f9a03f9b8e50ff80cc Author: Masahiro Yamada Date: Wed Dec 7 10:32:33 2016 +0900 clk: uniphier: add cpufreq data for LD11, LD20 SoCs Add more data to 64bit SoCs for the cpufreq support. Signed-off-by: Masahiro Yamada Signed-off-by: Stephen Boyd drivers/clk/uniphier/clk-uniphier-sys.c | 32 ++++++++++++++++++++++++++++++++ drivers/clk/uniphier/clk-uniphier.h | 30 +++++++++++++++++++++++++++++- 2 files changed, 61 insertions(+), 1 deletion(-) commit d08f1f0d596c51430ab14d2236f6cc6b0337f5c5 Author: Masahiro Yamada Date: Wed Dec 7 10:32:32 2016 +0900 clk: uniphier: add CPU-gear change (cpufreq) support Core support code for CPU frequency changes, which will be used by the generic cpufreq driver. The register view is different from the generic clk-mux; it has a separate status register, and an update bit to load the register setting. Signed-off-by: Masahiro Yamada Signed-off-by: Stephen Boyd drivers/clk/uniphier/Makefile | 3 + drivers/clk/uniphier/clk-uniphier-core.c | 3 + drivers/clk/uniphier/clk-uniphier-cpugear.c | 115 ++++++++++++++++++++++++++++ drivers/clk/uniphier/clk-uniphier.h | 17 +++- 4 files changed, 136 insertions(+), 2 deletions(-) commit 5fccd64aa44829f87997e3342698ef98862adffd Merge: 63c36c4 73c25fb Author: David S. Miller Date: Wed Dec 7 19:16:46 2016 -0500 Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next Pablo Neira Ayuso says: ==================== Netfilter/IPVS updates for net-next The following patchset contains a large Netfilter update for net-next, to summarise: 1) Add support for stateful objects. This series provides a nf_tables native alternative to the extended accounting infrastructure for nf_tables. Two initial stateful objects are supported: counters and quotas. Objects are identified by a user-defined name, you can fetch and reset them anytime. You can also use a maps to allow fast lookups using any arbitrary key combination. More info at: http://marc.info/?l=netfilter-devel&m=148029128323837&w=2 2) On-demand registration of nf_conntrack and defrag hooks per netns. Register nf_conntrack hooks if we have a stateful ruleset, ie. state-based filtering or NAT. The new nf_conntrack_default_on sysctl enables this from newly created netnamespaces. Default behaviour is not modified. Patches from Florian Westphal. 3) Allocate 4k chunks and then use these for x_tables counter allocation requests, this improves ruleset load time and also datapath ruleset evaluation, patches from Florian Westphal. 4) Add support for ebpf to the existing x_tables bpf extension. From Willem de Bruijn. 5) Update layer 4 checksum if any of the pseudoheader fields is updated. This provides a limited form of 1:1 stateless NAT that make sense in specific scenario, eg. load balancing. 6) Add support to flush sets in nf_tables. This series comes with a new set->ops->deactivate_one() indirection given that we have to walk over the list of set elements, then deactivate them one by one. The existing set->ops->deactivate() performs an element lookup that we don't need. 7) Two patches to avoid cloning packets, thus speed up packet forwarding via nft_fwd from ingress. From Florian Westphal. 8) Two IPVS patches via Simon Horman: Decrement ttl in all modes to prevent infinite loops, patch from Dwip Banerjee. And one minor refactoring from Gao feng. 9) Revisit recent log support for nf_tables netdev families: One patch to ensure that we correctly handle non-ethernet packets. Another patch to add missing logger definition for netdev. Patches from Liping Zhang. 10) Three patches for nft_fib, one to address insufficient register initialization and another to solve incorrect (although harmless) byteswap operation. Moreover update xt_rpfilter and nft_fib to match lbcast packets with zeronet as source, eg. DHCP Discover packets (0.0.0.0 -> 255.255.255.255). Also from Liping Zhang. 11) Built-in DCCP, SCTP and UDPlite conntrack and NAT support, from Davide Caratti. While DCCP is rather hopeless lately, and UDPlite has been broken in many-cast mode for some little time, let's give them a chance by placing them at the same level as other existing protocols. Thus, users don't explicitly have to modprobe support for this and NAT rules work for them. Some people point to the lack of support in SOHO Linux-based routers that make deployment of new protocols harder. I guess other middleboxes outthere on the Internet are also to blame. Anyway, let's see if this has any impact in the midrun. 12) Skip software SCTP software checksum calculation if the NIC comes with SCTP checksum offload support. From Davide Caratti. 13) Initial core factoring to prepare conversion to hook array. Three patches from Aaron Conole. 14) Gao Feng made a wrong conversion to switch in the xt_multiport extension in a patch coming in the previous batch. Fix it in this batch. 15) Get vmalloc call in sync with kmalloc flags to avoid a warning and likely OOM killer intervention from x_tables. From Marcelo Ricardo Leitner. 16) Update Arturo Borrero's email address in all source code headers. ==================== Signed-off-by: David S. Miller commit 63c36c40b9b031b760f89f5991843b6eeb6314e7 Merge: 25e3e84 489a326 Author: David S. Miller Date: Wed Dec 7 19:03:23 2016 -0500 Merge branch '40GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/next-queue Jeff Kirsher says: ==================== 40GbE Intel Wired LAN Driver Updates 2016-12-07 This series contains updates to i40e and i40evf only. Filip modifies the i40e to log link speed change and when the link is brought up and down. Mitch replaces i40e_txd_use_count() with a new function which is slightly faster and better documented so the dim witted can better follow the code. Fixes the locking of the service task so that it is actually done in the service task and not in the scheduling function which calls the service task. Jacob, being the busy little beaver he is, provides most of the changes starting restores a workaround that is still needed in some configurations, specifically the Ethernet Controller XL710 for 40GbE QSFP+. Removes duplicate code and simplifies the i40e_vsi_add_vlan() and i40e_vsi_kill_vlan() functions. Removes detection of PTP frames over L4 (UDP) on the XL710 MAC, since there was a product decision to defeature it. Fixed a previous refactor of active filters which caused issues in the accounting of active_filters. Remaining work was done in the VLAN filters to improve readability and simplify code as much as possible to reduce inconsistencies. Alex fixes foul budget accounting in core code by returning actual work done, capped to budget-1. Henry fixes the "ethtool -p" function for 1G BaseT PHYs. Carolyn adds support for 25G devices for i40e and i40evf. Michal adds functions to apply the correct access method for external PHYs which could use Clause22 or Clause45 depending on the PHY. v2: dropped last patch from previous series, since changes are needed based on feedback from Sergei Shtylyov ==================== Signed-off-by: David S. Miller commit f5b893c947151d424a4ab55ea3a8544b81974b31 Author: Christoph Hellwig Date: Tue Dec 6 14:56:50 2016 +0100 scsi: qla4xxx: switch to pci_alloc_irq_vectors And simplify the MSI-X logic in general - just request the two vectors directly instead of going through an indirection table. Signed-off-by: Christoph Hellwig Reviewed-by: Nilesh Javali Signed-off-by: Martin K. Petersen drivers/scsi/qla4xxx/ql4_def.h | 18 +-------- drivers/scsi/qla4xxx/ql4_glbl.h | 1 - drivers/scsi/qla4xxx/ql4_isr.c | 27 +++++-------- drivers/scsi/qla4xxx/ql4_nx.c | 89 +++++++++++------------------------------ 4 files changed, 37 insertions(+), 98 deletions(-) commit 26f3ba9600e5d4437bb7299d2b01003b0d93e853 Author: John Garry Date: Tue Dec 6 20:44:07 2016 +0800 scsi: hisi_sas: support deferred probe for v2 hw In the hip06 and hip07 SoCs, the interrupt lines from the SAS controllers are connected to mbigen hw module [1]. The mbigen module is probed with module_init, and, as such, is not guaranteed to probe before the SAS driver. So we need to support deferred probe. We check for probe deferral in the hw layer probe, so we not probe into the main layer and allocate shost, memories, etc., to later learn that we need to defer the probe. [1] ./Documentation/devicetree/bindings/interrupt-controller/hisilicon,mbigen-v2.txt Signed-off-by: John Garry Reviewed-by: Zhangfei Gao Signed-off-by: Martin K. Petersen drivers/scsi/hisi_sas/hisi_sas_v2_hw.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) commit fad119b707f8cc01b259b8585af4f9688e57c9a7 Author: Hannes Reinecke Date: Fri Dec 2 12:52:23 2016 +0100 scsi: megaraid_sas: switch to pci_alloc_irq_vectors [mkp: fixed bad indentation] Signed-off-by: Hannes Reinecke Acked-by: Sumit Saxena Signed-off-by: Martin K. Petersen drivers/scsi/megaraid/megaraid_sas.h | 1 - drivers/scsi/megaraid/megaraid_sas_base.c | 78 +++++++++++++++---------------- 2 files changed, 38 insertions(+), 41 deletions(-) commit 816c60c131d95d6b0c7e119f89a1f1cb8d232fd8 Author: Alexandre Courbot Date: Fri Dec 2 20:57:56 2016 +0100 arm64: tegra: Add missing Smaug revision The "google,smaug-rev2" string is missing from the compatible list of Smaug's DT. The differences of rev2 are not relevant at our current level of support and it boots just fine, so add it. Signed-off-by: Alexandre Courbot Acked-by: Jon Hunter Acked-by: Andrew Bresticker Signed-off-by: Thierry Reding Signed-off-by: Arnd Bergmann arch/arm64/boot/dts/nvidia/tegra210-smaug.dts | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 5e6b9a89afceadb1ee45472098f7d20af260335c Author: Alexandre Courbot Date: Fri Dec 2 20:57:55 2016 +0100 arm64: tegra: Add VDD_GPU regulator to Jetson TX1 Add the VDD_GPU regulator (a GPIO-enabled PWM regulator) to the Jetson TX1 board. This addition allows the GPU to be used provided the bootloader properly enabled the GPU node. Signed-off-by: Alexandre Courbot Signed-off-by: Thierry Reding [as pointed out by Thierry on IRC, nobody has reported a bug in the field, but using a new bootloader with a .dtb that has the incorrect data, it will crash on boot] Fixes: 336f79c7b6d7 ("arm64: tegra: Add NVIDIA Jetson TX1 Developer Kit support") Cc: stable@vger.kernel.org #v4.5+ Signed-off-by: Arnd Bergmann arch/arm64/boot/dts/nvidia/tegra210-p2180.dtsi | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) commit 9c58b395563b15866c9fd9bb7e6f7f8db12ac3ae Author: Xose Vazquez Perez Date: Fri Nov 11 17:49:49 2016 +0100 scsi: scsi_devinfo: remove synchronous ALUA for NETAPP devices NetApp did confirm this is not required. Cc: Martin George Cc: Robert Stankey Cc: Steven Schremmer Cc: Sean Stewart Cc: Hannes Reinecke Cc: Christophe Varoqui Cc: James E.J. Bottomley Cc: Martin K. Petersen Cc: SCSI ML Cc: device-mapper development Signed-off-by: Xose Vazquez Perez Reviewed-by: Sean Stewart Signed-off-by: Martin K. Petersen drivers/scsi/scsi_devinfo.c | 2 -- 1 file changed, 2 deletions(-) commit 385895fef6b5f4723e33d0e58251c45bc708132d Author: Ashok Raj Date: Sat Nov 19 00:32:45 2016 -0800 PCI: pciehp: Prioritize data-link event over presence detect If Slot Status indicates changes in both Data Link Layer Status and Presence Detect, prioritize the Link status change. When both events are observed, pciehp currently relies on the Slot Status Presence Detect State (PDS) to agree with the Link Status Data Link Layer Active status. The Presence Detect State, however, may be set to 1 through out-of-band presence detect even if the link is down, which creates conflicting events. Since the Link Status accurately reflects the reachability of the downstream bus, the Link Status event should take precedence over a Presence Detect event. Skip checking the PDC status if we handled a link event in the same handler. Signed-off-by: Ashok Raj Signed-off-by: Bjorn Helgaas Reviewed-by: Keith Busch drivers/pci/hotplug/pciehp_hpc.c | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) commit 49da21108f773b50b01b9fd0b6ca97b91b6ff216 Author: Simon Horman Date: Tue Dec 6 16:51:31 2016 +0100 PCI: rcar: Add gen3 fallback compatibility string for pcie-rcar Add fallback compatibility string for the R-Car Gen 3 family. This is in keeping with the both the existing fallback compatibility string for the R-Car Gen 2 family and the fallback scheme being adopted wherever appropriate for drivers for Renesas SoCs. Signed-off-by: Simon Horman Signed-off-by: Bjorn Helgaas Documentation/devicetree/bindings/pci/rcar-pci.txt | 1 + drivers/pci/host/pcie-rcar.c | 1 + 2 files changed, 2 insertions(+) commit d83a328ad185b1e487a82479f840435ae297bee1 Author: Simon Horman Date: Tue Dec 6 16:51:30 2016 +0100 PCI: rcar: Use gen2 fallback compatibility last Improve readability by listing fallback compatibility strings after the more-specific compatibility strings they provide a fallback for. This does not affect run-time behaviour as it is the order in the DTB that determines which compatibility string is used. Signed-off-by: Simon Horman Signed-off-by: Bjorn Helgaas drivers/pci/host/pcie-rcar.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 7b99d94277ba49f401b7a5c1ad8a9084cc6c34a6 Author: Simon Horman Date: Tue Dec 6 16:51:29 2016 +0100 PCI: rcar-gen2: Use gen2 fallback compatibility last Improve readability by listing fallback compatibility strings after the more-specific compatibility strings they provide a fallback for. This does not affect run-time behaviour as it is the order in the DTB that determines which compatibility string is used. Signed-off-by: Simon Horman Signed-off-by: Bjorn Helgaas drivers/pci/host/pci-rcar-gen2.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 64d2ab32efe39354c29e1ecefea3769586026979 Author: Li Wang Date: Tue Nov 15 17:19:01 2016 +0800 vfs: fix put_compat_statfs64() does not handle errors put_compat_statfs64() does NOT return -1 and setting errno to EOVERFLOW when some variables(like: f_bsize) overflowed in the returned struct. The reason is that the ubuf->f_blocks is __u64 type, it couldn't be 4bits as the judgement in put_comat_statfs64(). Here correct the __u32 variables(in struct compat_statfs64) for comparison. reproducer: step1. mount hugetlbfs with two different pagesize on ppc64 arch. $ hugeadm --pool-pages-max 16M:0 $ hugeadm --create-mount $ mount | grep -i hugetlbfs none on /var/lib/hugetlbfs/pagesize-16MB type hugetlbfs (rw,relatime,seclabel,pagesize=16777216) none on /var/lib/hugetlbfs/pagesize-16GB type hugetlbfs (rw,relatime,seclabel,pagesize=17179869184) step2. compile & run this C program. $ cat statfs64_test.c #define _LARGEFILE64_SOURCE #include #include #include int main() { struct statfs64 sb; int err; err = syscall(SYS_statfs64, "/var/lib/hugetlbfs/pagesize-16GB", sizeof(sb), &sb); if (err) return -1; printf("sizeof f_bsize = %d, f_bsize=%ld\n", sizeof(sb.f_bsize), sb.f_bsize); return 0; } $ gcc -m32 statfs64_test.c $ ./a.out sizeof f_bsize = 4, f_bsize=0 Signed-off-by: Li Wang Reviewed-by: Andreas Dilger Signed-off-by: Al Viro fs/compat.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit a2125ff7dd1ed3a2a53cdc1f8f9c9cec9cfaa7ab Author: Jaegeuk Kim Date: Mon Dec 5 17:25:32 2016 -0800 f2fs: free meta pages if sanity check for ckpt is failed This fixes missing freeing meta pages in the error case. Tested-by: Eric Biggers Signed-off-by: Jaegeuk Kim fs/f2fs/checkpoint.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit 2040fce83fe17763b07c97c1f691da2bb85e4135 Author: Jaegeuk Kim Date: Mon Dec 5 13:56:04 2016 -0800 f2fs: detect wrong layout Previous mkfs.f2fs allows small partition inappropriately, so f2fs should detect that as well. Refer this in f2fs-tools. mkfs.f2fs: detect small partition by overprovision ratio and # of segments Reported-and-Tested-by: Eric Biggers Signed-off-by: Jaegeuk Kim fs/f2fs/segment.h | 2 ++ fs/f2fs/super.c | 11 +++++++++++ 2 files changed, 13 insertions(+) commit 24d5373dda7c00a438d26016bce140299fae675e Author: Julien Grall Date: Wed Dec 7 12:24:40 2016 +0000 arm/xen: Use alloc_percpu rather than __alloc_percpu The function xen_guest_init is using __alloc_percpu with an alignment which are not power of two. However, the percpu allocator never supported alignments which are not power of two and has always behaved incorectly in thise case. Commit 3ca45a4 "percpu: ensure requested alignment is power of two" introduced a check which trigger a warning [1] when booting linux-next on Xen. But in reality this bug was always present. This can be fixed by replacing the call to __alloc_percpu with alloc_percpu. The latter will use an alignment which are a power of two. [1] [ 0.023921] illegal size (48) or align (48) for percpu allocation [ 0.024167] ------------[ cut here ]------------ [ 0.024344] WARNING: CPU: 0 PID: 1 at linux/mm/percpu.c:892 pcpu_alloc+0x88/0x6c0 [ 0.024584] Modules linked in: [ 0.024708] [ 0.024804] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.9.0-rc7-next-20161128 #473 [ 0.025012] Hardware name: Foundation-v8A (DT) [ 0.025162] task: ffff80003d870000 task.stack: ffff80003d844000 [ 0.025351] PC is at pcpu_alloc+0x88/0x6c0 [ 0.025490] LR is at pcpu_alloc+0x88/0x6c0 [ 0.025624] pc : [] lr : [] pstate: 60000045 [ 0.025830] sp : ffff80003d847cd0 [ 0.025946] x29: ffff80003d847cd0 x28: 0000000000000000 [ 0.026147] x27: 0000000000000000 x26: 0000000000000000 [ 0.026348] x25: 0000000000000000 x24: 0000000000000000 [ 0.026549] x23: 0000000000000000 x22: 00000000024000c0 [ 0.026752] x21: ffff000008e97000 x20: 0000000000000000 [ 0.026953] x19: 0000000000000030 x18: 0000000000000010 [ 0.027155] x17: 0000000000000a3f x16: 00000000deadbeef [ 0.027357] x15: 0000000000000006 x14: ffff000088f79c3f [ 0.027573] x13: ffff000008f79c4d x12: 0000000000000041 [ 0.027782] x11: 0000000000000006 x10: 0000000000000042 [ 0.027995] x9 : ffff80003d847a40 x8 : 6f697461636f6c6c [ 0.028208] x7 : 6120757063726570 x6 : ffff000008f79c84 [ 0.028419] x5 : 0000000000000005 x4 : 0000000000000000 [ 0.028628] x3 : 0000000000000000 x2 : 000000000000017f [ 0.028840] x1 : ffff80003d870000 x0 : 0000000000000035 [ 0.029056] [ 0.029152] ---[ end trace 0000000000000000 ]--- [ 0.029297] Call trace: [ 0.029403] Exception stack(0xffff80003d847b00 to 0xffff80003d847c30) [ 0.029621] 7b00: 0000000000000030 0001000000000000 ffff80003d847cd0 ffff00000818e678 [ 0.029901] 7b20: 0000000000000002 0000000000000004 ffff000008f7c060 0000000000000035 [ 0.030153] 7b40: ffff000008f79000 ffff000008c4cd88 ffff80003d847bf0 ffff000008101778 [ 0.030402] 7b60: 0000000000000030 0000000000000000 ffff000008e97000 00000000024000c0 [ 0.030647] 7b80: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 [ 0.030895] 7ba0: 0000000000000035 ffff80003d870000 000000000000017f 0000000000000000 [ 0.031144] 7bc0: 0000000000000000 0000000000000005 ffff000008f79c84 6120757063726570 [ 0.031394] 7be0: 6f697461636f6c6c ffff80003d847a40 0000000000000042 0000000000000006 [ 0.031643] 7c00: 0000000000000041 ffff000008f79c4d ffff000088f79c3f 0000000000000006 [ 0.031877] 7c20: 00000000deadbeef 0000000000000a3f [ 0.032051] [] pcpu_alloc+0x88/0x6c0 [ 0.032229] [] __alloc_percpu+0x18/0x20 [ 0.032409] [] xen_guest_init+0x174/0x2f4 [ 0.032591] [] do_one_initcall+0x38/0x130 [ 0.032783] [] kernel_init_freeable+0xe0/0x248 [ 0.032995] [] kernel_init+0x10/0x100 [ 0.033172] [] ret_from_fork+0x10/0x50 Reported-by: Wei Chen Link: https://lkml.org/lkml/2016/11/28/669 Signed-off-by: Julien Grall Signed-off-by: Stefano Stabellini Reviewed-by: Stefano Stabellini Cc: stable@vger.kernel.org arch/arm/xen/enlighten.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 0722bdd2962a4a0f6d5e8973b0d274d147adacfb Author: Shawn Lin Date: Thu Nov 24 09:54:21 2016 +0800 PCI: rockchip: Move the deassert of pm/aclk/pclk after phy_init() Move deassert of pm/aclk/pclk after phy_init() as we want to optimize the logic of reset control and reuse rockchip_pcie_init_port() later which should fully follow the cold boot procedure of ROM code. Signed-off-by: Shawn Lin Signed-off-by: Bjorn Helgaas Reviewed-by: Brian Norris drivers/pci/host/pcie-rockchip.c | 40 ++++++++++++++++++++-------------------- 1 file changed, 20 insertions(+), 20 deletions(-) commit 9e663d3f11ee34dfe92dcea98992151cae55e1ea Author: Shawn Lin Date: Thu Nov 24 09:54:20 2016 +0800 PCI: rockchip: Split out rockchip_cfg_atu() Split out a new function, rockchip_cfg_atu(), in order to re-configure the ATU when missing these information after wakeup from S3. [bhelgaas: add "dev" temporary, return 0 when known] Signed-off-by: Shawn Lin Signed-off-by: Bjorn Helgaas Reviewed-by: Brian Norris drivers/pci/host/pcie-rockchip.c | 104 +++++++++++++++++++++------------------ 1 file changed, 55 insertions(+), 49 deletions(-) commit f37500b8aac47b436fe3fe3e63b7169f8eff190d Author: Shawn Lin Date: Wed Dec 7 15:06:00 2016 -0600 PCI: rockchip: Clean up bit definitions for PCIE_RC_CONFIG_LCS PCIE_RC_CONFIG_LCS contains control and status bits specific to the PCIe link. The layout for this register looks the same as the existing PCI_EXP_LNKCTL and PCI_EXP_LNKSTA. So let's reuse them. Signed-off-by: Shawn Lin Signed-off-by: Bjorn Helgaas drivers/pci/host/pcie-rockchip.c | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) commit a45e2611b9bbd81288d97d02ce7e74a60a698d43 Author: Brian Norris Date: Wed Dec 7 15:06:00 2016 -0600 PCI: rockchip: Correct the use of FTS mask We're trying to mask out bits[23:8] while retaining [32:24, 7:0], but we're doing the inverse. That doesn't have too much effect, since we're setting all the [23:8] bits to 1, and the other bits are only relevant for modes we're currently not using. But we should get this right. Fixes: ca1989084054 ("PCI: rockchip: Fix wrong transmitted FTS count") Signed-off-by: Brian Norris Signed-off-by: Bjorn Helgaas Acked-by: Shawn Lin drivers/pci/host/pcie-rockchip.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 77bc68cf17973ee81e1cbc21d634c99aa8dca014 Author: Shawn Lin Date: Wed Dec 7 15:05:59 2016 -0600 PCI: rockchip: Remove the pointer to L1 substate cap Per the errata of TRM, the RC can't support L1 substate, so remove the L1 substate cap as well as operation for PCIE_RC_CONFIG_L1_SUBSTATE_CTRL2. Tested-by: Brian Norris Signed-off-by: Shawn Lin Signed-off-by: Bjorn Helgaas drivers/pci/host/pcie-rockchip.c | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) commit f2fb5b8f2a0cb67ba4535eb08d9cfb301ac92429 Author: Shawn Lin Date: Wed Dec 7 15:05:59 2016 -0600 PCI: rockchip: Specify the link capability rk3399 supports PCIe 2.x link speeds marginally at best, and on some boards, the link won't train at 5 GT/s at all. Rather than sacrifice 500ms waiting for training that will never happen, let's use the helper function, of_pci_get_max_link_speed(), to get the max link speed from DT and specify link capability. Signed-off-by: Brian Norris Signed-off-by: Shawn Lin Signed-off-by: Bjorn Helgaas drivers/pci/host/pcie-rockchip.c | 60 +++++++++++++++++++++++++--------------- 1 file changed, 37 insertions(+), 23 deletions(-) commit 45e9320f3a4ef9588ee50a2eb1891c4bfdbb07df Author: Shawn Lin Date: Wed Dec 7 15:05:59 2016 -0600 PCI: rockchip: Fix negotiated lanes calculation The calculation of negotiated lanes is wrong: it should be shifted by PCIE_CORE_PL_CONF_LANE_SHIFT, but it is shifted by PCIE_CORE_PL_CONF_LANE_MASK instead. Let's fix it. Fixes: e77f847df54c ("PCI: rockchip: Add Rockchip PCIe controller support") Signed-off-by: Shawn Lin Signed-off-by: Bjorn Helgaas drivers/pci/host/pcie-rockchip.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 1177f76a7e7e52d4be3c78247b30ab73cabf7164 Author: Shawn Lin Date: Wed Dec 7 15:05:59 2016 -0600 PCI: rockchip: Add Kconfig COMPILE_TEST Allow selection of the Rockchip driver for compile testing, even if we aren't building for ARCH_ROCKCHIP. [bhelgaas: changelog] Signed-off-by: Shawn Lin Signed-off-by: Bjorn Helgaas drivers/pci/host/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit b8ab8e041cc0356323c1e4aee8047ea479650340 Author: Shawn Lin Date: Wed Dec 7 15:05:58 2016 -0600 PCI: rockchip: Mark RC as common clock architecture The default value of common clock configuration is zero indicating Rockchip's RC is using asynchronous clock architecture but actually we are using common clock. This will confuse some EP drivers if they need some different settings referring to this value. Set the Common Clock Configuration bit in the Link Control Register. Signed-off-by: Shawn Lin Signed-off-by: Bjorn Helgaas drivers/pci/host/pcie-rockchip.c | 6 ++++++ 1 file changed, 6 insertions(+) commit 4816c4c7b82b55bb46cb9b85ef8e6780fc618592 Author: Shawn Lin Date: Wed Dec 7 15:05:58 2016 -0600 PCI: rockchip: Provide captured slot power limit and scale If vpcie3v3 is available, we could provide these information via RC's configure register to make EP able to know the power limit. Signed-off-by: Shawn Lin Signed-off-by: Bjorn Helgaas drivers/pci/host/pcie-rockchip.c | 40 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) commit 8237c0b9570c09d513296ef0fde26ce0784e5179 Merge: dd1551b df2f3c4 Author: Olof Johansson Date: Wed Dec 7 12:38:43 2016 -0800 Merge tag 'zynq-dt-for-4.10' of https://github.com/Xilinx/linux-xlnx into next/dt arm: Xilinx Zynq dt patches for v4.10 - Remove skeleton.dtsi - Fix DTC warnings - Coding style changes - Microzed support * tag 'zynq-dt-for-4.10' of https://github.com/Xilinx/linux-xlnx: arm: dts: zynq: Add MicroZed board support ARM: zynq: Fix pmu register description coding style ARM: zynq: Fix W=1 dtc 1.4 warnings ARM: zynq: Remove skeleton.dtsi Signed-off-by: Olof Johansson commit 44c29b83de1770910b9f4d53bf78f6118da5165f Merge: 9442091 7a3cc2a Author: Olof Johansson Date: Wed Dec 7 12:35:46 2016 -0800 Merge tag 'zynq-soc-for-4.10' of https://github.com/Xilinx/linux-xlnx into next/soc arm: Xilinx Zynq patches for v4.10 - Fix dma issue * tag 'zynq-soc-for-4.10' of https://github.com/Xilinx/linux-xlnx: ARM: zynq: Reserve correct amount of non-DMA RAM Signed-off-by: Olof Johansson commit 9f793ef32fc6bf8ae8ca49e3adcdca7143553b58 Merge: b1dbf79 47d03e4 Author: Olof Johansson Date: Wed Dec 7 12:35:06 2016 -0800 Merge tag 'davinci-for-v4.10/defconfig-4' of git://git.kernel.org/pub/scm/linux/kernel/git/nsekhar/linux-davinci into next/defconfig Enable support for MUSB based USB OTG on DA850. * tag 'davinci-for-v4.10/defconfig-4' of git://git.kernel.org/pub/scm/linux/kernel/git/nsekhar/linux-davinci: ARM: davinci_all_defconfig: Enable da8xx usb otg Signed-off-by: Olof Johansson commit ca5ab37b19dfd1d77787d0474b767ec1185670f4 Author: Bjorn Helgaas Date: Tue Dec 6 14:27:59 2016 -0600 PCI: Explain ARM64 ACPI/MCFG quirk Kconfig and build strategy Add Makefile comments to explain the Kconfig and build strategy for ARM64 drivers that work around not-quite-ECAM issues. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/Makefile | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) commit dd1551b65023dbe98d1bc77e36000e7aa795e8c7 Merge: 3c10608 e4ce904 Author: Olof Johansson Date: Wed Dec 7 12:34:30 2016 -0800 Merge tag 'davinci-for-v4.10/dt-4' of git://git.kernel.org/pub/scm/linux/kernel/git/nsekhar/linux-davinci into next/dt - Add device tree nodes for pin pull-up/pull-down bias control on DA850. - Enable high speed support on DA850 MMC/SD * tag 'davinci-for-v4.10/dt-4' of git://git.kernel.org/pub/scm/linux/kernel/git/nsekhar/linux-davinci: ARM: dts: da850: enable high speed for mmc ARM: dts: da850: Add node for pullup/pulldown pinconf Signed-off-by: Olof Johansson commit 253e80651ed814cc2eab76280d5595c9d3a35aef Author: Shawn Guo Date: Sat Dec 3 20:36:40 2016 +0800 arm64: dts: zte: clean up gic-v3 redistributor properties The gic-v3 property redistributor-stride is only meant as a workaround for broken platforms that have a redistributor stride deviating what the architecture defines, i.e. 128KiB for GICv3, 256KiB for GICv4. This is not the case for ZX296718, and redistributor-stride is not really necessary. Let's drop it. Also, #redistributor-regions is only required when there is more than one such region is present. Let's remove it as well. Signed-off-by: Shawn Guo Acked-by: Marc Zyngier Signed-off-by: Olof Johansson arch/arm64/boot/dts/zte/zx296718.dtsi | 2 -- 1 file changed, 2 deletions(-) commit fe901d357895bad8b0311f86908dd674e636f0ea Author: Jun Nie Date: Thu Oct 13 20:31:20 2016 +0800 arm64: dts: zx: Fix gic GICR property GICR for multiple CPU can be described with start address and stride, or with multiple address. Current multiple address and stride are both used. Fix it. vmalloc patch 727a7f5a9 triggered this bug: [ 0.097146] Unable to handle kernel paging request at virtual address ffff000008060008 [ 0.097150] pgd = ffff000008602000 [ 0.097160] [ffff000008060008] *pgd=000000007fffe003, *pud=000000007fffd003, *pmd=000000007fffc003, *pte=0000000000000000 [ 0.097165] Internal error: Oops: 96000007 [#1] PREEMPT SMP [ 0.097170] Modules linked in: [ 0.097177] CPU: 1 PID: 0 Comm: swapper/1 Not tainted 4.8.0+ #1474 [ 0.097179] Hardware name: ZTE zx296718 evaluation board (DT) [ 0.097183] task: ffff80003e8c8b80 task.stack: ffff80003e8d0000 [ 0.097197] PC is at gic_populate_rdist+0x74/0x15c [ 0.097202] LR is at gic_starting_cpu+0xc/0x20 [ 0.097206] pc : [] lr : [] pstate: 600001c5 Signed-off-by: Jun Nie Signed-off-by: Olof Johansson arch/arm64/boot/dts/zte/zx296718.dtsi | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) commit 554d9ec7b4c3f4bd439333135882a873bd734b4e Author: Geliang Tang Date: Wed Nov 23 22:55:07 2016 +0800 PCI: spear: Use builtin_platform_driver() to simplify the code Use builtin_platform_driver() helper to simplify the code. Signed-off-by: Geliang Tang Signed-off-by: Bjorn Helgaas drivers/pci/host/pcie-spear13xx.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) commit 2f065ddb64193ebf9cd600395d4782287cd0f58e Author: Trond Myklebust Date: Wed Dec 7 12:29:26 2016 -0500 pNFS: Layoutreturn must free the layout after the layout-private data The layout-private data may depend on the layout and/or the inode still existing when it does post-processing and frees its data, so we need to free them after calling lrp->ld_private.ops->free(). This fixes a mirror list corruption issue in the flexfiles driver. Signed-off-by: Trond Myklebust fs/nfs/nfs4proc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit cb067935175ca477380806dc80bf5f0bb51f6f71 Author: Trond Myklebust Date: Tue Dec 6 12:00:51 2016 -0500 pNFS/flexfiles: Fix ff_layout_add_ds_error_locked() When we're merging an old entry into our new entry, we want to ensure that we add the list entry in the correct place. Signed-off-by: Trond Myklebust fs/nfs/flexfilelayout/flexfilelayoutdev.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 7a0566b38c518e98df2359c8c15c2b3f91a4d67e Author: NeilBrown Date: Tue Dec 6 15:50:06 2016 -0500 NFSv4: Add missing nfs_put_lock_context() Otherwise the lock context won't be freed when we're done with it. From: NeilBrown Fixes: 5bd3f817 ("NFSv4: change nfs4_select_rw_stateid to take a lock_context inplace of lock_owner") Signed-off-by: Anna Schumaker Signed-off-by: Trond Myklebust fs/nfs/nfs4proc.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit 25e3e84b183a2c25b1e8303f815a6aa5bf78358a Author: Zhang Shengju Date: Wed Dec 7 17:41:33 2016 +0800 dummy: expend mtu range for dummy device After commit 61e84623ace3 ("net: centralize net_device min/max MTU checking"), the mtu range for dummy device becomes [68, 1500]. This patch extends it to [0, 65535]. Signed-off-by: Zhang Shengju Signed-off-by: David S. Miller drivers/net/dummy.c | 3 +++ 1 file changed, 3 insertions(+) commit e82621e329b61ab8d6f0c987376512cf420ac9fe Author: Zhang Shengju Date: Wed Dec 7 17:26:05 2016 +0800 nlmon: use core MTU range checking in nlmon driver Since commit 61e84623ace3 ("net: centralize net_device min/max MTU checking"), mtu range is checked at dev_set_mtu(). This patch adds min_mtu for nlmon device and remove unnecessary ndo_change_mtu() function. Signed-off-by: Zhang Shengju Signed-off-by: David S. Miller drivers/net/nlmon.c | 20 +------------------- 1 file changed, 1 insertion(+), 19 deletions(-) commit a1f5315ce4e1700e65255c617561aa7d8f09a729 Author: Gao Feng Date: Wed Dec 7 12:23:18 2016 +0800 driver: macvlan: Remove the rcu member of macvlan_port When free macvlan_port in macvlan_port_destroy, it is safe to free directly because netdev_rx_handler_unregister could enforce one grace period. So it is unnecessary to use kfree_rcu for macvlan_port. Signed-off-by: Gao Feng Signed-off-by: David S. Miller drivers/net/macvlan.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 48140a210b450db229cc9dd927480f65537dc7eb Author: Gao Feng Date: Wed Dec 7 08:44:47 2016 +0800 driver: ipvlan: Free ipvl_port directly with kfree instead of kfree_rcu There are two functions which would free the ipvl_port now. The first is ipvlan_port_create. It frees the ipvl_port in the error handler, so it could kfree it directly. The second is ipvlan_port_destroy. It invokes netdev_rx_handler_unregister which enforces one grace period by synchronize_net firstly, so it also could kfree the ipvl_port directly and safely. So it is unnecessary to use kfree_rcu to free ipvl_port. Signed-off-by: Gao Feng Signed-off-by: David S. Miller drivers/net/ipvlan/ipvlan.h | 1 - drivers/net/ipvlan/ipvlan_main.c | 4 ++-- 2 files changed, 2 insertions(+), 3 deletions(-) commit 42db500a551f97551a901e2258f84a60baf4edfc Author: Borislav Petkov Date: Sat Nov 26 19:29:57 2016 +0100 PCI: vmd: Fix suspend handlers defined-but-not-used warning Fix the following warnings: drivers/pci/host/vmd.c:731:12: warning: ‘vmd_suspend’ defined but not used [-Wunused-function] static int vmd_suspend(struct device *dev) ^ drivers/pci/host/vmd.c:739:12: warning: ‘vmd_resume’ defined but not used [-Wunused-function] static int vmd_resume(struct device *dev) ^ Signed-off-by: Borislav Petkov Signed-off-by: Bjorn Helgaas Reviewed-by: Keith Busch drivers/pci/host/vmd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 3906b91844d603153c094f636205ec9aa5454b2f Author: Jon Derrick Date: Fri Nov 11 16:08:45 2016 -0700 PCI: vmd: Use SRCU as a local RCU to prevent delaying global RCU SRCU lets synchronize_srcu() depend on VMD-local RCU primitives, preventing long delays from locking up RCU in other systems. VMD performs a synchronize when removing a device, but will hit all IRQ lists if the device uses all VMD vectors. This patch will not help VMD's RCU synchronization, but will isolate the read side delays to the VMD subsystem. Additionally, the use of SRCU in VMD's ISR will keep it isolated from any other RCU waiters in the rest of the system. Tested using concurrent FIO and NVMe resets: [global] rw=read bs=4k direct=1 ioengine=libaio iodepth=32 norandommap timeout=300 runtime=1000000000 [nvme0] cpus_allowed=0-63 numjobs=8 filename=/dev/nvme0n1 [nvme1] cpus_allowed=0-63 numjobs=8 filename=/dev/nvme1n1 while (true) do for i in /sys/class/nvme/nvme*; do echo "Resetting ${i##*/}" echo 1 > $i/reset_controller; sleep 5 done; done Signed-off-by: Jon Derrick Signed-off-by: Bjorn Helgaas Reviewed-by: Keith Busch drivers/pci/host/Kconfig | 2 +- drivers/pci/host/vmd.c | 27 +++++++++++++++++++++------ 2 files changed, 22 insertions(+), 7 deletions(-) commit 080c25914e6db40c5d7606d22fd592ae3d8c3e59 Merge: 34c4a42 108a7c1 Author: Ingo Molnar Date: Wed Dec 7 19:16:54 2016 +0100 Merge tag 'perf-core-for-mingo-20161207' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux into perf/core Pull perf/core improvements and fixes from Arnaldo Carvalho de Melo: Improvements: - Improve error message when analyzing file with required events in 'perf sched timehist' (David Ahern) Fixes: - Force fixdep compilation to be done at the start of the build, fixing some build race conditions in high core count machines (Jiri Olsa) - Fix handling a zero sample->tid in 'perf sched timehist', as sometimes that isn't the idle thread (Namhyung Kim) Infrastructure changes: - Check minimal accepted LLVM version in its feature check, 3.9 at this time (Wang Nan) Documentation changes: - Explicitly document that --children is enabled by default (Yannick Brosseau) Signed-off-by: Arnaldo Carvalho de Melo Signed-off-by: Ingo Molnar commit ef0915cacd04c9e35be5f9d62a4e4b5b4b9bcfd1 Author: Daniel Borkmann Date: Wed Dec 7 01:15:44 2016 +0100 bpf: fix loading of BPF_MAXINSNS sized programs General assumption is that single program can hold up to BPF_MAXINSNS, that is, 4096 number of instructions. It is the case with cBPF and that limit was carried over to eBPF. When recently testing digest, I noticed that it's actually not possible to feed 4096 instructions via bpf(2). The check for > BPF_MAXINSNS was added back then to bpf_check() in cbd357008604 ("bpf: verifier (add ability to receive verification log)"). However, 09756af46893 ("bpf: expand BPF syscall with program load/unload") added yet another check that comes before that into bpf_prog_load(), but this time bails out already in case of >= BPF_MAXINSNS. Fix it up and perform the check early in bpf_prog_load(), so we can drop the second one in bpf_check(). It makes sense, because also a 0 insn program is useless and we don't want to waste any resources doing work up to bpf_check() point. The existing bpf(2) man page documents E2BIG as the official error for such cases, so just stick with it as well. Fixes: 09756af46893 ("bpf: expand BPF syscall with program load/unload") Signed-off-by: Daniel Borkmann Acked-by: Alexei Starovoitov Signed-off-by: David S. Miller kernel/bpf/syscall.c | 4 ++-- kernel/bpf/verifier.c | 3 --- 2 files changed, 2 insertions(+), 5 deletions(-) commit 90364feaf70f251533feff3f228f82df9a9f52b6 Author: Niklas Cassel Date: Tue Dec 6 14:47:15 2016 +0100 net: stmmac: do not call phy_ethtool_ksettings_set from atomic context >From what I can tell, spin_lock(&priv->lock) is not needed, since the phy_ethtool_ksettings_set call is not given the priv struct. phy_start_aneg takes the phydev->lock. Calls to phy_adjust_link from phy_state_machine also takes the phydev->lock. [ 13.718319] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:97 [ 13.726717] in_atomic(): 1, irqs_disabled(): 0, pid: 1307, name: ethtool [ 13.742115] Hardware name: Axis ARTPEC-6 Platform [ 13.746829] [<80110568>] (unwind_backtrace) from [<8010c2bc>] (show_stack+0x18/0x1c) [ 13.754575] [<8010c2bc>] (show_stack) from [<80433484>] (dump_stack+0x80/0xa0) [ 13.761801] [<80433484>] (dump_stack) from [<80145428>] (___might_sleep+0x108/0x170) [ 13.769554] [<80145428>] (___might_sleep) from [<806c9b50>] (mutex_lock+0x24/0x44) [ 13.777128] [<806c9b50>] (mutex_lock) from [<8050cbc0>] (phy_start_aneg+0x1c/0x13c) [ 13.784783] [<8050cbc0>] (phy_start_aneg) from [<8050d338>] (phy_ethtool_ksettings_set+0x98/0xd0) [ 13.793656] [<8050d338>] (phy_ethtool_ksettings_set) from [<80517adc>] (stmmac_ethtool_set_link_ksettings+0xa0/0xb4) [ 13.804184] [<80517adc>] (stmmac_ethtool_set_link_ksettings) from [<805c5138>] (ethtool_set_settings+0xd4/0x13c) [ 13.814358] [<805c5138>] (ethtool_set_settings) from [<805c9718>] (dev_ethtool+0x13c4/0x211c) [ 13.822882] [<805c9718>] (dev_ethtool) from [<805dc7c0>] (dev_ioctl+0x480/0x8e0) [ 13.830291] [<805dc7c0>] (dev_ioctl) from [<80260e34>] (do_vfs_ioctl+0x94/0xa00) [ 13.837699] [<80260e34>] (do_vfs_ioctl) from [<802617dc>] (SyS_ioctl+0x3c/0x60) [ 13.845011] [<802617dc>] (SyS_ioctl) from [<801088bc>] (__sys_trace_return+0x0/0x10) Signed-off-by: Niklas Cassel Signed-off-by: David S. Miller drivers/net/ethernet/stmicro/stmmac/stmmac_ethtool.c | 2 -- 1 file changed, 2 deletions(-) commit af099eab35c3aea52534002203f8b9c7ebdc9861 Author: Thierry Reding Date: Fri Nov 25 11:57:18 2016 +0100 arm64: tegra: Enable PCIe on Jetson TX1 Enable the x4 PCIe and M.2 Key E slots on Jetson TX1. The Key E slot is currently untested due to lack of hardware. Signed-off-by: Thierry Reding Signed-off-by: Bjorn Helgaas arch/arm64/boot/dts/nvidia/tegra210-p2371-2180.dts | 26 ++++++++++++++++++++++ 1 file changed, 26 insertions(+) commit 589a2d3f18be4c3e2169013eada35baae9b25f79 Author: Thierry Reding Date: Fri Nov 25 11:57:17 2016 +0100 arm64: tegra: Add PCIe host bridge on Tegra210 Add the PCIe host bridge found on Tegra X1. It implements two root ports that support x4 and x1 configurations, respectively. Signed-off-by: Thierry Reding Signed-off-by: Bjorn Helgaas arch/arm64/boot/dts/nvidia/tegra210.dtsi | 63 ++++++++++++++++++++++++++++++++ 1 file changed, 63 insertions(+) commit 7ac0271397ab2d389f18f4d191730dc4d4b33c11 Author: Thierry Reding Date: Fri Nov 25 11:57:16 2016 +0100 PCI: tegra: Enable the driver on 64-bit ARM The Tegra PCI host controller driver no longer relies on any of the 32-bit ARM glue for PCI, so it can be enabled on 64-bit configurations. Signed-off-by: Thierry Reding Signed-off-by: Bjorn Helgaas drivers/pci/host/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit c7a091c7627c9a76d7a5c706820cb510f6992cdf Author: Thierry Reding Date: Fri Nov 25 11:57:15 2016 +0100 PCI: tegra: Add Tegra210 support The PCIe host controller found on Tegra X1 is very similar to its predecessor on Tegra K1. A bug was introduced in the new revision that is worked around by always enabling the performance counter, otherwise accesses to configuration space will block for a number of seconds. Signed-off-by: Thierry Reding Signed-off-by: Bjorn Helgaas drivers/pci/host/pci-tegra.c | 42 ++++++++++++++++++++++++++++++++++-------- 1 file changed, 34 insertions(+), 8 deletions(-) commit 76245ca2dfa848bf044acccb5f0d1c07f6e42411 Author: Thierry Reding Date: Fri Nov 25 11:57:14 2016 +0100 PCI: tegra: Implement PCA enable workaround Tegra210's PCIe controller has a bug that requires the PCA (performance counter) feature to be enabled. If this isn't done, accesses to device configuration space will hang the chip for tens of seconds. Implement the workaround. Based on commit 514e19138af2 ("pci: tegra: implement PCA enable workaround") from U-Boot by Stephen Warren . Signed-off-by: Thierry Reding Signed-off-by: Bjorn Helgaas drivers/pci/host/pci-tegra.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) commit 528925c4394f69744b88fc6506640fa8b6e6b56b Author: Thierry Reding Date: Fri Nov 25 11:57:13 2016 +0100 dt-bindings: pci: tegra: Add Tegra210 support Add support for the PCI host controller found on Tegra210 SoCs. It is very similar to the variant found on Tegra124, with a couple of small differences regarding the power supplies. Signed-off-by: Thierry Reding Signed-off-by: Bjorn Helgaas .../bindings/pci/nvidia,tegra20-pcie.txt | 110 +++++++++++++++++++++ 1 file changed, 110 insertions(+) commit 76f254149171a93e676139b53fcc83043d55a047 Author: Arnd Bergmann Date: Fri Nov 25 11:57:12 2016 +0100 PCI: tegra: Use new pci_register_host_bridge() interface Tegra is one of the remaining platforms that still use the traditional pci_common_init_dev() interface for probing PCI host bridges. This demonstrates how to convert it to the pci_register_host interface I just added in a previous patch. This leads to a more linear probe sequence that can handle errors better because we avoid callbacks into the driver, and it makes the driver architecture independent. Signed-off-by: Arnd Bergmann Signed-off-by: Thierry Reding Signed-off-by: Bjorn Helgaas drivers/pci/host/pci-tegra.c | 105 ++++++++++++++++++++++--------------------- 1 file changed, 54 insertions(+), 51 deletions(-) commit a52d1443bba1db98907521414727eee22ae8c380 Author: Thierry Reding Date: Fri Nov 25 11:57:11 2016 +0100 PCI: Export host bridge registration interface Allow PCI host bridge drivers to use the new host bridge interfaces to register their host bridge. Signed-off-by: Thierry Reding Signed-off-by: Bjorn Helgaas drivers/pci/probe.c | 6 ++++-- include/linux/pci.h | 2 ++ 2 files changed, 6 insertions(+), 2 deletions(-) commit 5909406598d9fab58be860b72dff9409bff11653 Author: Thierry Reding Date: Fri Nov 25 11:57:10 2016 +0100 PCI: Allow driver-specific data in host bridge Provide a way to allocate driver-specific data along with a PCI host bridge structure. The bridge's ->private field points to this data. Signed-off-by: Thierry Reding Signed-off-by: Bjorn Helgaas drivers/pci/probe.c | 6 +++--- include/linux/pci.h | 11 +++++++++++ 2 files changed, 14 insertions(+), 3 deletions(-) commit 37d6a0a6f4700ad3ae7bbf8db38b4557e97b3fe4 Author: Arnd Bergmann Date: Fri Nov 25 11:57:09 2016 +0100 PCI: Add pci_register_host_bridge() interface Make the existing pci_host_bridge structure a proper device that is usable by PCI host drivers in a more standard way. In addition to the existing pci_scan_bus(), pci_scan_root_bus(), pci_scan_root_bus_msi(), and pci_create_root_bus() interfaces, this unfortunately means having to add yet another interface doing basically the same thing, and add some extra code in the initial step. However, this time it's more likely to be extensible enough that we won't have to do another one again in the future, and we should be able to reduce code much more as a result. The main idea is to pull the allocation of 'struct pci_host_bridge' out of the registration, and let individual host drivers and architecture code fill the members before calling the registration function. There are a number of things we can do based on this: * Use a single memory allocation for the driver-specific structure and the generic PCI host bridge * consolidate the contents of driver-specific structures by moving them into pci_host_bridge * Add a consistent interface for removing a PCI host bridge again when unloading a host driver module * Replace the architecture specific __weak pcibios_*() functions with callbacks in a pci_host_bridge device * Move common boilerplate code from host drivers into the generic function, based on contents of the structure * Extend pci_host_bridge with additional members when needed without having to add arguments to pci_scan_*(). * Move members of struct pci_bus into pci_host_bridge to avoid having lots of identical copies. Signed-off-by: Arnd Bergmann Signed-off-by: Thierry Reding Signed-off-by: Bjorn Helgaas drivers/pci/probe.c | 238 +++++++++++++++++++++++++++++++--------------------- include/linux/pci.h | 4 + 2 files changed, 145 insertions(+), 97 deletions(-) commit da6b21e97e39d42f90ab490ce7b54a0fe2c3fe35 Author: Krzysztof Kozlowski Date: Fri Nov 18 13:15:12 2016 +0200 ARM: Drop fixed 200 Hz timer requirement from Samsung platforms All Samsung platforms, including the Exynos, are selecting HZ_FIXED with 200 Hz. Unfortunately in case of multiplatform image this affects also other platforms when Exynos is enabled. This looks like an very old legacy code, dating back to initial upstreaming of S3C24xx. Probably it was required for s3c24xx timer driver, which was removed in commit ad38bdd15d5b ("ARM: SAMSUNG: Remove unused plat-samsung/time.c"). Since then, this fixed 200 Hz spread everywhere, including out-of-tree Samsung kernels (SoC vendor's and Tizen's). I believe this choice was rather an effect of coincidence instead of conscious choice. On S3C24xx, the PWM counter is only 16 bit wide, and with the typical 12MHz input clock that overflows every 5.5ms. This works with HZ=200 or higher but not with HZ=100 which needs a 10ms interval between ticks. On Later chips (S3C64xx, S5P and EXYNOS), the counter is 32 bits and does not have this problem. The new samsung_pwm_timer driver solves the problem by scaling the input clock by a factor of 50 on S3C24xx, which makes it less accurate but allows HZ=100 as well as CONFIG_NO_HZ with fewer wakeups. Few perf mem and sched tests on Odroid XU3 board (Exynos5422, 4x Cortex A7, 4x Cortex A15) show no regressions when switching from 200 Hz to other values. Reported-by: Lee Jones [Dropping of 200_HZ from S3C/S5P was suggested by Arnd] Reported-by: Arnd Bergmann Cc: Kukjin Kim Signed-off-by: Krzysztof Kozlowski [Tested on Exynos5800] Tested-by: Javier Martinez Canillas Acked-by: Kukjin Kim [Tested on S3C2440] Tested-by: Sylwester Nawrocki Acked-by: Lee Jones arch/arm/Kconfig | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 64e8de58c56a60702c9cfd934f7084271271a9fc Merge: d3243ae 20138cf Author: David S. Miller Date: Wed Dec 7 11:13:49 2016 -0500 Merge branch 'ti-cpts-update-and-fixes' Grygorii Strashko says: ==================== net: ethernet: ti: cpts: update and fixes It is preparation series intended to clean up and optimize TI CPTS driver to facilitate further integration with other TI's SoCs like Keystone 2. Changes in v5: - fixed copy paste error in cpts_release - reworked cc.mult/shift and cc_mult initialization Changes in v4: - fixed build error in patch "net: ethernet: ti: cpts: clean up event list if event pool is empty" - rebased on top of net-next Changes in v3: - patches reordered: fixes and small updates moved first - added comments in code about cpts->cc_mult - conversation range (maxsec) limited to 10sec Changes in v2: - patch "net: ethernet: ti: cpts: rework initialization/deinitialization" was split on 4 patches - applied comments from Richard Cochran - dropped patch "net: ethernet: ti: cpts: add return value to tx and rx timestamp funcitons" - new patches added: "net: ethernet: ti: cpts: drop excessive writes to CTRL and INT_EN regs" and "clocksource: export the clocks_calc_mult_shift to use by timestamp code" Links on prev versions: v4: https://lkml.org/lkml/2016/12/6/496 v3: https://www.spinics.net/lists/devicetree/msg153474.html v2: http://www.mail-archive.com/linux-kernel@vger.kernel.org/msg1282034.html v1: http://www.spinics.net/lists/linux-omap/msg131925.html ==================== Acked-by: Richard Cochran Signed-off-by: David S. Miller commit 20138cf9efc1a761a17839581b0130d8e4209882 Author: Grygorii Strashko Date: Tue Dec 6 18:00:45 2016 -0600 net: ethernet: ti: cpts: fix overflow check period The CPTS drivers uses 8sec period for overflow checking with assumption that CPTS retclk will not exceed 500MHz. But that's not true on some TI platforms (Kesytone 2). As result, it is possible that CPTS counter will overflow more than once between two readings. Hence, fix it by selecting overflow check period dynamically as max_sec_before_overflow/2, where max_sec_before_overflow = max_counter_val / rftclk_freq. Cc: John Stultz Cc: Thomas Gleixner Signed-off-by: Grygorii Strashko Acked-by: Richard Cochran Signed-off-by: David S. Miller drivers/net/ethernet/ti/cpts.c | 10 +++++++--- drivers/net/ethernet/ti/cpts.h | 4 +--- 2 files changed, 8 insertions(+), 6 deletions(-) commit 88f0f0b0bebfbe086dda853f591ae3a014b19e40 Author: Grygorii Strashko Date: Tue Dec 6 18:00:44 2016 -0600 net: ethernet: ti: cpts: calc mult and shift from refclk freq The cyclecounter mult and shift values can be calculated based on the CPTS rfclk frequency and timekeepnig framework provides required algos and API's. Hence, calc mult and shift basing on CPTS rfclk frequency if both cpts_clock_shift and cpts_clock_mult properties are not provided in DT (the basis of calculation algorithm is borrowed from __clocksource_update_freq_scale() commit 7d2f944a2b83 ("clocksource: Provide a generic mult/shift factor calculation")). After this change cpts_clock_shift and cpts_clock_mult DT properties will become optional. Cc: John Stultz Cc: Thomas Gleixner Signed-off-by: Grygorii Strashko Signed-off-by: David S. Miller Documentation/devicetree/bindings/net/cpsw.txt | 8 +++-- drivers/net/ethernet/ti/cpts.c | 50 ++++++++++++++++++++++---- 2 files changed, 48 insertions(+), 10 deletions(-) commit 5304121adae9fc59f4b640f82200868112edd0bd Author: Murali Karicheri Date: Tue Dec 6 18:00:43 2016 -0600 clocksource: export the clocks_calc_mult_shift to use by timestamp code The CPSW CPTS driver is capable of doing timestamping on tx/rx packets and requires to know mult and shift factors for timestamp conversion from raw value to nanoseconds (ptp clock). Now these mult and shift factors are calculated manually and provided through DT, which makes very hard to support of a lot number of platforms, especially if CPTS refclk is not the same for some kind of boards and depends on efuse settings (Keystone 2 platforms). Hence, export clocks_calc_mult_shift() to allow drivers like CPSW CPTS (and other ptp drivesr) to benefit from automaitc calculation of mult and shift factors. Cc: John Stultz Signed-off-by: Murali Karicheri Signed-off-by: Grygorii Strashko Acked-by: Thomas Gleixner Signed-off-by: David S. Miller kernel/time/clocksource.c | 1 + 1 file changed, 1 insertion(+) commit 4a88fb9565d418cf1c2bf41be7cfe156717b9c85 Author: Grygorii Strashko Date: Tue Dec 6 18:00:42 2016 -0600 net: ethernet: ti: cpts: move dt props parsing to cpts driver Move DT properties parsing into CPTS driver to simplify CPSW code and CPTS driver porting on other SoC in the future (like Keystone 2) - with this change it will not be required to add the same DT parsing code in Keystone 2 NETCP driver. Signed-off-by: Grygorii Strashko Signed-off-by: David S. Miller drivers/net/ethernet/ti/cpsw.c | 16 +--------------- drivers/net/ethernet/ti/cpsw.h | 2 -- drivers/net/ethernet/ti/cpts.c | 34 ++++++++++++++++++++++++++++++---- drivers/net/ethernet/ti/cpts.h | 5 +++-- 4 files changed, 34 insertions(+), 23 deletions(-) commit 8a2c9a5ab4b933efd611af0a1313ec7892f5df1a Author: Grygorii Strashko Date: Tue Dec 6 18:00:41 2016 -0600 net: ethernet: ti: cpts: rework initialization/deinitialization The current implementation CPTS initialization and deinitialization (represented by cpts_register/unregister()) does too many static initialization from .ndo_open(), which is reasonable to do once at probe time instead, and also require caller to allocate memory for struct cpts, which is internal for CPTS driver in general. This patch splits CPTS initialization and deinitialization on two parts: - static initializtion cpts_create()/cpts_release() which expected to be executed when parent driver is probed/removed; - dynamic part cpts_register/unregister() which expected to be executed when network device is opened/closed. As result, current code of CPTS parent driver - CPSW - will be simplified (and it also will allow simplify adding support for Keystone 2 devices in the future), plus more initialization errors will be catched earlier. In addition, this change allows to clean up cpts.h for the case when CPTS is disabled. Signed-off-by: Grygorii Strashko Signed-off-by: David S. Miller drivers/net/ethernet/ti/cpsw.c | 24 +++++----- drivers/net/ethernet/ti/cpts.c | 99 +++++++++++++++++++++++++----------------- drivers/net/ethernet/ti/cpts.h | 26 ++++++++--- 3 files changed, 92 insertions(+), 57 deletions(-) commit 2a79df3ee9679dd1433ef9baa87ec395355eb0b4 Author: Grygorii Strashko Date: Tue Dec 6 18:00:40 2016 -0600 net: ethernet: ti: cpts: drop excessive writes to CTRL and INT_EN regs CPTS module and IRQs are always enabled when CPTS is registered, before starting overflow check work, and disabled during deregistration, when overflow check work has been canceled already. So, It doesn't require to (re)enable CPTS module and IRQs in cpts_overflow_check(). Signed-off-by: Grygorii Strashko Acked-by: Richard Cochran Signed-off-by: David S. Miller drivers/net/ethernet/ti/cpts.c | 2 -- 1 file changed, 2 deletions(-) commit e4439fa838eb78b20f82665110b478018268833e Author: WingMan Kwok Date: Tue Dec 6 18:00:39 2016 -0600 net: ethernet: ti: cpts: clean up event list if event pool is empty When a CPTS user does not exit gracefully by disabling cpts timestamping and leaving a joined multicast group, the system continues to receive and timestamps the ptp packets which eventually occupy all the event list entries. When this happns, the added code tries to remove some list entries which are expired. Signed-off-by: WingMan Kwok Signed-off-by: Grygorii Strashko Signed-off-by: David S. Miller drivers/net/ethernet/ti/cpts.c | 26 ++++++++++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) commit 8fcd68914e447af006f9597a2688754517fabfe9 Author: Grygorii Strashko Date: Tue Dec 6 18:00:38 2016 -0600 net: ethernet: ti: cpts: disable cpts when unregistered The cpts now is left enabled after unregistration. Hence, disable it in cpts_unregister(). Signed-off-by: Grygorii Strashko Acked-by: Richard Cochran Signed-off-by: David S. Miller drivers/net/ethernet/ti/cpts.c | 4 ++++ 1 file changed, 4 insertions(+) commit 6c691405bcaf8f1a7413416cc757756cfb060875 Author: Grygorii Strashko Date: Tue Dec 6 18:00:37 2016 -0600 net: ethernet: ti: cpts: fix registration order The ptp clock registered before spinlock, which is protecting it, and before timecounter and cyclecounter initialization in cpts_register(). So, ensure that ptp clock is registered the last, after everything else is done. Signed-off-by: Grygorii Strashko Acked-by: Richard Cochran Signed-off-by: David S. Miller drivers/net/ethernet/ti/cpts.c | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) commit fd123a9414766e73fa704547e7f03595741b7de1 Author: Grygorii Strashko Date: Tue Dec 6 18:00:36 2016 -0600 net: ethernet: ti: cpts: fix unbalanced clk api usage in cpts_register/unregister There are two issues with TI CPTS code which are reproducible when TI CPSW ethX device passes few up/down iterations: - cpts refclk prepare counter continuously incremented after each up/down iteration; - devm_clk_get(dev, "cpts") is called many times. Hence, fix these issues by using clk_disable_unprepare() in cpts_clk_release() and skipping devm_clk_get() if cpts refclk has been acquired already. Signed-off-by: Grygorii Strashko Acked-by: Richard Cochran Signed-off-by: David S. Miller drivers/net/ethernet/ti/cpts.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) commit b63ba58ee9957261b39209f3031ff06714cf13cb Author: Grygorii Strashko Date: Tue Dec 6 18:00:35 2016 -0600 net: ethernet: ti: cpsw: minimize direct access to struct cpts This will provide more flexibility in changing CPTS internals and also required for further changes. Signed-off-by: Grygorii Strashko Signed-off-by: David S. Miller drivers/net/ethernet/ti/cpsw.c | 28 +++++++++++++++------------- drivers/net/ethernet/ti/cpts.h | 39 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 54 insertions(+), 13 deletions(-) commit c8395d4e1d4ffbc9d8aa61f534c82e8deed72cfd Author: Grygorii Strashko Date: Tue Dec 6 18:00:34 2016 -0600 net: ethernet: ti: allow cpts to be built separately TI CPTS IP is used as part of TI OMAP CPSW driver, but it's also present as part of NETCP on TI Keystone 2 SoCs. So, It's required to enable build of CPTS for both this drivers and this can be achieved by allowing CPTS to be built separately. Hence, allow cpts to be built separately and convert it to be a module as both CPSW and NETCP drives can be built as modules. Signed-off-by: Grygorii Strashko Signed-off-by: David S. Miller drivers/net/ethernet/ti/Kconfig | 2 +- drivers/net/ethernet/ti/Makefile | 3 ++- drivers/net/ethernet/ti/cpsw.c | 22 +++++++++++++++++----- drivers/net/ethernet/ti/cpts.c | 16 ++++++++-------- drivers/net/ethernet/ti/cpts.h | 18 ++++++++++++++---- 5 files changed, 42 insertions(+), 19 deletions(-) commit 391fd6caf5cfc74a15a79c1237de0a2d84dfd398 Author: Grygorii Strashko Date: Tue Dec 6 18:00:33 2016 -0600 net: ethernet: ti: cpts: switch to readl/writel_relaxed() Switch to readl/writel_relaxed() APIs, because this is recommended API and the CPTS IP is reused on Keystone 2 SoCs where LE/BE modes are supported. Signed-off-by: Grygorii Strashko Acked-by: Richard Cochran Signed-off-by: David S. Miller drivers/net/ethernet/ti/cpts.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit d3243aef98d25f5a303e8b57099a2bc9181b865e Merge: 5b8e2f6 a588e45 Author: David S. Miller Date: Wed Dec 7 10:59:27 2016 -0500 Merge branch 'bnxt_en-RDMA' Michael Chan says: ==================== bnxt_en: Add interface to support RDMA driver. This series adds an interface to support a brand new RDMA driver bnxt_re. The first step is to re-arrange some code so that pci_enable_msix() can be called during pci probe. The purpose is to allow the RDMA driver to initialize and stay initialized whether the netdev is up or down. Then we make some changes to VF resource allocation so that there is enough resources to support RDMA. Finally the last patch adds a simple interface to allow the RDMA driver to probe and register itself with any bnxt_en devices that support RDMA. Once registered, the RDMA driver can request MSIX, send fw messages, and receive some notifications. v2: Fixed kbuild test robot warnings. David, please consider this series for net-next. Thanks. ==================== Signed-off-by: David S. Miller commit a588e4580a7ecb715dab8bf09725b97aa0e0e3a0 Author: Michael Chan Date: Wed Dec 7 00:26:21 2016 -0500 bnxt_en: Add interface to support RDMA driver. Since the network driver and RDMA driver operate on the same PCI function, we need to create an interface to allow the RDMA driver to share resources with the network driver. 1. Create a new bnxt_en_dev struct which will be returned by bnxt_ulp_probe() upon success. After that, all calls from the RDMA driver to bnxt_en will pass a pointer to this struct. 2. This struct contains additional function pointers to register, request msix, send fw messages, register for async events. 3. If the RDMA driver wants to enable RDMA on the function, it needs to call the function pointer bnxt_register_device(). A ulp_ops structure is passed for RCU protected upcalls from bnxt_en to the RDMA driver. 4. The RDMA driver can call firmware APIs using the bnxt_send_fw_msg() function pointer. 5. 1 stats context is reserved when the RDMA driver registers. MSIX and completion rings are reserved when the RDMA driver calls bnxt_request_msix() function pointer. 6. When the RDMA driver calls bnxt_unregister_device(), all RDMA resources will be cleaned up. v2: Fixed 2 uninitialized variable warnings. Signed-off-by: Somnath Kotur Signed-off-by: Michael Chan Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/bnxt/Makefile | 2 +- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 41 ++- drivers/net/ethernet/broadcom/bnxt/bnxt.h | 6 + drivers/net/ethernet/broadcom/bnxt/bnxt_ulp.c | 346 ++++++++++++++++++++++++++ drivers/net/ethernet/broadcom/bnxt/bnxt_ulp.h | 93 +++++++ 5 files changed, 483 insertions(+), 5 deletions(-) commit a1653b13f14c714f9bfd5e10c603a37c3bcba7b6 Author: Michael Chan Date: Wed Dec 7 00:26:20 2016 -0500 bnxt_en: Refactor the driver registration function with firmware. The driver register function with firmware consists of passing version information and registering for async events. To support the RDMA driver, the async events that we need to register may change. Separate the driver register function into 2 parts so that we can just update the async events for the RDMA driver. Signed-off-by: Michael Chan Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/bnxt/bnxt.c | 34 ++++++++++++++++++++++++++----- drivers/net/ethernet/broadcom/bnxt/bnxt.h | 2 ++ 2 files changed, 31 insertions(+), 5 deletions(-) commit e4060d306b5196966d74e05dee48e6c3a52aaad4 Author: Michael Chan Date: Wed Dec 7 00:26:19 2016 -0500 bnxt_en: Reserve RDMA resources by default. If the device supports RDMA, we'll setup network default rings so that there are enough minimum resources for RDMA, if possible. However, the user can still increase network rings to the max if he wants. The actual RDMA resources won't be reserved until the RDMA driver registers. v2: Fix compile warning when BNXT_CONFIG_SRIOV is not set. Signed-off-by: Somnath Kotur Signed-off-by: Michael Chan Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/bnxt/bnxt.c | 58 ++++++++++++++++++++++++++++++- drivers/net/ethernet/broadcom/bnxt/bnxt.h | 9 +++++ 2 files changed, 66 insertions(+), 1 deletion(-) commit 7b08f661ab80e87dcdba7ab9a460fe2c9d08bf5b Author: Michael Chan Date: Wed Dec 7 00:26:18 2016 -0500 bnxt_en: Improve completion ring allocation for VFs. All available remaining completion rings not used by the PF should be made available for the VFs so that there are enough rings in the VF to support RDMA. The earlier workaround code of capping the rings by the statistics context is removed. When SRIOV is disabled, call a new function bnxt_restore_pf_fw_resources() to restore FW resources. Later on we need to add some logic to account for RDMA resources. Signed-off-by: Somnath Kotur Signed-off-by: Michael Chan Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/bnxt/bnxt.c | 8 +++++++- drivers/net/ethernet/broadcom/bnxt/bnxt.h | 2 +- drivers/net/ethernet/broadcom/bnxt/bnxt_sriov.c | 14 ++++---------- 3 files changed, 12 insertions(+), 12 deletions(-) commit aa8ed021ab515a93f2a052e9cc80320882889698 Author: Michael Chan Date: Wed Dec 7 00:26:17 2016 -0500 bnxt_en: Move function reset to bnxt_init_one(). Now that MSIX is enabled in bnxt_init_one(), resources may be allocated by the RDMA driver before the network device is opened. So we cannot do function reset in bnxt_open() which will clear all the resources. The proper place to do function reset now is in bnxt_init_one(). If we get AER, we'll do function reset as well. Signed-off-by: Somnath Kotur Signed-off-by: Michael Chan Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/bnxt/bnxt.c | 25 ++++++------------------- drivers/net/ethernet/broadcom/bnxt/bnxt.h | 1 - 2 files changed, 6 insertions(+), 20 deletions(-) commit 7809592d3e2ec79cd1feab0cc96169d22f6ffee1 Author: Michael Chan Date: Wed Dec 7 00:26:16 2016 -0500 bnxt_en: Enable MSIX early in bnxt_init_one(). To better support the new RDMA driver, we need to move pci_enable_msix() from bnxt_open() to bnxt_init_one(). This way, MSIX vectors are available to the RDMA driver whether the network device is up or down. Part of the existing bnxt_setup_int_mode() function is now refactored into a new bnxt_init_int_mode(). bnxt_init_int_mode() is called during bnxt_init_one() to enable MSIX. The remaining logic in bnxt_setup_int_mode() to map the IRQs to the completion rings is called during bnxt_open(). v2: Fixed compile warning when CONFIG_BNXT_SRIOV is not set. Signed-off-by: Somnath Kotur Signed-off-by: Michael Chan Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/bnxt/bnxt.c | 183 +++++++++++++++++++----------- drivers/net/ethernet/broadcom/bnxt/bnxt.h | 1 + 2 files changed, 115 insertions(+), 69 deletions(-) commit 33c2657eb688a063ab9cbe11fd4d18c93c7945e1 Author: Michael Chan Date: Wed Dec 7 00:26:15 2016 -0500 bnxt_en: Add bnxt_set_max_func_irqs(). By refactoring existing code into this new function. The new function will be used in subsequent patches. v2: Fixed compile warning when CONFIG_BNXT_SRIOV is not set. Signed-off-by: Michael Chan Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/bnxt/bnxt.c | 17 +++++++++++------ drivers/net/ethernet/broadcom/bnxt/bnxt.h | 1 + 2 files changed, 12 insertions(+), 6 deletions(-) commit b88e0ae958267dc63bea661d66c15f61ba1dd93c Author: Martin Kaiser Date: Sat Nov 19 14:03:33 2016 +0100 rtc: imxdi: (trivial) fix a typo Fix a typo Signed-off-by: Martin Kaiser Signed-off-by: Alexandre Belloni drivers/rtc/rtc-imxdi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit b99258a3151a70da9b4125f940c4dcc091df84c1 Author: Kuninori Morimoto Date: Wed Dec 7 00:28:11 2016 +0000 ASoC: rsnd: setup BRGCKR/BRRA/BRRB when starting Current rsnd driver setups BRGCKR/BRRA/BRRB when .probe timing. But it breaks sound after Suspend/Resume. These should be setups every start timing. This patch is tested on R-Car Gen3 Salvator-X board Signed-off-by: Kuninori Morimoto Tested-by: Gaku Inami Signed-off-by: Mark Brown sound/soc/sh/rcar/adg.c | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) commit c2d3171847611e8a33d3e10a9942f6c065d05c1f Author: Kuninori Morimoto Date: Wed Dec 7 00:29:02 2016 +0000 ASoC: rsnd: enable/disable ADG when suspend/resume timing Current rsnd driver enables ADG clock when .probe timing, but it breaks sound after Suspend/Resume. These should be setups every suspend/resume timing too. This patch is tested on R-Car Gen3 Salvator-X board Signed-off-by: Kuninori Morimoto Tested-by: Gaku Inami Signed-off-by: Mark Brown sound/soc/sh/rcar/adg.c | 38 ++++++++++++++++++++++++-------------- sound/soc/sh/rcar/core.c | 24 ++++++++++++++++++++++++ sound/soc/sh/rcar/rsnd.h | 3 +++ 3 files changed, 51 insertions(+), 14 deletions(-) commit 6bf66b1c35870e08359cb03c49a94e7fef529ef5 Author: Kuninori Morimoto Date: Wed Dec 7 02:05:22 2016 +0000 ASoC: rsnd: tidyup ssi->usrcnt counter check in hw_params ssi->usrcnt will be updated on snd_soc_dai_ops::trigger, but snd_pcm_ops::hw_params will be called *before* it. Thus, ssi->usrcnt is still 0 when 1st call. rsnd_ssi_hw_params() needs to check its called count, this means trigger should be if (ssi->usrcnt) instead of if (ssi->usrcnt > 1). Reported-by: Nguyen Viet Dung Signed-off-by: Kuninori Morimoto Signed-off-by: Mark Brown sound/soc/sh/rcar/ssi.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) commit 5b8e2f61b9df529ca4af057daf7bfb1de348bdf1 Author: Eric Dumazet Date: Tue Dec 6 19:32:50 2016 -0800 net: sock_rps_record_flow() is for connected sockets Paolo noticed a cache line miss in UDP recvmsg() to access sk_rxhash, sharing a cache line with sk_drops. sk_drops might be heavily incremented by cpus handling a flood targeting this socket. We might place sk_drops on a separate cache line, but lets try to avoid wasting 64 bytes per socket just for this, since we have other bottlenecks to take care of. sock_rps_record_flow() should only access sk_rxhash for connected flows. Testing sk_state for TCP_ESTABLISHED covers most of the cases for connected sockets, for a zero cost, since system calls using sock_rps_record_flow() also access sk->sk_prot which is on the same cache line. A follow up patch will provide a static_key (Jump Label) since most hosts do not even use RFS. Signed-off-by: Eric Dumazet Reported-by: Paolo Abeni Acked-by: Paolo Abeni Signed-off-by: David S. Miller include/net/sock.h | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) commit 01835fadf5eda4afdca5c0aa7a89e210ee45bec6 Author: Srikant Ritolia Date: Tue Nov 29 11:04:37 2016 +0000 rtc: ds1374: Merge conditional + WARN_ON() WARN_ON does both these things in one statement. Using a better pattern with WARN_ON(). Signed-off-by: Srikant Ritolia Signed-off-by: Alexandre Belloni drivers/rtc/rtc-ds1374.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) commit 859d8e458746f56cd8a4936b52f6fc746d3f60dc Author: Oleg Drokin Date: Tue Dec 6 23:57:40 2016 -0500 staging/lustre/o2iblnd: Fix misspelled attemps->attempts Highlighted by checkpatch: WARNING: 'attemps' may be misspelled - perhaps 'attempts'? #20278: FILE: drivers/staging/lustre/lnet/klnds/o2iblnd/o2iblnd_cb.c:3272: + * reconnection attemps. Signed-off-by: Oleg Drokin Signed-off-by: Greg Kroah-Hartman drivers/staging/lustre/lnet/klnds/o2iblnd/o2iblnd_cb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 8aff51c4fbe9b06a9a5fc886d80c8f0f22d385e9 Author: Oleg Drokin Date: Tue Dec 6 23:57:39 2016 -0500 staging/lustre/o2iblnd: Fix misspelling intialized->intialized Highlighted by checkpatch: + if (!ps->ps_net) /* intialized? */ Signed-off-by: Oleg Drokin Signed-off-by: Greg Kroah-Hartman drivers/staging/lustre/lnet/klnds/o2iblnd/o2iblnd.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 8dde06854c2e6487bfeca06608a998f79412cd4f Author: Oleg Drokin Date: Tue Dec 6 23:57:38 2016 -0500 staging/lustre: Convert all bare unsigned to unsigned int Highlighted by relatively new checkpatch test, warnings like: WARNING: Prefer 'unsigned int' to bare use of 'unsigned' Signed-off-by: Oleg Drokin Signed-off-by: Greg Kroah-Hartman drivers/staging/lustre/include/linux/lnet/lnetst.h | 6 +- .../staging/lustre/lustre/include/lprocfs_status.h | 3 +- drivers/staging/lustre/lustre/ldlm/ldlm_resource.c | 8 +- drivers/staging/lustre/lustre/llite/llite_nfs.c | 2 +- drivers/staging/lustre/lustre/llite/rw26.c | 4 +- drivers/staging/lustre/lustre/llite/xattr_cache.c | 6 +- drivers/staging/lustre/lustre/lov/lov_pool.c | 3 +- .../lustre/lustre/obdclass/lprocfs_status.c | 3 +- drivers/staging/lustre/lustre/obdclass/lu_object.c | 6 +- .../staging/lustre/lustre/obdclass/obd_config.c | 4 +- drivers/staging/lustre/lustre/osc/osc_lock.c | 2 +- drivers/staging/lustre/lustre/osc/osc_quota.c | 4 +- drivers/staging/lustre/lustre/osc/osc_request.c | 6 +- drivers/staging/lustre/lustre/ptlrpc/connection.c | 4 +- .../staging/lustre/lustre/ptlrpc/lproc_ptlrpc.c | 4 +- drivers/staging/lustre/lustre/ptlrpc/service.c | 6 +- drivers/staging/lustre/lustre/ptlrpc/wiretest.c | 92 +++++++++++----------- 17 files changed, 83 insertions(+), 80 deletions(-) commit 6b02ac34d3386a6d001869aec892f0fdf7f0dffa Author: Oleg Drokin Date: Tue Dec 6 23:57:37 2016 -0500 staging/lustre/socklnd: Fix whitespace problem checkpatch highlighted there are 8 spaces that could be converted to a tab: ERROR: code indent should use tabs where possible +^I^I^I^I^I */$ Signed-off-by: Oleg Drokin Signed-off-by: Greg Kroah-Hartman drivers/staging/lustre/lnet/klnds/socklnd/socklnd.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 8773159a97ccf2ae95f443227774f26f430fbb8a Author: Oleg Drokin Date: Tue Dec 6 23:57:36 2016 -0500 staging/lustre/o2iblnd: Add missing space checkpatch highlighted missing space before assignment for lock variable. + spinlock_t *lock= &kiblnd_data.kib_connd_lock; Signed-off-by: Oleg Drokin Signed-off-by: Greg Kroah-Hartman drivers/staging/lustre/lnet/klnds/o2iblnd/o2iblnd_cb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 4f43d8dbe634cc79c4b45cc088d066768c0359d2 Author: Oleg Drokin Date: Wed Dec 7 00:39:27 2016 -0500 staging/lustre/lnetselftest: Fix potential integer overflow It looks like if the passed in parameter is not present, but parameter length is non zero, then sanity checks on the length are skipped and lstcon_test_add() might then use incorrect allocation that's prone to integer overflow size. This patch ensures that parameter len is zero if parameter is not present. Reported-by: Dan Carpenter Signed-off-by: Oleg Drokin Signed-off-by: Greg Kroah-Hartman drivers/staging/lustre/lnet/selftest/conctl.c | 4 ++++ 1 file changed, 4 insertions(+) commit f821444508743a3e56320d0cb2b8c4603637660c Author: Linus Walleij Date: Fri Nov 25 15:16:11 2016 +0100 pinctrl: sx150x: use new nested IRQ infrastructure Use the new gpiochip_irqchip_add_nested() and gpiochip_set_nested_irqchip() calls to properly created a nested irqchip and mark all child irqs properly with their parent IRQ. Signed-off-by: Linus Walleij drivers/pinctrl/pinctrl-sx150x.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) commit 108a7c103b761309ccbd997002e8428808cf1e04 Author: Yannick Brosseau Date: Fri Dec 2 11:07:32 2016 -0500 perf tools: Explicitly document that --children is enabled by default The fact that the --children option is enabled by default is buried deep at the end of the help page, in the overhead calculation section. This make it explicit right where the option is listed, following the same way other default options are described Signed-off-by: Yannick Brosseau Cc: Namhyung Kim Cc: Peter Zijlstra Cc: kernel-team@fb.com Link: http://lkml.kernel.org/r/20161202160732.29058-1-scientist@fb.com Signed-off-by: Arnaldo Carvalho de Melo tools/perf/Documentation/perf-report.txt | 3 ++- tools/perf/Documentation/perf-top.txt | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) commit b336352b417edd8c058c9e09d136728b6e2ff56d Author: Namhyung Kim Date: Tue Dec 6 12:40:05 2016 +0900 perf sched timehist: Cleanup idle_max_cpu handling It treats the idle_max_cpu little bit confusingly IMHO. Let's make it more straight forward. Signed-off-by: Namhyung Kim Acked-by: David Ahern Cc: Andi Kleen Cc: Jiri Olsa Cc: Minchan Kim Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/20161206034010.6499-6-namhyung@kernel.org Signed-off-by: Arnaldo Carvalho de Melo tools/perf/builtin-sched.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) commit 5d92d96a947a5d0d83710d11750bb29a0c1b985d Author: Namhyung Kim Date: Tue Dec 6 12:40:03 2016 +0900 perf sched timehist: Handle zero sample->tid properly Sometimes samples have tid of 0 but non-0 pid. It ends up having a new thread of 0 tid/pid (instead of referring idle task) since tid is used to search matching task. But I guess it's wrong to use 0 as a tid when pid is set. This patch uses tid only if it has a non-zero value or same as pid (of 0). Signed-off-by: Namhyung Kim Cc: Andi Kleen Cc: David Ahern Cc: Jiri Olsa Cc: Minchan Kim Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/20161206034010.6499-4-namhyung@kernel.org Signed-off-by: Arnaldo Carvalho de Melo tools/perf/builtin-sched.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 571f1eb9b967a52732d2e1f41f1b62e27c900325 Author: Namhyung Kim Date: Tue Dec 6 12:40:02 2016 +0900 perf callchain: Introduce callchain_cursor__copy() The callchain_cursor__copy() function is to save current callchain captured by a cursor. It'll be used to keep callchains when switching to idle task for each cpu. Signed-off-by: Namhyung Kim Cc: Andi Kleen Cc: David Ahern Cc: Jiri Olsa Cc: Minchan Kim Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/20161206034010.6499-3-namhyung@kernel.org Signed-off-by: Arnaldo Carvalho de Melo tools/perf/util/callchain.c | 27 +++++++++++++++++++++++++++ tools/perf/util/callchain.h | 3 +++ 2 files changed, 30 insertions(+) commit 6fa94258ce2673adc707b2ec5668464f2cf83ed3 Author: Namhyung Kim Date: Tue Dec 6 12:40:01 2016 +0900 perf sched: Cleanup option processing The -D/--dump-raw-trace option is in the parent option so no need to repeat it. Also move -f/--force option to parent as it's common to handle data file. Signed-off-by: Namhyung Kim Acked-by: David Ahern Cc: Andi Kleen Cc: Jiri Olsa Cc: Minchan Kim Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/20161206034010.6499-2-namhyung@kernel.org Signed-off-by: Arnaldo Carvalho de Melo tools/perf/builtin-sched.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) commit f45bf8d3939d8f32f06ec12e56d2b8651c5437b4 Author: David Ahern Date: Tue Nov 29 13:39:48 2016 -0700 perf sched timehist: Improve error message when analyzing wrong file Arnaldo reported an unhelpful error message when running perf sched timehist on a file that did not contain sched tracepoints: [root@jouet ~]# perf sched timehist No trace sample to read. Did you call 'perf record -R'? [root@jouet ~]# perf evlist -v cycles:ppp: size: 112, { sample_period, sample_freq }: 4000, sample_type: IP|TID|TIME|CALLCHAIN|CPU|PERIOD, disabled: 1, inherit: 1, mmap: 1, comm: 1, freq: 1, task: 1, precise_ip: 3, sample_id_all: 1, exclude_guest: 1, mmap2: 1, comm_exec: 1 Change the has_traces check to look for the sched_switch event. Analysis for perf sched timehist requires at least this event. Now when analyzing a file without sched tracepoints you get: root@f21-vbox:/tmp$ perf sched timehist No sched_switch events found. Have you run 'perf sched record'? Signed-off-by: David Ahern Reported-and-Tested-by: Arnaldo Carvalho de Melo Acked-by: Namhyung Kim Cc: Jiri Olsa Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/1480451988-43673-1-git-send-email-dsahern@gmail.com Signed-off-by: Arnaldo Carvalho de Melo tools/perf/builtin-sched.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) commit e1a0d869d592984f8a64f1cdc6710fa74041fc47 Merge: 88979a0 35ca3f6 Author: Linus Walleij Date: Wed Dec 7 15:27:30 2016 +0100 Merge branch 'thread-irq-simpler' of /home/linus/linux-gpio into devel commit 88979a02c9808f81296edb7e68eaa10ae4e6f38c Merge: 283dc0b 6da7b0d Author: Linus Walleij Date: Wed Dec 7 15:27:23 2016 +0100 Merge branch 'pl061' of /home/linus/linux-gpio into devel commit 283dc0be75b2fd870ae32a080a568f67c9ac9a4e Author: Peter Rosin Date: Fri Dec 2 11:51:16 2016 +0100 pinctrl: sx150x: handle missing 'advanced' reg in sx1504 and sx1505 This fixes a problem where sx150x_regmap_reg_width() returns 8 for the data register (reg 0) for sx1504 where it should return 4, and return a correct 8 for sx1505 but for the wrong reason (both chips lack the 'advanced' register). This is not a real problem, since nothing depends on the function returning 4 or 8, and certainly not if it is returning 8 for the wrong reason. But fix this to avoid nasty surprises down the line. Signed-off-by: Peter Rosin Signed-off-by: Linus Walleij drivers/pinctrl/pinctrl-sx150x.c | 1 + 1 file changed, 1 insertion(+) commit c9d26f1aab007a7083f509b4be263bc904ddb0d3 Author: Peter Rosin Date: Fri Dec 2 11:51:15 2016 +0100 pinctrl: sx150x: rename 'reg_advance' to 'reg_advanced' This matches the datasheets and is less confusing since the register has nothing to with advancing anything. Signed-off-by: Peter Rosin Signed-off-by: Linus Walleij drivers/pinctrl/pinctrl-sx150x.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) commit 6c4ef627d8c458fe8880ccd2e2cd581de0d9b42f Author: Peter Rosin Date: Fri Dec 2 11:51:14 2016 +0100 pinctrl: sx150x: access the correct bits in the 4-bit regs of sx150[147] The code assumes 8-bit or 16-bit width registers, but three of the chips (sx1501/sx1504/sx1507) are 4-bit. So, try to handle 4-bit chips as well, they leave the high part of each register unused. Signed-off-by: Peter Rosin Signed-off-by: Linus Walleij drivers/pinctrl/pinctrl-sx150x.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 222ed59e8dace1c325c30dbee1b0161cf7eff2c7 Author: Chunfeng Yun Date: Wed Nov 30 10:21:31 2016 +0800 pinctrl: mt8173: set GPIO16 to usb iddig mode the default mode of GPIO16 pin is gpio, when set EINT16 to IRQ_TYPE_LEVEL_HIGH, no interrupt is triggered, it can be fixed when set its default mode as usb iddig. Signed-off-by: Chunfeng Yun Acked-by: Hongzhou Yang Signed-off-by: Linus Walleij drivers/pinctrl/mediatek/pinctrl-mtk-mt8173.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 85ae9e512f437cd09bf61564bdba29ab88bab3e3 Author: Linus Walleij Date: Mon Nov 14 18:48:19 2016 +0100 pinctrl: bcm2835: switch to GPIOLIB_IRQCHIP It should be possible to use the GPIOLIB_IRQCHIP helper library with the BCM2835 driver since it is a pretty straight forward cascaded irqchip. The only difference from other drivers is that the BCM2835 has several banks for a single gpiochip, and each bank has a separate IRQ line. Instead of creating one gpiochip per bank, a single gpiochip covers all banks GPIO lines. This makes it necessary to resolve the bank ID in the IRQ handler. The GPIOLIB_IRQCHIP allows several IRQs to be cascaded off the same gpiochip by calling gpiochip_set_chained_irqchip() repeatedly, but we have been a bit short on examples for how this should be handled in practice, so this is intended as an example of how this can be achieved. The old code did not model the chip as a chained interrupt handler, but this patch also rectifies that situation. Cc: Stephen Warren Tested-by: Stefan Wahren Tested-by: Eric Anholt Acked-by: Eric Anholt Signed-off-by: Linus Walleij drivers/pinctrl/bcm/Kconfig | 1 + drivers/pinctrl/bcm/pinctrl-bcm2835.c | 140 ++++++++++++++++------------------ 2 files changed, 65 insertions(+), 76 deletions(-) commit 1ff91f0ae3361f17e42448f6fc7181926ef21587 Author: David Lechner Date: Mon Nov 28 10:40:25 2016 -0600 pinctrl: New driver for TI DA850/OMAP-L138/AM18XX pinconf This adds a new driver for pinconf on TI DA850/OMAP-L138/AM18XX. These SoCs have a separate controller for controlling pullup/pulldown groups. Signed-off-by: David Lechner Reviewed-by: Sekhar Nori Signed-off-by: Linus Walleij drivers/pinctrl/Kconfig | 9 ++ drivers/pinctrl/Makefile | 1 + drivers/pinctrl/pinctrl-da850-pupd.c | 210 +++++++++++++++++++++++++++++++++++ 3 files changed, 220 insertions(+) commit 342030c7a29a97bb95151e787a6a347cd031b304 Author: David Lechner Date: Mon Nov 28 10:40:24 2016 -0600 devicetree: bindings: pinctrl: Add binding for ti,da850-pupd Device-tree bindings for TI DA850/OMAP-L138/AM18XX pullup/pulldown pinconf controller. Signed-off-by: David Lechner Reviewed-by: Sekhar Nori Acked-by: Rob Herring Signed-off-by: Linus Walleij .../devicetree/bindings/pinctrl/ti,da850-pupd.txt | 55 ++++++++++++++++++++++ 1 file changed, 55 insertions(+) commit 0ea66f76ba17a4b229caaadd77de694111b21769 Author: Keerthy Date: Mon Nov 28 09:31:58 2016 +0530 Documentation: pinctrl: palmas: Add ti,palmas-powerhold-override property definition GPIO7 is configured in POWERHOLD mode which has higher priority over DEV_ON bit and keeps the PMIC supplies on even after the DEV_ON bit is turned off. This property enables driver to over ride the POWERHOLD value to GPIO7 so as to turn off the PMIC in power off scenarios. Signed-off-by: Keerthy Acked-by: Rob Herring Signed-off-by: Linus Walleij Documentation/devicetree/bindings/pinctrl/pinctrl-palmas.txt | 9 +++++++++ 1 file changed, 9 insertions(+) commit 3ae02c14d964499da76b5ef4d8912710902e64f8 Author: Andy Shevchenko Date: Fri Nov 25 13:31:16 2016 +0200 pinctrl: intel: set default handler to be handle_bad_irq() We switch the default handler to be handle_bad_irq() instead of handle_simple_irq() (which was not correct anyway). Signed-off-by: Andy Shevchenko Acked-by: Mika Westerberg Signed-off-by: Linus Walleij drivers/pinctrl/intel/pinctrl-baytrail.c | 2 +- drivers/pinctrl/intel/pinctrl-intel.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) commit acf1fcf77247efa01d7213f53082451f6c9c8f3b Merge: eb485c7 35ca3f6 Author: Linus Walleij Date: Wed Dec 7 15:24:12 2016 +0100 Merge branch 'thread-irq-simpler' into devel commit eb485c7d9e6d71e4f621edb83573cb85c1d22975 Merge: 46a5c11 6da7b0d Author: Linus Walleij Date: Wed Dec 7 15:23:45 2016 +0100 Merge branch 'pl061' into devel commit 46a5c112a401163f5112911166ea78eb4bacdbc2 Author: Andy Shevchenko Date: Thu Dec 1 18:09:33 2016 +0200 gpio: merrifield: Implement gpio_get_direction callback Implement gpio_get_direction() callback for Intel Merrifield GPIO. Signed-off-by: Andy Shevchenko Signed-off-by: Linus Walleij drivers/gpio/gpio-merrifield.c | 9 +++++++++ 1 file changed, 9 insertions(+) commit e7a718f9b1c106dc7705d96cf0fe2e2f69089cf9 Author: Andy Shevchenko Date: Thu Dec 1 17:45:51 2016 +0200 gpio: merrifield: Add support for hardware debouncer By default all pins are configured to use a glitch filter. Writing 1 to the certain bit of the specific register might be useful in case someone needs to bypass the glitch filter completely for a given GPIO pin. This patch adds support for that in the Intel Merrifield GPIO driver. Signed-off-by: Andy Shevchenko Signed-off-by: Linus Walleij drivers/gpio/gpio-merrifield.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) commit f4e81c529767b9a33d1b27695c54dc84a14af30d Author: Lars-Peter Clausen Date: Wed Nov 30 13:05:21 2016 +0100 gpio: chardev: Return error for seek operations The GPIO chardev is used for management tasks (allocating line and event handles) and does neither support read() nor write() operations. Hence it does not make much sense to allow seek operations. Currently the chardev uses noop_llseek() for its seek implementation. This function does not move the pointer and simply returns the current position (always 0 for the GPIO chardev). noop_llseek() is primarily meant for devices that can not support seek, but where there might be a user that depends on the seek() operation succeeding. For newly added devices that can not support seek operations it is recommended to use no_llseek(), which will return an error. For more information see commit 6038f373a3dc ("llseek: automatically add .llseek fop"). Unfortunately this was overlooked when the GPIO chardev ABI was introduced. But it is highly unlikely that since then userspace applications have appeared that rely on being able to perform non-failing seek operations on a GPIO chardev file descriptor. So it should be safe to change from noop_llseel() to no_seek(). Also use nonseekable_open() in the chardev open() callback to clear the FMODE_SEEK, FMODE_PREAD and FMODE_PWRITE flags from the file. Neither of these should be set on a file that does not support seek operations. Cc: stable@vger.kernel.org Fixes: 3c702e9987e2 ("gpio: add a userspace chardev ABI for GPIOs") Signed-off-by: Lars-Peter Clausen Signed-off-by: Linus Walleij drivers/gpio/gpiolib.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 975acebbbcb78ce7e97ed7abf960e0b93fa3aec4 Author: Charles Keepax Date: Fri Nov 25 13:48:30 2016 +0000 gpio: arizona: Tidy up probe error path There is some unnecessary complexity in the error path which now things are converted to devm is actually very simple. This patch simplifies things. Signed-off-by: Charles Keepax Signed-off-by: Linus Walleij drivers/gpio/gpio-arizona.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) commit a3ee78ec6a5d9a86267a09de9ff27d4e0a21acca Author: Charles Keepax Date: Fri Nov 25 13:48:29 2016 +0000 gpio: arizona: Remove pointless set of platform drvdata We use the gpio chip private data in all the callbacks so remove this redundant line of code. Signed-off-by: Charles Keepax Signed-off-by: Linus Walleij drivers/gpio/gpio-arizona.c | 2 -- 1 file changed, 2 deletions(-) commit 6da7b0dd517592e12966af7ec55eecf6ebd2c589 Author: Linus Walleij Date: Fri Nov 25 11:02:19 2016 +0100 gpio: pl061: delete platform data handling Platform data is a remnant of board files and all boards using the PL061 have been migrated to use device tree or ACPI instead. The custom mechanism to set line by default as inputs/outputs has been superceded by the GPIO-internal hogging mechanism. Signed-off-by: Linus Walleij drivers/gpio/gpio-pl061.c | 41 +++-------------------------------------- 1 file changed, 3 insertions(+), 38 deletions(-) commit 562b488443f658151abc9732e1a9762e27c694a0 Author: Linus Walleij Date: Fri Nov 25 10:53:39 2016 +0100 gpio: pl061: move platform data into driver No boardfile defines any PL061 platform data anymore: the Integrator IM/PD-1 includes the file but is not making use of the struct. Let's delete the include and all references, then move the platform data into the driver for later consolidation into the driver state container. The only resource defined by the IM/PD-1 is the IRQ which is passed through the AMBA PrimeCell bus abstraction struct amba_device. Cc: arm@vger.kernel.org Cc: linux-arm-kernel@lists.infradead.org Cc: Russell King Signed-off-by: Linus Walleij arch/arm/mach-integrator/impd1.c | 1 - drivers/gpio/gpio-pl061.c | 14 +++++++++++++- include/linux/amba/pl061.h | 16 ---------------- 3 files changed, 13 insertions(+), 18 deletions(-) commit 2796325ffadda1ef149c0f51d29d2c7d4d72d556 Author: Linus Walleij Date: Fri Nov 25 10:48:40 2016 +0100 gpio: pl061: rename variable from chip to pl061 Rename the local variable "chip" referring to the struct pl061 state container to "pl061": we already have gpio_chip and irq_chip in the driver, we are needlessly adding yet another "chip" to the confusion. Signed-off-by: Linus Walleij drivers/gpio/gpio-pl061.c | 186 +++++++++++++++++++++++----------------------- 1 file changed, 93 insertions(+), 93 deletions(-) commit 538f76c566eb37f41d4406ed4c6e7ea387b7032f Author: Linus Walleij Date: Fri Nov 25 10:43:15 2016 +0100 gpio: pl061: rename state container struct The PL061 state container is named "pl061_gpio", let's rename it to simply pl061. Less is more. Signed-off-by: Linus Walleij drivers/gpio/gpio-pl061.c | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) commit 9c18be8e9342110f6ac89e5c0dc4f6380be8aaa6 Author: Linus Walleij Date: Fri Nov 25 10:41:37 2016 +0100 gpio: pl061: use local state for parent IRQ storage The driver is poking around in the struct gpio_chip internals, which is a no-no. Use a variable in the local state container. Signed-off-by: Linus Walleij drivers/gpio/gpio-pl061.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit 73c25fb139337ac4fe1695ae3c056961855594db Author: Pablo Neira Ayuso Date: Wed Dec 7 14:40:53 2016 +0100 netfilter: nft_quota: allow to restore consumed quota Allow to restore consumed quota, this is useful to restore the quota state across reboots. Signed-off-by: Pablo Neira Ayuso net/netfilter/nft_quota.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) commit b18cc3de00ec3442cf40ac60787dbe0703b99e24 Author: Sebastian Andrzej Siewior Date: Wed Dec 7 14:31:33 2016 +0100 tracing/rb: Init the CPU mask on allocation Before commit b32614c03413 ("tracing/rb: Convert to hotplug state machine") the allocated cpumask was initialized to the mask of online or possible CPUs. After the CPU hotplug changes the buffer initialization moved to trace_rb_cpu_prepare() but the cpumask is allocated with alloc_cpumask() and therefor has random content. As a consequence the cpu buffers are not initialized and a later access dereferences a NULL pointer. Use zalloc_cpumask() instead so trace_rb_cpu_prepare() initializes the buffers properly. Fixes: b32614c03413 ("tracing/rb: Convert to hotplug state machine") Reported-by: Tetsuo Handa Signed-off-by: Sebastian Andrzej Siewior Cc: rostedt@goodmis.org Link: http://lkml.kernel.org/r/20161207133133.hzkcqfllxcdi3joz@linutronix.de Signed-off-by: Thomas Gleixner kernel/trace/ring_buffer.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 35f8cc3b9a92c661e5331d64fdfdedb518891d5c Author: Gustavo Padovan Date: Tue Dec 6 15:47:17 2016 -0200 drm/fence: add drm_crtc_create_fence() Instead of dealing with crtc details inside drm_atomic.c we should just export a function that creates a new crtc fence for us and use that. Suggested-by: Chris Wilson Signed-off-by: Gustavo Padovan Reviewed-by: Daniel Vetter Link: http://patchwork.freedesktop.org/patch/msgid/1481046437-18778-1-git-send-email-gustavo@padovan.org drivers/gpu/drm/drm_atomic.c | 16 +--------------- drivers/gpu/drm/drm_crtc.c | 18 +++++++++++++++++- drivers/gpu/drm/drm_crtc_internal.h | 2 +- 3 files changed, 19 insertions(+), 17 deletions(-) commit 2c16d60332643e90d4fa244f4a706c454b8c7569 Author: Willem de Bruijn Date: Tue Dec 6 16:25:02 2016 -0500 netfilter: xt_bpf: support ebpf Add support for attaching an eBPF object by file descriptor. The iptables binary can be called with a path to an elf object or a pinned bpf object. Also pass the mode and path to the kernel to be able to return it later for iptables dump and save. Signed-off-by: Willem de Bruijn Signed-off-by: Pablo Neira Ayuso include/uapi/linux/netfilter/xt_bpf.h | 21 ++++++++ net/netfilter/xt_bpf.c | 96 +++++++++++++++++++++++++++++------ 2 files changed, 101 insertions(+), 16 deletions(-) commit 5bad87348c70bb4d36e876523aade31e9dedd2fc Author: Marcelo Ricardo Leitner Date: Fri Dec 2 07:46:38 2016 -0200 netfilter: x_tables: avoid warn and OOM killer on vmalloc call Andrey Konovalov reported that this vmalloc call is based on an userspace request and that it's spewing traces, which may flood the logs and cause DoS if abused. Florian Westphal also mentioned that this call should not trigger OOM killer. This patch brings the vmalloc call in sync to kmalloc and disables the warn trace on allocation failure and also disable OOM killer invocation. Note, however, that under such stress situation, other places may trigger OOM killer invocation. Reported-by: Andrey Konovalov Cc: Florian Westphal Signed-off-by: Marcelo Ricardo Leitner Signed-off-by: Pablo Neira Ayuso net/netfilter/x_tables.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 8411b6442e59810fe0750a2f321b9dcb7d0a3d17 Author: Pablo Neira Ayuso Date: Mon Dec 5 23:35:50 2016 +0100 netfilter: nf_tables: support for set flushing This patch adds support for set flushing, that consists of walking over the set elements if the NFTA_SET_ELEM_LIST_ELEMENTS attribute is set. This patch requires the following changes: 1) Add set->ops->deactivate_one() operation: This allows us to deactivate an element from the set element walk path, given we can skip the lookup that happens in ->deactivate(). 2) Add a new nft_trans_alloc_gfp() function since we need to allocate transactions using GFP_ATOMIC given the set walk path happens with held rcu_read_lock. Signed-off-by: Pablo Neira Ayuso include/net/netfilter/nf_tables.h | 6 ++++- net/netfilter/nf_tables_api.c | 55 ++++++++++++++++++++++++++++++++++----- net/netfilter/nft_set_hash.c | 1 + net/netfilter/nft_set_rbtree.c | 1 + 4 files changed, 56 insertions(+), 7 deletions(-) commit 37df5301a3ae903c5b1aa90cae37c6c669dfc386 Author: Pablo Neira Ayuso Date: Mon Dec 5 23:35:49 2016 +0100 netfilter: nft_set: introduce nft_{hash, rbtree}_deactivate_one() This new function allows us to deactivate one single element, this is required by the set flush command that comes in a follow up patch. Signed-off-by: Pablo Neira Ayuso net/netfilter/nft_set_hash.c | 24 +++++++++++++++++------- net/netfilter/nft_set_rbtree.c | 11 ++++++++++- 2 files changed, 27 insertions(+), 8 deletions(-) commit 1a37ef769d68d2719a9a418bd80fc42d19259b24 Author: Pablo Neira Ayuso Date: Mon Dec 5 23:35:48 2016 +0100 netfilter: nf_tables: constify struct nft_ctx * parameter in nft_trans_alloc() Context is not modified by nft_trans_alloc(), so constify it. Signed-off-by: Pablo Neira Ayuso net/netfilter/nf_tables_api.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 3189a290f98d3d3b76536ab61e9ff95751ed8124 Author: Davide Caratti Date: Mon Dec 5 15:33:57 2016 +0100 netfilter: nat: skip checksum on offload SCTP packets SCTP GSO and hardware can do CRC32c computation after netfilter processing, so we can avoid calling sctp_compute_checksum() on skb if skb->ip_summed is equal to CHECKSUM_PARTIAL. Moreover, set skb->ip_summed to CHECKSUM_NONE when the NAT code computes the CRC, to prevent offloaders from computing it again (on ixgbe this resulted in a transmission with wrong L4 checksum). Signed-off-by: Davide Caratti Signed-off-by: Pablo Neira Ayuso net/netfilter/nf_nat_proto_sctp.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit 3b760dcb0fd304873dfde9ff072a49f893c6f5c4 Author: Liping Zhang Date: Sat Dec 3 21:25:08 2016 +0800 netfilter: rpfilter: bypass ipv4 lbcast packets with zeronet source Otherwise, DHCP Discover packets(0.0.0.0->255.255.255.255) may be dropped incorrectly. Signed-off-by: Liping Zhang Acked-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso net/ipv4/netfilter/ipt_rpfilter.c | 8 +++++--- net/ipv4/netfilter/nft_fib_ipv4.c | 13 +++++++------ 2 files changed, 12 insertions(+), 9 deletions(-) commit a9fea2a3c3cf7a09b7f4302489f535477ead67d2 Author: Pablo Neira Ayuso Date: Mon Nov 28 00:06:11 2016 +0100 netfilter: nf_tables: allow to filter stateful object dumps by type This patch adds the netlink code to filter out dump of stateful objects, through the NFTA_OBJ_TYPE netlink attribute. Signed-off-by: Pablo Neira Ayuso net/netfilter/nf_tables_api.c | 50 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) commit 63aea29060025fd2732680aa48a6b97687b93af8 Author: Pablo Neira Ayuso Date: Mon Nov 28 00:06:03 2016 +0100 netfilter: nft_objref: support for stateful object maps This patch allows us to refer to stateful object dictionaries, the source register indicates the key data to be used to look up for the corresponding state object. We can refer to these maps through names or, alternatively, the map transaction id. This allows us to refer to both anonymous and named maps. Signed-off-by: Pablo Neira Ayuso include/uapi/linux/netfilter/nf_tables.h | 6 ++ net/netfilter/nf_tables_api.c | 4 ++ net/netfilter/nft_objref.c | 116 ++++++++++++++++++++++++++++++- 3 files changed, 125 insertions(+), 1 deletion(-) commit 8aeff920dcc9b3f8cf43042a76428582634d9208 Author: Pablo Neira Ayuso Date: Mon Nov 28 00:06:00 2016 +0100 netfilter: nf_tables: add stateful object reference to set elements This patch allows you to refer to stateful objects from set elements. This provides the infrastructure to create maps where the right hand side of the mapping is a stateful object. This allows us to build dictionaries of stateful objects, that you can use to perform fast lookups using any arbitrary key combination. Signed-off-by: Pablo Neira Ayuso include/net/netfilter/nf_tables.h | 9 ++++ include/uapi/linux/netfilter/nf_tables.h | 8 ++++ net/netfilter/nf_tables_api.c | 72 +++++++++++++++++++++++++++----- 3 files changed, 79 insertions(+), 10 deletions(-) commit 1896531710abcd9a961a17d0c5c6a9f537d479b6 Author: Pablo Neira Ayuso Date: Mon Nov 28 00:05:56 2016 +0100 netfilter: nft_quota: add depleted flag for objects Notify on depleted quota objects. The NFT_QUOTA_F_DEPLETED flag indicates we have reached overquota. Add pointer to table from nft_object, so we can use it when sending the depletion notification to userspace. Signed-off-by: Pablo Neira Ayuso include/net/netfilter/nf_tables.h | 2 ++ include/uapi/linux/netfilter/nf_tables.h | 1 + net/netfilter/nf_tables_api.c | 1 + net/netfilter/nft_quota.c | 36 +++++++++++++++++++++++++------- 4 files changed, 32 insertions(+), 8 deletions(-) commit b46dc033818d3293ecc49dc258e2efb603c80bd7 Author: Darrick J. Wong Date: Tue Dec 6 15:59:01 2016 -0800 ext2: reject inodes with negative size Don't load an inode with a negative size; this causes integer overflow problems in the VFS. Signed-off-by: Darrick J. Wong Signed-off-by: Jan Kara fs/ext2/inode.c | 4 ++++ 1 file changed, 4 insertions(+) commit d0a3431a7bbdf8f66d2d7a8fbf0233f3b325fcab Author: Ard Biesheuvel Date: Mon Dec 5 18:42:28 2016 +0000 crypto: arm/crc32 - accelerated support based on x86 SSE implementation This is a combination of the the Intel algorithm implemented using SSE and PCLMULQDQ instructions from arch/x86/crypto/crc32-pclmul_asm.S, and the new CRC32 extensions introduced for both 32-bit and 64-bit ARM in version 8 of the architecture. Two versions of the above combo are provided, one for CRC32 and one for CRC32C. The PMULL/NEON algorithm is faster, but operates on blocks of at least 64 bytes, and on multiples of 16 bytes only. For the remaining input, or for all input on systems that lack the PMULL 64x64->128 instructions, the CRC32 instructions will be used. Signed-off-by: Ard Biesheuvel Signed-off-by: Herbert Xu arch/arm/crypto/Kconfig | 5 + arch/arm/crypto/Makefile | 2 + arch/arm/crypto/crc32-ce-core.S | 306 ++++++++++++++++++++++++++++++++++++++++ arch/arm/crypto/crc32-ce-glue.c | 242 +++++++++++++++++++++++++++++++ 4 files changed, 555 insertions(+) commit 8fefde90e90c9f5c2770e46ceb127813d3f20c34 Author: Ard Biesheuvel Date: Mon Dec 5 18:42:27 2016 +0000 crypto: arm64/crc32 - accelerated support based on x86 SSE implementation This is a combination of the the Intel algorithm implemented using SSE and PCLMULQDQ instructions from arch/x86/crypto/crc32-pclmul_asm.S, and the new CRC32 extensions introduced for both 32-bit and 64-bit ARM in version 8 of the architecture. Two versions of the above combo are provided, one for CRC32 and one for CRC32C. The PMULL/NEON algorithm is faster, but operates on blocks of at least 64 bytes, and on multiples of 16 bytes only. For the remaining input, or for all input on systems that lack the PMULL 64x64->128 instructions, the CRC32 instructions will be used. Signed-off-by: Ard Biesheuvel Signed-off-by: Herbert Xu arch/arm64/crypto/Kconfig | 6 + arch/arm64/crypto/Makefile | 3 + arch/arm64/crypto/crc32-ce-core.S | 266 ++++++++++++++++++++++++++++++++++++++ arch/arm64/crypto/crc32-ce-glue.c | 212 ++++++++++++++++++++++++++++++ 4 files changed, 487 insertions(+) commit 1d481f1cd8925bd92387983ea1245a0ea0f16d32 Author: Ard Biesheuvel Date: Mon Dec 5 18:42:26 2016 +0000 crypto: arm/crct10dif - port x86 SSE implementation to ARM This is a transliteration of the Intel algorithm implemented using SSE and PCLMULQDQ instructions that resides in the file arch/x86/crypto/crct10dif-pcl-asm_64.S, but simplified to only operate on buffers that are 16 byte aligned (but of any size) Signed-off-by: Ard Biesheuvel Signed-off-by: Herbert Xu arch/arm/crypto/Kconfig | 5 + arch/arm/crypto/Makefile | 2 + arch/arm/crypto/crct10dif-ce-core.S | 427 ++++++++++++++++++++++++++++++++++++ arch/arm/crypto/crct10dif-ce-glue.c | 101 +++++++++ 4 files changed, 535 insertions(+) commit 6ef5737f39314907704d68719b74fcca11f4f342 Author: Ard Biesheuvel Date: Mon Dec 5 18:42:25 2016 +0000 crypto: arm64/crct10dif - port x86 SSE implementation to arm64 This is a transliteration of the Intel algorithm implemented using SSE and PCLMULQDQ instructions that resides in the file arch/x86/crypto/crct10dif-pcl-asm_64.S, but simplified to only operate on buffers that are 16 byte aligned (but of any size) Signed-off-by: Ard Biesheuvel Signed-off-by: Herbert Xu arch/arm64/crypto/Kconfig | 5 + arch/arm64/crypto/Makefile | 3 + arch/arm64/crypto/crct10dif-ce-core.S | 392 ++++++++++++++++++++++++++++++++++ arch/arm64/crypto/crct10dif-ce-glue.c | 95 ++++++++ 4 files changed, 495 insertions(+) commit d31de187acdd7758cbb07c8d7dd3293e8c2d8390 Author: Ard Biesheuvel Date: Mon Dec 5 18:42:24 2016 +0000 crypto: testmgr - add/enhance test cases for CRC-T10DIF The existing test cases only exercise a small slice of the various possible code paths through the x86 SSE/PCLMULQDQ implementation, and the upcoming ports of it for arm64. So add one that exceeds 256 bytes in size, and convert another to a chunked test. Signed-off-by: Ard Biesheuvel Signed-off-by: Herbert Xu crypto/testmgr.h | 70 +++++++++++++++++++++++++++++++++----------------------- 1 file changed, 42 insertions(+), 28 deletions(-) commit 7e4c7f17cde280079db731636175b1732be7188c Author: Ard Biesheuvel Date: Mon Dec 5 18:42:23 2016 +0000 crypto: testmgr - avoid overlap in chunked tests The IDXn offsets are chosen such that tap values (which may go up to 255) end up overlapping in the xbuf allocation. In particular, IDX1 and IDX3 are too close together, so update IDX3 to avoid this issue. Signed-off-by: Ard Biesheuvel Signed-off-by: Herbert Xu crypto/testmgr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 9a97ffd49ca9421c17ecde672a58b618d61f4f58 Author: Dan Carpenter Date: Thu Dec 1 23:49:37 2016 +0300 crypto: chcr - checking for IS_ERR() instead of NULL The create_hash_wr() function never returns error pointers. It returns NULL on error. Fixes: 358961d1cd1e ("crypto: chcr - Added new structure chcr_wr") Signed-off-by: Dan Carpenter Signed-off-by: Herbert Xu drivers/crypto/chelsio/chcr_algo.c | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) commit b80609a161f05caec677216f74188701a3b23149 Author: Marcus Folkesson Date: Mon Nov 28 12:53:28 2016 -0500 crypto: caam - check caam_emi_slow instead of re-lookup platform Signed-off-by: Marcus Folkesson Signed-off-by: Herbert Xu drivers/crypto/caam/ctrl.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 2599e98934c5ad166ad184b3682e38aadcb63fb3 Author: Pablo Neira Ayuso Date: Mon Nov 28 00:05:48 2016 +0100 netfilter: nf_tables: notify internal updates of stateful objects Introduce nf_tables_obj_notify() to notify internal state changes in stateful objects. This is used by the quota object to report depletion in a follow up patch. Signed-off-by: Pablo Neira Ayuso include/net/netfilter/nf_tables.h | 4 ++++ net/netfilter/nf_tables_api.c | 31 +++++++++++++++++++------------ 2 files changed, 23 insertions(+), 12 deletions(-) commit 43da04a593d8b2626f1cf4b56efe9402f6b53652 Author: Pablo Neira Ayuso Date: Mon Nov 28 00:05:44 2016 +0100 netfilter: nf_tables: atomic dump and reset for stateful objects This patch adds a new NFT_MSG_GETOBJ_RESET command perform an atomic dump-and-reset of the stateful object. This also comes with add support for atomic dump and reset for counter and quota objects. Signed-off-by: Pablo Neira Ayuso include/net/netfilter/nf_tables.h | 3 +- include/uapi/linux/netfilter/nf_tables.h | 2 ++ net/netfilter/nf_tables_api.c | 29 ++++++++++++----- net/netfilter/nft_counter.c | 56 +++++++++++++++++++++++++++----- net/netfilter/nft_quota.c | 18 ++++++---- 5 files changed, 85 insertions(+), 23 deletions(-) commit 795595f68d6c787028345804bb06f5a633af24a2 Author: Pablo Neira Ayuso Date: Mon Nov 28 00:05:52 2016 +0100 netfilter: nft_quota: dump consumed quota Add a new attribute NFTA_QUOTA_CONSUMED that displays the amount of quota that has been already consumed. This allows us to restore the internal state of the quota object between reboots as well as to monitor how wasted it is. This patch changes the logic to account for the consumed bytes, instead of the bytes that remain to be consumed. Signed-off-by: Pablo Neira Ayuso include/uapi/linux/netfilter/nf_tables.h | 2 ++ net/netfilter/nft_quota.c | 21 ++++++++++++++++----- 2 files changed, 18 insertions(+), 5 deletions(-) commit 048ea6dfbe94f00afe52a2403324449efb356cd6 Author: Dan Carpenter Date: Wed Dec 7 14:22:50 2016 +0300 ALSA: cs46xx: add a new line We accidentally deleted a newline so now the "nreallocated++;" statement is hanging out way off to the right of the screen. Signed-off-by: Dan Carpenter Signed-off-by: Takashi Iwai sound/pci/cs46xx/dsp_spos.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit e32eae10e589ec54679c19ca6c9d1b276e9b97cd Author: Viktor Mihajlovski Date: Thu Nov 10 14:32:59 2016 +0100 s390/sysinfo: show partition extended name and UUID if available Extract extended name and UUID from SYSIB 2.2.2 data. As the code to convert the raw extended name into printable format can be reused by stsi_2_2_2 we're moving the conversion code into a separate function convert_ext_name. Signed-off-by: Viktor Mihajlovski Reviewed-by: Heiko Carstens Signed-off-by: Martin Schwidefsky arch/s390/include/asm/sysinfo.h | 7 ++++++- arch/s390/kernel/sysinfo.c | 33 +++++++++++++++++++++------------ 2 files changed, 27 insertions(+), 13 deletions(-) commit 3282998c8010f6eb42950d628f4df980da528b75 Author: Srikant Ritolia Date: Tue Dec 6 19:39:36 2016 +0530 staging: greybus: audio_module: remove redundant OOM message All kmalloc-based functions print enough information on failure Signed-off-by: Srikant Ritolia Acked-by: Johan Hovold Acked-by: Viresh Kumar Signed-off-by: Greg Kroah-Hartman drivers/staging/greybus/audio_module.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) commit 9b33f918c0c1239719d4bc2313125d9bb59e8305 Author: Fernando Apesteguia Date: Tue Dec 6 18:07:35 2016 +0100 staging: dgnc: Fix lines longer than 80 characters For two cases (beginning and end of the patch) I opted to create small functions instead of breaking the the lines in a weird way. The other changes are simple ones: either by breaking the line when appropriate or by turning a comment into a multi-line one. Signed-off-by: Fernando Apesteguia Signed-off-by: Greg Kroah-Hartman drivers/staging/dgnc/dgnc_tty.c | 64 +++++++++++++++++++++++++---------------- 1 file changed, 39 insertions(+), 25 deletions(-) commit 1100a3b0ac4b2666ea6eb5769fad10442490792a Author: Fernando Apesteguia Date: Tue Dec 6 19:07:32 2016 +0100 staging: dgnc: fix blank line after '{' warnings. Remove blank lines between open brace and comment. Remove blank lines after comment in line with the rest of the comments of the file. Signed-off-by: Fernando Apesteguia Signed-off-by: Greg Kroah-Hartman drivers/staging/dgnc/dgnc_tty.c | 6 ------ 1 file changed, 6 deletions(-) commit 06f2eb5ff0464bcbf9a395fb9121e1ffec0ada85 Author: Gustavo Padovan Date: Tue Dec 6 16:25:53 2016 -0200 staging/android: remove Sync Framework tasks from TODO The destaging work is now fully complete. Cc: Arve Hjønnevåg Cc: Riley Andrews Signed-off-by: Gustavo Padovan Signed-off-by: Greg Kroah-Hartman drivers/staging/android/TODO | 8 -------- 1 file changed, 8 deletions(-) commit cd15dd6ef4ea11df87f717b8b1b83aaa738ec8af Author: Oleg Drokin Date: Tue Dec 6 22:53:48 2016 -0500 staging/lustre/osc: Revert erroneous list_for_each_entry_safe use I have been having a lot of unexplainable crashes in osc_lru_shrink lately that I could not see a good explanation for and then I found this patch that slip under the radar somehow that incorrectly converted while loop for lru list iteration into list_for_each_entry_safe totally ignoring that in the body of the loop we drop spinlocks guarding this list and move list entries around. Not sure why it was not showing up right away, perhaps some of the more recent LRU changes committed caused some extra pressure on this code that finally highlighted the breakage. Reverts: 8adddc36b1fc ("staging: lustre: osc: Use list_for_each_entry_safe") CC: Bhaktipriya Shridhar Signed-off-by: Oleg Drokin Cc: stable # 4.6+ Signed-off-by: Greg Kroah-Hartman drivers/staging/lustre/lustre/osc/osc_page.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 220d88eaddad3d4f128a2fbe876d968f94723f77 Author: Chunfeng Yun Date: Wed Dec 7 15:23:13 2016 +0800 usb: mtu3: fix U3 port link issue the issue is introduced when @is_u3_ip is used in mtu3_device_enabe() before initialized in mtu3_mem_alloc(), so get global IP information at first before used by following functins. Signed-off-by: Chunfeng Yun Signed-off-by: Greg Kroah-Hartman drivers/usb/mtu3/mtu3_core.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) commit c7d4abbcb19eae4cb2b4e4b1f5a0b122200c4db1 Author: Chunfeng Yun Date: Wed Dec 7 15:24:13 2016 +0800 usb: mtu3: enable auto switch from U3 to U2 inform mac2 to build U2 link automatically after U3 detect fail without software setting soft_connect. Signed-off-by: Chunfeng Yun Signed-off-by: Greg Kroah-Hartman drivers/usb/mtu3/mtu3_core.c | 2 ++ 1 file changed, 2 insertions(+) commit a444d72e609062a040ed95a50e8fccfa1d58281b Merge: 5f1c6d2 6031e73 Author: Dave Chinner Date: Wed Dec 7 17:42:30 2016 +1100 Merge branch 'xfs-4.10-misc-fixes-3' into for-next commit 6031e73a5b3f85ec45cac08ef90995b2d3f941c7 Author: Lucas Stach Date: Wed Dec 7 17:36:36 2016 +1100 xfs: use rhashtable to track buffer cache On filesystems with a lot of metadata and in metadata intensive workloads xfs_buf_find() is showing up at the top of the CPU cycles trace. Most of the CPU time is spent on CPU cache misses while traversing the rbtree. As the buffer cache does not need any kind of ordering, but fast lookups a hashtable is the natural data structure to use. The rhashtable infrastructure provides a self-scaling hashtable implementation and allows lookups to proceed while the table is going through a resize operation. This reduces the CPU-time spent for the lookups to 1/3 even for small filesystems with a relatively small number of cached buffers, with possibly much larger gains on higher loaded filesystems. [dchinner: reduce minimum hash size to an acceptable size for large filesystems with many AGs with no active use.] [dchinner: remove stale rbtree asserts.] [dchinner: use xfs_buf_map for compare function argument.] [dchinner: make functions static.] [dchinner: remove redundant comments.] Signed-off-by: Lucas Stach Signed-off-by: Dave Chinner Reviewed-by: Christoph Hellwig Signed-off-by: Dave Chinner fs/xfs/xfs_buf.c | 120 ++++++++++++++++++++++++++++++++--------------------- fs/xfs/xfs_buf.h | 2 +- fs/xfs/xfs_linux.h | 1 + fs/xfs/xfs_mount.c | 7 +++- fs/xfs/xfs_mount.h | 7 +++- 5 files changed, 85 insertions(+), 52 deletions(-) commit e6d4a636acdb784f087d6d54fc93dcc952267d47 Author: Heiko Carstens Date: Fri Dec 2 11:12:01 2016 +0100 s390/numa: pin all possible cpus to nodes early It is required to have an early static cpu to node mapping. This patch pins all possible cpus to nodes for which no topology information is present. Since there is no interface available which would allow to tell where a non-present cpu would appear topology-wise, simply use a round robin algorithm. Right now this makes sure that the cpu_to_node() function will return the same value for a cpu during the life time of the system. Acked-by: Michael Holzheu Signed-off-by: Heiko Carstens Signed-off-by: Martin Schwidefsky arch/s390/numa/mode_emu.c | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) commit 8c9105802235c28b03359d779cbd0557b7b66e70 Author: Heiko Carstens Date: Sat Dec 3 09:50:21 2016 +0100 s390/numa: establish cpu to node mapping early Initialize the cpu topology and therefore also the cpu to node mapping much earlier. Fixes this warning and subsequent crashes when using the fake numa emulation mode on s390: WARNING: CPU: 0 PID: 1 at include/linux/cpumask.h:121 select_task_rq+0xe6/0x1a8 CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.6.0-rc6-00001-ge9d867a67fd0-dirty #28 task: 00000001dd270008 ti: 00000001eccb4000 task.ti: 00000001eccb4000 Krnl PSW : 0404c00180000000 0000000000176c56 (select_task_rq+0xe6/0x1a8) R:0 T:1 IO:0 EX:0 Key:0 M:1 W:0 P:0 AS:3 CC:0 PM:0 RI:0 EA:3 Call Trace: ([<0000000000176c30>] select_task_rq+0xc0/0x1a8) ([<0000000000177d64>] try_to_wake_up+0x2e4/0x478) ([<000000000015d46c>] create_worker+0x174/0x1c0) ([<0000000000161a98>] alloc_unbound_pwq+0x360/0x438) ([<0000000000162550>] apply_wqattrs_prepare+0x200/0x2a0) ([<000000000016266a>] apply_workqueue_attrs_locked+0x7a/0xb0) ([<0000000000162af0>] apply_workqueue_attrs+0x50/0x78) ([<000000000016441c>] __alloc_workqueue_key+0x304/0x520) ([<0000000000ee3706>] default_bdi_init+0x3e/0x70) ([<0000000000100270>] do_one_initcall+0x140/0x1d8) ([<0000000000ec9da8>] kernel_init_freeable+0x220/0x2d8) ([<0000000000984a7a>] kernel_init+0x2a/0x150) ([<00000000009913fa>] kernel_thread_starter+0x6/0xc) ([<00000000009913f4>] kernel_thread_starter+0x0/0xc) Reviewed-by: Michael Holzheu Signed-off-by: Heiko Carstens Signed-off-by: Martin Schwidefsky arch/s390/include/asm/topology.h | 3 +++ arch/s390/kernel/setup.c | 1 + arch/s390/kernel/topology.c | 33 ++++++++++++++++++++++++--------- arch/s390/numa/mode_emu.c | 9 ++++----- arch/s390/numa/toptree.c | 16 ++++++++++++---- 5 files changed, 44 insertions(+), 18 deletions(-) commit 30fc4ca2a8ab508d160a917b89b7e1c27f893354 Author: Heiko Carstens Date: Fri Dec 2 10:38:37 2016 +0100 s390/topology: use cpu_topology array instead of per cpu variable CPU topology information like cpu to node mapping must be setup in setup_arch already. Topology information is currently made available with a per cpu variable; this however will not work when the initialization will be moved to setup_arch, since the generic percpu setup will be done much later. Therefore convert back to a cpu_topology array. Reviewed-by: Michael Holzheu Signed-off-by: Heiko Carstens Signed-off-by: Martin Schwidefsky arch/s390/include/asm/topology.h | 25 ++++++++++++------------- arch/s390/kernel/topology.c | 18 +++++++++--------- arch/s390/numa/mode_emu.c | 4 ++-- 3 files changed, 23 insertions(+), 24 deletions(-) commit af51160ebd3cc1c8bf0d37a48f13ac0dbe8a6e5f Author: Heiko Carstens Date: Sat Dec 3 09:48:01 2016 +0100 s390/smp: initialize cpu_present_mask in setup_arch In order to be able to setup the cpu to node mappings early it is a prerequisite to know which cpus are present. Therefore cpus must be detected much earlier than before. For sclp based cpu detection this requires yet another early sclp call, since the system is not ready to use the regular interrupt and memory allocations. Reviewed-by: Michael Holzheu Signed-off-by: Heiko Carstens Signed-off-by: Martin Schwidefsky arch/s390/include/asm/sclp.h | 10 +++++++++- arch/s390/include/asm/smp.h | 2 ++ arch/s390/kernel/setup.c | 1 + arch/s390/kernel/smp.c | 22 +++++++++------------- drivers/s390/char/sclp.h | 23 +++++++++++++++++++++++ drivers/s390/char/sclp_cmd.c | 25 +------------------------ drivers/s390/char/sclp_early.c | 31 +++++++++++++++++++++++++++++++ 7 files changed, 76 insertions(+), 38 deletions(-) commit ebb299a51059017ec253bd30781a83d1f6e11b24 Author: Heiko Carstens Date: Sat Dec 3 09:50:16 2016 +0100 s390/topology: always use s390 specific sched_domain_topology_level The s390 specific sched_domain_topology_level should always be used, not only if the machine provides topology information. Luckily this odd behaviour, that was by accident introduced with git commit d05d15da18f5 ("s390/topology: delay initialization of topology cpu masks") has currently no side effect. Fixes: d05d15da18f5 ("s390/topology: delay initialization of topology cpumasks") Signed-off-by: Heiko Carstens Signed-off-by: Martin Schwidefsky arch/s390/kernel/topology.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 5423145f8c4e885c640d12adc35c421127ed015f Author: Heiko Carstens Date: Mon Dec 5 21:18:58 2016 +0100 s390/smp: use smp_get_base_cpu() helper function Signed-off-by: Heiko Carstens Signed-off-by: Martin Schwidefsky arch/s390/kernel/smp.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 307b3114eff6ba981c8eddbce327b4a82158bfe3 Author: Heiko Carstens Date: Fri Dec 2 13:16:02 2016 +0100 s390/numa: always use logical cpu and core ids The toptree algorithm uses the physical core ids to create a mapping between cores and nodes (to_node_id array within emu_cores structure). The core ids are used as an index into an array which size depends on CONFIG_NR_CPUS. If the physical core ids are larger, this will result in out-of-bounds write accesses. Generate logical core ids instead to avoid this. Signed-off-by: Heiko Carstens Signed-off-by: Martin Schwidefsky arch/s390/include/asm/smp.h | 6 ++++++ arch/s390/numa/mode_emu.c | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) commit 11a247e376669323b0d9f56fbdb5c163c6310112 Author: Michael Holzheu Date: Tue Nov 29 13:52:01 2016 +0100 s390: Remove VLAIS in ptff() and clear_table() The ptff() and clear_table() functions use the gcc extension "variable length arrays in structures" (VLAIS) to define in the inline assembler constraints the area of the clobbered memory. This extension will most likely never be supported by LLVM/Clang. Since currently BPF programs are compiled with LLVM, this leads to the following compile errors: $ cd samples/bpf $ make In file included from /root/linux-master/samples/bpf/tracex1_kern.c:8: In file included from ./include/linux/netdevice.h:44: ... In file included from ./arch/s390/include/asm/mmu_context.h:10: ./arch/s390/include/asm/pgalloc.h:30:24: error: fields must have a constant size: 'variable length array in structure' extension will never be supported typedef struct { char _[n]; } addrtype; In file included from /root/linux-master/samples/bpf/tracex1_kern.c:7: In file included from ./include/linux/skbuff.h:18: ... In file included from ./include/linux/jiffies.h:8: In file included from ./include/linux/timex.h:65: ./arch/s390/include/asm/timex.h:105:24: error: fields must have a constant size: 'variable length array in structure' extension will never be supported typedef struct { char _[len]; } addrtype; To fix this do the following: - Convert ptff() into a macro that then uses a fixed size array when expanded. - Convert the clear_table() function and use an inline assembly with fixed size array in a loop. The runtime performance of the new version is even better than the old version (tested with EC12/z13 and gcc 4.8.5/6.2.1 with "-march=z196 -O2"). Reported-by: Zvonko Kosic Signed-off-by: Michael Holzheu Acked-by: Martin Schwidefsky Signed-off-by: Martin Schwidefsky arch/s390/include/asm/pgalloc.h | 22 +++++++++++----------- arch/s390/include/asm/timex.h | 37 ++++++++++++++++++++++--------------- 2 files changed, 33 insertions(+), 26 deletions(-) commit ce4dda3f02aca959bdd18b596513791d77b8b7e1 Author: Martin Schwidefsky Date: Fri Dec 2 13:29:22 2016 +0100 s390: fix machine check panic stack switch For system damage machine checks or machine checks due to invalid PSW fields the system will be stopped. In order to get an oops message out before killing the system the machine check handler branches to .Lmcck_panic, switches to the panic stack and then does the usual machine check handling. The switch to the panic stack is incomplete, the stack pointer in %r15 is replaced, but the pt_regs pointer in %r11 is not. The result is a program check which will kill the system in a slightly different way. Signed-off-by: Martin Schwidefsky arch/s390/kernel/entry.S | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 489a32650721b0e1e25283257cacb3a337014794 Author: Jacob Keller Date: Fri Nov 11 12:39:31 2016 -0800 i40e: move all updates for VLAN mode into i40e_sync_vsi_filters In a similar fashion to how we handled exiting VLAN mode, move the logic in i40e_vsi_add_vlan into i40e_sync_vsi_filters. Extract this logic into its own function for ease of understanding as it will become quite complex. The new function, i40e_correct_mac_vlan_filters() correctly updates all filters for when we need to enter VLAN mode, exit VLAN mode, and also enforces the PVID when assigned. Call i40e_correct_mac_vlan_filters from i40e_sync_vsi_filters passing it the number of active VLAN filters, and the two temporary lists. Remove the function for updating VLAN=0 filters from i40e_vsi_add_vlan. The end result is that the logic for entering and exiting VLAN mode is in one location which has the most knowledge about all filters. This ensures that we always correctly have the non-VLAN filters assigned to VID=0 or VID=-1 regardless of how we ended up getting to this result. Additionally this enforces the PVID at sync time so that we know for certain that an assigned PVID results in only filters with that PVID will be added to the firmware. Change-ID: I895cee81e9c92d0a16baee38bd0ca51bbb14e372 Signed-off-by: Jacob Keller Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/i40e/i40e_main.c | 214 +++++++++++++++------------- 1 file changed, 113 insertions(+), 101 deletions(-) commit 9af52f60b2d9918af6a0b7c18b08cfcdd0574a24 Author: Jacob Keller Date: Fri Nov 11 12:39:30 2016 -0800 i40e: use (add|rm)_vlan_all_mac helper functions when changing PVID The current flow for adding or updating the PVID for a VF uses i40e_vsi_add_vlan and i40e_vsi_kill_vlan which each take, then release the hash lock. In addition the two functions also must take special care that they do not perform VLAN mode changes as this will make the code in i40e_ndo_set_vf_port_vlan behave incorrectly. Fix these issues by using the new helper functions i40e_add_vlan_all_mac and i40e_rm_vlan_all_mac which expect the hash lock to already be taken. Additionally these functions do not perform any state updates in regards to VLAN mode, so they are safe to use in the PVID update flow. It should be noted that we don't need the VLAN mode update code here, because there are only a few flows here. (a) we're adding a new PVID In this case, if we already had VLAN filters the VSI is knocked offline so we don't need to worry about pre-existing VLAN filters (b) we're replacing an existing PVID In this case, we can't have any VLAN filters except those with the old PVID which we already take care of manually. (c) we're removing an existing PVID Similarly to above, we can't have any existing VLAN filters except those with the old PVID which we already take care of correctly. Because of this, we do not need (or even want) the special accounting done in i40e_vsi_add_vlan, so use of the helpers is a saner alternative. It also opens the door for a future patch which will refactor the flow of i40e_vsi_add_vlan now that it is not needed in this function. Change-ID: Ia841f63da94e12b106f41cf7d28ce8ce92f2ad99 Signed-off-by: Jacob Keller Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/i40e/i40e.h | 2 + drivers/net/ethernet/intel/i40e/i40e_main.c | 4 +- drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 43 ++++++++++++++-------- 3 files changed, 32 insertions(+), 17 deletions(-) commit 490a4ad3a7c5d0943e648f97815e6cb677f1f8eb Author: Jacob Keller Date: Fri Nov 11 12:39:29 2016 -0800 i40e: factor out addition/deletion of VLAN per each MAC address A future refactor of how the PF assigns a PVID to a VF will want to be able to add and remove a block of filters by VLAN without worrying about accidentally triggering the accounting for I40E_VLAN_ANY. Additionally the PVID assignment would like to be able to batch several changes under one use of the mac_filter_hash_lock. Factor out the addition and deletion of a VLAN on all MACs into their own function which i40e_vsi_(add|kill)_vlan can use. These new functions expect the caller to take the hash lock, as well as perform any necessary accounting for updating I40E_VLAN_ANY filters if we are now operating under VLAN mode. Change-ID: If79e5b60b770433275350a74b3f1880333a185d5 Signed-off-by: Jacob Keller Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/i40e/i40e_main.c | 68 +++++++++++++++++++++++------ 1 file changed, 55 insertions(+), 13 deletions(-) commit 756970255a58c0f5ff9f9c5bba6fb47c70804077 Author: Jacob Keller Date: Fri Nov 11 12:39:28 2016 -0800 i40e: delete filter after adding its replacement when converting Fix a subtle issue with the code for converting VID=-1 filters into VID=0 filters when adding a new VLAN. Previously the code deleted the VID=-1 filter, and then added a new VID=0 filter. In the rare case that the addition fails due to -ENOMEM, we end up completely deleting the filter which prevents recovery if memory pressure subsides. While it is not strictly an issue because it is likely that memory issues would result in many other problems, we shouldn't delete the filter until after the addition succeeds. Change-ID: Icba07ddd04ecc6a3b27c2e29f2c1c8673d266826 Signed-off-by: Jacob Keller Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/i40e/i40e_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit ac9e239014413e483abadba7722cfc1672302738 Author: Jacob Keller Date: Fri Nov 11 12:39:27 2016 -0800 i40e: refactor i40e_update_filter_state to avoid passing aq_err The current caller of i40e_update_filter_state incorrectly passes aq_ret, an i40e_status variable, instead of the expected aq_err. This happens to work because i40e_status is actually just a typedef integer, and 0 is still the successful return. However i40e_update_filter_state has special handling for ENOSPC which is currently being ignored. Also notice that firmware does not update the per-filter response for many types of errors, such as EINVAL. Thus, modify the filter setup so that the firmware response memory is pre-set with I40E_AQC_MM_ERR_NO_RES. This enables us to refactor i40e_update_filter_state, removing the need to pass aq_err and avoiding a need for having 3 different flows for checking the filter state. The resulting code for i40e_update_filter_state is much simpler, only a single loop and we always check each filter response value every time. Since we pre-set the response value to match our expected error this correctly works for all success and error flows. Change-ID: Ie292c9511f34ee18c6ef40f955ad13e28b7aea7d Signed-off-by: Jacob Keller Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/i40e/i40e_main.c | 58 +++++++++++------------------ 1 file changed, 21 insertions(+), 37 deletions(-) commit 38326218acce336d99cd128a11ecc69f6512f8e4 Author: Jacob Keller Date: Fri Nov 11 12:39:26 2016 -0800 i40e: recalculate vsi->active_filters from hash contents Previous code refactors have accidentally caused issues with the counting of active_filters. Avoid similar issues in the future by simply re-counting the active filters every time after we handle add and delete of all the filters. Additionally this allows us to simplify the check for when we exit promiscuous mode since we can combine the check for failed filters at the same time. Additionally since we recount filters at the end we need to set vsi->promisc_threshold as well. The resulting code takes a bit longer since we do have to loop over filters again. However, the result is more readable and less likely to become incorrect due to failed accounting of filters in the future. Finally, this ensures that it is not possible for vsi->active_filters to ever underflow since we never decrement it. Change-ID: Ib4f3a377e60eb1fa6c91ea86cc02238c08edd102 Signed-off-by: Jacob Keller Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/i40e/i40e_main.c | 52 ++++++++++++++++------------- 1 file changed, 29 insertions(+), 23 deletions(-) commit 1e28e861c0c5ed33a9d9cd2745f3980912e1890f Author: Jacob Keller Date: Fri Nov 11 12:39:25 2016 -0800 i40e: defeature support for PTP L4 frame detection on XL710 A product decision has been made to defeature detection of PTP frames over L4 (UDP) on the XL710 MAC. Do not advertise support for L4 timestamping. Change-ID: I41fbb0f84ebb27c43e23098c08156f2625c6ee06 Signed-off-by: Jacob Keller Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/i40e/i40e.h | 1 + drivers/net/ethernet/intel/i40e/i40e_ethtool.c | 15 +++++++++++++-- drivers/net/ethernet/intel/i40e/i40e_main.c | 3 ++- drivers/net/ethernet/intel/i40e/i40e_ptp.c | 21 +++++++++++++++------ 4 files changed, 31 insertions(+), 9 deletions(-) commit 910890338399258af210685210760bc0cc82a5dd Author: Mitch Williams Date: Mon Nov 21 13:03:51 2016 -0800 i40e: lock service task correctly The service task lock was being set in the scheduling function, not the actual service task. This would potentially leave the bit set for a long time before the task actually ran. Furthermore, if the service task takes too long, it calls the schedule function to reschedule itself - which would fail to take the lock and do nothing. Instead, set and clear the lock bit in the service task itself. In the process, get rid of the i40e_service_event_complete() function, which is really just two lines of code that can be put right in the service task itself. Change-ID: I83155e682b686121e2897f4429eb7d3f7c669168 Signed-off-by: Mitch Williams Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/i40e/i40e_main.c | 24 +++++++----------------- 1 file changed, 7 insertions(+), 17 deletions(-) commit f62ba91458b508c957f3e0f98f5c2a72633badcb Author: Michal Kosiarz Date: Mon Nov 21 13:03:50 2016 -0800 i40e: Add functions which apply correct PHY access method for read and write operation Depending on external PHY type, register access method should be different. Clause22 or Clause45 can be chosen for different PHYs. Implemented functions apply correct access method for used device. Change-ID: If39d5f0da9c0b905a8cbdc1ab89885535e7d0426 Signed-off-by: Michal Kosiarz Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/i40e/i40e_common.c | 72 ++++++++++++++++++++++ drivers/net/ethernet/intel/i40e/i40e_prototype.h | 4 ++ drivers/net/ethernet/intel/i40evf/i40e_prototype.h | 4 ++ 3 files changed, 80 insertions(+) commit 60f000a4d839a8f850fb2154aa26dc3f552a4667 Author: Carolyn Wyborny Date: Mon Nov 21 13:03:49 2016 -0800 i40e: Add FEC for 25g This patch adds adminq support for Forward Error Correction ("FEC")for 25g products. Change-ID: Iaff4910737c239d2c730e5c22a313ce9c37d3964 Signed-off-by: Carolyn Wyborny Signed-off-by: Mitch Williams Signed-off-by: Jacek Naczyk Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/i40e/i40e_adminq_cmd.h | 25 ++++++++++++++++++++-- drivers/net/ethernet/intel/i40e/i40e_common.c | 2 ++ .../net/ethernet/intel/i40evf/i40e_adminq_cmd.h | 25 ++++++++++++++++++++-- 3 files changed, 48 insertions(+), 4 deletions(-) commit 3123237af59e91a416380c4871464e94794c072c Author: Carolyn Wyborny Date: Mon Nov 21 13:03:48 2016 -0800 i40e: Add support for 25G devices Add support for 25G devices - defines and data structures. One tricky part here is that the firmware support for these Devices introduces a mismatch between the PHY type enum and the bitfields for the phy types. This change creates a macro and uses it to increment the 25G PHY values when creating 25G bitfields. Change-ID: I69b24d837d44cf9220bf5cb8dd46c5be89ce490b Signed-off-by: Carolyn Wyborny Signed-off-by: Mitch Williams Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/i40e/i40e_adminq_cmd.h | 30 +++++++- drivers/net/ethernet/intel/i40e/i40e_common.c | 11 ++- drivers/net/ethernet/intel/i40e/i40e_devids.h | 2 + drivers/net/ethernet/intel/i40e/i40e_ethtool.c | 26 ++++++- drivers/net/ethernet/intel/i40e/i40e_main.c | 6 +- drivers/net/ethernet/intel/i40e/i40e_type.h | 82 +++++++++++++--------- drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 3 + .../net/ethernet/intel/i40evf/i40e_adminq_cmd.h | 30 +++++++- drivers/net/ethernet/intel/i40evf/i40e_common.c | 2 + drivers/net/ethernet/intel/i40evf/i40e_devids.h | 2 + drivers/net/ethernet/intel/i40evf/i40e_type.h | 82 +++++++++++++--------- drivers/net/ethernet/intel/i40evf/i40evf_ethtool.c | 8 +++ .../net/ethernet/intel/i40evf/i40evf_virtchnl.c | 3 + 13 files changed, 208 insertions(+), 79 deletions(-) commit 5951cf9495bcd2d6beee8c9e5b08671b7e540e4f Author: Jacob Keller Date: Mon Nov 21 13:03:47 2016 -0800 i40e: use unsigned printf format specifier for active_filters count Replace the %d specifier used for printing vsi->active_filters and vsi->promisc_threshold with an unsigned %u format specifier. While it is unlikely in practice that these values will ever reach such a large number they are unsigned values and thus should not be interpreted as negative numbers. Change-ID: Iff050fad5a1c8537c4c57fcd527441cd95cfc0d4 Signed-off-by: Jacob Keller Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/i40e/i40e_debugfs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 360238693d2bc93fb6ff73146ed358e84fe67961 Author: Bimmy Pujari Date: Tue Nov 8 13:05:19 2016 -0800 Changed version from 1.6.21 to 1.6.25 Signed-off-by: Bimmy Pujari Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/i40e/i40e_main.c | 2 +- drivers/net/ethernet/intel/i40evf/i40evf_main.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) commit 4f9b4307543567b69d03806932c61dcda7f62ca0 Author: Henry Tieman Date: Tue Nov 8 13:05:18 2016 -0800 i40e: Blink LED on 1G BaseT boards Before this patch "ethtool -p" was not blinking the LEDs on boards with 1G BaseT PHYs. This commit identifies 1G BaseT boards as having the LEDs connected to the MAC. Also, renamed the flag to be more descriptive of usage. The flag is now I40E_FLAG_PHY_CONTROLS_LEDS. Change-ID: I4eb741da9780da7849ddf2dc4c0cb27ffa42a801 Signed-off-by: Henry Tieman Signed-off-by: Harshitha Ramamurthy Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/i40e/i40e.h | 2 +- drivers/net/ethernet/intel/i40e/i40e_ethtool.c | 10 +++++----- drivers/net/ethernet/intel/i40e/i40e_main.c | 4 ++-- 3 files changed, 8 insertions(+), 8 deletions(-) commit 3c7cbd45bca8ad34c66327c919fc76e0dfee90fe Author: Jacob Keller Date: Tue Nov 8 13:05:17 2016 -0800 i40e: remove code to handle dev_addr specially The netdev->dev_addr MAC filter already exists in the MAC/VLAN hash table, as it is added when we configure the netdev in i40e_configure_netdev. Because we already know that this address will be updated in the hash_for_each loops, we do not need to handle it specially. This removes duplicate code and simplifies the i40e_vsi_add_vlan and i40e_vsi_kill_vlan functions. Because we know these filters must be part of the MAC/VLAN hash table, this should not have any functional impact on what filters are included and is merely a code simplification. Change-ID: I5e648302dbdd7cc29efc6d203b7019c11f0b5705 Signed-off-by: Jacob Keller Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/i40e/i40e_main.c | 43 +++++------------------------ 1 file changed, 7 insertions(+), 36 deletions(-) commit 6beb84a73ec5dbd051005068c130195f77e78cfc Author: Alexander Duyck Date: Tue Nov 8 13:05:16 2016 -0800 i40e/i40evf: napi_poll must return the work done Currently the function i40e_napi-poll() returns 0 when it clean completely the Rx rings, but this foul budget accounting in core code. Fix this by returning the actual work done, capped to budget - 1, since the core doesn't allow to return the full budget when the driver modifies the NAPI status This is based on a similar change that was made for the ixgbe driver by Paolo Abeni. Change-ID: Ic3d93ad2fa2fc8ce3164bc461e69367da0f9173b Signed-off-by: Alexander Duyck Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/i40e/i40e_txrx.c | 2 +- drivers/net/ethernet/intel/i40evf/i40e_txrx.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) commit 1596b5ddbf25c3dd05aed208ea0bb57eac1c5524 Author: Jacob Keller Date: Tue Nov 8 13:05:15 2016 -0800 i40e: restore workaround for removing default MAC filter A previous commit 53cb6e9e8949 ("i40e: Removal of workaround for simple MAC address filter deletion") removed a workaround for some firmware versions which was reported to not be necessary in production NICs. Unfortunately this workaround is necessary in some configurations, specifically the Ethernet Controller XL710 for 40GbE QSFP+ (8086:1583). Without this patch, the mentioned NICs with current firmware exhibit issues when adding VLANs, as outlined by the following reproduction: $modprobe i40e $ip link set up $ip link add link vlan100 type vlan id 100 $dmesg | tail kernel: i40e 0000:82:00.0: Error I40E_AQ_RC_EINVAL adding RX filters on PF, promiscuous mode forced on This results in filters being marked as FAILED and setting the device in promiscuous mode. The root cause of receiving the -EINVAL error response appears to be due to a conflict with the default MAC filter which still exists on the default firmware for this device. Attempting to add a new VLAN filter on the default MAC address conflicts with the IGNORE_VLAN setting on the default rule. Change-ID: I4d8f6d48ac5f60cfe981b3baad30eb4d7c170d61 Signed-off-by: Jacob Keller Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/i40e/i40e_main.c | 41 +++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) commit 4293d5f528b5a0a1b0c1b0c6eb522366822a965a Author: Mitch Williams Date: Tue Nov 8 13:05:14 2016 -0800 i40e: simplify txd use count calculation The i40e_txd_use_count function was fast but confusing. In the comments, it even admits that it's ugly. So replace it with a new function that is (very) slightly faster and has extensive commenting to help the thicker among us (including the author, who will forget in a week) understand how it works. Change-ID: Ifb533f13786a0bf39cb29f77969a5be2c83d9a87 Signed-off-by: Mitch Williams Signed-off-by: Alexander Duyck Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/i40e/i40e_txrx.h | 45 +++++++++++++++++---------- drivers/net/ethernet/intel/i40evf/i40e_txrx.h | 45 +++++++++++++++++---------- 2 files changed, 56 insertions(+), 34 deletions(-) commit 7ec9ba11b046b4b7fd768c366870ada60d409295 Author: Filip Sadowski Date: Tue Nov 8 13:05:13 2016 -0800 i40e: Driver prints log message on link speed change This patch makes the driver log link speed change. Before applying the patch link messages were printed only on state change. Now message is printed when link is brought up or down and when speed changes. Change-ID: Ifbee14b4b16c24967450b3cecac6e8351dcc8f74 Signed-off-by: Filip Sadowski Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/i40e/i40e.h | 1 + drivers/net/ethernet/intel/i40e/i40e_main.c | 6 +++++- 2 files changed, 6 insertions(+), 1 deletion(-) commit d4aea20d889e05575bb331a3dadf176176f7d631 Author: Andrey Konovalov Date: Thu Dec 1 10:34:40 2016 +0100 tun: Use netif_receive_skb instead of netif_rx This patch changes tun.c to call netif_receive_skb instead of netif_rx when a packet is received (if CONFIG_4KSTACKS is not enabled to avoid stack exhaustion). The difference between the two is that netif_rx queues the packet into the backlog, and netif_receive_skb proccesses the packet in the current context. This patch is required for syzkaller [1] to collect coverage from packet receive paths, when a packet being received through tun (syzkaller collects coverage per process in the process context). As mentioned by Eric this change also speeds up tun/tap. As measured by Peter it speeds up his closed-loop single-stream tap/OVS benchmark by about 23%, from 700k packets/second to 867k packets/second. A similar patch was introduced back in 2010 [2, 3], but the author found out that the patch doesn't help with the task he had in mind (for cgroups to shape network traffic based on the original process) and decided not to go further with it. The main concern back then was about possible stack exhaustion with 4K stacks. [1] https://github.com/google/syzkaller [2] https://www.spinics.net/lists/netdev/thrd440.html#130570 [3] https://www.spinics.net/lists/netdev/msg130570.html Signed-off-by: Andrey Konovalov Acked-by: Jason Wang Acked-by: Michael S. Tsirkin Signed-off-by: David S. Miller drivers/net/tun.c | 6 ++++++ 1 file changed, 6 insertions(+) commit 8f34a548718ebb4becb4f829800552c48284ce9e Author: zain wang Date: Wed Dec 7 08:57:33 2016 +0800 drm/bridge: analogix: Don't return -EINVAL when panel doesn't support PSR We will ignored PSR setting if panel not support it. So, in this case, we should return from analogix_dp_enable/disable_psr() without any error code. Let's retrun 0 instead of -EINVAL when panel not support PSR in analogix_dp_enable/disable_psr(). Signed-off-by: zain wang Signed-off-by: Archit Taneja Link: http://patchwork.freedesktop.org/patch/msgid/1481072253-8917-1-git-send-email-wzz@rock-chips.com drivers/gpu/drm/bridge/analogix/analogix_dp_core.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit d10d0198708f3e17d10a83accb450f2ecba82883 Merge: c63d352 99d8d21 Author: David S. Miller Date: Tue Dec 6 21:46:58 2016 -0500 Merge branch 'w83977af_ir-neatening' Joe Perches says: ==================== irda: w83977af_ir: Neatening Originally on top of Arnd's overly long udelay patches because I noticed a misindented block. That's now already fixed along with some other whitespace problems. These patches are the remainder style issues from my original series. Even though I haven't turned on the netwinder in a box in the garage in who knows how long, if this device is still used somewhere, might as well neaten the code too. ==================== Signed-off-by: David S. Miller commit 99d8d2159d7c8ecefe1ac37c661cfe8863151ded Author: Joe Perches Date: Tue Dec 6 10:16:06 2016 -0800 irda: w83977af_ir: Neaten logging Use more common logging style, standardize function output logging use. Miscellanea: o Add and use pr_fmt o Convert printks to pr_ Signed-off-by: Joe Perches Signed-off-by: David S. Miller drivers/net/irda/w83977af_ir.c | 56 ++++++++++++++++++++---------------------- 1 file changed, 27 insertions(+), 29 deletions(-) commit 646bf0926d8e9a465abada2ae7c43cd8e1bafdaf Author: Joe Perches Date: Tue Dec 6 10:16:05 2016 -0800 irda: w83977af_ir: Parenthesis alignment Neaten function declaration and definition arguments. Signed-off-by: Joe Perches Signed-off-by: David S. Miller drivers/net/irda/w83977af_ir.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit ae9e736b32a92d9a6f95ba0d25fb2666e3367953 Author: Joe Perches Date: Tue Dec 6 10:16:04 2016 -0800 irda: w83977af_ir: Use the common brace style Add braces where appropriate and remove an unnecessary else. Signed-off-by: Joe Perches Signed-off-by: David S. Miller drivers/net/irda/w83977af_ir.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) commit c947164698cd425103d4e332e67f1dc5d85e826d Author: Joe Perches Date: Tue Dec 6 10:16:03 2016 -0800 irda: w83977af_ir: Neaten pointer comparisons Convert pointer comparisons to NULL. Signed-off-by: Joe Perches Signed-off-by: David S. Miller drivers/net/irda/w83977af_ir.c | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) commit 47fda1a7669969c2a43d5918eb5e355973820363 Author: Joe Perches Date: Tue Dec 6 10:16:02 2016 -0800 irda: w83977af_ir: Remove and add blank lines Use a more typical vertical spacing style. Signed-off-by: Joe Perches Signed-off-by: David S. Miller drivers/net/irda/w83977af_ir.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) commit 8a3fb40d6bb46a04fba1bd085bc062e93e3a8d06 Author: Joe Perches Date: Tue Dec 6 10:16:01 2016 -0800 irda: w83977af_ir: More whitespace neatening Add spaces around operators. git diff -w shows no differences. Signed-off-by: Joe Perches Signed-off-by: David S. Miller drivers/net/irda/w83977af_ir.c | 230 ++++++++++++++++++++--------------------- 1 file changed, 115 insertions(+), 115 deletions(-) commit 352019c858c27e32bf50a6885850ec20571f6e9e Author: Joe Perches Date: Tue Dec 6 10:16:00 2016 -0800 irda: w83977af_ir: Whitespace neatening Remove leading and trailing whitespace. git diff -w shows no differences. Signed-off-by: Joe Perches Signed-off-by: David S. Miller drivers/net/irda/w83977af_ir.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit c63d352f053a788281eb90df0a71cd3a6b2c4040 Merge: 862b3d2 bc3913a Author: David S. Miller Date: Tue Dec 6 21:33:19 2016 -0500 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net commit e3f4358e234edeb8fa28226387026fce72e454c1 Merge: 96893e1 e44dde2 Author: Stephen Boyd Date: Wed Nov 30 14:38:00 2016 -0800 Merge tag 'v4.10-rockchip-clk2' of git://git.kernel.org/pub/scm/linux/kernel/git/mmind/linux-rockchip into clk-next Pull rockchip clk driver updates from Heiko Stuebner: A new clock controller for the rk1108 soc (single-core Cortex-A7+DSP), a fix making sure the cpuclk rate is actually valid, before trying to set it and a copy-paste fix for the rk3399's testclk. * tag 'v4.10-rockchip-clk2' of git://git.kernel.org/pub/scm/linux/kernel/git/mmind/linux-rockchip: clk: rockchip: add clock controller for rk1108 dt-bindings: add documentation for rk1108 cru clk: rockchip: add dt-binding header for rk1108 clk: rockchip: fix copy-paste error in rk3399 testclk clk: rockchip: validity should be checked prior to cpu clock rate change commit ff9d646017b9c7aaa5e33ef62d608309bb9fd91e Author: Huang Rui Date: Tue Aug 2 11:17:56 2016 +0800 drm/amdgpu: update golden setting of tonga Signed-off-by: Huang Rui Reviewed-by: Alex Deucher Reviewed-by: Ken Wang Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c | 1 + 1 file changed, 1 insertion(+) commit 5a23f2720589ec4757bc62183902d2518f02026e Author: Alex Deucher Date: Mon Dec 5 12:31:14 2016 -0500 drm/amdgpu/si: load the proper firmware on 0x87 oland boards New variant. Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org drivers/gpu/drm/amd/amdgpu/si_dpm.c | 1 + 1 file changed, 1 insertion(+) commit ce66cb1e9cbf91fcb216de64a0fe65aa17f97bc1 Author: Alex Deucher Date: Mon Dec 5 12:27:52 2016 -0500 drm/amdgpu: add additional pci revision to dpm workaround New variant. Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org drivers/gpu/drm/amd/amdgpu/si_dpm.c | 1 + 1 file changed, 1 insertion(+) commit abb2e3c1ce64c8bba678973800c34ea1dc97c42c Author: Alex Deucher Date: Fri Dec 2 00:23:35 2016 -0500 drm/radeon/si: load the proper firmware on 0x87 oland boards New variant. Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org drivers/gpu/drm/radeon/si.c | 1 + 1 file changed, 1 insertion(+) commit 8729675c00a8d13cb2094d617d70a4a4da7d83c5 Author: Alex Deucher Date: Fri Dec 2 00:21:48 2016 -0500 drm/radeon: add additional pci revision to dpm workaround New variant. Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org drivers/gpu/drm/radeon/si_dpm.c | 1 + 1 file changed, 1 insertion(+) commit e9efaaa047b1aebda27b5b65f17c752eb079e51b Author: Xiangliang Yu Date: Wed Nov 30 14:07:16 2016 +0800 drm/amd/powerplay: Fix potential NULL pointer issue If doesn't enable dpm, the powerplay will not allocate memory for hw management. So, hw_init_power_state_table function will reference NULL pointer when resetting. Signed-off-by: Xiangliang Yu Reviewed-by: Rex Zhu Reviewed-by: Alex Deucher Acked-by: Christian König Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org drivers/gpu/drm/amd/powerplay/amd_powerplay.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 84f3f05b44327b7517086ae048f4131ec175e7b5 Author: Xiangliang Yu Date: Wed Nov 30 10:54:18 2016 +0800 drm/amdgpu: Don't touch GFX hw during HW fini For SR-IOV client, driver shouldn't touch the GFX hw during HW fini, otherwise, gfx will fail to start after rebooting guest os. Signed-off-by: shaoyunl Signed-off-by: Xiangliang Yu Reviewed-by: Alex Deucher Reviewed-by: Monk Liu Acked-by: Christian König Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c | 4 ++++ 1 file changed, 4 insertions(+) commit c7fac7dc1d5d1f0cee346952628d53422c0bc3b7 Author: Xiangliang Yu Date: Fri Dec 2 11:21:28 2016 +0800 drm/amd/powerplay: Adjust the position of data size initial Put the initial part close to memory allocate, it will make code more clear. Signed-off-by: Xiangliang Yu Reviewed-by: Alex Deucher Acked-by: Christian König Signed-off-by: Alex Deucher drivers/gpu/drm/amd/powerplay/smumgr/smu7_smumgr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit e224e4f17dc89b2c9d12ad146083653142209f8e Author: Xiangliang Yu Date: Fri Dec 2 11:15:41 2016 +0800 drm/amd/powerplay: Ignore smu buffer usage SMU buffer is used for power feature, but for virtualization, the power is controlled by hypervisor. Ignore it. Signed-off-by: Xiangliang Yu Signed-off-by: Monk Liu Reviewed-by: Alex Deucher Acked-by: Christian König Signed-off-by: Alex Deucher drivers/gpu/drm/amd/powerplay/smumgr/smu7_smumgr.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) commit ed91dd49ba194abdcc99145ef233ac62f444f5a0 Author: Xiangliang Yu Date: Tue Nov 29 16:53:52 2016 +0800 drm/amd/powerplay: cut digest part For virtualization, FW size need to cut its digest part. Signed-off-by: Frank Min Signed-off-by: Monk Liu Signed-off-by: Xiangliang Yu Reviewed-by: Alex Deucher Acked-by: Christian König Signed-off-by: Alex Deucher drivers/gpu/drm/amd/powerplay/smumgr/smu7_smumgr.c | 4 ++++ 1 file changed, 4 insertions(+) commit aeab20320569c6098f025c667d95ece3617b5288 Author: Xiangliang Yu Date: Tue Nov 29 16:57:32 2016 +0800 drm/amdgpu: drop redundant vi_mqd define Vi_structs.h has defined vi_mqd, drop redundant vi_mqd define. Signed-off-by: Monk Liu Signed-off-by: Xiangliang Yu Reviewed-by: Alex Deucher Acked-by: Christian König Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c | 266 +--------------------------------- 1 file changed, 3 insertions(+), 263 deletions(-) commit 47e50d5c0d1347b3ab66d2270a45adc200fca31a Author: Flora Cui Date: Fri Dec 2 16:51:20 2016 +0800 drm/amdgpu: fix gtt available page num accounting Signed-off-by: Flora Cui Reviewed-by: Hawking Zhang Reviewed-by: Christian König Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/amdgpu_gtt_mgr.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) commit 10e2ca346bf74561ff1b7fff6287716ab976cd8c Author: Hawking Zhang Date: Thu Dec 1 17:14:45 2016 +0800 drm/amd/powerplay: bypass fan table setup if no fan connected If vBIOS noFan bit is set, the fan table parameters in thermal controller will not get initialized. The driver should avoid to use these uninitialized parameter to do calculation. Otherwise, it may trigger divide 0 error. Signed-off-by: Hawking Zhang Reviewed-by: Alex Deucher Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org drivers/gpu/drm/amd/powerplay/smumgr/fiji_smc.c | 6 ++++++ drivers/gpu/drm/amd/powerplay/smumgr/iceland_smc.c | 6 ++++++ drivers/gpu/drm/amd/powerplay/smumgr/polaris10_smc.c | 6 ++++++ drivers/gpu/drm/amd/powerplay/smumgr/tonga_smc.c | 6 ++++++ 4 files changed, 24 insertions(+) commit 1cd99a8d97c90e04d526d843f2be950f6e4e3bd2 Author: Alex Xie Date: Wed Nov 30 17:19:40 2016 -0500 drm/amd/amdgpu: validate the shadow BO. Fixes a rare NULL pointer dereference in amdgpu_ttm_bind. The issue was found by Nicolai Haehnle. The patch was tested by Nicolai Haehnle. Signed-off-by: Alex Xie Reviewed-by: Chunming Zhou Reviewed-by: Christian König Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit f5f857f45d3371d032f016dd9f123a93bdf3eefc Author: Rex Zhu Date: Tue Nov 29 18:33:19 2016 +0800 drm/amd/powerplay: disable cg pg task when pp uninitialize. fix bug on uvd pg enabled, when reboot vm in pass through case, we need to notify smu power up uvd/vce if they were power down. otherwise, the vbios post will fail. Signed-off-by: Rex Zhu Reviewed-by: Alex Deucher Signed-off-by: Alex Deucher drivers/gpu/drm/amd/powerplay/eventmgr/eventtasks.c | 2 +- drivers/gpu/drm/amd/powerplay/hwmgr/hardwaremanager.c | 13 +++++++++++++ drivers/gpu/drm/amd/powerplay/inc/hardwaremanager.h | 1 + 3 files changed, 15 insertions(+), 1 deletion(-) commit 8201a67a49a048953c8af60cc0d5ceb4a5db26f1 Author: Rex Zhu Date: Thu Nov 24 21:44:44 2016 +0800 drm/amdgpu: no need to ungate uvd/vce clock when fini. Signed-off-by: Rex Zhu Reviewed-by: Alex Deucher Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) commit 6b16cf7785a4200b1bddf4f70c9dda2efc49e278 Author: Michel Dänzer Date: Thu Oct 27 14:54:31 2016 +0900 drm/radeon: Hide the HW cursor while it's out of bounds Fixes hangs in that case under some circumstances. v2: * Only use non-0 x/yorigin if the cursor is (partially) outside of the top/left edge of the total surface with AVIVO/DCE Bugzilla: https://bugzilla.suse.com/show_bug.cgi?id=1000433 Cc: stable@vger.kernel.org Signed-off-by: Michel Dänzer Reviewed-by: Alex Deucher (v1) Signed-off-by: Alex Deucher drivers/gpu/drm/radeon/radeon_cursor.c | 60 ++++++++++++++++++++++++---------- drivers/gpu/drm/radeon/radeon_mode.h | 1 + 2 files changed, 43 insertions(+), 18 deletions(-) commit 4349bd775cc8fd75cb648e3a2036a690f497de5c Author: Michel Dänzer Date: Thu Oct 27 15:37:44 2016 +0900 drm/radeon: Always store CRTC relative radeon_crtc->cursor_x/y values We were storing viewport relative coordinates for AVIVO/DCE display engines. However, radeon_crtc_cursor_set2 and radeon_cursor_reset pass radeon_crtc->cursor_x/y as the x/y parameters of radeon_cursor_move_locked, which would break if the CRTC isn't located at (0, 0). Cc: stable@vger.kernel.org Signed-off-by: Michel Dänzer Reviewed-by: Alex Deucher Signed-off-by: Alex Deucher drivers/gpu/drm/radeon/radeon_cursor.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit dcab0fa64e300afa18f39cd98d05e0950f652adf Author: Michel Dänzer Date: Thu Oct 27 13:03:23 2016 +0900 drm/radeon: Also call cursor_move_locked when the cursor size changes The cursor size also affects the register programming. Cc: stable@vger.kernel.org Signed-off-by: Michel Dänzer Reviewed-by: Alex Deucher Signed-off-by: Alex Deucher drivers/gpu/drm/radeon/radeon_cursor.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) commit 7c83d7abc9997cf1efac2c0ce384b5e8453ee870 Author: Michel Dänzer Date: Thu Oct 27 17:44:07 2016 +0900 drm/amdgpu: Only update the CUR_SIZE register when necessary Normally only necessary when the cursor size changes. Signed-off-by: Michel Dänzer Reviewed-by: Alex Deucher Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/dce_v10_0.c | 22 +++++++++++++++------- drivers/gpu/drm/amd/amdgpu/dce_v11_0.c | 22 +++++++++++++++------- drivers/gpu/drm/amd/amdgpu/dce_v6_0.c | 18 ++++++++++++++---- drivers/gpu/drm/amd/amdgpu/dce_v8_0.c | 20 +++++++++++++++----- 4 files changed, 59 insertions(+), 23 deletions(-) commit 8b02cde994e3025b6886c82eac6cd1e7bc4d1fe9 Author: Michel Dänzer Date: Thu Oct 27 17:01:26 2016 +0900 drm/amdgpu: Also call cursor_move_locked when the cursor size changes The cursor size also affects the register programming. Cc: stable@vger.kernel.org Signed-off-by: Michel Dänzer Reviewed-by: Alex Deucher Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/dce_v10_0.c | 9 +++++---- drivers/gpu/drm/amd/amdgpu/dce_v11_0.c | 9 +++++---- drivers/gpu/drm/amd/amdgpu/dce_v6_0.c | 9 +++++---- drivers/gpu/drm/amd/amdgpu/dce_v8_0.c | 9 +++++---- 4 files changed, 20 insertions(+), 16 deletions(-) commit 8e57ec613df7d6bfa8ffe7512290c5415ebb8657 Author: Michel Dänzer Date: Thu Oct 27 17:11:43 2016 +0900 drm/amdgpu: Store CRTC relative amdgpu_crtc->cursor_x/y values We were storing viewport relative coordinates. However, crtc_cursor_set2 and cursor_reset pass amdgpu_crtc->cursor_x/y as the x/y parameters of cursor_move_locked, which would break if the CRTC isn't located at (0, 0). Cc: stable@vger.kernel.org Signed-off-by: Michel Dänzer Reviewed-by: Alex Deucher Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/dce_v10_0.c | 6 +++--- drivers/gpu/drm/amd/amdgpu/dce_v11_0.c | 6 +++--- drivers/gpu/drm/amd/amdgpu/dce_v6_0.c | 5 +++-- drivers/gpu/drm/amd/amdgpu/dce_v8_0.c | 6 +++--- 4 files changed, 12 insertions(+), 11 deletions(-) commit dd31ae9ac933636c3712b7dd0f6152c1d71f81fe Author: Arindam Nath Date: Fri Nov 25 16:55:16 2016 +0530 drm/amd/amdgpu: enable GUI idle INT after enabling CGCG GUI idle interrupts should be enabled only after we have enabled coarse grain clock gating (CGCG). This prevents GFX engine generating idle interrupt even though CGCG is not completely enabled. Most of the time this goes un-noticed, but on some Stoney ASICs this results in GFX engine hang after system resumes from suspend. The issue is not particular to Stoney though and could have occured on any ASIC. The patch fixes this issue. Reviewed-by: Alex Deucher Reported-by: Sunil Uttarwar Signed-off-by: Arindam Nath Signed-off-by: Alex Deucher Cc: stable@vger.kernel.org drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) commit ecc2cf7cc8baa1fdb73a7bb9495f6befbcac8cd8 Author: Maruthi Srinivas Bayyavarapu Date: Thu Nov 17 17:29:50 2016 +0530 drm/amdgpu: enable VCE clockgating in Polaris-10/11 VCE clocks are set to be disabled, when not in use. Signed-off-by: Maruthi Bayyavarapu Reviewed-by: Alex Deucher Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/vce_v3_0.c | 2 +- drivers/gpu/drm/amd/amdgpu/vi.c | 6 ++++-- 2 files changed, 5 insertions(+), 3 deletions(-) commit ddbc2594cc90bcc6f4c7bb2b47e52801ea4968c1 Author: Rex Zhu Date: Fri Nov 25 19:23:06 2016 +0800 drm/amdgpu: fix CI bug uvd status not true in debugfs. can't get uvd's state by uvd_enabled. uvd_enabled is used for request higher mclk. in multi-display case, mclk has been in highest clock, no matter uvd's state changed, uvd_enabled will not be changed. Signed-off-by: Rex Zhu Reviewed-by: Alex Deucher Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/ci_dpm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 188a301fd7f890cdd5e9adec0db41e254bc90bb9 Author: Xiangliang Yu Date: Thu Nov 24 16:28:46 2016 +0800 drm/amdgpu: remove error message when loading driver Forget to check UCODE_ID_STORAGE case and will cause to print error message when loading driver, correct it. Signed-off-by: Xiangliang Yu Reviewed-by: Alex Deucher Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/amdgpu_cgs.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit 7047391fababb8e3302aa3886fe93ff7bcd61d70 Author: Xiangliang Yu Date: Sun Nov 20 23:00:26 2016 +0800 drm/amd/powerplay: fix firmware loading failure For virtualization, firmware loading need the firmware version info, and will load the right firmware. So, transfer fw_version to toc. Signed-off-by: Frank Min Signed-off-by: Monk Liu Signed-off-by: Xiangliang Yu Reviewed-by: Alex Deucher Signed-off-by: Alex Deucher drivers/gpu/drm/amd/powerplay/smumgr/smu7_smumgr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 3c3a7e616c02cbf0ffcd5888ceffb24e7ac73ad6 Author: Rex Zhu Date: Wed Nov 23 18:09:22 2016 +0800 drm/amdgpu: fix bug mclk can't change on Polaris the root cause is we gate the clock to uvd vcpu. mclk's change should need the response from uvd if it is power on. Signed-off-by: Rex Zhu Acked-by: Christian König Reviewed-by: Alex Deucher Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/uvd_v5_0.c | 6 ++++-- drivers/gpu/drm/amd/amdgpu/uvd_v6_0.c | 5 ++++- 2 files changed, 8 insertions(+), 3 deletions(-) commit 805b3ba87dfa7273567aed6e9c730e9b89b450d7 Author: Rex Zhu Date: Wed Nov 9 14:26:16 2016 +0800 drm/amdgpu: refine uvd 6.0 clock gate feature. Signed-off-by: Rex Zhu Reviewed-by: Alex Deucher Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/uvd_v6_0.c | 112 ++++++++++++++++++++++++++++------ 1 file changed, 92 insertions(+), 20 deletions(-) commit ad3b961423217eb96c436dc7973a81506444f7e5 Author: Alex Deucher Date: Tue Nov 15 17:33:09 2016 -0500 drm/amdgpu/gfx8: move eop programming per queue It's per queue not per pipe. Reviewed-by: Christian König Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/gfx_v8_0.c | 49 ++++++++++++++--------------------- 1 file changed, 19 insertions(+), 30 deletions(-) commit 70b5c5aae57c1625b15dd2e63ecc40b8805b1ec0 Author: Alex Deucher Date: Tue Nov 15 16:55:53 2016 -0500 Revert "drm/amdgpu: use the kernel zone memory size as the max remote memory in amdgpu" This reverts commit a693e050edfe794fea81d7cfe72429a406aa380b. This breaks on systems with huge amounts of system memory as we do not have enough vram to store the page tables. Additionally, this is less of an issue with the recent gtt manager changes. Reviewed-by: Christian König Signed-off-by: Alex Deucher drivers/gpu/drm/amd/amdgpu/amdgpu.h | 2 -- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 12 +++++------- drivers/gpu/drm/amd/amdgpu/gmc_v6_0.c | 7 +------ drivers/gpu/drm/amd/amdgpu/gmc_v7_0.c | 7 +------ drivers/gpu/drm/amd/amdgpu/gmc_v8_0.c | 7 +------ 5 files changed, 8 insertions(+), 27 deletions(-) commit bed570307ed78f21b77cb04a1df781dee4a8f05a Author: Tony Lindgren Date: Mon Dec 5 16:38:16 2016 -0800 PM / wakeirq: Fix dedicated wakeirq for drivers not using autosuspend I noticed some wakeirq flakeyness with consumer drivers not using autosuspend. For drivers not using autosuspend, the wakeirq may never get unmasked in rpm_suspend() because of irq desc->depth. We are configuring dedicated wakeirqs to start with IRQ_NOAUTOEN as we naturally don't want them running until rpm_suspend() is called. However, when a consumer driver initially calls pm_runtime_get(), we now wrongly start with disable_irq_nosync() call on the dedicated wakeirq that is disabled to start with. This causes desc->depth to toggle between 1 and 2 instead of the usual 0 and 1. This can prevent enable_irq() from unmasking the wakeirq as that only happens at desc->depth 1. This does not necessarily show up with drivers using autosuspend as there is time for disable_irq_nosync() before rpm_suspend() gets called after the autosuspend timeout. Let's fix the issue by adding wirq->status that lazily gets set on the first rpm_suspend(). We also need PM runtime core private functions for dev_pm_enable_wake_irq_check() and dev_pm_disable_wake_irq_check() so we can enable the dedicated wakeirq on the first rpm_suspend(). While at it, let's also fix the comments for dev_pm_enable_wake_irq() and dev_pm_disable_wake_irq(). Those can still be used by the consumer drivers as needed because the IRQ core manages the interrupt usecount for us. Fixes: 4990d4fe327b (PM / Wakeirq: Add automated device wake IRQ handling) Signed-off-by: Tony Lindgren Signed-off-by: Rafael J. Wysocki drivers/base/power/power.h | 19 ++++++++++- drivers/base/power/runtime.c | 8 ++--- drivers/base/power/wakeirq.c | 76 ++++++++++++++++++++++++++++++++++++++------ 3 files changed, 88 insertions(+), 15 deletions(-) commit 2fb65f09c2c6eaba5fcf848aa615f4837d540576 Author: Andy Shevchenko Date: Fri Dec 2 19:42:47 2016 +0200 ACPI / osl: Refactor acpi_os_get_root_pointer() to drop 'else':s There are few 'else' keywords which are redundant in acpi_os_get_root_pointer(). Refactor function to get rid of them. While here, switch to pr_err() instead of printk(KERN_ERR ...). Signed-off-by: Andy Shevchenko Signed-off-by: Rafael J. Wysocki drivers/acpi/osl.c | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) commit 5dcb9ca8403c31f4a9a6e21b0057be3bdefb7414 Author: Andy Shevchenko Date: Fri Dec 2 19:42:46 2016 +0200 ACPI / osl: Propagate actual error code for kstrtoul() There is no need to override the error code returned by kstrtoul(). Propagate it directly to the caller. Signed-off-by: Andy Shevchenko Signed-off-by: Rafael J. Wysocki drivers/acpi/osl.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) commit 598da548ef78927c6e8a6baeed8072fa9db74ff1 Author: Lina Iyer Date: Thu Nov 3 14:54:35 2016 -0700 PM / Domains: Fix compatible for domain idle state Re-using idle state definition provided by arm,idle-state for domain idle states creates a lot of confusion and limits further evolution of the domain idle definition. To keep things clear and simple, define a idle states for domain using a new compatible "domain-idle-state". Fix existing PM domains code to look for the newly defined compatible. Signed-off-by: Lina Iyer Reviewed-by: Ulf Hansson Reviewed-by: Sudeep Holla Signed-off-by: Rafael J. Wysocki .../bindings/power/domain-idle-state.txt | 33 ++++++++++++++++++++++ .../devicetree/bindings/power/power_domain.txt | 8 +++--- drivers/base/power/domain.c | 2 +- 3 files changed, 38 insertions(+), 5 deletions(-) commit c97d22e68bfedfacb9e752dee536c69916ae0933 Author: Pablo Neira Ayuso Date: Mon Nov 28 00:05:38 2016 +0100 netfilter: nf_tables: add stateful object reference expression This new expression allows us to refer to existing stateful objects from rules. Signed-off-by: Pablo Neira Ayuso include/uapi/linux/netfilter/nf_tables.h | 14 ++++ net/netfilter/Kconfig | 6 ++ net/netfilter/Makefile | 1 + net/netfilter/nft_objref.c | 112 +++++++++++++++++++++++++++++++ 4 files changed, 133 insertions(+) commit 173705d9a2df1490478bf0d39f1b517bd489c8fa Author: Pablo Neira Ayuso Date: Mon Nov 28 00:04:43 2016 +0100 netfilter: nft_quota: add stateful object type Register a new quota stateful object type into the new stateful object infrastructure. Signed-off-by: Pablo Neira Ayuso include/uapi/linux/netfilter/nf_tables.h | 1 + net/netfilter/nft_quota.c | 96 +++++++++++++++++++++++++++----- 2 files changed, 84 insertions(+), 13 deletions(-) commit b1ce0ced101ee134c5d0bbb378b2c3cadc617f20 Author: Pablo Neira Ayuso Date: Mon Nov 28 00:04:36 2016 +0100 netfilter: nft_counter: add stateful object type Register a new percpu counter stateful object type into the stateful object infrastructure. Signed-off-by: Pablo Neira Ayuso include/uapi/linux/netfilter/nf_tables.h | 1 + net/netfilter/nft_counter.c | 140 +++++++++++++++++++++++++------ 2 files changed, 114 insertions(+), 27 deletions(-) commit e50092404c1bc7aaeb0a0f4077fa6f07b073a20f Author: Pablo Neira Ayuso Date: Mon Nov 28 00:04:32 2016 +0100 netfilter: nf_tables: add stateful objects This patch augments nf_tables to support stateful objects. This new infrastructure allows you to create, dump and delete stateful objects, that are identified by a user-defined name. This patch adds the generic infrastructure, follow up patches add support for two stateful objects: counters and quotas. This patch provides a native infrastructure for nf_tables to replace nfacct, the extended accounting infrastructure for iptables. Signed-off-by: Pablo Neira Ayuso include/net/netfilter/nf_tables.h | 79 +++++ include/uapi/linux/netfilter/nf_tables.h | 29 ++ net/netfilter/nf_tables_api.c | 516 +++++++++++++++++++++++++++++++ 3 files changed, 624 insertions(+) commit 3bf3276119455bd0fc7a7e31be2823118e613842 Author: Florian Westphal Date: Mon Nov 28 11:40:06 2016 +0100 netfilter: add and use nf_fwd_netdev_egress ... so we can use current skb instead of working with a clone. Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso include/net/netfilter/nf_dup_netdev.h | 1 + net/netfilter/nf_dup_netdev.c | 33 +++++++++++++++++++++++++-------- net/netfilter/nft_fwd_netdev.c | 4 ++-- 3 files changed, 28 insertions(+), 10 deletions(-) commit df122f58b834b24c27d7e2ac02a4910d3e56f6ae Author: Florian Westphal Date: Mon Nov 28 11:40:05 2016 +0100 netfilter: ingress: translate 0 nf_hook_slow retval to -1 The caller assumes that < 0 means that skb was stolen (or free'd). All other return values continue skb processing. nf_hook_slow returns 3 different return value types: A) a (negative) errno value: the skb was dropped (NF_DROP, e.g. by iptables '-j DROP' rule). B) 0. The skb was stolen by the hook or queued to userspace. C) 1. all hooks returned NF_ACCEPT so the caller should invoke the okfn so packet processing can continue. nft ingress facility currently doesn't have the 'okfn' that the NF_HOOK() macros use; there is no nfqueue support either. So 1 means that nf_hook_ingress() caller should go on processing the skb. In order to allow use of NF_STOLEN from ingress we need to translate this to an errno number, else we'd crash because we continue with already-free'd (or about to be free-d) skb. The errno value isn't checked, its just important that its less than 0, so return -1. Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso include/linux/netfilter_ingress.h | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) commit 1ed9887ee31a38f265124c963f8e5b8a1ffb02e3 Author: Gao Feng Date: Fri Nov 25 12:32:07 2016 +0800 netfilter: xt_multiport: Fix wrong unmatch result with multiple ports I lost one test case in the last commit for xt_multiport. For example, the rule is "-m multiport --dports 22,80,443". When first port is unmatched and the second is matched, the curent codes could not return the right result. It would return false directly when the first port is unmatched. Fixes: dd2602d00f80 ("netfilter: xt_multiport: Use switch case instead of multiple condition checks") Signed-off-by: Gao Feng Signed-off-by: Pablo Neira Ayuso net/netfilter/xt_multiport.c | 26 +++++++++++++++++++------- 1 file changed, 19 insertions(+), 7 deletions(-) commit 1814096980bbe546c4384b7b064126cbe7d40d30 Author: Pablo Neira Ayuso Date: Thu Nov 24 12:04:55 2016 +0100 netfilter: nft_payload: layer 4 checksum adjustment for pseudoheader fields This patch adds a new flag that signals the kernel to update layer 4 checksum if the packet field belongs to the layer 4 pseudoheader. This implicitly provides stateless NAT 1:1 that is useful under very specific usecases. Since rules mangling layer 3 fields that are part of the pseudoheader may potentially convey any layer 4 packet, we have to deal with the layer 4 checksum adjustment using protocol specific code. This patch adds support for TCP, UDP and ICMPv6, since they include the pseudoheader in the layer 4 checksum calculation. ICMP doesn't, so we can skip it. Signed-off-by: Pablo Neira Ayuso include/net/netfilter/nf_tables_core.h | 1 + include/uapi/linux/netfilter/nf_tables.h | 6 ++ net/netfilter/nft_payload.c | 107 +++++++++++++++++++++++++++++-- 3 files changed, 109 insertions(+), 5 deletions(-) commit e0ffdbc78d84e1da090f03ab62da3def0e65159e Author: Liping Zhang Date: Wed Nov 23 22:12:21 2016 +0800 netfilter: nft_fib_ipv4: initialize *dest to zero Otherwise, if fib lookup fail, *dest will be filled with garbage value, so reverse path filtering will not work properly: # nft add rule x prerouting fib saddr oif eq 0 drop Fixes: f6d0cbcf09c5 ("netfilter: nf_tables: add fib expression") Signed-off-by: Liping Zhang Acked-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso net/ipv4/netfilter/nft_fib_ipv4.c | 2 ++ 1 file changed, 2 insertions(+) commit 11583438b73fbc9117ff8afcbde8c934d0d63713 Author: Liping Zhang Date: Wed Nov 23 22:12:20 2016 +0800 netfilter: nft_fib: convert htonl to ntohl properly Acctually ntohl and htonl are identical, so this doesn't affect anything, but it is conceptually wrong. Signed-off-by: Liping Zhang Acked-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso net/ipv4/netfilter/nft_fib_ipv4.c | 2 +- net/ipv6/netfilter/nft_fib_ipv6.c | 2 +- net/netfilter/nft_fib.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) commit ae0ac0ed6fcf5af3be0f63eb935f483f44a402d2 Author: Florian Westphal Date: Tue Nov 22 14:44:19 2016 +0100 netfilter: x_tables: pack percpu counter allocations instead of allocating each xt_counter individually, allocate 4k chunks and then use these for counter allocation requests. This should speed up rule evaluation by increasing data locality, also speeds up ruleset loading because we reduce calls to the percpu allocator. As Eric points out we can't use PAGE_SIZE, page_allocator would fail on arches with 64k page size. Suggested-by: Eric Dumazet Signed-off-by: Florian Westphal Acked-by: Eric Dumazet Signed-off-by: Pablo Neira Ayuso include/linux/netfilter/x_tables.h | 7 ++++++- net/ipv4/netfilter/arp_tables.c | 9 ++++++--- net/ipv4/netfilter/ip_tables.c | 9 ++++++--- net/ipv6/netfilter/ip6_tables.c | 9 ++++++--- net/netfilter/x_tables.c | 33 ++++++++++++++++++++++++--------- 5 files changed, 48 insertions(+), 19 deletions(-) commit f28e15bacedd444608e25421c72eb2cf4527c9ca Author: Florian Westphal Date: Tue Nov 22 14:44:18 2016 +0100 netfilter: x_tables: pass xt_counters struct to counter allocator Keeps some noise away from a followup patch. Signed-off-by: Florian Westphal Acked-by: Eric Dumazet Signed-off-by: Pablo Neira Ayuso include/linux/netfilter/x_tables.h | 27 +-------------------------- net/ipv4/netfilter/arp_tables.c | 5 +---- net/ipv4/netfilter/ip_tables.c | 5 +---- net/ipv6/netfilter/ip6_tables.c | 5 +---- net/netfilter/x_tables.c | 30 ++++++++++++++++++++++++++++++ 5 files changed, 34 insertions(+), 38 deletions(-) commit 4d31eef5176df06f218201bc9c0ce40babb41660 Author: Florian Westphal Date: Tue Nov 22 14:44:17 2016 +0100 netfilter: x_tables: pass xt_counters struct instead of packet counter On SMP we overload the packet counter (unsigned long) to contain percpu offset. Hide this from callers and pass xt_counters address instead. Preparation patch to allocate the percpu counters in page-sized batch chunks. Signed-off-by: Florian Westphal Acked-by: Eric Dumazet Signed-off-by: Pablo Neira Ayuso include/linux/netfilter/x_tables.h | 6 +----- net/ipv4/netfilter/arp_tables.c | 4 ++-- net/ipv4/netfilter/ip_tables.c | 4 ++-- net/ipv6/netfilter/ip6_tables.c | 5 ++--- net/netfilter/x_tables.c | 9 +++++++++ 5 files changed, 16 insertions(+), 12 deletions(-) commit 679972f3bef8df7aa04cc99b46f71392ebf0b5f8 Author: Aaron Conole Date: Tue Nov 15 17:48:46 2016 -0500 netfilter: convert while loops to for loops This is to facilitate converting from a singly-linked list to an array of elements. Signed-off-by: Aaron Conole Signed-off-by: Pablo Neira Ayuso net/bridge/br_netfilter_hooks.c | 8 ++++---- net/netfilter/core.c | 6 ++---- 2 files changed, 6 insertions(+), 8 deletions(-) commit d415b9eb76fc55c03ef5451691170aa5771dcea3 Author: Aaron Conole Date: Tue Nov 15 17:48:45 2016 -0500 netfilter: decouple nf_hook_entry and nf_hook_ops During nfhook traversal we only need a very small subset of nf_hook_ops members. We need: - next element - hook function to call - hook function priv argument Bridge netfilter also needs 'thresh'; can be obtained via ->orig_ops. nf_hook_entry struct is now 32 bytes on x86_64. A followup patch will turn the run-time list into an array that only stores hook functions plus their priv arguments, eliminating the ->next element. Suggested-by: Florian Westphal Signed-off-by: Aaron Conole Signed-off-by: Pablo Neira Ayuso include/linux/netfilter.h | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) commit 0aa8c57a04907a5d02068ff9f917629be97ea78d Author: Aaron Conole Date: Tue Nov 15 17:48:44 2016 -0500 netfilter: introduce accessor functions for hook entries This allows easier future refactoring. Signed-off-by: Aaron Conole Signed-off-by: Pablo Neira Ayuso include/linux/netfilter.h | 27 +++++++++++++++++++++++++++ net/bridge/br_netfilter_hooks.c | 2 +- net/netfilter/core.c | 10 ++++------ net/netfilter/nf_queue.c | 5 ++--- 4 files changed, 34 insertions(+), 10 deletions(-) commit 834184b1f3a4635efbdfdae5fb437f109f6605fa Author: Florian Westphal Date: Tue Nov 15 21:36:45 2016 +0100 netfilter: defrag: only register defrag functionality if needed nf_defrag modules for ipv4 and ipv6 export an empty stub function. Any module that needs the defragmentation hooks registered simply 'calls' this empty function to create a phony module dependency -- modprobe will then load the defrag module too. This extends netfilter ipv4/ipv6 defragmentation modules to delay the hook registration until the functionality is requested within a network namespace instead of module load time for all namespaces. Hooks are only un-registered on module unload or when a namespace that used such defrag functionality exits. We have to use struct net for this as the register hooks can be called before netns initialization here from the ipv4/ipv6 conntrack module init path. There is no unregister functionality support, defrag will always be active once it was requested inside a net namespace. The reason is that defrag has impact on nft and iptables rulesets (without defrag we might see framents). Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso include/net/netfilter/ipv4/nf_defrag_ipv4.h | 3 +- include/net/netfilter/ipv6/nf_defrag_ipv6.h | 3 +- include/net/netns/netfilter.h | 6 ++++ net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | 7 ++++- net/ipv4/netfilter/nf_defrag_ipv4.c | 41 +++++++++++++++++++++++-- net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c | 7 ++++- net/ipv6/netfilter/nf_defrag_ipv6_hooks.c | 42 +++++++++++++++++++++++--- net/netfilter/xt_TPROXY.c | 15 ++++++--- net/netfilter/xt_socket.c | 33 +++++++++++++++++--- 9 files changed, 136 insertions(+), 21 deletions(-) commit c5d4603961009c39de94725213d8b5420f110f9e Author: Duc Dang Date: Thu Dec 1 18:27:07 2016 -0800 PCI: Add MCFG quirks for X-Gene host controller PCIe controllers in X-Gene SoCs are not ECAM compliant: software needs to configure additional controller's register to address device at bus:dev:function. Add a quirk to discover controller MMIO register space and configure controller registers to select and address the target secondary device. The quirk will only be applied for X-Gene PCIe MCFG table with OEM revison 1, 2, 3 or 4 (PCIe controller v1 and v2 on X-Gene SoCs). Tested-by: Jon Masters Signed-off-by: Duc Dang Signed-off-by: Bjorn Helgaas drivers/acpi/pci_mcfg.c | 25 +++++++++ drivers/pci/host/Kconfig | 4 +- drivers/pci/host/Makefile | 2 +- drivers/pci/host/pci-xgene.c | 126 ++++++++++++++++++++++++++++++++++++++++--- include/linux/pci-ecam.h | 2 + 5 files changed, 149 insertions(+), 10 deletions(-) commit 648d93fc77da4f655cf13108417f33c91d745e2c Author: Tomasz Nowicki Date: Wed Nov 30 23:16:34 2016 -0600 PCI: Add MCFG quirks for Cavium ThunderX pass1.x host controller ThunderX pass1.x requires to emulate the EA headers for on-chip devices hence it has to use custom pci_thunder_ecam_ops for accessing PCI config space (pci-thunder-ecam.c). Add new entries to MCFG quirk array where it can be applied while probing ACPI based PCI host controller. ThunderX pass1.x is using the same way for accessing off-chip devices (so-called PEM) as silicon pass-2.x so we need to add PEM quirk entries too. Quirk is considered for ThunderX silicon pass1.x only which is identified via MCFG revision 2. ThunderX pass 1.x requires the following accessors: NUMA node 0 PCI segments 0- 3: pci_thunder_ecam_ops (MCFG quirk) NUMA node 0 PCI segments 4- 9: thunder_pem_ecam_ops (MCFG quirk) NUMA node 1 PCI segments 10-13: pci_thunder_ecam_ops (MCFG quirk) NUMA node 1 PCI segments 14-19: thunder_pem_ecam_ops (MCFG quirk) [bhelgaas: change Makefile/ifdefs so quirk doesn't depend on CONFIG_PCI_HOST_THUNDER_ECAM] Signed-off-by: Tomasz Nowicki Signed-off-by: Bjorn Helgaas drivers/acpi/pci_mcfg.c | 15 +++++++++++++++ drivers/pci/host/Kconfig | 3 ++- drivers/pci/host/Makefile | 2 +- drivers/pci/host/pci-thunder-ecam.c | 9 ++++++++- include/linux/pci-ecam.h | 3 ++- 5 files changed, 28 insertions(+), 4 deletions(-) commit 44f22bd91e88f9a1203a6e564a237e593f5f2f74 Author: Tomasz Nowicki Date: Thu Dec 1 00:07:56 2016 -0600 PCI: Add MCFG quirks for Cavium ThunderX pass2.x host controller ThunderX PCIe controller to off-chip devices (so-called PEM) is not fully compliant with ECAM standard. It uses non-standard configuration space accessors (see thunder_pem_ecam_ops) and custom configuration space granulation (see bus_shift = 24). In order to access configuration space and probe PEM as ACPI-based PCI host controller we need to add MCFG quirk infrastructure. This involves: 1. A new thunder_pem_acpi_init() init function to locate PEM-specific register ranges using ACPI. 2. Export PEM thunder_pem_ecam_ops structure so it is visible to MCFG quirk code. 3. New quirk entries for each PEM segment. Each contains platform IDs, mentioned thunder_pem_ecam_ops and CFG resources. Quirk is considered for ThunderX silicon pass2.x only which is identified via MCFG revision 1. ThunderX pass 2.x requires the following accessors: NUMA Node 0 PCI segments 0- 3: pci_generic_ecam_ops (ECAM-compliant) NUMA Node 0 PCI segments 4- 9: thunder_pem_ecam_ops (MCFG quirk) NUMA Node 1 PCI segments 10-13: pci_generic_ecam_ops (ECAM-compliant) NUMA Node 1 PCI segments 14-19: thunder_pem_ecam_ops (MCFG quirk) [bhelgaas: adapt to use acpi_get_rc_resources(), update Makefile/ifdefs so quirk doesn't depend on CONFIG_PCI_HOST_THUNDER_PEM] Signed-off-by: Tomasz Nowicki Signed-off-by: Bjorn Helgaas drivers/acpi/pci_mcfg.c | 19 ++++++++++++++++ drivers/pci/host/Kconfig | 3 ++- drivers/pci/host/Makefile | 2 +- drivers/pci/host/pci-thunder-pem.c | 44 ++++++++++++++++++++++++++++++++++++++ include/linux/pci-ecam.h | 1 + 5 files changed, 67 insertions(+), 2 deletions(-) commit 0d414268fb8d0844030f87027e904f69d96706be Author: Bjorn Helgaas Date: Wed Nov 30 23:57:56 2016 -0600 PCI: thunder-pem: Factor out resource lookup Pull the register resource lookup out of thunder_pem_init() so we can easily add a corresponding lookup using ACPI. No functional change intended. Signed-off-by: Bjorn Helgaas drivers/pci/host/pci-thunder-pem.c | 50 ++++++++++++++++++++------------------ 1 file changed, 27 insertions(+), 23 deletions(-) commit 5f00f1a0178cf52928366a5e1f376a65f1f3f389 Author: Dongdong Liu Date: Thu Dec 1 00:45:35 2016 -0600 PCI: Add MCFG quirks for HiSilicon Hip05/06/07 host controllers The PCIe controller in Hip05/Hip06/Hip07 SoCs is not completely ECAM-compliant. It is non-ECAM only for the RC bus config space; for any other bus underneath the root bus it does support ECAM access. Add specific quirks for PCI config space accessors. This involves: 1. New initialization call hisi_pcie_init() to obtain RC base addresses from PNP0C02 at the root of the ACPI namespace (under \_SB). 2. New entry in common quirk array. [bhelgaas: move to pcie-hisi.c and change Makefile/ifdefs so quirk doesn't depend on CONFIG_PCI_HISI] Signed-off-by: Dongdong Liu Signed-off-by: Gabriele Paoloni Signed-off-by: Bjorn Helgaas drivers/acpi/pci_mcfg.c | 12 +++++ drivers/pci/host/Makefile | 2 +- drivers/pci/host/pcie-hisi.c | 101 +++++++++++++++++++++++++++++++++++++++++++ include/linux/pci-ecam.h | 1 + 4 files changed, 115 insertions(+), 1 deletion(-) commit 2ca5b8ddc6f70d77a51851ba5e5cd0d39c27dd88 Author: Christopher Covington Date: Wed Nov 2 11:11:27 2016 -0500 PCI: Add MCFG quirks for Qualcomm QDF2432 host controller The Qualcomm Technologies QDF2432 SoC does not support accesses smaller than 32 bits to the PCI configuration space. Register the appropriate quirk. [bhelgaas: add QCOM_ECAM32 macro, ifdef for ACPI and PCI_QUIRKS] Signed-off-by: Christopher Covington Signed-off-by: Bjorn Helgaas drivers/acpi/pci_mcfg.c | 11 +++++++++++ drivers/pci/ecam.c | 12 ++++++++++++ include/linux/pci-ecam.h | 4 ++++ 3 files changed, 27 insertions(+) commit 169de969c0188be69bd5ff1e148d42a49bf47738 Author: Dongdong Liu Date: Thu Dec 1 00:33:42 2016 -0600 PCI/ACPI: Provide acpi_get_rc_resources() for ARM64 platform The acpi_get_rc_resources() is used to get the RC register address that can not be described in MCFG. It takes the _HID & segment to look for and outputs the RC address resource. Use PNP0C02 devices to describe such RC address resource. Use _UID to match segment to tell which root bus the PNP0C02 resource belongs to. [bhelgaas: add dev argument, wrap in #ifdef CONFIG_PCI_QUIRKS] Signed-off-by: Dongdong Liu Signed-off-by: Tomasz Nowicki Signed-off-by: Bjorn Helgaas drivers/pci/pci-acpi.c | 76 ++++++++++++++++++++++++++++++++++++++++++++++++++ drivers/pci/pci.h | 5 ++++ 2 files changed, 81 insertions(+) commit 5b69b85ba1ddd36be01f5c57830b37a3c8256009 Author: Tomasz Nowicki Date: Fri Sep 9 21:24:04 2016 +0200 PCI/ACPI: Check for platform-specific MCFG quirks The PCIe spec (r3.0, sec 7.2.2) specifies an "Enhanced Configuration Access Mechanism" (ECAM) for memory-mapped access to configuration space. ECAM is required for PCIe systems unless there's a standard firmware interface for config access. In the absence of a firmware interface, we use pci_generic_ecam_ops, and on ACPI systems, we discover the ECAM space via the MCFG table and/or the _CBA method. Unfortunately some systems provide MCFG but don't implement ECAM according to spec, so we need a mechanism for quirks to make those systems work. Add an MCFG quirk mechanism to override the config accessor functions and/or the memory-mapped address space. A quirk is selected if it matches all of the following: - OEM ID - OEM Table ID - OEM Revision - PCI segment (from _SEG) - PCI bus number range (from _CRS, wildcard allowed) If the quirk specifies config accessor functions or a memory-mapped address range, these override the defaults. [bhelgaas: changelog, reorder quirk matching, fix oem_revision typo per Duc, add under #ifdef CONFIG_PCI_QUIRKS] Signed-off-by: Tomasz Nowicki Signed-off-by: Dongdong Liu Signed-off-by: Christopher Covington Signed-off-by: Bjorn Helgaas drivers/acpi/pci_mcfg.c | 92 +++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 86 insertions(+), 6 deletions(-) commit 13983eb89d5afaa65acd4479fad151cbd4de5509 Author: Tomasz Nowicki Date: Fri Sep 9 21:24:03 2016 +0200 PCI/ACPI: Extend pci_mcfg_lookup() to return ECAM config accessors pci_mcfg_lookup() is the external interface to the generic MCFG code. Previously it merely looked up the ECAM base address for a given domain and bus range. We want a way to add MCFG quirks, some of which may require special config accessors and adjustments to the ECAM address range. Extend pci_mcfg_lookup() so it can return a pointer to a pci_ecam_ops structure and a struct resource for the ECAM address space. For now, it always returns &pci_generic_ecam_ops (the standard accessor) and the resource described by the MCFG. No functional changes intended. [bhelgaas: changelog] Signed-off-by: Tomasz Nowicki Signed-off-by: Bjorn Helgaas arch/arm64/kernel/pci.c | 17 +++++------------ drivers/acpi/pci_mcfg.c | 28 +++++++++++++++++++++++++--- include/linux/pci-acpi.h | 4 +++- 3 files changed, 33 insertions(+), 16 deletions(-) commit 8fd4391ee717569d60fa283da778f7497630c9b7 Author: Bjorn Helgaas Date: Fri Dec 2 17:25:54 2016 -0600 arm64: PCI: Exclude ACPI "consumer" resources from host bridge windows On x86 and ia64, we have treated all ACPI _CRS resources of PNP0A03 host bridge devices as "producers", i.e., as host bridge windows. That's partly because some x86 BIOSes improperly used "consumer" descriptors to describe windows and partly because Linux didn't have good support for handling consumer and producer descriptors differently. One result is that x86 BIOSes describe host bridge "consumer" resources in the _CRS of a PNP0C02 device, not the PNP0A03 device itself. On arm64 we don't have a legacy of firmware that has this consumer/producer confusion, so we can handle PNP0A03 "consumer" descriptors as host bridge registers instead of windows. Exclude non-window ("consumer") resources from the list of host bridge windows. This allows the use of "consumer" PNP0A03 descriptors for bridge register space. Signed-off-by: Bjorn Helgaas arch/arm64/kernel/pci.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) commit 093d24a204425f71f4f106b7e62c8df4b456e1cc Author: Tomasz Nowicki Date: Thu Nov 24 12:05:23 2016 +0100 arm64: PCI: Manage controller-specific data on per-controller basis Currently we use one shared global acpi_pci_root_ops structure to keep controller-specific ops. We pass its pointer to acpi_pci_root_create() and associate it with a host bridge instance for good. Such a design implies serious drawback. Any potential manipulation on the single system-wide acpi_pci_root_ops leads to kernel crash. The structure content is not really changing even across multiple host bridges creation; thus it was not an issue so far. In preparation for adding ECAM quirks mechanism (where controller-specific PCI ops may be different for each host bridge) allocate new acpi_pci_root_ops and fill in with data for each bridge. Now it is safe to have different controller-specific info. As a consequence free acpi_pci_root_ops when host bridge is released. No functional changes in this patch. Signed-off-by: Tomasz Nowicki Signed-off-by: Bjorn Helgaas Acked-by: Lorenzo Pieralisi arch/arm64/kernel/pci.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) commit 08b1c19606b5fc7f895dae4d43d507b4da4a83bf Author: Bjorn Helgaas Date: Wed Nov 30 14:48:33 2016 -0600 arm64: PCI: Search ACPI namespace to ensure ECAM space is reserved The static MCFG table tells us the base of ECAM space, but it does not reserve the space -- the reservation should be done via a device in the ACPI namespace whose _CRS includes the ECAM region. Use acpi_resource_consumer() to check whether the ECAM space is reserved by an ACPI namespace device. If it is, emit a message showing which device reserves it. If not, emit a "[Firmware Bug]" warning. Signed-off-by: Bjorn Helgaas Acked-by: Lorenzo Pieralisi arch/arm64/kernel/pci.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) commit dfd1972c2b464c10fb585c4c60b594e09d181a01 Author: Bjorn Helgaas Date: Thu Dec 1 11:33:57 2016 -0600 arm64: PCI: Add local struct device pointers Use a local "struct device *dev" for brevity. No functional change intended. Signed-off-by: Bjorn Helgaas Acked-by: Lorenzo Pieralisi arch/arm64/kernel/pci.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) commit 2b8bb1d771f736b8b34bf160115aee1b12d29f83 Author: Kirti Wankhede Date: Tue Dec 6 23:58:12 2016 +0530 vfio iommu type1: Fix size argument to vfio_find_dma() in pin_pages/unpin_pages Passing zero for the size to vfio_find_dma() isn't compatible with matching the start address of an existing vfio_dma. Doing so triggers a corner case. In vfio_find_dma(), when the start address is equal to dma->iova and size is 0, check for the end of search range makes it to take wrong side of RB-tree. That fails the search even though the address is present in mapped dma ranges. In functions pin_pages and unpin_pages, the iova which is being searched is base address of page to be pinned or unpinned. So here size should be set to PAGE_SIZE, as argument to vfio_find_dma(). Signed-off-by: Kirti Wankhede Signed-off-by: Neo Jia Signed-off-by: Alex Williamson drivers/vfio/vfio_iommu_type1.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 7c03f428464333589f0c374b833af95777eb9dd8 Author: Kirti Wankhede Date: Tue Dec 6 23:56:54 2016 +0530 vfio iommu type1: Fix size argument to vfio_find_dma() during DMA UNMAP. Passing zero for the size to vfio_find_dma() isn't compatible with matching the start address of an existing vfio_dma. Doing so triggers a corner case. In vfio_find_dma(), when the start address is equal to dma->iova and size is 0, check for the end of search range makes it to take wrong side of RB-tree. That fails the search even though the address is present in mapped dma ranges. Due to this, in vfio_dma_do_unmap(), while checking boundary conditions, size should be set to 1 for verifying start address of unmap range. vfio_find_dma() is also used to verify last address in unmap range with size = 0, but in that case address to be searched is calculated with start + size - 1 and so it works correctly. Signed-off-by: Kirti Wankhede Signed-off-by: Neo Jia [aw: changelog tweak] Signed-off-by: Alex Williamson drivers/vfio/vfio_iommu_type1.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 3eb15f2828464791f68b341ce87183012c509fc6 Author: Fabian Frederick Date: Sun Dec 4 13:45:28 2016 +0100 sunrpc: use DEFINE_SPINLOCK() Signed-off-by: Fabian Frederick Signed-off-by: J. Bruce Fields net/sunrpc/svcauth.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit db444e1344ddad60bc125717bb0bf3ebbb4c79c7 Author: Gustavo Padovan Date: Mon Dec 5 12:03:46 2016 -0200 drm/atomic: doc: remove old comment about nonblocking commits We now support nonblocking commits on drm_atomic_helper_commit() so the comment is not valid anymore. Signed-off-by: Gustavo Padovan Reviewed-by: Daniel Vetter Link: http://patchwork.freedesktop.org/patch/msgid/1480946626-30917-1-git-send-email-gustavo@padovan.org drivers/gpu/drm/drm_atomic_helper.c | 3 --- 1 file changed, 3 deletions(-) commit 0af72df267f2ed865c71a69fb2811ea6fa4736dc Author: Greg Kroah-Hartman Date: Tue Dec 6 18:18:30 2016 +0100 staging: slicoss: remove the staging driver A "real" driver for this hardware has now landed in the networking tree, so remove this old staging driver so that we don't have multiple drivers for the same hardware, and so people don't waste their time trying to clean up this old code. Cc: Lior Dotan Cc: Christopher Harrer Cc: David Miller Signed-off-by: Greg Kroah-Hartman MAINTAINERS | 6 - drivers/staging/Kconfig | 2 - drivers/staging/Makefile | 1 - drivers/staging/slicoss/Kconfig | 14 - drivers/staging/slicoss/Makefile | 1 - drivers/staging/slicoss/README | 7 - drivers/staging/slicoss/TODO | 36 - drivers/staging/slicoss/slic.h | 568 ------- drivers/staging/slicoss/slichw.h | 652 -------- drivers/staging/slicoss/slicoss.c | 3128 ------------------------------------- 10 files changed, 4415 deletions(-) commit 862b3d2090ae3d8b10bb4ee9275fd932bc4d0d44 Author: Salil Date: Tue Dec 6 11:09:46 2016 +0000 net: hns: Fix to conditionally convey RX checksum flag to stack This patch introduces the RX checksum function to check the status of the hardware calculated checksum and its error and appropriately convey status to the upper stack in skb->ip_summed field. In hardware, we only support checksum for the following protocols: 1) IPv4, 2) TCP(over IPv4 or IPv6), 3) UDP(over IPv4 or IPv6), 4) SCTP(over IPv4 or IPv6) but we support many L3(IPv4, IPv6, MPLS, PPPoE etc) and L4(TCP, UDP, GRE, SCTP, IGMP, ICMP etc.) protocols. Hardware limitation: Our present hardware RX Descriptor lacks L3/L4 checksum "Status & Error" bit (which usually can be used to indicate whether checksum was calculated by the hardware and if there was any error encountered during checksum calculation). Software workaround: We do get info within the RX descriptor about the kind of L3/L4 protocol coming in the packet and the error status. These errors might not just be checksum errors but could be related to version, length of IPv4, UDP, TCP etc. Because there is no-way of knowing if it is a L3/L4 error due to bad checksum or any other L3/L4 error, we will not (cannot) convey hardware checksum status(CHECKSUM_UNNECESSARY) for such cases to upper stack and will not maintain the RX L3/L4 checksum counters as well. Signed-off-by: Salil Mehta Signed-off-by: David S. Miller drivers/net/ethernet/hisilicon/hns/hnae.h | 2 + drivers/net/ethernet/hisilicon/hns/hns_enet.c | 76 ++++++++++++++++++++++++--- 2 files changed, 71 insertions(+), 7 deletions(-) commit 48e0a83ece7803a62afd624ba70523ca66631c35 Author: Ivan Khoronzhuk Date: Tue Dec 6 03:45:00 2016 +0200 net: ethernet: ti: cpsw: fix early budget split The budget split function requires the phy speed to be known. While ndo open a phy speed identification is postponed till the moment link is up. Hence, move it to appropriate callback, when link is up. Reported-by: Grygorii Strashko Fixes: 8feb0a196507 ("net: ethernet: ti: cpsw: split tx budget according between channels") Signed-off-by: Ivan Khoronzhuk Signed-off-by: David S. Miller drivers/net/ethernet/ti/cpsw.c | 154 ++++++++++++++++++++--------------------- 1 file changed, 77 insertions(+), 77 deletions(-) commit 343dfaa198e98e8195a962c53206ad88076a6066 Author: Florian Westphal Date: Tue Dec 6 00:23:00 2016 +0100 Revert "dctcp: update cwnd on congestion event" Neal Cardwell says: If I am reading the code correctly, then I would have two concerns: 1) Has that been tested? That seems like an extremely dramatic decrease in cwnd. For example, if the cwnd is 80, and there are 40 ACKs, and half the ACKs are ECE marked, then my back-of-the-envelope calculations seem to suggest that after just 11 ACKs the cwnd would be down to a minimal value of 2 [..] 2) That seems to contradict another passage in the draft [..] where it sazs: Just as specified in [RFC3168], DCTCP does not react to congestion indications more than once for every window of data. Neal is right. Fortunately we don't have to complicate this by testing vs. current rtt estimate, we can just revert the patch. Normal stack already handles this for us: receiving ACKs with ECE set causes a call to tcp_enter_cwr(), from there on the ssthresh gets adjusted and prr will take care of cwnd adjustment. Fixes: 4780566784b396 ("dctcp: update cwnd on congestion event") Cc: Neal Cardwell Signed-off-by: Florian Westphal Acked-by: Neal Cardwell Signed-off-by: David S. Miller net/ipv4/tcp_dctcp.c | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) commit b1df0f5ceab3cf0207dcb585c51424fe1bb1e1d2 Merge: 9f9ffdf a199d8b Author: David S. Miller Date: Tue Dec 6 11:32:29 2016 -0500 Merge branch 'mv88e6xxx-rework-reset-and-PPU-code' Vivien Didelot says: ==================== net: dsa: mv88e6xxx: rework reset and PPU code Old Marvell chips (like 88E6060) don't have a PHY Polling Unit (PPU). Next chips (like 88E6185) have a PPU, which has exclusive access to the PHY registers, thus must be disabled before access. Newer chips (like 88E6352) have an indirect mechanism to access the PHY registers whenever, thus loose control over the PPU (always enabled). Here's a summary: Model | PPU? | Has PPU ctrl? | PPU state readable? | PHY access ----- | ---- | -------------- | ------------------- | ---------- 6060 | no | no | no | direct 6185 | yes | yes, PPUEn bit | yes, PPUState 2-bit | direct w/ PPU dis. 6352 | yes | no | yes, PPUState 1-bit | indirect 6390 | yes | no | yes, InitState bit | indirect Depending on the PPU control, a switch may have to restart the PPU when resetting the switch. Once the switch is reset, we must wait for the PPU state to be active polling again before accessing the registers. For that purpose, add new operations to the chips to enable/disable the PPU, and execute software reset. With these new ops in place, rework the switch reset code and finally get rid of the MV88E6XXX_FLAG_PPU* flags. Changes in v3: - consider 6097 as 6352 (no PPU ops and use mv88e6352_g1_reset). Changes in v2: - wait in ppu/reset ops so that ppu_polling is not needed anymore. ==================== Signed-off-by: David S. Miller commit a199d8b6956f8973d09d684fc71300889c26e8e4 Author: Vivien Didelot Date: Mon Dec 5 17:30:28 2016 -0500 net: dsa: mv88e6xxx: add PPU operations Some Marvell chips can enable/disable the PPU on demand. This is needed to access the PHY registers when there is no indirection mechanism. Add two new ppu_enable and ppu_disable ops to describe this and finally get rid of the MV88E6XXX_FLAG_PPU* flags. Signed-off-by: Vivien Didelot Signed-off-by: David S. Miller drivers/net/dsa/mv88e6xxx/chip.c | 76 ++++++++--------------------------- drivers/net/dsa/mv88e6xxx/global1.c | 57 ++++++++++++++++++++++++++ drivers/net/dsa/mv88e6xxx/global1.h | 3 ++ drivers/net/dsa/mv88e6xxx/mv88e6xxx.h | 19 ++------- 4 files changed, 81 insertions(+), 74 deletions(-) commit 17e708baf7f24192cb1c7c8dd6b32d1941dfb0e8 Author: Vivien Didelot Date: Mon Dec 5 17:30:27 2016 -0500 net: dsa: mv88e6xxx: add a soft reset operation Marvell chips have different way to issue a software reset. Old chips (such as 88E6060) have a reset bit in an ATU control register. Newer chips moved this bit in a Global control register. Chips with controllable PPU should reset the PPU when resetting the switch. Add a new reset operation to implement these differences and introduce a mv88e6xxx_software_reset() helper to wrap it conveniently. Signed-off-by: Vivien Didelot Signed-off-by: David S. Miller drivers/net/dsa/mv88e6xxx/chip.c | 72 ++++++++++---------- drivers/net/dsa/mv88e6xxx/global1.c | 121 ++++++++++++++++++++++++++++++++++ drivers/net/dsa/mv88e6xxx/global1.h | 4 ++ drivers/net/dsa/mv88e6xxx/mv88e6xxx.h | 15 +++-- 4 files changed, 172 insertions(+), 40 deletions(-) commit 309eca6db96ad69470220fa12c0bdc1ee64da8af Author: Vivien Didelot Date: Mon Dec 5 17:30:26 2016 -0500 net: dsa: mv88e6xxx: add helper to hardware reset Add an helper to toggle the eventual GPIO connected to the reset pin. Signed-off-by: Vivien Didelot Reviewed-by: Andrew Lunn Signed-off-by: David S. Miller drivers/net/dsa/mv88e6xxx/chip.c | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) commit 4ac4b5a623f808e64d4d17b14bc23e934eaed008 Author: Vivien Didelot Date: Mon Dec 5 17:30:25 2016 -0500 net: dsa: mv88e6xxx: add helper to disable ports Before resetting a switch, the ports should be set to the Disabled state and the transmit queues should be drained. Add an helper to explicit that. Signed-off-by: Vivien Didelot Reviewed-by: Andrew Lunn Signed-off-by: David S. Miller drivers/net/dsa/mv88e6xxx/chip.c | 32 ++++++++++++++++++++++---------- 1 file changed, 22 insertions(+), 10 deletions(-) commit 1465f481460cbfc60dc119873099d89a58f9be4f Merge: 3e5de27 00c7c81 18b709b ebcfa28 37bad55 24c790f 2f5f44f Author: Joerg Roedel Date: Tue Dec 6 17:32:16 2016 +0100 Merge branches 'arm/mediatek', 'arm/smmu', 'x86/amd', 's390', 'core' and 'arm/exynos' into next commit 9f9ffdffe9112abae781e5f4b44e7d2bc96aa6d5 Merge: a297569 b956702 Author: David S. Miller Date: Tue Dec 6 11:24:29 2016 -0500 Merge branch 'Alacritech-SLIC-driver' Lino Sanfilippo says: ==================== Gigabit ethernet driver for Alacritechs SLIC devices (v4) this is the forth version of the slicoss gigabit ethernet driver (which is a rework of the driver from Alacritech which can currently be found under drivers/staging/slicoss). The driver is supposed to support Mojave, Oasis and Kalahari cards, for both copper and fiber. If this code is accepted the staging version can be removed. The driver has been tested on a SEN2104ET adapter (4 Port PCIe copper). v4: - fix wrong driver name in Kconfig file (reported by Rami Rosen) - remove unused variable from driver struct (reported by Rami Rosen) - return "err" instead of 0 in slic_load_rcvseq_firmware() (reported by Rami Rosen) - Fix typos in constants, comments and error message (reported by Markus Böhme) - fix various warnings concerning signedness (reported by Markus Böhme) - improve line formatting (reported by Markus Böhme) - add comment describing the need for SLIC_MAX_TX_COMPLETIONS (suggested by Florian Fainelli) - do not zero out complete rx descriptor (suggested by Florian Fainelli) - add missing write barrier (reported by Florian Fainelli) - remove unneeded assignment of net_device to skb (reported by Florian Fainelli) - use napi_complete_done() instead of napi_complete (suggested by Florian Fainelli) - use napi_schedule_irqoff() instead of napi_schedule (suggested by Florian Fainelli) - do not map error returned by slic_init() to -ENOMEM - do proper dma syncs before and after rx descriptor status is set to 0 - if after dma sync for CPU rx descriptor is not used return it to HW by means of dma sync for device v3: - dont add defines to pci_ids.h but instead put it into the drivers header file (requested by Greg Kroah-Hartman) v2: - remove unusual padding in statistic strings (suggested by Andrew Lunn) - for mdio register and bit names use defines from mii.h instead of own ones (suggested by Andrew Lunn) - remove unused defines - ensure PCI flush at two more places - use mmiowb before lock to prevent mmio writes leaking out of lock - fix some typos in comments - add copyright and GPL header ==================== Signed-off-by: David S. Miller commit b9567027385a7abb33ae54ffa189be9c6c9cf730 Author: Lino Sanfilippo Date: Mon Dec 5 23:07:17 2016 +0100 MAINTAINERS: add entry for slicoss ethernet driver Add myself as maintainer for the slicoss ethernet driver. Signed-off-by: Lino Sanfilippo Signed-off-by: David S. Miller MAINTAINERS | 5 +++++ 1 file changed, 5 insertions(+) commit 60c140df15dbc34e2aabe210f82c37b978185b40 Author: Lino Sanfilippo Date: Mon Dec 5 23:07:16 2016 +0100 net: ethernet: slicoss: add slicoss gigabit ethernet driver Add driver for Alacritech gigabit ethernet cards with SLIC (session-layer interface control) technology. The driver provides basic support without SLIC for the following devices: - Mojave cards (single port PCI Gigabit) both copper and fiber - Oasis cards (single and dual port PCI-x Gigabit) copper and fiber - Kalahari cards (dual and quad port PCI-e Gigabit) copper and fiber Signed-off-by: Lino Sanfilippo Signed-off-by: David S. Miller drivers/net/ethernet/Kconfig | 1 + drivers/net/ethernet/Makefile | 1 + drivers/net/ethernet/alacritech/Kconfig | 28 + drivers/net/ethernet/alacritech/Makefile | 4 + drivers/net/ethernet/alacritech/slic.h | 575 +++++++++ drivers/net/ethernet/alacritech/slicoss.c | 1882 +++++++++++++++++++++++++++++ 6 files changed, 2491 insertions(+) commit 8ac1eb7bab7c8d9d6f00b3e2a408611c45d9dff0 Author: Jiri Olsa Date: Tue Dec 6 14:18:50 2016 +0100 perf tools: Move perf build related variables under non fixdep leg Because there's no need for them in fixdep build. Signed-off-by: Jiri Olsa Cc: David Ahern Cc: Namhyung Kim Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/1481030331-31944-4-git-send-email-jolsa@kernel.org Signed-off-by: Arnaldo Carvalho de Melo tools/perf/Makefile.perf | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) commit abb26210a39522a6645bce3f438ed9a26bedb11b Author: Jiri Olsa Date: Tue Dec 6 14:18:49 2016 +0100 perf tools: Force fixdep compilation at the start of the build The fixdep tool needs to be built before everything else, because it fixes every object dependency file. We handle this currently by making all objects to depend on fixdep, which is error prone and is easily forgotten when new object is added. Instead of this, this patch force fixdep tool to be built as the first target in the separate make session. This way we don't need to handle extra fixdep dependencies and we are certain there's no fixdep race with any parallel make job. Committer notes: Testing it: Before: $ rm -rf /tmp/build/perf/ ; mkdir -p /tmp/build/perf ; make -k O=/tmp/build/perf -C tools/perf install-bin make: Entering directory '/home/acme/git/linux/tools/perf' BUILD: Doing 'make -j4' parallel build Auto-detecting system features: ... dwarf: [ on ] ... dwarf_getlocations: [ on ] ... glibc: [ on ] ... gtk2: [ on ] ... libaudit: [ on ] ... libbfd: [ on ] ... libelf: [ on ] ... libnuma: [ on ] ... numa_num_possible_cpus: [ on ] ... libperl: [ on ] ... libpython: [ on ] ... libslang: [ on ] ... libcrypto: [ on ] ... libunwind: [ on ] ... libdw-dwarf-unwind: [ on ] ... zlib: [ on ] ... lzma: [ on ] ... get_cpuid: [ on ] ... bpf: [ on ] GEN /tmp/build/perf/common-cmds.h HOSTCC /tmp/build/perf/fixdep.o HOSTLD /tmp/build/perf/fixdep-in.o LINK /tmp/build/perf/fixdep MKDIR /tmp/build/perf/pmu-events/ HOSTCC /tmp/build/perf/pmu-events/json.o MKDIR /tmp/build/perf/pmu-events/ HOSTCC /tmp/build/perf/pmu-events/jsmn.o HOSTCC /tmp/build/perf/pmu-events/jevents.o HOSTLD /tmp/build/perf/pmu-events/jevents-in.o PERF_VERSION = 4.9.rc8.g868cd5 CC /tmp/build/perf/perf-read-vdso32 After: $ rm -rf /tmp/build/perf/ ; mkdir -p /tmp/build/perf ; make -k O=/tmp/build/perf -C tools/perf install-bin make: Entering directory '/home/acme/git/linux/tools/perf' BUILD: Doing 'make -j4' parallel build HOSTCC /tmp/build/perf/fixdep.o HOSTLD /tmp/build/perf/fixdep-in.o LINK /tmp/build/perf/fixdep Auto-detecting system features: ... dwarf: [ on ] ... dwarf_getlocations: [ on ] ... glibc: [ on ] ... gtk2: [ on ] ... libaudit: [ on ] ... libbfd: [ on ] ... libelf: [ on ] ... libnuma: [ on ] ... numa_num_possible_cpus: [ on ] ... libperl: [ on ] ... libpython: [ on ] ... libslang: [ on ] ... libcrypto: [ on ] ... libunwind: [ on ] ... libdw-dwarf-unwind: [ on ] ... zlib: [ on ] ... lzma: [ on ] ... get_cpuid: [ on ] ... bpf: [ on ] GEN /tmp/build/perf/common-cmds.h MKDIR /tmp/build/perf/fd/ CC /tmp/build/perf/fd/array.o LD /tmp/build/perf/fd/libapi-in.o MKDIR /tmp/build/perf/fs/ CC /tmp/build/perf/event-parse.o CC /tmp/build/perf/fs/fs.o PERF_VERSION = 4.9.rc8.g57a92f CC /tmp/build/perf/event-plugin.o MKDIR /tmp/build/perf/fs/ CC /tmp/build/perf/fs/tracing_path.o Signed-off-by: Jiri Olsa Tested-by: Arnaldo Carvalho de Melo Cc: David Ahern Cc: Namhyung Kim Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/1481030331-31944-3-git-send-email-jolsa@kernel.org Signed-off-by: Arnaldo Carvalho de Melo tools/perf/Makefile.perf | 50 ++++++++++++++++++++++++++++++++++++------------ 1 file changed, 38 insertions(+), 12 deletions(-) commit 16e2ef4ed27f503afc2d69f0980f200b329cab83 Author: Jiri Olsa Date: Tue Dec 6 14:18:48 2016 +0100 perf tools: Move PERF-VERSION-FILE target into rules area An upcoming fixdep fix needs all targets at the same area, so they'll fit under a signal condition block. Moving PERF-VERSION-FILE target into rules section. Signed-off-by: Jiri Olsa Cc: David Ahern Cc: Namhyung Kim Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/1481030331-31944-2-git-send-email-jolsa@kernel.org Signed-off-by: Arnaldo Carvalho de Melo tools/perf/Makefile.perf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit a940cad331e79cc03d9ae74f56a2c7cb810bdce9 Author: Wang Nan Date: Tue Dec 6 07:22:30 2016 +0000 perf build: Check LLVM version in feature check Cancel builtin llvm and clang support when LLVM version is less than 3.9.0: following commits uses newer API. Since Clang/LLVM's API is not guaranteed to be stable, add a test-llvm-version.cpp feature checker, issue warning if LLVM found in compiling environment is not tested yet. Committer Notes: Testing it: Environment: $ cat /etc/fedora-release Fedora release 25 (Twenty Five) $ rpm -q llvm-devel clang-devel llvm-devel-3.8.0-1.fc25.x86_64 clang-devel-3.8.0-2.fc25.x86_64 $ Before: $ make -k LIBCLANGLLVM=1 O=/tmp/build/perf -C tools/perf install-bin make: Entering directory '/home/acme/git/linux/tools/perf' BUILD: Doing 'make -j4' parallel build Warning: tools/include/uapi/linux/bpf.h differs from kernel Warning: tools/arch/arm/include/uapi/asm/kvm.h differs from kernel INSTALL GTK UI LINK /tmp/build/perf/perf /tmp/build/perf/libperf.a(libperf-in.o): In function `perf::createCompilerInvocation(llvm::SmallVector, llvm::StringRef&, clang::DiagnosticsEngine&)': /home/acme/git/linux/tools/perf/util/c++/clang.cpp:56: undefined reference to `clang::tooling::newInvocation(clang::DiagnosticsEngine*, llvm::SmallVector const&)' /tmp/build/perf/libperf.a(libperf-in.o): In function `perf::getModuleFromSource(llvm::SmallVector, llvm::StringRef, llvm::IntrusiveRefCntPtr)': /home/acme/git/linux/tools/perf/util/c++/clang.cpp:68: undefined reference to `clang::CompilerInstance::CompilerInstance(std::shared_ptr, bool)' /home/acme/git/linux/tools/perf/util/c++/clang.cpp:69: undefined reference to `clang::CompilerInstance::createDiagnostics(clang::DiagnosticConsumer*, bool)' After: Makefile.config:807: No suitable libLLVM found, disabling builtin clang and llvm support. Please install llvm-dev(el) (>= 3.9.0) Updating the environment to a locally built LLVM 4.0 + clang 3.9 (forgot to git pull, duh) combo, all works as expected, it is properly detected and built into the resulting perf binary. Signed-off-by: Wang Nan Reported-and-Tested-by: Arnaldo Carvalho de Melo Cc: Alexei Starovoitov Cc: He Kuang Cc: Jiri Olsa Cc: Joe Stringer Cc: Zefan Li Cc: pi3orama@163.com Link: http://lkml.kernel.org/r/20161206072230.7651-1-wangnan0@huawei.com [ Change the warning message a bit (add 'suitable' and 'builtin'), clarifying it, see committer notes above ] Signed-off-by: Arnaldo Carvalho de Melo tools/build/feature/Makefile | 8 ++++++-- tools/build/feature/test-llvm-version.cpp | 11 +++++++++++ tools/build/feature/test-llvm.cpp | 5 +++++ tools/perf/Makefile.config | 8 ++++++-- 4 files changed, 28 insertions(+), 4 deletions(-) commit 8c31f6034b24601721daeb012793641fac079e2e Author: Lucas Stach Date: Wed Nov 30 14:09:56 2016 +0100 drm/panel: simple: Add support for AUO G185HAN01 This adds support for the AU Optronics G185HAN01 18.5" LVDS FullHD TFT LCD panel, which can be supported by the simple panel driver. Signed-off-by: Lucas Stach Signed-off-by: Thierry Reding .../bindings/display/panel/auo,g185han01.txt | 7 +++++ drivers/gpu/drm/panel/panel-simple.c | 32 ++++++++++++++++++++++ 2 files changed, 39 insertions(+) commit 697035c6b8691ad8a937b23115171c2fc9d43d4f Author: Lucas Stach Date: Wed Nov 30 14:09:55 2016 +0100 drm/panel: simple: Add support for AUO G133HAN01 This adds support for the AU Optronics G133HAN01 13.3" LVDS FullHD TFT LCD panel, which can be supported by the simple panel driver. Signed-off-by: Lucas Stach Signed-off-by: Thierry Reding .../bindings/display/panel/auo,g133han01.txt | 7 +++++ drivers/gpu/drm/panel/panel-simple.c | 32 ++++++++++++++++++++++ 2 files changed, 39 insertions(+) commit 18b709beb503bfc9a96a2e4b93d3cae4f5b17df0 Author: Lorenzo Pieralisi Date: Tue Dec 6 14:20:11 2016 +0000 ACPI/IORT: Make dma masks set-up IORT specific The introduction of acpi_dma_configure() allows to configure DMA and related IOMMU for any device that is DMA capable. To achieve that goal it ensures DMA masks are set-up to sane default values before proceeding with IOMMU and DMA ops configuration. On x86/ia64 systems, through acpi_bind_one(), acpi_dma_configure() is called for every device that has an ACPI companion, in that every device is considered DMA capable on x86/ia64 systems (ie acpi_get_dma_attr() API), which has the side effect of initializing dma masks also for pseudo-devices (eg CPUs and memory nodes) and potentially for devices whose dma masks were not set-up before the acpi_dma_configure() API was introduced, which may have noxious side effects. Therefore, in preparation for IORT firmware specific DMA masks set-up, wrap the default DMA masks set-up in acpi_dma_configure() inside an IORT specific wrapper that reverts to a NOP on x86/ia64 systems, restoring the default expected behaviour on x86/ia64 systems and keeping DMA default masks set-up on IORT based (ie ARM) arch configurations. Signed-off-by: Lorenzo Pieralisi Acked-by: Will Deacon Acked-by: Rafael J. Wysocki Reviewed-by: Hanjun Guo Tested-by: Hanjun Guo Cc: Will Deacon Cc: Hanjun Guo Cc: Bjorn Helgaas Cc: Robin Murphy Cc: Tomasz Nowicki Cc: Joerg Roedel Cc: "Rafael J. Wysocki" Cc: Sricharan R Signed-off-by: Joerg Roedel drivers/acpi/arm64/iort.c | 22 ++++++++++++++++++++++ drivers/acpi/scan.c | 14 +------------- include/linux/acpi_iort.h | 2 ++ 3 files changed, 25 insertions(+), 13 deletions(-) commit 4ae13e48686671eff753cdeaea5833dfa1484a4b Author: Lucas Stach Date: Wed Nov 30 14:09:54 2016 +0100 drm/panel: simple: Add more properties to Innolux G121I1-L01 Convert from a single mode to display timings, which allow to describe the minimum/maximium blanking and clock rates, add enable/disable delays and provide the bus format. Signed-off-by: Lucas Stach Signed-off-by: Thierry Reding drivers/gpu/drm/panel/panel-simple.c | 30 +++++++++++++++++------------- 1 file changed, 17 insertions(+), 13 deletions(-) commit cd9e1927a525f6ce7c0d99c6e038f0a0b9e85176 Author: Marc Zyngier Date: Tue Dec 6 15:27:45 2016 +0000 arm64: Work around broken .inst when defective gas is detected .inst being largely broken with older binutils, it'd be better not to emit it altogether when detecting such configuration (as it leads to all kind of horrors when using alternatives). Generalize the __emit_inst macro and use it extensively in asm/sysreg.h, and make it generate a .long when a broken gas is detected. The disassembly will be crap, but at least we can write semi-sane code. Acked-by: Will Deacon Signed-off-by: Marc Zyngier Signed-off-by: Catalin Marinas arch/arm64/include/asm/sysreg.h | 29 +++++++++++++++++++++++++---- 1 file changed, 25 insertions(+), 4 deletions(-) commit bbb56c27228d4ad64aca858c5af49d0f2f11c645 Author: Marc Zyngier Date: Tue Dec 6 15:27:43 2016 +0000 arm64: Add detection code for broken .inst support in binutils Binutils version up to (and including) 2.25 have a pathological behaviour when it comes to mixing .inst directive and arithmetic involving labels. The assembler complains about non-constant expressions and compilation stops pretty quickly. In order to detect this and work around it, let's add a bit of detection code that will set the CONFIG_BROKEN_GAS_INST option should a broken gas be detected. Acked-by: Will Deacon Signed-off-by: Marc Zyngier Signed-off-by: Catalin Marinas arch/arm64/Makefile | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) commit 5466a631b2adf930c065a32432ec360bf5e8b657 Author: zain wang Date: Sat Nov 19 10:27:16 2016 +0800 drm/panel: simple: Add bits-per-component for Sharp LQ123P1JX31 The Sharp LQ123P1JX31 panel support 8 bits per component. Signed-off-by: zain wang Signed-off-by: Thierry Reding drivers/gpu/drm/panel/panel-simple.c | 1 + 1 file changed, 1 insertion(+) commit 230c5b44233ff0543c0b5ccf4ff9400057010fbe Author: Chen-Yu Tsai Date: Mon Oct 24 21:21:15 2016 +0800 drm/panel: simple: Check against num_timings when setting preferred for timing In the loop on .timings, we should check .num_timings to see if it's the only mode specified, not .num_modes, which should be used with .modes. Fixes: cda553725c92 ("drm/panel: simple: Set appropriate mode type") Signed-off-by: Chen-Yu Tsai Signed-off-by: Thierry Reding drivers/gpu/drm/panel/panel-simple.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 2cb35c802ad9541691b893a05cc113f15fd53617 Author: Randy Li Date: Tue Sep 20 03:02:51 2016 +0800 drm/panel: Add support for Chunghwa CLAA070WP03XG panel The Chunghwa CLAA070WP03XG is a 7" 1280x800 panel, which can be supported by the simple panel driver. Signed-off-by: Randy Li Signed-off-by: Thierry Reding .../display/panel/chunghwa,claa070wp03xg.txt | 7 ++++++ drivers/gpu/drm/panel/panel-simple.c | 27 ++++++++++++++++++++++ 2 files changed, 34 insertions(+) commit a297569fe00a8fae18547061d355c45ef191b483 Author: Eric Dumazet Date: Mon Dec 5 09:57:19 2016 -0800 net/udp: do not touch skb->peeked unless really needed In UDP recvmsg() path we currently access 3 cache lines from an skb while holding receive queue lock, plus another one if packet is dequeued, since we need to change skb->next->prev 1st cache line (contains ->next/prev pointers, offsets 0x00 and 0x08) 2nd cache line (skb->len & skb->peeked, offsets 0x80 and 0x8e) 3rd cache line (skb->truesize/users, offsets 0xe0 and 0xe4) skb->peeked is only needed to make sure 0-length packets are properly handled while MSG_PEEK is operated. I had first the intent to remove skb->peeked but the "MSG_PEEK at non-zero offset" support added by Sam Kumar makes this not possible. This patch avoids one cache line miss during the locked section, when skb->len and skb->peeked do not have to be read. It also avoids the skb_set_peeked() cost for non empty UDP datagrams. Signed-off-by: Eric Dumazet Acked-by: Paolo Abeni Signed-off-by: David S. Miller net/core/datagram.c | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) commit e466af66c768a2a89f5359fdb330b93da799cc55 Merge: 2bfcfcd 0855950 Author: David S. Miller Date: Tue Dec 6 10:21:02 2016 -0500 Merge branch 'hix5hd2_gmac-txsg-reset-clock-control' Dongpo Li says: ==================== net: hix5hd2_gmac: add tx sg feature and reset/clock control signals The "hix5hd2" is SoC name, add the generic ethernet driver compatible string. The "hisi-gemac-v1" is the basic version and "hisi-gemac-v2" adds the SG/TXCSUM/TSO/UFO features. This patch set only adds the SG(scatter-gather) driver for transmitting, the drivers of other features will be submitted later. Add the MAC reset control signals and clock signals. We make these signals optional to be backward compatible with the hix5hd2 SoC. Changes in v2: - Make the compatible string changes be a separate patch and the most specific string come first than the generic string as advised by Rob. - Make the MAC reset control signals and clock signals optional to be backward compatible with the hix5hd2 SoC. - Change the compatible string and give the clock a specific name in hix5hd2 dts file. ==================== Signed-off-by: David S. Miller commit 0855950ba580c89da91939bc5a6e0f8b950c9232 Author: Dongpo Li Date: Mon Dec 5 21:28:01 2016 +0800 ARM: dts: hix5hd2: add gmac generic compatible and clock names Add gmac generic compatible and clock names. Signed-off-by: Dongpo Li Signed-off-by: David S. Miller arch/arm/boot/dts/hisi-x5hd2.dtsi | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit 7087140d50fb65b62cb7c691d959a99cb726d2fd Author: Dongpo Li Date: Mon Dec 5 21:28:00 2016 +0800 net: hix5hd2_gmac: add reset control and clock signals Add three reset control signals, "mac_core_rst", "mac_ifc_rst" and "phy_rst". The following diagram explained how the reset signals work. SoC |----------------------------------------------------- | ------ | | | cpu | | | ------ | | | | | ------------ AMBA bus | | GMAC | | | ---------------------- | | ------------- mac_core_rst | -------------- | | | |clock and |-------------->| mac core | | | | |reset | | -------------- | | | |generator |---- | | | | | ------------- | | ---------------- | | | | ---------->| mac interface | | | | | mac_ifc_rst | ---------------- | | | | | | | | | | | ------------------ | | | |phy_rst | | RGMII interface | | | | | | ------------------ | | | | ---------------------- | |----------|------------------------------------------| | | | ---------- |--------------------- |PHY chip | ---------- The "mac_core_rst" represents "mac core reset signal", it resets the mac core including packet processing unit, descriptor processing unit, tx engine, rx engine, control unit. The "mac_ifc_rst" represents "mac interface reset signal", it resets the mac interface. The mac interface unit connects mac core and data interface like MII/RMII/RGMII. After we set a new value of interface mode, we must reset mac interface to reload the new mode value. The "mac_core_rst" and "mac_ifc_rst" are both optional to be backward compatible with the hix5hd2 SoC. The "phy_rst" represents "phy reset signal", it does a hardware reset on the PHY chip. This reset signal is optional if the PHY can work well without the hardware reset. Add one more clock signal, the existing is MAC core clock, and the new one is MAC interface clock. The MAC interface clock is optional to be backward compatible with the hix5hd2 SoC. Signed-off-by: Dongpo Li Signed-off-by: David S. Miller .../bindings/net/hisilicon-hix5hd2-gmac.txt | 20 ++- drivers/net/ethernet/hisilicon/hix5hd2_gmac.c | 139 +++++++++++++++++++-- 2 files changed, 144 insertions(+), 15 deletions(-) commit e5222b1c3f2143a88e660b4faec97d10520d92b3 Author: Dongpo Li Date: Mon Dec 5 21:27:59 2016 +0800 net: hix5hd2_gmac: add tx scatter-gather feature "hisi-gemac-v2" adds the SG/TXCSUM/TSO/UFO features. This patch only adds the SG(scatter-gather) driver for transmitting, the drivers of other features will be submitted later. Signed-off-by: Dongpo Li Signed-off-by: David S. Miller drivers/net/ethernet/hisilicon/hix5hd2_gmac.c | 198 ++++++++++++++++++++++++-- 1 file changed, 187 insertions(+), 11 deletions(-) commit d0fb6ba75dc0dfa604d1579cb747eff2438248f8 Author: Dongpo Li Date: Mon Dec 5 21:27:58 2016 +0800 net: hix5hd2_gmac: add generic compatible string The "hix5hd2" is SoC name, add the generic ethernet driver name. The "hisi-gemac-v1" is the basic version and "hisi-gemac-v2" adds the SG/TXCSUM/TSO/UFO features. Signed-off-by: Dongpo Li Signed-off-by: David S. Miller .../devicetree/bindings/net/hisilicon-hix5hd2-gmac.txt | 9 +++++++-- drivers/net/ethernet/hisilicon/hix5hd2_gmac.c | 15 +++++++++++---- 2 files changed, 18 insertions(+), 6 deletions(-) commit 2bfcfcd3f3ea5d16d15e0382540683994a7a72a0 Author: Stefan Eichenberger Date: Mon Dec 5 14:12:42 2016 +0100 net: dsa: mv88e6xxx: Use EDSA on mv88e6097 Use DSA_TAG_PROTO_EDSA as tag_protocol for the mv88e6097. The initialisation was missing before. Fixes: a1f482aa8c33 ("net: dsa: mv88e6xxx: Move the tagging protocol into info") Signed-off-by: Stefan Eichenberger Reviewed-by: Andrew Lunn Signed-off-by: David S. Miller drivers/net/dsa/mv88e6xxx/chip.c | 1 + 1 file changed, 1 insertion(+) commit 3f731d89e4071086b6d4764ef6ee80c1099c639d Author: Thomas Graf Date: Mon Dec 5 10:30:52 2016 +0100 bpf: add additional verifier tests for BPF_PROG_TYPE_LWT_* - direct packet read is allowed for LWT_* - direct packet write for LWT_IN/LWT_OUT is prohibited - direct packet write for LWT_XMIT is allowed - access to skb->tc_classid is prohibited for LWT_* Signed-off-by: Thomas Graf Acked-by: Daniel Borkmann Acked-by: Alexei Starovoitov Signed-off-by: David S. Miller tools/testing/selftests/bpf/test_verifier.c | 134 ++++++++++++++++++++++++++++ 1 file changed, 134 insertions(+) commit fd7aabb062fa1a8331a786d617744de220eaf002 Author: Haiyang Zhang Date: Fri Dec 2 15:55:38 2016 -0800 tools: hv: Enable network manager for bonding scripts on RHEL We found network manager is necessary on RHEL to make the synthetic NIC, VF NIC bonding operations handled automatically. So, enabling network manager here. Signed-off-by: Haiyang Zhang Reviewed-by: K. Y. Srinivasan Signed-off-by: David S. Miller tools/hv/bondvf.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit c1aee1d828caa86a663c57a56eead7fd5f22d80f Author: Sathyanarayana Nujella Date: Tue Dec 6 07:08:36 2016 -0800 ASoC: Intel: update bxt_da7219_max98357a to support quad ch dmic capture This patch updates FE channel constraints & BE fixup to support quad channel DMIC capture. DMIC pin's BE fixup is configured based on channel input, i.e. either stereo or quad. Signed-off-by: Sathyanarayana Nujella Signed-off-by: Harsha Priya Acked-by: Vinod Koul Signed-off-by: Mark Brown sound/soc/intel/boards/bxt_da7219_max98357a.c | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) commit 34441361c4f52a5f6e41d8de8e5debbeb415dbf0 Author: David Sterba Date: Tue Oct 4 19:34:27 2016 +0200 btrfs: opencode chunk locking, remove helpers The helpers are trivial and we don't use them consistently. Signed-off-by: David Sterba fs/btrfs/disk-io.c | 4 +-- fs/btrfs/extent-tree.c | 8 +++--- fs/btrfs/free-space-cache.c | 4 +-- fs/btrfs/volumes.c | 70 ++++++++++++++++++++++----------------------- fs/btrfs/volumes.h | 10 ------- 5 files changed, 43 insertions(+), 53 deletions(-) commit 3a45bb207ee2c5548ebf6f5fcc7d249e141f15e8 Author: Jeff Mahoney Date: Fri Sep 9 21:39:03 2016 -0400 btrfs: remove root parameter from transaction commit/end routines Now we only use the root parameter to print the root objectid in a tracepoint. We can use the root parameter from the transaction handle for that. It's also used to join the transaction with async commits, so we remove the comment that it's just for checking. Signed-off-by: Jeff Mahoney Signed-off-by: David Sterba fs/btrfs/backref.c | 2 +- fs/btrfs/delayed-inode.c | 4 +-- fs/btrfs/dev-replace.c | 10 +++---- fs/btrfs/disk-io.c | 8 ++--- fs/btrfs/extent-tree.c | 31 ++++++++++--------- fs/btrfs/extent_io.c | 2 +- fs/btrfs/file.c | 20 ++++++------- fs/btrfs/free-space-tree.c | 8 ++--- fs/btrfs/inode.c | 74 +++++++++++++++++++++++----------------------- fs/btrfs/ioctl.c | 65 +++++++++++++++++++--------------------- fs/btrfs/qgroup.c | 8 ++--- fs/btrfs/relocation.c | 30 +++++++++---------- fs/btrfs/root-tree.c | 2 +- fs/btrfs/scrub.c | 9 +++--- fs/btrfs/send.c | 4 +-- fs/btrfs/super.c | 4 +-- fs/btrfs/transaction.c | 59 ++++++++++++++++-------------------- fs/btrfs/transaction.h | 18 +++-------- fs/btrfs/tree-log.c | 4 +-- fs/btrfs/uuid-tree.c | 2 +- fs/btrfs/volumes.c | 33 ++++++++++----------- fs/btrfs/xattr.c | 2 +- 22 files changed, 188 insertions(+), 211 deletions(-) commit bf89d38febaadd5b1da60fed54929cbde65fedf9 Author: Jeff Mahoney Date: Fri Sep 9 20:42:44 2016 -0400 btrfs: split btrfs_wait_marked_extents into normal and tree log functions btrfs_write_and_wait_marked_extents and btrfs_sync_log both call btrfs_wait_marked_extents, which provides a core loop and then handles errors differently based on whether it's it's a log root or not. This means that btrfs_write_and_wait_marked_extents needs to take a root because btrfs_wait_marked_extents requires one, even though it's only used to determine whether the root is a log root. The log root code won't ever call into the transaction commit code using a log root, so we can factor out the core loop and provide the error handling appropriate to each waiter in new routines. This allows us to eventually remove the root argument from btrfs_commit_transaction, and as a result, btrfs_end_transaction. Signed-off-by: Jeff Mahoney Signed-off-by: David Sterba fs/btrfs/transaction.c | 79 +++++++++++++++++++++++++++++++------------------- fs/btrfs/transaction.h | 5 ++-- fs/btrfs/tree-log.c | 14 ++++----- 3 files changed, 58 insertions(+), 40 deletions(-) commit 2ff7e61e0d30ff166a2ae94575526bffe11fd1a8 Author: Jeff Mahoney Date: Wed Jun 22 18:54:24 2016 -0400 btrfs: take an fs_info directly when the root is not used otherwise There are loads of functions in btrfs that accept a root parameter but only use it to obtain an fs_info pointer. Let's convert those to just accept an fs_info pointer directly. Signed-off-by: Jeff Mahoney Signed-off-by: David Sterba fs/btrfs/backref.c | 6 +- fs/btrfs/check-integrity.c | 10 +- fs/btrfs/check-integrity.h | 5 +- fs/btrfs/compression.c | 28 +-- fs/btrfs/ctree.c | 231 ++++++++++--------- fs/btrfs/ctree.h | 131 +++++------ fs/btrfs/delayed-inode.c | 84 +++---- fs/btrfs/delayed-inode.h | 15 +- fs/btrfs/dev-replace.c | 12 +- fs/btrfs/dev-replace.h | 4 +- fs/btrfs/dir-item.c | 31 +-- fs/btrfs/disk-io.c | 186 +++++++-------- fs/btrfs/disk-io.h | 23 +- fs/btrfs/extent-tree.c | 541 ++++++++++++++++++++------------------------ fs/btrfs/extent_io.c | 8 +- fs/btrfs/extent_io.h | 4 +- fs/btrfs/file-item.c | 32 ++- fs/btrfs/file.c | 47 ++-- fs/btrfs/free-space-cache.c | 24 +- fs/btrfs/free-space-cache.h | 4 +- fs/btrfs/inode-item.c | 8 +- fs/btrfs/inode-map.c | 3 +- fs/btrfs/inode.c | 186 +++++++-------- fs/btrfs/ioctl.c | 108 +++++---- fs/btrfs/print-tree.c | 15 +- fs/btrfs/print-tree.h | 4 +- fs/btrfs/props.c | 5 +- fs/btrfs/qgroup.c | 14 +- fs/btrfs/qgroup.h | 2 +- fs/btrfs/raid56.c | 26 +-- fs/btrfs/raid56.h | 8 +- fs/btrfs/reada.c | 8 +- fs/btrfs/relocation.c | 78 ++++--- fs/btrfs/root-tree.c | 2 +- fs/btrfs/scrub.c | 21 +- fs/btrfs/send.c | 5 +- fs/btrfs/super.c | 5 +- fs/btrfs/transaction.c | 172 +++++++------- fs/btrfs/transaction.h | 6 +- fs/btrfs/tree-log.c | 58 +++-- fs/btrfs/uuid-tree.c | 4 +- fs/btrfs/volumes.c | 159 ++++++------- fs/btrfs/volumes.h | 22 +- fs/btrfs/xattr.c | 17 +- 44 files changed, 1119 insertions(+), 1243 deletions(-) commit afdb571890615059ed4f0625209b379aff6cb08d Author: Jeff Mahoney Date: Fri Sep 9 12:09:35 2016 -0400 btrfs: simplify btrfs_wait_cache_io prototype With the exception of the one case where btrfs_wait_cache_io is called without a block group, it's called with the same arguments. The root argument is only used in the special case, so let's factor out the core and simplify the call in the normal case to require a trans, block group, and path. Signed-off-by: Jeff Mahoney Signed-off-by: David Sterba fs/btrfs/extent-tree.c | 15 ++++----------- fs/btrfs/free-space-cache.c | 40 ++++++++++++++++++++++++++++------------ fs/btrfs/free-space-cache.h | 6 ++---- 3 files changed, 34 insertions(+), 27 deletions(-) commit 71ff6437c23643bfc0e8f0015538adefb30eec04 Author: Jeff Mahoney Date: Tue Sep 6 16:00:42 2016 -0400 btrfs: convert extent-tree tracepoints to use fs_info The extent-tree tracepoints all operate on the extent root, regardless of which root is passed in. Let's just use the extent root objectid instead. If it turns out that nobody is depending on the format of this tracepoint, we can drop the root printing entirely. Signed-off-by: Jeff Mahoney Signed-off-by: David Sterba fs/btrfs/extent-tree.c | 17 ++++++++------- include/trace/events/btrfs.h | 49 ++++++++++++++++++++------------------------ 2 files changed, 30 insertions(+), 36 deletions(-) commit ccdf9b305a49875d49dbaec6f8d2440abb0b1994 Author: Jeff Mahoney Date: Wed Jun 22 18:54:23 2016 -0400 btrfs: root->fs_info cleanup, access fs_info->delayed_root directly This results in btrfs_assert_delayed_root_empty and btrfs_destroy_delayed_inode taking an fs_info instead of a root. Signed-off-by: Jeff Mahoney Signed-off-by: David Sterba fs/btrfs/delayed-inode.c | 23 ++++++----------------- fs/btrfs/delayed-inode.h | 4 ++-- fs/btrfs/disk-io.c | 8 ++++---- fs/btrfs/transaction.c | 2 +- 4 files changed, 13 insertions(+), 24 deletions(-) commit 0b246afa62b0cf5b09d078121f543135f28492ad Author: Jeff Mahoney Date: Wed Jun 22 18:54:23 2016 -0400 btrfs: root->fs_info cleanup, add fs_info convenience variables In routines where someptr->fs_info is referenced multiple times, we introduce a convenience variable. This makes the code considerably more readable. Signed-off-by: Jeff Mahoney Signed-off-by: David Sterba fs/btrfs/check-integrity.c | 63 ++-- fs/btrfs/compression.c | 28 +- fs/btrfs/ctree.c | 255 ++++++++------- fs/btrfs/ctree.h | 14 +- fs/btrfs/delayed-inode.c | 37 ++- fs/btrfs/dev-replace.c | 46 +-- fs/btrfs/dir-item.c | 12 +- fs/btrfs/disk-io.c | 268 ++++++++-------- fs/btrfs/export.c | 10 +- fs/btrfs/extent-tree.c | 751 +++++++++++++++++++++++--------------------- fs/btrfs/extent_io.c | 25 +- fs/btrfs/file-item.c | 114 +++---- fs/btrfs/file.c | 132 ++++---- fs/btrfs/free-space-cache.c | 89 +++--- fs/btrfs/free-space-tree.c | 29 +- fs/btrfs/inode-item.c | 3 +- fs/btrfs/inode-map.c | 20 +- fs/btrfs/inode.c | 494 ++++++++++++++++------------- fs/btrfs/ioctl.c | 424 +++++++++++++------------ fs/btrfs/ordered-data.c | 34 +- fs/btrfs/print-tree.c | 8 +- fs/btrfs/qgroup.c | 42 +-- fs/btrfs/raid56.c | 42 ++- fs/btrfs/reada.c | 9 +- fs/btrfs/relocation.c | 128 ++++---- fs/btrfs/root-tree.c | 15 +- fs/btrfs/scrub.c | 80 +++-- fs/btrfs/send.c | 17 +- fs/btrfs/super.c | 112 +++---- fs/btrfs/transaction.c | 331 ++++++++++--------- fs/btrfs/tree-log.c | 117 +++---- fs/btrfs/uuid-tree.c | 7 +- fs/btrfs/volumes.c | 511 +++++++++++++++--------------- 33 files changed, 2251 insertions(+), 2016 deletions(-) commit 6202df6921494f29308307e0ae6f567c2ab2ba19 Author: Jeff Mahoney Date: Wed Jun 22 18:54:22 2016 -0400 btrfs: root->fs_info cleanup, update_block_group{,flags} Signed-off-by: Jeff Mahoney Signed-off-by: David Sterba fs/btrfs/extent-tree.c | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) commit 3796d335356acccd03282547d852f41e48063766 Author: Jeff Mahoney Date: Thu Jun 16 11:30:29 2016 -0400 btrfs: root->fs_info cleanup, lock/unlock_chunks Signed-off-by: Jeff Mahoney Signed-off-by: David Sterba fs/btrfs/disk-io.c | 4 +-- fs/btrfs/extent-tree.c | 8 +++--- fs/btrfs/free-space-cache.c | 4 +-- fs/btrfs/volumes.c | 70 ++++++++++++++++++++++----------------------- fs/btrfs/volumes.h | 8 +++--- 5 files changed, 47 insertions(+), 47 deletions(-) commit 27965b6c2cad220f6c512334665808bf3d895e5e Author: Jeff Mahoney Date: Thu Jun 16 11:07:27 2016 -0400 btrfs: root->fs_info cleanup, btrfs_calc_{trans,trunc}_metadata_size Signed-off-by: Jeff Mahoney Signed-off-by: David Sterba fs/btrfs/ctree.h | 8 ++++---- fs/btrfs/delayed-inode.c | 4 ++-- fs/btrfs/extent-tree.c | 35 +++++++++++++++++++---------------- fs/btrfs/file.c | 4 ++-- fs/btrfs/free-space-cache.c | 4 ++-- fs/btrfs/inode-map.c | 3 ++- fs/btrfs/inode.c | 4 ++-- fs/btrfs/props.c | 2 +- fs/btrfs/transaction.c | 5 +++-- 9 files changed, 37 insertions(+), 32 deletions(-) commit da17066c40472c2d6a1aab7bb0090c3d285531c9 Author: Jeff Mahoney Date: Wed Jun 15 09:22:56 2016 -0400 btrfs: pull node/sector/stripe sizes out of root and into fs_info We track the node sizes per-root, but they never vary from the values in the superblock. This patch messes with the 80-column style a bit, but subsequent patches to factor out root->fs_info into a convenience variable fix it up again. Signed-off-by: Jeff Mahoney Signed-off-by: David Sterba fs/btrfs/backref.c | 2 +- fs/btrfs/check-integrity.c | 12 ++--- fs/btrfs/compression.c | 4 +- fs/btrfs/ctree.c | 78 +++++++++++++++---------------- fs/btrfs/ctree.h | 55 +++++++++++----------- fs/btrfs/dir-item.c | 6 +-- fs/btrfs/disk-io.c | 62 +++++++++++-------------- fs/btrfs/disk-io.h | 3 +- fs/btrfs/extent-tree.c | 84 ++++++++++++++++++---------------- fs/btrfs/extent_io.c | 30 ++++-------- fs/btrfs/extent_io.h | 4 +- fs/btrfs/file-item.c | 59 ++++++++++++------------ fs/btrfs/file.c | 65 ++++++++++++++------------ fs/btrfs/free-space-cache.c | 8 ++-- fs/btrfs/free-space-tree.c | 35 +++++++------- fs/btrfs/inode.c | 73 ++++++++++++++++------------- fs/btrfs/ioctl.c | 16 ++++--- fs/btrfs/ordered-data.c | 4 +- fs/btrfs/ordered-data.h | 4 +- fs/btrfs/print-tree.c | 2 +- fs/btrfs/qgroup.c | 10 ++-- fs/btrfs/raid56.c | 2 +- fs/btrfs/reada.c | 8 ++-- fs/btrfs/relocation.c | 39 ++++++++-------- fs/btrfs/scrub.c | 30 ++++++------ fs/btrfs/send.c | 7 +-- fs/btrfs/super.c | 2 +- fs/btrfs/tests/btrfs-tests.c | 13 ++++-- fs/btrfs/tests/btrfs-tests.h | 4 +- fs/btrfs/tests/extent-buffer-tests.c | 7 ++- fs/btrfs/tests/extent-io-tests.c | 5 +- fs/btrfs/tests/free-space-tests.c | 18 ++++---- fs/btrfs/tests/free-space-tree-tests.c | 9 ++-- fs/btrfs/tests/inode-tests.c | 16 +++---- fs/btrfs/tests/qgroup-tests.c | 11 ++--- fs/btrfs/transaction.c | 4 +- fs/btrfs/tree-log.c | 12 +++-- fs/btrfs/volumes.c | 41 +++++++++-------- fs/btrfs/xattr.c | 2 +- 39 files changed, 432 insertions(+), 414 deletions(-) commit f15376df0dc2b632eb689793a73d4adba8404987 Author: Jeff Mahoney Date: Wed Jun 22 18:56:18 2016 -0400 btrfs: root->fs_info cleanup, io_ctl_init The io_ctl->root member was only being used to access root->fs_info. Signed-off-by: Jeff Mahoney Signed-off-by: David Sterba fs/btrfs/ctree.h | 2 +- fs/btrfs/free-space-cache.c | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) commit fb456252d3d9c05dfad09b603868e1ef9097a220 Author: Jeff Mahoney Date: Wed Jun 22 18:54:56 2016 -0400 btrfs: root->fs_info cleanup, use fs_info->dev_root everywhere Signed-off-by: Jeff Mahoney Signed-off-by: David Sterba fs/btrfs/check-integrity.c | 2 +- fs/btrfs/disk-io.c | 4 +-- fs/btrfs/extent-tree.c | 2 +- fs/btrfs/scrub.c | 86 +++++++++++++++++++++++----------------------- fs/btrfs/volumes.c | 41 +++++++++++----------- fs/btrfs/volumes.h | 3 +- 6 files changed, 68 insertions(+), 70 deletions(-) commit c28f158e5ee78621ae693b8b18a9b89c7695af40 Author: Jeff Mahoney Date: Wed Jun 22 18:56:44 2016 -0400 btrfs: struct reada_control.root -> reada_control.fs_info The root is never used. We substitute extent_root in for the reada_find_extent call, since it's only ever used to obtain the node size. This call site will be changed to use fs_info in a later patch. Signed-off-by: Jeff Mahoney Signed-off-by: David Sterba fs/btrfs/ctree.h | 2 +- fs/btrfs/reada.c | 13 +++++++------ 2 files changed, 8 insertions(+), 7 deletions(-) commit de143792253e244322dfe19410db5294d62571ff Author: Jeff Mahoney Date: Wed Jun 22 18:54:36 2016 -0400 btrfs: struct btrfsic_state->root should be an fs_info The root member is never used except for obtaining an fs_info pointer. Signed-off-by: Jeff Mahoney Signed-off-by: David Sterba fs/btrfs/check-integrity.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) commit 2b2e27eb9230686a0e8d933b2933327a5c88671a Author: Jeff Mahoney Date: Wed Jun 22 18:54:27 2016 -0400 btrfs: alloc_reserved_file_extent trace point should use extent_root Even though a separate root is passed in, we're still operating on the extent root. Let's use that for the trace point. Signed-off-by: Jeff Mahoney Signed-off-by: David Sterba fs/btrfs/extent-tree.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 5112febbc772830f8b1a981570d75c8cb4b93a36 Author: Jeff Mahoney Date: Tue Jun 21 20:16:08 2016 -0400 btrfs: btrfs_init_new_device should use fs_info->dev_root btrfs_init_new_device only uses the root passed in via the ioctl to start the transaction. Nothing else that happens is related to whatever root the user used to initiate the ioctl. We can drop the root requirement and just use fs_info->dev_root instead. Signed-off-by: Jeff Mahoney Signed-off-by: David Sterba fs/btrfs/ioctl.c | 2 +- fs/btrfs/volumes.c | 3 ++- fs/btrfs/volumes.h | 2 +- 3 files changed, 4 insertions(+), 3 deletions(-) commit 6bccf3ab1e1f0913268bfcd1c09cadb1f4f2857d Author: Jeff Mahoney Date: Tue Jun 21 21:16:51 2016 -0400 btrfs: call functions that always use the same root with fs_info instead There are many functions that are always called with the same root argument. Rather than passing the same root every time, we can pass an fs_info pointer instead and have the function get the root pointer itself. Signed-off-by: Jeff Mahoney Signed-off-by: David Sterba fs/btrfs/ctree.h | 16 +++++++-------- fs/btrfs/disk-io.c | 44 +++++++++++++++++++++-------------------- fs/btrfs/disk-io.h | 4 ++-- fs/btrfs/extent-tree.c | 20 ++++++++++--------- fs/btrfs/inode.c | 6 +++--- fs/btrfs/ioctl.c | 18 ++++++++--------- fs/btrfs/relocation.c | 4 ++-- fs/btrfs/root-tree.c | 9 ++++++--- fs/btrfs/super.c | 13 ++++++------ fs/btrfs/transaction.c | 6 +++--- fs/btrfs/uuid-tree.c | 10 ++++++---- fs/btrfs/volumes.c | 47 ++++++++++++++++++++++++-------------------- fs/btrfs/volumes.h | 4 ++-- include/trace/events/btrfs.h | 16 +++++++-------- 14 files changed, 115 insertions(+), 102 deletions(-) commit 5b4aacefb8fbfc996e68b9b083d30f8bc0972449 Author: Jeff Mahoney Date: Tue Jun 21 10:40:19 2016 -0400 btrfs: call functions that overwrite their root parameter with fs_info There are 11 functions that accept a root parameter and immediately overwrite it. We can pass those an fs_info pointer instead. Signed-off-by: Jeff Mahoney Signed-off-by: David Sterba fs/btrfs/ctree.h | 4 ++-- fs/btrfs/disk-io.c | 4 ++-- fs/btrfs/extent-tree.c | 17 +++++++------- fs/btrfs/file-item.c | 5 ++-- fs/btrfs/free-space-cache.c | 5 ++-- fs/btrfs/free-space-cache.h | 2 +- fs/btrfs/transaction.c | 9 ++++---- fs/btrfs/tree-log.c | 6 ++--- fs/btrfs/volumes.c | 56 ++++++++++++++++++++------------------------- fs/btrfs/volumes.h | 4 ++-- 10 files changed, 52 insertions(+), 60 deletions(-) commit d65cfe9094ba66b8a3c7b80823ba9229759b119d Merge: 6e85eaf 475d0fe Author: Jens Axboe Date: Tue Dec 6 08:06:19 2016 -0700 Merge branch 'nvmf-4.10' of git://git.infradead.org/nvme-fabrics into for-4.10/block Sagi writes: The major addition here is the nvme FC transport implementation from James. What else: - some cleanups and memory leak fixes in the host side fabrics code from Bart - possible rcu violation fix from Sasha - logging change from Max - small include cleanup commit 5f1516d52f9287a94dc3b9d57c370ed01802a911 Author: John Hsu Date: Fri Dec 2 09:48:58 2016 +0800 ASoC: nau8825: disable sinc filter for high THD of ADC This bit will enable 4th order SINC filter. =1, filter will enable; but it consumes higher power. =0, the sinc filter is disable, and it should always keep 0 value to get high THD. Therefor, disable the filter when codec initiation for better performance when recording. Signed-off-by: John Hsu Signed-off-by: Mark Brown sound/soc/codecs/nau8825.c | 3 ++- sound/soc/codecs/nau8825.h | 2 ++ 2 files changed, 4 insertions(+), 1 deletion(-) commit 475d0fe795516a9b9f286a851c3972fd8831c643 Author: James Smart Date: Fri Dec 2 00:28:44 2016 -0800 nvme-fabrics: Add FC LLDD loopback driver to test FC-NVME Add FC LLDD loopback driver to test FC host and target transport within nvme-fabrics To aid in the development and testing of the lower-level api of the FC transport, this loopback driver has been created to act as if it were a FC hba driver supporting both the host interfaces as well as the target interfaces with the nvme FC transport. Signed-off-by: James Smart Reviewed-by: Jay Freyensee Reviewed-by: Johannes Thumshirn Signed-off-by: Christoph Hellwig MAINTAINERS | 1 + drivers/nvme/target/Kconfig | 13 + drivers/nvme/target/Makefile | 2 + drivers/nvme/target/fcloop.c | 1148 ++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 1164 insertions(+) commit 57d1da871b85c3a79e070d5cfc5ccb554ed839c4 Merge: ffcb09f e34af78 Author: Radim Krčmář Date: Tue Dec 6 14:49:05 2016 +0100 Merge branch 'kvm-ppc-next' of git://git.kernel.org/pub/scm/linux/kernel/git/paulus/powerpc Eliminate merge conflict between 9e5f68842276 and ebe4535fbe7a. commit 9e22ff439fa2e1201b168c001683f275afd46258 Author: Mauro Carvalho Chehab Date: Tue Dec 6 10:51:51 2016 -0200 Update Documentation/00-INDEX Em Mon, 5 Dec 2016 14:23:01 -0700 Jonathan Corbet escreveu: > On Mon, 5 Dec 2016 09:41:40 -0200 > Mauro Carvalho Chehab wrote: > > > So, in order to check it, I wrote a small script that compares the files > > and directories at Documentation/ with the ones at 00-INDEX. > > > > Then, I synchronized the entries, making the script happy. > > > > We might think on integrating the script with checkpatch.pl, but, as > > we should get rid of 00-INDEX, it probably not worth the efforts. > > I would agree with that; I don't see the point of keeping those files > around in the longer term. > > I've applied the set. I do have a few quibbles with the final patch that > I'll send separately, but they're not something to hold this set up for. Jon, Did a patch fixing the quibbles. As it seems you didn't push yet the changeset upstream, feel free to just fold it with patch 5/5 if you prefer so, or to add as a separate patch at the end of the series. Patch enclosed. Thanks, Mauro [PATCH] docs: 00-INDEX: change text related to the building system Let be clearer on those files related to the build system. Signed-off-by: Mauro Carvalho Chehab Signed-off-by: Jonathan Corbet Documentation/00-INDEX | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) commit fd1a5059610cd3887f1050171a840ca864108730 Author: Andreas Pape Date: Tue Dec 6 14:46:14 2016 +0900 ALSA: usb-audio: more tolerant packetsize since commit 57e6dae1087b ("ALSA: usb-audio: do not trust too-big wMaxPacketSize values"), the expected packetsize is always limited to nominal + 25%. It was discovered, that some devices (Android audio accessory) have a much higher jitter in used packetsizes than 25% which would result in BABBLE condition and dropping of packets. A better solution is so assume the jitter to be the nominal packetsize: -one nearly empty packet followed by a almost 150% sized one. V2: changed to assume max frequency is +50 of nominal packetsize. Signed-off-by: Andreas Pape Signed-off-by: Jiada Wang Acked-by: Clemens Ladisch Signed-off-by: Takashi Iwai sound/usb/endpoint.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 1e2e3fe480064ca33186e5a923beaa160efed35d Author: Daniel Girnus Date: Tue Dec 6 14:46:15 2016 +0900 ALSA: usb-audio: avoid setting of sample rate multiple times on bus Some of userland applications call 'snd_pcm_hw_params()' and 'snd_pcm_hw_prepare()' sequentially, which means 'snd_pcm_hw_prepare()' is called twice and the second 'snd_pcm_hw_prepare()' is called in 'SNDRV_PCM_STATE_PREPARED' state. Some devices are not able to manage this and they will stop playback if the sample rate will be configured several times over USB protocol. V2: updated Changelog Signed-off-by: Daniel Girnus Signed-off-by: Jens Lorenz Signed-off-by: Jiada Wang Signed-off-by: Takashi Iwai sound/usb/pcm.c | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) commit 1fe7841d892925aff10c3b070937e974d7835d2b Author: Chris Wilson Date: Tue Dec 6 11:37:15 2016 +0000 drm: Don't block the kworker waiting for mode_config.mutex in output_poll() If we cannot acquire the mode_config.mutex immediately, just back off and queue a new attempt after the poll interval. This is mostly to stop the hung task spam when the system is deadlocked, but it will also lessen the load (in such extreme cases). Signed-off-by: Chris Wilson Reviewed-by: Eric Engestrom [danvet:s/lock/mutex/ per Eric's comment.] Signed-off-by: Daniel Vetter Link: http://patchwork.freedesktop.org/patch/msgid/20161206113715.30382-1-chris@chris-wilson.co.uk drivers/gpu/drm/drm_probe_helper.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) commit d5264ed3823abb0513cbdc5dd7444d4f61954409 Author: Michel Dänzer Date: Thu Dec 1 16:37:31 2016 +0900 drm: Return -ENOTSUPP when called for KMS cap with a non-KMS driver This is an attempt to make the previous fix a bit more robust going forward. v2: * Only allow DRM_CAP_TIMESTAMP_MONOTONIC with UMS drivers (Daniel Vetter, Alex Deucher) * Different logic to keep DRM_CAP_TIMESTAMP_MONOTONIC separate from the other caps (Daniel Vetter) Signed-off-by: Michel Dänzer Reviewed-by: Alex Deucher Signed-off-by: Daniel Vetter Link: http://patchwork.freedesktop.org/patch/msgid/20161201073731.5716-1-michel@daenzer.net drivers/gpu/drm/drm_ioctl.c | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) commit 914657c2be09fb89a50c7841e98186301c93767e Author: Axel Lin Date: Sat Dec 3 15:10:50 2016 +0800 ASoC: cs35l34: Simplify the logic to set CS35L34_MCLK_CTL setting The logic of "value = ~CS35L34_MCLK_DIV & CS35L34_MCLK_RATE_XXXXXX;" is unnecessary complex. By setting CS35L34_MCLK_DIV | CS35L34_MCLK_RATE_MASK as the mask for regmap_update_bits() call, what the code does is exactly the same as setting value = CS35L34_MCLK_RATE_XXXXXX. Signed-off-by: Axel Lin Acked-by: Paul Handrigan Signed-off-by: Mark Brown sound/soc/codecs/cs35l34.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit df2f3c48b9cd51e2612a1598342769d09d849f39 Author: Jagan Teki Date: Fri Sep 23 15:18:33 2016 +0530 arm: dts: zynq: Add MicroZed board support Added basic dts support for MicroZed board. - UART - SDHCI - Ethernet Cc: Soren Brinkmann Cc: Michal Simek Signed-off-by: Jagan Teki Signed-off-by: Michal Simek arch/arm/boot/dts/Makefile | 1 + arch/arm/boot/dts/zynq-microzed.dts | 96 +++++++++++++++++++++++++++++++++++++ 2 files changed, 97 insertions(+) commit f73cd43ac3b41c0f09a126387f302bbc0d9c726d Author: Takashi Iwai Date: Tue Dec 6 11:55:17 2016 +0100 ALSA: hda - Gate the mic jack on HP Z1 Gen3 AiO HP Z1 Gen3 AiO with Conexant codec doesn't give an unsolicited event to the headset mic pin upon the jack plugging, it reports only to the headphone pin. It results in the missing mic switching. Let's fix up by simply gating the jack event. Cc: Signed-off-by: Takashi Iwai sound/pci/hda/patch_conexant.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) commit 2eb72d4b790c0798d077cd69739350e10288dbf1 Author: Alex Fluter Date: Sat Dec 3 12:34:41 2016 -0800 Tools: hv: kvp: configurable external scripts path error when running hypervkvpd: $ sudo ./hv_kvp_daemon -n sh: hv_get_dns_info: command not found sh: hv_get_dhcp_info: command not found sh: hv_get_dns_info: command not found sh: hv_get_dhcp_info: command not found The external scripts are not installed in system path, adding a configurable macro. Signed-off-by: Alex Fluter Signed-off-by: K. Y. Srinivasan Signed-off-by: Greg Kroah-Hartman tools/hv/hv_kvp_daemon.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) commit 95096f2fbd10186d3e78a328b327afc71428f65f Author: Stephen Hemminger Date: Sat Dec 3 12:34:40 2016 -0800 uio-hv-generic: new userspace i/o driver for VMBus This is a new driver to enable userspace networking on VMBus. It is based largely on the similar driver that already exists for PCI, and earlier work done by Brocade to support DPDK. Signed-off-by: Stephen Hemminger Signed-off-by: K. Y. Srinivasan Signed-off-by: Greg Kroah-Hartman MAINTAINERS | 1 + drivers/hv/connection.c | 1 + drivers/uio/Kconfig | 9 ++ drivers/uio/Makefile | 1 + drivers/uio/uio_hv_generic.c | 218 +++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 230 insertions(+) commit fc76936d3ea5720a6e0948a08381b803a68deb28 Author: Stephen Hemminger Date: Sat Dec 3 12:34:39 2016 -0800 vmbus: add support for dynamic device id's This patch adds sysfs interface to dynamically bind new UUID values to existing VMBus device. This is useful for generic UIO driver to act similar to uio_pci_generic. Signed-off-by: Stephen Hemminger Signed-off-by: K. Y. Srinivasan Signed-off-by: Greg Kroah-Hartman drivers/hv/vmbus_drv.c | 174 ++++++++++++++++++++++++++++++++++++++++++++++--- include/linux/hyperv.h | 6 ++ 2 files changed, 172 insertions(+), 8 deletions(-) commit 6ffc4b85358f6b7d252420cfa5862312cf5f83d8 Author: Vitaly Kuznetsov Date: Sat Dec 3 12:34:35 2016 -0800 hv: change clockevents unbind tactics To get prepared to CPU offlining support we need co change the way how we unbind clockevent devices. As one CPU may go online/offline multiple times we need to bind it in hv_synic_init() and unbind it in hv_synic_cleanup(). There is an additional corner case: when we unload the module completely we need to switch to some other clockevent mechanism before stopping VMBus or we will hang. We can't call hv_synic_cleanup() before unloading VMBus as we won't be able to send UNLOAD request and get a response so hv_synic_clockevents_cleanup() has to live. Luckily, we can always call clockevents_unbind_device(), even if it wasn't bound before and there is no issue if we call it twice. Signed-off-by: Vitaly Kuznetsov Signed-off-by: K. Y. Srinivasan Signed-off-by: Greg Kroah-Hartman drivers/hv/hv.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit abd1026da4a7700a8db370947f75cd17b6ae6f76 Author: Vitaly Kuznetsov Date: Sat Dec 3 12:34:32 2016 -0800 hv: acquire vmbus_connection.channel_mutex in vmbus_free_channels() "kernel BUG at drivers/hv/channel_mgmt.c:350!" is observed when hv_vmbus module is unloaded. BUG_ON() was introduced in commit 85d9aa705184 ("Drivers: hv: vmbus: add an API vmbus_hvsock_device_unregister()") as vmbus_free_channels() codepath was apparently forgotten. Fixes: 85d9aa705184 ("Drivers: hv: vmbus: add an API vmbus_hvsock_device_unregister()") Signed-off-by: Vitaly Kuznetsov Signed-off-by: K. Y. Srinivasan Cc: Signed-off-by: Greg Kroah-Hartman drivers/hv/channel_mgmt.c | 2 ++ 1 file changed, 2 insertions(+) commit f45be72c8ec0b85263d1fe1e6c681d8c87e198e6 Author: Haiyang Zhang Date: Sat Dec 3 12:34:29 2016 -0800 hyperv: Fix spelling of HV_UNKOWN Changed it to HV_UNKNOWN Signed-off-by: Haiyang Zhang Signed-off-by: K. Y. Srinivasan Signed-off-by: Greg Kroah-Hartman drivers/hv/channel_mgmt.c | 6 +++--- include/linux/hyperv.h | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) commit 076802d0061520bc646ee121fe0f34fce6c55a93 Author: Alexander Usyskin Date: Sat Dec 3 00:15:25 2016 +0200 mei: bus: enable non-blocking RX Enable non-blocking receive for drivers on mei bus, this allows checking for data availability by mei client drivers. This is most effective for fixed address clients, that lacks flow control. This function adds new API function mei_cldev_recv_nonblock(), it retuns -EGAIN if function will block. Signed-off-by: Alexander Usyskin Signed-off-by: Tomas Winkler Signed-off-by: Greg Kroah-Hartman drivers/misc/mei/bus-fixup.c | 4 ++-- drivers/misc/mei/bus.c | 31 +++++++++++++++++++++++++++++-- drivers/misc/mei/mei_dev.h | 7 ++++++- include/linux/mei_cl_bus.h | 6 ++++-- 4 files changed, 41 insertions(+), 7 deletions(-) commit a2eb0fc07f4d4f3b2eb2b1b1b72de738d4b9e003 Author: Alexander Usyskin Date: Sun Dec 4 15:22:59 2016 +0200 mei: fix the back to back interrupt handling Since the newer HW sports two interrupts causes we cannot just simply acknowledge the interrupts directly in the quick handler and store the cause in the member variable, as the cause will be overridden upon next interrupt while the interrupt thread was not yet scheduled handling the previous interrupt. The simple fix is to disable interrupts in quick handler and acknowledge and enabled them in the interrupt thread. Signed-off-by: Alexander Usyskin Signed-off-by: Tomas Winkler Signed-off-by: Greg Kroah-Hartman drivers/misc/mei/hw-me.c | 67 ++++++++++++++++++++++++++++++++++++------------ drivers/misc/mei/hw-me.h | 2 -- 2 files changed, 50 insertions(+), 19 deletions(-) commit 4a8efd4a1a9593a11c808da94e6609f6d4ee7276 Author: Tomas Winkler Date: Sun Dec 4 15:22:58 2016 +0200 mei: synchronize irq before initiating a reset. We need to synchronize irqs before issuing reset to make sure that the clients communication is concluded and doesn't leak to the reset flow and confusing the state machine. This issue is happening during suspend/resume stress testing. Signed-off-by: Tomas Winkler Signed-off-by: Greg Kroah-Hartman drivers/misc/mei/hw-me.c | 13 +++++++++++++ drivers/misc/mei/hw-txe.c | 15 ++++++++++++++- drivers/misc/mei/init.c | 6 ++++-- drivers/misc/mei/mei_dev.h | 8 +++++++- 4 files changed, 38 insertions(+), 4 deletions(-) commit 8d7cc7adcec55bfeb28cc2dc58b996c95f180337 Author: Martyn Welch Date: Sat Dec 3 23:45:01 2016 +0000 VME: Remove shutdown entry from vme_driver The vme_driver structure currently has a "shutdown" entry. This entry is never used, it lacks the correct parameter (it should be providing a pointer to the relevant vme_dev struct to even *look* usable), the VME subsystem currently doesn't provide support for shutdown functions and no in-tree drivers use it (hardly surprising, given it'd never be called). Remove the entry from vme_driver to avoid confusion. Signed-off-by: Martyn Welch Signed-off-by: Greg Kroah-Hartman include/linux/vme.h | 1 - 1 file changed, 1 deletion(-) commit 4ec941d68c2cd8db5c6f7c2fab0f47a352f6b204 Author: Alexander Zarochentsev Date: Fri Dec 2 19:53:29 2016 -0500 staging: lustre: libcfs: remove lnet upcall code Removing lnet upcall infrastructure completely as nobody uses it anymore. The upcall causes a delay before calling BUG() and might even cause a hang making getting a crash dump unreliable or containing outdated info. Signed-off-by: Alexander Zarochentsev Intel-bug-id: https://jira.hpdd.intel.com/browse/LU-8418 Seagate-bug-id: MRP-2939 Reviewed-on: http://review.whamcloud.com/21440 Reviewed-by: Andreas Dilger Reviewed-by: James Simmons Reviewed-by: Oleg Drokin Signed-off-by: James Simmons Signed-off-by: Greg Kroah-Hartman .../staging/lustre/include/linux/libcfs/libcfs.h | 1 - .../lustre/include/linux/libcfs/libcfs_private.h | 2 - .../staging/lustre/lnet/libcfs/linux/linux-debug.c | 54 ---------------------- drivers/staging/lustre/lnet/libcfs/module.c | 8 ---- 4 files changed, 65 deletions(-) commit 989a0d7dfe7726f795b9de623b6906b5da09a076 Author: Yang Sheng Date: Fri Dec 2 19:53:28 2016 -0500 staging: lustre: remove set but unused variables Remove set but unused variables in nidstring.c and osc_request.c as reported by make W=1. Signed-off-by: Yang Sheng Intel-bug-id: https://jira.hpdd.intel.com/browse/LU-8378 Reviewed-on: http://review.whamcloud.com/23221 Reviewed-by: Bob Glossman Reviewed-by: Emoly Liu Reviewed-by: Oleg Drokin Signed-off-by: James Simmons Signed-off-by: Greg Kroah-Hartman drivers/staging/lustre/lnet/lnet/nidstrings.c | 2 -- drivers/staging/lustre/lustre/osc/osc_request.c | 3 +-- 2 files changed, 1 insertion(+), 4 deletions(-) commit 923dc82c61e8943f361fbbecc0af98ff9b361abf Author: Jinshan Xiong Date: Fri Dec 2 19:53:27 2016 -0500 staging: lustre: osc: set lock data for readahead lock If osc_io_readahead() finds a lock that belongs to the previous instance of osc_object, the lock data pointer will be null. It has to instantiate with new instance otherwise those pages won't be destroyed at lock cancel, and then finally hit the assertion in osc_req_attr_set(). This patch revised dlmlock_at_pgoff() to call osc_match_base() to find caching locks for readahead. And new osc_object will be set to the lock if it doesn't have one yet. Signed-off-by: Jinshan Xiong Intel-bug-id: https://jira.hpdd.intel.com/browse/LU-8005 Reviewed-on: http://review.whamcloud.com/19453 Reviewed-by: Bobi Jam Reviewed-by: John L. Hammond Reviewed-by: Oleg Drokin Signed-off-by: James Simmons Signed-off-by: Greg Kroah-Hartman drivers/staging/lustre/lustre/osc/osc_io.c | 1 + drivers/staging/lustre/lustre/osc/osc_lock.c | 7 ++-- drivers/staging/lustre/lustre/osc/osc_request.c | 49 +++++++------------------ 3 files changed, 18 insertions(+), 39 deletions(-) commit 29bdcd6725a88c267167066db33ae663ed568331 Author: Mikhal Pershin Date: Fri Dec 2 19:53:25 2016 -0500 staging: lustre: import: don't reconnect during connect interpret The import connect flags might be cleared by ptlrpc_connect_import() wrongly if there is still connect interpret function is running. Use imp_connected boolean variable to indicate that we are still interpretting connect reply and don't try to reconnect until it ends. Signed-off-by: Mikhal Pershin Intel-bug-id: https://jira.hpdd.intel.com/browse/LU-7558 Reviewed-on: http://review.whamcloud.com/19312 Reviewed-by: John L. Hammond Reviewed-by: Oleg Drokin Signed-off-by: James Simmons Signed-off-by: Greg Kroah-Hartman drivers/staging/lustre/lustre/include/lustre_import.h | 4 +++- drivers/staging/lustre/lustre/ptlrpc/import.c | 16 +++++++++++++++- 2 files changed, 18 insertions(+), 2 deletions(-) commit 9fd14479a6d8dc22bb3802686a8a44cde1d4aae9 Author: Bobi Jam Date: Fri Dec 2 19:53:24 2016 -0500 staging: lustre: clio: remove mtime check in vvp_io_fault_start() In fault IO initialization, inode's mtime is saved, and after getting locks, when the IO is about to start, vvp_io_fault_start() checks the mtime's intactness. It's a false alarm, since the timestamp from MDS could be stale, we maintain mtime mainly on OST objects, and if the check in vvp_io_fault_start() happens before mtime on OST objects are merged, it will get wrong timestamp from the inode, even the timestamp it fetched in vvp_io_fault_init() could be wrong in the first place. This patch remove the mtime check in vvp_io_fault_start(). Signed-off-by: Bobi Jam Intel-bug-id: https://jira.hpdd.intel.com/browse/LU-7198 Reviewed-on: http://review.whamcloud.com/19162 Reviewed-by: Andreas Dilger Reviewed-by: Jinshan Xiong Signed-off-by: James Simmons Signed-off-by: Greg Kroah-Hartman drivers/staging/lustre/lustre/llite/vvp_io.c | 6 ------ 1 file changed, 6 deletions(-) commit db2472b0b64cc8531a0e0f0148645f9841bd1f27 Author: Yang Sheng Date: Fri Dec 2 19:53:23 2016 -0500 staging: lustre: llite: Invoke file_update_time in page_mkwrite Only update file times if page_mkwrite is not set. So we need call file_update_time by ourselves. Signed-off-by: Yang Sheng Intel-bug-id: https://jira.hpdd.intel.com/browse/LU-1118 Reviewed-on: http://review.whamcloud.com/18683 Reviewed-by: Andreas Dilger Reviewed-by: Niu Yawei Reviewed-by: Oleg Drokin Signed-off-by: James Simmons Signed-off-by: Greg Kroah-Hartman drivers/staging/lustre/lustre/llite/llite_mmap.c | 1 + 1 file changed, 1 insertion(+) commit 5965de814e918035ebf1c1e95388febb9c86e5fb Author: Jinshan Xiong Date: Fri Dec 2 19:53:22 2016 -0500 staging: lustre: rpc: increase bulk size To make the ptlrpc be able to size 16MB IO Signed-off-by: Jinshan Xiong Signed-off-by: Gu Zheng Intel-bug-id: https://jira.hpdd.intel.com/browse/LU-7990 Reviewed-on: http://review.whamcloud.com/19366 Reviewed-by: Oleg Drokin Signed-off-by: James Simmons Signed-off-by: Greg Kroah-Hartman drivers/staging/lustre/lustre/include/lustre/lustre_idl.h | 6 +++++- drivers/staging/lustre/lustre/include/lustre_net.h | 8 ++++++-- drivers/staging/lustre/lustre/ptlrpc/wiretest.c | 2 ++ 3 files changed, 13 insertions(+), 3 deletions(-) commit 3c8fb1b105cd48b1a509d83206bffa356afe359d Author: Fan Yong Date: Fri Dec 2 19:53:20 2016 -0500 staging: lustre: statahead: set sai_index_wait with lli_sa_lock held It is the sponsor thread of the statahead thread to update the sai::sai_index_wait. Originally, it didn't hold the lli_sa_lock when did that. Becuase of out-of-order execution others may miss to wakeup such thread. On the other hand, if the statahead RPC gets failure, it should wakeup the sponsor thread, not the statahead thread. Signed-off-by: Li Xi Signed-off-by: Fan Yong Intel-bug-id: https://jira.hpdd.intel.com/browse/LU-7828 Reviewed-on: http://review.whamcloud.com/18499 Reviewed-by: Lai Siyao Reviewed-by: Andreas Dilger Reviewed-by: Oleg Drokin Signed-off-by: James Simmons Signed-off-by: Greg Kroah-Hartman drivers/staging/lustre/lustre/llite/statahead.c | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) commit 817990ba1a1545875fed01a9014ac7f78dedf16d Author: Li Dongyang Date: Fri Dec 2 19:53:17 2016 -0500 staging: lustre: obdclass: limit lu_site hash table size on clients Allocating a big hash table using the current formula does not really work for clients. We will create new hash table for each mount on a single client which is a lot of memory more than expected. This patch limits the hash table up to 8M for clients, which has 524288 entries. Signed-off-by: Li Dongyang Intel-bug-id: https://jira.hpdd.intel.com/browse/LU-7689 Reviewed-on: http://review.whamcloud.com/18048 Reviewed-by: Fan Yong Reviewed-by: Alex Zhuravlev Reviewed-by: Oleg Drokin Signed-off-by: James Simmons Signed-off-by: Greg Kroah-Hartman drivers/staging/lustre/lustre/obdclass/lu_object.c | 4 ++++ 1 file changed, 4 insertions(+) commit bfb9944c215d1207bae47b53ddc5900c8d570007 Author: Wally Wang Date: Fri Dec 2 19:53:16 2016 -0500 staging: lustre: llite: Add client mount opt to ignore suppress_pings When Lustre servers enable 'suppress_pings', all clients will stop pinging. However, some clients may not have external mechanism to notify Lustre servers for node death and therefore need to preserve the Lustre ping. This patch provides a mount option 'always_ping' so that the client will not stop pinging even if the server has enabled 'suppress_pings'. Signed-off-by: Wally Wang Intel-bug-id: https://jira.hpdd.intel.com/browse/LU-6391 Reviewed-on: http://review.whamcloud.com/14127 Reviewed-by: Li Wei Reviewed-by: Chris Horn Reviewed-by: Lai Siyao Reviewed-by: Oleg Drokin Signed-off-by: James Simmons Signed-off-by: Greg Kroah-Hartman drivers/staging/lustre/lustre/llite/llite_internal.h | 3 +++ drivers/staging/lustre/lustre/llite/llite_lib.c | 16 ++++++++++++++++ 2 files changed, 19 insertions(+) commit 3c092fdbdb5f935a3e96f17ebda8f0f9886d8a24 Author: Jinshan Xiong Date: Fri Dec 2 19:53:15 2016 -0500 staging: lustre: clio: revise read ahead algorithm ras_window_len should only be updated in ras_update() by read pattern and it can't be adjusted in ll_readahead() at all; ras_consecutive_pages is used to detect read pattern from mmap. It will be used to increase read ahead window length gradually. Signed-off-by: Jinshan Xiong Intel-bug-id: https://jira.hpdd.intel.com/browse/LU-5505 Reviewed-on: http://review.whamcloud.com/11528 Reviewed-by: John L. Hammond Reviewed-by: Bobi Jam Reviewed-by: Oleg Drokin Signed-off-by: James Simmons Signed-off-by: Greg Kroah-Hartman .../staging/lustre/lustre/llite/llite_internal.h | 5 +- drivers/staging/lustre/lustre/llite/rw.c | 71 ++++++++++++---------- 2 files changed, 43 insertions(+), 33 deletions(-) commit 8655818239762eddcbf99885224b1e3a10a68639 Author: Alex Zhuravlev Date: Fri Dec 2 19:53:14 2016 -0500 staging: lustre: obdclass: lu_site_purge() to handle purge-all if the callers wants to purge all objects, then scanning should start from the first bucket. Signed-off-by: Alex Zhuravlev Intel-bug-id: https://jira.hpdd.intel.com/browse/LU-7038 Reviewed-on: http://review.whamcloud.com/18505 Reviewed-by: Mike Pershin Reviewed-by: Faccini Bruno Reviewed-by: Oleg Drokin Signed-off-by: James Simmons Signed-off-by: Greg Kroah-Hartman drivers/staging/lustre/lustre/obdclass/lu_object.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit d6426a64df330b1330f06b342d2c6537d7c6c165 Author: Parinay Kondekar Date: Fri Dec 2 19:53:26 2016 -0500 staging: lustre: llite: ll_dir_ioctl cleanup of redundant comparisons In ll_dir_ioctl() two identical comparisions are present for return code (rc) of ll_dir_getstripe(). This patch removes the other inside if( ) condition which is not necessary. Signed-off-by: Parinay Kondekar Intel-bug-id: https://jira.hpdd.intel.com/browse/LU-6512 Reviewed-on: http://review.whamcloud.com/18027 Reviewed-by: Bobi Jam Reviewed-by: James Simmons Reviewed-by: Oleg Drokin Signed-off-by: James Simmons Signed-off-by: Greg Kroah-Hartman drivers/staging/lustre/lustre/llite/dir.c | 3 --- 1 file changed, 3 deletions(-) commit 26c5d2db9cbb058a1604b7e945fbf7322b299fb2 Author: Yang Sheng Date: Fri Dec 2 19:53:19 2016 -0500 staging: lustre: libcfs: report hnode value for cfs_hash_putref Add more debugging info. Signed-off-by: Yang Sheng Intel-bug-id: https://jira.hpdd.intel.com/browse/LU-7084 Reviewed-on: http://review.whamcloud.com/17673 Reviewed-by: Andreas Dilger Reviewed-by: Fan Yong Reviewed-by: Mike Pershin Reviewed-by: Oleg Drokin Signed-off-by: James Simmons Signed-off-by: Greg Kroah-Hartman drivers/staging/lustre/lnet/libcfs/hash.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit b4f840c15ac78eb3d096eb3267776393b28c789f Author: Li Dongyang Date: Fri Dec 2 19:53:18 2016 -0500 staging: lustre: mdt: fail FMODE_WRITE open if the client is read only O_WRONLY/O_RDWR open on a file will get EROFS on a read only client, but the rpc gets sent to the mdt anyway. mdt will increase the mot_write_count of the mdt object, blocking subsequent FMODE_EXEC open to the same file. This patch makes sure we fail the FMODE_WRITE open with EROFS on the client straight away without sending the rpc to mdt. Signed-off-by: Li Dongyang Intel-bug-id: https://jira.hpdd.intel.com/browse/LU-7727 Reviewed-on: http://review.whamcloud.com/18242 Reviewed-by: Ian Costello Reviewed-by: Nathaniel Clark Reviewed-by: Yang Sheng Reviewed-by: Oleg Drokin Signed-off-by: James Simmons Signed-off-by: Greg Kroah-Hartman drivers/staging/lustre/lustre/llite/namei.c | 4 ++++ 1 file changed, 4 insertions(+) commit 2ba88d4e100d5b1441dfa9a5e03f665b8bc676bc Author: wang di Date: Fri Dec 2 19:53:13 2016 -0500 staging: lustre: llog: reset llog bitmap Once update request fails due to eviction or other failures, all of update request in the sending list should return fail, because after the failure, the update log in the following request will have wrong llog bitmap. Signed-off-by: wang di Intel-bug-id: https://jira.hpdd.intel.com/browse/LU-7039 Reviewed-on: http://review.whamcloud.com/16969 Reviewed-by: Alex Zhuravlev Reviewed-by: James Simmons Reviewed-by: Lai Siyao Reviewed-by: Oleg Drokin Signed-off-by: James Simmons Signed-off-by: Greg Kroah-Hartman drivers/staging/lustre/lustre/obdclass/llog.c | 7 +++++++ 1 file changed, 7 insertions(+) commit f8e9463889ebfda1f3ff45586e5e08a096f3b97e Author: wang di Date: Fri Dec 2 19:53:10 2016 -0500 staging: lustre: mdt: race between open and migrate During intent open, it was found that if the parent has been migrated to another MDT, it should retry the open request with the new object, so it needs to keep the old object in the orphan list, which will be cleanup during next recovery. Note: if the client still using the old FID after next recovery, it will return -ENOENT for the application. Also enqueue the lease lock of the migrating file, then compare the lease before migration to make sure no other clients open the file at the same time. Signed-off-by: wang di Intel-bug-id: https://jira.hpdd.intel.com/browse/LU-6475 Reviewed-on: http://review.whamcloud.com/14497 Reviewed-by: James Simmons Reviewed-by: Andreas Dilger Reviewed-by: Oleg Drokin Signed-off-by: James Simmons Signed-off-by: Greg Kroah-Hartman .../lustre/lustre/include/lustre_req_layout.h | 1 + drivers/staging/lustre/lustre/llite/dir.c | 2 +- drivers/staging/lustre/lustre/llite/file.c | 76 ++++++++++++++++++---- .../staging/lustre/lustre/llite/llite_internal.h | 2 +- drivers/staging/lustre/lustre/mdc/mdc_lib.c | 59 ++++++++++------- drivers/staging/lustre/lustre/mdc/mdc_reint.c | 20 +++++- drivers/staging/lustre/lustre/ptlrpc/layout.c | 18 +++++ 7 files changed, 138 insertions(+), 40 deletions(-) commit ea1fb96b650ddf9f3362b2bc79f527912c5b132e Author: Ashish Purkar Date: Fri Dec 2 19:53:09 2016 -0500 staging: lustre: osc: fix debug log message formatting Corrected newline specifier in debug log message. Signed-off-by: Ashish Purkar Intel-bug-id: https://jira.hpdd.intel.com/browse/LU-7029 Reviewed-on: http://review.whamcloud.com/16046 Reviewed-by: Andreas Dilger Reviewed-by: Oleg Drokin Signed-off-by: James Simmons Signed-off-by: Greg Kroah-Hartman drivers/staging/lustre/lustre/osc/osc_page.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 219c0c454bc960d234273bcc2cb509b7fa71db68 Author: Jinshan Xiong Date: Fri Dec 2 19:53:08 2016 -0500 staging: lustre: llite: clear LLIF_DATA_MODIFIED in atomic This flag should be cleared atomically after the op_data flag MDS_DATA_MODIFIED is packed. Otherwise, if there exists an operation to dirty the file again, the state may be missed on the MDT. Stop using spin lock lli_lock to protect operations of changing file flags; using bit operations instead. Signed-off-by: Jinshan Xiong Signed-off-by: James Simmons Intel-bug-id: https://jira.hpdd.intel.com/browse/LU-6377 Reviewed-on: http://review.whamcloud.com/14100 Reviewed-by: John L. Hammond Reviewed-by: Oleg Drokin Signed-off-by: James Simmons Signed-off-by: Greg Kroah-Hartman drivers/staging/lustre/lustre/llite/file.c | 61 ++++++++-------------- .../staging/lustre/lustre/llite/llite_internal.h | 12 ++--- drivers/staging/lustre/lustre/llite/llite_lib.c | 18 +------ drivers/staging/lustre/lustre/llite/llite_mmap.c | 7 +-- drivers/staging/lustre/lustre/llite/vvp_io.c | 10 ++-- drivers/staging/lustre/lustre/llite/xattr_cache.c | 7 +-- 6 files changed, 38 insertions(+), 77 deletions(-) commit f4ec57b632fe15ed7a355099cb96ed4b647416de Author: Peter Zijlstra Date: Thu Nov 24 12:46:26 2016 +0100 locking/ww_mutex: Use relaxed atomics The stamp is a sequence number, we don't care about memory ordering. Signed-off-by: Peter Zijlstra (Intel) Cc: Boqun Feng Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: Will Deacon Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar include/linux/ww_mutex.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 9aa7c90dce7628f5316675602da87c9d8fd182ab Author: Dan Carpenter Date: Mon Dec 5 14:09:56 2016 +0300 staging: lustre: cl_page: fix a typo in comments We want to "sever" all the ways to get a new pointer to "pg". Signed-off-by: Dan Carpenter Signed-off-by: Greg Kroah-Hartman drivers/staging/lustre/lustre/obdclass/cl_page.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 0db184bc2590a75f4b557897f085f66c79e1d787 Author: Sandeep Jain Date: Mon Dec 5 08:36:37 2016 +0530 staging: lustre: Fix function declaration/definition mismatch Fixes following Sparse errors. lprocfs_status.c:1568:5: error: symbol 'lprocfs_wr_root_squash' redeclared with different type... lprocfs_status.c:1632:5: error: symbol 'lprocfs_wr_nosquash_nids' redeclared with different type... Signed-off-by: Sandeep Jain Acked-by: Oleg Drokin Signed-off-by: Greg Kroah-Hartman drivers/staging/lustre/lustre/include/lprocfs_status.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 8efea9e9b7714b09cc88947b7d5bff3ab85eeb06 Author: Sandeep Jain Date: Mon Dec 5 07:51:21 2016 +0530 staging: lustre: mgc: make llog_process_lock static Fix following sparse warning. mgc_request.c:376:1: warning: symbol 'llog_process_lock' was not declared. Should it be static? Signed-off-by: Sandeep Jain Acked-by: Oleg Drokin Signed-off-by: Greg Kroah-Hartman drivers/staging/lustre/lustre/mgc/mgc_request.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 4f9bc53fdcaa5048fede01c4c5a760f7d38caaba Author: Pan Bian Date: Sat Dec 3 20:52:55 2016 +0800 staging: lustre: lnet: fix improper return value At the end of function lstcon_group_info(), "return 0" seems improper. It may be better to return the value of rc. Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=188811 Signed-off-by: Pan Bian Acked-by: Oleg Drokin Signed-off-by: Greg Kroah-Hartman drivers/staging/lustre/lnet/selftest/console.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 17037fbd56b04c47ba06ef9833227d1a7eeb6861 Author: Jinshan Xiong Date: Thu Dec 1 17:35:32 2016 -0500 staging: lustre: osc: Performance tune for LRU Early launch page LRU work in osc_io_rw_iter_init(); Change the page LRU shrinking policy by OSC attributes; Delete the contented lock osc_object::oo_seatbelt Signed-off-by: Jinshan Xiong Intel-bug-id: https://jira.hpdd.intel.com/browse/LU-5108 Reviewed-on: http://review.whamcloud.com/10458 Reviewed-by: Bobi Jam Reviewed-by: Fan Yong Reviewed-by: Oleg Drokin Signed-off-by: James Simmons Signed-off-by: Greg Kroah-Hartman drivers/staging/lustre/lustre/include/obd.h | 8 ++ drivers/staging/lustre/lustre/osc/lproc_osc.c | 6 +- drivers/staging/lustre/lustre/osc/osc_cache.c | 26 ++--- .../staging/lustre/lustre/osc/osc_cl_internal.h | 19 ---- drivers/staging/lustre/lustre/osc/osc_internal.h | 2 +- drivers/staging/lustre/lustre/osc/osc_io.c | 13 ++- drivers/staging/lustre/lustre/osc/osc_object.c | 9 -- drivers/staging/lustre/lustre/osc/osc_page.c | 119 +++++++++++++-------- drivers/staging/lustre/lustre/osc/osc_request.c | 4 +- 9 files changed, 106 insertions(+), 100 deletions(-) commit aed71a15bbd9dbce4af7cd8f1e1571e21840b2b3 Author: Jinshan Xiong Date: Thu Dec 1 17:35:31 2016 -0500 staging: lustre: osc: create cli_name to get obd name Create the inline function cli_name() to get the name of the OSC device. Signed-off-by: Jinshan Xiong Intel-bug-id: https://jira.hpdd.intel.com/browse/LU-5108 Reviewed-on: http://review.whamcloud.com/10458 Reviewed-by: Bobi Jam Reviewed-by: Fan Yong Reviewed-by: Oleg Drokin Signed-off-by: James Simmons Signed-off-by: Greg Kroah-Hartman drivers/staging/lustre/lustre/osc/osc_cache.c | 8 ++++---- drivers/staging/lustre/lustre/osc/osc_internal.h | 5 +++++ drivers/staging/lustre/lustre/osc/osc_page.c | 12 +++++------- drivers/staging/lustre/lustre/osc/osc_quota.c | 4 ++-- drivers/staging/lustre/lustre/osc/osc_request.c | 13 +++++-------- 5 files changed, 21 insertions(+), 21 deletions(-) commit bc32a0de897644b520208d129273541b4ce60ea3 Author: Jinshan Xiong Date: Thu Dec 1 17:35:30 2016 -0500 staging: lustre: osc: add and fixup comments for LRU handling Add new information about the fields in struct client_obd. Signed-off-by: Jinshan Xiong Intel-bug-id: https://jira.hpdd.intel.com/browse/LU-5108 Reviewed-on: http://review.whamcloud.com/10458 Reviewed-by: Bobi Jam Reviewed-by: Fan Yong Reviewed-by: Oleg Drokin Signed-off-by: James Simmons Signed-off-by: Greg Kroah-Hartman drivers/staging/lustre/lustre/include/obd.h | 27 +++++++++++++++++++++++---- drivers/staging/lustre/lustre/osc/osc_page.c | 17 ++++++++++++----- 2 files changed, 35 insertions(+), 9 deletions(-) commit 884a13694054427b968ac411b76a324f1f442a06 Author: Ben Evans Date: Fri Dec 2 14:40:46 2016 -0500 staging: lustre: headers: sort headers affected by swab move It was found if you sort the headers alphabetically that it reduced patch conflicts. This patch sorts the headers alphabetically and also place linux header first, then uapi header and finally the lustre kernel headers. Signed-off-by: Ben Evans Intel-bug-id: https://jira.hpdd.intel.com/browse/LU-6401 Reviewed-on: http://review.whamcloud.com/16339 Reviewed-by: John L. Hammond Reviewed-by: Andreas Dilger Reviewed-by: James Simmons Reviewed-by: Oleg Drokin Signed-off-by: James Simmons Signed-off-by: Greg Kroah-Hartman drivers/staging/lustre/lustre/lov/lov_obd.c | 17 +++++++++-------- drivers/staging/lustre/lustre/lov/lov_pack.c | 6 ++++-- drivers/staging/lustre/lustre/mdc/mdc_request.c | 11 ++++++----- drivers/staging/lustre/lustre/mgc/mgc_request.c | 7 ++++--- drivers/staging/lustre/lustre/obdclass/llog.c | 2 +- drivers/staging/lustre/lustre/obdclass/obd_config.c | 6 ++++-- drivers/staging/lustre/lustre/ptlrpc/layout.c | 14 ++++++-------- drivers/staging/lustre/lustre/ptlrpc/pack_generic.c | 7 ++++--- 8 files changed, 38 insertions(+), 32 deletions(-) commit 36dc51ccb3e55103621b8821e43088278acdf0c3 Author: Ben Evans Date: Fri Dec 2 14:40:45 2016 -0500 staging: lustre: headers: move swab functions to new header files Create headers for pack_generic.c and llog_swab.c Reference only where needed. This separates out the kernel only code from lustre_idl.h that is an UAPI header. Signed-off-by: Ben Evans Intel-bug-id: https://jira.hpdd.intel.com/browse/LU-6401 Reviewed-on: http://review.whamcloud.com/16339 Reviewed-by: John L. Hammond Reviewed-by: Andreas Dilger Reviewed-by: James Simmons Reviewed-by: Oleg Drokin Signed-off-by: James Simmons Signed-off-by: Greg Kroah-Hartman drivers/staging/lustre/lustre/include/llog_swab.h | 65 ++++++++++++ .../staging/lustre/lustre/include/lprocfs_status.h | 2 + .../lustre/lustre/include/lustre/lustre_idl.h | 115 +-------------------- .../lustre/lustre/include/lustre/lustre_user.h | 2 - drivers/staging/lustre/lustre/include/lustre_sec.h | 1 + .../staging/lustre/lustre/include/lustre_swab.h | 102 ++++++++++++++++++ drivers/staging/lustre/lustre/ldlm/ldlm_lock.c | 1 + drivers/staging/lustre/lustre/llite/dir.c | 2 + drivers/staging/lustre/lustre/llite/file.c | 1 + drivers/staging/lustre/lustre/lov/lov_obd.c | 1 + drivers/staging/lustre/lustre/lov/lov_pack.c | 1 + drivers/staging/lustre/lustre/mdc/mdc_locks.c | 4 +- drivers/staging/lustre/lustre/mdc/mdc_request.c | 2 + drivers/staging/lustre/lustre/mgc/mgc_request.c | 1 + drivers/staging/lustre/lustre/obdclass/llog.c | 1 + drivers/staging/lustre/lustre/obdclass/llog_swab.c | 1 + .../staging/lustre/lustre/obdclass/obd_config.c | 1 + drivers/staging/lustre/lustre/ptlrpc/layout.c | 2 + .../staging/lustre/lustre/ptlrpc/pack_generic.c | 2 + 19 files changed, 190 insertions(+), 117 deletions(-) commit 7c4788950ba5922fde976d80b72baf46f14dee8d Author: Peter Zijlstra Date: Tue Nov 22 10:57:15 2016 +0100 x86/uaccess, sched/preempt: Verify access_ok() context I recently encountered wreckage because access_ok() was used where it should not be, add an explicit WARN when access_ok() is used wrongly. Signed-off-by: Peter Zijlstra (Intel) Cc: Andy Lutomirski Cc: H. Peter Anvin Cc: Linus Torvalds Cc: Peter Zijlstra Cc: Thomas Gleixner Cc: linux-kernel@vger.kernel.org Signed-off-by: Ingo Molnar arch/x86/include/asm/uaccess.h | 13 +++++++++++-- include/linux/preempt.h | 21 +++++++++++++-------- 2 files changed, 24 insertions(+), 10 deletions(-) commit 75e75cbd55183ff12459666c0a1d3e71fe1481ab Merge: 58309be 197aa6e Author: Daniel Vetter Date: Tue Dec 6 10:26:30 2016 +0100 Merge remote-tracking branch 'airlied/drm-next' into drm-misc-next Backmerge v4.9-rc8 to get at commit e94bd1736f1f60e916a85a80c0b0ebeaae36cce5 Author: Michel Dänzer Date: Wed Nov 30 17:30:01 2016 +0900 drm: Don't call drm_for_each_crtc with a non-KMS driver so I can apply Michel's follow-up patch. Signed-off-by: Daniel Vetter commit 3cea2b2154e1e378110eacef7c3e74b48f6b278e Author: Manoj Sawai Date: Sun Dec 4 14:21:21 2016 +0000 Staging: ks7010: ks7010_stio.h: fixed coding style error Fixed 2 coding style errors about trailing whitespaces. Signed-off-by: Manoj Sawai Signed-off-by: Greg Kroah-Hartman drivers/staging/ks7010/ks7010_sdio.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit f416e264577c73bb550d3a64943f5e59d11c6abc Author: Yamanappagouda Patil Date: Sat Dec 3 18:29:31 2016 +0530 staging: ks7010: fixed 'space prohibited after that *' erros. Fixed checkpatch.pl errors related to "space prohibited after that '*' or '&'" in ks_wlan_net.c file. Signed-off-by: Yamanappagouda Patil Signed-off-by: Greg Kroah-Hartman drivers/staging/ks7010/ks_wlan_net.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) commit fe4975306926117d6f3312aee531b1ad5727c093 Author: Yamanappagouda Patil Date: Sat Dec 3 19:34:12 2016 +0530 staging: ks7010: Fixed 'missing blank line after declaration' warnings. Fixed checkpatch.pl warnings 'Missing blank line after declaration' in ks_wlan_net.c file. Signed-off-by: Yamanappagouda Patil Signed-off-by: Greg Kroah-Hartman drivers/staging/ks7010/ks_wlan_net.c | 7 +++++++ 1 file changed, 7 insertions(+) commit 8d60b476658d2df5f53301a475dc1f7edf3001af Author: Guillaume Tucker Date: Mon Dec 5 18:55:38 2016 +0000 staging: android: ashmem: clean up range inline functions Clean up the code in inline functions that deal with page and range addresses. Use bool instead of int for boolean return types and remove superfluous brackets. Signed-off-by: Guillaume Tucker Signed-off-by: Greg Kroah-Hartman drivers/staging/android/ashmem.c | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) commit 40270ca0de2deef44ba53c4fd88dc39fddcd006d Author: Guillaume Tucker Date: Mon Dec 5 18:55:23 2016 +0000 staging: android: ashmem: convert range macros to inlines Convert range_size and range_on_lru macros to inline functions to fix checkpatch check: CHECK: Macro argument reuse 'range' - possible side-effects? Signed-off-by: Guillaume Tucker Signed-off-by: Greg Kroah-Hartman drivers/staging/android/ashmem.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) commit e895f00a84965a2fef2cee0cb06f2f59154186f0 Author: Yan Laijun Date: Mon Dec 5 21:21:39 2016 +0800 Staging: wlan-ng: hfa384x_usb.c Fixed too long code line warnings. Fixed checkpatch warning "line over 80 characters" in wlan-ng/hfa384x_usb.c file. Signed-off-by: Yan Laijun Signed-off-by: Greg Kroah-Hartman drivers/staging/wlan-ng/hfa384x_usb.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit e5851dc05bbd669d04d660b505791b0f32b2e275 Author: PrasannaKumar Muralidharan Date: Sat Dec 3 11:25:51 2016 +0530 staging: vt6655: Add spaces around + Add spaces around + for better readability of the code. Signed-off-by: PrasannaKumar Muralidharan Signed-off-by: Greg Kroah-Hartman drivers/staging/vt6655/device_main.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 30c39a650724cd72dc5c567387674a888e0f0459 Author: Harsh Jain Date: Thu Dec 1 12:15:20 2016 +0530 Staging:rtl8712: Fixed coding style issue Fixes following checkpatch.pl warning Block comments should align the * on each line Signed-off-by: Harsh Jain Signed-off-by: Greg Kroah-Hartman drivers/staging/rtl8712/rtl8712_hal.h | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) commit dbb804bc42464d06775d4112bba705819233eb60 Author: Fernando Apesteguia Date: Fri Dec 2 20:35:06 2016 +0100 staging: dgnc: fix unnamed parameter This patch fixes a checkpatch warning. Signed-off-by: Fernando Apesteguia Signed-off-by: Greg Kroah-Hartman drivers/staging/dgnc/dgnc_tty.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit c7ea8b51101484bda234b990ead032bf0b364752 Author: Cheah Kok Cheong Date: Tue Dec 6 00:57:28 2016 +0800 Staging: comedi: kcomedilib: Add module_init/exit function Add init/exit function to follow LKM semantics. Apparently this module can still load/unload without the init/exit function. Tested loading/unloading with and without this patch. Signed-off-by: Cheah Kok Cheong Reviewed-by: Ian Abbott Signed-off-by: Greg Kroah-Hartman drivers/staging/comedi/kcomedilib/kcomedilib_main.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) commit b13db6bf539dce9dd5d0128c42269334e5e2d17e Author: Saber Rezvani Date: Fri Dec 2 01:35:42 2016 +0330 staging: comedi: s626: use preferred kernel type u32 Fix the checkpatch.pl issue: CHECK: Prefer kernel type 'u32' over 'uint32_t' Signed-off-by: Saber Rezvani Reviewed-by: Ian Abbott Signed-off-by: Greg Kroah-Hartman drivers/staging/comedi/drivers/s626.c | 58 +++++++++++++++++------------------ 1 file changed, 29 insertions(+), 29 deletions(-) commit 0bc45380096dce67319676d880e039f2d9e0af85 Author: Saber Rezvani Date: Fri Dec 2 01:35:41 2016 +0330 staging: comedi: s626: use preferred kernel type u16 Fix the checkpatch.pl issue: CHECK: Prefer kernel type 'u16' over 'uint16_t' Signed-off-by: Saber Rezvani Reviewed-by: Ian Abbott Signed-off-by: Greg Kroah-Hartman drivers/staging/comedi/drivers/s626.c | 96 +++++++++++++++++------------------ 1 file changed, 48 insertions(+), 48 deletions(-) commit d9f9600b8b1cc166e70519257061ddec4e0d7e39 Author: Saber Rezvani Date: Fri Dec 2 01:35:40 2016 +0330 staging: comedi: s626: use preferred kernel type u8 Fix the checkpatch.pl issue: CHECK: Prefer kernel type 'u8' over 'uint8_t' Signed-off-by: Saber Rezvani Reviewed-by: Ian Abbott Signed-off-by: Greg Kroah-Hartman drivers/staging/comedi/drivers/s626.c | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) commit 5e0ad0d8747f3e4803a9c3d96d64dd7332506d3c Author: Kai-Heng Feng Date: Tue Dec 6 16:56:27 2016 +0800 ALSA: hda: when comparing pin configurations, ignore assoc in addition to seq Commit [64047d7f4912 ALSA: hda - ignore the assoc and seq when comparing pin configurations] intented to ignore both seq and assoc at pin comparing, but it only ignored seq. So that commit may still fail to match pins on some machines. Change the bitmask to also ignore assoc. v2: Use macro to do bit masking. Thanks to Hui Wang for the analysis. Fixes: 64047d7f4912 ("ALSA: hda - ignore the assoc and seq when comparing...") Signed-off-by: Kai-Heng Feng Cc: Signed-off-by: Takashi Iwai sound/pci/hda/hda_auto_parser.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 58309befa82d81f6e9dc36a92d2a339ef2144535 Author: Nicolai Stange Date: Mon Dec 5 21:30:22 2016 +0100 drm/amdgpu: don't add files at control minor debugfs directory Since commit 8a357d10043c ("drm: Nerf DRM_CONTROL nodes"), a struct drm_device's ->control member is always NULL. In the case of CONFIG_DEBUG_FS=y, amdgpu_debugfs_add_files() accesses ->control->debugfs_root though. This results in a NULL pointer dereference. Fix this by omitting the drm_debugfs_create_files() call for the control minor debugfs directory which is now non-existent anyway. Fixes: 8a357d10043c ("drm: Nerf DRM_CONTROL nodes") Signed-off-by: Nicolai Stange Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=98915 Reviewed-by: Alex Deucher Tested-by: Mike Lothian Signed-off-by: Daniel Vetter Link: http://patchwork.freedesktop.org/patch/msgid/20161205203022.11671-1-nicstange@gmail.com drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 6 ------ 1 file changed, 6 deletions(-) commit 8f5040e421ca4bbd8cd5216dec509da188eb74bc Author: Marta Lofstedt Date: Mon Dec 5 14:04:08 2016 +0200 drm: allow changing DPMS mode The drm_atomic_helper_connector_dpms will set the connector back the old DPMS state before returning. This makes it impossible to change DPMS state of the connector. Fixes: 0853695c3ba46f97dfc0b5885f7b7e640ca212dd v2: edit of commit message Cc: Chris Wilson Cc: Daniel Vetter Cc: Eric Engestrom Cc: Sean Paul Cc: dri-devel@lists.freedesktop.org Cc: Signed-off-by: Marta Lofstedt Signed-off-by: Daniel Vetter Link: http://patchwork.freedesktop.org/patch/msgid/20161205120408.13056-1-marta.lofstedt@intel.com drivers/gpu/drm/drm_atomic_helper.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 1de7ac686bbc5db809ab97eb715ce926a3c41a9c Author: Neil Armstrong Date: Mon Nov 28 10:39:45 2016 +0100 MAINTAINERS: add entry for Amlogic DRM drivers Add myself as maintainer for Amlogic DRM drivers. Acked-by: Daniel Vetter Acked-by: Laurent Pinchart Signed-off-by: Neil Armstrong MAINTAINERS | 9 +++++++++ 1 file changed, 9 insertions(+) commit 42a7119b51ee42c7eebe2de85789d96f7439975a Author: Neil Armstrong Date: Fri Nov 25 16:10:56 2016 +0100 dt-bindings: display: add Amlogic Meson DRM Bindings Reviewed-by: Laurent Pinchart Acked-by: Rob Herring Signed-off-by: Neil Armstrong .../bindings/display/amlogic,meson-vpu.txt | 112 +++++++++++++++++++++ 1 file changed, 112 insertions(+) commit c53432030d86429dc9fe5adc3d68cb9d1343b0b2 Author: James Smart Date: Fri Dec 2 00:28:43 2016 -0800 nvme-fabrics: Add target support for FC transport Implements the FC-NVME T11 definition of how nvme fabric capsules are performed on an FC fabric. Utilizes a lower-layer API to FC host adapters to send/receive FC-4 LS operations and perform the FCP transactions necessary to perform and FCP IO request for NVME. The T11 definitions for FC-4 Link Services are implemented which create NVMeOF connections. Implements the hooks with nvmet layer to pass NVME commands to it for processing and posting of data/response base to the host via the different connections. Signed-off-by: James Smart Reviewed-by: Jay Freyensee Reviewed-by: Johannes Thumshirn Signed-off-by: Christoph Hellwig MAINTAINERS | 1 + drivers/nvme/target/Kconfig | 11 + drivers/nvme/target/Makefile | 2 + drivers/nvme/target/fc.c | 2288 ++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 2302 insertions(+) commit e399441de9115cd472b8ace6c517708273ca7997 Author: James Smart Date: Fri Dec 2 00:28:42 2016 -0800 nvme-fabrics: Add host support for FC transport Implements the FC-NVME T11 definition of how nvme fabric capsules are performed on an FC fabric. Utilizes a lower-layer API to FC host adapters to send/receive FC-4 LS operations and FCP operations that comprise NVME over FC operation. The T11 definitions for FC-4 Link Services are implemented which create NVMeOF connections. Implements the hooks with blk-mq to then submit admin and io requests to the different connections. Signed-off-by: James Smart Reviewed-by: Jay Freyensee Reviewed-by: Johannes Thumshirn Signed-off-by: Christoph Hellwig MAINTAINERS | 1 + drivers/nvme/host/Kconfig | 17 + drivers/nvme/host/Makefile | 3 + drivers/nvme/host/fc.c | 2586 ++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 2607 insertions(+) commit d6d20012e116904065d192be6146040c99c03c3c Author: James Smart Date: Fri Dec 2 00:28:41 2016 -0800 nvme-fabrics: Add FC transport LLDD api definitions Host: - LLDD registration with the host transport - registering host ports (local ports) and target ports seen on fabric (remote ports) - Data structures and call points for FC-4 LS's and FCP IO requests Target: - LLDD registration with the target transport - registering nvme subsystem ports (target ports) - Data structures and call points for reception of FC-4 LS's and FCP IO requests, and callbacks to perform data and rsp transfers for the io. Add to MAINTAINERS file Signed-off-by: James Smart Reviewed-by: Christoph Hellwig Reviewed-by: Jay Freyensee Reviewed-by: Johannes Thumshirn Signed-off-by: Christoph Hellwig MAINTAINERS | 1 + include/linux/nvme-fc-driver.h | 851 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 852 insertions(+) commit b1ad1475b447a7668ac8bfad77277c4405941883 Author: James Smart Date: Fri Dec 2 00:28:40 2016 -0800 nvme-fabrics: Add FC transport FC-NVME definitions - Formats for Cmd, Data, Rsp IUs - Formats FC-4 LS definitions - Add to MAINTAINERS file Signed-off-by: James Smart Reviewed-by: Christoph Hellwig Reviewed-by: Jay Freyensee Reviewed-by: Johannes Thumshirn Signed-off-by: Christoph Hellwig MAINTAINERS | 6 ++ include/linux/nvme-fc.h | 268 ++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 274 insertions(+) commit cba3bdfd2e89edd706e2c40dfad914aca663b6ac Author: James Smart Date: Fri Dec 2 00:28:39 2016 -0800 nvme-fabrics: Add FC transport error codes to nvme.h Signed-off-by: James Smart Reviewed-by: Christoph Hellwig Reviewed-by: Jay Freyensee Reviewed-by: Johannes Thumshirn Signed-off-by: Christoph Hellwig include/linux/nvme.h | 13 +++++++++++++ 1 file changed, 13 insertions(+) commit 6ea76f33e9ab99c7888547e1acba2baf8e4b5b17 Author: James Smart Date: Fri Dec 2 00:28:38 2016 -0800 Add type 0x28 NVME type code to scsi fc headers Signed-off-by: James Smart Acked-by: Johannes Thumshirn Reviewed-by: Jay Freyensee Signed-off-by: Christoph Hellwig include/uapi/scsi/fc/fc_fs.h | 2 ++ 1 file changed, 2 insertions(+) commit 885aa4015f70efffff86d81a5e236562dc8dcffe Author: James Smart Date: Fri Oct 21 23:32:51 2016 +0300 nvme-fabrics: patch target code in prep for FC transport support - Add FC transport type decoding - Add FC address family decoding Signed-off-by: James Smart Acked-by: Johannes Thumshirn Reviewed-by: Jay Freyensee Signed-off-by: Sagi Grimberg Signed-off-by: Christoph Hellwig drivers/nvme/target/configfs.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) commit 721b3917c4ae222085c6de70c24b73b0e7950b35 Author: James Smart Date: Fri Oct 21 23:33:34 2016 +0300 nvme-fabrics: set sqe.command_id in core not transports Currently, core.c sets command_id only on rd/wr commands, leaving it to the transport to set it again to ensure the request had a command id. Move location of set in core so applies to all commands. Remove transport sets. Signed-off-by: James Smart Reviewed-by: Jay Freyensee Signed-off-by: Sagi Grimberg drivers/nvme/host/core.c | 3 ++- drivers/nvme/host/pci.c | 1 - drivers/nvme/host/rdma.c | 1 - drivers/nvme/target/loop.c | 1 - 4 files changed, 2 insertions(+), 4 deletions(-) commit a317178e36b52f5f24ad226a77403eeea5ac05c4 Author: James Smart Date: Fri Oct 21 23:51:54 2016 +0300 parser: add u64 number parser Will be used by the nvme-fabrics FC transport in parsing options Signed-off-by: James Smart Signed-off-by: Sagi Grimberg include/linux/parser.h | 1 + lib/parser.c | 47 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 48 insertions(+) commit 27a4beef0b0508621c34aa61725eec2aa39904e0 Author: Max Gurtovoy Date: Wed Nov 23 11:38:48 2016 +0200 nvme-rdma: align to generic ib_event logging helper Signed-off-by: Max Gurtovoy Reviewed-by: Jay Freyensee Signed-off-by: Christoph Hellwig drivers/nvme/host/rdma.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 675796be47d683d9b5cd3d7587e09a1cc4fe9e54 Author: Max Gurtovoy Date: Wed Nov 23 11:38:47 2016 +0200 nvmet-rdma: align to generic ib_event logging helper Signed-off-by: Max Gurtovoy Signed-off-by: Christoph Hellwig drivers/nvme/target/rdma.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit d4a5340edd6405972795a1d006e8e2b6f7664ca1 Author: Sagi Grimberg Date: Tue Nov 1 10:41:00 2016 +0200 nvme-rdma: remove redundant define Reviewed-by: Christoph Hellwig Signed-off-by: Sagi Grimberg drivers/nvme/host/rdma.c | 1 - 1 file changed, 1 deletion(-) commit 6eb728305414bb9ef3c971a7a2932cc037b7df54 Author: Bart Van Assche Date: Tue Oct 18 13:10:24 2016 -0700 nvme-fabrics: Adjust source code indentation Adjust indentation such that arguments are aligned. Signed-off-by: Bart Van Assche Reviewed-by: Johannes Thumshirn Reviewed-by: Christoph Hellwig Signed-off-by: Sagi Grimberg drivers/nvme/host/fabrics.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 6bcb5268d46b33649354febc1cb294767220d8ca Author: Bart Van Assche Date: Tue Oct 18 13:10:03 2016 -0700 nvme/scsi: Remove set-but-not-used variables Signed-off-by: Bart Van Assche Reviewed-by: Johannes Thumshirn Reviewed-by: Christoph Hellwig Signed-off-by: Sagi Grimberg drivers/nvme/host/scsi.c | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) commit e4fcf07cca6a3b6c4be00df16f08be894325eaa3 Author: Solganik Alexander Date: Sun Oct 30 10:35:15 2016 +0200 nvmet: Fix possible infinite loop triggered on hot namespace removal When removing a namespace we delete it from the subsystem namespaces list with list_del_init which allows us to know if it is enabled or not. The problem is that list_del_init initialize the list next and does not respect the RCU list-traversal we do on the IO path for locating a namespace. Instead we need to use list_del_rcu which is allowed to run concurrently with the _rcu list-traversal primitives (keeps list next intact) and guarantees concurrent nvmet_find_naespace forward progress. By changing that, we cannot rely on ns->dev_link for knowing if the namspace is enabled, so add enabled indicator entry to nvmet_ns for that. Signed-off-by: Sagi Grimberg Signed-off-by: Solganik Alexander Cc: # v4.8+ drivers/nvme/target/configfs.c | 6 +++--- drivers/nvme/target/core.c | 14 ++++++++------ drivers/nvme/target/nvmet.h | 6 +----- 3 files changed, 12 insertions(+), 14 deletions(-) commit f3116d8f1e110a5eeaac94f5d1c490e9e466a223 Author: Bart Van Assche Date: Tue Oct 18 13:11:03 2016 -0700 nvme-fabrics: Fix a memory leak in an nvmf_create_ctrl() error path Signed-off-by: Bart Van Assche Reviewed-by: Johannes Thumshirn Reviewed-by: Christoph Hellwig Signed-off-by: Sagi Grimberg drivers/nvme/host/fabrics.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 8eadfcb1b63d7d9cd21dc7a2fd1d92efc5730ddd Author: Bart Van Assche Date: Tue Oct 18 13:10:46 2016 -0700 nvme-fabrics: Fix memory leaks in nvmf_parse_options() Signed-off-by: Bart Van Assche Reviewed-by: Johannes Thumshirn Reviewed-by: Christoph Hellwig Signed-off-by: Sagi Grimberg drivers/nvme/host/fabrics.c | 2 ++ 1 file changed, 2 insertions(+) commit 76c08bf46a2891c80e854813c636bdce1f7d1ca4 Author: Samuel Jones Date: Tue Oct 25 09:22:34 2016 +0200 nvme-rdma: force queue size to respect controller capability Queue size needs to respect the Maximum Queue Entries Supported advertised by the controller in its Capability register. Signed-off-by: Samuel Jones Reviewed-by: Christoph Hellwig [sagig: fixed queue_size adjustment according to Daniel Verkamp comment] Signed-off-by: Sagi Grimberg drivers/nvme/host/rdma.c | 8 ++++++++ 1 file changed, 8 insertions(+) commit 70d4281c4b7049794e6d66baac7a18ad943cf726 Author: Bart Van Assche Date: Tue Oct 18 12:59:47 2016 -0700 nvmet-rdma: Fix REJ status code nvmet_sq_init() returns a value <= 0. nvmet_rdma_cm_reject() expects a second argument that is a NVME_RDMA_CM_* constant. Hence this patch. Signed-off-by: Bart Van Assche Reviewed-by: Sagi Grimberg Signed-off-by: Sagi Grimberg drivers/nvme/target/rdma.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit 34c4a42791bbc455e65a15d12dcd0b6b3c52ad13 Merge: 7898758 bec60e5 Author: Ingo Molnar Date: Tue Dec 6 09:14:56 2016 +0100 Merge tag 'perf-core-for-mingo-20161205' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux into perf/core Pull perf/core improvements and fixes from Arnaldo Carvalho de Melo: Fixes: - Do not show a bogus target address in 'perf annotate' for targetless powerpc jump instructions such as 'bctr' (Ravi Bangoria) - Fix tools/build race conditions with the fixdep utility (Jiri Olsa) - Fix building objtool with clang (Peter Foley) Infrastructure changes: - Support linking perf with clang and LLVM libraries, initially statically, but this limitation will be lifted and shared libraries, when available, will be preferred to the static build, that should, as with other features, be enabled explicitly (Wang Nan) Signed-off-by: Arnaldo Carvalho de Melo Signed-off-by: Ingo Molnar commit 78987584de42742bb46eaf55517a0475bfd7f032 Merge: e7af7b1 d9d0452 Author: Ingo Molnar Date: Tue Dec 6 09:14:35 2016 +0100 Merge branch 'linus' into perf/core, to pick up fixes Signed-off-by: Ingo Molnar commit 918b8ac55b6c809b70aa05c279087109584e393e Author: Shuah Khan Date: Mon Dec 5 12:56:38 2016 -0700 usbip: fix warning in vhci_hcd_probe/lockdep_init_map vhci_hcd calls sysfs_create_group() with dynamically allocated sysfs attributes triggering the lock-class key not persistent warning. Call sysfs_attr_init() for dynamically allocated sysfs attributes to fix it. vhci_hcd vhci_hcd: USB/IP Virtual Host Controller vhci_hcd vhci_hcd: new USB bus registered, assigned bus number 2 BUG: key ffff88006a7e8d18 not in .data! ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1 at kernel/locking/lockdep.c:3131 lockdep_init_map+0x60c/0x770 DEBUG_LOCKS_WARN_ON(1)[ 1.567044] Modules linked in: CPU: 0 PID: 1 Comm: swapper/0 Not tainted 4.9.0-rc7+ #58 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 ffff88006bce6eb8 ffffffff81f96c8a ffffffff00000a02 1ffff1000d79cd6a ffffed000d79cd62 000000046bce6ed8 0000000041b58ab3 ffffffff8598af40 ffffffff81f969f8 0000000000000000 0000000041b58ab3 0000000000000200 Call Trace: [< inline >] __dump_stack lib/dump_stack.c:15 [] dump_stack+0x292/0x398 lib/dump_stack.c:51 [] __warn+0x19f/0x1e0 kernel/panic.c:550 [] warn_slowpath_fmt+0xc5/0x110 kernel/panic.c:565 [] lockdep_init_map+0x60c/0x770 kernel/locking/lockdep.c:3131 [] __kernfs_create_file+0x114/0x2a0 fs/kernfs/file.c:954 [] sysfs_add_file_mode_ns+0x225/0x520 fs/sysfs/file.c:305 [< inline >] create_files fs/sysfs/group.c:64 [] internal_create_group+0x239/0x8f0 fs/sysfs/group.c:134 [] sysfs_create_group+0x1f/0x30 fs/sysfs/group.c:156 [] vhci_start+0x5b4/0x7a0 drivers/usb/usbip/vhci_hcd.c:978 [] usb_add_hcd+0x8da/0x1c60 drivers/usb/core/hcd.c:2867 [] vhci_hcd_probe+0x97/0x130 drivers/usb/usbip/vhci_hcd.c:1103 --- --- ---[ end trace c33c7b202cf3aac8 ]--- Signed-off-by: Shuah Khan Reported-by: Andrey Konovalov Signed-off-by: Greg Kroah-Hartman drivers/usb/usbip/vhci_sysfs.c | 1 + 1 file changed, 1 insertion(+) commit 89778ba335e302a450932ce5b703c1ee6216e949 Author: Rafał Miłecki Date: Tue Dec 6 00:39:33 2016 +0100 usb: core: usbport: Use proper LED API to fix potential crash Calling brightness_set manually isn't safe as some LED drivers don't implement this callback. The best idea is to just use a proper helper which will fallback to the brightness_set_blocking callback if needed. This fixes: [ 1461.761528] Unable to handle kernel NULL pointer dereference at virtual address 00000000 (...) [ 1462.117049] Backtrace: [ 1462.119521] [] (usbport_trig_port_store [ledtrig_usbport]) from [] (dev_attr_store+0x20/0x2c) [ 1462.129826] r7:dcabc7c0 r6:dee0ff80 r5:00000002 r4:bf228164 [ 1462.135511] [] (dev_attr_store) from [] (sysfs_kf_write+0x48/0x4c) [ 1462.143459] r5:00000002 r4:c023f738 [ 1462.147049] [] (sysfs_kf_write) from [] (kernfs_fop_write+0xf8/0x1f8) [ 1462.155258] r5:00000002 r4:df4a1000 [ 1462.158850] [] (kernfs_fop_write) from [] (__vfs_write+0x34/0x120) [ 1462.166800] r10:00000000 r9:dee0e000 r8:c000fc24 r7:00000002 r6:dee0ff80 r5:c01689c0 [ 1462.174660] r4:df727a80 [ 1462.177204] [] (__vfs_write) from [] (vfs_write+0xac/0x170) [ 1462.184543] r9:dee0e000 r8:c000fc24 r7:dee0ff80 r6:b6f092d0 r5:df727a80 r4:00000002 [ 1462.192319] [] (vfs_write) from [] (SyS_write+0x4c/0xa8) [ 1462.199396] r9:dee0e000 r8:c000fc24 r7:00000002 r6:b6f092d0 r5:df727a80 r4:df727a80 [ 1462.207174] [] (SyS_write) from [] (ret_fast_syscall+0x0/0x3c) [ 1462.214774] r7:00000004 r6:ffffffff r5:00000000 r4:00000000 [ 1462.220456] Code: bad PC value [ 1462.223560] ---[ end trace 676638a3a12c7a56 ]--- Reported-by: Ralph Sennhauser Signed-off-by: Rafał Miłecki Fixes: 0f247626cbb ("usb: core: Introduce a USB port LED trigger") Cc: stable@vger.kernel.org # 4.9+ Signed-off-by: Greg Kroah-Hartman drivers/usb/core/ledtrig-usbport.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) commit 71158c28eb434f3fe740b1560bbd698d56f506ee Author: Shuah Khan Date: Mon Dec 5 17:51:24 2016 -0700 usbip: add missing compile time generated files to .gitignore Add the following files to .gitignore compile libsrc/libusbip_la-sysfs_utils.lo libsrc/libusbip_la-usbip_device_driver.lo libsrc/libusbip_la-usbip_host_common.lo Signed-off-by: Shuah Khan Signed-off-by: Greg Kroah-Hartman tools/usb/usbip/.gitignore | 4 ++++ 1 file changed, 4 insertions(+) commit d3f8dc42024b09974a4a1501d4e8852a025f1c15 Author: Alexandre Belloni Date: Thu Dec 1 11:49:03 2016 +0100 dmaengine: at_xdmac: don't restore unsaved status save_gs is supposed to save the channel status in order to be restored at resume time but it is never updated and is always 0. Anyway, the channel status is updated in the per channel loop later in the resume function. Signed-off-by: Alexandre Belloni Acked-by: Nicolas Ferre Acked-by: Ludovic Desroches Signed-off-by: Vinod Koul drivers/dma/at_xdmac.c | 2 -- 1 file changed, 2 deletions(-) commit 7393fca924e22ad3c071d8bbcc5acda21d0c2710 Author: Pan Bian Date: Fri Dec 2 22:50:38 2016 +0800 dmaengine: ioat: set error code on failures In function ioat_xor_val_self_test(), when the calls to dma_mapping_error() fail, the value of return variable err is 0 (indicates no error). As a result, the return value may be inconsistent with the execution status. This patch fixes the bug by assigning "-ENOMEM" to err on the error path. Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=188601 Signed-off-by: Pan Bian Acked-by: Dave Jiang Signed-off-by: Vinod Koul drivers/dma/ioat/init.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) commit b424d2a0a186e7fe4b70db1d616a39d4c3fefd31 Author: Pan Bian Date: Fri Dec 2 22:49:01 2016 +0800 dmaengine: ioat: set error code on failures In function ioat_dma_self_test(), when the calls to dma_mapping_error() fails, the value of return variable err is 0 (indicates no error). As a result, the return value may be inconsistent with the execution status. This patch fixes the bug by assigning -ENOMEM to err on the error path. Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=188591 Signed-off-by: Pan Bian Acked-by: Dave Jiang Signed-off-by: Vinod Koul drivers/dma/ioat/init.c | 2 ++ 1 file changed, 2 insertions(+) commit 51007df3836a5b7fde23028f552313f15650cbf5 Merge: 197aa6e 45d59d7 Author: Dave Airlie Date: Tue Dec 6 14:40:50 2016 +1000 Merge branch 'drm-next/mxsfb' of git://git.kernel.org/pub/scm/linux/kernel/git/marex/linux-2.6 into drm-next Add new driver for MXSFB. * 'drm-next/mxsfb' of git://git.kernel.org/pub/scm/linux/kernel/git/marex/linux-2.6: drm: Add new driver for MXSFB controller dt-bindings: mxsfb: Add new bindings for the MXSFB driver dt-bindings: mxsfb: Indentation cleanup commit 362fb578a573adeb67aa4790d901d851b8f8c8f3 Author: Trond Myklebust Date: Mon Dec 5 17:33:07 2016 -0500 pNFS: Release NFS_LAYOUT_RETURN when invalidating the layout stateid Ensure we release the NFS_LAYOUT_RETURN lock when we invalidate the layout stateid, so that processes and RPC tasks that are waiting on the layout return can continue. Signed-off-by: Trond Myklebust fs/nfs/pnfs.c | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) commit 45d59d704080cc0c914b7cff24ccf19f12b9ce23 Author: Marek Vasut Date: Thu Aug 18 20:23:01 2016 +0200 drm: Add new driver for MXSFB controller Add new driver for the MXSFB controller found in i.MX23/28/6SX . The MXSFB controller is a simple framebuffer controller with one parallel LCD output. Unlike the MXSFB fbdev driver that is used on these systems now, this driver uses the DRM/KMS framework. Signed-off-by: Marek Vasut Cc: Lucas Stach Cc: Fabio Estevam Cc: Shawn Guo MAINTAINERS | 6 + drivers/gpu/drm/Kconfig | 2 + drivers/gpu/drm/Makefile | 1 + drivers/gpu/drm/mxsfb/Kconfig | 18 ++ drivers/gpu/drm/mxsfb/Makefile | 2 + drivers/gpu/drm/mxsfb/mxsfb_crtc.c | 241 ++++++++++++++++++++ drivers/gpu/drm/mxsfb/mxsfb_drv.c | 444 +++++++++++++++++++++++++++++++++++++ drivers/gpu/drm/mxsfb/mxsfb_drv.h | 54 +++++ drivers/gpu/drm/mxsfb/mxsfb_out.c | 131 +++++++++++ drivers/gpu/drm/mxsfb/mxsfb_regs.h | 114 ++++++++++ 10 files changed, 1013 insertions(+) commit 7b920aae917da3486f0084fd1b77b2f59f521309 Author: Marek Vasut Date: Tue Aug 23 14:56:12 2016 +0200 dt-bindings: mxsfb: Add new bindings for the MXSFB driver Add new DT bindings for new MXSFB driver that is using the OF graph to parse the video output structure instead of hard-coding the display properties into the MXSFB node. The old MXSFB fbdev driver bindings are preserved in the same file in the "Old bindings" section. Signed-off-by: Marek Vasut Cc: Rob Herring Cc: Lucas Stach Cc: Fabio Estevam Cc: Shawn Guo Acked-by: Rob Herring .../devicetree/bindings/display/mxsfb.txt | 41 ++++++++++++++++++++-- 1 file changed, 39 insertions(+), 2 deletions(-) commit 9c8f2eed73939aedec3822d0ee776f61211cbb0c Author: Marek Vasut Date: Sun Sep 25 20:52:54 2016 +0200 dt-bindings: mxsfb: Indentation cleanup Clean up the ad-hoc indentation in the documentation, no functional change. Signed-off-by: Marek Vasut Cc: Lucas Stach Cc: Fabio Estevam Cc: Shawn Guo Acked-by: Rob Herring Documentation/devicetree/bindings/display/mxsfb.txt | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) commit e231f8d7ed9a01280d18cd897ae0bbb4118bc954 Author: Viresh Kumar Date: Thu Dec 1 16:28:22 2016 +0530 PM / OPP: Don't WARN on multiple calls to dev_pm_opp_set_regulators() If a platform specific OPP driver has called this routine first and set the regulators, then the second call from cpufreq-dt driver will hit the WARN_ON(). Remove the WARN_ON(), but continue to return error in such cases. Signed-off-by: Viresh Kumar Reviewed-by: Stephen Boyd Tested-by: Dave Gerlach Signed-off-by: Rafael J. Wysocki drivers/base/power/opp/core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 4dab160eb1586f67e8ba7c55ffdd2373f7a5553e Author: Viresh Kumar Date: Thu Dec 1 16:28:21 2016 +0530 PM / OPP: Allow platform specific custom set_opp() callbacks The generic set_opp() handler isn't sufficient for platforms with complex DVFS. For example, some TI platforms have multiple regulators for a CPU device. The order in which various supplies need to be programmed is only known to the platform code and its best to leave it to it. This patch implements APIs to register platform specific set_opp() callback. Signed-off-by: Viresh Kumar Tested-by: Dave Gerlach Reviewed-by: Stephen Boyd Signed-off-by: Rafael J. Wysocki drivers/base/power/opp/core.c | 114 +++++++++++++++++++++++++++++++++++++++++- drivers/base/power/opp/opp.h | 2 + include/linux/pm_opp.h | 10 ++++ 3 files changed, 125 insertions(+), 1 deletion(-) commit 947355850fcb3bb6549294316667d0f53bc03082 Author: Viresh Kumar Date: Thu Dec 1 16:28:20 2016 +0530 PM / OPP: Separate out _generic_set_opp() Later patches would add support for custom set_opp() callbacks. This patch separates out the code for _generic_set_opp() handler in order to prepare for that. Signed-off-by: Viresh Kumar Tested-by: Dave Gerlach Reviewed-by: Stephen Boyd Signed-off-by: Rafael J. Wysocki drivers/base/power/opp/core.c | 181 +++++++++++++++++++++++++++++------------- drivers/base/power/opp/opp.h | 3 + include/linux/pm_opp.h | 35 ++++++++ 3 files changed, 166 insertions(+), 53 deletions(-) commit dfbe4678d709e25e0f36e6b6333e2a7a67aefb7e Author: Viresh Kumar Date: Thu Dec 1 16:28:19 2016 +0530 PM / OPP: Add infrastructure to manage multiple regulators This patch adds infrastructure to manage multiple regulators and updates the only user (cpufreq-dt) of dev_pm_opp_set{put}_regulator(). This is preparatory work for adding full support for devices with multiple regulators. Signed-off-by: Viresh Kumar Tested-by: Dave Gerlach Signed-off-by: Rafael J. Wysocki drivers/base/power/opp/core.c | 248 +++++++++++++++++++++++++++------------ drivers/base/power/opp/debugfs.c | 52 ++++++-- drivers/base/power/opp/of.c | 103 +++++++++++----- drivers/base/power/opp/opp.h | 10 +- drivers/cpufreq/cpufreq-dt.c | 6 +- include/linux/pm_opp.h | 8 +- 6 files changed, 300 insertions(+), 127 deletions(-) commit ce31781a7574ac1b11b1b66e0d54c8bab41f56eb Author: Viresh Kumar Date: Thu Dec 1 16:28:18 2016 +0530 PM / OPP: Pass struct dev_pm_opp_supply to _set_opp_voltage() Pass the entire supply structure instead of all of its fields. Signed-off-by: Viresh Kumar Tested-by: Dave Gerlach Reviewed-by: Stephen Boyd Signed-off-by: Rafael J. Wysocki drivers/base/power/opp/core.c | 44 +++++++++++++++++-------------------------- 1 file changed, 17 insertions(+), 27 deletions(-) commit 0f0fe7e01327b3d524787a2e8b7e78f010db2bb8 Author: Viresh Kumar Date: Thu Dec 1 16:28:17 2016 +0530 PM / OPP: Manage supply's voltage/current in a separate structure This is a preparatory step for multiple regulator per device support. Move the voltage/current variables to a new structure. Signed-off-by: Viresh Kumar Tested-by: Dave Gerlach Reviewed-by: Stephen Boyd Signed-off-by: Rafael J. Wysocki drivers/base/power/opp/core.c | 44 +++++++++++++++++++++------------------- drivers/base/power/opp/debugfs.c | 8 ++++---- drivers/base/power/opp/of.c | 18 ++++++++-------- drivers/base/power/opp/opp.h | 11 +++------- include/linux/pm_opp.h | 16 +++++++++++++++ 5 files changed, 55 insertions(+), 42 deletions(-) commit dc39d06fcd7a4a82d72eae7b71e94e888b96d29e Author: Viresh Kumar Date: Thu Dec 1 16:28:16 2016 +0530 PM / OPP: Don't use OPP structure outside of rcu protected section The OPP structure must not be used out of the rcu protected section. Cache the values to be used in separate variables instead. Cc: 4.6+ # 4.6+ Signed-off-by: Viresh Kumar Reviewed-by: Stephen Boyd Tested-by: Dave Gerlach Signed-off-by: Rafael J. Wysocki drivers/base/power/opp/core.c | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) commit 579c49efdf5a04869b29891e46cde0ed4df5480a Author: Viresh Kumar Date: Thu Dec 1 16:28:15 2016 +0530 PM / OPP: Reword binding supporting multiple regulators per device On certain platforms (like TI), DVFS for a single device (CPU) requires configuring multiple power supplies. The OPP bindings already contains binding and example to explain this case, but it isn't sufficient. - There is no way for the code parsing these bindings to know which voltage values belong to which power supply. - It is not possible to know the order in which the supplies need to be configured while switching OPPs. This patch clarifies on those details by mentioning that such information is left for the implementation specific bindings to explain. They may want to hardcode such details or implement their own properties to get such information. All implementations using multiple regulators for their devices must provide a binding document explaining their implementation. Signed-off-by: Viresh Kumar Acked-by: Rob Herring Reviewed-by: Stephen Boyd Signed-off-by: Rafael J. Wysocki Documentation/devicetree/bindings/opp/opp.txt | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) commit 309fe8d65034d1dd04a37f0e04d360b8764a3384 Author: Viresh Kumar Date: Thu Dec 1 16:28:14 2016 +0530 PM / OPP: Fix incorrect cpu-supply property in binding The regulator bindings allow the "-supply" property to define a single parent supply and not a list of parents. Fix the wrong example code present in OPP bindings. While at it also change the compatible string as Rob pointed out earlier that none of A7 implementation have multiple supplies for the CPU core. Signed-off-by: Viresh Kumar Acked-by: Rob Herring Reviewed-by: Stephen Boyd Signed-off-by: Rafael J. Wysocki Documentation/devicetree/bindings/opp/opp.txt | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit 0e7414b7aa8b294fddefbad020798f7c8ebe1622 Author: Rafael J. Wysocki Date: Thu Dec 1 23:31:32 2016 +0100 cpuidle: Add a kerneldoc comment to cpuidle_use_deepest_state() Since cpuidle_use_deepest_state() is not static, add a proper kerneldoc comment to it to document its purpose. Signed-off-by: Rafael J. Wysocki drivers/cpuidle/cpuidle.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) commit 8f6040cebd2382a5cfb201419d40e7a4a193a412 Author: Pan Bian Date: Sat Dec 3 23:02:27 2016 +0800 cpuidle: fix improper return value on error In function cpuidle_add_state_sysfs(), variable ret takes the return value. Its value should be negative on errors. Because ret is reset in the loop, its value will be 0 during the second and after repeat of the loop. If kzalloc() returns a NULL pointer then, it will return 0. It may be better to explicitly assign "-ENOMEM" when the call to kzalloc() fails. Link: https://bugzilla.kernel.org/show_bug.cgi?id=188901 Signed-off-by: Pan Bian Signed-off-by: Rafael J. Wysocki drivers/cpuidle/sysfs.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit b53f40db59b27b62bc294c30506b02a0cae47e0b Author: Josh Poimboeuf Date: Fri Dec 2 11:42:21 2016 -0600 x86/suspend: fix false positive KASAN warning on suspend/resume Resuming from a suspend operation is showing a KASAN false positive warning: BUG: KASAN: stack-out-of-bounds in unwind_get_return_address+0x11d/0x130 at addr ffff8803867d7878 Read of size 8 by task pm-suspend/7774 page:ffffea000e19f5c0 count:0 mapcount:0 mapping: (null) index:0x0 flags: 0x2ffff0000000000() page dumped because: kasan: bad access detected CPU: 0 PID: 7774 Comm: pm-suspend Tainted: G B 4.9.0-rc7+ #8 Hardware name: Gigabyte Technology Co., Ltd. Z170X-UD5/Z170X-UD5-CF, BIOS F5 03/07/2016 Call Trace: dump_stack+0x63/0x82 kasan_report_error+0x4b4/0x4e0 ? acpi_hw_read_port+0xd0/0x1ea ? kfree_const+0x22/0x30 ? acpi_hw_validate_io_request+0x1a6/0x1a6 __asan_report_load8_noabort+0x61/0x70 ? unwind_get_return_address+0x11d/0x130 unwind_get_return_address+0x11d/0x130 ? unwind_next_frame+0x97/0xf0 __save_stack_trace+0x92/0x100 save_stack_trace+0x1b/0x20 save_stack+0x46/0xd0 ? save_stack_trace+0x1b/0x20 ? save_stack+0x46/0xd0 ? kasan_kmalloc+0xad/0xe0 ? kasan_slab_alloc+0x12/0x20 ? acpi_hw_read+0x2b6/0x3aa ? acpi_hw_validate_register+0x20b/0x20b ? acpi_hw_write_port+0x72/0xc7 ? acpi_hw_write+0x11f/0x15f ? acpi_hw_read_multiple+0x19f/0x19f ? memcpy+0x45/0x50 ? acpi_hw_write_port+0x72/0xc7 ? acpi_hw_write+0x11f/0x15f ? acpi_hw_read_multiple+0x19f/0x19f ? kasan_unpoison_shadow+0x36/0x50 kasan_kmalloc+0xad/0xe0 kasan_slab_alloc+0x12/0x20 kmem_cache_alloc_trace+0xbc/0x1e0 ? acpi_get_sleep_type_data+0x9a/0x578 acpi_get_sleep_type_data+0x9a/0x578 acpi_hw_legacy_wake_prep+0x88/0x22c ? acpi_hw_legacy_sleep+0x3c7/0x3c7 ? acpi_write_bit_register+0x28d/0x2d3 ? acpi_read_bit_register+0x19b/0x19b acpi_hw_sleep_dispatch+0xb5/0xba acpi_leave_sleep_state_prep+0x17/0x19 acpi_suspend_enter+0x154/0x1e0 ? trace_suspend_resume+0xe8/0xe8 suspend_devices_and_enter+0xb09/0xdb0 ? printk+0xa8/0xd8 ? arch_suspend_enable_irqs+0x20/0x20 ? try_to_freeze_tasks+0x295/0x600 pm_suspend+0x6c9/0x780 ? finish_wait+0x1f0/0x1f0 ? suspend_devices_and_enter+0xdb0/0xdb0 state_store+0xa2/0x120 ? kobj_attr_show+0x60/0x60 kobj_attr_store+0x36/0x70 sysfs_kf_write+0x131/0x200 kernfs_fop_write+0x295/0x3f0 __vfs_write+0xef/0x760 ? handle_mm_fault+0x1346/0x35e0 ? do_iter_readv_writev+0x660/0x660 ? __pmd_alloc+0x310/0x310 ? do_lock_file_wait+0x1e0/0x1e0 ? apparmor_file_permission+0x18/0x20 ? security_file_permission+0x73/0x1c0 ? rw_verify_area+0xbd/0x2b0 vfs_write+0x149/0x4a0 SyS_write+0xd9/0x1c0 ? SyS_read+0x1c0/0x1c0 entry_SYSCALL_64_fastpath+0x1e/0xad Memory state around the buggy address: ffff8803867d7700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff8803867d7780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffff8803867d7800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f4 ^ ffff8803867d7880: f3 f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 ffff8803867d7900: 00 00 00 f1 f1 f1 f1 04 f4 f4 f4 f3 f3 f3 f3 00 KASAN instrumentation poisons the stack when entering a function and unpoisons it when exiting the function. However, in the suspend path, some functions never return, so their stack never gets unpoisoned, resulting in stale KASAN shadow data which can cause later false positive warnings like the one above. Reported-by: Scott Bauer Signed-off-by: Josh Poimboeuf Acked-by: Andrey Ryabinin Acked-by: Pavel Machek Signed-off-by: Rafael J. Wysocki arch/x86/kernel/acpi/wakeup_64.S | 9 +++++++++ mm/kasan/kasan.c | 9 ++++++++- 2 files changed, 17 insertions(+), 1 deletion(-) commit ee39222d45839284f91e882df8a985e1af0f7e18 Author: Rafael J. Wysocki Date: Wed Nov 30 02:52:38 2016 +0100 ACPI / property: Document usage rules for _DSD properties Following some discussions during the Kernel Summit and LPC, document what can be returned from ACPI _DSD as device properties and when it is valid to use the special PRP0001 device ID. Signed-off-by: Rafael J. Wysocki Reviewed-by: Mika Westerberg Acked-by: Andy Shevchenko Reviwed-by: Mark Brown Documentation/acpi/DSD-properties-rules.txt | 97 +++++++++++++++++++++++++++++ Documentation/acpi/enumeration.txt | 9 +++ 2 files changed, 106 insertions(+) commit e2342ca832726a840ca6bd196dd2cc073815b08a Author: NeilBrown Date: Mon Dec 5 16:40:50 2016 +1100 md: fix refcount problem on mddev when stopping array. md_open() gets a counted reference on an mddev using mddev_find(). If it ends up returning an error, it must drop this reference. There are two error paths where the reference is not dropped. One only happens if the process is signalled and an awkward time, which is quite unlikely. The other was introduced recently in commit af8d8e6f0. Change the code to ensure the drop the reference when returning an error, and make it harded to re-introduce this sort of bug in the future. Reported-by: Marc Smith Fixes: af8d8e6f0315 ("md: changes for MD_STILL_CLOSED flag") Signed-off-by: NeilBrown Acked-by: Guoqing Jiang Signed-off-by: Shaohua Li drivers/md/md.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit 3d7e7e1d9db048bc6c1503bca9c82193450fc476 Author: Zhengyuan Liu Date: Sun Dec 4 16:49:44 2016 +0800 md/r5cache: do r5c_update_log_state after log recovery We should update log state after we did a log recovery, current completion may get wrong log state since log->log_start wasn't initalized until we called r5l_recovery_log. At log recovery stage, no lock needed as there is no race conditon. next_checkpoint field will be initialized in r5l_recovery_log too. Signed-off-by: Zhengyuan Liu Signed-off-by: Shaohua Li drivers/md/raid5-cache.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) commit 43b9674832cc41ad0ad7b7e2ec397e47dcd5f6c3 Author: JackieLiu Date: Mon Dec 5 11:58:53 2016 +0800 md/raid5-cache: adjust the write position of the empty block if no data blocks When recovery is complete, we write an empty block and record his position first, then make the data-only stripes rewritten done, the location of the empty block as the last checkpoint position to write into the super block. And we should update last_checkpoint to this empty block position. ------------------------------------------------------------------ | old log | empty block | data only stripes | invalid log | ------------------------------------------------------------------ ^ ^ ^ | |- log->last_checkpoint |- log->log_start | |- log->last_cp_seq |- log->next_checkpoint |- log->seq=n |- log->seq=10+n At the same time, if there is no data-only stripes, this scene may appear, | meta1 | meta2 | meta3 | meta 1 is valid, meta 2 is invalid. meta 3 could be valid. so we should The solution is we create a new meta in meta2 with its seq == meta1's seq + 10 and let superblock points to meta2. Signed-off-by: JackieLiu Reviewed-by: Zhengyuan Liu Reviewed-by: Song Liu Signed-off-by: Shaohua Li drivers/md/raid5-cache.c | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) commit 197aa6ed522cc44710687d3b02dd4e4573991416 Merge: 17f1dfd 4e77524 Author: Dave Airlie Date: Tue Dec 6 11:09:21 2016 +1000 Merge branch 'exynos-drm-next' of git://git.kernel.org/pub/scm/linux/kernel/git/daeinki/drm-exynos into drm-next Just refactoring HDMI driver by using infoframe helper function, fixing GSC Kconfig dependency issue and including trivial cleanups. * 'exynos-drm-next' of git://git.kernel.org/pub/scm/linux/kernel/git/daeinki/drm-exynos: drm/exynos: Use VIDEO_SAMSUNG_EXYNOS_GSC=n as GSC Kconfig dependency drm/exynos: gsc: fix spelling mistakes exynos-drm: Fix error messages to print flags and size drm/exynos/hdmi: refactor infoframe code commit 17f1dfd01ca105f0d3609225c9e7079c7df483b2 Merge: 770ac20 e7b8243 Author: Dave Airlie Date: Tue Dec 6 11:01:33 2016 +1000 Merge branch 'drm-next-4.10' of git://people.freedesktop.org/~agd5f/linux into drm-next - lots of code cleanup - lots of bug fixes - expose rpm based fan info via hwmon - lots of clock and powergating fixes - SI register header cleanup and conversion to common format used by newer asics * 'drm-next-4.10' of git://people.freedesktop.org/~agd5f/linux: (54 commits) drm/amdgpu: drop is_display_hung from display funcs drm/amdgpu/uvd: reduce IB parsing overhead on UVD5+ (v2) drm/amdgpu/uvd: consolidate code for fetching addr from ctx drm/amdgpu: Disable DPM in virtualization drm/amdgpu: use AMDGPU_GEM_CREATE_VRAM_CLEARED for VM PD/PTs (v2) drm/amdgpu: improve AMDGPU_GEM_CREATE_VRAM_CLEARED handling (v2) drm/amdgpu: fix error handling in amdgpu_bo_create_restricted drm/amdgpu: fix amdgpu_fill_buffer (v2) drm/amdgpu: remove amdgpu_irq_get_delayed amdgpu: Wrap dev_err() calls on vm faults with printk_ratelimit() amdgpu: Use dev_err() over vanilla printk() in vm_decode_fault() drm/amd/amdgpu: port of DCE v6 to new headers (v3) drm/amdgpu: cleanup unused iterator members for sdma v2.4 drm/amdgpu: cleanup unused iterator members for sdma v3 drm/amdgpu:impl vgt_flush for VI(V5) drm/amdgpu: enable uvd mgcg for Fiji. drm/amdgpu: refine cz uvd clock gate logic. drm/amdgpu: change log level to KERN_INFO in ci_dpm.c drm/amdgpu: always un-gate UVD REGS path. drm/amdgpu/sdma: fix typo in packet setup ... commit 770ac20413ce654f6e4efaaf24e954ebb907fc3b Merge: 9ac63d9 c4ae94a Author: Dave Airlie Date: Tue Dec 6 11:00:16 2016 +1000 Merge branch 'drm-etnaviv-next' of git://git.pengutronix.de/lst/linux into drm-next - fix dma-buf export path to return correct SG table - trivially implement direct dma-buf mapping - allow DRAW_INSTANCED commands in validator - make the driver work on i.MX6SX, yielding a working 2D/3D stack together with Mareks MXS DRM driver * 'drm-etnaviv-next' of git://git.pengutronix.de/lst/linux: MAINTAINERS: add etnaviv mailinglist drm/etnaviv: move linear window on MC1.0 parts if necessary drm/etnaviv: don't invoke OOM killer from dump code drm/etnaviv: fix gem_prime_get_sg_table to return new SG table drm/etnaviv: Allow DRAW_INSTANCED commands drm/etnaviv: implement dma-buf mmap commit 8f64fb1ccef331077a96cbfc3c23f91cbe563fd0 Author: Al Viro Date: Mon Nov 14 01:50:26 2016 -0500 namei: fold should_follow_link() with the step into not-followed link All callers are followed by the same boilerplate - "if it has returned 0, update nd->path/inode/seq - we are not following a symlink here". Pull it into the function itself, renaming it into step_into(). Rename WALK_GET to WALK_FOLLOW, while we are at it - more descriptive name. Signed-off-by: Al Viro fs/namei.c | 48 ++++++++++++++++++------------------------------ 1 file changed, 18 insertions(+), 30 deletions(-) commit 31d66bcd3f197d135145afb268996b4f5ea83459 Author: Al Viro Date: Mon Nov 14 01:43:34 2016 -0500 namei: pass both WALK_GET and WALK_MORE to should_follow_link() ... and pull put_link() logics into it. Signed-off-by: Al Viro fs/namei.c | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) commit 1c4ff1a87e46a06fc00a83da2fbbc3ac0298f221 Author: Al Viro Date: Mon Nov 14 01:39:36 2016 -0500 namei: invert WALK_PUT logics ... turning the condition for put_link() in walk_component() into "WALK_MORE not passed and depth is non-zero". Again, makes for simpler arguments. Signed-off-by: Al Viro fs/namei.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) commit 7f49b471097011d03316d4ae1bc38f9c177126c3 Author: Al Viro Date: Mon Nov 14 01:34:52 2016 -0500 namei: shift interpretation of LOOKUP_FOLLOW inside should_follow_link() Simplifies the arguments both for it and for walk_component() Signed-off-by: Al Viro fs/namei.c | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) commit ba8f46135ab19a6bc3ac11a16e8455956e13f6b1 Author: Al Viro Date: Mon Nov 14 00:40:33 2016 -0500 namei: saner calling conventions for mountpoint_last() leave the result in nd->path, have caller do follow_mount() and copy it to the final destination. Signed-off-by: Al Viro fs/namei.c | 50 +++++++++++++++++++++++++------------------------- 1 file changed, 25 insertions(+), 25 deletions(-) commit c1d4dd27678fc6892e30ea3de4a7caf86f39df1c Author: Al Viro Date: Sun Jun 5 16:38:18 2016 -0400 namei.c: get rid of user_path_parent() direct use of filename_parentat() is just as readable Signed-off-by: Al Viro fs/namei.c | 34 ++++++++-------------------------- 1 file changed, 8 insertions(+), 26 deletions(-) commit f0bb5aaf2c51267c49ed5e2c6103df22acfe30f5 Author: Al Viro Date: Sun Nov 20 20:27:12 2016 -0500 vfs: misc struct path constification Signed-off-by: Al Viro fs/namei.c | 4 ++-- fs/statfs.c | 2 +- fs/utimes.c | 2 +- include/linux/fs.h | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) commit ca71cf71eeda04dc9ad18271504e499013af5415 Author: Al Viro Date: Sun Nov 20 19:45:28 2016 -0500 namespace.c: constify struct path passed to a bunch of primitives Signed-off-by: Al Viro fs/internal.h | 2 +- fs/namespace.c | 8 ++++---- include/linux/fs.h | 2 +- include/linux/mount.h | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) commit 8c54ca9c6882f5a68d19a82fd063b74f91d4c22b Author: Al Viro Date: Sun Nov 20 19:49:34 2016 -0500 quota: constify struct path in quota_on Signed-off-by: Al Viro fs/ext4/super.c | 4 ++-- fs/quota/dquot.c | 2 +- fs/quota/quota.c | 4 ++-- fs/reiserfs/super.c | 4 ++-- include/linux/quota.h | 2 +- include/linux/quotaops.h | 2 +- 6 files changed, 9 insertions(+), 9 deletions(-) commit a4141d7cf80fee99ace8d8a95dd358c98ad6ad69 Author: Al Viro Date: Sun Nov 20 20:28:12 2016 -0500 constify alloc_file() Signed-off-by: Al Viro fs/file_table.c | 2 +- include/linux/file.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) commit 92872094a163b6b6954c46b3d1e36ab9c8b2b32c Author: Al Viro Date: Sun Nov 20 19:34:31 2016 -0500 constify btrfs_mksubvol() Signed-off-by: Al Viro fs/btrfs/ioctl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 5b5577e4ebbd63de1a774963a373d851857e980a Author: Al Viro Date: Sun Nov 20 19:33:32 2016 -0500 autofs: constify find_autofs_mount() callback Signed-off-by: Al Viro fs/autofs4/dev-ioctl.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 71215a75ceddf38ba9d4563481da8dd943de10fc Author: Al Viro Date: Sun Nov 20 19:30:18 2016 -0500 constify get_dcookie() and friends Signed-off-by: Al Viro arch/powerpc/oprofile/cell/spu_task_sync.c | 2 +- drivers/oprofile/buffer_sync.c | 2 +- fs/dcookies.c | 4 ++-- include/linux/dcookies.h | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) commit 8bd107633b64195a0748b05236c3d14db0a8bed4 Author: Al Viro Date: Sun Nov 20 20:36:51 2016 -0500 audit_log_{name,link_denied}: constify struct path Signed-off-by: Al Viro include/linux/audit.h | 2 +- kernel/audit.c | 4 ++-- kernel/audit.h | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) commit 40212d531d4bfac48dca8cd3d794639766745cda Author: Al Viro Date: Sun Nov 20 20:24:41 2016 -0500 fsnotify: constify the places working with ->f_path Signed-off-by: Al Viro include/linux/fsnotify.h | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) commit 12c7f9dc0fd154632457f3474351bcfcf4e61512 Author: Al Viro Date: Sun Nov 20 20:23:04 2016 -0500 constify fsnotify_parent() Signed-off-by: Al Viro fs/notify/fsnotify.c | 2 +- include/linux/fsnotify.h | 2 +- include/linux/fsnotify_backend.h | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) commit e637835eccc8b93f39ca869628f9a0437bba744e Author: Al Viro Date: Sun Nov 20 20:21:17 2016 -0500 fsnotify(): constify 'data' Signed-off-by: Al Viro fs/notify/fsnotify.c | 6 +++--- include/linux/fsnotify_backend.h | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) commit 3cd5eca8d7a2fe43098df4c33a1272fe6945cac9 Author: Al Viro Date: Sun Nov 20 20:19:09 2016 -0500 fsnotify: constify 'data' passed to ->handle_event() Signed-off-by: Al Viro fs/notify/dnotify/dnotify.c | 2 +- fs/notify/fanotify/fanotify.c | 8 ++++---- fs/notify/fanotify/fanotify.h | 2 +- fs/notify/inotify/inotify.h | 2 +- fs/notify/inotify/inotify_fsnotify.c | 4 ++-- include/linux/fsnotify_backend.h | 2 +- kernel/audit_fsnotify.c | 10 +++++----- kernel/audit_tree.c | 2 +- kernel/audit_watch.c | 8 ++++---- 9 files changed, 20 insertions(+), 20 deletions(-) commit 640eb7e7b5242af53c456552a526d0080e6333f8 Author: Mickaël Salaün Date: Mon Nov 14 22:14:35 2016 +0100 fs: Constify path_is_under()'s arguments The function path_is_under() doesn't modify the paths pointed by its arguments but only browse them. Constifying this pointers make a cleaner interface to be used by (future) code which may only have access to const struct path pointers (e.g. LSM hooks). Signed-off-by: Mickaël Salaün Cc: Alexander Viro Signed-off-by: Al Viro fs/namespace.c | 2 +- include/linux/fs.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) commit 9ac63d99732ad221ad2606e7910ed4bec4763d84 Merge: f03ee46 a8f6cb7 Author: Dave Airlie Date: Tue Dec 6 09:34:43 2016 +1000 Merge branch 'linux-4.10' of git://github.com/skeggsb/linux into drm-next - BIT_PERF_PTRS uses 32-bit pointers to its subtables, we were parsing them as 16-bit, causing various issues on newer boards. - Support for MXM on GM20x and up. - More display-related fixes. * 'linux-4.10' of git://github.com/skeggsb/linux: drm/nouveau/mxm: warn more loudly on unsupported DCB version drm/nouveau/mxm: handle DCB 4.1 modification drm/nouveau/bios/mxm: handle digital connector table 1.1 drm/nouveau: Queue hpd_work on (runtime) resume drm/nouveau: Rename acpi_work to hpd_work drm/nouveau/kms/nv50: Fix atomic pageflip events. drm/nouveau/fb/ram/gp100-: fix memory detection where FBP_NUM != FBPA_NUM drm/nouveau/bios/volt: pointers are 32-bit drm/nouveau/bios/vmap: pointers are 32-bit drm/nouveau/bios/timing: pointers are 32-bit drm/nouveau/bios/therm: pointers are 32-bit drm/nouveau/bios/perf: pointers are 32-bit drm/nouveau/bios/iccsense: pointers are 32-bit drm/nouveau/bios/fan: pointers are 32-bit drm/nouveau/bios/cstep: pointers are 32-bit drm/nouveau/bios/boost: pointers are 32-bit commit a8f6cb7bb300c246ef97c06ad13a7f0ceaea5c65 Author: Ben Skeggs Date: Tue Dec 6 09:03:59 2016 +1000 drm/nouveau/mxm: warn more loudly on unsupported DCB version Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/nvkm/subdev/mxm/nv50.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit f6bf17391fbb94086a1142a18f6301c24535df30 Author: Ben Skeggs Date: Tue Dec 6 09:03:04 2016 +1000 drm/nouveau/mxm: handle DCB 4.1 modification Allows MXM DCB modification to be handled on GM20x and newer boards. Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/nvkm/subdev/mxm/nv50.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 8ca99316fd6fcdd87357d3291f38a5dc09a7e106 Author: Ben Skeggs Date: Tue Dec 6 08:59:31 2016 +1000 drm/nouveau/bios/mxm: handle digital connector table 1.1 I suspect the version bump is just to signify that the table now specifies pad macro/links instead of SOR/sublinks. For our usage of the table, just recognising the new version is enough. Signed-off-by: Ben Skeggs drivers/gpu/drm/nouveau/nvkm/subdev/bios/mxm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 3cedd7d75f9ac397d20efa80a3d5f74bb52befcd Author: Kirti Wankhede Date: Tue Dec 6 02:38:20 2016 +0530 vfio iommu type1: WARN_ON if notifier block is not unregistered mdev vendor driver should unregister the iommu notifier since the vfio iommu can persist beyond the attachment of the mdev group. WARN_ON will show warning if vendor driver doesn't unregister the notifier and is forced to follow the implementations steps. Signed-off-by: Kirti Wankhede Signed-off-by: Neo Jia Signed-off-by: Alex Williamson drivers/vfio/vfio_iommu_type1.c | 2 ++ 1 file changed, 2 insertions(+) commit 84a261ff76544a7968e184eac4213b24e8bbd81a Author: Pan Bian Date: Sun Dec 4 13:23:04 2016 +0800 scsi: be2iscsi: set errno on error path Variable ret is reset in the loop, and its value will be 0 during the second and after repeat of the loop. If pci_alloc_consistent() returns a NULL pointer then, it will leaves with return value 0. 0 means no error, which is contrary to the fact. This patches fixes the bug, explicitly assigning "-ENOMEM" to return variable ret on the path that the call to pci_alloc_consistent() fails. Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=188951 Signed-off-by: Pan Bian Reviewed-by: Jitendra Bhivare Signed-off-by: Martin K. Petersen drivers/scsi/be2iscsi/be_main.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 29b33252751b430e400a987667a826ffcd2741f4 Author: Pan Bian Date: Sun Dec 4 13:21:42 2016 +0800 scsi: be2iscsi: set errno on error path Variable ret is reset in the loop, and its value will be 0 during the second and after repeat of the loop. If pci_alloc_consistent() returns a NULL pointer then, it will leaves with return value 0. 0 means no error, which is contrary to the fact. This patches fixes the bug, explicitly assigning "-ENOMEM" to return variable ret on the path that the call to pci_alloc_consistent() fails. Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=188941 Signed-off-by: Pan Bian Reviewed-by: Jitendra Bhivare Signed-off-by: Martin K. Petersen drivers/scsi/be2iscsi/be_main.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 2a80d5458a027f6d514987c09f0b51f45c3a5be4 Author: Hannes Reinecke Date: Fri Dec 2 11:36:13 2016 +0100 scsi: hpsa: fallback to use legacy REPORT PHYS command Older SmartArray controllers (eg SmartArray 64xx) do not support the extended REPORT PHYS command, so fallback to use the legacy version here. Signed-off-by: Hannes Reinecke Acked-by: Don Brace Signed-off-by: Martin K. Petersen drivers/scsi/hpsa.c | 28 ++++++++++++++++++++++++++-- 1 file changed, 26 insertions(+), 2 deletions(-) commit d29425b065cdab5c5e65a48108adde5ea72d4656 Author: Bart Van Assche Date: Thu Dec 1 11:30:50 2016 -0800 scsi: scsi_dh_alua: Fix RCU annotations This patch avoids that sparse complains about RCU pointer dereferences. Signed-off-by: Bart Van Assche Cc: Hannes Reinecke Cc: tang.junhui Reviewed-by: Christoph Hellwig Signed-off-by: Martin K. Petersen drivers/scsi/device_handler/scsi_dh_alua.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) commit 609a70df07af1ff857257fb2e93c3ef281e30710 Author: Rasmus Villemoes Date: Wed Nov 30 23:35:47 2016 +0100 scsi: hpsa: use %phN for short hex dumps Passing one instead of 8 or 16 arguments reduces the size of the generated code somewhat: add/remove: 2/3 grow/shrink: 1/4 up/down: 1772/-2137 (-365) There's one more candidate, unique_id_show, but that uses %02X, and I'm not sure it would be ok to start using lowercase there, so I've left it alone for now. Signed-off-by: Rasmus Villemoes Acked-by: Don Brace Signed-off-by: Martin K. Petersen drivers/scsi/hpsa.c | 40 +++++++++++++--------------------------- 1 file changed, 13 insertions(+), 27 deletions(-) commit d37a0082919360dda828679cccb5c4e8e83ec199 Author: Xiaofei Tan Date: Tue Nov 29 23:45:57 2016 +0800 scsi: hisi_sas: fix free'ing in probe and remove This patch addresses 4 problems in the module probe/remove: - When hisi_sas_shost_alloc() fails after we alloc shost memory, we should free shost memory before the function returns. - When hisi_sas_probe() fails after we alloc the HBA memories, we should also free the HBA memories. - We should free shost memory at the end of hisi_sas_remove(). - sha->core.shost is set twice, so remove extra set. Signed-off-by: Xiaofei Tan Signed-off-by: John Garry Reviewed-by: Quentin Lambert Signed-off-by: Martin K. Petersen drivers/scsi/hisi_sas/hisi_sas_main.c | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) commit 0f60724f53c2230615c7a3b2abf30a0bc7e8a8de Author: Mauro Carvalho Chehab Date: Mon Dec 5 09:41:45 2016 -0200 docs: 00-INDEX: document directories/files with no docs There are a number of files/directories that don't contain any documentation. They're related to ReST file conversion. As a matter of completeness, since Makefile is also documented there, add an entry for those files too. Signed-off-by: Mauro Carvalho Chehab Signed-off-by: Jonathan Corbet Documentation/00-INDEX | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) commit a240bfedee7fe2bad1a5ac5d104c513e7fe09d30 Author: Mauro Carvalho Chehab Date: Mon Dec 5 09:41:44 2016 -0200 docs: 00-INDEX: remove non-existing entries Several entries were moved to a directory; others got simply removed. Get rid of those entries. Signed-off-by: Mauro Carvalho Chehab Signed-off-by: Jonathan Corbet Documentation/00-INDEX | 52 -------------------------------------------------- 1 file changed, 52 deletions(-) commit 822d289f2872317d2536028d063d1e1b9d9fd76f Author: Mauro Carvalho Chehab Date: Mon Dec 5 09:41:43 2016 -0200 docs: 00-INDEX: add missing entries for documentation files/dirs Several directories and individual files don't have entries at 00-INDEX. Add them, using, as reference, the initial text inside the documentation file(s). Signed-off-by: Mauro Carvalho Chehab Signed-off-by: Jonathan Corbet Documentation/00-INDEX | 64 ++++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 60 insertions(+), 4 deletions(-) commit 79c87c30d0e6d02b2a7d0f1eed372d0979c03930 Author: Mauro Carvalho Chehab Date: Mon Dec 5 09:41:42 2016 -0200 docs: 00-INDEX: consolidate process/ and admin-guide/ description Instead of having descriptions for individual files inside the process/ and admin-guide/ documentation, consolidate them into one entry per directory, just like other descriptions inside 00-INDEX. Signed-off-by: Mauro Carvalho Chehab Signed-off-by: Jonathan Corbet Documentation/00-INDEX | 61 ++++---------------------------------------------- 1 file changed, 4 insertions(+), 57 deletions(-) commit f15c323397f87b978f4057eb1462efcbf487493a Author: Mauro Carvalho Chehab Date: Mon Dec 5 09:41:41 2016 -0200 scripts: add a script to check if Documentation/00-INDEX is sane It is easy to forget adding/removing entries at the Documentation/00-INDEX file. In a matter of fact, even before ReST conversion, people use to forget adding things here, as there are lots of missing stuff out there. Now that we're doing a hard work converting entries to ReST, and while this hole file is not outdated, it is good to have some tool that would help to verify that this file is kept updated. Signed-off-by: Mauro Carvalho Chehab Signed-off-by: Jonathan Corbet scripts/check_00index.sh | 66 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 66 insertions(+) commit 20b786eb2598ac10c9743535b65611ce808c8d71 Author: Kevin Peng Date: Sun Dec 4 02:58:02 2016 -0800 Docs: change sh -> awk in REPORTING-BUGS scripts/ver_linux has been rewritten as an awk script; update documentation to reflect this fact. Signed-off-by: Kevin Peng Signed-off-by: Jonathan Corbet Documentation/admin-guide/reporting-bugs.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit aad800403a8761073511abb93075738302983956 Author: Lukas Wunner Date: Sun Dec 4 13:10:04 2016 +0100 Documentation/core-api/device_link: Add initial documentation Document device links as introduced in v4.10 with commits: 4bdb35506b89 ("driver core: Add a wrapper around __device_release_driver()") 9ed9895370ae ("driver core: Functional dependencies tracking support") 8c73b4288496 ("PM / sleep: Make async suspend/resume of devices use device links") 21d5c57b3726 ("PM / runtime: Use device links") baa8809f6097 ("PM / runtime: Optimize the use of device links") Signed-off-by: Lukas Wunner [ jc: Moved from core-api to driver-api ] Signed-off-by: Jonathan Corbet Documentation/driver-api/device_link.rst | 279 +++++++++++++++++++++++++++++++ Documentation/driver-api/index.rst | 1 + 2 files changed, 280 insertions(+) commit 78300cf8152f87adb20fbe71a600e0d8d72aabe8 Author: Henry Orosco Date: Wed Nov 30 15:14:15 2016 -0600 i40iw: Add request for reset on CQP timeout When CQP times out, send a request to LAN driver for reset. Signed-off-by: Mustafa Ismail Signed-off-by: Henry Orosco Signed-off-by: Doug Ledford drivers/infiniband/hw/i40iw/i40iw.h | 1 + drivers/infiniband/hw/i40iw/i40iw_utils.c | 10 +++++++++- 2 files changed, 10 insertions(+), 1 deletion(-) commit 1ef936b229c54e73a3cce9f4eb8dd5a146add073 Author: Henry Orosco Date: Wed Nov 30 15:13:47 2016 -0600 i40iw: Code cleanup, remove check of PBLE pages Remove check for zero 'pages' of unallocated pbles calculated in add_pble_pool(); as it can never be true. Signed-off-by: Shiraz Saleem Signed-off-by: Henry Orosco Signed-off-by: Doug Ledford drivers/infiniband/hw/i40iw/i40iw_pble.c | 4 ---- 1 file changed, 4 deletions(-) commit bf69f494c337cf3c43d3358ad66642dbde50fe03 Author: Shiraz Saleem Date: Wed Nov 30 15:12:35 2016 -0600 i40iw: Correctly fail loopback connection if no listener Fail the connect and return the proper error code if a client is started with local IP address and there is no corresponding loopback listener. Signed-off-by: Shiraz Saleem Signed-off-by: Faisal Latif Signed-off-by: Doug Ledford drivers/infiniband/hw/i40iw/i40iw_cm.c | 62 +++++++++++++++++++--------------- 1 file changed, 35 insertions(+), 27 deletions(-) commit fd4e906b2e2c04056e8c1773b5b6e06d307239e6 Author: Shiraz Saleem Date: Wed Nov 30 15:12:11 2016 -0600 i40iw: Fill in IRD value when on connect request IRD is not populated on connect request and application is getting 0 for the value. Fill in the correct value on connect request. Signed-off-by: Shiraz Saleem Signed-off-by: Faisal Latif Signed-off-by: Doug Ledford drivers/infiniband/hw/i40iw/i40iw_cm.c | 1 + 1 file changed, 1 insertion(+) commit 7eb2bde7f3900f044ab351e450adc41623ff2f5c Author: Shiraz Saleem Date: Wed Nov 30 15:09:34 2016 -0600 i40iw: Set TOS field in IP header Set the TOS field in IP header with the value passed in from application. If there is mismatch between the remote client's TOS and listener, set the listener Tos to the higher of the two values. Signed-off-by: Shiraz Saleem Signed-off-by: Faisal Latif Signed-off-by: Doug Ledford drivers/infiniband/hw/i40iw/i40iw_cm.c | 25 +++++++++++++++++++------ drivers/infiniband/hw/i40iw/i40iw_cm.h | 3 +++ 2 files changed, 22 insertions(+), 6 deletions(-) commit e0b010da87e3aaf7ca9d28ba5d141924a7f8c66d Author: Shiraz Saleem Date: Wed Nov 30 15:09:07 2016 -0600 i40iw: Add NULL check for ibqp event handler Add NULL check for ibqp event handler before calling it to report QP events, as it might not initialized. Signed-off-by: Shiraz Saleem Signed-off-by: Faisal Latif Signed-off-by: Doug Ledford drivers/infiniband/hw/i40iw/i40iw_cm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit a05e15135b67d71f30f70ab45dede4706f988439 Author: Mustafa Ismail Date: Wed Nov 30 15:08:34 2016 -0600 i40iw: Replace list_for_each_entry macro with safe version Use list_for_each_entry_safe macro for the IPv6 addr list as IPv6 addresses can be deleted while going through the list. Signed-off-by: Mustafa Ismail Signed-off-by: Shiraz Saleem Signed-off-by: Doug Ledford drivers/infiniband/hw/i40iw/i40iw_cm.c | 4 ++-- drivers/infiniband/hw/i40iw/i40iw_main.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) commit e5e74b61b16503acbd914f673b783fa2a1532a64 Author: Mustafa Ismail Date: Wed Nov 30 15:07:30 2016 -0600 i40iw: Add IP addr handling on netdev events Disable listeners and disconnect all connected QPs on a netdev interface down event. On an interface up event, the listeners are re-enabled. Signed-off-by: Mustafa Ismail Signed-off-by: Shiraz Saleem Signed-off-by: Doug Ledford drivers/infiniband/hw/i40iw/i40iw_cm.c | 138 +++++++++++++++++++++++++++++- drivers/infiniband/hw/i40iw/i40iw_cm.h | 2 + drivers/infiniband/hw/i40iw/i40iw_utils.c | 58 ++++--------- 3 files changed, 156 insertions(+), 42 deletions(-) commit d59659340c61e777208524f77c268fe6edc6fe37 Author: Mustafa Ismail Date: Wed Nov 30 14:59:26 2016 -0600 i40iw: Add missing cleanup on device close On i40iw device close, disconnect all connected QPs by moving them to error state; and block further QPs, PDs and CQs from being created. Additionally, make sure all resources have been freed before deallocating the ibdev as part of the device close. Signed-off-by: Mustafa Ismail Signed-off-by: Shiraz Saleem Signed-off-by: Doug Ledford drivers/infiniband/hw/i40iw/i40iw.h | 5 +++++ drivers/infiniband/hw/i40iw/i40iw_cm.c | 31 +++++++++++++++++++++++++++++++ drivers/infiniband/hw/i40iw/i40iw_cm.h | 2 ++ drivers/infiniband/hw/i40iw/i40iw_d.h | 2 ++ drivers/infiniband/hw/i40iw/i40iw_main.c | 4 ++++ drivers/infiniband/hw/i40iw/i40iw_utils.c | 21 +++++++++++++++++++++ drivers/infiniband/hw/i40iw/i40iw_verbs.c | 25 +++++++++++++++++++++++++ 7 files changed, 90 insertions(+) commit f26c7c83395b72f30d111f4e3adb3437c0a30b77 Author: Henry Orosco Date: Wed Nov 30 14:57:40 2016 -0600 i40iw: Add 2MB page support Add support to allow each independent memory region to be configured for 2MB page size in addition to 4KB page size. Signed-off-by: Shiraz Saleem Signed-off-by: Henry Orosco Signed-off-by: Doug Ledford drivers/infiniband/hw/i40iw/i40iw_verbs.c | 59 +++++++++++++++++++++++++------ drivers/infiniband/hw/i40iw/i40iw_verbs.h | 2 ++ 2 files changed, 51 insertions(+), 10 deletions(-) commit b6a529da69ce880ee4d0f3730ef46ead7f7cd0d3 Author: Henry Orosco Date: Wed Nov 30 14:56:14 2016 -0600 i40iw: Utilize physically mapped memory regions Add support to use physically mapped WQ's and MR's if determined that the OS registered user-memory for the region is physically contiguous. This feature will eliminate the need for unnecessarily setting up and using PBL's when not required. Signed-off-by: Shiraz Saleem Signed-off-by: Henry Orosco Signed-off-by: Doug Ledford drivers/infiniband/hw/i40iw/i40iw_verbs.c | 102 +++++++++++++++++++++++++++--- 1 file changed, 93 insertions(+), 9 deletions(-) commit d4165e3abdf16707602c10f0d678d4d564a87e35 Author: Henry Orosco Date: Tue Nov 22 09:44:20 2016 -0600 i40iw: Fix incorrect assignment of SQ head The SQ head is incorrectly incremented when the number of WQEs required is greater than the number available. The fix is to use the I40IW_RING_MOV_HEAD_BY_COUNT macro. This checks for the SQ full condition first and only if SQ has room for the request, then we move the head appropriately. Signed-off-by: Shiraz Saleem Signed-off-by: Henry Orosco Signed-off-by: Doug Ledford drivers/infiniband/hw/i40iw/i40iw_uk.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) commit 78e945aace5b9aaf19404799cd29b4d155806053 Author: Henry Orosco Date: Wed Nov 9 22:20:31 2016 -0600 i40iw: Remove variable flush_code and check to set qp->sq_flush The flush_code variable in i40iw_bld_terminate_hdr() is obsolete and the check to set qp->sq_flush is unreachable. Currently flush code is populated in setup_term_hdr() and both SQ and RQ are flushed always as part of the tear down flow. Signed-off-by: Shiraz Saleem Signed-off-by: Henry Orosco Signed-off-by: Doug Ledford drivers/infiniband/hw/i40iw/i40iw_ctrl.c | 4 ---- 1 file changed, 4 deletions(-) commit dfd9c43b3ce97e1b66a6dc1d9dcc95db9a27cc4b Author: Henry Orosco Date: Wed Nov 9 21:42:26 2016 -0600 i40iw: Remove check on return from device_init_pestat() Remove unnecessary check for return code from device_init_pestat() and change func to void. Signed-off-by: Shiraz Saleem Signed-off-by: Henry Orosco Signed-off-by: Doug Ledford drivers/infiniband/hw/i40iw/i40iw_ctrl.c | 10 ++-------- drivers/infiniband/hw/i40iw/i40iw_p.h | 2 +- drivers/infiniband/hw/i40iw/i40iw_virtchnl.c | 6 +----- 3 files changed, 4 insertions(+), 14 deletions(-) commit 5ebcb0ff54e594668e506583fa7344d101e3d05e Author: Henry Orosco Date: Wed Nov 9 21:34:02 2016 -0600 i40iw: Use runtime check for IS_ENABLED(CONFIG_IPV6) To be consistent, use the runtime check instead of conditional compile. Signed-off-by: Mustafa Ismail Signed-off-by: Henry Orosco Signed-off-by: Doug Ledford drivers/infiniband/hw/i40iw/i40iw_cm.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit e67791858e7b8d1389833386cb2dd0ca30d06862 Author: Henry Orosco Date: Wed Nov 9 21:33:32 2016 -0600 i40iw: Use actual page size In i40iw_post_send, use the actual page size instead of encoded page size. This is to be consistent with the rest of the file. Signed-off-by: Mustafa Ismail Signed-off-by: Henry Orosco Signed-off-by: Doug Ledford drivers/infiniband/hw/i40iw/i40iw_verbs.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) commit 1ad19f739f494eda2f8e9611ab6c3056244b70fc Author: Henry Orosco Date: Wed Nov 9 21:32:25 2016 -0600 i40iw: Remove NULL check for cm_node->iwdev It is not necessary to check cm_node->iwdev in i40iw_rem_ref_cm_node() as it can never be NULL after a successful call out of i40iw_make_cm_node(). Signed-off-by: Chien Tin Tung Signed-off-by: Henry Orosco Signed-off-by: Doug Ledford drivers/infiniband/hw/i40iw/i40iw_cm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 799749979dbf41a878a00abdae00cf484c21a5b2 Author: Henry Orosco Date: Wed Nov 9 21:32:03 2016 -0600 i40iw: Remove checks for more than 48 bytes inline data Remove dead code, which isn't executed because we return error if the data size is greater than 48 bytes. Inline data size greater than 48 bytes isn't supported and the maximum WQE size is 64 bytes. Signed-off-by: Tatyana Nikolova Signed-off-by: Henry Orosco Signed-off-by: Doug Ledford drivers/infiniband/hw/i40iw/i40iw_uk.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) commit 85a87c90ee90217da1b05a77bbb47ebe31a2f124 Author: Henry Orosco Date: Wed Nov 9 21:30:28 2016 -0600 i40iw: Query device accounts for internal rsrc Some resources are consumed internally and not available to the user. After hw is initialized, figure out how many resources are consumed and subtract those numbers from the initial max device capability in i40iw_query_device(). Signed-off-by: Henry Orosco Signed-off-by: Doug Ledford drivers/infiniband/hw/i40iw/i40iw.h | 4 ++++ drivers/infiniband/hw/i40iw/i40iw_hw.c | 2 +- drivers/infiniband/hw/i40iw/i40iw_main.c | 15 +++++++++++++++ drivers/infiniband/hw/i40iw/i40iw_user.h | 3 ++- drivers/infiniband/hw/i40iw/i40iw_verbs.c | 8 ++++---- 5 files changed, 26 insertions(+), 6 deletions(-) commit e7f9774af591d346990f1d6dfca0ee9caeb52756 Author: Henry Orosco Date: Wed Nov 9 21:28:02 2016 -0600 i40iw: Optimize inline data copy Use memcpy for inline data copy in sends and writes instead of byte by byte copy. Signed-off-by: Mustafa Ismail Signed-off-by: Henry Orosco Signed-off-by: Doug Ledford drivers/infiniband/hw/i40iw/i40iw_uk.c | 24 ++++++++++-------------- 1 file changed, 10 insertions(+), 14 deletions(-) commit c38d7e0d08421a53cea4e09b76b3453d499fbd67 Author: Henry Orosco Date: Wed Nov 9 21:27:02 2016 -0600 i40iw: Fix for LAN handler removal If i40iw_open() fails for any reason, the LAN handler is not being removed. Modify i40iw_deinit_device() to always remove the handler. Signed-off-by: Mustafa Ismail Signed-off-by: Henry Orosco Signed-off-by: Doug Ledford drivers/infiniband/hw/i40iw/i40iw_main.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) commit 01d0b36798732d826fbf84de8961a09b3a2fbf3f Author: Henry Orosco Date: Wed Nov 9 21:26:39 2016 -0600 i40iw: Correct values for max_recv_sge, max_send_sge When creating QPs, ensure init_attr->cap.max_recv_sge is clipped to MAX_FRAG_COUNT. Expose MAX_FRAG_COUNT for max_recv_sge and max_send_sge in i40iw_query_qp(). Signed-off-by: Shiraz Saleem Signed-off-by: Henry Orosco Reviewed-By: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/i40iw/i40iw_verbs.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) commit e69c5093617afdbd2ab02c289d0adaac044dff66 Author: Henry Orosco Date: Wed Nov 9 21:24:48 2016 -0600 i40iw: Use vector when creating CQs Assign each CEQ vector to a different CPU when possible, then when creating a CQ, use the vector for the CEQ id. This allows completion work to be distributed over multiple cores. Signed-off-by: Mustafa Ismail Signed-off-by: Henry Orosco Signed-off-by: Doug Ledford drivers/infiniband/hw/i40iw/i40iw_main.c | 8 +++++++- drivers/infiniband/hw/i40iw/i40iw_verbs.c | 5 +++-- 2 files changed, 10 insertions(+), 3 deletions(-) commit 68583ca2a183c6368f4c333fa989685fba7cf325 Author: Henry Orosco Date: Sat Nov 19 20:26:25 2016 -0600 i40iw: Convert page_size to encoded value Passed in page_size was used as encoded value for writing the WQE and passed in value was usually 4096. This was working out since bit 0 was 0 and implies 4KB pages, but would not work for other page sizes. Signed-off-by: Mustafa Ismail Signed-off-by: Henry Orosco Signed-off-by: Doug Ledford drivers/infiniband/hw/i40iw/i40iw_ctrl.c | 12 +++++++++--- drivers/infiniband/hw/i40iw/i40iw_type.h | 5 +++++ 2 files changed, 14 insertions(+), 3 deletions(-) commit 96a988ffeb90dba33a71c3826086fe67c897a183 Author: Pavel Shilovsky Date: Tue Nov 29 11:31:23 2016 -0800 CIFS: Fix a possible double locking of mutex during reconnect With the current code it is possible to lock a mutex twice when a subsequent reconnects are triggered. On the 1st reconnect we reconnect sessions and tcons and then persistent file handles. If the 2nd reconnect happens during the reconnecting of persistent file handles then the following sequence of calls is observed: cifs_reopen_file -> SMB2_open -> small_smb2_init -> smb2_reconnect -> cifs_reopen_persistent_file_handles -> cifs_reopen_file (again!). So, we are trying to acquire the same cfile->fh_mutex twice which is wrong. Fix this by moving reconnecting of persistent handles to the delayed work (smb2_reconnect_server) and submitting this work every time we reconnect tcon in SMB2 commands handling codepath. This can also lead to corruption of a temporary file list in cifs_reopen_persistent_file_handles() because we can recursively call this function twice. Cc: Stable # v4.9+ Signed-off-by: Pavel Shilovsky fs/cifs/cifsglob.h | 1 + fs/cifs/file.c | 8 +++++++- fs/cifs/smb2pdu.c | 14 +++++++++----- fs/cifs/smb2pdu.h | 2 ++ 4 files changed, 19 insertions(+), 6 deletions(-) commit b0da4f743db522e006de5c8a1956b600872e6979 Author: Philippe Reynes Date: Sun Dec 4 23:37:53 2016 +0100 net: calxeda: xgmac: use new api ethtool_{get|set}_link_ksettings The ethtool api {get|set}_settings is deprecated. We move this driver to new api {get|set}_link_ksettings. Signed-off-by: Philippe Reynes Signed-off-by: David S. Miller drivers/net/ethernet/calxeda/xgmac.c | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) commit 5397b31bce5febe1ae2e3dd30e137c560b7b9253 Merge: 70f23a8 7bd509e Author: David S. Miller Date: Mon Dec 5 15:33:11 2016 -0500 Merge branch 'bpf-prog-digest' Daniel Borkmann says: ==================== Minor BPF cleanups and digest First two patches are minor cleanups, and the third one adds a prog digest. For details, please see individual patches. After this one, I have a set with tracepoint support that makes use of this facility as well. ==================== Signed-off-by: David S. Miller commit 7bd509e311f408f7a5132fcdde2069af65fa05ae Author: Daniel Borkmann Date: Sun Dec 4 23:19:41 2016 +0100 bpf: add prog_digest and expose it via fdinfo/netlink When loading a BPF program via bpf(2), calculate the digest over the program's instruction stream and store it in struct bpf_prog's digest member. This is done at a point in time before any instructions are rewritten by the verifier. Any unstable map file descriptor number part of the imm field will be zeroed for the hash. fdinfo example output for progs: # cat /proc/1590/fdinfo/5 pos: 0 flags: 02000002 mnt_id: 11 prog_type: 1 prog_jited: 1 prog_digest: b27e8b06da22707513aa97363dfb11c7c3675d28 memlock: 4096 When programs are pinned and retrieved by an ELF loader, the loader can check the program's digest through fdinfo and compare it against one that was generated over the ELF file's program section to see if the program needs to be reloaded. Furthermore, this can also be exposed through other means such as netlink in case of a tc cls/act dump (or xdp in future), but also through tracepoints or other facilities to identify the program. Other than that, the digest can also serve as a base name for the work in progress kallsyms support of programs. The digest doesn't depend/select the crypto layer, since we need to keep dependencies to a minimum. iproute2 will get support for this facility. Signed-off-by: Daniel Borkmann Acked-by: Alexei Starovoitov Signed-off-by: David S. Miller include/linux/bpf.h | 1 + include/linux/filter.h | 7 +++- include/uapi/linux/pkt_cls.h | 1 + include/uapi/linux/tc_act/tc_bpf.h | 1 + kernel/bpf/core.c | 65 ++++++++++++++++++++++++++++++++++++++ kernel/bpf/syscall.c | 24 +++++++++++++- kernel/bpf/verifier.c | 2 ++ net/sched/act_bpf.c | 9 ++++++ net/sched/cls_bpf.c | 8 +++++ 9 files changed, 116 insertions(+), 2 deletions(-) commit 8d829bdb97dc3a0c9c8090b9b168ca46ea99c8d8 Author: Daniel Borkmann Date: Sun Dec 4 23:19:40 2016 +0100 bpf, cls: consolidate prog deletion path Commit 18cdb37ebf4c ("net: sched: do not use tcf_proto 'tp' argument from call_rcu") removed the last usage of tp from cls_bpf_delete_prog(), so also remove it from the function as argument to not give a wrong impression. tp is illegal to access from this callback, since it could already have been freed. Refactor the deletion code a bit, so that cls_bpf_destroy() can call into the same code for prog deletion as cls_bpf_delete() op, instead of having it unnecessarily duplicated. Signed-off-by: Daniel Borkmann Acked-by: Alexei Starovoitov Signed-off-by: David S. Miller net/sched/cls_bpf.c | 30 +++++++++++++----------------- 1 file changed, 13 insertions(+), 17 deletions(-) commit 1afaf661b20a075a22eef3332db187001a334b81 Author: Daniel Borkmann Date: Sun Dec 4 23:19:39 2016 +0100 bpf: remove type arg from __is_valid_{,xdp_}access Commit d691f9e8d440 ("bpf: allow programs to write to certain skb fields") pushed access type check outside of __is_valid_access() to have different restrictions for socket filters and tc programs. type is thus not used anymore within __is_valid_access() and should be removed as a function argument. Same for __is_valid_xdp_access() introduced by 6a773a15a1e8 ("bpf: add XDP prog type for early driver filter"). Signed-off-by: Daniel Borkmann Acked-by: Alexei Starovoitov Signed-off-by: David S. Miller net/core/filter.c | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) commit 70f23a807dcab4ee3467c70ba2c7be69026f0a67 Merge: 1c0d32f 38b4bc2 Author: David S. Miller Date: Mon Dec 5 15:30:04 2016 -0500 Merge branch 'ethoc-next' Florian Fainelli says: ==================== net: ethoc: Misc improvements This patch series fixes/improves a few things: - implement a proper PHYLIB adjust_link callback to set the duplex mode accordingly - do not open code the fetching of a MAC address in OF/DT environments - demote an error message that occurs more frequently than expected in low CPU/memory/bandwidth environments Tested on a Cirrus Logic EP93xx / TS7300 board. ==================== Signed-off-by: David S. Miller commit 38b4bc207795339084ab41a2d9fa1add5cfd97d0 Author: Florian Fainelli Date: Sun Dec 4 12:40:30 2016 -0800 net: ethoc: Demote packet dropped error message to debug Spamming the console with: net eth1: packet dropped can happen fairly frequently if the adapter is busy transmitting, demote the message to a debug print. Signed-off-by: Florian Fainelli Reviewed-by: Tobias Klauser Acked-by: Thierry Reding Signed-off-by: David S. Miller drivers/net/ethernet/ethoc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit b34296a9c047504e2020fb4ce2f66f57bd5454a8 Author: Florian Fainelli Date: Sun Dec 4 12:40:29 2016 -0800 net: ethoc: Utilize of_get_mac_address() Do not open code getting the MAC address exclusively from the "local-mac-address" property, but instead use of_get_mac_address() which looks up the MAC address using the 3 typical property names. Signed-off-by: Florian Fainelli Reviewed-by: Tobias Klauser Acked-by: Thierry Reding Signed-off-by: David S. Miller drivers/net/ethernet/ethoc.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) commit abf7e53e9e6bbd2aa23a6d46bd74cb5dc1b7f564 Author: Florian Fainelli Date: Sun Dec 4 12:40:28 2016 -0800 net: ethoc: Account for duplex changes ethoc_mdio_poll() which is our PHYLIB adjust_link callback does nothing, we should at least react to duplex changes and change MODER accordingly. Speed changes is not a problem, since the OpenCores Ethernet core seems to be reacting okay without us telling it. Signed-off-by: Florian Fainelli Reviewed-by: Tobias Klauser Acked-by: Thierry Reding Signed-off-by: David S. Miller drivers/net/ethernet/ethoc.c | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) commit 1c0d32fde5bdf1184bc274f864c09799278a1114 Author: Eric Dumazet Date: Sun Dec 4 09:48:16 2016 -0800 net_sched: gen_estimator: complete rewrite of rate estimators 1) Old code was hard to maintain, due to complex lock chains. (We probably will be able to remove some kfree_rcu() in callers) 2) Using a single timer to update all estimators does not scale. 3) Code was buggy on 32bit kernel (WRITE_ONCE() on 64bit quantity is not supposed to work well) In this rewrite : - I removed the RB tree that had to be scanned in gen_estimator_active(). qdisc dumps should be much faster. - Each estimator has its own timer. - Estimations are maintained in net_rate_estimator structure, instead of dirtying the qdisc. Minor, but part of the simplification. - Reading the estimator uses RCU and a seqcount to provide proper support for 32bit kernels. - We reduce memory need when estimators are not used, since we store a pointer, instead of the bytes/packets counters. - xt_rateest_mt() no longer has to grab a spinlock. (In the future, xt_rateest_tg() could be switched to per cpu counters) Signed-off-by: Eric Dumazet Signed-off-by: David S. Miller include/net/act_api.h | 2 +- include/net/gen_stats.h | 17 ++- include/net/netfilter/xt_rateest.h | 10 +- include/net/sch_generic.h | 2 +- net/core/gen_estimator.c | 299 +++++++++++++------------------------ net/core/gen_stats.c | 20 ++- net/netfilter/xt_RATEEST.c | 4 +- net/netfilter/xt_rateest.c | 28 ++-- net/sched/act_api.c | 9 +- net/sched/act_police.c | 21 +-- net/sched/sch_api.c | 2 +- net/sched/sch_cbq.c | 6 +- net/sched/sch_drr.c | 6 +- net/sched/sch_generic.c | 2 +- net/sched/sch_hfsc.c | 6 +- net/sched/sch_htb.c | 6 +- net/sched/sch_qfq.c | 8 +- 17 files changed, 182 insertions(+), 266 deletions(-) commit bec60e50af83741cde1786ab475d4bf472aed6f9 Author: Ravi Bangoria Date: Mon Dec 5 21:26:45 2016 +0530 perf annotate: Show raw form for jump instruction with indirect target For jump instructions that does not include target address as direct operand, show the original disassembled line for them. This is needed for certain powerpc jump instructions that use target address in a register (such as bctr, btar, ...). Before: ld r12,32088(r12) mtctr r12 v bctr ffffffffffffca2c std r2,24(r1) addis r12,r2,-1 After: ld r12,32088(r12) mtctr r12 v bctr std r2,24(r1) addis r12,r2,-1 Committer notes: Testing it using a perf.data file and vmlinux for powerpc64, cross-annotating it on a x86_64 workstation: Before: .__bpf_prog_run vmlinux.powerpc │ std r10,512(r9) ▒ │ lbz r9,0(r31) ▒ │ rldicr r9,r9,3,60 ▒ │ ldx r9,r30,r9 ▒ │ mtctr r9 ▒ 100.00 │ ↓ bctr 3fffffffffe01510 ▒ │ lwa r10,4(r31) ▒ │ lwz r9,0(r31) ▒ Invalid jump offset: 3fffffffffe01510 After: .__bpf_prog_run vmlinux.powerpc │ std r10,512(r9) ▒ │ lbz r9,0(r31) ▒ │ rldicr r9,r9,3,60 ▒ │ ldx r9,r30,r9 ▒ │ mtctr r9 ▒ 100.00 │ ↓ bctr ▒ │ lwa r10,4(r31) ▒ │ lwz r9,0(r31) ▒ Invalid jump offset: 3fffffffffe01510 This, in turn, uncovers another problem with jumps without operands, the ENTER/-> operation, to jump to the target, still continues using the bogus target :-) BTW, this was the file used for the above tests: [acme@jouet ravi_bangoria]$ perf report --header-only -i perf.data.f22vm.powerdev # ======== # captured on: Thu Nov 24 12:40:38 2016 # hostname : pdev-f22-qemu # os release : 4.4.10-200.fc22.ppc64 # perf version : 4.9.rc1.g6298ce # arch : ppc64 # nrcpus online : 48 # nrcpus avail : 48 # cpudesc : POWER7 (architected), altivec supported # cpuid : 74,513 # total memory : 4158976 kB # cmdline : /home/ravi/Workspace/linux/tools/perf/perf record -a # event : name = cycles:ppp, , size = 112, { sample_period, sample_freq } = 4000, sample_type = IP|TID|TIME|CPU|PERIOD, disabled = 1, inherit = 1, mmap = 1, c # HEADER_CPU_TOPOLOGY info available, use -I to display # HEADER_NUMA_TOPOLOGY info available, use -I to display # pmu mappings: cpu = 4, software = 1, tracepoint = 2, breakpoint = 5 # missing features: HEADER_TRACING_DATA HEADER_BRANCH_STACK HEADER_GROUP_DESC HEADER_AUXTRACE HEADER_STAT HEADER_CACHE # ======== # [acme@jouet ravi_bangoria]$ Suggested-by: Michael Ellerman Signed-off-by: Ravi Bangoria Tested-by: Arnaldo Carvalho de Melo Cc: Alexander Shishkin Cc: Chris Riyder Cc: Kim Phillips Cc: Markus Trippelsdorf Cc: Masami Hiramatsu Cc: Naveen N. Rao Cc: Peter Zijlstra Cc: Taeung Song Cc: linuxppc-dev@lists.ozlabs.org Link: http://lkml.kernel.org/r/1480953407-7605-1-git-send-email-ravi.bangoria@linux.vnet.ibm.com Signed-off-by: Arnaldo Carvalho de Melo tools/perf/util/annotate.c | 3 +++ 1 file changed, 3 insertions(+) commit 53e0e11efe9289535b060a51d4cf37c25e0d0f2b Author: Pavel Shilovsky Date: Fri Nov 4 11:50:31 2016 -0700 CIFS: Fix a possible memory corruption during reconnect We can not unlock/lock cifs_tcp_ses_lock while walking through ses and tcon lists because it can corrupt list iterator pointers and a tcon structure can be released if we don't hold an extra reference. Fix it by moving a reconnect process to a separate delayed work and acquiring a reference to every tcon that needs to be reconnected. Also do not send an echo request on newly established connections. CC: Stable Signed-off-by: Pavel Shilovsky fs/cifs/cifsglob.h | 3 +++ fs/cifs/cifsproto.h | 3 +++ fs/cifs/connect.c | 34 +++++++++++++++++++----- fs/cifs/smb2pdu.c | 75 ++++++++++++++++++++++++++++++++++++----------------- fs/cifs/smb2proto.h | 1 + 5 files changed, 85 insertions(+), 31 deletions(-) commit a6e169312971219a34927e8fdece60046fafb8ba Author: Hadar Hen Zion Date: Sun Dec 4 15:25:19 2016 +0200 net/sched: cls_flower: Set the filter Hardware device for all use-cases Check if the returned device from tcf_exts_get_dev function supports tc offload and in case the rule can't be offloaded, set the filter hw_dev parameter to the original device given by the user. The filter hw_device parameter should always be set by fl_hw_replace_filter function, since this pointer is used by dump stats and destroy filter for each flower rule (offloaded or not). Fixes: 7091d8c7055d ('net/sched: cls_flower: Add offload support using egress Hardware device') Signed-off-by: Hadar Hen Zion Reported-by: Simon Horman Tested-by: Simon Horman Signed-off-by: David S. Miller net/sched/cls_flower.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit 96d5822c1d812ed30da035795a4408f43fe533f3 Author: Erik Nordmark Date: Sat Dec 3 20:57:09 2016 -0800 ipv6: Allow IPv4-mapped address as next-hop Made kernel accept IPv6 routes with IPv4-mapped address as next-hop. It is possible to configure IP interfaces with IPv4-mapped addresses, and one can add IPv6 routes for IPv4-mapped destinations/prefixes, yet prior to this fix the kernel returned an EINVAL when attempting to add an IPv6 route with an IPv4-mapped address as a nexthop/gateway. RFC 4798 (a proposed standard RFC) uses IPv4-mapped addresses as nexthops, thus in order to support that type of address configuration the kernel needs to allow IPv4-mapped addresses as nexthops. Signed-off-by: Erik Nordmark Signed-off-by: Bob Gilligan Signed-off-by: David S. Miller net/ipv6/route.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit f455c8a5f0a24090e99249eb7280012376adec2c Author: Jaegeuk Kim Date: Mon Dec 5 11:37:14 2016 -0800 f2fs: call sync_fs when f2fs is idle The sync_fs in f2fs_balance_fs_bg must avoid interrupting current user requests. Signed-off-by: Jaegeuk Kim fs/f2fs/segment.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit 204706c7accfabb67b97eef9f9a28361b6201199 Author: Jaegeuk Kim Date: Fri Dec 2 15:11:32 2016 -0800 Revert "f2fs: use percpu_counter for # of dirty pages in inode" This reverts commit 1beba1b3a953107c3ff5448ab4e4297db4619c76. The perpcu_counter doesn't provide atomicity in single core and consume more DRAM. That incurs fs_mark test failure due to ENOMEM. Cc: stable@vger.kernel.org # 4.7+ Signed-off-by: Jaegeuk Kim fs/f2fs/f2fs.h | 10 +++++----- fs/f2fs/file.c | 2 +- fs/f2fs/super.c | 7 +------ 3 files changed, 7 insertions(+), 12 deletions(-) commit 0b62fca2623e4633c8819e89946d0da446a5846b Author: Al Viro Date: Thu Nov 3 18:17:31 2016 -0400 switch getfrag callbacks to ..._full() primitives Signed-off-by: Al Viro include/net/udplite.h | 2 +- net/ipv4/ip_output.c | 4 ++-- net/ipv4/ping.c | 8 ++++---- 3 files changed, 7 insertions(+), 7 deletions(-) commit 15e6cb46c9b09711d1224ae5418b53140e1ba444 Author: Al Viro Date: Tue Nov 1 22:42:45 2016 -0400 make skb_add_data,{_nocache}() and skb_copy_to_page_nocache() advance only on success Signed-off-by: Al Viro include/linux/skbuff.h | 6 +++--- include/net/sock.h | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) commit cbbd26b8b1a6af9c02e2b6523e12bd50cc765059 Author: Al Viro Date: Tue Nov 1 22:09:04 2016 -0400 [iov_iter] new primitives - copy_from_iter_full() and friends copy_from_iter_full(), copy_from_iter_full_nocache() and csum_and_copy_from_iter_full() - counterparts of copy_from_iter() et.al., advancing iterator only in case of successful full copy and returning whether it had been successful or not. Convert some obvious users. *NOTE* - do not blindly assume that something is a good candidate for those unless you are sure that not advancing iov_iter in failure case is the right thing in this case. Anything that does short read/short write kind of stuff (or is in a loop, etc.) is unlikely to be a good one. Signed-off-by: Al Viro drivers/bluetooth/hci_vhci.c | 2 +- drivers/net/macvtap.c | 4 +- drivers/net/tun.c | 7 +-- drivers/usb/gadget/function/f_fs.c | 2 +- drivers/usb/gadget/legacy/inode.c | 2 +- drivers/vhost/scsi.c | 3 +- drivers/vhost/vhost.c | 3 +- fs/ncpfs/file.c | 2 +- fs/orangefs/devorangefs-req.c | 13 ++--- include/linux/uio.h | 3 ++ kernel/printk/printk.c | 2 +- lib/iov_iter.c | 98 +++++++++++++++++++++++++++++++++++++- net/atm/common.c | 2 +- net/bluetooth/l2cap_core.c | 6 +-- net/packet/af_packet.c | 5 +- net/tipc/msg.c | 4 +- security/keys/keyctl.c | 2 +- 17 files changed, 121 insertions(+), 39 deletions(-) commit aecec8b60422118b52e3347430ba9382e57d6d76 Author: Christoph Hellwig Date: Fri Dec 2 19:31:03 2016 +0100 ahci: warn about remapped NVMe devices Some Intel ahci implementations have a completely broken remapping mode where they hide one or more NVMe devices behind the bar of an AHCI device. Intel refuses to let the OS reprogram the BIOS to switch out of this mode at runtime, and so far we're not come up with another good way to undo the mess that the Chipset people created. So for now the only thing we can do is to alert users about this situation and switch to the faster and much saner so called "AHCI" mode insted of the RAID mode in the BIOS so that the BIOS does not hide the NVMe devices from us. The sitation is even worse as at least one vendor (thanks a lot Lenovo..) has started hardcoding their BIOS into the "RAID" mode even for laptops that don't use AHCI _at all_ and just have a single NVMe device. For now there is an unspported Linux-only BIOS that undoes this braindamage, but we'll have to see if things are getting better or worse from here. Based on an earlier patch from Dan Williams . Signed-off-by: Christoph Hellwig Signed-off-by: Tejun Heo drivers/ata/ahci.c | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) commit bfa9cb3e110cc02f2120e021bc853773bfd61b74 Author: Dan Williams Date: Fri Dec 2 19:31:02 2016 +0100 ahci-remap.h: add ahci remapping definitions Signed-off-by: Dan Williams [hch: split into a separate header and commit] Signed-off-by: Christoph Hellwig [tj: dropped duplicate definition of AHCI_VSCAP spotted by Sergei] Cc: Sergei Shtylyov Signed-off-by: Tejun Heo include/linux/ahci-remap.h | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) commit a2e7eefd5618e0f75bae2eb5c9387ea2f627b6ca Author: Christoph Hellwig Date: Fri Dec 2 19:31:01 2016 +0100 nvme: move NVMe class code to pci_ids.h We'll need to check for it in the AHCI drivers (yes, really) soon. Signed-off-by: Christoph Hellwig Signed-off-by: Tejun Heo drivers/nvme/host/pci.c | 3 --- include/linux/pci_ids.h | 2 ++ 2 files changed, 2 insertions(+), 3 deletions(-) commit d4dcadec43def7b2a4a4c1cae7d727c17d2f25c5 Author: Jiri Olsa Date: Sun Dec 4 21:42:57 2016 +0100 perf tools: Add non config targets Adding some missing non config targets that were for some reason omitted. Signed-off-by: Jiri Olsa Cc: David Ahern Cc: Namhyung Kim Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/1480884178-8072-7-git-send-email-jolsa@kernel.org Signed-off-by: Arnaldo Carvalho de Melo tools/perf/Makefile.perf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 207da4739e3e6ced6dbfebed7416b35c0440e591 Author: Jiri Olsa Date: Sun Dec 4 21:42:58 2016 +0100 perf tools: Cleanup build directory before each test Cleanup the fixdep tool before every test. Signed-off-by: Jiri Olsa Cc: David Ahern Cc: Namhyung Kim Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/1480884178-8072-8-git-send-email-jolsa@kernel.org Signed-off-by: Arnaldo Carvalho de Melo tools/perf/tests/make | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 6e85eaf3078bcc8552ca32a0938dbf7d2b495af0 Author: Jens Axboe Date: Fri Dec 2 20:00:14 2016 -0700 blk-mq: blk_account_io_start() takes a bool Signed-off-by: Jens Axboe Reviewed-by: Christoph Hellwig Reviewed-by: Johannes Thumshirn block/blk-mq.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 0b4d4b076251542dc81d128f481c3d3b5fc24863 Author: Jiri Olsa Date: Sun Dec 4 21:42:55 2016 +0100 perf tools: Move python/perf.so target into rules area Following fixdep fix needs all targets at the same area, so they'll fit under signal condition block. Moving python/perf.so target into rules section and intentionally removing the perl script related comment. Signed-off-by: Jiri Olsa Cc: David Ahern Cc: Namhyung Kim Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/1480884178-8072-5-git-send-email-jolsa@kernel.org Signed-off-by: Arnaldo Carvalho de Melo tools/perf/Makefile.perf | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) commit e3d240e9d505fc67f8f8735836df97a794bbd946 Author: Pavel Shilovsky Date: Tue Nov 29 16:14:43 2016 -0800 CIFS: Fix a possible memory corruption in push locks If maxBuf is not 0 but less than a size of SMB2 lock structure we can end up with a memory corruption. Cc: Stable Signed-off-by: Pavel Shilovsky fs/cifs/smb2file.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 4772c79599564bd08ee6682715a7d3516f67433f Author: Pavel Shilovsky Date: Tue Nov 29 11:30:58 2016 -0800 CIFS: Fix missing nls unload in smb2_reconnect() Cc: Stable Acked-by: Sachin Prabhu Signed-off-by: Pavel Shilovsky fs/cifs/smb2pdu.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 5c319a67b13da8323ec7bdb8d2ea729eb8a20735 Author: Jiri Olsa Date: Sun Dec 4 21:42:54 2016 +0100 perf tools: Move install-gtk target into rules area The upcoming fixdep fix needs all targets at the same area, so they'll fit under a signal condition block. Move install-gtk target into the rules section. Signed-off-by: Jiri Olsa Cc: David Ahern Cc: Namhyung Kim Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/1480884178-8072-4-git-send-email-jolsa@kernel.org Signed-off-by: Arnaldo Carvalho de Melo tools/perf/Makefile.perf | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) commit 2fedf79b69cf05b7e8e82a42d749c621155dd812 Author: Jiri Olsa Date: Sun Dec 4 21:42:53 2016 +0100 tools build: Move tabs to spaces where suitable We've been hit several times by a Makefile bug where line indented by tab was falsely considered as target command. We prevent this by always using space indentation for everything except for the target commands. Signed-off-by: Jiri Olsa Cc: David Ahern Cc: Namhyung Kim Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/1480884178-8072-3-git-send-email-jolsa@kernel.org Signed-off-by: Arnaldo Carvalho de Melo tools/build/Build.include | 12 ++-- tools/build/Makefile.feature | 138 +++++++++++++++++++++---------------------- tools/build/feature/Makefile | 102 ++++++++++++++++---------------- 3 files changed, 126 insertions(+), 126 deletions(-) commit a5ba0a1a5af312c4b4bfe78dc054d832103ec27d Author: Jiri Olsa Date: Sun Dec 4 21:42:52 2016 +0100 tools build: Make the .cmd file more readable Putting extra line between dependencies and cmd_* definition to make it more readable. Before: $ cat .builtin-top.o.cmd ... /home/jolsa/kernel/linux-perf/tools/include/linux/stringify.h \ /home/jolsa/kernel/linux-perf/tools/include/linux/time64.h cmd_builtin-top.o := gcc -Wp,-MD,./.builtin-top.o.d -Wp,-MT,builtin-... ... After: $ cat .builtin-top.o.cmd ... /home/jolsa/kernel/linux-perf/tools/include/linux/stringify.h \ /home/jolsa/kernel/linux-perf/tools/include/linux/time64.h cmd_builtin-top.o := gcc -Wp,-MD,./.builtin-top.o.d -Wp,-MT,builtin-... ... Signed-off-by: Jiri Olsa Cc: David Ahern Cc: Namhyung Kim Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/1480884178-8072-2-git-send-email-jolsa@kernel.org Signed-off-by: Arnaldo Carvalho de Melo tools/build/Build.include | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit edd695b032ba3a90c3bb07d934500b2c390a61ff Author: Wang Nan Date: Sat Nov 26 07:03:39 2016 +0000 perf clang: Compile BPF script using builtin clang support After this patch, perf utilizes builtin clang support to build BPF script, no longer depend on external clang, but fallbacking to it if for some reason the builtin compiling framework fails. Test: $ type clang -bash: type: clang: not found $ cat ~/.perfconfig $ echo '#define LINUX_VERSION_CODE 0x040700' > ./test.c $ cat ./tools/perf/tests/bpf-script-example.c >> ./test.c $ ./perf record -v --dry-run -e ./test.c 2>&1 | grep builtin bpf: successfull builtin compilation $ Can't pass cflags so unable to include kernel headers now. Will be fixed by following commits. Committer notes: Make sure '-v' comes before the '-e ./test.c' in the command line otherwise the 'verbose' variable will not be set when the bpf event is parsed and thus the pr_debug indicating a 'successfull builtin compilation' will not be output, as the debug level (1) will be less than what 'verbose' has at that point (0). Signed-off-by: Wang Nan Tested-by: Arnaldo Carvalho de Melo Cc: Alexei Starovoitov Cc: He Kuang Cc: Jiri Olsa Cc: Joe Stringer Cc: Zefan Li Cc: pi3orama@163.com Link: http://lkml.kernel.org/r/20161126070354.141764-16-wangnan0@huawei.com [ Spell check/reflow successfull pr_debug string ] Signed-off-by: Arnaldo Carvalho de Melo tools/perf/util/bpf-loader.c | 15 +++++++++++---- tools/perf/util/c++/clang-c.h | 26 ++++++++++++++++++++++++++ tools/perf/util/c++/clang.cpp | 29 +++++++++++++++++++++++++++++ 3 files changed, 66 insertions(+), 4 deletions(-) commit 5e08a76525b8f5e9aeb8b27d0466614abec070a9 Author: Wang Nan Date: Sat Nov 26 07:03:38 2016 +0000 perf clang: Support compile IR to BPF object and add testcase getBPFObjectFromModule() is introduced to compile LLVM IR(Module) to BPF object. Add new testcase for it. Test result: $ ./buildperf/perf test -v clang 51: builtin clang support : 51.1: builtin clang compile C source to IR : --- start --- test child forked, pid 21822 test child finished with 0 ---- end ---- builtin clang support subtest 0: Ok 51.2: builtin clang compile C source to ELF object : --- start --- test child forked, pid 21823 test child finished with 0 ---- end ---- builtin clang support subtest 1: Ok Signed-off-by: Wang Nan Cc: Alexei Starovoitov Cc: He Kuang Cc: Jiri Olsa Cc: Joe Stringer Cc: Zefan Li Cc: pi3orama@163.com Link: http://lkml.kernel.org/r/20161126070354.141764-15-wangnan0@huawei.com [ Remove redundant "Test" from entry descriptions ] Signed-off-by: Arnaldo Carvalho de Melo tools/perf/tests/clang.c | 6 ++++- tools/perf/util/c++/clang-c.h | 1 + tools/perf/util/c++/clang-test.cpp | 31 +++++++++++++++++++++----- tools/perf/util/c++/clang.cpp | 45 ++++++++++++++++++++++++++++++++++++++ tools/perf/util/c++/clang.h | 3 +++ 5 files changed, 79 insertions(+), 7 deletions(-) commit e67d52d411c3562263735479db2efd2ebd178db9 Author: Wang Nan Date: Sat Nov 26 07:03:37 2016 +0000 perf clang: Update test case to use real BPF script Allow C++ code to use util.h and tests/llvm.h. Let 'perf test' compile a real BPF script. Signed-off-by: Wang Nan Cc: Alexei Starovoitov Cc: He Kuang Cc: Jiri Olsa Cc: Joe Stringer Cc: Zefan Li Cc: pi3orama@163.com Link: http://lkml.kernel.org/r/20161126070354.141764-14-wangnan0@huawei.com Signed-off-by: Arnaldo Carvalho de Melo tools/perf/Makefile.config | 27 +++++++++++++++------------ tools/perf/tests/llvm.h | 7 +++++++ tools/perf/util/c++/clang-test.cpp | 17 ++++++++++++++--- tools/perf/util/util-cxx.h | 26 ++++++++++++++++++++++++++ 4 files changed, 62 insertions(+), 15 deletions(-) commit a9495fe9dc63bee1166772b6f10e199ef1747892 Author: Wang Nan Date: Sat Nov 26 07:03:36 2016 +0000 perf clang: Allow passing CFLAGS to builtin clang Improve getModuleFromSource() API to accept a cflags list. This feature will be used to pass LINUX_VERSION_CODE and -I flags. Signed-off-by: Wang Nan Cc: Alexei Starovoitov Cc: He Kuang Cc: Jiri Olsa Cc: Joe Stringer Cc: Zefan Li Cc: pi3orama@163.com Link: http://lkml.kernel.org/r/20161126070354.141764-13-wangnan0@huawei.com Signed-off-by: Arnaldo Carvalho de Melo tools/perf/util/c++/clang-test.cpp | 5 +++-- tools/perf/util/c++/clang.cpp | 21 +++++++++++++-------- tools/perf/util/c++/clang.h | 8 ++++++-- 3 files changed, 22 insertions(+), 12 deletions(-) commit 77dfa84a843c0bc935a6c8664f2556573e30845f Author: Wang Nan Date: Sat Nov 26 07:03:35 2016 +0000 perf clang: Use real file system for #include Utilize clang's OverlayFileSystem facility, allow CompilerInstance to access real file system. With this patch the '#include' directive can be used. Add a new getModuleFromSource for real file. Signed-off-by: Wang Nan Cc: Alexei Starovoitov Cc: He Kuang Cc: Jiri Olsa Cc: Joe Stringer Cc: Zefan Li Cc: pi3orama@163.com Link: http://lkml.kernel.org/r/20161126070354.141764-12-wangnan0@huawei.com Signed-off-by: Arnaldo Carvalho de Melo tools/perf/util/c++/clang.cpp | 44 +++++++++++++++++++++++++++++++------------ tools/perf/util/c++/clang.h | 3 +++ 2 files changed, 35 insertions(+), 12 deletions(-) commit 00b86691c77c6576861b82a3cfe4d609800758fe Author: Wang Nan Date: Sat Nov 26 07:03:34 2016 +0000 perf clang: Add builtin clang support ant test case Add basic clang support in clang.cpp and test__clang() testcase. The first testcase checks if builtin clang is able to generate LLVM IR. tests/clang.c is a proxy. Real testcase resides in utils/c++/clang-test.cpp in c++ and exports C interface to perf test subsystem. Test result: $ perf test -v clang 51: builtin clang support : 51.1: Test builtin clang compile C source to IR : --- start --- test child forked, pid 13215 test child finished with 0 ---- end ---- Test builtin clang support subtest 0: Ok Committer note: Make sure you've enabled CLANG and LLVM builtin support by setting the LIBCLANGLLVM variable on the make command line, e.g.: make LIBCLANGLLVM=1 O=/tmp/build/perf -C tools/perf install-bin Otherwise you'll get this when trying to do the 'perf test' call above: # perf test clang 51: builtin clang support : Skip (not compiled in) # Signed-off-by: Wang Nan Tested-by: Arnaldo Carvalho de Melo Cc: Alexei Starovoitov Cc: He Kuang Cc: Jiri Olsa Cc: Joe Stringer Cc: Zefan Li Cc: pi3orama@163.com Link: http://lkml.kernel.org/r/20161126070354.141764-11-wangnan0@huawei.com [ Removed "Test" from descriptions, redundant and already removed from all the other entries ] Signed-off-by: Arnaldo Carvalho de Melo tools/perf/tests/Build | 1 + tools/perf/tests/builtin-test.c | 9 ++++ tools/perf/tests/clang.c | 42 +++++++++++++++++ tools/perf/tests/tests.h | 3 ++ tools/perf/util/Build | 2 + tools/perf/util/c++/Build | 2 + tools/perf/util/c++/clang-c.h | 16 +++++++ tools/perf/util/c++/clang-test.cpp | 31 ++++++++++++ tools/perf/util/c++/clang.cpp | 96 ++++++++++++++++++++++++++++++++++++++ tools/perf/util/c++/clang.h | 16 +++++++ 10 files changed, 218 insertions(+) commit d58ac0bf8d1e6ffbfcb0a77e459cf4737b131b75 Author: Wang Nan Date: Sat Nov 26 07:03:33 2016 +0000 perf build: Add clang and llvm compile and linking support Add necessary c++ flags and link libraries to support builtin clang and LLVM. Add all llvm and clang libraries, so don't need to worry about clang changes its libraries setting. However, linking perf would take much longer than usual. Signed-off-by: Wang Nan Cc: Alexei Starovoitov Cc: He Kuang Cc: Jiri Olsa Cc: Joe Stringer Cc: Zefan Li Cc: pi3orama@163.com Link: http://lkml.kernel.org/r/20161126070354.141764-10-wangnan0@huawei.com Signed-off-by: Arnaldo Carvalho de Melo tools/perf/Makefile.config | 35 +++++++++++++++++++++++++++++++++++ tools/perf/Makefile.perf | 23 ++++++++++++++++++++++- tools/perf/tests/make | 2 ++ 3 files changed, 59 insertions(+), 1 deletion(-) commit c7fb4f62e2a97bd25d555263ef501fe053edcbb6 Author: Wang Nan Date: Sat Nov 26 07:03:32 2016 +0000 tools build: Add feature detection for clang Check if basic clang compiling environment is ready. Doesn't like 'llvm-config --libs' which can returns llvm libraries in right order and duplicates some libraries if necessary, there's no correspondence for clang libraries (-lclangxxx). to avoid extra complexity and to avoid new clang breaking libraries ordering, use --start-group and --end-group. In this test case, manually identify required clang libs and hope it to be stable. Putting all clang libraries here is possible (use make's wildcard), but then feature checking becomes very slow. Signed-off-by: Wang Nan Cc: Alexei Starovoitov Cc: He Kuang Cc: Jiri Olsa Cc: Joe Stringer Cc: Zefan Li Cc: pi3orama@163.com Link: http://lkml.kernel.org/r/20161126070354.141764-9-wangnan0@huawei.com Signed-off-by: Arnaldo Carvalho de Melo tools/build/feature/Makefile | 10 ++++++++++ tools/build/feature/test-clang.cpp | 21 +++++++++++++++++++++ 2 files changed, 31 insertions(+) commit cb40d55b595cd117ef7c1880247605875b2115e8 Author: Wang Nan Date: Sat Nov 26 07:03:31 2016 +0000 tools build: Add feature detection for LLVM Check if basic LLVM compiling environment is ready. Use llvm-config to detect include and library directories. Avoid using 'llvm-config --cxxflags' because its result contain some unwanted flags like --sysroot (if LLVM is built by yocto). Use '?=' to set LLVM_CONFIG, so explicitly passing LLVM_CONFIG to make would override it. Use 'llvm-config --libs BPF' to check if BPF backend is compiled in. Since now BPF bytecode is the only required backend, no need to waste time linking llvm and clang if BPF backend is missing. This also introduce an implicit requirement that LLVM should be new enough. Old LLVM doesn't support BPF backend. Signed-off-by: Wang Nan Cc: Alexei Starovoitov Cc: He Kuang Cc: Jiri Olsa Cc: Joe Stringer Cc: Zefan Li Cc: pi3orama@163.com Link: http://lkml.kernel.org/r/20161126070354.141764-8-wangnan0@huawei.com Signed-off-by: Arnaldo Carvalho de Melo tools/build/feature/Makefile | 8 ++++++++ tools/build/feature/test-llvm.cpp | 8 ++++++++ 2 files changed, 16 insertions(+) commit 2bd42de0e196f89994cbae1990d2c7c5a9b6a529 Author: Wang Nan Date: Sat Nov 26 07:03:30 2016 +0000 perf llvm: Extract helpers in llvm-utils.c The following commits will use builtin clang to compile BPF scripts. llvm__get_kbuild_opts() and llvm__get_nr_cpus() are extracted to help building '-DKERNEL_VERSION_CODE' and '-D__NR_CPUS__' macros. Doing object dumping in bpf loader, so further builtin clang compiling needn't consider it. Signed-off-by: Wang Nan Cc: Alexei Starovoitov Cc: He Kuang Cc: Jiri Olsa Cc: Joe Stringer Cc: Zefan Li Cc: pi3orama@163.com Link: http://lkml.kernel.org/r/20161126070354.141764-7-wangnan0@huawei.com Signed-off-by: Arnaldo Carvalho de Melo tools/perf/util/bpf-loader.c | 4 +++ tools/perf/util/llvm-utils.c | 76 +++++++++++++++++++++++++++++++++----------- tools/perf/util/llvm-utils.h | 6 ++++ 3 files changed, 68 insertions(+), 18 deletions(-) commit 8ad85e9e6fdaf996bf3ff60303ea00e696bcdd36 Author: Wang Nan Date: Sat Nov 26 07:03:29 2016 +0000 perf tools: Pass context to perf hook functions Pass a pointer to perf hook functions so they receive context information during setup. Signed-off-by: Wang Nan Cc: Alexei Starovoitov Cc: He Kuang Cc: Jiri Olsa Cc: Joe Stringer Cc: Zefan Li Cc: pi3orama@163.com Link: http://lkml.kernel.org/r/20161126070354.141764-6-wangnan0@huawei.com Signed-off-by: Arnaldo Carvalho de Melo tools/perf/tests/perf-hooks.c | 14 +++++++++----- tools/perf/util/perf-hooks.c | 10 +++++++--- tools/perf/util/perf-hooks.h | 6 ++++-- 3 files changed, 20 insertions(+), 10 deletions(-) commit baa1973ebcf6a7bd15522a5b6a35a8fefd6cb232 Author: Peter Foley Date: Sun Nov 27 21:43:46 2016 -0500 tools build: Fix objtool build with clang Clang doesn't support multiple arguments being passed to -Wp, so split them. Fixes this error: HOSTCC tools/objtool/fixdep.o cat: tools/objtool/.fixdep.o.d: No such file or directory Signed-off-by: Peter Foley Tested-by: Arnaldo Carvalho de Melo Acked-by: Jiri Olsa Cc: Wang Nan Link: http://lkml.kernel.org/r/20161128024346.17371-1-pefoley2@pefoley.com Signed-off-by: Arnaldo Carvalho de Melo tools/build/Build.include | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 1cd6472e3f8d3fdee0fd19f7088807b284d3080f Author: Jiri Olsa Date: Thu Dec 1 14:00:25 2016 +0100 tools build: Make fixdep parsing wait for last target The fixdep tool, among other things, replaces the target of the object in the gcc generated dependency output file. The parsing code assumes there's only single target in the rule but this is not always the case as described in here: https://gcc.gnu.org/ml/gcc-help/2016-11/msg00099.html Make the fixdep code smart enough to skip all the possible targets. Signed-off-by: Jiri Olsa Tested-by: Arnaldo Carvalho de Melo Acked-by: Peter Foley Cc: Wang Nan Link: http://lkml.kernel.org/r/20161201130025.GA16430@krava Signed-off-by: Arnaldo Carvalho de Melo tools/build/fixdep.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 3c839744b33782b930c5c61df35511ede5e5a574 Author: Gianluca Borello Date: Sat Dec 3 12:31:33 2016 -0800 bpf: Preserve const register type on const OR alu ops Occasionally, clang (e.g. version 3.8.1) translates a sum between two constant operands using a BPF_OR instead of a BPF_ADD. The verifier is currently not handling this scenario, and the destination register type becomes UNKNOWN_VALUE even if it's still storing a constant. As a result, the destination register cannot be used as argument to a helper function expecting a ARG_CONST_STACK_*, limiting some use cases. Modify the verifier to handle this case, and add a few tests to make sure all combinations are supported, and stack boundaries are still verified even with BPF_OR. Signed-off-by: Gianluca Borello Signed-off-by: Alexei Starovoitov Acked-by: Daniel Borkmann Signed-off-by: David S. Miller kernel/bpf/verifier.c | 9 ++++- tools/testing/selftests/bpf/.gitignore | 1 + tools/testing/selftests/bpf/test_verifier.c | 60 +++++++++++++++++++++++++++++ 3 files changed, 68 insertions(+), 2 deletions(-) commit f0903ea371f56c4977d1c07c2f8d4a55846c2801 Author: Florian Fainelli Date: Sat Dec 3 12:01:19 2016 -0800 r8169: Add support for restarting auto-negotiation Implement ethtooll::nway_restart by utilizing mii_nway_restart. Signed-off-by: Florian Fainelli Signed-off-by: David S. Miller drivers/net/ethernet/realtek/r8169.c | 8 ++++++++ 1 file changed, 8 insertions(+) commit c3543688ab2f7d7e61e611f7025a4ee232df1051 Merge: 3f4888a 6bf0d84 Author: David S. Miller Date: Mon Dec 5 13:37:28 2016 -0500 Merge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next Johan Hedberg says: ==================== pull request: bluetooth-next 2016-12-03 Here's a set of Bluetooth & 802.15.4 patches for net-next (i.e. 4.10 kernel): - Fix for a potential NULL deref in the ieee802154 netlink code - Fix for the ED values of the at86rf2xx driver - Documentation updates to ieee802154 - Cleanups to u8 vs __u8 usage - Timer API usage cleanups in HCI drivers Please let me know if there are any issues pulling. Thanks. ==================== Signed-off-by: David S. Miller commit 3f4888adae7c1619b990d98a9b967536f71822b8 Merge: f83e830 7aa5470 Author: David S. Miller Date: Mon Dec 5 13:32:25 2016 -0500 Merge branch 'tcp-tsq-perf' Eric Dumazet says: ==================== tcp: tsq: performance series Under very high TX stress, CPU handling NIC TX completions can spend considerable amount of cycles handling TSQ (TCP Small Queues) logic. This patch series avoids some atomic operations, but most notable patch is the 3rd one, allowing other cpus processing ACK packets and calling tcp_write_xmit() to grab TCP_TSQ_DEFERRED so that tcp_tasklet_func() can skip already processed sockets. This avoid lots of lock acquisitions and cache lines accesses, particularly under load. In v2, I added : - tcp_small_queue_check() change to allow 1st and 2nd packets in write queue to be sent, even in the case TX completion of already acknowledged packets did not happen yet. This helps when TX completion coalescing parameters are set even to insane values, and/or busy polling is used. - A reorganization of struct sock fields to lower false sharing and increase data locality. - Then I moved tsq_flags from tcp_sock to struct sock also to reduce cache line misses during TX completions. I measured an overall throughput gain of 22 % for heavy TCP use over a single TX queue. ==================== Signed-off-by: David S. Miller commit 7aa5470c2c09265902b5e4289afa82e4e7c2987e Author: Eric Dumazet Date: Sat Dec 3 11:14:57 2016 -0800 tcp: tsq: move tsq_flags close to sk_wmem_alloc tsq_flags being in the same cache line than sk_wmem_alloc makes a lot of sense. Both fields are changed from tcp_wfree() and more generally by various TSQ related functions. Prior patch made room in struct sock and added sk_tsq_flags, this patch deletes tsq_flags from struct tcp_sock. Signed-off-by: Eric Dumazet Signed-off-by: David S. Miller include/linux/tcp.h | 1 - net/ipv4/tcp.c | 4 ++-- net/ipv4/tcp_ipv4.c | 2 +- net/ipv4/tcp_output.c | 24 +++++++++++------------- net/ipv4/tcp_timer.c | 4 ++-- net/ipv6/tcp_ipv6.c | 2 +- 6 files changed, 17 insertions(+), 20 deletions(-) commit 9115e8cd2a0c6eaaa900c462721f12e1d45f326c Author: Eric Dumazet Date: Sat Dec 3 11:14:56 2016 -0800 net: reorganize struct sock for better data locality Group fields used in TX path, and keep some cache lines mostly read to permit sharing among cpus. Gained two 4 bytes holes on 64bit arches. Added a place holder for tcp tsq_flags, next to sk_wmem_alloc to speed up tcp_wfree() in the following patch. I have not added ____cacheline_aligned_in_smp, this might be done later. I prefer doing this once inet and tcp/udp sockets reorg is also done. Tested with both TCP and UDP. UDP receiver performance under flood increased by ~20 % : Accessing sk_filter/sk_wq/sk_napi_id no longer stalls because sk_drops was moved away from a critical cache line, now mostly read and shared. /* --- cacheline 4 boundary (256 bytes) --- */ unsigned int sk_napi_id; /* 0x100 0x4 */ int sk_rcvbuf; /* 0x104 0x4 */ struct sk_filter * sk_filter; /* 0x108 0x8 */ union { struct socket_wq * sk_wq; /* 0x8 */ struct socket_wq * sk_wq_raw; /* 0x8 */ }; /* 0x110 0x8 */ struct xfrm_policy * sk_policy[2]; /* 0x118 0x10 */ struct dst_entry * sk_rx_dst; /* 0x128 0x8 */ struct dst_entry * sk_dst_cache; /* 0x130 0x8 */ atomic_t sk_omem_alloc; /* 0x138 0x4 */ int sk_sndbuf; /* 0x13c 0x4 */ /* --- cacheline 5 boundary (320 bytes) --- */ int sk_wmem_queued; /* 0x140 0x4 */ atomic_t sk_wmem_alloc; /* 0x144 0x4 */ long unsigned int sk_tsq_flags; /* 0x148 0x8 */ struct sk_buff * sk_send_head; /* 0x150 0x8 */ struct sk_buff_head sk_write_queue; /* 0x158 0x18 */ __s32 sk_peek_off; /* 0x170 0x4 */ int sk_write_pending; /* 0x174 0x4 */ long int sk_sndtimeo; /* 0x178 0x8 */ Signed-off-by: Eric Dumazet Tested-by: Paolo Abeni Signed-off-by: David S. Miller include/net/sock.h | 51 +++++++++++++++++++++++++++------------------------ 1 file changed, 27 insertions(+), 24 deletions(-) commit 12a59abc22d6664f7d3944f625ceefee92de8820 Author: Eric Dumazet Date: Sat Dec 3 11:14:55 2016 -0800 tcp: tcp_mtu_probe() is likely to exit early Adding a likely() in tcp_mtu_probe() moves its code which used to be inlined in front of tcp_write_xmit() We still have a cache line miss to access icsk->icsk_mtup.enabled, we will probably have to reorganize fields to help data locality. Signed-off-by: Eric Dumazet Signed-off-by: David S. Miller net/ipv4/tcp_output.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) commit 75eefc6c59fd2c5f1ab95a3a113c217237d12a31 Author: Eric Dumazet Date: Sat Dec 3 11:14:54 2016 -0800 tcp: tsq: add a shortcut in tcp_small_queue_check() Always allow the two first skbs in write queue to be sent, regardless of sk_wmem_alloc/sk_pacing_rate values. This helps a lot in situations where TX completions are delayed either because of driver latencies or softirq latencies. Test is done with no cache line misses. Signed-off-by: Eric Dumazet Signed-off-by: David S. Miller net/ipv4/tcp_output.c | 9 +++++++++ 1 file changed, 9 insertions(+) commit a9b204d1564702b704ad6fe74f10a102c7b87ba3 Author: Eric Dumazet Date: Sat Dec 3 11:14:53 2016 -0800 tcp: tsq: avoid one atomic in tcp_wfree() Under high load, tcp_wfree() has an atomic operation trying to schedule a tasklet over and over. We can schedule it only if our per cpu list was empty. Signed-off-by: Eric Dumazet Signed-off-by: David S. Miller net/ipv4/tcp_output.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit b223feb9de2a65c533ff95c08e834fa732906ea5 Author: Eric Dumazet Date: Sat Dec 3 11:14:52 2016 -0800 tcp: tsq: add shortcut in tcp_tasklet_func() Under high stress, I've seen tcp_tasklet_func() consuming ~700 usec, handling ~150 tcp sockets. By setting TCP_TSQ_DEFERRED in tcp_wfree(), we give a chance for other cpus/threads entering tcp_write_xmit() to grab it, allowing tcp_tasklet_func() to skip sockets that already did an xmit cycle. In the future, we might give to ACK processing an increased budget to reduce even more tcp_tasklet_func() amount of work. Signed-off-by: Eric Dumazet Signed-off-by: David S. Miller net/ipv4/tcp_output.c | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) commit 408f0a6c21e124cc4f6c7aa370b38aa47e55428d Author: Eric Dumazet Date: Sat Dec 3 11:14:51 2016 -0800 tcp: tsq: remove one locked operation in tcp_wfree() Instead of atomically clear TSQ_THROTTLED and atomically set TSQ_QUEUED bits, use one cmpxchg() to perform a single locked operation. Since the following patch will also set TCP_TSQ_DEFERRED here, this cmpxchg() will make this addition free. Signed-off-by: Eric Dumazet Signed-off-by: David S. Miller net/ipv4/tcp_output.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) commit 40fc3423b983b864bf70b03199191260ae9b2ea6 Author: Eric Dumazet Date: Sat Dec 3 11:14:50 2016 -0800 tcp: tsq: add tsq_flags / tsq_enum This is a cleanup, to ease code review of following patches. Old 'enum tsq_flags' is renamed, and a new enumeration is added with the flags used in cmpxchg() operations as opposed to single bit operations. Signed-off-by: Eric Dumazet Signed-off-by: David S. Miller include/linux/tcp.h | 11 ++++++++++- net/ipv4/tcp_output.c | 16 ++++++++-------- 2 files changed, 18 insertions(+), 9 deletions(-) commit f83e83037c7ae3fffaa20e597c3b87752b87b305 Merge: c7a6131 c77192f Author: David S. Miller Date: Mon Dec 5 13:21:41 2016 -0500 Merge branch 'bnxt_en-dcbnl' Michael Chan says: ==================== bnxt_en: Add DCBNL support. This series adds DCBNL operations to support host-based IEEE DCBX. v2: Updated to the latest firmware interface spec. David, please consider this series for net-next. ==================== Signed-off-by: David S. Miller commit c77192f2042537b1e0e5f520db91e4d28778195f Author: Michael Chan Date: Fri Dec 2 21:17:18 2016 -0500 bnxt_en: Add PFC statistics. Report PFC statistics to ethtool -S and DCBNL. Signed-off-by: Michael Chan Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/bnxt/bnxt.h | 7 +++++++ drivers/net/ethernet/broadcom/bnxt/bnxt_dcb.c | 14 +++++++++++++- drivers/net/ethernet/broadcom/bnxt/bnxt_ethtool.c | 23 ++++++++++++++++------- 3 files changed, 36 insertions(+), 8 deletions(-) commit 7df4ae9fe85567a1710048da8229bd85e0da9df7 Author: Michael Chan Date: Fri Dec 2 21:17:17 2016 -0500 bnxt_en: Implement DCBNL to support host-based DCBX. Support only IEEE DCBX initially. Add IEEE DCBNL ops and functions to get and set the hardware DCBX parameters. The DCB code is conditional on Kconfig CONFIG_BNXT_DCB. Signed-off-by: Michael Chan Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/Kconfig | 10 + drivers/net/ethernet/broadcom/bnxt/Makefile | 2 +- drivers/net/ethernet/broadcom/bnxt/bnxt.c | 8 +- drivers/net/ethernet/broadcom/bnxt/bnxt.h | 9 + drivers/net/ethernet/broadcom/bnxt/bnxt_dcb.c | 490 ++++++++++++++++++++++++++ drivers/net/ethernet/broadcom/bnxt/bnxt_dcb.h | 41 +++ 6 files changed, 557 insertions(+), 3 deletions(-) commit 87c374ded0b2cfe50bb1e7648a4ca06df13fa399 Author: Michael Chan Date: Fri Dec 2 21:17:16 2016 -0500 bnxt_en: Update firmware header file to latest 1.6.0. Latest interface has the latest DCB command structs. Get and store the max number of lossless TCs the hardware can support. Signed-off-by: Michael Chan Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/bnxt/bnxt.c | 28 +- drivers/net/ethernet/broadcom/bnxt/bnxt.h | 5 +- drivers/net/ethernet/broadcom/bnxt/bnxt_hsi.h | 1725 ++++++++++++++--------- drivers/net/ethernet/broadcom/bnxt/bnxt_sriov.c | 8 +- 4 files changed, 1069 insertions(+), 697 deletions(-) commit c5e3deb8a38453037b89e0b0485d3b031896e8eb Author: Michael Chan Date: Fri Dec 2 21:17:15 2016 -0500 bnxt_en: Re-factor bnxt_setup_tc(). Add a new function bnxt_setup_mq_tc() to handle MQPRIO. This new function will be called during ETS setup when we add DCBNL in the next patch. Signed-off-by: Michael Chan Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/bnxt/bnxt.c | 18 ++++++++++-------- drivers/net/ethernet/broadcom/bnxt/bnxt.h | 1 + 2 files changed, 11 insertions(+), 8 deletions(-) commit 16571a8a435abf73cde769918850ca76a471f14c Author: Pan Bian Date: Sat Dec 3 23:11:42 2016 +0800 drm/qxl: fix use of uninitialized variable In function qxl_release_alloc(), when kmalloc() returns a NULL pointer, it returns value 0 and parameter *ret is uninitialized. 0 means no error to the callers of qxl_release_alloc(). The callers keep going and will try to reference the uninitialized variable. This patch fixes the bug, returning "-ENOMEM" when kmalloc() fails. Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=188911 Signed-off-by: Pan Bian [seanpaul fixed up subject prefix] Signed-off-by: Sean Paul Link: http://patchwork.freedesktop.org/patch/msgid/1480777902-7648-1-git-send-email-bianpan2016@163.com drivers/gpu/drm/qxl/qxl_release.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit c7a61319ad35ef74630662010231dbbcc1ade1b0 Author: Jesper Nilsson Date: Fri Dec 2 15:57:49 2016 +0100 net: phy: dp83848: Support ethernet pause frames According to the documentation, the PHYs supported by this driver can also support pause frames. Announce this to be so. Tested with a TI83822I. Acked-by: Andrew F. Davis Signed-off-by: Jesper Nilsson Signed-off-by: David S. Miller drivers/net/phy/dp83848.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit da91723ce0c5e0bbd5dc91d66447ba165241c257 Author: Sebastien Guiriec Date: Mon Dec 5 17:45:03 2016 +0100 ASoC: Intel: Add ASoC Intel SST Atom sysfs description For ASoC Intel SST Atom based devices a sysfs entry is created in order to track FW version. The FW version is useful in order to check the different Version of LPE DSP FW across Intel SoCs. Signed-off-by: Sebastien Guiriec Acked-by: Vinod Koul Signed-off-by: Mark Brown Documentation/ABI/testing/sysfs-platform-sst-atom | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) commit c7da1e9d2641f67e8b20703118ac02fe79604f10 Author: Sebastien Guiriec Date: Mon Dec 5 17:45:01 2016 +0100 ASoC: Intel: atom: save FW version After the boot of the SST FW the firmware version is send back to the driver. This patch is saving the FW version inside the driver. Signed-off-by: Sebastien Guiriec Acked-by: Vinod Koul Signed-off-by: Mark Brown sound/soc/intel/atom/sst/sst.h | 1 + sound/soc/intel/atom/sst/sst_ipc.c | 6 ++++++ 2 files changed, 7 insertions(+) commit fade74dfab7cdba55a197db08f3d15cf2319bf4c Author: Sebastien Guiriec Date: Mon Dec 5 17:45:02 2016 +0100 ASoC: Intel: atom: Add sysfs entry in order to store FW version This patch is adding a sysfs entry in order to be able to get access to SST FW version. Signed-off-by: Sebastien Guiriec Acked-by: Vinod Koul Signed-off-by: Mark Brown sound/soc/intel/atom/sst/sst.c | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) commit f8192880a102849d84fe0f5e27bc8625a33e031c Author: Andrew F. Davis Date: Mon Dec 5 10:21:00 2016 -0600 regulator: tps65086: Fix 25mV ranges for BUCK regulators 1, 2, and 6 These regualtors output 0v when vsel is 0. The datasheet will be updated to reflect this. Signed-off-by: Andrew F. Davis Signed-off-by: Mark Brown Cc: stable@vger.kernel.org drivers/regulator/tps65086-regulator.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 3a71b3c8946fd44cd2599d9e87ac8f90c71318e1 Author: Johannes Thumshirn Date: Mon Dec 5 09:23:20 2016 +0100 libnvdimm, e820: use module_platform_driver Use module_platform_driver for the e820 driver instead of open-coding it. Signed-off-by: Johannes Thumshirn Signed-off-by: Dan Williams drivers/nvdimm/e820.c | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) commit b9c2a2a39898d55b9fe13aa1fe15891e37bc9087 Author: Tal Shorer Date: Fri Nov 18 14:17:26 2016 +0200 usb: hcd.h: construct hub class request constants from simpler constants Currently, each hub class request constant is defined by a line like: #define ClearHubFeature (0x2000 | USB_REQ_CLEAR_FEATURE) The "magic" number for the high byte is one of 0x20, 0xa0, 0x23, 0xa3. The 0x80 bit that changes inditace USB_DIR_IN, and the 0x03 that pops up is the difference between USB_RECIP_DEVICE (0x00) and USB_RECIP_OTHER (0x03). The constant 0x20 bit is USB_TYPE_CLASS. This patch eliminates those magic numbers by defining a macro to help construct these hub class request from simpler constants. Note that USB_RT_HUB is defined as (USB_TYPE_CLASS | USB_RECIP_DEVICE) and that USB_RT_PORT is defined as (USB_TYPE_CLASS | USB_RECIP_OTHER). Signed-off-by: Tal Shorer Signed-off-by: Greg Kroah-Hartman include/linux/usb/hcd.h | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) commit c9e82b076f17f6e88fcacc4ccc3daa603e0b4658 Author: Manjunath Goudar Date: Thu Dec 1 21:23:04 2016 +0000 USB: OHCI: ohci-pxa27x: remove useless functions The ohci_hcd_pxa27x_drv_probe function is not doing anything other than calling usb_hcd_pxa27x_probe function so ohci_hcd_pxa27x_drv_probe function is useless that is why removed ohci_hcd_pxa27x_drv_probe function and renamed usb_hcd_pxa27x_probe function to ohci_hcd_pxa27x_drv_probe for proper naming. The ohci_hcd_pxa27x_remove function is also not doing anything other than calling usb_hcd_pxa27x_remove that is why removed ohci_hcd_pxa27x_remove function and renamed usb_hcd_pxa27x_remove to ohci_hcd_pxa27x_remove for proper naming. Signed-off-by: Manjunath Goudar Acked-by: Alan Stern Cc: linux-usb@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Greg Kroah-Hartman drivers/usb/host/ohci-pxa27x.c | 36 ++++++++++-------------------------- 1 file changed, 10 insertions(+), 26 deletions(-) commit 680811dfec5d84e5720ef2adebe8eb64a4e094da Author: Manjunath Goudar Date: Sat Dec 3 03:31:55 2016 +0000 USB: OHCI: omap: remove useless extern declaration Remove usb_disabled() and ocpi_enable() extern declaration as it is already declared as EXPORT_SYMBOL_GPL declaration. Signed-off-by: Manjunath Goudar Cc: Alan Stern Cc: linux-usb@vger.kernel.org Cc: linux-omap@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Greg Kroah-Hartman drivers/usb/host/ohci-omap.c | 3 --- 1 file changed, 3 deletions(-) commit 1b43a8529c3056c33a36cc486c5f30d7eb115b80 Author: Manjunath Goudar Date: Sat Dec 3 03:34:53 2016 +0000 USB: OHCI: ohci-omap: remove useless functions The ohci_hcd_omap_drv_probe and ohci_hcd_omap_drv_remove functions are removed as these are useless functions except calling usb_hcd_omap_probe and usb_hcd_omap_remove functions. The usb_hcd_omap_probe function renamed to ohci_hcd_omap_probe and usb_hcd_omap_remove function renamed to ohci_hcd_omap_remove for proper naming. Signed-off-by: Manjunath Goudar Acked-by: Alan Stern Cc: linux-usb@vger.kernel.org Cc: linux-omap@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Greg Kroah-Hartman drivers/usb/host/ohci-omap.c | 36 +++++++++++------------------------- 1 file changed, 11 insertions(+), 25 deletions(-) commit f83fb631110a647ddac41fe806c32d99a16eade4 Author: Manjunath Goudar Date: Sat Dec 3 03:46:55 2016 +0000 USB: OHCI: ohci-s3c2410: remove useless functions The ohci_hcd_s3c2410_drv_probe and ohci_hcd_s3c2410_drv_remove functions are removed as these are useless functions except calling usb_hcd_s3c2410_probe and usb_hcd_s3c2410_remove functions. The usb_hcd_s3c2410_probe function renamed to ohci_hcd_s3c2410_drv_probe and usb_hcd_s3c2410_remove function renamed to ohci_hcd_s3c2410_drv_remove for proper naming. Signed-off-by: Manjunath Goudar Acked-by: Alan Stern Cc: Kukjin Kim Cc: Krzysztof Kozlowski Cc: Javier Martinez Canillas Cc: linux-arm-kernel@lists.infradead.org Cc: linux-samsung-soc@vger.kernel.org Cc: linux-usb@vger.kernel.org Cc: linux-kernel@vger.kernel.org Signed-off-by: Greg Kroah-Hartman drivers/usb/host/ohci-s3c2410.c | 39 ++++++++++++++------------------------- 1 file changed, 14 insertions(+), 25 deletions(-) commit 301216044e4c27d5a7323c1fa766266fad00db5e Author: Nathaniel Quillin Date: Mon Dec 5 06:53:00 2016 -0800 USB: cdc-acm: add device id for GW Instek AFG-125 Add device-id entry for GW Instek AFG-125, which has a byte swapped bInterfaceSubClass (0x20). Signed-off-by: Nathaniel Quillin Acked-by: Oliver Neukum Cc: stable Signed-off-by: Greg Kroah-Hartman drivers/usb/class/cdc-acm.c | 1 + 1 file changed, 1 insertion(+) commit 58886785db318588f95c8036abb2a47016c1f14c Author: Nicolai Stange Date: Sun Dec 4 14:56:39 2016 +0100 block: fix unintended fallthrough in generic_make_request_checks() Since commit e73c23ff736e ("block: add async variant of blkdev_issue_zeroout") messages like the following show up: EXT4-fs (dm-1): Delayed block allocation failed for inode 2368848 at logical offset 0 with max blocks 1 with error 95 EXT4-fs (dm-1): This should not happen!! Data will be lost Due to the following fallthrough introduced with commit 2d253440b5af ("block: Define zoned block device operations"), generic_make_request_checks() would accept a REQ_OP_WRITE_SAME bio only if the block device supports "write same" *and* is a zoned one: switch (bio_op(bio)) { [...] case REQ_OP_WRITE_SAME: if (!bdev_write_same(bio->bi_bdev)) goto not_supported; case REQ_OP_ZONE_REPORT: case REQ_OP_ZONE_RESET: if (!bdev_is_zoned(bio->bi_bdev)) goto not_supported; break; [...] } Thus, although the bio setup as done by __blkdev_issue_write_same() from commit e73c23ff736e ("block: add async variant of blkdev_issue_zeroout") would succeed, its actual submission would not, resulting in the EOPNOTSUPP == 95. Fix this by removing the fallthrough which, due to the lack of an explicit comment, seems to be unintended anyway. Fixes: e73c23ff736e ("block: add async variant of blkdev_issue_zeroout") Fixes: 2d253440b5af ("block: Define zoned block device operations") Signed-off-by: Nicolai Stange Reviewed-by: Christoph Hellwig Signed-off-by: Jens Axboe block/blk-core.c | 1 + 1 file changed, 1 insertion(+) commit 9d4b82706357f2eb23f45309227fc94d11eea255 Author: Changming Huang Date: Tue Nov 29 13:45:38 2016 +0800 fsl/usb: Workarourd for USB erratum-A005697 The EHCI specification states the following in the SUSP bit description: In the Suspend state, the port is sensitive to resume detection. Note that the bit status does not change until the port is suspended and that there may be a delay in suspending a port if there is a transaction currently in progress on the USB. However, in NXP USBDR controller, the PORTSCx[SUSP] bit changes immediately when the application sets it and not when the port is actually suspended. So the application must wait for at least 10 milliseconds after a port indicates that it is suspended, to make sure this port has entered suspended state before initiating this port resume using the Force Port Resume bit. This bit is for NXP controller, not EHCI compatible. Signed-off-by: Changming Huang Signed-off-by: Ramneek Mehresh Acked-by: Alan Stern Signed-off-by: Greg Kroah-Hartman drivers/usb/host/ehci-fsl.c | 3 +++ drivers/usb/host/ehci-hub.c | 14 ++++++++++++++ drivers/usb/host/ehci.h | 8 ++++++++ drivers/usb/host/fsl-mph-dr-of.c | 2 ++ include/linux/fsl_devices.h | 1 + 5 files changed, 28 insertions(+) commit 22547c4cc4fe20698a6a85a55b8788859134b8e4 Author: Guenter Roeck Date: Thu Dec 1 13:49:59 2016 -0800 usb: hub: Wait for connection to be reestablished after port reset On a system with a defective USB device connected to an USB hub, an endless sequence of port connect events was observed. The sequence of events as observed is as follows: - Port reports connected event (port status=USB_PORT_STAT_CONNECTION). - Event handler debounces port and resets it by calling hub_port_reset(). - hub_port_reset() calls hub_port_wait_reset() to wait for the reset to complete. - The reset completes, but USB_PORT_STAT_CONNECTION is not immediately set in the port status register. - hub_port_wait_reset() returns -ENOTCONN. - Port initialization sequence is aborted. - A few milliseconds later, the port again reports a connected event, and the sequence repeats. This continues either forever or, randomly, stops if the connection is already re-established when the port status is read. It results in a high rate of udev events. This in turn destabilizes userspace since the above sequence holds the device mutex pretty much continuously and prevents userspace from actually reading the device status. To prevent the problem from happening, let's wait for the connection to be re-established after a port reset. If the device was actually disconnected, the code will still return an error, but it will do so only after the long reset timeout. Cc: Douglas Anderson Signed-off-by: Guenter Roeck Acked-by: Alan Stern Signed-off-by: Greg Kroah-Hartman drivers/usb/core/hub.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) commit b282a118eb4ecb5d32eb022f4bed929531d9925b Author: Krzysztof Opasiak Date: Fri Dec 2 18:42:22 2016 +0100 usbip: vudc: Refactor init_vudc_hw() to be more obvious Current implementation of init_vudc_hw() adds ep0 to ep_list and then after looping through all endpoints removes it from that list. As this may be misleading let's refactor this function and avoid adding and removing ep0 to eplist and place it immediately in correct place. In addition let's remove redundant 0 assignments as ep array is zeroed during allocation. Signed-off-by: Krzysztof Opasiak Acked-by: Shuah Khan Signed-off-by: Greg Kroah-Hartman drivers/usb/usbip/vudc_dev.c | 35 ++++++++++++++++++----------------- 1 file changed, 18 insertions(+), 17 deletions(-) commit 3e448e13a662fb20145916636127995cbf37eb83 Author: Krzysztof Opasiak Date: Thu Dec 1 19:14:37 2016 +0100 usbip: vudc: fix: Clear already_seen flag also for ep0 ep_list inside gadget structure doesn't contain ep0. It is stored separately in ep0 field. This causes an urb hang if gadget driver decides to delay setup handling. On host side this is visible as timeout error when setting configuration. This bug can be reproduced using for example any gadget with mass storage function. Fixes: abdb29574322 ("usbip: vudc: Add vudc_transfer") Signed-off-by: Krzysztof Opasiak Cc: stable Acked-by: Shuah Khan Signed-off-by: Greg Kroah-Hartman drivers/usb/usbip/vudc_transfer.c | 2 ++ 1 file changed, 2 insertions(+) commit 64df1148876e35e81e91195e01c8197edc66fcc5 Author: Lukas Wunner Date: Sun Dec 4 13:10:04 2016 +0100 driver core: Silence device links sphinx warning Silence this warning emitted by sphinx: include/linux/device.h:938: warning: No description found for parameter 'links' While at it, fix typos in comments of device links code. Cc: Rafael J. Wysocki Cc: Jonathan Corbet Cc: Silvio Fricke Signed-off-by: Lukas Wunner Reviewed-by: Mauro Carvalho Chehab Signed-off-by: Greg Kroah-Hartman drivers/base/core.c | 4 ++-- include/linux/device.h | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) commit 8c317fafdd4e3b988c44d986022c66cebf71fc41 Author: Florian Vaussard Date: Tue Nov 29 18:10:49 2016 +0100 ASoC: cs42l56: Fix misuse of regmap_update_bits Using regmap_update_bits(..., mask, 1) with 'mask' following (1 << k) and k greater than 0 is wrong. Indeed, _regmap_update_bits will perform (mask & 1), which results in 0 if LSB of mask is 0. Thus the call regmap_update_bits(..., mask, 1) is in reality equivalent to regmap_update_bits(..., mask, 0). In such a case, the correct use is regmap_update_bits(..., mask, mask). This driver is performing such a mistake with the CS42L56_AIN*_REF_MASK masks, which equal 0x10, 0x20, 0x40 and 0x80. Fix the driver to make it consistent with the API. Please note that this change is untested, as I do not have this piece of hardware. Testers are welcome! Signed-off-by: Florian Vaussard Reviewed-by: Charles Keepax Acked-by: Brian Austin Signed-off-by: Mark Brown sound/soc/codecs/cs42l56.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) commit eea3dd4f1247aa8654194fb19ade22c94c42e41a Author: Mengdong Lin Date: Fri Nov 25 16:09:17 2016 +0800 ASoC: topology: Only free TLV for volume mixers of a widget This patch will check the type of embedded controls for a widget, and only free the TLV of volume mixers. Bytes controls don't have TLV. Just free the private value which is used as struct soc_mixer_control for volume mixers or soc_bytes_ext for bytes controls. No need to cast to these types before freeing it. Signed-off-by: Mengdong Lin Signed-off-by: Mark Brown include/sound/soc-topology.h | 2 +- sound/soc/soc-topology.c | 25 +++++++++++++++++-------- 2 files changed, 18 insertions(+), 9 deletions(-) commit 1a7dd6e2f192960229dd3113a35c74690e503ea2 Author: Mengdong Lin Date: Fri Nov 25 16:09:10 2016 +0800 ASoC: topology: Allow a widget to have multiple enum controls This patch can create multiple enumerated mixer controls for a widget. Previously topology kernel driver assumes a widget can have only one emumerated mixer control. We need to remove this restriction for Broxton. Its firmware modules (widgets) may need multiple enum controls based on the channel and MIC combination. No ABI change is needed. The ABI allows a widget to embed multiple controls. Reported-by: G Kranthi Signed-off-by: Mengdong Lin Signed-off-by: Mark Brown sound/soc/soc-topology.c | 163 +++++++++++++++++++++++++---------------------- 1 file changed, 87 insertions(+), 76 deletions(-) commit 6b11e70bb72c5bfbd7d1544518d26d4b1100aae1 Author: Adrian Hunter Date: Fri Dec 2 15:14:27 2016 +0200 mmc: sdhci: Tidy tuning loop Tidy the tuning loop by moving it to a separate function and making it a for-loop. Signed-off-by: Adrian Hunter Signed-off-by: Ulf Hansson drivers/mmc/host/sdhci.c | 81 +++++++++++++++++++++++++----------------------- 1 file changed, 43 insertions(+), 38 deletions(-) commit 85336109c0b272d8d0b4509872e1247d948ddfa9 Author: Adrian Hunter Date: Fri Dec 2 15:14:26 2016 +0200 mmc: sdhci: Simplify tuning block size logic There are only 2 possible block sizes, so simplify 2 if-statements into 1. Signed-off-by: Adrian Hunter Signed-off-by: Ulf Hansson drivers/mmc/host/sdhci.c | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) commit da4bc4f2851e3c46076929a8c9a99ee3e076cf1f Author: Adrian Hunter Date: Fri Dec 2 15:59:23 2016 +0200 mmc: sdhci: Factor out tuning helper functions Factor out some functions to tidy up the code in sdhci_execute_tuning. Signed-off-by: Adrian Hunter Signed-off-by: Ulf Hansson drivers/mmc/host/sdhci.c | 216 +++++++++++++++++++++++++++-------------------- 1 file changed, 124 insertions(+), 92 deletions(-) commit d0c3ab59105dd0192fc9bc3a578584a5b1c01dd0 Author: Adrian Hunter Date: Fri Dec 2 15:14:24 2016 +0200 mmc: sdhci: Use mmc_abort_tuning() Use mmc_abort_tuning() instead of open-coding the stop command. Signed-off-by: Adrian Hunter Signed-off-by: Ulf Hansson drivers/mmc/host/sdhci.c | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) commit e711f0309109701cb422aab44ace4ea0dccb89ea Author: Adrian Hunter Date: Fri Dec 2 15:14:23 2016 +0200 mmc: mmc: Introduce mmc_abort_tuning() If a tuning command times out, the card could still be processing it, which will cause problems for recovery. The eMMC specification says that CMD12 can be used to stop CMD21, so add a function that does that. Signed-off-by: Adrian Hunter Signed-off-by: Ulf Hansson drivers/mmc/core/mmc_ops.c | 25 +++++++++++++++++++++++++ include/linux/mmc/core.h | 1 + 2 files changed, 26 insertions(+) commit 0760c355525c08dd598e86edb2a310688ac8af4c Author: Adrian Hunter Date: Fri Dec 2 15:14:22 2016 +0200 mmc: sdhci: Always allow tuning to fall back to fixed sampling SDHCI falls back to fixed sampling if there is an error during tuning. However it also reports an error unless there is periodic re-tuning. That is not the best option because: a) there is a reasonable chance that fixed sampling will work, especially at room temperature. b) re-tuning will be done again anyway if there are CRC errors. Change to return no error always when falling back to fixed sampling. Signed-off-by: Adrian Hunter Signed-off-by: Ulf Hansson drivers/mmc/host/sdhci.c | 20 ++------------------ 1 file changed, 2 insertions(+), 18 deletions(-) commit 5ef5203b95c5090ba40e30ee8eedc5a937fc2898 Author: Adrian Hunter Date: Fri Dec 2 15:14:21 2016 +0200 mmc: sdhci: Fix tuning reset after exhausting the maximum number of loops If the driver has exhausted the maximum number of tuning loops, then fixed sampling is used. To do that both SDHCI_CTRL_TUNED_CLK and SDHCI_CTRL_EXEC_TUNING must be reset to 0, but only SDHCI_CTRL_TUNED_CLK was being reset. Reset SDHCI_CTRL_EXEC_TUNING to 0 also. Signed-off-by: Adrian Hunter Signed-off-by: Ulf Hansson drivers/mmc/host/sdhci.c | 1 + 1 file changed, 1 insertion(+) commit 61e53bd0047d58caee0c7170613045bf96de4458 Author: Adrian Hunter Date: Fri Dec 2 15:14:20 2016 +0200 mmc: sdhci: Fix recovery from tuning timeout Clearing the tuning bits should reset the tuning circuit. However there is more to do. Reset the command and data lines for good measure, and then for eMMC ensure the card is not still trying to process a tuning command by sending a stop command. Note the JEDEC eMMC specification says the stop command (CMD12) can be used to stop a tuning command (CMD21) whereas the SD specification is silent on the subject with respect to the SD tuning command (CMD19). Considering that CMD12 is not a valid SDIO command, the stop command is sent only when the tuning command is CMD21 i.e. for eMMC. That addresses cases seen so far which have been on eMMC. Note that this replaces the commit fe5fb2e3b58f ("mmc: sdhci: Reset cmd and data circuits after tuning failure") which is being reverted for v4.9+. Signed-off-by: Adrian Hunter Tested-by: Dan O'Donovan Cc: stable@vger.kernel.org Signed-off-by: Ulf Hansson drivers/mmc/host/sdhci.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) commit 2ca71c27eeaeddae38efe24a84b20e22708a3d1d Author: Adrian Hunter Date: Fri Dec 2 15:14:19 2016 +0200 Revert "mmc: sdhci: Reset cmd and data circuits after tuning failure" This reverts commit fe5fb2e3b58f ("mmc: sdhci: Reset cmd and data circuits after tuning failure"). A better fix is available, and it will be applied to older stable releases, so get this out of the way by reverting it. Signed-off-by: Adrian Hunter Cc: stable@vger.kernel.org # v4.9+ Signed-off-by: Ulf Hansson drivers/mmc/host/sdhci.c | 4 ---- 1 file changed, 4 deletions(-) commit ef3d232245ab7a1bf361c52449e612e4c8b7c5ab Author: Adrian Hunter Date: Fri Dec 2 13:16:35 2016 +0200 mmc: mmc: Relax checking for switch errors after HS200 switch The JEDEC specification indicates CMD13 can be used after a HS200 switch to check for errors. However in practice some boards experience CRC errors in the CMD13 response. Consequently, for HS200, CRC errors are not a reliable way to know the switch failed. If there really is a problem, we would expect tuning will fail and the result ends up the same. So change the error condition to ignore CRC errors in that case. Signed-off-by: Adrian Hunter Acked-by: Jaehoon Chung Reviewed-by: Shawn Lin Signed-off-by: Ulf Hansson drivers/mmc/core/mmc.c | 15 +++++++++++++-- drivers/mmc/core/mmc_ops.c | 9 ++++++++- drivers/mmc/core/mmc_ops.h | 1 + 3 files changed, 22 insertions(+), 3 deletions(-) commit 4e775249269213a2d8825d7f878e42e99a2b6080 Author: Javier Martinez Canillas Date: Tue Nov 29 11:40:51 2016 -0300 drm/exynos: Use VIDEO_SAMSUNG_EXYNOS_GSC=n as GSC Kconfig dependency Commit aeefb36832e5 ("drm/exynos: gsc: add device tree support and remove usage of static mappings") made the DRM_EXYNOS_GSC Kconfig symbol to only be selectable if the exynos-gsc V4L2 driver isn't enabled, since both use the same HW IP block. But added the dependency as depends on !VIDEO_SAMSUNG_EXYNOS_GSC which is not correct since Kconfig expressions are not boolean but tristate. So it will only evaluate to 'n' if VIDEO_SAMSUNG_EXYNOS_GSC=y but will evaluate to 'm' if VIDEO_SAMSUNG_EXYNOS_GSC=m. This means that both the V4L2 and DRM drivers can be enabled if the former is enabled as a module, which isn't what we want since otherwise 2 drivers could attempt to use the hardware at the same time. Signed-off-by: Javier Martinez Canillas Signed-off-by: Inki Dae drivers/gpu/drm/exynos/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 1bb399360fabd36a051e00006df6d5097beabed3 Author: Colin Ian King Date: Tue Nov 1 20:23:36 2016 -0600 drm/exynos: gsc: fix spelling mistakes Trivial fixes to spelling mistakes "precalser" to "prescaler" in dev_err messages Signed-off-by: Colin Ian King Reviewed-by: Javier Martinez Canillas Signed-off-by: Inki Dae drivers/gpu/drm/exynos/exynos_drm_fimc.c | 2 +- drivers/gpu/drm/exynos/exynos_drm_gsc.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) commit 63eb0a12d1378a534a6185c435d8d9ac4b4279f9 Author: Shuah Khan Date: Wed Aug 10 11:30:36 2016 -0600 exynos-drm: Fix error messages to print flags and size Fix exynos_drm_gem_create() error messages to include flags and size when flags and size are invalid. Signed-off-by: Shuah Khan Signed-off-by: Inki Dae drivers/gpu/drm/exynos/exynos_drm_gem.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 5f9e228d1cdd45f7737f31746e02e99a7235d3dd Author: Andrzej Hajda Date: Mon Nov 7 16:04:43 2016 +0100 drm/exynos/hdmi: refactor infoframe code Use core helpers to generate infoframes and generate vendor frame if necessary. Changelog: - changed 'ret >= 0' checks to '!ret' Signed-off-by: Andrzej Hajda Signed-off-by: Inki Dae drivers/gpu/drm/exynos/exynos_hdmi.c | 141 ++++++++++------------------------- drivers/gpu/drm/exynos/regs-hdmi.h | 2 + 2 files changed, 42 insertions(+), 101 deletions(-) commit d989eed20791534dc624c7b29568b263c67a286f Author: Gao Pan Date: Fri Dec 2 11:50:01 2016 +0800 spi: fsl-lpspi: quit reading rx fifo under error condition In case that error occurs during waiting for txfifo empty, it is not necessary to read rx fifo. It's better to return directly. Signed-off-by: Gao Pan Signed-off-by: Mark Brown drivers/spi/spi-fsl-lpspi.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit b6787b6807fb01b13f0f1a07cbb8eaf7853d1a6e Author: Gao Pan Date: Fri Dec 2 11:50:00 2016 +0800 spi: fsl-lpspi: use GPL as module license At the beginning of lpspi driver, it is claimed that the dirver is under the terms of the GNU General Public License, either version 2 of the License. While at the end I only declared GPL V2. This patch make the license consistent. Signed-off-by: Gao Pan Signed-off-by: Mark Brown drivers/spi/spi-fsl-lpspi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 30103b5b6432a51c3822a26dc340e35d91237f39 Author: David Lechner Date: Sun Dec 4 16:52:31 2016 -0600 regulator: Fix regulator_get_error_flags() signature mismatch The function signature of does not match regulator_get_error_flags() when CONFIG_REGULATOR is not defined vs. when it is not defined. This makes both declarations match to prevent compiler errors. Signed-off-by: David Lechner Signed-off-by: Mark Brown include/linux/regulator/consumer.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 29a43aa9b4b609eba73e76c5fd92d435fc6e35ce Author: Kuninori Morimoto Date: Fri Dec 2 05:27:30 2016 +0000 ASoC: simple_card_utils: tidyup file comment/define simple_card_utils was created as simple_card_core in 1st prototype, and current code still have it. Let's tidyup Signed-off-by: Kuninori Morimoto Signed-off-by: Mark Brown include/sound/simple_card_utils.h | 8 ++++---- sound/soc/generic/simple-card-utils.c | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) commit 3ce2959d162a8f2d69a83582df619a20ff3f6645 Author: Kuninori Morimoto Date: Fri Dec 2 02:44:23 2016 +0000 ASoC: rsnd: rsnd_get_dalign() needs to care SSIU, not SSI SSIU was controlled by SSI before, but commit c7f69ab53("ASoC: rsnd: use mod base common method on SSIU") separated it into ssiu.c But, it didn't care about rsnd_get_dalign() for judging SSI_BUSIF_DALIGN register value which changes the stream data order. This function will be called from cmd/src/ssiu now, but current code still cares ssi, not ssiu. This patch fix it up Signed-off-by: Kuninori Morimoto Tested-by: Hiroyuki Yokoyama Signed-off-by: Mark Brown sound/soc/sh/rcar/core.c | 6 +++--- sound/soc/sh/rcar/rsnd.h | 1 + 2 files changed, 4 insertions(+), 3 deletions(-) commit b2661e983f5b55d4895673bd5eafa14b1e7c8881 Author: David Lechner Date: Sun Dec 4 19:48:11 2016 -0600 regulator: core: add newline in debug message This adds a trailing newline to a debug message. Signed-off-by: David Lechner Signed-off-by: Mark Brown drivers/regulator/core.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 49f5522e495aba58feb1ca58123805929710bddd Author: Marc Zyngier Date: Sat Dec 3 14:05:37 2016 +0000 arm64: Remove reference to asm/opcodes.h The asm/opcodes.h file is now gone, but probes.h still references it for not obvious reason. Removing the #include directive fixes the compilation. Signed-off-by: Marc Zyngier Signed-off-by: Catalin Marinas arch/arm64/include/asm/probes.h | 2 -- 1 file changed, 2 deletions(-) commit 16200948d8353fe29a473a394d7d26790deae0e7 Author: Takashi Iwai Date: Mon Dec 5 11:19:38 2016 +0100 ALSA: usb-audio: Fix race at stopping the stream We've got a kernel crash report showing like: Unable to handle kernel NULL pointer dereference at virtual address 00000008 pgd = a1d7c000 [00000008] *pgd=31c93831, *pte=00000000, *ppte=00000000 Internal error: Oops: 17 [#1] PREEMPT SMP ARM CPU: 0 PID: 250 Comm: dbus-daemon Not tainted 3.14.51-03479-gf50bdf4 #1 task: a3ae61c0 ti: a08c8000 task.ti: a08c8000 PC is at retire_capture_urb+0x10/0x1f4 [snd_usb_audio] LR is at snd_complete_urb+0x140/0x1f0 [snd_usb_audio] pc : [<7f0eb22c>] lr : [<7f0e57fc>] psr: 200e0193 sp : a08c9c98 ip : a08c9ce8 fp : a08c9ce4 r10: 0000000a r9 : 00000102 r8 : 94cb3000 r7 : 94cb3000 r6 : 94d0f000 r5 : 94d0e8e8 r4 : 94d0e000 r3 : 7f0eb21c r2 : 00000000 r1 : 94cb3000 r0 : 00000000 Flags: nzCv IRQs off FIQs on Mode SVC_32 ISA ARM Segment user Control: 10c5387d Table: 31d7c04a DAC: 00000015 Process dbus-daemon (pid: 250, stack limit = 0xa08c8238) Stack: (0xa08c9c98 to 0xa08ca000) ... Backtrace: [<7f0eb21c>] (retire_capture_urb [snd_usb_audio]) from [<7f0e57fc>] (snd_complete_urb+0x140/0x1f0 [snd_usb_audio]) [<7f0e56bc>] (snd_complete_urb [snd_usb_audio]) from [<80371118>] (__usb_hcd_giveback_urb+0x78/0xf4) [<803710a0>] (__usb_hcd_giveback_urb) from [<80371514>] (usb_giveback_urb_bh+0x8c/0xc0) [<80371488>] (usb_giveback_urb_bh) from [<80028e3c>] (tasklet_hi_action+0xc4/0x148) [<80028d78>] (tasklet_hi_action) from [<80028358>] (__do_softirq+0x190/0x380) [<800281c8>] (__do_softirq) from [<80028858>] (irq_exit+0x8c/0xfc) [<800287cc>] (irq_exit) from [<8000ea88>] (handle_IRQ+0x8c/0xc8) [<8000e9fc>] (handle_IRQ) from [<800085e8>] (gic_handle_irq+0xbc/0xf8) [<8000852c>] (gic_handle_irq) from [<80509044>] (__irq_svc+0x44/0x78) [<80508820>] (_raw_spin_unlock_irq) from [<8004b880>] (finish_task_switch+0x5c/0x100) [<8004b824>] (finish_task_switch) from [<805052f0>] (__schedule+0x48c/0x6d8) [<80504e64>] (__schedule) from [<805055d4>] (schedule+0x98/0x9c) [<8050553c>] (schedule) from [<800116c8>] (do_work_pending+0x30/0xd0) [<80011698>] (do_work_pending) from [<8000e160>] (work_pending+0xc/0x20) Code: e1a0c00d e92ddff0 e24cb004 e24dd024 (e5902008) Kernel panic - not syncing: Fatal exception in interrupt There is a race between retire_capture_urb() and stop_endpoints(). The latter is called at stopping the stream and it sets some endpoint fields to NULL. But its call is asynchronous, thus the pending complete callback might get called after these NULL clears, and it leads the NULL dereference like the above. The fix is to move the NULL clearance after the synchronization, i.e. wait_clear_urbs(). This is called at prepare and hw_free callbacks, so it's assured to be called before the restart of the stream or the release of the stream. Also, while we're at it, put the EP_FLAG_RUNNING flag check at the beginning of snd_complete_urb() to skip the pending complete after the stream is stopped. Fixes: b2eb950de2f0 ("ALSA: usb-audio: stop both data and sync...") Reported-by: Jiada Wang Reported-by: Mark Craske Cc: Signed-off-by: Takashi Iwai sound/usb/endpoint.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) commit db52d4f8a4bde36263a7cc9d46ff20b243562ac9 Author: Daniel Drake Date: Thu Dec 1 14:33:03 2016 -0600 mmc: sdhci-acpi: support 80860F14 UID 2 SDIO bus Add an entry for the SDIO bus in the ECS EF20 cherry trail laptop: Device (SDHB) { Name (_ADR, 0x00110000) Name (_HID, "80860F14" /* Intel Baytrail SDIO/MMC Host Controller */) Name (_CID, "PNP0D40" /* SDA Standard Compliant SD Host Controller */) Name (_DDN, "Intel(R) SDIO Controller - 80862295") Name (_UID, 0x02) Name (_HRV, One) A SDHB device with the same _HID and _UID can also be found on other cherry trail products like Chuwi Hi10. Signed-off-by: Daniel Drake Acked-by: Adrian Hunter Signed-off-by: Ulf Hansson drivers/mmc/host/sdhci-acpi.c | 1 + 1 file changed, 1 insertion(+) commit 8baa74f3dd2cb63fd861e34cd3ebff4a0cea648b Author: Masahiro Yamada Date: Thu Dec 1 13:05:46 2016 +0900 mmc: sdhci-of-at91: remove bogus MMC_SDHCI_IO_ACCESSORS select I see no override of read/write callbacks in sdhci-of-at91.c. Signed-off-by: Masahiro Yamada Acked-by: Ludovic Desroches Acked-by: Adrian Hunter Signed-off-by: Ulf Hansson drivers/mmc/host/Kconfig | 1 - 1 file changed, 1 deletion(-) commit 3f23df72dc351e9ffe5eb577fcc38876dacba305 Author: Zach Brown Date: Mon Nov 28 13:16:39 2016 -0600 mmc: sdhci-pci: Use ACPI to get max frequency for Intel NI byt sdio On NI 9037 boards the max SDIO frequency is limited by trace lengths and other layout choices. The max SDIO frequency is stored in an ACPI table. The driver reads the ACPI entry MXFQ during sdio_probe_slot and sets the f_max field of the host. Signed-off-by: Nathan Sullivan Reviewed-by: Jaeden Amero Reviewed-by: Josh Cartwright Signed-off-by: Zach Brown Acked-by: Adrian Hunter Signed-off-by: Ulf Hansson drivers/mmc/host/sdhci-pci-core.c | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) commit 42b06496407c03f4c89e19c5b9d4973446d2f1af Author: Zach Brown Date: Mon Nov 28 13:16:38 2016 -0600 mmc: sdhci-pci: Add PCI ID for Intel NI byt sdio Add PCI ID for Intel byt sdio host controller sub-vended by NI. The controller has different behavior because of the board layout NI puts it on. Signed-off-by: Zach Brown Acked-by: Adrian Hunter Signed-off-by: Ulf Hansson drivers/mmc/host/sdhci-pci-core.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) commit 69be8522a2dbabafdd62febd819f3c470a549eb1 Author: Jaehoon Chung Date: Wed Nov 30 15:05:42 2016 +0900 mmc: sdhci-s3c: add spin_unlock_irq() before calling clk_round_rate Before calling clk_round_rate(), put the spin_unlock_irq() in sdhci_s3c_consider_clock() function. Signed-off-by: Jaehoon Chung Acked-by: Adrian Hunter Signed-off-by: Ulf Hansson drivers/mmc/host/sdhci-s3c.c | 2 ++ 1 file changed, 2 insertions(+) commit e6cd7a8ea1c3efe412e6b9e900b635ea29764f70 Author: Jaehoon Chung Date: Thu Nov 24 20:04:42 2016 +0900 mmc: dw_mmc: display the clock message only one time when card is polling When card is polling (broken-cd), there is a spamming messge related to clock. After applied this patch, display the message only one time at boot time. It's enough to check which clock values is used. Also prevent to display the spamming message. Signed-off-by: Jaehoon Chung Signed-off-by: Ulf Hansson drivers/mmc/host/dw_mmc.c | 13 ++++++++++++- drivers/mmc/host/dw_mmc.h | 1 + 2 files changed, 13 insertions(+), 1 deletion(-) commit d10111cf8586e16dbdbe8ed60de7065b54a70df1 Author: Jaehoon Chung Date: Thu Nov 24 20:04:41 2016 +0900 mmc: dw_mmc: add the debug message for polling and non-removable If card is polling or non-removable, display the more exact message. It's helpful to debug which detecting scheme is using. Signed-off-by: Jaehoon Chung Signed-off-by: Ulf Hansson drivers/mmc/host/dw_mmc.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) commit 1c238a95a727e8cd3fe1c97a653c4101b8dd39d2 Author: Jaehoon Chung Date: Thu Nov 24 20:04:40 2016 +0900 mmc: dw_mmc: check the "present" variable before checking flags Before checking flags, it has to check "present" variable. Otherwise, flags should be cleared everytime. Signed-off-by: Jaehoon Chung Signed-off-by: Ulf Hansson drivers/mmc/host/dw_mmc.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit df9bcc2bc0a1f8d2963bd916698268fb2470713b Author: Joonyoung Shim Date: Fri Nov 25 12:47:15 2016 +0900 mmc: dw_mmc: add missing codes for runtime resume The commit 64997de4fd17 ("mmc: dw_mmc: remove system PM callback") is missing to call dw_mci_ctrl_reset(). This adds to call dw_mci_ctrl_reset() and to handle error of clocks. Signed-off-by: Joonyoung Shim Signed-off-by: Jaehoon Chung Signed-off-by: Ulf Hansson drivers/mmc/host/dw_mmc.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) commit 9b93d392fdbd336b0f1558592010c0169801afa5 Author: Joonyoung Shim Date: Wed Nov 23 18:36:02 2016 +0900 mmc: dw_mmc: exynos: fix to call suspend callback The dw_mmc-exynos should be RPM_ACTIVE on probe() to call suspend callback of runtime PM in pm_runtime_force_suspend() during first system suspend. Also call pm_runtime_get_noresume() on probe() because it doesn't call suspend/resume callback by runtime PM now. Signed-off-by: Joonyoung Shim Signed-off-by: Jaehoon Chung Signed-off-by: Ulf Hansson drivers/mmc/host/dw_mmc-exynos.c | 28 ++++++++++++++++++++++++++-- 1 file changed, 26 insertions(+), 2 deletions(-) commit f28ef5617254a946c1a8576dc3f243347b143794 Author: Shawn Lin Date: Wed Nov 2 15:26:57 2016 +0800 mmc: mmc_test: remove BUG_ONs and deploy error handling It is unnecessary to panic the kernel when testing mmc. Instead, cast a warning for folkz to debug and return the error code to the caller to indicate the failure of this test should be enough. Signed-off-by: Shawn Lin Signed-off-by: Ulf Hansson drivers/mmc/card/mmc_test.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) commit 8508cb9868015cad4f10d818f32f4030c75e88e0 Author: Shawn Lin Date: Wed Nov 2 15:26:49 2016 +0800 mmc: queue: remove BUG_ON for bounce_sg bounce_sg for mqrq_cur and mqrq_pre are proper allocated when initializing the queue and will not be freed before explicitly cleaning the queue. So from the code itself it should be quite confident to remove this check. If that BUG_ON take effects, it is mostly likely the memory is randomly oopsing. Signed-off-by: Shawn Lin Signed-off-by: Ulf Hansson drivers/mmc/card/queue.c | 2 -- 1 file changed, 2 deletions(-) commit 8664dccf3adb1ca3bddf5ddd11e44a0c033cad63 Author: Shawn Lin Date: Wed Nov 2 15:26:25 2016 +0800 mmc: sdio_uart: remove meaningless BUG_ON The code seems quite simple to maintain the sdio_uart_table, and the insert/remove port from the table are symmetric. If the BUG_ON occurs, which means serial_core modify the index or mess up the port sequence anyway. Signed-off-by: Shawn Lin Signed-off-by: Ulf Hansson drivers/mmc/card/sdio_uart.c | 2 -- 1 file changed, 2 deletions(-) commit 6ff897ff5c62cd0454af39734408fcec8c4cf3f3 Author: Shawn Lin Date: Wed Nov 2 15:26:16 2016 +0800 mmc: core: remove BUG_ONs from core.c BUG_ONs doesn't help anything except for stop the system from running. If it occurs, it implies we should deploy proper error handling for that. So this patch is gonna discard these meaningless BUG_ONs and deploy error handling if needed. Signed-off-by: Shawn Lin Signed-off-by: Ulf Hansson drivers/mmc/core/core.c | 34 +++++++++------------------------- 1 file changed, 9 insertions(+), 25 deletions(-) commit 349583d66620a7d3eda760c82119ab7a8c253272 Author: Shawn Lin Date: Wed Nov 2 15:25:48 2016 +0800 mmc: core: remove BUG_ONs from sd BUG_ONs doesn't help anything except for stop the system from running. If it occurs, it implies we should deploy proper error handling for that. So this patch is gonna discard these meaningless BUG_ONs and deploy error handling if needed. Signed-off-by: Shawn Lin Signed-off-by: Ulf Hansson drivers/mmc/core/sd.c | 14 -------------- drivers/mmc/core/sd_ops.c | 27 ++++----------------------- 2 files changed, 4 insertions(+), 37 deletions(-) commit 8cce3ecc535daf91c6f5c895684195932a949be1 Author: Shawn Lin Date: Wed Nov 2 15:25:33 2016 +0800 mmc: core: remove BUG_ONs from mmc BUG_ONs doesn't help anything except for stop the system from running. If it occurs, it implies we should deploy proper error handling for that. So this patch is gonna discard these meaningless BUG_ONs and deploy error handling if needed. Signed-off-by: Shawn Lin Signed-off-by: Ulf Hansson drivers/mmc/core/mmc.c | 14 -------------- drivers/mmc/core/mmc_ops.c | 17 ----------------- 2 files changed, 31 deletions(-) commit a48ee3e65a9e7395e8bab86728fcdc81c30a89ca Author: Shawn Lin Date: Wed Nov 2 15:24:39 2016 +0800 mmc: debugfs: remove BUG_ON from mmc_ext_csd_open Return error value for file_operations callback instead of triggering BUG_ON which is meaningless. Personally I don't believe n != EXT_CSD_STR_LEN could happen. Anyway, propagate the error to the caller. Signed-off-by: Shawn Lin Signed-off-by: Ulf Hansson drivers/mmc/core/debugfs.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) commit 5df0e8231f9518ee5ca3f58a0777556dd03addd6 Author: Shawn Lin Date: Wed Nov 2 15:24:00 2016 +0800 mmc: core: remove BUG_ONs from sdio BUG_ONs doesn't help anything except for stop the system from running. If it occurs, it implies we should deploy proper error handling for that. So this patch is gonna discard these meaningless BUG_ONs and deploy error handling if needed. Signed-off-by: Shawn Lin Signed-off-by: Ulf Hansson drivers/mmc/core/sdio.c | 17 ++--------------- drivers/mmc/core/sdio_cis.c | 3 ++- drivers/mmc/core/sdio_irq.c | 12 +++++++----- 3 files changed, 11 insertions(+), 21 deletions(-) commit 925ff3a7a334b3fe968ae15f07d22df21addad26 Author: Adrian Hunter Date: Tue Nov 29 12:09:16 2016 +0200 mmc: mmc: Add Command Queue definitions Add definitions relating to Command Queuing. Signed-off-by: Adrian Hunter Reviewed-by: Linus Walleij Signed-off-by: Ulf Hansson drivers/mmc/core/mmc.c | 18 ++++++++++++++++++ include/linux/mmc/card.h | 2 ++ include/linux/mmc/mmc.h | 17 +++++++++++++++++ 3 files changed, 37 insertions(+) commit c5bda0ca6fab8e040c8ea3c71fdd16deee0f132f Author: Adrian Hunter Date: Tue Nov 29 12:09:15 2016 +0200 mmc: queue: Introduce queue depth and use it to allocate and free Add a mmc_queue member to record the size of the queue, which currently supports 2 requests on-the-go at a time. Instead of allocating resources for 2 slots in the queue, allow for an arbitrary number. Signed-off-by: Adrian Hunter Signed-off-by: Ulf Hansson drivers/mmc/card/queue.c | 115 +++++++++++++++++++++++------------------------ drivers/mmc/card/queue.h | 3 +- 2 files changed, 59 insertions(+), 59 deletions(-) commit c09949cff5eb408c30f154207ebdc706d94fe1f3 Author: Adrian Hunter Date: Tue Nov 29 12:09:14 2016 +0200 mmc: queue: Factor out mmc_queue_reqs_free_bufs() In preparation for supporting a queue of requests, factor out mmc_queue_reqs_free_bufs(). Signed-off-by: Adrian Hunter Reviewed-by: Linus Walleij Reviewed-by: Harjani Ritesh Signed-off-by: Ulf Hansson drivers/mmc/card/queue.c | 65 +++++++++++++++++++----------------------------- 1 file changed, 26 insertions(+), 39 deletions(-) commit 64e29e42a61b8b531eb77f363ddb8e507dfd35ed Author: Adrian Hunter Date: Tue Nov 29 12:09:13 2016 +0200 mmc: queue: Factor out mmc_queue_alloc_sgs() In preparation for supporting a queue of requests, factor out mmc_queue_alloc_sgs(). Signed-off-by: Adrian Hunter Reviewed-by: Linus Walleij Reviewed-by: Harjani Ritesh Signed-off-by: Ulf Hansson drivers/mmc/card/queue.c | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) commit f2b8b522cf643baa367b6834a49ff3e12cfa9136 Author: Adrian Hunter Date: Tue Nov 29 12:09:12 2016 +0200 mmc: queue: Factor out mmc_queue_alloc_bounce_sgs() In preparation for supporting a queue of requests, factor out mmc_queue_alloc_bounce_sgs(). Signed-off-by: Adrian Hunter Reviewed-by: Linus Walleij Reviewed-by: Harjani Ritesh [Ulf: Fixed compiler warning] Signed-off-by: Ulf Hansson drivers/mmc/card/queue.c | 44 ++++++++++++++++++++++++++++---------------- 1 file changed, 28 insertions(+), 16 deletions(-) commit c853982ece93da10e508a5dab621478623deb324 Author: Adrian Hunter Date: Tue Nov 29 12:09:11 2016 +0200 mmc: queue: Factor out mmc_queue_alloc_bounce_bufs() In preparation for supporting a queue of requests, factor out mmc_queue_alloc_bounce_bufs(). Signed-off-by: Adrian Hunter Reviewed-by: Linus Walleij Reviewed-by: Harjani Ritesh [Ulf: Fixed compiler warning] Signed-off-by: Ulf Hansson drivers/mmc/card/queue.c | 47 +++++++++++++++++++++++++++++------------------ 1 file changed, 29 insertions(+), 18 deletions(-) commit e0097cf5f2f1b7b8a594beaa32a604776d3ca6ce Author: Adrian Hunter Date: Tue Nov 29 12:09:10 2016 +0200 mmc: queue: Fix queue thread wake-up The only time the driver sleeps expecting to be woken upon the arrival of a new request, is when the dispatch queue is empty. The only time that it is known whether the dispatch queue is empty is after NULL is returned from blk_fetch_request() while under the queue lock. Recognizing those facts, simplify the synchronization between the queue thread and the request function. A couple of flags tell the request function what to do, and the queue lock and barriers associated with wake-ups ensure synchronization. The result is simpler and allows the removal of the context_info lock. Signed-off-by: Adrian Hunter Reviewed-by: Linus Walleij Reviewed-by: Harjani Ritesh Signed-off-by: Ulf Hansson drivers/mmc/card/block.c | 7 ------- drivers/mmc/card/queue.c | 35 +++++++++++++++++++++-------------- drivers/mmc/card/queue.h | 1 + drivers/mmc/core/core.c | 6 ------ include/linux/mmc/host.h | 2 -- 5 files changed, 22 insertions(+), 29 deletions(-) commit 5be80375f5a030e5f5beba76620380da5ea6cefa Author: Adrian Hunter Date: Tue Nov 29 12:09:09 2016 +0200 mmc: block: Fix 4K native sector check The 4K native sector check does not allow for the 'do' loop nor the variables used after the 'cmd_abort' label. 'brq' and 'req' get reassigned in the 'do' loop, so the check must not assume what their values are. After the 'cmd_abort' label, 'mq_rq' and 'req' are used, but 'rqc' must be NULL otherwise it can be started again. Signed-off-by: Adrian Hunter Reviewed-by: Linus Walleij Signed-off-by: Ulf Hansson drivers/mmc/card/block.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) commit 5dd784d2e4eb765ae86b3366484d01429bb7adca Author: Adrian Hunter Date: Tue Nov 29 12:09:08 2016 +0200 mmc: block: Restore line inadvertently removed with packed commands Signed-off-by: Adrian Hunter Signed-off-by: Ulf Hansson Reviewed-by: Linus Walleij drivers/mmc/card/block.c | 2 ++ 1 file changed, 2 insertions(+) commit 7a9e10253e9e52451bbe80ddb2874368dbd240a3 Author: Chris Wilson Date: Mon Nov 28 14:36:48 2016 +0000 drm/i915: Move priority bumping for flips earlier David found another issue with priority bumping from mmioflips, where we are accessing the requests concurrently to them being retired and freed. Whilst we are skipping the dependency if has been submitted, that is not sufficient to stop the dependency from disappearing if another thread retires that request. To prevent we can either employ the struct_mutex (or a request mutex in the future) to serialise retiring before it is freed. Alternatively, we need to keep the dependencies alive using RCU whilst they are being accessed via the DFS. [ 1746.698111] general protection fault: 0000 [#1] PREEMPT SMP [ 1746.698305] Modules linked in: snd_hda_intel snd_hda_codec snd_hwdep x86_pkg_temp_thermal snd_hda_core coretemp crct10dif_pclmul crc32_pclmul snd_pcm ghash_clmulni_intel mei_me mei i915 e1000e ptp pps_core i2c_hid [ 1746.698750] CPU: 1 PID: 6716 Comm: kworker/u8:2 Not tainted 4.9.0-rc6-CI-Nightly_816+ #1 [ 1746.698871] Hardware name: GIGABYTE GB-BKi7A-7500/MFLP7AP-00, BIOS F1 07/27/2016 [ 1746.699125] Workqueue: events_unbound intel_mmio_flip_work_func [i915] [ 1746.699266] task: ffff880260a5e800 task.stack: ffffc90000f6c000 [ 1746.699361] RIP: 0010:[] [] execlists_schedule+0x8d/0x300 [i915] [ 1746.699632] RSP: 0018:ffffc90000f6fcd8 EFLAGS: 00010206 [ 1746.699724] RAX: dead0000000000f8 RBX: ffff8801f64b2bf0 RCX: ffff8801f64b2c10 [ 1746.699842] RDX: dead000000000100 RSI: 0000000000000000 RDI: ffff8801f64b0458 [ 1746.699972] RBP: ffffc90000f6fd68 R08: ffff88026488dc00 R09: 0000000000000002 [ 1746.700090] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000400 [ 1746.700195] R13: ffffc90000f6fcf0 R14: ffff88020955aa40 R15: ffff88020955aa68 [ 1746.700307] FS: 0000000000000000(0000) GS:ffff88026dc80000(0000) knlGS:0000000000000000 [ 1746.700435] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1746.700532] CR2: 0000000002a69e90 CR3: 0000000002c07000 CR4: 00000000003406e0 [ 1746.700635] Stack: [ 1746.700682] ffff880260a5e880 ffffc90000f6fd50 ffffffff810af69a ffffc90000f6fd28 [ 1746.700827] ffff88020955a628 ffff8801e1eaebf0 0000000000000020 0000000000000000 [ 1746.700947] 00000196af1edc96 ffff88025dfa4000 ffff8801f0b030a8 ffffc90000f6fcf0 [ 1746.701071] Call Trace: [ 1746.701117] [] ? dequeue_entity+0x25a/0xb50 [ 1746.701260] [] fence_set_priority+0x7e/0x80 [i915] [ 1746.701406] [] i915_gem_object_wait_priority+0x85/0x160 [i915] [ 1746.701599] [] intel_mmio_flip_work_func+0x47/0x2b0 [i915] [ 1746.701717] [] process_one_work+0x14d/0x470 [ 1746.701809] [] worker_thread+0x43/0x4e0 [ 1746.701888] [] ? process_one_work+0x470/0x470 [ 1746.701969] [] ? process_one_work+0x470/0x470 [ 1746.702072] [] kthread+0xc5/0xe0 [ 1746.702152] [] ? _raw_spin_unlock_irq+0x9/0x10 [ 1746.702234] [] ? kthread_park+0x60/0x60 [ 1746.702318] [] ret_from_fork+0x22/0x30 [ 1746.702387] Code: 89 42 08 48 8b 45 88 48 89 55 c0 4c 89 6d c8 4c 8d 70 d8 4d 8d 7e 28 4d 39 ef 74 72 49 8b 1e 48 8b 13 48 39 d3 48 8d 42 f8 74 3e <48> 8b 10 8b 52 38 41 39 d4 7e 26 48 8b 50 30 48 8b 78 28 48 8d [ 1746.702921] RIP [] execlists_schedule+0x8d/0x300 [i915] Nov 25 21:42:54 kbl-gbbki7 kernel: [ 1746.703027] RSP Fixes: 27745e829a5c ("drm/i915/execlists: Use a local lock for dfs_link access") Fixes: 9a151987d709 ("drm/i915: Add execution priority boosting for mmioflips") Signed-off-by: Chris Wilson Cc: David Weinehall Cc: Tvrtko Ursulin Link: http://patchwork.freedesktop.org/patch/msgid/20161128143649.4289-1-chris@chris-wilson.co.uk Reviewed-by: Tvrtko Ursulin (cherry picked from commit 92117f0bce64268b841261774e45462cc7ff80af) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_display.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 0e932c080cdee38e873476df92d7dc02bdb023bc Author: Chris Wilson Date: Fri Nov 25 13:17:17 2016 +0000 drm/i915: Hold a reference on the request for its fence chain Currently, we have an active reference for the request until it is retired. Though it cannot be retired before it has been executed by hardware, the request may be completed before we have finished processing the execute fence, i.e. we may continue to process that fence as we free the request. Fixes: 5590af3e115a ("drm/i915: Drive request submission through fence callbacks") Fixes: 23902e49c999 ("drm/i915: Split request submit/execute phase into two") Signed-off-by: Chris Wilson Reviewed-by: Joonas Lahtinen Link: http://patchwork.freedesktop.org/patch/msgid/20161125131718.20978-3-chris@chris-wilson.co.uk (cherry picked from commit 48bc2a4a427ad81578f887d71d45794619a77211) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/i915_gem_request.c | 34 ++++++++++++++++++++++++++------- drivers/gpu/drm/i915/i915_sw_fence.h | 5 +++++ 2 files changed, 32 insertions(+), 7 deletions(-) commit b9f16ff2730c1be06ca89518d5c369b12ffbbc6c Author: Libin Yang Date: Fri Nov 11 16:46:28 2016 +0800 drm/i915/audio: fix hdmi audio noise issue Some monitors will have noise or even no sound after applying the patch 6014ac12. In patch 6014ac12, it will reset the cts value to 0 for HDMI. However, we need to disable Enable CTS or M Prog bit. This is the initial setting after HW reset. Fixes: 6014ac122ed0 ("drm/i915/audio: set proper N/M in modeset") Signed-off-by: Libin Yang Signed-off-by: Jani Nikula Link: http://patchwork.freedesktop.org/patch/msgid/1478853988-139842-1-git-send-email-libin.yang@intel.com (cherry picked from commit 60abfbb86a8d51576f90c5adcbb4f547a2952782) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_audio.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) commit 3acd24017563e1ce333eb52d37b7e69480cd4100 Author: Chris Wilson Date: Thu Nov 24 09:47:52 2016 +0000 drm/i915/debugfs: Increment return value of gt.next_seqno The i915_next_seqno read value is to be the next seqno used by the kernel. However, in the conversion to atomics ops for gt.next_seqno, in commit 28176ef4cfa5 ("drm/i915: Reserve space in the global seqno during request allocation"), this was changed from a post-increment to a pre-increment. This increment was missed from the value reported by debugfs, so in effect it was reporting the current seqno (last assigned), not the next seqno. Fixes: 28176ef4cfa5 ("drm/i915: Reserve space in the global seqno during request allocation") Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=81209 Signed-off-by: Chris Wilson Cc: Joonas Lahtinen Link: http://patchwork.freedesktop.org/patch/msgid/20161124094752.19129-1-chris@chris-wilson.co.uk Reviewed-by: Joonas Lahtinen (cherry picked from commit 9607ae79710afb453173b90d5bf564788a6e09b1) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/i915_debugfs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 6cef2f8477206fc0a6961358e8ef9d01a3201a5c Author: Chris Wilson Date: Thu Nov 24 09:34:01 2016 +0000 drm/i915/debugfs: Drop i915_hws_info i915_hws_info() has not been kept upto date (missing new engines) and so I consider it to be unused. HWS is included in the error state, which would be an avenue to retrieving it if required in future (possibly via i915_engine_info). As it is currently oopsing with an rpm testcase, just remove it. Fixes: 3b3f1650b1ca ("drm/i915: Allocate intel_engine_cs structure only for the enabled engines") Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=98838 Signed-off-by: Chris Wilson Cc: Joonas Lahtinen Cc: Tvrtko Ursulin Link: http://patchwork.freedesktop.org/patch/msgid/20161124093401.18852-1-chris@chris-wilson.co.uk Reviewed-by: Tvrtko Ursulin (cherry picked from commit 30576a2c462d9658508c3de67601aa565f973064) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/i915_debugfs.c | 25 ------------------------- 1 file changed, 25 deletions(-) commit 1f3dc3e334c1192ebe2939ea17ba12f4776f90c3 Author: Ville Syrjälä Date: Tue Nov 29 16:13:57 2016 +0200 drm/i915: Initialize dev_priv->atomic_cdclk_freq at init time Looks like we're only initializing dev_priv->atomic_cdclk_freq at resume and commit times, not at init time. Let's do that as well. We're now hitting the 'WARN_ON(intel_state->cdclk == 0)' in hsw_compute_linetime_wm() on account of populating intel_state->cdclk from dev_priv->atomic_cdclk_freq. Previously we were mispopulating intel_state->cdclk with dev_priv->cdclk_freq which always had a proper value at init time and hence the WARN_ON() didn't trigger. Cc: # 4.6+: 14676ec6b1a6 drm/i915: Fix cdclk vs. dev_cdclk mess when not recomputing things Cc: # 4.6+ Cc: Matthew Auld Reported-by: Matthew Auld Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=98902 Fixes: 14676ec6b1a6 ("drm/i915: Fix cdclk vs. dev_cdclk mess when not recomputing things") Signed-off-by: Ville Syrjälä Link: http://patchwork.freedesktop.org/patch/msgid/1480428837-4207-1-git-send-email-ville.syrjala@linux.intel.com Tested-by: Matthew Auld Reviewed-by: Matthew Auld (cherry picked from commit 6a259b1f8a9e99b1ed114f8bf8b0cfccee130e54) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_display.c | 1 + 1 file changed, 1 insertion(+) commit 14676ec6b1a6f2f7fa0bafd98ab42ce77be7a7d4 Author: Ville Syrjälä Date: Mon Nov 14 18:35:09 2016 +0200 drm/i915: Fix cdclk vs. dev_cdclk mess when not recomputing things When we end up not recomputing the cdclk, we need to populate intel_state->cdclk with the "atomic_cdclk_freq" instead of the current cdclk_freq. When no pipes are active, the actual cdclk_freq may be lower than what the configuration of the planes and pipes would require from the point of view of the software state. This fixes bogus WARNS from skl_max_scale() which is trying to check the plane software state against the cdclk frequency. So any time it got called during DPMS off for instance, we might have tripped the warn if the current mode would have required a higher than minimum cdclk. v2: Drop the dev_cdclk stuff (Maarten) Cc: Maarten Lankhorst Cc: Mika Kahola Cc: bruno.pagani@ens-lyon.org Cc: Daniel J Blueman Cc: Paul Bolle Cc: Joseph Yasi Tested-by: Paul Bolle Tested-by: Joseph Yasi (v1) Cc: # v4.6+ Fixes: 1a617b77658e ("drm/i915: Keep track of the cdclk as if all crtc's were active.") Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=98214 Signed-off-by: Ville Syrjälä Reviewed-by: Maarten Lankhorst Link: http://patchwork.freedesktop.org/patch/msgid/1479141311-11904-2-git-send-email-ville.syrjala@linux.intel.com (cherry picked from commit e0ca7a6be38ce603d26df5707c22e53870a623e0) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_display.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) commit e4ce904d6289f2a72affd2a0f0a44da6e5d0cce4 Author: Axel Haslam Date: Thu Dec 1 15:10:41 2016 +0100 ARM: dts: da850: enable high speed for mmc The mmc controller in da850 supports high speed modes so add cap-sd-highspeed and cap-mmc-highspeed. Signed-off-by: Axel Haslam Signed-off-by: Sekhar Nori arch/arm/boot/dts/da850.dtsi | 4 ++++ 1 file changed, 4 insertions(+) commit 991015743272cd2836b1d1b94b6894e2269e241f Author: Ville Syrjälä Date: Tue Nov 22 22:21:53 2016 +0200 drm/i915: Make skl_write_{plane,cursor}_wm() static Someone forgot to make skl_write_{plane,cursor}_wm() static when removing the prototypes from the header. Sparse isn't pleased. Cc: Maarten Lankhorst Cc: Lyude Cc: Matt Roper Fixes: e62929b3f628 ("drm/i915/gen9+: Program watermarks as a separate step during evasion, v3.") Signed-off-by: Ville Syrjälä Link: http://patchwork.freedesktop.org/patch/msgid/1479846113-24745-1-git-send-email-ville.syrjala@linux.intel.com Reviewed-by: Lyude Reviewed-by: Maarten Lankhorst (cherry picked from commit d9348dec902ff36e0f1b25ccf1f4be25fc1ac409) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/intel_pm.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) commit ce1135c7de646bd608784657471b934d6e50195d Author: Chris Wilson Date: Tue Nov 22 14:41:20 2016 +0000 drm/i915: Complete requests in nop_submit_request Since the submit/execute split in commit d55ac5bf97c6 ("drm/i915: Defer transfer onto execution timeline to actual hw submission") the global seqno advance was deferred until the submit_request callback. After wedging the GPU, we were installing a nop_submit_request handler (to avoid waking up the dead hw) but I had missed converting this over to the new scheme. Under the new scheme, we have to explicitly call i915_gem_submit_request() from the submit_request handler to mark the request as on the hardware. If we don't the request is always pending, and any waiter will continue to wait indefinitely and hangcheck will not be able to resolve the lockup. References: https://bugs.freedesktop.org/show_bug.cgi?id=98748 Testcase: igt/gem_eio/in-flight Fixes: d55ac5bf97c6 ("drm/i915: Defer transfer onto execution timeline to actual hw submission") Signed-off-by: Chris Wilson Cc: Tvrtko Ursulin Reviewed-by: Tvrtko Ursulin Link: http://patchwork.freedesktop.org/patch/msgid/20161122144121.7379-3-chris@chris-wilson.co.uk (cherry picked from commit 3dcf93f7f23a61e867a5ccadaf651cb2d29229fd) Signed-off-by: Jani Nikula drivers/gpu/drm/i915/i915_gem.c | 2 ++ 1 file changed, 2 insertions(+) commit 48d9831627c6a059946085ce42d2fd17fb365b8d Author: Daniel Vetter Date: Mon Dec 5 08:29:26 2016 +0100 drm/qxl: Don't register debugfs for control minors They're gone since 8a357d10043c ("drm: Nerf DRM_CONTROL nodes"). Spotted while doing a full audit when revieng a similar patch from Nicolai for radeon. v2: Drink coffee first aka don't forget the unregister side. Cc: Dave Airlie Fixes: 8a357d10043c ("drm: Nerf DRM_CONTROL nodes") Cc: Nicolai Stange Acked-by: Dave Airlie Signed-off-by: Daniel Vetter Link: http://patchwork.freedesktop.org/patch/msgid/20161205072926.12546-1-daniel.vetter@ffwll.ch drivers/gpu/drm/qxl/qxl_debugfs.c | 6 ------ 1 file changed, 6 deletions(-) commit 1f32478f8fe5ac6f2f49670fc909f086c44a4b2f Author: Nicolai Stange Date: Sat Dec 3 15:47:00 2016 +0100 drm/radeon: don't add files at control minor debugfs directory Since commit 8a357d10043c ("drm: Nerf DRM_CONTROL nodes"), a struct drm_device's ->control member is always NULL. In the case of CONFIG_DEBUG_FS=y, radeon_debugfs_add_files() accesses ->control->debugfs_root though. This results in the following Oops: BUG: unable to handle kernel NULL pointer dereference at 0000000000000018 IP: radeon_debugfs_add_files+0x90/0x100 [radeon] PGD 0 Oops: 0000 [#1] SMP [...] Call Trace: ? work_on_cpu+0xb0/0xb0 radeon_fence_driver_init+0x120/0x150 [radeon] si_init+0x122/0xd50 [radeon] ? _raw_spin_unlock_irq+0x2c/0x40 ? device_pm_check_callbacks+0xb3/0xc0 radeon_device_init+0x958/0xda0 [radeon] radeon_driver_load_kms+0x9a/0x210 [radeon] drm_dev_register+0xa9/0xd0 [drm] drm_get_pci_dev+0x9c/0x1e0 [drm] radeon_pci_probe+0xb8/0xe0 [radeon] [...] Fix this by omitting the drm_debugfs_create_files() call for the control minor debugfs directory which is now non-existent anyway. Fixes: 8a357d10043c ("drm: Nerf DRM_CONTROL nodes") Signed-off-by: Nicolai Stange Acked-by: Dave Airlie Signed-off-by: Daniel Vetter Link: http://patchwork.freedesktop.org/patch/msgid/20161203144700.2307-1-nicstange@gmail.com drivers/gpu/drm/radeon/radeon_device.c | 6 ------ 1 file changed, 6 deletions(-) commit f03ee46be9401e3434f52bb15e92d1e640f76438 Merge: 0d5320f 3e5de27 Author: Dave Airlie Date: Mon Dec 5 17:11:48 2016 +1000 Backmerge tag 'v4.9-rc8' into drm-next Linux 4.9-rc8 Daniel requested this so we could apply some follow on fixes cleanly to -next. commit dd29908b87b899d2c207f32012f8f1a703cdd62d Author: Bjorn Andersson Date: Wed Oct 19 19:38:10 2016 -0700 dt-binding: soc: qcom: smd: Add label property The label property can be used to specify a name of the edge, for consistent naming purposes. Acked-by: Rob Herring Acked-by: Andy Gross Signed-off-by: Bjorn Andersson Documentation/devicetree/bindings/soc/qcom/qcom,smd.txt | 7 +++++++ 1 file changed, 7 insertions(+) commit cae028df53449905c944603df624ac94bc619661 Author: Dave Chinner Date: Mon Dec 5 14:40:32 2016 +1100 xfs: optimise CRC updates Nick Piggin reported that the CRC overhead in an fsync heavy workload was higher than expected on a Power8 machine. Part of this was to do with the fact that the power8 CRC implementation is not efficient for CRC lengths of less than 512 bytes, and so the way we split the CRCs over the CRC field means a lot of the CRCs are reduced to being less than than optimal size. To optimise this, change the CRC update mechanism to zero the CRC field first, and then compute the CRC in one pass over the buffer and write the result back into the buffer. We can do this safely because anything writing a CRC has exclusive access to the buffer the CRC is being calculated over. We leave the CRC verify code the same - it still splits the CRC calculation - because we do not want read-only operations modifying the underlying buffer. This is because read-only operations may not have an exclusive access to the buffer guaranteed, and so temporary modifications could leak out to to other processes accessing the buffer concurrently. Signed-off-by: Dave Chinner Reviewed-by: Christoph Hellwig Signed-off-by: Dave Chinner fs/xfs/libxfs/xfs_cksum.h | 26 ++++++++++++++++++++++---- fs/xfs/libxfs/xfs_inode_buf.c | 2 +- fs/xfs/xfs_log.c | 2 +- fs/xfs/xfs_log_recover.c | 12 +++++++----- 4 files changed, 31 insertions(+), 11 deletions(-) commit 11ef38afe98cc7ad1a46ef24945232ec1760d5e2 Author: Dave Chinner Date: Mon Dec 5 14:38:58 2016 +1100 xfs: make xfs btree stats less huge Embedding a switch statement in every btree stats inc/add adds a lot of code overhead to the core btree infrastructure paths. Stats are supposed to be small and lightweight, but the btree stats have become big and bloated as we've added more btrees. It needs fixing because the reflink code will just add more overhead again. Convert the v2 btree stats to arrays instead of independent variables, and instead use the type to index the specific btree array via an enum. This allows us to use array based indexing to update the stats, rather than having to derefence variables specific to the btree type. If we then wrap the xfsstats structure in a union and place uint32_t array beside it, and calculate the correct btree stats array base array index when creating a btree cursor, we can easily access entries in the stats structure without having to switch names based on the btree type. We then replace with the switch statement with a simple set of stats wrapper macros, resulting in a significant simplification of the btree stats code, and: text data bss dec hex filename 48905 144 8 49057 bfa1 fs/xfs/libxfs/xfs_btree.o.old 36793 144 8 36945 9051 fs/xfs/libxfs/xfs_btree.o it reduces the core btree infrastructure code size by close to 25%! Signed-off-by: Dave Chinner Reviewed-by: Christoph Hellwig Signed-off-by: Dave Chinner fs/xfs/libxfs/xfs_alloc_btree.c | 4 + fs/xfs/libxfs/xfs_bmap_btree.c | 1 + fs/xfs/libxfs/xfs_btree.h | 43 +------- fs/xfs/libxfs/xfs_ialloc_btree.c | 2 + fs/xfs/libxfs/xfs_refcount_btree.c | 1 + fs/xfs/libxfs/xfs_rmap_btree.c | 1 + fs/xfs/xfs_stats.c | 10 +- fs/xfs/xfs_stats.h | 200 +++++++++++++++---------------------- 8 files changed, 99 insertions(+), 163 deletions(-) commit ff45000fcb56b5b0f1a14a865d3541746d838a0a Author: Nicholas Piggin Date: Mon Nov 28 12:42:26 2016 +1100 powerpc/boot: Request no dynamic linker for boot wrapper The boot wrapper performs its own relocations and does not require PT_INTERP segment. However currently we don't tell the linker that. Prior to binutils 2.28 that works OK. But since binutils commit 1a9ccd70f9a7 ("Fix the linker so that it will not silently generate ELF binaries with invalid program headers. Fix readelf to report such invalid binaries.") binutils tries to create a program header segment due to PT_INTERP, and the link fails because there is no space for it: ld: arch/powerpc/boot/zImage.pseries: Not enough room for program headers, try linking with -N ld: final link failed: Bad value So tell the linker not to do that, by passing --no-dynamic-linker. Cc: stable@vger.kernel.org Reported-by: Anton Blanchard Signed-off-by: Nicholas Piggin [mpe: Drop dependency on ld-version.sh and massage change log] Signed-off-by: Michael Ellerman arch/powerpc/boot/wrapper | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) commit d7544424169e0ba1ffdc39edbdfa822711a59c5f Author: Wei Yongjun Date: Mon Oct 17 15:13:59 2016 +0000 soc/fsl/bman: Use resource_size instead of computation Use resource_size function on resource object instead of explicit computation. Generated by: scripts/coccinelle/api/resource_size.cocci Signed-off-by: Wei Yongjun Signed-off-by: Scott Wood drivers/soc/fsl/qbman/bman_ccsr.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit c9492b4bea2630dacd18e16f8e8b0dcf91a6edcf Author: Geliang Tang Date: Wed Nov 23 23:04:21 2016 +0800 soc/fsl/qe: use builtin_platform_driver Use builtin_platform_driver() helper to simplify the code. Signed-off-by: Geliang Tang Signed-off-by: Scott Wood drivers/soc/fsl/qe/qe.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) commit 16c6cb46a7716c49f5dd44b5a1ccbaa74900eb89 Author: Geliang Tang Date: Wed Nov 23 23:02:35 2016 +0800 powerpc/fsl_pmc: use builtin_platform_driver Use builtin_platform_driver() helper to simplify the code. Signed-off-by: Geliang Tang Signed-off-by: Scott Wood arch/powerpc/sysdev/fsl_pmc.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) commit 53a46e8188e0782e84090bd35c01d506d9ffcfaf Author: Geliang Tang Date: Wed Nov 23 23:00:45 2016 +0800 powerpc/83xx/suspend: use builtin_platform_driver Use builtin_platform_driver() helper to simplify the code. Signed-off-by: Geliang Tang Signed-off-by: Scott Wood arch/powerpc/platforms/83xx/suspend.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) commit 1bb33a98702d8360947f18a44349df75ba555d5d Author: Darrick J. Wong Date: Mon Dec 5 12:38:57 2016 +1100 xfs: don't cap maximum dedupe request length After various discussions on linux-fsdevel, it has been decided that it is not necessary to cap the length of a dedupe request, and that correctly-written userspace client programs will be able to absorb the change. Therefore, remove the length clamping behavior. Signed-off-by: Darrick J. Wong Reviewed-by: Dave Chinner Signed-off-by: Dave Chinner fs/xfs/xfs_file.c | 9 --------- 1 file changed, 9 deletions(-) commit ef388e2054feedaeb05399ed654bdb06f385d294 Author: Darrick J. Wong Date: Mon Dec 5 12:38:38 2016 +1100 xfs: don't allow di_size with high bit set The on-disk field di_size is used to set i_size, which is a signed integer of loff_t. If the high bit of di_size is set, we'll end up with a negative i_size, which will cause all sorts of problems. Since the VFS won't let us create a file with such length, we should catch them here in the verifier too. Signed-off-by: Darrick J. Wong Reviewed-by: Dave Chinner Signed-off-by: Dave Chinner fs/xfs/libxfs/xfs_inode_buf.c | 8 ++++++++ 1 file changed, 8 insertions(+) commit 0f352f8ee8412bd9d34fb2a6411241da61175c0e Author: Darrick J. Wong Date: Mon Dec 5 12:38:11 2016 +1100 xfs: error out if trying to add attrs and anextents > 0 We shouldn't assert if somehow we end up trying to add an attr fork to an inode that apparently already has attr extents because this is an indication of on-disk corruption. Instead, return an error code to userspace. Signed-off-by: Darrick J. Wong Reviewed-by: Dave Chinner Signed-off-by: Dave Chinner fs/xfs/libxfs/xfs_bmap.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit 96a3aefb8ffde23180130460b0b2407b328eb727 Author: Darrick J. Wong Date: Mon Dec 5 12:37:47 2016 +1100 xfs: don't crash if reading a directory results in an unexpected hole In xfs_dir3_data_read, we can encounter the situation where err == 0 and *bpp == NULL if the given bno offset happens to be a hole; this leads to a crash if we try to set the buffer type after the _da_read_buf call. Holes can happen due to corrupt or malicious entries in the bmbt data, so be a little more careful when we're handling buffers. Signed-off-by: Darrick J. Wong Reviewed-by: Dave Chinner Signed-off-by: Dave Chinner fs/xfs/libxfs/xfs_dir2_data.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 356a3225222e5bc4df88aef3419fb6424f18ab69 Author: Darrick J. Wong Date: Mon Dec 5 12:36:56 2016 +1100 xfs: complain if we don't get nextents bmap records When reading into memory all extents of a btree-format inode fork, complain if the number of extents we find is not the same as the number of extents reported in the inode core. This is needed to stop an IO action from accessing the garbage areas of the in-core fork. [dchinner: removed redundant assert] Signed-off-by: Darrick J. Wong Reviewed-by: Dave Chinner Signed-off-by: Dave Chinner fs/xfs/libxfs/xfs_bmap.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit bb3be7e7c1c18e1b141d4cadeb98cc89ecf78099 Author: Darrick J. Wong Date: Mon Dec 5 12:33:54 2016 +1100 xfs: check for bogus values in btree block headers When we're reading a btree block, make sure that what we retrieved matches the owner and level; and has a plausible number of records. Signed-off-by: Darrick J. Wong Reviewed-by: Dave Chinner Signed-off-by: Dave Chinner fs/xfs/libxfs/xfs_btree.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) commit d2a047f31e86941fa896e0e3271536d50aba415e Author: Darrick J. Wong Date: Mon Dec 5 12:32:50 2016 +1100 xfs: forbid AG btrees with level == 0 There is no such thing as a zero-level AG btree since even a single-node zero-records btree has one level. Btree cursor constructors read cur_nlevels straight from disk and then access things like cur_bufs[cur_nlevels - 1] which is /really/ bad if cur_nlevels is zero! Therefore, strengthen the verifiers to prevent this possibility. Signed-off-by: Darrick J. Wong Reviewed-by: Dave Chinner Signed-off-by: Dave Chinner fs/xfs/libxfs/xfs_alloc.c | 10 +++++++--- fs/xfs/libxfs/xfs_ialloc.c | 9 ++++++++- 2 files changed, 15 insertions(+), 4 deletions(-) commit f7a136aee3c1c3f7daf87197b3b3c361744a2812 Author: Eric Sandeen Date: Mon Dec 5 12:32:14 2016 +1100 xfs: several xattr functions can be void There are a handful of xattr functions which now return nothing but zero. They can be made void, chased through calling functions, and error handling etc can be removed. Signed-off-by: Eric Sandeen Reviewed-by: Christoph Hellwig Signed-off-by: Dave Chinner fs/xfs/libxfs/xfs_attr_leaf.h | 2 +- fs/xfs/xfs_attr.h | 4 +-- fs/xfs/xfs_attr_list.c | 59 ++++++++++++++++--------------------------- fs/xfs/xfs_xattr.c | 23 ++++++++--------- 4 files changed, 35 insertions(+), 53 deletions(-) commit c44a1f22626c153976289e1cd67bdcdfefc16e1f Author: Eric Sandeen Date: Mon Dec 5 12:32:00 2016 +1100 xfs: handle cow fork in xfs_bmap_trace_exlist By inspection, xfs_bmap_trace_exlist isn't handling cow forks, and will trace the data fork instead. Fix this by setting state appropriately if whichfork == XFS_COW_FORK. ()___() < @ @ > | | {o_o} (|) Signed-off-by: Eric Sandeen Reviewed-by: Christoph Hellwig Signed-off-by: Dave Chinner fs/xfs/libxfs/xfs_bmap.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 7710517fc37b1899722707883b54694ea710b3c0 Author: Eric Sandeen Date: Mon Dec 5 12:31:50 2016 +1100 xfs: pass state not whichfork to trace_xfs_extlist When xfs_bmap_trace_exlist called trace_xfs_extlist, it sent in the "whichfork" var instead of the bmap "state" as expected (even though state was already set up for this purpose). As a result, the xfs_bmap_class in tracing code used "whichfork" not state in xfs_iext_state_to_fork(), and got the wrong ifork pointer. It all goes downhill from there, including an ASSERT when ifp_bytes is empty by the time it reaches xfs_iext_get_ext(): XFS: Assertion failed: idx < ifp->if_bytes / sizeof(xfs_bmbt_rec_t) Signed-off-by: Eric Sandeen Reviewed-by: Christoph Hellwig Signed-off-by: Dave Chinner fs/xfs/libxfs/xfs_bmap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 200237d6746faaeaf7f4ff4abbf13f3917cee60a Author: Eric Sandeen Date: Mon Dec 5 12:31:31 2016 +1100 xfs: Move AGI buffer type setting to xfs_read_agi We've missed properly setting the buffer type for an AGI transaction in 3 spots now, so just move it into xfs_read_agi() and set it if we are in a transaction to avoid the problem in the future. This is similar to how it is done in i.e. the dir3 and attr3 read functions. Signed-off-by: Eric Sandeen Reviewed-by: Brian Foster Reviewed-by: Christoph Hellwig Signed-off-by: Dave Chinner fs/xfs/libxfs/xfs_ialloc.c | 4 ++-- fs/xfs/xfs_inode.c | 2 -- fs/xfs/xfs_log_recover.c | 1 - 3 files changed, 2 insertions(+), 5 deletions(-) commit 6b10b23ca94451fae153a5cc8d62fd721bec2019 Author: Eric Sandeen Date: Mon Dec 5 12:31:06 2016 +1100 xfs: set AGI buffer type in xlog_recover_clear_agi_bucket xlog_recover_clear_agi_bucket didn't set the type to XFS_BLFT_AGI_BUF, so we got a warning during log replay (or an ASSERT on a debug build). XFS (md0): Unknown buffer type 0! XFS (md0): _xfs_buf_ioapply: no ops on block 0xaea8802/0x1 Fix this, as was done in f19b872b for 2 other locations with the same problem. cc: # 3.10 to current Signed-off-by: Eric Sandeen Reviewed-by: Brian Foster Reviewed-by: Christoph Hellwig Signed-off-by: Dave Chinner fs/xfs/xfs_log_recover.c | 1 + 1 file changed, 1 insertion(+) commit 50523a29d900d5a403e0352d3d7aeda6a33df25c Author: Josh Stone Date: Fri Dec 2 15:49:43 2016 -0800 Yama: allow access for the current ptrace parent Under ptrace_scope=1, it's possible to have a tracee that is already ptrace-attached, but is no longer a direct descendant. For instance, a forking daemon will be re-parented to init, losing its ancestry to the tracer that launched it. The tracer can continue using ptrace in that state, but it will be denied other accesses that check PTRACE_MODE_ATTACH, like process_vm_rw and various procfs files. There's no reason to prevent such access for a tracer that already has ptrace control anyway. This patch adds a case to ptracer_exception_found to allow access for any task in the same thread group as the current ptrace parent. Signed-off-by: Josh Stone Cc: Kees Cook Cc: James Morris Cc: "Serge E. Hallyn" Cc: linux-security-module@vger.kernel.org Signed-off-by: Kees Cook Signed-off-by: James Morris security/yama/yama_lsm.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) commit d94cbf6c73324a008dfb8576f15d089d7f707f24 Author: Trond Myklebust Date: Sun Dec 4 19:34:38 2016 -0500 NFSv4.1: Don't schedule lease recovery in nfs4_schedule_session_recovery() If the session has an error, then we want to start by recovering the session, as any SEQUENCE we send is going to fail with a session error. Signed-off-by: Trond Myklebust fs/nfs/nfs4state.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 2cf10cdd486c362f983abdce00dc1127e8ab8c59 Author: Trond Myklebust Date: Sun Dec 4 19:26:40 2016 -0500 NFSv4.1: Handle NFS4ERR_BADSESSION/NFS4ERR_DEADSESSION replies to OP_SEQUENCE In the case where SEQUENCE receives a NFS4ERR_BADSESSION or NFS4ERR_DEADSESSION error, we just want to report the session as needing recovery, and then we want to retry the operation. Signed-off-by: Trond Myklebust fs/nfs/nfs4proc.c | 4 ++++ 1 file changed, 4 insertions(+) commit 1cd9cb05f96e526f41bb4704caa95dc40ed08c5d Author: Trond Myklebust Date: Sun Dec 4 18:34:34 2016 -0500 NFS: Only look at the change attribute cache state in nfs_check_verifier When looking at whether or not our dcache is valid, we really don't care about the general state of the directory attribute cache. Instead, we we only care about the state of the change attribute. This fixes a performance issue when the client is responsible for changing the directory contents; a number of NFSv4 operations will atomically update the directory change attribute, but may not return all the other attributes. Signed-off-by: Trond Myklebust fs/nfs/dir.c | 14 ++++++-------- fs/nfs/inode.c | 2 +- include/linux/nfs_fs.h | 1 + 3 files changed, 8 insertions(+), 9 deletions(-) commit 450630975da9e7dffe540753e169dc4da5fe7c29 Author: Al Viro Date: Sun Dec 4 18:24:56 2016 -0500 don't open-code file_inode() Signed-off-by: Al Viro drivers/gpu/drm/amd/amdgpu/amdgpu_device.c | 20 ++++++++++---------- drivers/gpu/drm/amd/amdgpu/amdgpu_ring.c | 2 +- drivers/gpu/drm/amd/amdgpu/amdgpu_ttm.c | 4 ++-- drivers/staging/greybus/camera.c | 4 ++-- drivers/staging/greybus/es2.c | 6 +++--- drivers/staging/greybus/svc.c | 6 +++--- drivers/staging/greybus/timesync.c | 2 +- drivers/target/target_core_configfs.c | 2 +- fs/aio.c | 6 +++--- fs/autofs4/inode.c | 2 +- fs/fcntl.c | 2 +- fs/orangefs/file.c | 2 +- fs/orangefs/orangefs-debugfs.c | 6 ++++-- fs/overlayfs/copy_up.c | 2 +- kernel/audit_watch.c | 4 ++-- kernel/events/core.c | 2 +- kernel/locking/qspinlock_stat.h | 12 ++---------- security/smack/smack_lsm.c | 2 +- 18 files changed, 40 insertions(+), 46 deletions(-) commit 9310b224f2ecc8bb075b86d753a2f359e3e1ac85 Author: Trond Myklebust Date: Sun Dec 4 18:08:40 2016 -0500 NFS: Fix incorrect size revalidation when holding a delegation We should only care about checking the attributes if the page cache is marked as dubious (using NFS_INO_REVAL_PAGECACHE) and the NFS_INO_REVAL_FORCED flag is set. Signed-off-by: Trond Myklebust fs/nfs/file.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit 07c65a665b8d88f871d8083644ba3f41e68f048f Author: Angelo Dureghello Date: Wed Oct 19 23:19:39 2016 +0200 m68knommu: AMCORE board, add iMX i2c support Add iMX i2c support for the Sysam AMCORE board. Signed-off-by: Angelo Dureghello Signed-off-by: Greg Ungerer arch/m68k/configs/amcore_defconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit a41cdd0117bfe86924b28e560153c85593e942d0 Author: Angelo Dureghello Date: Thu Oct 6 20:41:35 2016 +0200 m68k: add Sysam AMCORE open board support Add support for Sysam AMCORE board, an open hardware embedded Linux board, see http://sysam.it/openzone/projects/amcore/amcore.html for any info. Signed-off-by: Angelo Dureghello Signed-off-by: Greg Ungerer arch/m68k/Kconfig.machine | 6 ++ arch/m68k/coldfire/Makefile | 1 + arch/m68k/coldfire/amcore.c | 156 +++++++++++++++++++++++++++++++++++++ arch/m68k/configs/amcore_defconfig | 118 ++++++++++++++++++++++++++++ 4 files changed, 281 insertions(+) commit 2d24b532f95b8b1b61bf670ef5bdee52bcf59640 Author: Steven King Date: Mon Jun 30 09:53:19 2014 -0700 m68knommu: platform support for i2c devices on ColdFire SoC These changes based on work by Steven King to support the i2c hardware modules on ColdFire SoC family devices. This is the per SoC hardware support. Contains a common platform device setup. Each of the SoC family members tends to have some minor local setup required to initialize the module. But all ColdFire family members use the same i2c hardware module. This i2c hardware module is the same as used in the Freescale iMX ARM based family of SoC devices. Steven's original patches were based on using a new and different i2c-coldfire.c driver. But this is not neccessary as we can use the existing Linux i2c-imx.c driver with no change required to it. And this patch is now based on using the existing i2c-imx driver. This patch only contains the ColdFire platform changes. Signed-off-by: Greg Ungerer Tested-by: Angelo Dureghello arch/m68k/coldfire/device.c | 159 +++++++++++++++++++++++++++++++++++++++ arch/m68k/coldfire/m5206.c | 12 +++ arch/m68k/coldfire/m520x.c | 24 +++++- arch/m68k/coldfire/m523x.c | 18 +++++ arch/m68k/coldfire/m5249.c | 25 ++++++ arch/m68k/coldfire/m525x.c | 10 ++- arch/m68k/coldfire/m527x.c | 28 +++++++ arch/m68k/coldfire/m528x.c | 18 +++++ arch/m68k/coldfire/m5307.c | 14 ++++ arch/m68k/coldfire/m53xx.c | 20 ++++- arch/m68k/coldfire/m5407.c | 14 ++++ arch/m68k/coldfire/m5441x.c | 12 +-- arch/m68k/coldfire/m54xx.c | 17 +++++ arch/m68k/include/asm/m5206sim.h | 8 ++ arch/m68k/include/asm/m520xsim.h | 8 ++ arch/m68k/include/asm/m523xsim.h | 10 ++- arch/m68k/include/asm/m527xsim.h | 8 ++ arch/m68k/include/asm/m528xsim.h | 9 +++ arch/m68k/include/asm/m5307sim.h | 9 ++- arch/m68k/include/asm/m53xxsim.h | 8 ++ arch/m68k/include/asm/m5407sim.h | 8 ++ arch/m68k/include/asm/m54xxsim.h | 11 +++ 22 files changed, 432 insertions(+), 18 deletions(-) commit 10727772b93cc80c859b2e45bb32976d79b21990 Author: Trond Myklebust Date: Sun Dec 4 16:02:43 2016 -0500 NFS: Fix incorrect mapping revalidation when holding a delegation We should only care about checking the attributes if the page cache is marked as dubious (using NFS_INO_REVAL_PAGECACHE) and the NFS_INO_REVAL_FORCED flag is set. Signed-off-by: Trond Myklebust fs/nfs/inode.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) commit 481fa3734769b67f00ed09a42f2a6a8cbd00b869 Author: Florian Westphal Date: Tue Nov 15 21:36:44 2016 +0100 netfilter: conntrack: add nf_conntrack_default_on sysctl This switch (default on) can be used to disable automatic registration of connection tracking functionality in newly created network namespaces. This means that when net namespace goes down (or the tracker protocol module is unloaded) we *might* have to unregister the hooks. We can either add another per-netns variable that tells if the hooks got registered by default, or, alternatively, just call the protocol _put() function and have the callee deal with a possible 'extra' put() operation that doesn't pair with a get() one. This uses the latter approach, i.e. a put() without a get has no effect. Conntrack is still enabled automatically regardless of the new sysctl setting if the new net namespace requires connection tracking, e.g. when NAT rules are created. Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso Documentation/networking/nf_conntrack-sysctl.txt | 11 +++++++++++ include/net/netfilter/nf_conntrack_l3proto.h | 9 +++++++++ net/netfilter/nf_conntrack_proto.c | 19 ++++++++++++++++++- net/netfilter/nf_conntrack_standalone.c | 10 ++++++++++ 4 files changed, 48 insertions(+), 1 deletion(-) commit 0c66dc1ea3f0366221f8a5a16c73f01ea9259678 Author: Florian Westphal Date: Tue Nov 15 21:36:43 2016 +0100 netfilter: conntrack: register hooks in netns when needed by ruleset This makes use of nf_ct_netns_get/put added in previous patch. We add get/put functions to nf_conntrack_l3proto structure, ipv4 and ipv6 then implement use-count to track how many users (nft or xtables modules) have a dependency on ipv4 and/or ipv6 connection tracking functionality. When count reaches zero, the hooks are unregistered. This delays activation of connection tracking inside a namespace until stateful firewall rule or nat rule gets added. This patch breaks backwards compatibility in the sense that connection tracking won't be active anymore when the protocol tracker module is loaded. This breaks e.g. setups that ctnetlink for flow accounting and the like, without any '-m conntrack' packet filter rules. Followup patch restores old behavour and makes new delayed scheme optional via sysctl. Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso include/net/netfilter/nf_conntrack_l3proto.h | 4 ++ net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | 55 ++++++++++++++++++++------ net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c | 54 +++++++++++++++++++------ net/netfilter/nf_conntrack_proto.c | 38 +++++++++++++++++- 4 files changed, 127 insertions(+), 24 deletions(-) commit 20afd423976ef3df0ce5719909ffd4416f9ef986 Author: Florian Westphal Date: Tue Nov 15 21:36:42 2016 +0100 netfilter: nf_tables: add conntrack dependencies for nat/masq/redir expressions so that conntrack core will add the needed hooks in this namespace. Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso net/ipv4/netfilter/nft_masq_ipv4.c | 7 +++++++ net/ipv4/netfilter/nft_redir_ipv4.c | 7 +++++++ net/ipv6/netfilter/nft_masq_ipv6.c | 7 +++++++ net/ipv6/netfilter/nft_redir_ipv6.c | 7 +++++++ net/netfilter/nft_masq.c | 2 +- net/netfilter/nft_nat.c | 11 ++++++++++- net/netfilter/nft_redir.c | 2 +- 7 files changed, 40 insertions(+), 3 deletions(-) commit a357b3f80bc8d785ac7bdb99eb10ad0ba51275c9 Author: Florian Westphal Date: Tue Nov 15 21:36:41 2016 +0100 netfilter: nat: add dependencies on conntrack module MASQUERADE, S/DNAT and REDIRECT already call functions that depend on the conntrack module. However, since the conntrack hooks are now registered in a lazy fashion (i.e., only when needed) a symbol reference is not enough. Thus, when something is added to a nat table, make sure that it will see packets by calling nf_ct_netns_get() which will register the conntrack hooks in the current netns. An alternative would be to add these dependencies to the NAT table. However, that has problems when using non-modular builds -- we might register e.g. ipv6 conntrack before its initcall has run, leading to NULL deref crashes since its per-netns storage has not yet been allocated. Adding the dependency in the modules instead has the advantage that nat table also does not register its hooks until rules are added. Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso net/ipv4/netfilter/ipt_MASQUERADE.c | 8 +++++++- net/netfilter/xt_NETMAP.c | 11 +++++++++-- net/netfilter/xt_REDIRECT.c | 12 ++++++++++-- net/netfilter/xt_nat.c | 18 +++++++++++++++++- 4 files changed, 43 insertions(+), 6 deletions(-) commit ecb2421b5ddf48e6e116fced7f74c985bb546138 Author: Florian Westphal Date: Tue Nov 15 21:36:40 2016 +0100 netfilter: add and use nf_ct_netns_get/put currently aliased to try_module_get/_put. Will be changed in next patch when we add functions to make use of ->net argument to store usercount per l3proto tracker. This is needed to avoid registering the conntrack hooks in all netns and later only enable connection tracking in those that need conntrack. Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso include/net/netfilter/nf_conntrack.h | 4 ++++ net/ipv4/netfilter/ipt_CLUSTERIP.c | 4 ++-- net/ipv4/netfilter/ipt_SYNPROXY.c | 4 ++-- net/ipv6/netfilter/ip6t_SYNPROXY.c | 4 ++-- net/netfilter/nf_conntrack_proto.c | 12 ++++++++++++ net/netfilter/nft_ct.c | 26 +++++++++++++------------- net/netfilter/xt_CONNSECMARK.c | 4 ++-- net/netfilter/xt_CT.c | 6 +++--- net/netfilter/xt_connbytes.c | 4 ++-- net/netfilter/xt_connlabel.c | 6 +++--- net/netfilter/xt_connlimit.c | 6 +++--- net/netfilter/xt_connmark.c | 8 ++++---- net/netfilter/xt_conntrack.c | 4 ++-- net/netfilter/xt_helper.c | 4 ++-- net/netfilter/xt_state.c | 4 ++-- 15 files changed, 58 insertions(+), 42 deletions(-) commit a379854d91b2cb0af07b0f62845449f4dacbd673 Author: Florian Westphal Date: Tue Nov 15 21:36:39 2016 +0100 netfilter: conntrack: remove unused init_net hook since adf0516845bcd0 ("netfilter: remove ip_conntrack* sysctl compat code") the only user (ipv4 tracker) sets this to an empty stub function. After this change nf_ct_l3proto_pernet_register() is also empty, but this will change in a followup patch to add conditional register of the hooks. Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso include/net/netfilter/nf_conntrack_l3proto.h | 3 --- net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | 6 ------ net/netfilter/nf_conntrack_proto.c | 8 -------- 3 files changed, 17 deletions(-) commit 9b91c96c5d1f9da79438292f8c82f65cbf078645 Author: Davide Caratti Date: Tue Nov 15 15:08:27 2016 +0100 netfilter: conntrack: built-in support for UDPlite CONFIG_NF_CT_PROTO_UDPLITE is no more a tristate. When set to y, connection tracking support for UDPlite protocol is built-in into nf_conntrack.ko. footprint test: $ ls -l net/netfilter/nf_conntrack{_proto_udplite,}.ko \ net/ipv4/netfilter/nf_conntrack_ipv4.ko \ net/ipv6/netfilter/nf_conntrack_ipv6.ko (builtin)|| udplite| ipv4 | ipv6 |nf_conntrack ---------++--------+--------+--------+-------------- none || 432538 | 828755 | 828676 | 6141434 UDPlite || - | 829649 | 829362 | 6498204 Signed-off-by: Davide Caratti Signed-off-by: Pablo Neira Ayuso include/net/netfilter/ipv4/nf_conntrack_ipv4.h | 3 + include/net/netfilter/ipv6/nf_conntrack_ipv6.h | 3 + include/net/netns/conntrack.h | 16 ++++++ net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | 3 + net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c | 3 + net/netfilter/Kconfig | 5 +- net/netfilter/Makefile | 2 +- net/netfilter/nf_conntrack_proto_udplite.c | 79 +++----------------------- 8 files changed, 41 insertions(+), 73 deletions(-) commit a85406afeb3e045b001b2aac5b4f89f4266fede3 Author: Davide Caratti Date: Tue Nov 15 15:08:26 2016 +0100 netfilter: conntrack: built-in support for SCTP CONFIG_NF_CT_PROTO_SCTP is no more a tristate. When set to y, connection tracking support for SCTP protocol is built-in into nf_conntrack.ko. footprint test: $ ls -l net/netfilter/nf_conntrack{_proto_sctp,}.ko \ net/ipv4/netfilter/nf_conntrack_ipv4.ko \ net/ipv6/netfilter/nf_conntrack_ipv6.ko (builtin)|| sctp | ipv4 | ipv6 | nf_conntrack ---------++--------+--------+--------+-------------- none || 498243 | 828755 | 828676 | 6141434 SCTP || - | 829254 | 829175 | 6547872 Signed-off-by: Davide Caratti Signed-off-by: Pablo Neira Ayuso include/net/netfilter/ipv4/nf_conntrack_ipv4.h | 3 + include/net/netfilter/ipv6/nf_conntrack_ipv6.h | 3 + include/net/netns/conntrack.h | 13 +++++ net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | 3 + net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c | 3 + net/netfilter/Kconfig | 7 +-- net/netfilter/Makefile | 2 +- net/netfilter/nf_conntrack_proto_sctp.c | 76 +++----------------------- 8 files changed, 38 insertions(+), 72 deletions(-) commit c51d39010a1bccc9c1294e2d7c00005aefeb2b5c Author: Davide Caratti Date: Tue Nov 15 15:08:25 2016 +0100 netfilter: conntrack: built-in support for DCCP CONFIG_NF_CT_PROTO_DCCP is no more a tristate. When set to y, connection tracking support for DCCP protocol is built-in into nf_conntrack.ko. footprint test: $ ls -l net/netfilter/nf_conntrack{_proto_dccp,}.ko \ net/ipv4/netfilter/nf_conntrack_ipv4.ko \ net/ipv6/netfilter/nf_conntrack_ipv6.ko (builtin)|| dccp | ipv4 | ipv6 | nf_conntrack ---------++--------+--------+--------+-------------- none || 469140 | 828755 | 828676 | 6141434 DCCP || - | 830566 | 829935 | 6533526 Signed-off-by: Davide Caratti Signed-off-by: Pablo Neira Ayuso include/linux/netfilter/nf_conntrack_dccp.h | 2 +- include/net/netfilter/ipv4/nf_conntrack_ipv4.h | 3 + include/net/netfilter/ipv6/nf_conntrack_ipv6.h | 3 + include/net/netns/conntrack.h | 14 +++++ net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | 3 + net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c | 3 + net/netfilter/Kconfig | 6 +- net/netfilter/Makefile | 3 +- net/netfilter/nf_conntrack_proto_dccp.c | 79 ++++---------------------- 9 files changed, 41 insertions(+), 75 deletions(-) commit 3fefeb88d002850e591339fed291eb6a795d9f21 Author: Davide Caratti Date: Tue Nov 15 15:08:24 2016 +0100 netfilter: nf_conntrack_tuple_common.h: fix #include To allow usage of enum ip_conntrack_dir in include/net/netns/conntrack.h, this patch encloses #include in a #ifndef __KERNEL__ directive, so that compiler errors caused by unwanted inclusion of include/linux/netfilter.h are avoided. In addition, #include line has been added to resolve correctly CTINFO2DIR macro. Signed-off-by: Davide Caratti Acked-by: Mikko Rapeli Signed-off-by: Pablo Neira Ayuso include/uapi/linux/netfilter/nf_conntrack_tuple_common.h | 3 +++ 1 file changed, 3 insertions(+) commit f6b3ef5e380d5eba61e4e91a3c26ed7fd2b67347 Merge: a764708 8d8e20e Author: Pablo Neira Ayuso Date: Sun Dec 4 20:46:16 2016 +0100 Merge tag 'ipvs-for-v4.10' of https://git.kernel.org/pub/scm/linux/kernel/git/horms/ipvs-next Simon Horman says: ==================== IPVS Updates for v4.10 please consider these enhancements to the IPVS for v4.10. * Decrement the IP ttl in all the modes in order to prevent infinite route loops. Thanks to Dwip Banerjee. * Use IS_ERR_OR_NULL macro. Clean-up from Gao Feng. ==================== Signed-off-by: Pablo Neira Ayuso commit a7647080d3657ac35f084d603e294d7624989793 Author: Liping Zhang Date: Mon Nov 14 22:41:08 2016 +0800 netfilter: nfnetlink_log: add "nf-logger-5-1" module alias name So we can autoload nfnetlink_log.ko when the user adding nft log group X rule in netdev family. Signed-off-by: Liping Zhang Signed-off-by: Pablo Neira Ayuso net/netfilter/nfnetlink_log.c | 1 + 1 file changed, 1 insertion(+) commit 673ab46f345557e9d741e97ca0301280360d1af1 Author: Liping Zhang Date: Mon Nov 14 22:39:25 2016 +0800 netfilter: nf_log: do not assume ethernet header in netdev family In netdev family, we will handle non ethernet packets, so using eth_hdr(skb)->h_proto is incorrect. Meanwhile, we can use socket(AF_PACKET...) to sending packets, so skb->protocol is not always set in bridge family. Add an extra parameter into nf_log_l2packet to solve this issue. Fixes: 1fddf4bad0ac ("netfilter: nf_log: add packet logging for netdev family") Signed-off-by: Liping Zhang Signed-off-by: Pablo Neira Ayuso include/net/netfilter/nf_log.h | 4 +++- net/bridge/netfilter/nf_log_bridge.c | 3 ++- net/netfilter/nf_log_common.c | 3 ++- net/netfilter/nf_log_netdev.c | 3 ++- 4 files changed, 9 insertions(+), 4 deletions(-) commit b8ad652f9779976d0300ae199961e413859d5378 Author: Davide Caratti Date: Thu Oct 20 18:33:03 2016 +0200 netfilter: built-in NAT support for UDPlite CONFIG_NF_NAT_PROTO_UDPLITE is no more a tristate. When set to y, NAT support for UDPlite protocol is built-in into nf_nat.ko. footprint test: (nf_nat_proto_) |udplite || nf_nat --------------------------+--------++-------- no builtin | 408048 || 2241312 UDPLITE builtin | - || 2577256 Signed-off-by: Davide Caratti Signed-off-by: Pablo Neira Ayuso include/net/netfilter/nf_nat_l4proto.h | 3 +++ net/netfilter/Kconfig | 2 +- net/netfilter/Makefile | 5 ++--- net/netfilter/nf_nat_core.c | 4 ++++ net/netfilter/nf_nat_proto_udplite.c | 35 +--------------------------------- 5 files changed, 11 insertions(+), 38 deletions(-) commit 7a2dd28c703408ef27d6fe6a4fcd7c58968ce3bf Author: Davide Caratti Date: Thu Oct 20 18:33:02 2016 +0200 netfilter: built-in NAT support for SCTP CONFIG_NF_NAT_PROTO_SCTP is no more a tristate. When set to y, NAT support for SCTP protocol is built-in into nf_nat.ko. footprint test: (nf_nat_proto_) | sctp || nf_nat --------------------------+--------++-------- no builtin | 428344 || 2241312 SCTP builtin | - || 2597032 Signed-off-by: Davide Caratti Signed-off-by: Pablo Neira Ayuso include/net/netfilter/nf_nat_l4proto.h | 3 +++ net/netfilter/Kconfig | 2 +- net/netfilter/Makefile | 2 +- net/netfilter/nf_nat_core.c | 4 ++++ net/netfilter/nf_nat_proto_sctp.c | 35 +--------------------------------- 5 files changed, 10 insertions(+), 36 deletions(-) commit 0c4e966eafff8253bec545d8c27b9efa231c1f62 Author: Davide Caratti Date: Thu Oct 20 18:33:01 2016 +0200 netfilter: built-in NAT support for DCCP CONFIG_NF_NAT_PROTO_DCCP is no more a tristate. When set to y, NAT support for DCCP protocol is built-in into nf_nat.ko. footprint test: (nf_nat_proto_) | dccp || nf_nat --------------------------+--------++-------- no builtin | 409800 || 2241312 DCCP builtin | - || 2578968 Signed-off-by: Davide Caratti Signed-off-by: Pablo Neira Ayuso include/net/netfilter/nf_nat_l4proto.h | 3 +++ net/netfilter/Kconfig | 2 +- net/netfilter/Makefile | 3 ++- net/netfilter/nf_nat_core.c | 4 ++++ net/netfilter/nf_nat_proto_dccp.c | 36 +--------------------------------- 5 files changed, 11 insertions(+), 37 deletions(-) commit cd7275146885e7bc532ee2e0186dfd2b5c0b745f Author: Arturo Borrero Gonzalez Date: Tue Oct 18 14:02:29 2016 +0200 netfilter: update Arturo Borrero Gonzalez email address The email address has changed, let's update the copyright statements. Signed-off-by: Arturo Borrero Gonzalez Signed-off-by: Pablo Neira Ayuso net/ipv4/netfilter/nft_masq_ipv4.c | 4 ++-- net/ipv4/netfilter/nft_redir_ipv4.c | 4 ++-- net/ipv6/netfilter/nft_masq_ipv6.c | 4 ++-- net/ipv6/netfilter/nft_redir_ipv6.c | 4 ++-- net/netfilter/nft_masq.c | 4 ++-- net/netfilter/nft_redir.c | 4 ++-- 6 files changed, 12 insertions(+), 12 deletions(-) commit b44fe760433a58f2284d2a544afd91dd685ac677 Author: Fabian Frederick Date: Sun Dec 4 10:54:08 2016 -0800 libnvdimm, namespace: use octal for permissions According to commit f90774e1fd27 ("checkpatch: look for symbolic permissions and suggest octal instead") Signed-off-by: Fabian Frederick Signed-off-by: Dan Williams drivers/nvdimm/namespace_devs.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 0a3f27b9a6a8f76f1df270e1a18b096f8f5d5dbc Author: Fabian Frederick Date: Sun Dec 4 10:48:58 2016 -0800 libnvdimm, namespace: avoid multiple sector calculations Use sector_t for cleared Suggested-by: Dan Williams Signed-off-by: Fabian Frederick Signed-off-by: Dan Williams drivers/nvdimm/pmem.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) commit d37806dc37b42b05515849b0444f09f493cb4cba Author: Fabian Frederick Date: Sun Dec 4 10:45:13 2016 -0800 libnvdimm: remove else after return in nsio_rw_bytes() else after return is not needed. Signed-off-by: Fabian Frederick [djbw: removed some now unnecessary newlines] Signed-off-by: Dan Williams drivers/nvdimm/claim.c | 35 ++++++++++++++++------------------- 1 file changed, 16 insertions(+), 19 deletions(-) commit 0de2788447b67891a31a156c0206fd159e4a8981 Author: Pan Bian Date: Sun Dec 4 14:07:18 2016 +0800 EDAC, amd64: Fix improper return value When the call to zalloc_cpumask_var() fails, returning "false" seems improper. The real value of macro "false" is 0, and 0 means no error. Return -ENOMEM instead. Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=189071 Signed-off-by: Pan Bian Cc: linux-edac Link: http://lkml.kernel.org/r/1480831638-5361-1-git-send-email-bianpan201604@163.com Signed-off-by: Borislav Petkov drivers/edac/amd64_edac.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit adc176c5472214971d77c1a61c83db9b01e9cdc7 Author: Erik Nordmark Date: Fri Dec 2 14:00:08 2016 -0800 ipv6 addrconf: Implemented enhanced DAD (RFC7527) Implemented RFC7527 Enhanced DAD. IPv6 duplicate address detection can fail if there is some temporary loopback of Ethernet frames. RFC7527 solves this by including a random nonce in the NS messages used for DAD, and if an NS is received with the same nonce it is assumed to be a looped back DAD probe and is ignored. RFC7527 is enabled by default. Can be disabled by setting both of conf/{all,interface}/enhanced_dad to zero. Signed-off-by: Erik Nordmark Signed-off-by: Bob Gilligan Reviewed-by: Hannes Frederic Sowa Signed-off-by: David S. Miller Documentation/networking/ip-sysctl.txt | 9 +++++++++ include/linux/ipv6.h | 1 + include/net/if_inet6.h | 1 + include/net/ndisc.h | 5 ++++- include/uapi/linux/ipv6.h | 1 + net/ipv6/addrconf.c | 22 +++++++++++++++++++++- net/ipv6/ndisc.c | 29 ++++++++++++++++++++++++++--- net/ipv6/route.c | 2 +- 8 files changed, 64 insertions(+), 6 deletions(-) commit ce84c7c6637af66d6e6e11a54b2367fc8f1d7074 Merge: 7a6c5cb 3ce0e65 Author: David S. Miller Date: Sat Dec 3 23:18:39 2016 -0500 Merge branch 'mv88e6390-batch-three' Andrew Lunn says: ==================== mv88e6390 batch 3 More patches to support the MV88e6390. This is mostly refactoring existing code and adding implementations for the mv88e6390. This patchset set which reserved frames are sent to the cpu, the size of jumbo frames that will be accepted, turn off egress rate limiting, and configuration of pause frames. ==================== Signed-off-by: David S. Miller commit 3ce0e65eb6059d3d4e56bbb17aee34f2740844be Author: Andrew Lunn Date: Sat Dec 3 04:45:20 2016 +0100 net: dsa: mv88e6xxx: Implement mv88e6390 pause control The mv88e6390 has a number flow control registers accessed via the Flow Control register. Use these to set the pause control. Signed-off-by: Andrew Lunn Signed-off-by: David S. Miller drivers/net/dsa/mv88e6xxx/chip.c | 7 +++++++ drivers/net/dsa/mv88e6xxx/mv88e6xxx.h | 2 ++ drivers/net/dsa/mv88e6xxx/port.c | 13 +++++++++++++ drivers/net/dsa/mv88e6xxx/port.h | 1 + 4 files changed, 23 insertions(+) commit b35d322a1d9330597754d5e8d5f76932fad79c1a Author: Andrew Lunn Date: Sat Dec 3 04:45:19 2016 +0100 net: dsa: mv88e6xxx: Refactor pause configuration The mv88e6390 has a different mechanism for configuring pause. Refactor the code into an ops function, and for the moment, don't add any mv88e6390 code yet. Signed-off-by: Andrew Lunn Signed-off-by: David S. Miller drivers/net/dsa/mv88e6xxx/chip.c | 28 ++++++++++++++++++++-------- drivers/net/dsa/mv88e6xxx/mv88e6xxx.h | 1 + drivers/net/dsa/mv88e6xxx/port.c | 11 +++++++++++ drivers/net/dsa/mv88e6xxx/port.h | 1 + 4 files changed, 33 insertions(+), 8 deletions(-) commit ef70b1119ee8e788f7f4ac22fe1f016363d7921f Author: Andrew Lunn Date: Sat Dec 3 04:45:18 2016 +0100 net: dsa: mv88e6xxx: Refactor egress rate limiting There are two different rate limiting configurations, depending on the switch generation. Refactor this into ops. Signed-off-by: Andrew Lunn Signed-off-by: David S. Miller drivers/net/dsa/mv88e6xxx/chip.c | 31 +++++++++++++++++++------------ drivers/net/dsa/mv88e6xxx/mv88e6xxx.h | 2 ++ drivers/net/dsa/mv88e6xxx/port.c | 12 ++++++++++++ drivers/net/dsa/mv88e6xxx/port.h | 2 ++ 4 files changed, 35 insertions(+), 12 deletions(-) commit 5f4366660d65aca15e5887bd04c9c0140a658e40 Author: Andrew Lunn Date: Sat Dec 3 04:45:17 2016 +0100 net: dsa: mv88e6xxx: Refactor setting of jumbo frames Some switches support jumbo frames. Refactor this code into operations in the ops structure. Signed-off-by: Andrew Lunn Signed-off-by: David S. Miller drivers/net/dsa/mv88e6xxx/chip.c | 26 ++++++++++++++++++++++---- drivers/net/dsa/mv88e6xxx/mv88e6xxx.h | 1 + drivers/net/dsa/mv88e6xxx/port.c | 14 ++++++++++++++ drivers/net/dsa/mv88e6xxx/port.h | 2 +- 4 files changed, 38 insertions(+), 5 deletions(-) commit 6e55f69846f0b11dd59a5d9ade44f4cc40eaa0ec Author: Andrew Lunn Date: Sat Dec 3 04:45:16 2016 +0100 net: dsa: mv88e6xxx: Reserved Management frames to CPU Older devices have a couple of registers in global2. The mv88e6390 family has a single register in global1 behind which hides similar configuration. Implement and op for this. Signed-off-by: Andrew Lunn Signed-off-by: David S. Miller drivers/net/dsa/mv88e6xxx/chip.c | 35 ++++++++++++++++++++++++++++ drivers/net/dsa/mv88e6xxx/global1.c | 27 ++++++++++++++++++++++ drivers/net/dsa/mv88e6xxx/global1.h | 1 + drivers/net/dsa/mv88e6xxx/global2.c | 43 ++++++++++++++++++++--------------- drivers/net/dsa/mv88e6xxx/global2.h | 6 +++++ drivers/net/dsa/mv88e6xxx/mv88e6xxx.h | 3 +++ 6 files changed, 97 insertions(+), 18 deletions(-) commit 7a6c5cb960d4bb0207adc8eb0c79193bf98ef463 Merge: 6924871 56995cb Author: David S. Miller Date: Sat Dec 3 23:15:01 2016 -0500 Merge branch 'mv88e6390-batch-two' Andrew Lunn says: ==================== MV88E6390 batch two This is the second batch of patches adding support for the MV88e6390. They are not sufficient to make it work properly. The mv88e6390 has a much expanded set of priority maps. Refactor the existing code, and implement basic support for the new device. Similarly, the monitor control register has been reworked. The mv88e6390 has something odd in its EDSA tagging implementation, which means it is not possible to use it. So we need to use DSA tagging. This is the first device with EDSA support where we need to use DSA, and the code does not support this. So two patches refactor the existing code. The two different register definitions are separated out, and using DSA on an EDSA capable device is added. v2: Add port prefix Add helper function for 6390 Add _IEEE_ into #defines Split monitor_ctrl into a number of separate ops. Remove 6390 code which is management, used in a later patch s/EGREES/EGRESS/. Broke up setup_port_dsa() and set_port_dsa() into a number of ops v3: Verify mandatory ops for port setup Don't set ether type for DSA port. ==================== Signed-off-by: David S. Miller commit 56995cbc3540797142ebdcd25b55c74bd362c450 Author: Andrew Lunn Date: Sat Dec 3 04:35:19 2016 +0100 net: dsa: mv88e6xxx: Refactor CPU and DSA port setup Older chips only support DSA tagging. Newer chips have both DSA and EDSA tagging. Refactor the code by adding port functions for setting the frame mode, egress mode, and if to forward unknown frames. This results in the helper mv88e6xxx_6065_family() becoming unused, so remove it. Signed-off-by: Andrew Lunn v3: Verify mandatory ops for port setup Don't set ether type for DSA port. Signed-off-by: David S. Miller drivers/net/dsa/mv88e6xxx/chip.c | 217 ++++++++++++++++++++++++++-------- drivers/net/dsa/mv88e6xxx/mv88e6xxx.h | 20 ++++ drivers/net/dsa/mv88e6xxx/port.c | 118 ++++++++++++++++++ drivers/net/dsa/mv88e6xxx/port.h | 13 ++ 4 files changed, 319 insertions(+), 49 deletions(-) commit 443d5a1b7d2a8727a7e7d7836a784a5decd34dc0 Author: Andrew Lunn Date: Sat Dec 3 04:35:18 2016 +0100 net: dsa: mv88e6xxx: Move the tagging protocol into info Older chips support a single tagging protocol, DSA. New chips support both DSA and EDSA, an enhanced version. Having both as an option changes the register layouts. Up until now, it has been assumed that if EDSA is supported, it will be used. Hence the register layout has been determined by which protocol should be used. However, mv88e6390 has a different implementation of EDSA, which requires we need to use the DSA tagging. Hence separate the selection of the protocol from the register layout. Signed-off-by: Andrew Lunn Reviewed-by: Vivien Didelot Signed-off-by: David S. Miller drivers/net/dsa/mv88e6xxx/chip.c | 33 +++++++++++++++++++++++++++------ drivers/net/dsa/mv88e6xxx/mv88e6xxx.h | 17 ++++------------- 2 files changed, 31 insertions(+), 19 deletions(-) commit 33641994a676f43f59d5fe02916c3965983522c2 Author: Andrew Lunn Date: Sat Dec 3 04:35:17 2016 +0100 net: dsa: mv88e6xxx: Monitor and Management tables The mv88e6390 changes the monitor control register into the Monitor and Management control, which is an indirection register to various registers. Add ops to set the CPU port and the ingress/egress port for both register layouts, to global1 Signed-off-by: Andrew Lunn Signed-off-by: David S. Miller drivers/net/dsa/mv88e6xxx/chip.c | 68 +++++++++++++++++++++++++++++----- drivers/net/dsa/mv88e6xxx/global1.c | 69 +++++++++++++++++++++++++++++++++++ drivers/net/dsa/mv88e6xxx/global1.h | 4 ++ drivers/net/dsa/mv88e6xxx/mv88e6xxx.h | 13 +++++++ 4 files changed, 145 insertions(+), 9 deletions(-) commit ef0a731882a2bf120511072a08d973f65d00d979 Author: Andrew Lunn Date: Sat Dec 3 04:35:16 2016 +0100 net: dsa: mv88e6xxx: Implement mv88e6390 tag remap The mv88e6390 does not have the two registers to set the frame priority map. Instead it has an indirection registers for setting a number of different priority maps. Refactor the old code into an function, implement the mv88e6390 version, and use an op to call the right one. Signed-off-by: Andrew Lunn Reviewed-by: Vivien Didelot Signed-off-by: David S. Miller drivers/net/dsa/mv88e6xxx/chip.c | 37 ++++++++++++-------- drivers/net/dsa/mv88e6xxx/mv88e6xxx.h | 12 +++++++ drivers/net/dsa/mv88e6xxx/port.c | 63 +++++++++++++++++++++++++++++++++++ drivers/net/dsa/mv88e6xxx/port.h | 2 ++ 4 files changed, 101 insertions(+), 13 deletions(-) commit 1c4344a50d702307185cb98fb67bff938cd66aa0 Author: Ian Kent Date: Mon Nov 28 10:12:14 2016 +0800 autofs - dont hold spin lock over direct mount expire Commit 7cbdb4a286 altered the autofs indirect mount expire to not hold a spin lock during the expire check. The direct mount expire needs the same treatment because to make autofs expires namespace aware may_umount_tree() needs to to use a similar method to may_umount() when checking if a mount tree is in use. This means may_umount_tree() will end up taking the namespace_sem for the check so the autofs direct mount expire won't be allowed to hold a spin lock over the check. Signed-off-by: Ian Kent Cc: Al Viro Cc: Eric W. Biederman Cc: Omar Sandoval Signed-off-by: Al Viro fs/autofs4/expire.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) commit 455e8f1030de82b68ee4e82f71516f3692f5e626 Author: Ian Kent Date: Mon Nov 28 10:11:59 2016 +0800 autofs - constify misc struct path instances Signed-off-by: Ian Kent Cc: Al Viro Cc: Eric W. Biederman Cc: Omar Sandoval Signed-off-by: Al Viro fs/autofs4/expire.c | 2 +- fs/autofs4/root.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) commit f74e7b33c37e5a7bae33bb73858c2766cb256626 Author: Ian Kent Date: Thu Nov 24 08:03:42 2016 +1100 vfs: remove unused have_submounts() function Now that path_has_submounts() has been added have_submounts() is no longer used so remove it. Link: http://lkml.kernel.org/r/20161011053428.27645.12310.stgit@pluto.themaw.net Signed-off-by: Ian Kent Cc: Al Viro Cc: Eric W. Biederman Cc: Omar Sandoval Signed-off-by: Andrew Morton Signed-off-by: Al Viro fs/dcache.c | 33 --------------------------------- include/linux/dcache.h | 1 - 2 files changed, 34 deletions(-) commit 60359741473438f66fef7297d1fa2435640dbe79 Author: Ian Kent Date: Thu Nov 24 08:03:42 2016 +1100 autofs: use path_has_submounts() to fix unreliable have_submount() checks If an automount mount is clone(2)ed into a file system that is propagation private, when it later expires in the originating namespace, subsequent calls to autofs ->d_automount() for that dentry in the original namespace will return ELOOP until the mount is umounted in the cloned namespace. Now that a struct path is available where needed use path_has_submounts() instead of have_submounts() so we don't get false positives when checking if a dentry is a mount point or contains mounts in the current namespace. Link: http://lkml.kernel.org/r/20161011053423.27645.91233.stgit@pluto.themaw.net Signed-off-by: Ian Kent Cc: Al Viro Cc: Eric W. Biederman Cc: Omar Sandoval Signed-off-by: Andrew Morton Signed-off-by: Al Viro fs/autofs4/dev-ioctl.c | 2 +- fs/autofs4/root.c | 14 +++++++------- fs/autofs4/waitq.c | 10 +++++++--- 3 files changed, 15 insertions(+), 11 deletions(-) commit cfaf86ab6ccdf0acf47ebe474a4a844114bc0e10 Author: Ian Kent Date: Thu Nov 24 08:03:42 2016 +1100 autofs: use path_is_mountpoint() to fix unreliable d_mountpoint() checks If an automount mount is clone(2)ed into a file system that is propagation private, when it later expires in the originating namespace, subsequent calls to autofs ->d_automount() for that dentry in the original namespace will return ELOOP until the mount is umounted in the cloned namespace. Now that a struct path is available where needed use path_is_mountpoint() instead of d_mountpoint() so we don't get false positives when checking if a dentry is a mount point in the current namespace. Link: http://lkml.kernel.org/r/20161011053418.27645.15241.stgit@pluto.themaw.net Signed-off-by: Ian Kent Cc: Al Viro Cc: Eric W. Biederman Cc: Omar Sandoval Signed-off-by: Andrew Morton Signed-off-by: Al Viro fs/autofs4/root.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) commit dd36a882e7ade2c642f8711426ad8e4b7009aaae Author: Ian Kent Date: Thu Nov 24 08:03:42 2016 +1100 autofs: change autofs4_wait() to take struct path In order to use the functions path_is_mountpoint() and path_has_submounts() autofs needs to pass a struct path in several places. Now change autofs4_wait() to take a struct path instead of a struct dentry. Link: http://lkml.kernel.org/r/20161011053413.27645.84666.stgit@pluto.themaw.net Signed-off-by: Ian Kent Cc: Al Viro Cc: Eric W. Biederman Cc: Omar Sandoval Signed-off-by: Andrew Morton Signed-off-by: Al Viro fs/autofs4/autofs_i.h | 3 ++- fs/autofs4/expire.c | 5 +++-- fs/autofs4/root.c | 16 ++++++++-------- fs/autofs4/waitq.c | 3 ++- 4 files changed, 15 insertions(+), 12 deletions(-) commit 74f504cff50b918f8ec2762b1513ae755da56a95 Author: Ian Kent Date: Thu Nov 24 08:03:41 2016 +1100 autofs: change autofs4_expire_wait()/do_expire_wait() to take struct path In order to use the functions path_is_mountpoint() and path_has_submounts() autofs needs to pass a struct path in several places. Start by changing autofs4_expire_wait() and do_expire_wait() to take a struct path instead of a struct dentry. Link: http://lkml.kernel.org/r/20161011053408.27645.40091.stgit@pluto.themaw.net Signed-off-by: Ian Kent Cc: Al Viro Cc: Eric W. Biederman Cc: Omar Sandoval Signed-off-by: Andrew Morton Signed-off-by: Al Viro fs/autofs4/autofs_i.h | 2 +- fs/autofs4/dev-ioctl.c | 2 +- fs/autofs4/expire.c | 3 ++- fs/autofs4/root.c | 12 +++++++----- 4 files changed, 11 insertions(+), 8 deletions(-) commit 01619491a5f0766014fe863c5ae480665436e7a2 Author: Ian Kent Date: Thu Nov 24 08:03:41 2016 +1100 vfs: add path_has_submounts() d_mountpoint() can only be used reliably to establish if a dentry is not mounted in any namespace. It isn't aware of the possibility there may be multiple mounts using the given dentry, possibly in a different namespace. Add function, path_has_submounts(), that checks is a struct path contains mounts (or is a mountpoint itself) to handle this case. Link: http://lkml.kernel.org/r/20161011053403.27645.55242.stgit@pluto.themaw.net Signed-off-by: Ian Kent Cc: Al Viro Cc: Eric W. Biederman Cc: Omar Sandoval Signed-off-by: Andrew Morton Signed-off-by: Al Viro fs/dcache.c | 39 +++++++++++++++++++++++++++++++++++++++ include/linux/dcache.h | 1 + 2 files changed, 40 insertions(+) commit c6609c0a1c34fc097152b28b496236625673924f Author: Ian Kent Date: Thu Nov 24 08:03:41 2016 +1100 vfs: add path_is_mountpoint() helper d_mountpoint() can only be used reliably to establish if a dentry is not mounted in any namespace. It isn't aware of the possibility there may be multiple mounts using a given dentry that may be in a different namespace. Add helper functions, path_is_mountpoint(), that checks if a struct path is a mountpoint for this case. Link: http://lkml.kernel.org/r/20161011053358.27645.9729.stgit@pluto.themaw.net Signed-off-by: Ian Kent Cc: Al Viro Cc: Eric W. Biederman Cc: Omar Sandoval Signed-off-by: Andrew Morton Signed-off-by: Al Viro fs/mount.h | 6 ++++++ fs/namespace.c | 29 +++++++++++++++++++++++++++++ include/linux/mount.h | 2 ++ 3 files changed, 37 insertions(+) commit 69248719d0c27ba7cb734d4e716896369daca98d Merge: 548ed72 c3852ef Author: David S. Miller Date: Sat Dec 3 19:29:37 2016 -0500 Merge branch 'fib-notifier-event-replay' Jiri Pirko says: ==================== ipv4: fib: Replay events when registering FIB notifier Ido says: In kernel 4.9 the switchdev-specific FIB offload mechanism was replaced by a new FIB notification chain to which modules could register in order to be notified about the addition and deletion of FIB entries. The motivation for this change was that switchdev drivers need to be able to reflect the entire FIB table and not only FIBs configured on top of the port netdevs themselves. This is useful in case of in-band management. The fundamental problem with this approach is that upon registration listeners lose all the information previously sent in the chain and thus have an incomplete view of the FIB tables, which can result in packet loss. This patchset fixes that by dumping the FIB tables and replaying notifications previously sent in the chain for the registered notification block. The entire dump process is done under RCU and thus the FIB notification chain is converted to be atomic. The listeners are modified accordingly. This is done in the first eight patches. The ninth patch adds a change sequence counter to ensure the integrity of the FIB dump. The last patch adds the dump itself to the FIB chain registration function and modifies existing listeners to pass a callback to be executed in case dump was inconsistent. --- v3->v4: - Register the notification block after the dump and protect it using the change sequence counter (Hannes Frederic Sowa). - Since we now integrate the dump into the registration function, drop the sysctl to set maximum number of retries and instead set it to a fixed number. Lets see if it's really a problem before adding something we can never remove. - For the same reason, dump FIB tables for all net namespaces. - Add a comment regarding guarantees provided by mutex semantics. v2->v3: - Add sysctl to set the number of FIB dump retries (Hannes Frederic Sowa). - Read the sequence counter under RTNL to ensure synchronization between the dump process and other processes changing the routing tables (Hannes Frederic Sowa). - Pass a callback to the dump function to be executed prior to a retry. - Limit the dump to a single net namespace. v1->v2: - Add a sequence counter to ensure the integrity of the FIB dump (David S. Miller, Hannes Frederic Sowa). - Protect notifications from re-ordering in listeners by using an ordered workqueue (Hannes Frederic Sowa). - Introduce fib_info_hold() (Jiri Pirko). - Relieve rocker from the need to invoke the FIB dump by registering to the FIB notification chain prior to ports creation. ==================== Signed-off-by: David S. Miller commit c3852ef7f2f8f75a9f85a864bec1f6f5a3068eea Author: Ido Schimmel Date: Sat Dec 3 16:45:07 2016 +0100 ipv4: fib: Replay events when registering FIB notifier Commit b90eb7549499 ("fib: introduce FIB notification infrastructure") introduced a new notification chain to notify listeners (f.e., switchdev drivers) about addition and deletion of routes. However, upon registration to the chain the FIB tables can already be populated, which means potential listeners will have an incomplete view of the tables. Solve that by dumping the FIB tables and replaying the events to the passed notification block. The dump itself is done using RCU in order not to starve consumers that need RTNL to make progress. The integrity of the dump is ensured by reading the FIB change sequence counter before and after the dump under RTNL. This allows us to avoid the problematic situation in which the dumping process sends a ENTRY_ADD notification following ENTRY_DEL generated by another process holding RTNL. Callers of the registration function may pass a callback that is executed in case the dump was inconsistent with current FIB tables. The number of retries until a consistent dump is achieved is set to a fixed number to prevent callers from looping for long periods of time. In case current limit proves to be problematic in the future, it can be easily converted to be configurable using a sysctl. Signed-off-by: Ido Schimmel Signed-off-by: Jiri Pirko Signed-off-by: David S. Miller .../net/ethernet/mellanox/mlxsw/spectrum_router.c | 20 ++- drivers/net/ethernet/rocker/rocker_main.c | 8 +- include/net/ip_fib.h | 3 +- net/ipv4/fib_trie.c | 148 ++++++++++++++++++++- 4 files changed, 174 insertions(+), 5 deletions(-) commit cacaad11f43aefbbe5fca00af3b9c16e6aee1ba4 Author: Ido Schimmel Date: Sat Dec 3 16:45:06 2016 +0100 ipv4: fib: Allow for consistent FIB dumping The next patch will enable listeners of the FIB notification chain to request a dump of the FIB tables. However, since RTNL isn't taken during the dump, it's possible for the FIB tables to change mid-dump, which will result in inconsistency between the listener's table and the kernel's. Allow listeners to know about changes that occurred mid-dump, by adding a change sequence counter to each net namespace. The counter is incremented just before a notification is sent in the FIB chain. Signed-off-by: Ido Schimmel Signed-off-by: Jiri Pirko Signed-off-by: David S. Miller include/net/netns/ipv4.h | 3 +++ net/ipv4/fib_frontend.c | 2 ++ net/ipv4/fib_trie.c | 1 + 3 files changed, 6 insertions(+) commit d3f706f68e2fd93f1172fe7fd6f16ba70cc52b31 Author: Ido Schimmel Date: Sat Dec 3 16:45:05 2016 +0100 ipv4: fib: Convert FIB notification chain to be atomic In order not to hold RTNL for long periods of time we're going to dump the FIB tables using RCU. Convert the FIB notification chain to be atomic, as we can't block in RCU critical sections. Signed-off-by: Ido Schimmel Signed-off-by: Jiri Pirko Signed-off-by: David S. Miller net/ipv4/fib_trie.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 17f8be7dafce4e4b92fbe7bfec605944df290546 Author: Ido Schimmel Date: Sat Dec 3 16:45:04 2016 +0100 rocker: Register FIB notifier before creating ports We can miss FIB notifications sent between the time the ports were created and the FIB notification block registered. Instead of receiving these notifications only when they are replayed for the FIB notification block during registration, just register the notification block before the ports are created. Signed-off-by: Ido Schimmel Signed-off-by: Jiri Pirko Signed-off-by: David S. Miller drivers/net/ethernet/rocker/rocker_main.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) commit db7019557cb48508f3ff9d6b40c2e967702897a6 Author: Ido Schimmel Date: Sat Dec 3 16:45:03 2016 +0100 rocker: Implement FIB offload in deferred work Convert rocker to offload FIBs in deferred work in a similar fashion to mlxsw, which was converted in the previous commits. Signed-off-by: Ido Schimmel Signed-off-by: Jiri Pirko Signed-off-by: David S. Miller drivers/net/ethernet/rocker/rocker_main.c | 58 +++++++++++++++++++++++++----- drivers/net/ethernet/rocker/rocker_ofdpa.c | 1 + 2 files changed, 51 insertions(+), 8 deletions(-) commit c1bb279cfa9d079bdee35402f5d13210f25f5c80 Author: Ido Schimmel Date: Sat Dec 3 16:45:02 2016 +0100 rocker: Create an ordered workqueue for FIB offload As explained in the previous commits, we need to process FIB entries addition / deletion events in FIFO order or otherwise we can have a mismatch between the kernel's FIB table and the device's. Create an ordered workqueue for rocker to which these work items will be submitted to. Signed-off-by: Ido Schimmel Signed-off-by: Jiri Pirko Signed-off-by: David S. Miller drivers/net/ethernet/rocker/rocker.h | 1 + drivers/net/ethernet/rocker/rocker_main.c | 11 +++++++++++ 2 files changed, 12 insertions(+) commit 3057224e014c14921de5ab534d5147eb109fd12b Author: Ido Schimmel Date: Sat Dec 3 16:45:01 2016 +0100 mlxsw: spectrum_router: Implement FIB offload in deferred work FIB offload is currently done in process context with RTNL held, but we're about to dump the FIB tables in RCU critical section, so we can no longer sleep. Instead, defer the operation to process context using deferred work. Make sure fib info isn't freed while the work is queued by taking a reference on it and releasing it after the operation is done. Deferring the operation is valid because the upper layers always assume the operation was successful. If it's not, then the driver-specific abort mechanism is called and all routed traffic is directed to slow path. The work items are submitted to an ordered workqueue to prevent a mismatch between the kernel's FIB table and the device's. Signed-off-by: Ido Schimmel Signed-off-by: Jiri Pirko Signed-off-by: David S. Miller .../net/ethernet/mellanox/mlxsw/spectrum_router.c | 72 +++++++++++++++++++--- 1 file changed, 62 insertions(+), 10 deletions(-) commit a3832b31898f6936816257c020b1d4f1a07622f7 Author: Ido Schimmel Date: Sat Dec 3 16:45:00 2016 +0100 mlxsw: core: Create an ordered workqueue for FIB offload We're going to start processing FIB entries addition / deletion events in deferred work. These work items must be processed in the order they were submitted or otherwise we can have differences between the kernel's FIB table and the device's. Solve this by creating an ordered workqueue to which these work items will be submitted to. Note that we can't simply convert the current workqueue to be ordered, as EMADs re-transmissions are also processed in deferred work. Later on, we can migrate other work items to this workqueue, such as FDB notification processing and nexthop resolution, since they all take the same lock anyway. Signed-off-by: Ido Schimmel Signed-off-by: Jiri Pirko Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlxsw/core.c | 22 ++++++++++++++++++++++ drivers/net/ethernet/mellanox/mlxsw/core.h | 2 ++ 2 files changed, 24 insertions(+) commit 1c677b3d2828a84e0360e1a07d1204531540dc03 Author: Ido Schimmel Date: Sat Dec 3 16:44:59 2016 +0100 ipv4: fib: Add fib_info_hold() helper As explained in the previous commit, modules are going to need to take a reference on fib info and then drop it using fib_info_put(). Add the fib_info_hold() helper to make the code more readable and also symmetric with fib_info_put(). Signed-off-by: Ido Schimmel Suggested-by: Jiri Pirko Signed-off-by: Jiri Pirko Signed-off-by: David S. Miller include/net/ip_fib.h | 5 +++++ 1 file changed, 5 insertions(+) commit b423cb10807b3a24b909c40f4372df88118a9875 Author: Ido Schimmel Date: Sat Dec 3 16:44:58 2016 +0100 ipv4: fib: Export free_fib_info() The FIB notification chain is going to be converted to an atomic chain, which means switchdev drivers will have to offload FIB entries in deferred work, as hardware operations entail sleeping. However, while the work is queued fib info might be freed, so a reference must be taken. To release the reference (and potentially free the fib info) fib_info_put() will be called, which in turn calls free_fib_info(). Export free_fib_info() so that modules will be able to invoke fib_info_put(). Signed-off-by: Ido Schimmel Signed-off-by: Jiri Pirko Signed-off-by: David S. Miller net/ipv4/fib_semantics.c | 1 + 1 file changed, 1 insertion(+) commit 548ed722465b763841252bf74b7eda52cfc9131c Author: WANG Cong Date: Sat Dec 3 10:36:01 2016 -0800 act_mirred: fix a typo in get_dev Fixes: 255cb30425c0 ("net/sched: act_mirred: Add new tc_action_ops get_dev()") Cc: Hadar Hen Zion Cc: Jiri Pirko Signed-off-by: Cong Wang Acked-by: Eric Dumazet Signed-off-by: David S. Miller net/sched/act_mirred.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit db7e9f7c56d699e8ae039f8a812015f72d1d30a1 Merge: 2bb1487 23bb6dc Author: David S. Miller Date: Sat Dec 3 19:10:48 2016 -0500 Merge branch '40GbE' of git://git.kernel.org/pub/scm/linux/kernel/git/jkirsher/next-queue Jeff Kirsher says: ==================== 40GbE Intel Wired LAN Driver Updates 2016-12-02 This series contains updates to i40e and i40evf only. Alex provides changes so that we are much more robust about defining what we can and cannot offload in i40e and i40evf by doing additional checks other than L4 tunnel header length. Jake provides several fixes/changes, first cleaning up a label that is unnecessary, as well as cleaned up the use of a "magic number". Clarified the code by separating the global private flags and the regular private flags per interface into two arrays, so that future additions will not produce duplication and buggy code. Adds additional checks to protect against NULL values for msix_entries and q_vectors pointers. Michal adds Clause22 method for accessing registers for some external PHYs. Piotr adds additional protocol support for the admin queue discover capabilities function. Tushar Dave fixes a panic seen on SPARC, where writel() should not be used to write directly to a memory address but only to a memory mapped I/O address otherwise it causes data access exceptions. Joe Perches separates out a section of code into its own function, to help reduce i40evf_reset_task() a bit. Alan fixes an issue by checking for NULL before dereferencing msix_entries and returning early in the case where it is NULL within the i40evf_close() code path. Henry provides code cleanup to remove unreachable and redundant sections of code. Fixed up an issue where new NICs were not identifying "unknown PHYs" correctly. Harshitha fixes a issue where the ethtool "Supported Link" modes list backplane interfaces on X722 devices for 10 GbE with SFP+ and Cortina retimer, where these interfaces should not be visible to the user since they cannot use them. Carolyn changes an X722 informational message so that it only appears when extra messages are desired. ==================== Signed-off-by: David S. Miller commit 2bb148785ed75435eb39529d74e63b5e602ccd61 Author: Yuchung Cheng Date: Sat Dec 3 14:46:22 2016 -0800 tcp: fix the missing avr32 SOF_TIMESTAMPING_OPT_STATS The commit of SOF_TIMESTAMPING_OPT_STATS didn't include the new header for avr32, causing build to break. The patch fixes it. Fixes: 1c885808e456 ("tcp: SOF_TIMESTAMPING_OPT_STATS option for SO_TIMESTAMPING") Reported-by: Paul Gortmaker Signed-off-by: Yuchung Cheng Signed-off-by: David S. Miller arch/avr32/include/uapi/asm/socket.h | 2 ++ 1 file changed, 2 insertions(+) commit 011c88e36c26a08590b2ebe214ac854289f85f26 Author: Dan Carpenter Date: Sat Dec 3 16:46:58 2016 -0500 ext4: remove another test in ext4_alloc_file_blocks() Before commit c3fe493ccdb1 ('ext4: remove unneeded test in ext4_alloc_file_blocks()') then it was possible for "depth" to be -1 but now, it's not possible that it is negative. Signed-off-by: Dan Carpenter Signed-off-by: Theodore Ts'o Reviewed-by: Jan Kara fs/ext4/extents.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 9e645ab72e6f73873a00d042d0ecc9c148d5a6b6 Author: Fabian Frederick Date: Sat Dec 3 16:44:45 2016 -0500 Documentation: fix description of ext4's block_validity mount option Fix ext4 documentation according to commit 45f1a9c3f63d ("ext4: enable block_validity by default") Also fix some typos. [ Further documentation cleanups by tytso ] Signed-off-by: Fabian Frederick Signed-off-by: Theodore Ts'o Documentation/filesystems/ext4.txt | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) commit 5f16e80449b32e2534ec384a05771c7c572c41df Author: Vladimir Zapolskiy Date: Mon Nov 28 09:56:51 2016 +0200 dt-bindings: add MYIR Tech hardware vendor prefix MYIR Tech Limited offers a range of ARM powered development boards and SoMs, for details reference a list on http://elinux.org/Development_Platforms#ARM or company's website http://myirtech.com Signed-off-by: Vladimir Zapolskiy Signed-off-by: Rob Herring Documentation/devicetree/bindings/vendor-prefixes.txt | 1 + 1 file changed, 1 insertion(+) commit ab04df78181b271dca096a8050877469889e3c8c Author: Jan Kara Date: Sat Dec 3 16:20:53 2016 -0500 ext4: fix checks for data=ordered and journal_async_commit options Combination of data=ordered mode and journal_async_commit mount option is invalid. However the check in parse_options() fails to detect the case where we simply end up defaulting to data=ordered mode and we detect the problem only on remount which triggers hard to understand failure to remount the filesystem. Fix the checking of mount options to take into account also the default mode by moving the check somewhat later in the mount sequence. Reported-by: Wolfgang Walter Signed-off-by: Jan Kara Signed-off-by: Theodore Ts'o fs/ext4/super.c | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) commit 363dc73acacbbcdae98acf5612303e9770e04b1d Author: Paolo Abeni Date: Fri Dec 2 17:35:49 2016 +0100 udp: be less conservative with sock rmem accounting Before commit 850cbaddb52d ("udp: use it's own memory accounting schema"), the udp protocol allowed sk_rmem_alloc to grow beyond the rcvbuf by the whole current packet's truesize. After said commit we allow sk_rmem_alloc to exceed the rcvbuf only if the receive queue is empty. As reported by Jesper this cause a performance regression for some (small) values of rcvbuf. This commit is intended to fix the regression restoring the old handling of the rcvbuf limit. Reported-by: Jesper Dangaard Brouer Fixes: 850cbaddb52d ("udp: use it's own memory accounting schema") Signed-off-by: Paolo Abeni Signed-off-by: David S. Miller net/ipv4/udp.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 12efa1fa43968fcb707e806dc119df499c17ac2c Author: Eric Dumazet Date: Fri Dec 2 08:11:00 2016 -0800 net_sched: gen_estimator: account for timer drifts Under heavy stress, timer used in estimators tend to slowly be delayed by a few jiffies, leading to inaccuracies. Lets remember what was the last scheduled jiffies so that we get more precise estimations, without having to add a multiply/divide in the loop to account for the drifts. Signed-off-by: Eric Dumazet Signed-off-by: David S. Miller net/core/gen_estimator.c | 25 ++++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) commit e01b16a7e217a23eb97e08d0a591735d5aee5efc Author: Edward Cree Date: Fri Dec 2 15:51:33 2016 +0000 sfc: remove EFX_BUG_ON_PARANOID, use EFX_WARN_ON_[ONCE_]PARANOID instead Logically, EFX_BUG_ON_PARANOID can never be correct. For, BUG_ON should only be used if it is not possible to continue without potential harm; and since the non-DEBUG driver will continue regardless (as the BUG_ON is compiled out), clearly the BUG_ON cannot be needed in the DEBUG driver. So, replace every EFX_BUG_ON_PARANOID with either an EFX_WARN_ON_PARANOID or the newly defined EFX_WARN_ON_ONCE_PARANOID. Signed-off-by: Edward Cree Signed-off-by: David S. Miller drivers/net/ethernet/sfc/ef10.c | 2 +- drivers/net/ethernet/sfc/efx.c | 2 +- drivers/net/ethernet/sfc/ethtool.c | 4 ++-- drivers/net/ethernet/sfc/farch.c | 6 ++--- drivers/net/ethernet/sfc/mcdi.h | 4 ++-- drivers/net/ethernet/sfc/mcdi_mon.c | 4 ++-- drivers/net/ethernet/sfc/mcdi_port.c | 2 +- drivers/net/ethernet/sfc/net_driver.h | 22 +++++++++---------- drivers/net/ethernet/sfc/ptp.c | 2 +- drivers/net/ethernet/sfc/rx.c | 8 +++---- drivers/net/ethernet/sfc/siena.c | 2 +- drivers/net/ethernet/sfc/tx.c | 12 +++++----- drivers/net/ethernet/sfc/tx_tso.c | 41 +++++++++++++++++------------------ 13 files changed, 55 insertions(+), 56 deletions(-) commit 816fba3529040d253cef0047bdef850014e746b9 Merge: 69a9d09 9b474ec Author: David S. Miller Date: Sat Dec 3 16:08:01 2016 -0500 Merge branch 'samples-bpf-automated-cgroup-tests' Sargun Dhillon says: ==================== samples, bpf: Refactor; Add automated tests for cgroups These two patches are around refactoring out some old, reusable code from the existing test_current_task_under_cgroup_user test, and adding a new, automated test. There is some generic cgroupsv2 setup & cleanup code, given that most environment still don't have it setup by default. With this code, we're able to pretty easily add an automated test for future cgroupsv2 functionality. ==================== Signed-off-by: David S. Miller commit 9b474ecee5e154d88520306412b2de9d48c97dba Author: Sargun Dhillon Date: Fri Dec 2 02:42:32 2016 -0800 samples, bpf: Add automated test for cgroup filter attachments This patch adds the sample program test_cgrp2_attach2. This program is similar to test_cgrp2_attach, but it performs automated testing of the cgroupv2 BPF attached filters. It runs the following checks: * Simple filter attachment * Application of filters to child cgroups * Overriding filters on child cgroups * Checking that this still works when the parent filter is removed The filters that are used here are simply allow all / deny all filters, so it isn't checking the actual functionality of the filters, but rather the behaviour around detachment / attachment. If net_cls is enabled, this test will fail. Signed-off-by: Sargun Dhillon Acked-by: Alexei Starovoitov Signed-off-by: David S. Miller samples/bpf/Makefile | 2 + samples/bpf/test_cgrp2_attach2.c | 132 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 134 insertions(+) commit 1a922fee66c8a691bfec738b6a5694b2dbb2177d Author: Sargun Dhillon Date: Fri Dec 2 02:42:18 2016 -0800 samples, bpf: Refactor test_current_task_under_cgroup - separate out helpers This patch modifies test_current_task_under_cgroup_user. The test has several helpers around creating a temporary environment for cgroup testing, and moving the current task around cgroups. This set of helpers can then be used in other tests. Signed-off-by: Sargun Dhillon Acked-by: Alexei Starovoitov Signed-off-by: David S. Miller samples/bpf/Makefile | 2 +- samples/bpf/cgroup_helpers.c | 177 ++++++++++++++++++++++ samples/bpf/cgroup_helpers.h | 16 ++ samples/bpf/test_current_task_under_cgroup_user.c | 108 +++---------- 4 files changed, 218 insertions(+), 85 deletions(-) commit 69a9d09b2251aeb968e76f39f2b89774312daa3d Author: Alexei Starovoitov Date: Thu Dec 1 18:31:12 2016 -0800 samples/bpf: silence compiler warnings silence some of the clang compiler warnings like: include/linux/fs.h:2693:9: warning: comparison of unsigned enum expression < 0 is always false arch/x86/include/asm/processor.h:491:30: warning: taking address of packed member 'sp0' of class or structure 'x86_hw_tss' may result in an unaligned pointer value include/linux/cgroup-defs.h:326:16: warning: field 'cgrp' with variable sized type 'struct cgroup' not at the end of a struct or class is a GNU extension since they add too much noise to samples/bpf/ build. Signed-off-by: Alexei Starovoitov Signed-off-by: David S. Miller samples/bpf/Makefile | 2 ++ 1 file changed, 2 insertions(+) commit 6af2d5fff2fdcd481cb9a4f354a0880142b17c60 Author: Alexey Dobriyan Date: Fri Dec 2 04:21:32 2016 +0300 netns: fix net_generic() "id - 1" bloat net_generic() function is both a) inline and b) used ~600 times. It has the following code inside ... ptr = ng->ptr[id - 1]; ... "id" is never compile time constant so compiler is forced to subtract 1. And those decrements or LEA [r32 - 1] instructions add up. We also start id'ing from 1 to catch bugs where pernet sybsystem id is not initialized and 0. This is quite pointless idea (nothing will work or immediate interference with first registered subsystem) in general but it hints what needs to be done for code size reduction. Namely, overlaying allocation of pointer array and fixed part of structure in the beginning and using usual base-0 addressing. Ids are just cookies, their exact values do not matter, so lets start with 3 on x86_64. Code size savings (oh boy): -4.2 KB As usual, ignore the initial compiler stupidity part of the table. add/remove: 0/0 grow/shrink: 12/670 up/down: 89/-4297 (-4208) function old new delta tipc_nametbl_insert_publ 1250 1270 +20 nlmclnt_lookup_host 686 703 +17 nfsd4_encode_fattr 5930 5941 +11 nfs_get_client 1050 1061 +11 register_pernet_operations 333 342 +9 tcf_mirred_init 843 849 +6 tcf_bpf_init 1143 1149 +6 gss_setup_upcall 990 994 +4 idmap_name_to_id 432 434 +2 ops_init 274 275 +1 nfsd_inject_forget_client 259 260 +1 nfs4_alloc_client 612 613 +1 tunnel_key_walker 164 163 -1 ... tipc_bcbase_select_primary 392 360 -32 mac80211_hwsim_new_radio 2808 2767 -41 ipip6_tunnel_ioctl 2228 2186 -42 tipc_bcast_rcv 715 672 -43 tipc_link_build_proto_msg 1140 1089 -51 nfsd4_lock 3851 3796 -55 tipc_mon_rcv 1012 956 -56 Total: Before=156643951, After=156639743, chg -0.00% Signed-off-by: Alexey Dobriyan Signed-off-by: David S. Miller include/net/netns/generic.h | 16 +++++++++------- net/core/net_namespace.c | 20 ++++++++++++-------- 2 files changed, 21 insertions(+), 15 deletions(-) commit 9bfc7b9969dbb800460e2577f1dea59336269ce4 Author: Alexey Dobriyan Date: Fri Dec 2 04:12:58 2016 +0300 netns: add dummy struct inside "struct net_generic" This is precursor to fixing "[id - 1]" bloat inside net_generic(). Name "s" is chosen to complement name "u" often used for dummy unions. Signed-off-by: Alexey Dobriyan Signed-off-by: David S. Miller include/net/netns/generic.h | 6 ++++-- net/core/net_namespace.c | 8 ++++---- 2 files changed, 8 insertions(+), 6 deletions(-) commit 1a9a059203299ed42b984e91b87086bafeea36c6 Author: Alexey Dobriyan Date: Fri Dec 2 04:11:34 2016 +0300 netns: publish net_generic correctly Publishing net_generic pointer is done with silly mistake: new array is published BEFORE setting freshly acquired pernet subsystem pointer. memcpy rcu_assign_pointer kfree_rcu ng->ptr[id - 1] = data; This bug was introduced with commit dec827d174d7f76c457238800183ca864a639365 ("[NETNS]: The generic per-net pointers.") in the glorious days of chopping networking stack into containers proper 8.5 years ago (whee...) How it didn't trigger for so long? Well, you need quite specific set of conditions: *) race window opens once per pernet subsystem addition (read: modprobe or boot) *) not every pernet subsystem is eligible (need ->id and ->size) *) not every pernet subsystem is vulnerable (need incorrect or absense of ordering of register_pernet_sybsys() and actually using net_generic()) *) to hide the bug even more, default is to preallocate 13 pointers which is actually quite a lot. You need IPv6, netfilter, bridging etc together loaded to trigger reallocation in the first place. Trimmed down config are OK. Signed-off-by: Alexey Dobriyan Signed-off-by: David S. Miller net/core/net_namespace.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) commit b649668c0bb3f54523cd932490a3f637859fdeb0 Author: Eric Biggers Date: Sat Dec 3 15:55:01 2016 -0500 mbcache: document that "find" functions only return reusable entries mb_cache_entry_find_first() and mb_cache_entry_find_next() only return cache entries with the 'e_reusable' bit set. This should be documented. Signed-off-by: Eric Biggers Signed-off-by: Theodore Ts'o Reviewed-by: Jan Kara fs/mbcache.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) commit 4f7df337fe79bba1e4c2d525525d63b5ba186bbd Author: Alexey Dobriyan Date: Fri Dec 2 03:59:06 2016 +0300 netlink: 2-clause nla_ok() nla_ok() consists of 3 clauses: 1) int rem >= (int)sizeof(struct nlattr) 2) u16 nla_len >= sizeof(struct nlattr) 3) u16 nla_len <= int rem The statement is that clause (1) is redundant. What it does is ensuring that "rem" is a positive number, so that in clause (3) positive number will be compared to positive number with no problems. However, "u16" fully fits into "int" and integers do not change value when upcasting even to signed type. Negative integers will be rejected by clause (3) just fine. Small positive integers will be rejected by transitivity of comparison operator. NOTE: all of the above DOES NOT apply to nlmsg_ok() where ->nlmsg_len is u32(!), so 3 clauses AND A CAST TO INT are necessary. Obligatory space savings report: -1.6 KB $ ./scripts/bloat-o-meter ../vmlinux-000* ../vmlinux-001* add/remove: 0/0 grow/shrink: 3/63 up/down: 35/-1692 (-1657) function old new delta validate_scan_freqs 142 155 +13 tcf_em_tree_validate 867 879 +12 dcbnl_ieee_del 328 338 +10 netlbl_cipsov4_add_common.isra 218 215 -3 ... ovs_nla_put_actions 888 806 -82 netlbl_cipsov4_add_std 1648 1566 -82 nl80211_parse_sched_scan 2889 2780 -109 ip_tun_from_nlattr 3086 2945 -141 Signed-off-by: Alexey Dobriyan Signed-off-by: David S. Miller include/net/netlink.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit fe211cd8d850c3f9ced08f8e88d6fdaeb8a2af8a Author: Zhang Shengju Date: Fri Dec 2 09:51:07 2016 +0800 staging: wilc1000: use reset to set mac header Since offset is zero, it's not necessary to use set function. Reset function is straightforward, and will remove the unnecessary add operation in set function. Signed-off-by: Zhang Shengju Signed-off-by: David S. Miller drivers/staging/wilc1000/linux_mon.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit a52a8a4d98f82478d8ef0d121115b514a7f72f85 Author: Zhang Shengju Date: Fri Dec 2 09:51:06 2016 +0800 iwlwifi: use reset to set transport header Since offset is zero, it's not necessary to use set function. Reset function is straightforward, and will remove the unnecessary add operation in set function. Signed-off-by: Zhang Shengju Signed-off-by: David S. Miller drivers/net/wireless/intel/iwlwifi/pcie/tx.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 690291093a54535d63084e4da63fd44599cf02e8 Author: Zhang Shengju Date: Fri Dec 2 09:51:05 2016 +0800 mlx4: use reset to set mac header Since offset is zero, it's not necessary to use set function. Reset function is straightforward, and will remove the unnecessary add operation in set function. Signed-off-by: Zhang Shengju Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx4/en_selftest.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 0e24c0ad2b95f971c7af039080e7bd0a34b8b0dc Author: Zhang Shengju Date: Fri Dec 2 09:51:04 2016 +0800 bnx2x: use reset to set network header Since offset is zero, it's not necessary to use set function. Reset function is straightforward, and will remove the unnecessary add operation in set function. Signed-off-by: Zhang Shengju Signed-off-by: David S. Miller drivers/net/ethernet/broadcom/bnx2x/bnx2x_cmn.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 90caf3c9d46dd9a24adc7dae6e1909348b3c37c4 Author: Zhang Shengju Date: Fri Dec 2 09:51:03 2016 +0800 qede: use reset to set network header Since offset is zero, it's not necessary to use set function. Reset function is straightforward, and will remove the unnecessary add operation in set function. Signed-off-by: Zhang Shengju Acked-by: Yuval Mintz Signed-off-by: David S. Miller drivers/net/ethernet/qlogic/qede/qede_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 1e8c86a6bb4c0537b803cd70d857f49583a877a1 Merge: 397c5ad 0296fe4 Author: David S. Miller Date: Sat Dec 3 15:46:51 2016 -0500 Merge branch 'xgene-jumbo-and-pause-frame' Iyappan Subramanian says: ==================== drivers: net: xgene: Add Jumbo and Pause frame support This patch set adds, 1. Jumbo frame support 2. Pause frame based flow control and fixes RSS for non-TCP/UDP packets. ==================== Signed-off-by: Iyappan Subramanian commit 0296fe4da6505bb9eb36f85f157b0219ef1e2e04 Author: Iyappan Subramanian Date: Thu Dec 1 16:41:44 2016 -0800 drivers: net: xgene: ethtool: Add get/set_pauseparam This patch adds get_pauseparam and set_pauseparam functions. Signed-off-by: Iyappan Subramanian Signed-off-by: Quan Nguyen Signed-off-by: David S. Miller .../net/ethernet/apm/xgene/xgene_enet_ethtool.c | 70 ++++++++++++++++++++++ 1 file changed, 70 insertions(+) commit 56090b12283d40b02879377ac8f734520ce6e6b2 Author: Iyappan Subramanian Date: Thu Dec 1 16:41:43 2016 -0800 drivers: net: xgene: Add flow control initialization This patch adds flow control/pause frame initialization and advertising capabilities. Signed-off-by: Iyappan Subramanian Signed-off-by: Quan Nguyen Signed-off-by: David S. Miller drivers/net/ethernet/apm/xgene/xgene_enet_hw.c | 57 +++++++++++++++++++++++ drivers/net/ethernet/apm/xgene/xgene_enet_hw.h | 7 +++ drivers/net/ethernet/apm/xgene/xgene_enet_sgmac.c | 44 ++++++++++++++++- drivers/net/ethernet/apm/xgene/xgene_enet_xgmac.c | 17 +++++++ drivers/net/ethernet/apm/xgene/xgene_enet_xgmac.h | 7 +++ 5 files changed, 131 insertions(+), 1 deletion(-) commit bb64fa09ac1b22515dc04d9dec3096da812f758b Author: Iyappan Subramanian Date: Thu Dec 1 16:41:42 2016 -0800 drivers: net: xgene: Add flow control configuration This patch adds functions to configure mac, when flow control and pause frame settings change. Signed-off-by: Iyappan Subramanian Signed-off-by: Quan Nguyen Signed-off-by: David S. Miller drivers/net/ethernet/apm/xgene/xgene_enet_hw.c | 48 +++++++++++++++++ drivers/net/ethernet/apm/xgene/xgene_enet_hw.h | 6 +++ drivers/net/ethernet/apm/xgene/xgene_enet_main.h | 6 +++ drivers/net/ethernet/apm/xgene/xgene_enet_sgmac.c | 64 ++++++++++++++++------ drivers/net/ethernet/apm/xgene/xgene_enet_xgmac.c | 66 ++++++++++++++++++++++- drivers/net/ethernet/apm/xgene/xgene_enet_xgmac.h | 2 + 6 files changed, 176 insertions(+), 16 deletions(-) commit a809701fed15ff49cb87883030e5c63af03d7889 Author: Iyappan Subramanian Date: Thu Dec 1 16:41:41 2016 -0800 drivers: net: xgene: fix: RSS for non-TCP/UDP This patch fixes RSS feature, for non-TCP/UDP packets. Signed-off-by: Khuong Dinh Signed-off-by: Iyappan Subramanian Signed-off-by: David S. Miller drivers/net/ethernet/apm/xgene/xgene_enet_cle.c | 90 ++++++++++++++++++++++++- drivers/net/ethernet/apm/xgene/xgene_enet_cle.h | 1 + 2 files changed, 89 insertions(+), 2 deletions(-) commit 350b4e33b89378c5e5572a76c5e600999ad4d463 Author: Iyappan Subramanian Date: Thu Dec 1 16:41:40 2016 -0800 drivers: net: xgene: Add change_mtu function This patch implements ndo_change_mtu() callback function that enables mtu change. Signed-off-by: Iyappan Subramanian Signed-off-by: Quan Nguyen Signed-off-by: David S. Miller drivers/net/ethernet/apm/xgene/xgene_enet_hw.c | 6 ++++++ drivers/net/ethernet/apm/xgene/xgene_enet_main.c | 20 ++++++++++++++++++++ drivers/net/ethernet/apm/xgene/xgene_enet_main.h | 1 + drivers/net/ethernet/apm/xgene/xgene_enet_sgmac.c | 6 ++++++ drivers/net/ethernet/apm/xgene/xgene_enet_xgmac.c | 7 +++++++ 5 files changed, 40 insertions(+) commit a9380b0f7be818168775a71fedacec6299d95a09 Author: Iyappan Subramanian Date: Thu Dec 1 16:41:39 2016 -0800 drivers: net: xgene: Add support for Jumbo frame This patch adds support for jumbo frame, by allocating additional buffer (page) pool and configuring the hardware. Signed-off-by: Iyappan Subramanian Signed-off-by: Quan Nguyen Signed-off-by: David S. Miller drivers/net/ethernet/apm/xgene/xgene_enet_hw.c | 3 + drivers/net/ethernet/apm/xgene/xgene_enet_main.c | 305 ++++++++++++++++++++-- drivers/net/ethernet/apm/xgene/xgene_enet_main.h | 20 +- drivers/net/ethernet/apm/xgene/xgene_enet_ring2.c | 1 + drivers/net/ethernet/apm/xgene/xgene_enet_sgmac.c | 3 + drivers/net/ethernet/apm/xgene/xgene_enet_xgmac.c | 4 + 6 files changed, 311 insertions(+), 25 deletions(-) commit d6d489694fda7aff86c8fd572744d0dbbca3f64e Author: Iyappan Subramanian Date: Thu Dec 1 16:41:38 2016 -0800 drivers: net: xgene: Configure classifier with pagepool This patch configures classifier with the pagepool information. Signed-off-by: Iyappan Subramanian Signed-off-by: Quan Nguyen Signed-off-by: David S. Miller drivers/net/ethernet/apm/xgene/xgene_enet_cle.c | 16 ++++++++++++++-- drivers/net/ethernet/apm/xgene/xgene_enet_cle.h | 2 ++ drivers/net/ethernet/apm/xgene/xgene_enet_hw.c | 7 +++++-- drivers/net/ethernet/apm/xgene/xgene_enet_hw.h | 6 ++++-- drivers/net/ethernet/apm/xgene/xgene_enet_main.c | 11 +++++++++-- drivers/net/ethernet/apm/xgene/xgene_enet_main.h | 3 ++- drivers/net/ethernet/apm/xgene/xgene_enet_sgmac.c | 9 ++++++--- drivers/net/ethernet/apm/xgene/xgene_enet_xgmac.c | 7 +++++-- 8 files changed, 47 insertions(+), 14 deletions(-) commit 2c839337520b22225dfccf6546814c18d9108b4d Author: Iyappan Subramanian Date: Thu Dec 1 16:41:37 2016 -0800 drivers: net: xgene: Add helper function This is a prepartion patch and adds xgene_enet_get_fpsel() helper function to get buffer pool number. Signed-off-by: Iyappan Subramanian Signed-off-by: Quan Nguyen Signed-off-by: David S. Miller drivers/net/ethernet/apm/xgene/xgene_enet_cle.c | 4 ++-- drivers/net/ethernet/apm/xgene/xgene_enet_hw.c | 19 +++++++------------ drivers/net/ethernet/apm/xgene/xgene_enet_hw.h | 8 ++++++++ drivers/net/ethernet/apm/xgene/xgene_enet_sgmac.c | 20 +++++++------------- drivers/net/ethernet/apm/xgene/xgene_enet_xgmac.c | 20 +++++++------------- 5 files changed, 31 insertions(+), 40 deletions(-) commit 132d4e2d55dfd9edae26cb35f088add7c19990e6 Author: Eric Biggers Date: Sat Dec 3 15:43:48 2016 -0500 mbcache: use consistent type for entry count mbcache used several different types to represent the number of entries in the cache. For consistency within mbcache and with the shrinker API, always use unsigned long. This does not change behavior for current mbcache users (ext2 and ext4) since they limit the entry count to a value which easily fits in an int. Signed-off-by: Eric Biggers Signed-off-by: Theodore Ts'o Reviewed-by: Jan Kara fs/mbcache.c | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) commit 97c7b18a5d15516a4358a6d2d5ddfb22d62d9fac Author: Eric Biggers Date: Sat Dec 3 15:38:29 2016 -0500 mbcache: remove unnecessary module_get/module_put When mbcache is built as a module, any modules that use it (ext2 and/or ext4) will depend on its symbols directly, incrementing its reference count. Therefore, there is no need to do module_get/module_put. Also note that since the module_get/module_put were in the mbcache module itself, executing those lines of code was already dependent on another reference to the mbcache module being held. Signed-off-by: Eric Biggers Signed-off-by: Theodore Ts'o Reviewed-by: Jan Kara fs/mbcache.c | 5 ----- 1 file changed, 5 deletions(-) commit b1226c7db1d997fa6955cd3b54ba333bd0d8a29c Author: Adit Ranadive Date: Sun Oct 2 19:10:21 2016 -0700 vmxnet3: Move PCI Id to pci_ids.h The VMXNet3 PCI Id will be shared with our paravirtual RDMA driver. Moved it to the shared location in pci_ids.h. Suggested-by: Leon Romanovsky Acked-by: Bjorn Helgaas Reviewed-by: Yuval Shaia Signed-off-by: Adit Ranadive Signed-off-by: Doug Ledford drivers/net/vmxnet3/vmxnet3_int.h | 3 +-- include/linux/pci_ids.h | 1 + 2 files changed, 2 insertions(+), 2 deletions(-) commit 230bc962a6ffef8b15ac1fd2664ae9d4b56a64a6 Author: Trond Myklebust Date: Wed Oct 19 15:59:28 2016 -0400 pNFS/flexfiles: Support sending layoutstats in layoutreturn Add the ability to send an array of layoutstats entries as part of layoutreturn. Signed-off-by: Trond Myklebust fs/nfs/flexfilelayout/flexfilelayout.c | 82 +++++++++++++++++++++++++++++++--- fs/nfs/flexfilelayout/flexfilelayout.h | 3 ++ 2 files changed, 79 insertions(+), 6 deletions(-) commit 422c93c881a1689b5ad99e231a65ee5c51d3b72a Author: Trond Myklebust Date: Thu Oct 6 17:53:20 2016 -0400 pNFS/flexfiles: Minor refactoring before adding iostats to layoutreturn Signed-off-by: Trond Myklebust fs/nfs/flexfilelayout/flexfilelayout.c | 59 ++++++++++++++++++++-------------- fs/nfs/nfs42proc.c | 9 ++++-- fs/nfs/nfs42xdr.c | 5 +-- fs/nfs/pnfs.h | 1 - include/linux/nfs_xdr.h | 3 +- 5 files changed, 44 insertions(+), 33 deletions(-) commit 2f8220c16ee0055f7ea541782651b30398752ee4 Author: Trond Myklebust Date: Mon Oct 3 18:13:20 2016 -0400 NFS: Fix up read of mirror stats Need to lock while reading in order to ensure 64-bit reads are correct. Signed-off-by: Trond Myklebust fs/nfs/flexfilelayout/flexfilelayout.c | 2 ++ 1 file changed, 2 insertions(+) commit 08e2e5bc6c9a1b0e92da5225080bbb33786abd08 Author: Trond Myklebust Date: Thu Sep 29 09:15:27 2016 -0700 pNFS/flexfiles: Clean up layoutstats Signed-off-by: Trond Myklebust fs/nfs/flexfilelayout/flexfilelayout.c | 27 +++++++-------------------- 1 file changed, 7 insertions(+), 20 deletions(-) commit 5b9b3c855a16d04d65fa7728b57143552d5d06a0 Author: Trond Myklebust Date: Fri Dec 2 16:15:05 2016 -0500 pNFS/flexfiles: Refactor encoding of the layoutreturn payload Add the layout error payload to the flexfiles layoutreturn private data, and set up the encoding mechanisms. This is a refactoring in preparation for adding the layout iostats payload. Signed-off-by: Trond Myklebust fs/nfs/flexfilelayout/flexfilelayout.c | 63 +++++++++++++++++++------ fs/nfs/flexfilelayout/flexfilelayout.h | 14 ++++-- fs/nfs/flexfilelayout/flexfilelayoutdev.c | 78 +++++++++++++++++++++++++------ 3 files changed, 124 insertions(+), 31 deletions(-) commit 21d0f4fa8e7b026cdae988f99f4c3aab154d5b7c Author: Eric Biggers Date: Sat Dec 3 15:28:53 2016 -0500 mbcache: don't BUG() if entry cache cannot be allocated mbcache can be a module that is loaded long after startup, when someone asks to mount an ext2 or ext4 filesystem. Therefore it should not BUG() if kmem_cache_create() fails, but rather just fail the module load. Signed-off-by: Eric Biggers Signed-off-by: Theodore Ts'o Reviewed-by: Jan Kara fs/mbcache.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 397c5ad153f0ea62023accb67b3d2b07e5039948 Author: Paul Gortmaker Date: Thu Dec 1 15:25:28 2016 -0500 net: ethernet: ti: davinci_cpdma: add missing EXPORTs As of commit 8f32b90981dcdb355516fb95953133f8d4e6b11d ("net: ethernet: ti: davinci_cpdma: add set rate for a channel") the ARM allmodconfig builds would fail modpost with: ERROR: "cpdma_chan_set_weight" [drivers/net/ethernet/ti/ti_cpsw.ko] undefined! ERROR: "cpdma_chan_get_rate" [drivers/net/ethernet/ti/ti_cpsw.ko] undefined! ERROR: "cpdma_chan_get_min_rate" [drivers/net/ethernet/ti/ti_cpsw.ko] undefined! ERROR: "cpdma_chan_set_rate" [drivers/net/ethernet/ti/ti_cpsw.ko] undefined! Since these weren't declared as static, it is assumed they were meant to be shared outside the file, and that modular build testing was simply overlooked. Fixes: 8f32b90981dc ("net: ethernet: ti: davinci_cpdma: add set rate for a channel") Cc: Ivan Khoronzhuk Cc: Mugunthan V N Cc: Grygorii Strashko Cc: linux-omap@vger.kernel.org Cc: netdev@vger.kernel.org Signed-off-by: Paul Gortmaker Signed-off-by: David S. Miller drivers/net/ethernet/ti/davinci_cpdma.c | 4 ++++ 1 file changed, 4 insertions(+) commit 70278b5df1f932bd1a5a3fd55489cbeff4cfd25f Merge: b91dce4 0d8f8ef Author: David S. Miller Date: Sat Dec 3 15:26:30 2016 -0500 Merge tag 'linux-can-next-for-4.10-20161201' of git://git.kernel.org/pub/scm/linux/kernel/git/mkl/linux-can-next Marc Kleine-Budde says: ==================== pull-request: can-next 2016-12-01 this is a pull request of 4 patches for net-next/master. There are two patches by Chris Paterson for the rcar_can and rcar_canfd device tree binding documentation. And a patch by Geert Uytterhoeven that corrects the order of interrupt specifiers. The fourth patch by Colin Ian King fixes a spelling error in the kvaser_usb driver. ==================== Signed-off-by: David S. Miller commit 7cba2cc13e12c824ad7e414b3834dc3df05fbf46 Author: Henry Orosco Date: Wed Oct 19 15:33:58 2016 -0500 i40iw: Set MAX IRD, MAX ORD size to max supported value Set the MAX_IRD and MAX_ORD size negotiated to the maximum supported values. Signed-off-by: Shiraz Saleem Signed-off-by: Henry Orosco Signed-off-by: Doug Ledford drivers/infiniband/hw/i40iw/i40iw_ctrl.c | 5 ----- drivers/infiniband/hw/i40iw/i40iw_user.h | 5 ++--- 2 files changed, 2 insertions(+), 8 deletions(-) commit 7581e96ca4de26da7237d507ac9cf519753e1787 Author: Henry Orosco Date: Wed Oct 19 15:33:32 2016 -0500 i40iw: Remove workaround for pre-production errata Pre-production silicon incorrectly truncates 4 bytes of the MPA packet in UDP loopback case. Remove the workaround as it is no longer necessary. Signed-off-by: Shiraz Saleem Signed-off-by: Henry Orosco Signed-off-by: Doug Ledford drivers/infiniband/hw/i40iw/i40iw_cm.c | 26 +++----------------------- drivers/infiniband/hw/i40iw/i40iw_cm.h | 2 -- drivers/infiniband/hw/i40iw/i40iw_utils.c | 2 +- 3 files changed, 4 insertions(+), 26 deletions(-) commit d62d563424e3da0c0a1176f38c0d49c7ad91fbc1 Author: Henry Orosco Date: Wed Oct 19 15:32:53 2016 -0500 i40iw: Enable message packing Remove the parameter to disable message packing and always enable it. Signed-off-by: Shiraz Saleem Signed-off-by: Henry Orosco Signed-off-by: Doug Ledford drivers/infiniband/hw/i40iw/i40iw_ctrl.c | 5 ----- drivers/infiniband/hw/i40iw/i40iw_main.c | 2 +- drivers/infiniband/hw/i40iw/i40iw_type.h | 2 +- 3 files changed, 2 insertions(+), 7 deletions(-) commit 0fc2dc58896f182daeeb4a7b5fc8d763afec3117 Author: Henry Orosco Date: Mon Oct 10 21:12:10 2016 -0500 i40iw: Add Quality of Service support Add support for QoS on QPs. Upon device initialization, a map is created from user priority to queue set handles. On QP creation, use ToS to look up the queue set handle for use with the QP. Signed-off-by: Faisal Latif Signed-off-by: Shiraz Saleem Signed-off-by: Henry Orosco Signed-off-by: Doug Ledford drivers/infiniband/hw/i40iw/i40iw.h | 9 ++ drivers/infiniband/hw/i40iw/i40iw_cm.c | 30 +++++- drivers/infiniband/hw/i40iw/i40iw_cm.h | 2 +- drivers/infiniband/hw/i40iw/i40iw_ctrl.c | 151 +++++++++++++++++++++++++++++- drivers/infiniband/hw/i40iw/i40iw_d.h | 2 + drivers/infiniband/hw/i40iw/i40iw_hw.c | 25 ++--- drivers/infiniband/hw/i40iw/i40iw_main.c | 66 +++++++++++-- drivers/infiniband/hw/i40iw/i40iw_osdep.h | 2 + drivers/infiniband/hw/i40iw/i40iw_p.h | 2 + drivers/infiniband/hw/i40iw/i40iw_puda.c | 3 +- drivers/infiniband/hw/i40iw/i40iw_type.h | 18 +++- drivers/infiniband/hw/i40iw/i40iw_utils.c | 45 +++++++++ drivers/infiniband/hw/i40iw/i40iw_verbs.c | 6 +- 13 files changed, 325 insertions(+), 36 deletions(-) commit b91dce4c5bc9b4454e25695c0dae5355df79a4e9 Author: LABBE Corentin Date: Thu Dec 1 16:19:41 2016 +0100 net: stmmac: unify mdio functions stmmac_mdio_{read|write} and stmmac_mdio_{read|write}_gmac4 are not enought different for being split. The only differences between thoses two functions are shift/mask for addr/reg/clk_csr. This patch introduce a per platform set of variable for setting thoses shift/mask and unify mdio read and write functions. Signed-off-by: Corentin Labbe Signed-off-by: David S. Miller drivers/net/ethernet/stmicro/stmmac/common.h | 6 + .../net/ethernet/stmicro/stmmac/dwmac1000_core.c | 6 + .../net/ethernet/stmicro/stmmac/dwmac100_core.c | 7 ++ drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 6 + drivers/net/ethernet/stmicro/stmmac/stmmac_mdio.c | 121 ++++----------------- 5 files changed, 48 insertions(+), 98 deletions(-) commit 01f1f615bdc5a887d39e158129e0851956fb6e05 Author: LABBE Corentin Date: Thu Dec 1 16:19:40 2016 +0100 net: stmmac: avoid Camelcase naming This patch simply rename regValue to value, like it was named in other mdio functions. Signed-off-by: Corentin Labbe Acked-by: Giuseppe Cavallaro Signed-off-by: David S. Miller drivers/net/ethernet/stmicro/stmmac/stmmac_mdio.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit 918b7306edacbcc8a9ca318a5a34d73954e1705d Author: Eric Biggers Date: Sat Dec 3 15:13:15 2016 -0500 mbcache: correctly handle 'e_referenced' bit mbcache entries have an 'e_referenced' bit which users can set with mb_cache_entry_touch() to indicate that an entry should be given another pass through the LRU list before the shrinker can delete it. However, mb_cache_shrink() actually would, when seeing an e_referenced entry at the front of the list (the least-recently used end), place it right at the front of the list again. The next iteration would then remove the entry from the list and delete it. Consequently, e_referenced had essentially no effect, so ext2/ext4 xattr blocks would sometimes not be reused as often as expected. Fix this by making the shrinker move e_referenced entries to the back of the list rather than the front. Signed-off-by: Eric Biggers Signed-off-by: Theodore Ts'o Reviewed-by: Jan Kara fs/mbcache.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 7b2024fdec0559050ca001c0128f90eec4236468 Author: Arnd Bergmann Date: Mon Nov 28 15:19:43 2016 +0100 irda: w83977af_ir: fix damaged whitespace As David Miller pointed out for for the previous patch, the whitespace in some functions looks rather odd. This was caused by commit 6329da5f258a ("obsolete config in kernel source: USE_INTERNAL_TIMER"), which removed some conditions but did not reindent the code. This fixes the indentation in the file and removes extraneous whitespace at the end of the lines and before tabs. There are many other minor coding style problems in the driver, but I'm not touching those here. Signed-off-by: Arnd Bergmann Signed-off-by: David S. Miller drivers/net/irda/w83977af_ir.c | 404 ++++++++++++++++++++--------------------- 1 file changed, 202 insertions(+), 202 deletions(-) commit c6c60dae81708aa2cb4166d3530cb9348c5f6b8c Author: Pavel Machek Date: Thu Dec 1 11:32:18 2016 +0100 stmmac: cleanup documenation, make it match reality Fix english in documentation, make documentation match reality, remove options that were removed from code. Signed-off-by: Pavel Machek Signed-off-by: David S. Miller Documentation/networking/stmmac.txt | 47 ++++++++++++++++++------------------- 1 file changed, 23 insertions(+), 24 deletions(-) commit 4d4099584c2c4dca6c04d78ded4cc81f50cc3634 Author: Leon Romanovsky Date: Wed Oct 19 20:13:07 2016 +0300 IB/hns: Move HNS RoCE user vendor structures This patch moves HNS vendor's specific structures to common UAPI folder which will be visible to all consumers. Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/hns/hns_roce_cq.c | 2 +- drivers/infiniband/hw/hns/hns_roce_main.c | 2 +- drivers/infiniband/hw/hns/hns_roce_qp.c | 2 +- drivers/infiniband/hw/hns/hns_roce_user.h | 53 ------------------------------ include/uapi/rdma/Kbuild | 1 + include/uapi/rdma/hns-abi.h | 54 +++++++++++++++++++++++++++++++ 6 files changed, 58 insertions(+), 56 deletions(-) commit 3b5184be89449275e5396512ab0127fc19ce359e Author: Lijun Ou Date: Tue Nov 29 23:10:30 2016 +0000 IB/hns: Fix the IB device name This patch mainly fix the name for IB device in order to match with libhns. Signed-off-by: Lijun Ou Signed-off-by: Salil Mehta Signed-off-by: Doug Ledford drivers/infiniband/hw/hns/hns_roce_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit afb6b092d6507b17c75df394b1d1b2a6e1674627 Author: Shaobo Xu Date: Tue Nov 29 23:10:29 2016 +0000 IB/hns: Fix the bug when free cq If the resources of cq are freed while executing the user case, hardware can not been notified in hip06 SoC. Then hardware will hold on when it writes the cq buffer which has been released. In order to slove this problem, RoCE driver checks the CQE counter, and ensure that the outstanding CQE have been written. Then the cq buffer can be released. Signed-off-by: Shaobo Xu Reviewed-by: Wei Hu (Xavier) Signed-off-by: Salil Mehta Signed-off-by: Doug Ledford drivers/infiniband/hw/hns/hns_roce_common.h | 2 ++ drivers/infiniband/hw/hns/hns_roce_cq.c | 27 +++++++++------ drivers/infiniband/hw/hns/hns_roce_device.h | 8 +++++ drivers/infiniband/hw/hns/hns_roce_hw_v1.c | 53 +++++++++++++++++++++++++++++ 4 files changed, 79 insertions(+), 11 deletions(-) commit 19a408efa099e6ebe5458d4fc1ba4630d9daf9d4 Author: Wei Hu (Xavier) Date: Tue Nov 29 23:10:28 2016 +0000 IB/hns: Delete the redundant memset operation It deleted the redundant memset operation because the memory allocated by ib_alloc_device has been set zero. Signed-off-by: Wei Hu (Xavier) Signed-off-by: Salil Mehta Signed-off-by: Doug Ledford drivers/infiniband/hw/hns/hns_roce_main.c | 3 --- 1 file changed, 3 deletions(-) commit 9daed0affa1378cbfbc549de6a2b25c778c15bda Author: Wei Hu (Xavier) Date: Tue Nov 29 23:10:27 2016 +0000 IB/hns: Fix the bug of setting port mtu In hns_roce driver, we need not call iboe_get_mtu to reduce IB headers from effective IBoE MTU because hr_dev->caps.max_mtu has already been reduced. Signed-off-by: Wei Hu (Xavier) Signed-off-by: Salil Mehta Signed-off-by: Doug Ledford drivers/infiniband/hw/hns/hns_roce_main.c | 16 ++-------------- 1 file changed, 2 insertions(+), 14 deletions(-) commit bfcc681bd09d6cd96aa0ec667533a867253731aa Author: Shaobo Xu Date: Tue Nov 29 23:10:26 2016 +0000 IB/hns: Fix the bug when free mr If the resources of mr are freed while executing the user case, hardware can not been notified in hip06 SoC. Then hardware will hold on when it reads the payload by the PA which has been released. In order to slove this problem, RoCE driver creates 8 reserved loopback QPs to ensure zero wqe when free mr. When the mac address is reset, in order to avoid loopback failure, we need to release the reserved loopback QPs and recreate them. Signed-off-by: Shaobo Xu Reviewed-by: Wei Hu (Xavier) Signed-off-by: Salil Mehta Signed-off-by: Doug Ledford drivers/infiniband/hw/hns/hns_roce_cmd.h | 5 - drivers/infiniband/hw/hns/hns_roce_device.h | 10 + drivers/infiniband/hw/hns/hns_roce_hw_v1.c | 485 ++++++++++++++++++++++++++++ drivers/infiniband/hw/hns/hns_roce_hw_v1.h | 34 ++ drivers/infiniband/hw/hns/hns_roce_main.c | 5 +- drivers/infiniband/hw/hns/hns_roce_mr.c | 21 +- 6 files changed, 545 insertions(+), 15 deletions(-) commit d838c481e025db374171e16d5cc463b85cffec9f Author: Wei Hu (Xavier) Date: Tue Nov 29 23:10:25 2016 +0000 IB/hns: Fix the bug when destroy qp If send queue is still working when qp is in reset state by modify qp in destroy qp function, hardware will hold on and don't work in hip06 SoC. In current codes, RoCE driver check hardware pointer of sending and hardware pointer of processing to ensure that hardware has processed all the dbs of this qp. But while the environment of wire becomes not good, The checking time maybe too long. In order to solve this problem, RoCE driver created a workqueue at probe function. If there is a timeout when checking the status of qp, driver initialize work entry and push it into the workqueue, Work function will finish checking and release the related resources later. Signed-off-by: Wei Hu (Xavier) Signed-off-by: Lijun Ou Signed-off-by: Dongdong Huang(Donald) Signed-off-by: Salil Mehta Signed-off-by: Doug Ledford drivers/infiniband/hw/hns/hns_roce_common.h | 40 +++ drivers/infiniband/hw/hns/hns_roce_hw_v1.c | 435 ++++++++++++++++++++++------ drivers/infiniband/hw/hns/hns_roce_hw_v1.h | 23 ++ 3 files changed, 402 insertions(+), 96 deletions(-) commit e84e40be8e7bc29599da7056b340490d25ff87b5 Author: Salil Date: Wed Nov 23 19:41:09 2016 +0000 IB/hns: Fix for Checkpatch.pl comment style errors This patch correct the comment style errors caught by checkpatch.pl script Signed-off-by: Salil Mehta Signed-off-by: Doug Ledford drivers/infiniband/hw/hns/hns_roce_cmd.c | 8 ++--- drivers/infiniband/hw/hns/hns_roce_device.h | 28 +++++++-------- drivers/infiniband/hw/hns/hns_roce_eq.c | 6 ++-- drivers/infiniband/hw/hns/hns_roce_hem.c | 6 ++-- drivers/infiniband/hw/hns/hns_roce_hw_v1.c | 56 ++++++++++++++--------------- drivers/infiniband/hw/hns/hns_roce_main.c | 28 +++++++-------- 6 files changed, 66 insertions(+), 66 deletions(-) commit 82547469782a952452c84c055c7911e635c77cd0 Author: Shaobo Xu Date: Wed Nov 23 19:41:08 2016 +0000 IB/hns: Implement the add_gid/del_gid and optimize the GIDs management IB core has implemented the calculation of GIDs and the management of GID tables, and it is now responsible to supply query function for GIDs. So the calculation of GIDs and the management of GID tables in the RoCE driver is redundant. The patch is to implement the add_gid/del_gid to set the GIDs in the RoCE driver, remove the redundant calculation and management of GIDs in the notifier call of the net device and the inet, and update the query_gid. Signed-off-by: Shaobo Xu Reviewed-by: Wei Hu (Xavier) Signed-off-by: Salil Mehta Signed-off-by: Doug Ledford drivers/infiniband/hw/hns/hns_roce_device.h | 2 - drivers/infiniband/hw/hns/hns_roce_main.c | 270 +++++----------------------- 2 files changed, 48 insertions(+), 224 deletions(-) commit 5e6ff78a229c2f231f2f743b017987621e469858 Author: Wei Hu (Xavier) Date: Wed Nov 23 19:41:07 2016 +0000 IB/hns: Change qpn allocation to round-robin mode. When using CM to establish connections, qp number that was freed just now will be rejected by ib core. To fix these problem, We change qpn allocation to round-robin mode. We added the round-robin mode for allocating resources using bitmap. We use round-robin mode for qp number and non round-robing mode for other resources like cq number, pd number etc. Signed-off-by: Wei Hu (Xavier) Signed-off-by: Salil Mehta Signed-off-by: Doug Ledford drivers/infiniband/hw/hns/hns_roce_alloc.c | 11 +++++++---- drivers/infiniband/hw/hns/hns_roce_cq.c | 4 ++-- drivers/infiniband/hw/hns/hns_roce_device.h | 9 +++++++-- drivers/infiniband/hw/hns/hns_roce_mr.c | 2 +- drivers/infiniband/hw/hns/hns_roce_pd.c | 5 +++-- drivers/infiniband/hw/hns/hns_roce_qp.c | 2 +- 6 files changed, 21 insertions(+), 12 deletions(-) commit dd783a212c023b309e91ab9752c07e22f759461e Author: Wei Hu (Xavier) Date: Wed Nov 23 19:41:06 2016 +0000 IB/hns: Modify query info named port_num when querying RC QP This patch modified the output query info qp_attr->port_num to fix bug in hip06. Signed-off-by: Wei Hu (Xavier) Signed-off-by: Salil Mehta Signed-off-by: Doug Ledford drivers/infiniband/hw/hns/hns_roce_hw_v1.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) commit 6b877c32bc40bfa9fa13659ac4e1413b67ff1c3d Author: Wei Hu (Xavier) Date: Wed Nov 23 19:41:05 2016 +0000 IB/hns: Modify the macro for the timeout when cmd process This patch modified the macro for the timeout when cmd is processing as follows: Before modification: enum { HNS_ROCE_CMD_TIME_CLASS_A = 10000, HNS_ROCE_CMD_TIME_CLASS_B = 10000, HNS_ROCE_CMD_TIME_CLASS_C = 10000, }; After modification: #define HNS_ROCE_CMD_TIMEOUT_MSECS 10000 Signed-off-by: Wei Hu (Xavier) Signed-off-by: Salil Mehta Signed-off-by: Doug Ledford drivers/infiniband/hw/hns/hns_roce_cmd.h | 7 +------ drivers/infiniband/hw/hns/hns_roce_cq.c | 4 ++-- drivers/infiniband/hw/hns/hns_roce_hw_v1.c | 8 ++++---- drivers/infiniband/hw/hns/hns_roce_mr.c | 4 ++-- 4 files changed, 9 insertions(+), 14 deletions(-) commit 1dec243ac00c6e10217c994c5a500bc85fe0f649 Author: Lijun Ou Date: Wed Nov 23 19:41:04 2016 +0000 IB/hns: Fix the bug for qp state in hns_roce_v1_m_qp() In old code, the value of qp state from qpc was assigned for attr->qp_state. The value may be an error while attr_mask & IB_QP_STATE is zero. Signed-off-by: Lijun Ou Reviewed-by: Wei Hu (Xavier) Signed-off-by: Salil Mehta Signed-off-by: Doug Ledford drivers/infiniband/hw/hns/hns_roce_hw_v1.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 80596c6717a7b0e9969ffbd03c7e1dd33112f7e9 Author: Lijun Ou Date: Wed Nov 23 19:41:03 2016 +0000 IB/hns: Modify the condition of notifying hardware loopback This patch modified the condition of notifying hardware loopback. In hip06, RoCE Engine has several ports, one QP is related to one port. hardware only support loopback in the same port, not in the different ports. So, If QP related to port N, the dmac in the QP context equals the smac of the local port N or the loop_idc is 1, we should set loopback bit in QP context to notify hardware. Signed-off-by: Wei Hu (Xavier) Signed-off-by: Lijun Ou Signed-off-by: Salil Mehta Signed-off-by: Doug Ledford drivers/infiniband/hw/hns/hns_roce_hw_v1.c | 24 +++++++----------------- 1 file changed, 7 insertions(+), 17 deletions(-) commit 543bfe6c3c1602d1781504047795a4266076233b Author: Lijun Ou Date: Wed Nov 23 19:41:02 2016 +0000 IB/hns: add self loopback for CM This patch mainly adds self loopback support for CM. Signed-off-by: Lijun Ou Signed-off-by: Peter Chen Reviewed-by: Wei Hu (Xavier) Signed-off-by: Salil Mehta Signed-off-by: Doug Ledford drivers/infiniband/hw/hns/hns_roce_hw_v1.c | 11 +++++++++++ drivers/infiniband/hw/hns/hns_roce_hw_v1.h | 2 ++ 2 files changed, 13 insertions(+) commit 8d497eb0f325e98fa87b59ac86069deea64e8d5d Author: Wei Hu (Xavier) Date: Wed Nov 23 19:41:01 2016 +0000 IB/hns: Optimize the logic of allocating memory using APIs This patch modified the logic of allocating memory using APIs in hns RoCE driver. We used kcalloc instead of kmalloc_array and bitmap_zero. And When kcalloc failed, call vzalloc to alloc memory. Signed-off-by: Wei Hu (Xavier) Signed-off-by: Ping Zhang Signed-off-by: Salil Mehta Signed-off-by: Doug Ledford drivers/infiniband/hw/hns/hns_roce_mr.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) commit 8f3e9f3ea0871a988ec9540a4cde48a20c1cb98b Author: Wei Hu (Xavier) Date: Wed Nov 23 19:41:00 2016 +0000 IB/hns: Add code for refreshing CQ CI using TPTR This patch added the code for refreshing CQ CI using TPTR in hip06 SoC. We will send a doorbell to hardware for refreshing CQ CI when user succeed to poll a cqe. But it will be failed if the doorbell has been blocked. So hardware will read a special buffer called TPTR to get the lastest CI value when the cq is almost full. This patch support the special CI buffer as follows: a) Alloc the memory for TPTR in the hns_roce_tptr_init function and free it in hns_roce_tptr_free function, these two functions will be called in probe function and in the remove function. b) Add the code for computing offset(every cq need 2 bytes) and write the dma addr to every cq context to notice hardware in the function named hns_roce_v1_write_cqc. c) Add code for mapping TPTR buffer to user space in function named hns_roce_mmap. The mapping distinguish TPTR and UAR of user mode by vm_pgoff(0: UAR, 1: TPTR, others:invaild) in hip06. d) Alloc the code for refreshing CQ CI using TPTR in the function named hns_roce_v1_poll_cq. e) Add some variable definitions to the related structure. Signed-off-by: Wei Hu (Xavier) Signed-off-by: Dongdong Huang(Donald) Signed-off-by: Lijun Ou Signed-off-by: Salil Mehta Signed-off-by: Doug Ledford drivers/infiniband/hw/hns/hns_roce_common.h | 2 - drivers/infiniband/hw/hns/hns_roce_cq.c | 9 ++++ drivers/infiniband/hw/hns/hns_roce_device.h | 6 ++- drivers/infiniband/hw/hns/hns_roce_hw_v1.c | 79 +++++++++++++++++++++++++---- drivers/infiniband/hw/hns/hns_roce_hw_v1.h | 9 ++++ drivers/infiniband/hw/hns/hns_roce_main.c | 13 +++-- 6 files changed, 103 insertions(+), 15 deletions(-) commit 9eefa953f475897636f9290d833e45009d58a55d Author: Lijun Ou Date: Wed Nov 23 19:40:59 2016 +0000 IB/hns: Add the interface for querying QP1 In old code, It only added the interface for querying non-specific QP. This patch mainly adds an interface for querying QP1. Signed-off-by: Lijun Ou Reviewed-by: Wei Hu (Xavier) Signed-off-by: Salil Mehta Signed-off-by: Doug Ledford drivers/infiniband/hw/hns/hns_roce_hw_v1.c | 83 +++++++++++++++++++++++++++++- drivers/infiniband/hw/hns/hns_roce_hw_v1.h | 6 ++- 2 files changed, 86 insertions(+), 3 deletions(-) commit e88f72cb9f54f6d244e55f629fe5e2f34ca6f9ed Author: Jens Axboe Date: Sat Dec 3 12:08:03 2016 -0700 nbd: fix 64-bit division We have this: ERROR: "__aeabi_ldivmod" [drivers/block/nbd.ko] undefined! ERROR: "__divdi3" [drivers/block/nbd.ko] undefined! nbd.c:(.text+0x247c72): undefined reference to `__divdi3' due to a recent commit, that did 64-bit division. Use the proper divider function so that 32-bit compiles don't break. Fixes: ef77b515243b ("nbd: use loff_t for blocksize and nbd_set_size args") Signed-off-by: Jens Axboe drivers/block/nbd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit f73a1dbc45a58ea3ae5c3d60c71e58a8a9563914 Author: Leon Romanovsky Date: Mon Nov 21 19:38:20 2016 +0200 infiniband: remove WARN that is not kernel bug On Mon, Nov 21, 2016 at 09:52:53AM -0700, Jason Gunthorpe wrote: > On Mon, Nov 21, 2016 at 02:14:08PM +0200, Leon Romanovsky wrote: > > > > > > In ib_ucm_write function there is a wrong prefix: > > > > > > + pr_err_once("ucm_write: process %d (%s) tried to do something hinky\n", > > > > I did it intentionally to have the same errors for all flows. > > Lets actually use a good message too please? > > pr_err_once("ucm_write: process %d (%s) changed security contexts after opening FD, this is not allowed.\n", > > Jason >From 70f95b2d35aea42e5b97e7d27ab2f4e8effcbe67 Mon Sep 17 00:00:00 2001 From: Leon Romanovsky Date: Mon, 21 Nov 2016 13:30:59 +0200 Subject: [PATCH rdma-next V2] IB/{core, qib}: Remove WARN that is not kernel bug WARNINGs mean kernel bugs, in this case, they are placed to mark programming errors and/or malicious attempts. BUG/WARNs that are not kernel bugs hinder automated testing efforts. Signed-off-by: Dmitry Vyukov Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/core/ucm.c | 5 ++++- drivers/infiniband/core/ucma.c | 5 ++++- drivers/infiniband/core/uverbs_main.c | 5 ++++- drivers/infiniband/hw/qib/qib_file_ops.c | 5 ++++- 4 files changed, 16 insertions(+), 4 deletions(-) commit 74226649f42d34a8ade2799bfb4f3941f4adfa95 Author: Leon Romanovsky Date: Thu Nov 3 16:44:25 2016 +0200 IB/ipoib: Remove and fix debug prints after allocation failure The prints after [k|v][m|z|c]alloc() functions are not needed, because in case of failure, allocator will print their internal error prints anyway. Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/ulp/ipoib/ipoib_cm.c | 8 +------- drivers/infiniband/ulp/ipoib/ipoib_ib.c | 5 +---- drivers/infiniband/ulp/ipoib/ipoib_main.c | 5 +---- 3 files changed, 3 insertions(+), 15 deletions(-) commit 93b80f29044639ce98baabd3431af9d78e9d1223 Author: Leon Romanovsky Date: Thu Nov 3 16:44:24 2016 +0200 IB/isert: Remove and fix debug prints after allocation failure The prints after [k|v][m|z|c]alloc() functions are not needed, because in case of failure, allocator will print their internal error prints anyway. Signed-off-by: Leon Romanovsky Acked-by: Sagi Grimberg Signed-off-by: Doug Ledford drivers/infiniband/ulp/isert/ib_isert.c | 23 ++++++----------------- 1 file changed, 6 insertions(+), 17 deletions(-) commit 907610bfdf1a7f3d173a9593fde70f67d63476d1 Author: Leon Romanovsky Date: Thu Nov 3 16:44:23 2016 +0200 IB/rxe: Remove and fix debug prints after allocation failure The prints after [k|v][m|z|c]alloc() functions are not needed, because in case of failure, allocator will print their internal error prints anyway. Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/sw/rxe/rxe_pool.c | 1 - 1 file changed, 1 deletion(-) commit 740c330ee677f4e79c3865f85c6af5a5c961fe34 Author: Leon Romanovsky Date: Thu Nov 3 16:44:22 2016 +0200 IB/ocrdma: Remove and fix debug prints after allocation failure The prints after [k|v][m|z|c]alloc() functions are not needed, because in case of failure, allocator will print their internal error prints anyway. Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/ocrdma/ocrdma_hw.c | 5 ++--- drivers/infiniband/hw/ocrdma/ocrdma_stats.c | 4 +--- 2 files changed, 3 insertions(+), 6 deletions(-) commit 02d93f8e6b8bfef8453c4dfa61220335cabbb138 Author: Leon Romanovsky Date: Thu Nov 3 16:44:21 2016 +0200 IB/usninc: Remove and fix debug prints after allocation failure This patch removes unneeded prints after allocation failure and moves one debug print into the appropriate place. Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/usnic/usnic_ib_qp_grp.c | 10 +--------- drivers/infiniband/hw/usnic/usnic_vnic.c | 22 ++++++---------------- 2 files changed, 7 insertions(+), 25 deletions(-) commit 870b2852455266996e55b3152a5ef40b45e853ec Author: Leon Romanovsky Date: Thu Nov 3 16:44:20 2016 +0200 IB/mthca: Remove debug prints after allocation failure The prints after [k|v][m|z|c]alloc() functions are not needed, because in case of failure, allocator will print their internal error prints anyway. Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/mthca/mthca_reset.c | 4 ---- 1 file changed, 4 deletions(-) commit 2e65835a1ba0607cb212ec687e509ee6c24a68ed Author: Leon Romanovsky Date: Thu Nov 3 16:44:19 2016 +0200 IB/nes: Remove debug prints after allocation failure The prints after [k|v][m|z|c]alloc() functions are not needed, because in case of failure, allocator will print their internal error prints anyway. Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/nes/nes.c | 1 - drivers/infiniband/hw/nes/nes_cm.c | 4 +--- drivers/infiniband/hw/nes/nes_hw.c | 6 ++---- drivers/infiniband/hw/nes/nes_mgt.c | 10 +++------- drivers/infiniband/hw/nes/nes_verbs.c | 4 ---- 5 files changed, 6 insertions(+), 19 deletions(-) commit c40a83b9786e99a78c849f2f33448426bf8fa0f2 Author: Leon Romanovsky Date: Thu Nov 3 16:44:18 2016 +0200 IB/qib: Remove debug prints after allocation failure The prints after [k|v][m|z|c]alloc() functions are not needed, because in case of failure, allocator will print their internal error prints anyway. Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/qib/qib_diag.c | 6 +---- drivers/infiniband/hw/qib/qib_eeprom.c | 6 +---- drivers/infiniband/hw/qib/qib_iba6120.c | 8 +----- drivers/infiniband/hw/qib/qib_iba7220.c | 8 +----- drivers/infiniband/hw/qib/qib_iba7322.c | 22 ++++----------- drivers/infiniband/hw/qib/qib_init.c | 47 ++++++--------------------------- 6 files changed, 17 insertions(+), 80 deletions(-) commit 315b41480bb956b223a04c6556f04c9b7c74c8c2 Author: Leon Romanovsky Date: Thu Nov 3 16:44:17 2016 +0200 IB/i40iw: Remove debug prints after allocation failure The prints after [k|v][m|z|c]alloc() functions are not needed, because in case of failure, allocator will print their internal error prints anyway. Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/i40iw/i40iw_cm.c | 2 -- drivers/infiniband/hw/i40iw/i40iw_main.c | 5 ++--- drivers/infiniband/hw/i40iw/i40iw_verbs.c | 1 - 3 files changed, 2 insertions(+), 6 deletions(-) commit 9a88f96f21b27b0fccb69601fb725f03fbab841b Author: Leon Romanovsky Date: Thu Nov 3 16:44:16 2016 +0200 IB/cxgb4: Remove debug prints after allocation failure The prints after [k|v][m|z|c]alloc() functions are not needed, because in case of failure, allocator will print their internal error prints anyway. Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/cxgb4/device.c | 4 ---- 1 file changed, 4 deletions(-) commit 51ad2bae213fdd4c63d7c3f2906bfe4e244bad46 Author: Leon Romanovsky Date: Thu Nov 3 16:44:15 2016 +0200 IB/cxgb3: Remove debug prints after allocation failure The prints after [k|v][m|z|c]alloc() functions are not needed, because in case of failure, allocator will print their internal error prints anyway. Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/cxgb3/cxio_dbg.c | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) commit 5ce9f115bd796be4f0dd8230e6b8baeb2c558311 Author: Leon Romanovsky Date: Thu Nov 3 16:44:14 2016 +0200 IB/hfi1: Remove debug prints after allocation failure The prints after [k|v][m|z|c]alloc() functions are not needed, because in case of failure, allocator will print their internal error prints anyway. Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/hfi1/pio.c | 1 - 1 file changed, 1 deletion(-) commit 0886d8f0b7c9bb2f85fa8b71c4842f92308de641 Author: Leon Romanovsky Date: Thu Nov 3 16:44:13 2016 +0200 IB/mlx5: Remove debug prints after allocation failure The prints after [k|v][m|z|c]alloc() functions are not needed, because in case of failure, allocator will print their internal error prints anyway. Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/mlx5/srq.c | 2 -- 1 file changed, 2 deletions(-) commit 15d4626e498c09b66c0f74a107a83bd95abb175c Author: Leon Romanovsky Date: Thu Nov 3 16:44:12 2016 +0200 IB/mlx4: Remove debug prints after allocation failure The prints after [k|v][m|z|c]alloc() functions are not needed, because in case of failure, allocator will print their internal error prints anyway. Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/hw/mlx4/alias_GUID.c | 4 +--- drivers/infiniband/hw/mlx4/cm.c | 4 +--- drivers/infiniband/hw/mlx4/mad.c | 9 ++------- drivers/infiniband/hw/mlx4/main.c | 16 +++------------- drivers/infiniband/hw/mlx4/mcg.c | 5 +---- 5 files changed, 8 insertions(+), 30 deletions(-) commit aa6aae38f7fb2c030f326a6dd10b58fff1851dfa Author: Leon Romanovsky Date: Thu Nov 3 16:44:11 2016 +0200 IB/core: Release allocated memory in cache setup failure The failure in ib_cache_setup_one function during ib_register_device will leave leaked allocated memory. Fixes: 03db3a2d81e6 ("IB/core: Add RoCE GID table management") Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/core/cache.c | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) commit a0b3455fcb2d1b3e486349a4a51803c3cb3847b5 Author: Leon Romanovsky Date: Thu Nov 3 16:44:10 2016 +0200 IB/core: Remove debug prints after allocation failure The prints after [k|v][m|z|c]alloc() functions are not needed, because in case of failure, allocator will print their internal error prints anyway. Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/core/agent.c | 1 - drivers/infiniband/core/device.c | 5 +---- drivers/infiniband/core/fmr_pool.c | 1 - drivers/infiniband/core/iwpm_msg.c | 1 - drivers/infiniband/core/iwpm_util.c | 12 ++++-------- drivers/infiniband/core/roce_gid_mgmt.c | 21 ++++++--------------- 6 files changed, 11 insertions(+), 30 deletions(-) commit 2716243212241855cd9070883779f6e58967dec5 Author: Leon Romanovsky Date: Thu Nov 3 16:44:09 2016 +0200 IB/mad: Remove debug prints after allocation failure The prints after [k|v][m|z|c]alloc() functions are not needed, because in case of failure, allocator will print their internal error prints anyway. Signed-off-by: Leon Romanovsky Signed-off-by: Doug Ledford drivers/infiniband/core/mad.c | 40 ++++++---------------------------------- 1 file changed, 6 insertions(+), 34 deletions(-) commit 287bd3e95452e8ad945854bb98a3a7fbdc2a05c9 Author: Trond Myklebust Date: Fri Dec 2 16:12:12 2016 -0500 pNFS: Add a layoutreturn callback to performa layout-private setup Add a callback to allow the flexfiles layout driver to initialise the layout private payload. Signed-off-by: Trond Myklebust fs/nfs/pnfs.c | 14 +++++++++++++- fs/nfs/pnfs.h | 1 + 2 files changed, 14 insertions(+), 1 deletion(-) commit 2745529ac7358fdac72e6b388da2e934bd9da82c Merge: ab17cb1 8dc0f26 Author: David S. Miller Date: Sat Dec 3 11:46:54 2016 -0500 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net Couple conflicts resolved here: 1) In the MACB driver, a bug fix to properly initialize the RX tail pointer properly overlapped with some changes to support variable sized rings. 2) In XGBE we had a "CONFIG_PM" --> "CONFIG_PM_SLEEP" fix overlapping with a reorganization of the driver to support ACPI, OF, as well as PCI variants of the chip. 3) In 'net' we had several probe error path bug fixes to the stmmac driver, meanwhile a lot of this code was cleaned up and reorganized in 'net-next'. 4) The cls_flower classifier obtained a helper function in 'net-next' called __fl_delete() and this overlapped with Daniel Borkamann's bug fix to use RCU for object destruction in 'net'. It also overlapped with Jiri's change to guard the rhashtable_remove_fast() call with a check against tc_skip_sw(). 5) In mlx4, a revert bug fix in 'net' overlapped with some unrelated changes in 'net-next'. 6) In geneve, a stale header pointer after pskb_expand_head() bug fix in 'net' overlapped with a large reorganization of the same code in 'net-next'. Since the 'net-next' code no longer had the bug in question, there was nothing to do other than to simply take the 'net-next' hunks. Signed-off-by: David S. Miller commit c02e0349d7e9eec8a6414840dd34b8d26e0c047b Author: Libin Date: Sun Dec 6 10:02:56 2015 +0800 powerpc/ftrace: Fix the comments for ftrace_modify_code There is no need to worry about module and __init text disappearing case, because that ftrace has a module notifier that is called when a module is being unloaded and before the text goes away and this code grabs the ftrace_lock mutex and removes the module functions from the ftrace list, such that it will no longer do any modifications to that module's text, the update to make functions be traced or not is done under the ftrace_lock mutex as well. And by now, __init section codes should not been modified by ftrace, because it is black listed in recordmcount.c and ignored by ftrace. Suggested-by: Steven Rostedt Signed-off-by: Li Bin Signed-off-by: Michael Ellerman arch/powerpc/kernel/ftrace.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) commit e91c3dfcd3ff88218c972cb24f932c4d434bbb09 Author: William Breathitt Gray Date: Tue Nov 29 10:51:48 2016 -0500 iio: 104-quad-8: Fix active level mismatch for the preset enable option The set_to_preset_on_index sysfs attribute provides a boolean configuration option to enable a preset operation on the respective channel's counter when Index occurs. However, the corresponding configuration bit on the Input/Output Control register must be set low to enable the preset operation. This patch inverts the internal driver boolean logic exposed via the set_to_preset_on_index attribute in order to correctly configure the device which expects an active low bit. Fixes: 28e5d3bb0325 ("iio: 104-quad-8: Add IIO support for the ACCES 104-QUAD-8") Signed-off-by: William Breathitt Gray Cc: Signed-off-by: Jonathan Cameron drivers/iio/counter/104-quad-8.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit 7e1c4058e741c781b262b15a2e86a40602aaa6b6 Author: William Breathitt Gray Date: Mon Nov 28 16:55:34 2016 -0500 iio: 104-quad-8: Fix off-by-one errors when addressing IOR The Input/Output Control register (IOR) is offset by 1 from the respective channel data register. This patch fixes off-by-one errors when attempting to write to a channel IOR where the base address was not properly offset. Fixes: 28e5d3bb0325 ("iio: 104-quad-8: Add IIO support for the ACCES 104-QUAD-8") Signed-off-by: William Breathitt Gray Cc: Signed-off-by: Jonathan Cameron drivers/iio/counter/104-quad-8.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 47af2c676ae1e84140225d261a00bdf88f1f9f7e Author: William Breathitt Gray Date: Mon Nov 28 16:22:44 2016 -0500 iio: 104-quad-8: Fix index control configuration The LS7266R1 requires bits 5 & 6 to be high in order to select the Index Control Register. This patch fixes a typo that incorrectly selects the Input/Output Control Register where the Index Control Register was desired. Fixes: 28e5d3bb0325 ("iio: 104-quad-8: Add IIO support for the ACCES 104-QUAD-8") Signed-off-by: William Breathitt Gray Cc: Signed-off-by: Jonathan Cameron drivers/iio/counter/104-quad-8.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 23bb6dc3644a6705c989e326362c7ccf05807477 Author: Carolyn Wyborny Date: Tue Nov 8 13:05:12 2016 -0800 i40e: change message to only appear when extra debug info is wanted This patch changes an X722 informational message so that it only appears when extra messages are desired. Without this patch, on X722 devices, this message appears at load, potentially causing unnecessary alarm. Change-ID: I94f7aae15dc5b2723cc9728c630c72538a3e670e Signed-off-by: Carolyn Wyborny Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/i40e/i40e_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit e5d32205555da77ec8d0d129ffa27c20f3d60230 Author: Jacob Keller Date: Tue Nov 8 13:05:11 2016 -0800 i40e/i40evf: replace for memcpy with single memcpy call in ethtool memcpy replaced with single memcpy call in ethtool. Change-ID: I3f5bef6bcc593412c56592c6459784db41575a0a Signed-off-by: Jacob Keller Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/i40e/i40e_ethtool.c | 24 ++++++++---------------- 1 file changed, 8 insertions(+), 16 deletions(-) commit 435c084aad9615c7c77464e7c04600da920fc208 Author: Jacob Keller Date: Tue Nov 8 13:05:10 2016 -0800 i40e: set broadcast promiscuous mode for each active VLAN A previous workaround added to ensure receipt of all broadcast frames incorrectly set the broadcast promiscuous mode unconditionally regardless of active VLAN status. Replace this partial workaround with a complete solution that sets the broadcast promiscuous filters in i40e_sync_vsi_filters. This new method sets the promiscuous mode based on when broadcast filters are added or removed. I40E_VLAN_ANY will request a broadcast filter for all VLANs, (as we're in untagged mode) while a broadcast filter on a specific VLAN will only request broadcast for that VLAN. Thus, we restore addition of broadcast filter to the array, but we add special handling for these such that they enable the broadcast promiscuous mode instead of being sent as regular filters. The end result is that we will correctly receive all broadcast packets (even those with a *source* address equal to the broadcast address) but will not receive packets for which we don't have an active VLAN filter. Change-ID: I7d0585c5cec1a5bf55bf533b42e5e817d5db6a2d Signed-off-by: Jacob Keller Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/i40e/i40e_common.c | 34 +++++++ drivers/net/ethernet/intel/i40e/i40e_main.c | 106 +++++++++++++++++---- drivers/net/ethernet/intel/i40e/i40e_prototype.h | 3 + drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 7 ++ 4 files changed, 129 insertions(+), 21 deletions(-) commit 4ad9f4f9e2873ca999135b151dbb7d80f57ea0a9 Author: Harshitha Ramamurthy Date: Tue Nov 8 13:05:09 2016 -0800 i40e: Fix for ethtool Supported link modes This patch fixes the problem where the ethtool Supported link modes list backplane interfaces on X722 devices for 10GbE with SFP+ and Cortina retimer. This patch fixes the problem by setting and using a flag for this particular device since the backplane interface is only between the internal PHY and the retimer and it should not be seen by the user as they cannot use it. Without this patch, the user wrongly thinks that backplane interfaces are supported on their device when they actually are not. Change-ID: I3882bc2928431d48a2db03a51a713a1f681a79e9 Signed-off-by: Harshitha Ramamurthy Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/i40e/i40e.h | 1 + drivers/net/ethernet/intel/i40e/i40e_ethtool.c | 16 ++++++++++------ drivers/net/ethernet/intel/i40e/i40e_main.c | 3 ++- 3 files changed, 13 insertions(+), 7 deletions(-) commit ef4603e82f64605e73495c26050f3f236609d991 Author: Jacob Keller Date: Tue Nov 8 13:05:08 2016 -0800 i40evf: protect against NULL msix_entries and q_vectors pointers Update the functions which free msix_entries and q_vectors so that they are safe against NULL values. This allows calling code to not care whether these have already been freed when disabling and freeing them. Change-ID: I31bfd1c0da18023d971b618edc6fb049721f3298 Signed-off-by: Jacob Keller Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/i40evf/i40evf_main.c | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) commit e586bb66b57c2a50d464d0f87cf8c7c9c3b36835 Author: Henry Tieman Date: Tue Nov 8 13:05:07 2016 -0800 i40e: Pass unknown PHY type for unknown PHYs The PHY type value for unrecognized PHYs and cables was changed based on firmware version number. Newer hardware use lower firmware version numbers and this was causing some PHYs to be identified as type 0x16 instead of 0xe (unknown). Without this patch, newer card will incorrectly identify unknown PHYs and cables. This change adds hardware type to the check for firmware version so the PHY type is reported correctly. Change-ID: I0723cbfd263c76fc73ff1a5275d1639051376c9a Signed-off-by: Henry Tieman Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/i40e/i40e_common.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 27e5f25b917b4d388ffba8dbfae4952834d48e49 Author: Henry Tieman Date: Tue Nov 8 13:05:06 2016 -0800 i40e: Remove unreachable code The code at the end of i40e_read_phy_register_clause22() contained unreachable code and redundant control statements. This change removes the unreachable code. And deletes the redundant goto statement and if statement. Change-ID: I713032b1585396f40f903cbcfdea987abd874400 Signed-off-by: Henry Tieman Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/i40e/i40e_common.c | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) commit 47d2a5d8279dcdcaec2c67b3d2c72cfa62979c58 Author: Alan Brady Date: Tue Nov 8 13:05:05 2016 -0800 i40evf: check for msix_entries null dereference It is possible for msix_entries to be freed by a previous suspend/remove before a VF is closed. This patch fixes the issue by checking for NULL before dereferencing msix_entries and returning early in the case where it is NULL within the i40evf_close code path. Without this patch it is possible to trigger a kernel panic through NULL dereference. Change-ID: I92a2746e82533a889e25f91578eac9abd0388ae2 Signed-off-by: Alan Brady Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/i40evf/i40evf_main.c | 6 ++++++ 1 file changed, 6 insertions(+) commit dedecb6d429bd3311bb24ea1379b47c8471c88b9 Author: Joe Perches Date: Tue Nov 1 15:35:14 2016 -0700 i40evf: Move some i40evf_reset_task code to separate function The i40evf_reset_task function is a couple hundred lines and it has a separable block that disables VF. Move that block to a new i40evf_disable_vf function to shorten i40evf_reset_task a bit. Signed-off-by: Joe Perches Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/i40evf/i40evf_main.c | 86 +++++++++++++------------ 1 file changed, 44 insertions(+), 42 deletions(-) commit 2f7679ee2ec1bfc5042ff334bade395ef208d4fe Author: Tushar Dave Date: Wed Oct 26 10:49:27 2016 -0700 i40e: fix panic on SPARC while changing num of desc On SPARC, writel() should not be used to write directly to memory address but only to memory mapped I/O address otherwise it causes data access exception. Commit 147e81ec75689 ("i40e: Test memory before ethtool alloc succeeds") introduced a code that uses memory address to fake the HW tail address and attempt to write to that address using writel() causes kernel panic on SPARC. The issue is reproduced while changing number of descriptors using ethtool. This change resolves the panic by using HW read-only memory mapped I/O register to fake HW tail address instead memory address. e.g. > ethtool -G eth2 tx 2048 rx 2048 i40e 0000:03:00.2 eth2: Changing Tx descriptor count from 512 to 2048. i40e 0000:03:00.2 eth2: Changing Rx descriptor count from 512 to 2048 sun4v_data_access_exception: ADDR[fff8001f9734a000] CTX[0000] TYPE[0004], going. \|/ ____ \|/ "@'/ .. \`@" /_| \__/ |_\ \__U_/ ethtool(3273): Dax [#1] CPU: 9 PID: 3273 Comm: ethtool Tainted: G E 4.8.0-linux-net_temp+ #7 task: fff8001f96d7a660 task.stack: fff8001f97348000 TSTATE: 0000009911001601 TPC: 00000000103189e4 TNPC: 00000000103189e8 Y: 00000000 Tainted: G E TPC: g0: fff8001f4eb64000 g1: 00000000000007ff g2: fff8001f9734b92c g3: 00203e0000000000 g4: fff8001f96d7a660 g5: fff8001fa6704000 g6: fff8001f97348000 g7: 0000000000000001 o0: 0006000046706928 o1: 00000000db3e2000 o2: fff8001f00000000 o3: 0000000000002000 o4: 0000000000002000 o5: 0000000000000001 sp: fff8001f9734afc1 ret_pc: 0000000010318a64 RPC: l0: fff8001f4e8bffe0 l1: fff8001f4e8cffe0 l2: 00000000000007ff l3: 00000000ff000000 l4: 0000000000ff0000 l5: 000000000000ff00 l6: 0000000000cda6a8 l7: 0000000000e822f0 i0: fff8001f96380000 i1: 0000000000000000 i2: 00203edb00000000 i3: 0006000046706928 i4: 0000000002086320 i5: 0000000000e82370 i6: fff8001f9734b071 i7: 00000000103062d4 I7: Call Trace: [00000000103062d4] i40e_set_ringparam+0x3b4/0x540 [i40e] [000000000094e2f8] dev_ethtool+0x898/0xbe0 [0000000000965570] dev_ioctl+0x250/0x300 [0000000000923800] sock_do_ioctl+0x40/0x60 [000000000092427c] sock_ioctl+0x7c/0x280 [00000000005ef040] vfs_ioctl+0x20/0x60 [00000000005ef5d4] do_vfs_ioctl+0x194/0x4c0 [00000000005ef974] SyS_ioctl+0x74/0xa0 [0000000000406214] linux_sparc_syscall+0x34/0x44 Disabling lock debugging due to kernel taint Caller[00000000103062d4]: i40e_set_ringparam+0x3b4/0x540 [i40e] Caller[000000000094e2f8]: dev_ethtool+0x898/0xbe0 Caller[0000000000965570]: dev_ioctl+0x250/0x300 Caller[0000000000923800]: sock_do_ioctl+0x40/0x60 Caller[000000000092427c]: sock_ioctl+0x7c/0x280 Caller[00000000005ef040]: vfs_ioctl+0x20/0x60 Caller[00000000005ef5d4]: do_vfs_ioctl+0x194/0x4c0 Caller[00000000005ef974]: SyS_ioctl+0x74/0xa0 Caller[0000000000406214]: linux_sparc_syscall+0x34/0x44 Caller[0000000000107154]: 0x107154 Instruction DUMP: e43620c8 e436204a c45e2038 82102000 81cfe008 90086001 82102000 81cfe008 Kernel panic - not syncing: Fatal exception Signed-off-by: Tushar Dave Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/i40e/i40e_ethtool.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) commit 64f5ead95ade8d43e7f3ee79261b5525fff1feac Author: Piotr Raczynski Date: Tue Oct 25 16:08:53 2016 -0700 i40e: Add protocols over MCTP to i40e_aq_discover_capabilities Add logical_id to I40E_AQ_CAP_ID_MNG_MODE capability starting from major version 2. Change-ID: Idb29214b172ea5c70cbd45a99e6745c0215af7e4 Signed-off-by: Piotr Raczynski Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/i40e/i40e_common.c | 8 ++++++++ drivers/net/ethernet/intel/i40e/i40e_type.h | 4 ++++ drivers/net/ethernet/intel/i40evf/i40e_type.h | 4 ++++ 3 files changed, 16 insertions(+) commit 0b7c8b5d5436317a5f4509e2a150c6cec017f348 Author: Jacob Keller Date: Tue Oct 25 16:08:52 2016 -0700 i40e: fix trivial typo in naming of i40e_sync_filters_subtask A comment incorrectly referred to i40e_vsi_sync_filters_subtask which does not actually exist. Reference the correct function instead. Change-ID: I6bd805c605741ffb6fe34377259bb0d597edfafd Signed-off-by: Jacob Keller Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/i40e/i40e_main.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 91dc1e5d3dbe05046a1d5b7539e5ab08e96b2dd2 Author: Michal Kosiarz Date: Tue Oct 25 16:08:51 2016 -0700 i40e: Add Clause22 implementation Some external PHYs require Clause22 method for accessing registers. This patch also adds some defines to support blink led on devices using 10CBaseT PHY. Change-ID: I868a4326911900f6c89e7e522fda4968b0825f14 Signed-off-by: Michal Kosiarz Signed-off-by: Matt Jared Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/i40e/i40e_common.c | 180 +++++++++++++++++------ drivers/net/ethernet/intel/i40e/i40e_prototype.h | 12 +- drivers/net/ethernet/intel/i40e/i40e_type.h | 19 ++- 3 files changed, 159 insertions(+), 52 deletions(-) commit d182a5ca1f72ab4ef5ad118c64fb80aac659b122 Author: Jacob Keller Date: Tue Oct 25 16:08:50 2016 -0700 i40e: avoid duplicate private flags definitions Separate the global private flags and the regular private flags per interface into two arrays. Future additions of private flags will not need to be duplicated which may lead to buggy code. Also rename "i40e_priv_flags_strings_gl" to "i40e_gl_priv_flags_strings" for clarity, as it reads more naturally. Change-ID: I68caef3c9954eb7da342d7f9d20f2873186f2758 Signed-off-by: Jacob Keller Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/i40e/i40e_ethtool.c | 42 +++++++++++--------------- 1 file changed, 17 insertions(+), 25 deletions(-) commit 6a112785fd18a954033fd030ce156501f15c8fa7 Author: Jacob Keller Date: Tue Oct 25 16:08:49 2016 -0700 i40e: remove second check of VLAN_N_VID in i40e_vlan_rx_add_vid Replace a check of magic number 4095 with VLAN_N_VID. This makes it obvious that a later check against VLAN_N_VID is always true and can be removed. Change-ID: I28998f127a61a529480ce63d8a07e266f6c63b7b Signed-off-by: Jacob Keller Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/i40e/i40e_main.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 7429c0bd0155c73e0c6ec8f16e440735209d24a5 Author: Jacob Keller Date: Tue Oct 25 16:08:48 2016 -0700 i40e: remove error_param_int label from i40e_vc_config_promiscuous_mode_msg This label is unnecessary, as are jumping to a block that checks aq_ret and then immediately skipping it and returning. So just jump straight to the error_param and remove this unnecessary label. Also use goto error_param even in the last check for style consistency. Change-ID: If487c7d10c4048e37c594e5eca167693aaed45f6 Signed-off-by: Jacob Keller Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) commit 06fc016c43eac5d88a53677ed0db7e28a7a1b4bd Author: Alexander Duyck Date: Tue Oct 25 16:08:47 2016 -0700 i40evf: Be much more verbose about what we can and cannot offload This change makes it so that we are much more robust about defining what we can and cannot offload. Previously we were performing no checks. This should bring us up to parity with the i40e PF driver. In addition the device only supports GSO as long as the MSS is 64 or greater. We were not checking this so an MSS less than that was resulting in Tx hangs. Change-ID: If533553ec92fc6ba694eab6ac81fdaf3004f3592 Signed-off-by: Alexander Duyck Tested-by: Andrew Bowers Signed-off-by: Jeff Kirsher drivers/net/ethernet/intel/i40evf/i40evf_main.c | 59 +++++++++++++++++++++++++ 1 file changed, 59 insertions(+) commit f114dca2533ca770aebebffb5ed56e5e7d1fb3fb Author: Alexander Duyck Date: Tue Oct 25 16:08:46 2016 -0700 i40e: Be much more verbose about what we can and cannot offload This change makes it so that we are much more robust about defining what we can and cannot offload. Previously we were just checking for the L4 tunnel header length, however there are other fields we should be verifying as there are multiple scenarios in which we cannot perform hardware offloads. In addition the device only supports GSO as long as the MSS is 64 or greater. We were not checking this so an MSS less than that was resulting in Tx hangs. Change-ID: I5e2fd5f3075c73601b4b36327b771c64fcb6c31b Signed-off-by: Alexander Duyck Tested-by: Andrew Bowers drivers/net/ethernet/intel/i40e/i40e_main.c | 52 ++++++++++++++++++++++++----- 1 file changed, 44 insertions(+), 8 deletions(-) commit 4d796d751cefdb942a54c570bd3087d8be3bb893 Author: Trond Myklebust Date: Fri Sep 23 11:38:08 2016 -0400 pNFS: Allow layout drivers to manage private data in struct nfs4_layoutreturn Cleanup to allow layout drivers to attach private data to layoutreturn, and manage the data. Signed-off-by: Trond Myklebust fs/nfs/nfs4proc.c | 6 ++++++ fs/nfs/nfs4xdr.c | 4 +++- fs/nfs/pnfs.c | 1 + include/linux/nfs_xdr.h | 2 ++ 4 files changed, 12 insertions(+), 1 deletion(-) commit ef77b515243b3499d62cf446eda6ca7e0a0b079c Author: Josef Bacik Date: Fri Dec 2 16:19:12 2016 -0500 nbd: use loff_t for blocksize and nbd_set_size args If we have large devices (say like the 40t drive I was trying to test with) we will end up overflowing the int arguments to nbd_set_size and not get the right size for our device. Fix this by using loff_t everywhere so I don't have to think about this again. Thanks, Signed-off-by: Josef Bacik Signed-off-by: Jens Axboe drivers/block/nbd.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 209200efa3db3d09380ee7c796efa73d900d5f3a Author: Shaohua Li Date: Fri Dec 2 17:13:09 2016 -0800 blk-stat: fix a typo Signed-off-by: Shaohua Li Fixes: cf43e6be865a ("block: add scalable completion tracking of requests") Signed-off-by: Jens Axboe block/blk-stat.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit fb5f51c7425ebc808d91329257cbc963e2421368 Author: Ian Kent Date: Thu Nov 24 08:03:41 2016 +1100 vfs: change d_manage() to take a struct path For the autofs module to be able to reliably check if a dentry is a mountpoint in a multiple namespace environment the ->d_manage() dentry operation will need to take a path argument instead of a dentry. Link: http://lkml.kernel.org/r/20161011053352.27645.83962.stgit@pluto.themaw.net Signed-off-by: Ian Kent Cc: Al Viro Cc: Eric W. Biederman Cc: Omar Sandoval Signed-off-by: Andrew Morton Signed-off-by: Al Viro Documentation/filesystems/Locking | 2 +- Documentation/filesystems/vfs.txt | 2 +- fs/autofs4/root.c | 5 +++-- fs/namei.c | 13 ++++++------- include/linux/dcache.h | 2 +- 5 files changed, 12 insertions(+), 12 deletions(-) commit 19339c251607a3defc7f089511ce8561936fee45 Author: Eric W. Biederman Date: Fri Dec 2 09:35:31 2016 -0600 Revert "evm: Translate user/group ids relative to s_user_ns when computing HMAC" This reverts commit 0b3c9761d1e405514a551ed24d3ea89aea26ce14. Seth Forshee writes: > All right, I think 0b3c9761d1e405514a551ed24d3ea89aea26ce14 should be > reverted then. EVM is a machine-local integrity mechanism, and so it > makes sense that the signature would be based on the kernel's notion of > the uid and not the filesystem's. I added a commment explaining why the EVM hmac needs to be in the kernel's notion of uid and gid, not the filesystems to prevent remounting the filesystem and gaining unwaranted trust in files. Acked-by: Seth Forshee Signed-off-by: "Eric W. Biederman" security/integrity/evm/evm_crypto.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) commit ae9979c31007d5366b73640ee7dcbb271357053e Author: Benjamin Tissoires Date: Fri Dec 2 17:49:10 2016 -0800 Input: synaptics-rmi4 - store the attn data in the driver Now that we have a proper API to set the attention data, there is no point in keeping it in the transport driver. Signed-off-by: Benjamin Tissoires Reviewed-by: Andrew Duggan Signed-off-by: Dmitry Torokhov drivers/input/rmi4/rmi_driver.c | 5 ++--- drivers/input/rmi4/rmi_f03.c | 13 +++++++------ drivers/input/rmi4/rmi_f11.c | 12 ++++++------ drivers/input/rmi4/rmi_f12.c | 43 +++++++++++++++++++++-------------------- drivers/input/rmi4/rmi_f30.c | 11 ++++++----- include/linux/rmi.h | 5 ++--- 6 files changed, 45 insertions(+), 44 deletions(-) commit b908d3cd812abe3f4a74d7550bbf0a8cbcfbe6ed Author: Benjamin Tissoires Date: Fri Dec 2 17:48:51 2016 -0800 Input: synaptics-rmi4 - allow to add attention data The HID implementation of RMI4 provides the data during the interrupt (in the input report). We need to provide a way for this transport driver to provide the attention data while calling an IRQ. We use a fifo in rmi_core to not lose any incoming event. Signed-off-by: Benjamin Tissoires Reviewed-by: Andrew Duggan Signed-off-by: Dmitry Torokhov drivers/input/rmi4/rmi_driver.c | 49 +++++++++++++++++++++++++++++++++++++++-- include/linux/rmi.h | 11 +++++++++ 2 files changed, 58 insertions(+), 2 deletions(-) commit e621132f934f5922e8a3968edd236f97cdad60cf Author: Dennis Wassenberg Date: Fri Dec 2 17:45:29 2016 -0800 Input: synaptics-rmi4 - f03 - grab data passed by transport device First check if there are data available passed by the transport device. If data available use these data. If there are no data available try to read the rmi block if dsata are passed this way. This is the way the other rmi function handlers will do this. This patch is needed on HID devices because the firmware reads F03 data registers and adds them to the HID attention report. Reading those registers from the driver after the firmware read them will result in invalid data. Reviewed-by: Andrew Duggan Signed-off-by: Dennis Wassenberg Signed-off-by: Benjamin Tissoires Signed-off-by: Dmitry Torokhov drivers/input/rmi4/rmi_f03.c | 35 ++++++++++++++++++++++++++--------- 1 file changed, 26 insertions(+), 9 deletions(-) commit c5e8848fc98e363ea51b68de01392366312d9efa Author: Lyude Paul Date: Fri Dec 2 16:59:07 2016 -0800 Input: synaptics-rmi4 - add support for F03 This adds basic functionality for PS/2 passthrough on Synaptics Touchpads using RMI4 through smbus. Reviewed-by: Andrew Duggan Signed-off-by: Lyude Paul Signed-off-by: Benjamin Tissoires Signed-off-by: Dmitry Torokhov drivers/input/rmi4/Kconfig | 9 ++ drivers/input/rmi4/Makefile | 1 + drivers/input/rmi4/rmi_bus.c | 3 + drivers/input/rmi4/rmi_driver.h | 1 + drivers/input/rmi4/rmi_f03.c | 232 ++++++++++++++++++++++++++++++++++++++++ 5 files changed, 246 insertions(+) commit bc18461816bd3a6a141e472f68c886bb932a6c2e Author: Len Brown Date: Wed Nov 30 23:00:30 2016 -0500 ACPI: Document _OSI and _REV for Linux BIOS writers Based on a recent session at the Linux Plumber's Conference, we need to be more clear about how a BIOS should use _OSI to properly support Linux. Signed-off-by: Len Brown Reviewed-by: Lukas Wunner Signed-off-by: Rafael J. Wysocki Documentation/acpi/osi.txt | 187 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 187 insertions(+) commit b0a752b5ce76bd1d8b733a53757c3263511dcb69 Author: Pavel Shilovsky Date: Wed Nov 16 15:17:15 2016 -0800 CIFS: Decrease verbosity of ioctl call Cc: Stable # v4.9+ Reviewed-by: Aurelien Aptel Acked-by: Sachin Prabhu Signed-off-by: Pavel Shilovsky fs/cifs/ioctl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit e67af182c286bb60d196c1a3001de873845ed731 Author: Stanimir Varbanov Date: Tue Nov 22 19:02:17 2016 +0200 remoteproc: qcom: mdt_loader: add include for sizes Add linux/sizes.h to prevent build failure on non ARM architectures as: CC [M] drivers/remoteproc/qcom_mdt_loader.o In file included from include/linux/cache.h:4:0, from include/linux/printk.h:8, from include/linux/kernel.h:13, from include/asm-generic/bug.h:13, from arch/x86/include/asm/bug.h:35, from include/linux/bug.h:4, from include/linux/thread_info.h:11, from arch/x86/include/asm/elf.h:7, from include/linux/elf.h:4, from drivers/remoteproc/qcom_mdt_loader.c:18: drivers/remoteproc/qcom_mdt_loader.c: In function ‘qcom_mdt_parse’: drivers/remoteproc/qcom_mdt_loader.c:90:52: error: ‘SZ_4K’ undeclared (first use in this function) Reviewed-by: Stephen Boyd Signed-off-by: Stanimir Varbanov Signed-off-by: Bjorn Andersson drivers/remoteproc/qcom_mdt_loader.c | 1 + 1 file changed, 1 insertion(+) commit 1b109c49b72dc3cb8392bbc22bad662f71b8fd80 Author: Michael Walle Date: Fri Oct 14 11:43:34 2016 +0200 hwmon: (adt7411) update to new hwmon registration API This is also a preparation for to support more properties like min, max and alarm. Signed-off-by: Michael Walle [groeck: Minor alignment changes] Signed-off-by: Guenter Roeck drivers/hwmon/adt7411.c | 301 +++++++++++++++++++++++++++++------------------- 1 file changed, 180 insertions(+), 121 deletions(-) commit 3d7e0a24947c076a6cf6080c5f076c60ae8d9543 Author: Thomas Gleixner Date: Thu Nov 17 19:35:26 2016 +0100 hwmon: (via-cputemp) Remove pointless CPU check on each CPU The check loop for the cpu type is pointless as we already have a cpu model match before that. The only thing which is not covered by that check would be a smp system with two different cores. Not likely to happen. Cc: Jean Delvare Cc: Guenter Roeck Signed-off-by: Thomas Gleixner Signed-off-by: Sebastian Andrzej Siewior Signed-off-by: Guenter Roeck drivers/hwmon/via-cputemp.c | 16 +--------------- 1 file changed, 1 insertion(+), 15 deletions(-) commit f4dc811c16b91ed0a8c9dd5a863409279d14a581 Author: Clemens Gruber Date: Wed Nov 9 22:22:34 2016 +0100 hwmon: (mcp3021) add devicetree support Support setting the reference voltage from the device tree. Signed-off-by: Clemens Gruber Signed-off-by: Guenter Roeck drivers/hwmon/mcp3021.c | 48 ++++++++++++++++++++++++++++++++++++------------ 1 file changed, 36 insertions(+), 12 deletions(-) commit b502a926d29ed23eb7f6d61a89f6fb5d9b742b3e Author: Clemens Gruber Date: Wed Nov 9 18:16:14 2016 +0100 hwmon: (mcp3021) replace S_IRUGO with 0444 Replace S_IRUGO with the better readable 0444. This fixes a checkpatch warning. Signed-off-by: Clemens Gruber Signed-off-by: Guenter Roeck drivers/hwmon/mcp3021.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 10de07f446a6aea66c9fea937f8e3a498b1b6766 Author: Clemens Gruber Date: Fri Oct 28 00:33:44 2016 +0200 hwmon: (mcp3021) add devicetree bindings documentation Document the devicetree bindings for the Microchip MCP3021/3221. Signed-off-by: Clemens Gruber Acked-by: Rob Herring Signed-off-by: Guenter Roeck Documentation/devicetree/bindings/hwmon/mcp3021.txt | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) commit 00a0c905ab4b2b47372be8da6a8442dcd3681903 Author: Jason Gunthorpe Date: Wed Oct 26 10:56:59 2016 -0600 hwmon: (lm87) Use hwmon to create the sysfs groups This is the expected thing for a hwmon driver to do, this changes the sysfs paths from, say: /sys/bus/i2c/devices/0-002c/temp1_input to: /sys/bus/i2c/devices/0-002c/hwmon/hwmon0/temp1_input Signed-off-by: Jason Gunthorpe Signed-off-by: Guenter Roeck drivers/hwmon/lm87.c | 134 +++++++++++++++++++-------------------------------- 1 file changed, 50 insertions(+), 84 deletions(-) commit 2b3d0c19537c1bd0d493e302b7949460901ef489 Author: Yi Li Date: Mon Oct 17 18:38:53 2016 +1030 hwmon: (adm1275) Enable adm1278 VOUT sampling The adm1278 can optionally monitor the VOUT pin. This functionality is not enabled at reset, so PMON_CONFIG needs to be modified in order to enable it. Signed-off-by: Yi Li Signed-off-by: Joel Stanley Signed-off-by: Guenter Roeck drivers/hwmon/pmbus/adm1275.c | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) commit aaf6fabf1be80b66aade0544e0ad619682e26616 Author: Chris Packham Date: Tue Oct 11 10:26:31 2016 +1300 hwmon: Add tc654 driver Add support for the tc654 and tc655 fan controllers from Microchip. http://ww1.microchip.com/downloads/en/DeviceDoc/20001734C.pdf Signed-off-by: Chris Packham Acked-by: Rob Herring [groeck: Fixed continuation line alignments] Signed-off-by: Guenter Roeck .../devicetree/bindings/i2c/trivial-devices.txt | 2 + Documentation/hwmon/tc654 | 31 ++ drivers/hwmon/Kconfig | 11 + drivers/hwmon/Makefile | 1 + drivers/hwmon/tc654.c | 514 +++++++++++++++++++++ 5 files changed, 559 insertions(+) commit 4538bfbf2d9f1fc48c07ac0cc0ee58716fe7fe96 Author: Jared Bents Date: Fri Nov 18 22:20:38 2016 -0600 hwmon: (amc6821) sign extension temperature Converts the unsigned temperature values from the i2c read to be sign extended as defined in the datasheet so that negative temperatures are properly read. Fixes: 28e6274d8fa67 ("hwmon: (amc6821) Avoid forward declaration") Signed-off-by: Jared Bents Signed-off-by: Matt Weber [groeck: Dropped unnecessary continuation line] Signed-off-by: Guenter Roeck drivers/hwmon/amc6821.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 13edb767aa609b6efb7c0c2b57fbd72a6ded0eed Author: Javier Martinez Canillas Date: Mon Nov 7 17:31:44 2016 -0300 hwmon: (scpi) Fix module autoload If the driver is built as a module, autoload won't work because the module alias information is not filled. So user-space can't match the registered device with the corresponding module. Export the module alias information using the MODULE_DEVICE_TABLE() macro. Before this patch: $ modinfo drivers/hwmon/scpi-hwmon.ko | grep alias $ After this patch: $ modinfo drivers/hwmon/scpi-hwmon.ko | grep alias alias: of:N*T*Carm,scpi-sensorsC* alias: of:N*T*Carm,scpi-sensors Signed-off-by: Javier Martinez Canillas Fixes: ea98b29a05e9c ("hwmon: Support sensors exported via ARM SCP interface") Signed-off-by: Guenter Roeck drivers/hwmon/scpi-hwmon.c | 1 + 1 file changed, 1 insertion(+) commit f687a33ef02d3e0f13c4fa9e3b2e90f656bbfb26 Author: Song Liu Date: Wed Nov 30 16:57:54 2016 -0800 md/r5cache: run_no_space_stripes() when R5C_LOG_CRITICAL == 0 With writeback cache, we define log space critical as free_space < 2 * reclaim_required_space So the deassert of R5C_LOG_CRITICAL could happen when 1. free_space increases 2. reclaim_required_space decreases Currently, run_no_space_stripes() is called when 1 happens, but not (always) when 2 happens. With this patch, run_no_space_stripes() is call when R5C_LOG_CRITICAL is cleared. Signed-off-by: Song Liu Signed-off-by: Shaohua Li drivers/md/raid5-cache.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) commit 2fbadc3002c5f172d20aa2e7e48920c5f14ed11f Author: Marc Zyngier Date: Fri Dec 2 14:19:35 2016 +0000 arm/arm64: xen: Move shared architecture headers to include/xen/arm ARM and arm64 Xen ports share a number of headers, leading to packaging issues when these headers needs to be exported, as it breaks the reasonable requirement that an architecture port has self-contained headers. Fix the issue by moving the 5 header files to include/xen/arm, and keep local placeholders to include the relevant files. Signed-off-by: Marc Zyngier Reviewed-by: Stefano Stabellini arch/arm/include/asm/xen/hypercall.h | 88 +-------------------- arch/arm/include/asm/xen/hypervisor.h | 40 +--------- arch/arm/include/asm/xen/interface.h | 86 +------------------- arch/arm/include/asm/xen/page-coherent.h | 99 +---------------------- arch/arm/include/asm/xen/page.h | 123 +---------------------------- arch/arm64/include/asm/xen/hypercall.h | 2 +- arch/arm64/include/asm/xen/hypervisor.h | 2 +- arch/arm64/include/asm/xen/interface.h | 2 +- arch/arm64/include/asm/xen/page-coherent.h | 2 +- arch/arm64/include/asm/xen/page.h | 2 +- include/xen/arm/hypercall.h | 87 ++++++++++++++++++++ include/xen/arm/hypervisor.h | 39 +++++++++ include/xen/arm/interface.h | 85 ++++++++++++++++++++ include/xen/arm/page-coherent.h | 98 +++++++++++++++++++++++ include/xen/arm/page.h | 122 ++++++++++++++++++++++++++++ 15 files changed, 441 insertions(+), 436 deletions(-) commit ab17cb1fea82b346bdecd4f2d7f0e84e80f847af Merge: 4f4f907 d5fb3a1 Author: David S. Miller Date: Fri Dec 2 13:58:10 2016 -0500 Merge tag 'wireless-drivers-next-for-davem-2016-12-01' of git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers-next Kalle Valo says: ==================== wireless-drivers-next patches for 4.10 Major changes: rsi * filter rx frames * configure tx power * make it possible to select antenna * support 802.11d brcmfmac * cleanup of scheduled scan code * support for bcm43341 chipset with different chip id * support rev6 of PCIe device interface ath10k * add spectral scan support for QCA6174 and QCA9377 families * show used tx bitrate with 10.4 firmware wil6210 * add power save mode support * add abort scan functionality * add support settings retry limit for short frames bcma * add Dell Inspiron 3148 ==================== Signed-off-by: David S. Miller commit 4f4f907a6729ae9e132810711c3a05e48311a948 Merge: b5b5eca ea7ae88 Author: David S. Miller Date: Fri Dec 2 13:52:02 2016 -0500 Merge branch 'mvneta-64bit' Gregory CLEMENT says: ==================== Support Armada 37xx SoC (ARMv8 64-bits) in mvneta driver The Armada 37xx is a new ARMv8 SoC from Marvell using same network controller as the older Armada 370/38x/XP SoCs. This series adapts the driver in order to be able to use it on this new SoC. The main changes are: - 64-bits support: the first patches allow using the driver on a 64-bit architecture. - MBUS support: the mbus configuration is different on Armada 37xx from the older SoCs. - per cpu interrupt: Armada 37xx do not support per cpu interrupt for the NETA IP, the non-per-CPU behavior was added back. The first patch is an optimization in the rx path in swbm mode. The second patch remove unnecessary allocation for HWBM. The first item is solved by patches 4 and 5. The 2 last items are solved by patch 6. In patch 7 the dt support is added. Beside Armada 37xx, this series have been again tested on Armada XP and Armada 38x (with Hardware Buffer Management and with Software Buffer Management). This is the 6th version of the series: - 1st version: http://lists.infradead.org/pipermail/linux-arm-kernel/2016-November/469588.html - 2nd version: http://lists.infradead.org/pipermail/linux-arm-kernel/2016-November/470476.html - 3rd version: http://lists.infradead.org/pipermail/linux-arm-kernel/2016-November/470901.html - 4th version: http://lists.infradead.org/pipermail/linux-arm-kernel/2016-November/471039.html - 5th version: http://lists.infradead.org/pipermail/linux-arm-kernel/2016-November/471478.html Changelog: v5 -> v6: - Added Tested-by from Marcin Wojtas on the series - Added Reviewed-by from Jisheng Zhang on patch 3 - Fix eth1 phy mode for Armada 3720 DB board on patch 7 v4 -> v5: - remove unnecessary cast in patch 3 v3 -> v4: - Adding new patch: "net: mvneta: do not allocate buffer in rxq init with HWBM" - Simplify the HWBM case in patch 3 as suggested by Marcin v2 -> v3: - Adding patch 1 "Optimize rx path for small frame" - Fix the kbuild error by moving the "phys_addr += pp->rx_offset_correction;" line from patch 2 to patch 3 where rx_offset_correction is introduced. - Move the memory allocation of the buf_virt_addr of the rxq to be called by the probe function in order to avoid a memory leak. ==================== Signed-off-by: David S. Miller commit ea7ae8854a3565a2da84fa91adf2e310c51c6e99 Author: Gregory CLEMENT Date: Thu Dec 1 18:03:10 2016 +0100 ARM64: dts: marvell: Add network support for Armada 3700 Add neta nodes for network support both in device tree for the SoC and the board. Signed-off-by: Gregory CLEMENT Signed-off-by: David S. Miller arch/arm64/boot/dts/marvell/armada-3720-db.dts | 23 +++++++++++++++++++++++ arch/arm64/boot/dts/marvell/armada-37xx.dtsi | 23 +++++++++++++++++++++++ 2 files changed, 46 insertions(+) commit 2636ac3cc2b47e189894300602043aefbe699521 Author: Marcin Wojtas Date: Thu Dec 1 18:03:09 2016 +0100 net: mvneta: Add network support for Armada 3700 SoC Armada 3700 is a new ARMv8 SoC from Marvell using same network controller as older Armada 370/38x/XP. There are however some differences that needed taking into account when adding support for it: * open default MBUS window to 4GB of DRAM - Armada 3700 SoC's Mbus configuration for network controller has to be done on two levels: global and per-port. The first one is inherited from the bootloader. The latter can be opened in a default way, leaving arbitration to the bus controller. Hence filled mbus_dram_target_info structure is not needed * make per-CPU operation optional - Recent patches adding RSS and XPS support for Armada 38x/XP enabled per-CPU operation of the controller by default. Contrary to older SoC's Armada 3700 SoC's network controller is not capable of per-CPU processing due to interrupt lines' connectivity. This patch restores non-per-CPU operation, which is now optional and depends on neta_armada3700 flag value in mvneta_port structure. In order not to complicate the code, separate interrupt subroutine is implemented. For now, on the Armada 3700, RSS is disabled as the current implementation depend on the per cpu interrupts. [gregory.clement@free-electrons.com: extract from a larger patch, replace some ifdef and port to net-next for v4.10] Signed-off-by: Marcin Wojtas Signed-off-by: Gregory CLEMENT Tested-by: Marcin Wojtas Signed-off-by: David S. Miller .../bindings/net/marvell-armada-370-neta.txt | 7 +- drivers/net/ethernet/marvell/Kconfig | 7 +- drivers/net/ethernet/marvell/mvneta.c | 287 +++++++++++++++------ 3 files changed, 214 insertions(+), 87 deletions(-) commit f34dacccb412a8716405a18a25ca1fa97046660c Author: Gregory CLEMENT Date: Thu Dec 1 18:03:08 2016 +0100 net: mvneta: Only disable mvneta_bm for 64-bits Actually only the mvneta_bm support is not 64-bits compatible. The mvneta code itself can run on 64-bits architecture. Signed-off-by: Gregory CLEMENT Tested-by: Marcin Wojtas Signed-off-by: David S. Miller drivers/net/ethernet/marvell/Kconfig | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 8d5047cf9ca2a0adc60a9e334ee5cc7ed891c6c2 Author: Marcin Wojtas Date: Thu Dec 1 18:03:07 2016 +0100 net: mvneta: Convert to be 64 bits compatible Prepare the mvneta driver in order to be usable on the 64 bits platform such as the Armada 3700. [gregory.clement@free-electrons.com]: this patch was extract from a larger one to ease review and maintenance. Signed-off-by: Marcin Wojtas Signed-off-by: Gregory CLEMENT Tested-by: Marcin Wojtas Signed-off-by: David S. Miller drivers/net/ethernet/marvell/mvneta.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) commit f88bee1c4bfa4faad8aeab75502cc76244a06291 Author: Gregory CLEMENT Date: Thu Dec 1 18:03:06 2016 +0100 net: mvneta: Use cacheable memory to store the rx buffer virtual address Until now the virtual address of the received buffer were stored in the cookie field of the rx descriptor. However, this field is 32-bits only which prevents to use the driver on a 64-bits architecture. With this patch the virtual address is stored in an array not shared with the hardware (no more need to use the DMA API). Thanks to this, it is possible to use cache contrary to the access of the rx descriptor member. The change is done in the swbm path only because the hwbm uses the cookie field, this also means that currently the hwbm is not usable in 64-bits. Signed-off-by: Gregory CLEMENT Reviewed-by: Jisheng Zhang Tested-by: Marcin Wojtas Signed-off-by: David S. Miller drivers/net/ethernet/marvell/mvneta.c | 34 ++++++++++++++++++++++++---------- 1 file changed, 24 insertions(+), 10 deletions(-) commit e9f6499965c64109e296f61e3aa7fd91f9f2233c Author: Gregory CLEMENT Date: Thu Dec 1 18:03:05 2016 +0100 net: mvneta: Do not allocate buffer in rxq init with HWBM For HWBM all buffers are allocated in mvneta_bm_construct() and in runtime they are put into descriptors by hardware. There is no need to fill them at this point. Suggested-by: Marcin Wojtas Signed-off-by: Gregory CLEMENT Tested-by: Marcin Wojtas Signed-off-by: David S. Miller drivers/net/ethernet/marvell/mvneta.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit ac83b7ddf227d85542fc2e186884b003cfdb99f7 Author: Gregory CLEMENT Date: Thu Dec 1 18:03:04 2016 +0100 net: mvneta: Optimize rx path for small frame For small frame reuse the phys_addr variable instead of accessing the uncacheable value in the rx descriptor. Signed-off-by: Gregory CLEMENT Tested-by: Marcin Wojtas Signed-off-by: David S. Miller drivers/net/ethernet/marvell/mvneta.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit b5b5eca9aa4166779e184685dcd838f4d0775e76 Merge: 7f7bf16 554ae6e Author: David S. Miller Date: Fri Dec 2 13:46:21 2016 -0500 Merge branch 'bpf-support-for-sockets' David Ahern says: ==================== net: Add bpf support for sockets The recently added VRF support in Linux leverages the bind-to-device API for programs to specify an L3 domain for a socket. While SO_BINDTODEVICE has been around for ages, not every ipv4/ipv6 capable program has support for it. Even for those programs that do support it, the API requires processes to be started as root (CAP_NET_RAW) which is not desirable from a general security perspective. This patch set leverages Daniel Mack's work to attach bpf programs to a cgroup to provide a capability to set sk_bound_dev_if for all AF_INET{6} sockets opened by a process in a cgroup when the sockets are allocated. For example: 1. configure vrf (e.g., using ifupdown2) auto eth0 iface eth0 inet dhcp vrf mgmt auto mgmt iface mgmt vrf-table auto 2. configure cgroup mount -t cgroup2 none /tmp/cgroupv2 mkdir /tmp/cgroupv2/mgmt test_cgrp2_sock /tmp/cgroupv2/mgmt 15 3. set shell into cgroup (e.g., can be done at login using pam) echo $$ >> /tmp/cgroupv2/mgmt/cgroup.procs At this point all commands run in the shell (e.g, apt) have sockets automatically bound to the VRF (see output of ss -ap 'dev == '), including processes not running as root. This capability enables running any program in a VRF context and is key to deploying Management VRF, a fundamental configuration for networking gear, with any Linux OS installation. This patchset also exports the socket family, type and protocol as read-only allowing bpf filters to deny a process in a cgroup the ability to open specific types of AF_INET or AF_INET6 sockets. v7 - comments from Alexei v6 - add export of socket family, type and protocol ==================== Signed-off-by: David S. Miller commit 554ae6e792ef38020b80b4d5127c51d510c0918f Author: David Ahern Date: Thu Dec 1 08:48:08 2016 -0800 samples/bpf: add userspace example for prohibiting sockets Add examples preventing a process in a cgroup from opening a socket based family, protocol and type. Signed-off-by: David Ahern Acked-by: Alexei Starovoitov Signed-off-by: David S. Miller samples/bpf/Makefile | 4 ++ samples/bpf/sock_flags_kern.c | 44 ++++++++++++++++++++++ samples/bpf/test_cgrp2_sock2.c | 66 +++++++++++++++++++++++++++++++++ samples/bpf/test_cgrp2_sock2.sh | 81 +++++++++++++++++++++++++++++++++++++++++ 4 files changed, 195 insertions(+) commit 4f2e7ae56e04cfe670cf39152a8d015984c90351 Author: David Ahern Date: Thu Dec 1 08:48:07 2016 -0800 samples/bpf: Update bpf loader for cgroup section names Add support for section names starting with cgroup/skb and cgroup/sock. Signed-off-by: David Ahern Acked-by: Alexei Starovoitov Signed-off-by: David S. Miller samples/bpf/bpf_load.c | 14 +++++++++++--- samples/bpf/bpf_load.h | 1 + 2 files changed, 12 insertions(+), 3 deletions(-) commit aa4c1037a30f4e88f444e83d42c2befbe0d5caf5 Author: David Ahern Date: Thu Dec 1 08:48:06 2016 -0800 bpf: Add support for reading socket family, type, protocol Add socket family, type and protocol to bpf_sock allowing bpf programs read-only access. Add __sk_flags_offset[0] to struct sock before the bitfield to programmtically determine the offset of the unsigned int containing protocol and type. Signed-off-by: David Ahern Acked-by: Alexei Starovoitov Signed-off-by: David S. Miller include/net/sock.h | 15 +++++++++++++++ include/uapi/linux/bpf.h | 3 +++ net/core/filter.c | 21 +++++++++++++++++++++ 3 files changed, 39 insertions(+) commit ad2805dc79e647ec2aee931a51924fda9d03b2fc Author: David Ahern Date: Thu Dec 1 08:48:05 2016 -0800 samples: bpf: add userspace example for modifying sk_bound_dev_if Add a simple program to demonstrate the ability to attach a bpf program to a cgroup that sets sk_bound_dev_if for AF_INET{6} sockets when they are created. Signed-off-by: David Ahern Acked-by: Alexei Starovoitov Signed-off-by: David S. Miller samples/bpf/Makefile | 2 + samples/bpf/test_cgrp2_sock.c | 83 ++++++++++++++++++++++++++++++++++++++++++ samples/bpf/test_cgrp2_sock.sh | 47 ++++++++++++++++++++++++ 3 files changed, 132 insertions(+) commit 61023658760032e97869b07d54be9681d2529e77 Author: David Ahern Date: Thu Dec 1 08:48:04 2016 -0800 bpf: Add new cgroup attach type to enable sock modifications Add new cgroup based program type, BPF_PROG_TYPE_CGROUP_SOCK. Similar to BPF_PROG_TYPE_CGROUP_SKB programs can be attached to a cgroup and run any time a process in the cgroup opens an AF_INET or AF_INET6 socket. Currently only sk_bound_dev_if is exported to userspace for modification by a bpf program. This allows a cgroup to be configured such that AF_INET{6} sockets opened by processes are automatically bound to a specific device. In turn, this enables the running of programs that do not support SO_BINDTODEVICE in a specific VRF context / L3 domain. Signed-off-by: David Ahern Acked-by: Alexei Starovoitov Signed-off-by: David S. Miller include/linux/bpf-cgroup.h | 14 +++++++++++ include/uapi/linux/bpf.h | 6 +++++ kernel/bpf/cgroup.c | 33 ++++++++++++++++++++++++ kernel/bpf/syscall.c | 5 +++- net/core/filter.c | 62 ++++++++++++++++++++++++++++++++++++++++++++++ net/ipv4/af_inet.c | 12 ++++++++- net/ipv6/af_inet6.c | 8 ++++++ 7 files changed, 138 insertions(+), 2 deletions(-) commit b2cd12574aa3e1625f471ff57cde7f628a18a46b Author: David Ahern Date: Thu Dec 1 08:48:03 2016 -0800 bpf: Refactor cgroups code in prep for new type Code move and rename only; no functional change intended. Signed-off-by: David Ahern Acked-by: Alexei Starovoitov Signed-off-by: David S. Miller include/linux/bpf-cgroup.h | 46 +++++++++++++++++++++++----------------------- kernel/bpf/cgroup.c | 10 +++++----- kernel/bpf/syscall.c | 28 +++++++++++++++------------- 3 files changed, 43 insertions(+), 41 deletions(-) commit 7f7bf1606fa8fa0e3aecdeac0ba8005f2a0fbdef Author: Eric Dumazet Date: Thu Dec 1 05:02:06 2016 -0800 mlx4: fix use-after-free in mlx4_en_fold_software_stats() My recent commit to get more precise rx/tx counters in ndo_get_stats64() can lead to crashes at device dismantle, as Jesper found out. We must prevent mlx4_en_fold_software_stats() trying to access tx/rx rings if they are deleted. Fix this by adding a test against priv->port_up in mlx4_en_fold_software_stats() Calling mlx4_en_fold_software_stats() from mlx4_en_stop_port() allows us to eventually broadcast the latest/current counters to rtnetlink monitors. Fixes: 40931b85113d ("mlx4: give precise rx/tx bytes/packets counters") Signed-off-by: Eric Dumazet Reported-and-bisected-by: Jesper Dangaard Brouer Tested-by: Jesper Dangaard Brouer Cc: Tariq Toukan Cc: Saeed Mahameed Acked-by: Saeed Mahameed Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx4/en_netdev.c | 4 ++++ drivers/net/ethernet/mellanox/mlx4/en_port.c | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) commit bd3ad7d3a14b07aeeb4f92abc757672719e2a0eb Author: Sunil Goutham Date: Thu Dec 1 18:24:28 2016 +0530 net: thunderx: Fix transmit queue timeout issue Transmit queue timeout issue is seen in two cases - Due to a race condition btw setting stop_queue at xmit() and checking for stopped_queue in NAPI poll routine, at times transmission from a SQ comes to a halt. This is fixed by using barriers and also added a check for SQ free descriptors, incase SQ is stopped and there are only CQE_RX i.e no CQE_TX. - Contrary to an assumption, a HW errata where HW doesn't stop transmission even though there are not enough CQEs available for a CQE_TX is not fixed in T88 pass 2.x. This results in a Qset error with 'CQ_WR_FULL' stalling transmission. This is fixed by adjusting RXQ's RED levels for CQ level such that there is always enough space left for CQE_TXs. Signed-off-by: Sunil Goutham Signed-off-by: David S. Miller drivers/net/ethernet/cavium/thunder/nicvf_main.c | 52 ++++++++++++++++++---- drivers/net/ethernet/cavium/thunder/nicvf_queues.c | 24 ++-------- drivers/net/ethernet/cavium/thunder/nicvf_queues.h | 15 ++++--- 3 files changed, 54 insertions(+), 37 deletions(-) commit c4ae94a36c76a901149b24d297f7b9c7aad3eb89 Author: Lucas Stach Date: Fri Dec 2 13:04:01 2016 +0100 MAINTAINERS: add etnaviv mailinglist The etnaviv project now has its own mailinglist, add it to the MAINTAINERS file, so kernel patches get CC'ed to it. Signed-off-by: Lucas Stach MAINTAINERS | 1 + 1 file changed, 1 insertion(+) commit 1db0127904469b7288ecd6b26e86898037aaf060 Author: Lucas Stach Date: Fri Dec 2 12:19:16 2016 +0100 drm/etnaviv: move linear window on MC1.0 parts if necessary On i.MX6SX the physical memory is placed above the 2GB mark, so the GPU linear window has to be moved for the GPU to work at all. This doesn't mix with the FAST_CLEAR feature, as the TS unit doesn't take the linear window offset into account and will corrupt memory when used with a non-zero offset. Move the linear window if it's necessary for the GPU to work, but avoid announcing FAST_CLEAR support to userspace in this case. Signed-off-by: Lucas Stach Tested-by: Marek Vasut drivers/gpu/drm/etnaviv/etnaviv_gpu.c | 4 ++++ 1 file changed, 4 insertions(+) commit 172dbac35efdba3b1251c547a16697e6f3648ebb Author: Lucas Stach Date: Fri Dec 2 11:14:13 2016 +0100 drm/etnaviv: don't invoke OOM killer from dump code The dumper is only a debugging aid so we don't want to invoke the OOM killer if buffer for the potentially large GPU state can't be vmalloced. Signed-off-by: Lucas Stach drivers/gpu/drm/etnaviv/etnaviv_dump.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 5f4a4a73f437b007019495c3c789599d71b9c59e Author: Lucas Stach Date: Wed Nov 30 15:26:26 2016 +0100 drm/etnaviv: fix gem_prime_get_sg_table to return new SG table The object internal SG table must not be returned, as the caller will take ownership of the returned table. Construct a new table from the object pages and return this one instead. Signed-off-by: Lucas Stach drivers/gpu/drm/etnaviv/etnaviv_gem_prime.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit 557800532ebdec4fc460876af4e3c216d23a184d Author: Wladimir J. van der Laan Date: Fri Nov 11 17:57:54 2016 +0100 drm/etnaviv: Allow DRAW_INSTANCED commands Vivante GPUs with HALTI0 feature support a DRAW_INSTANCED command in the command stream to draw a number of instances of the same geometry. The information that has been figured out about the command can be found here: https://github.com/etnaviv/etna_viv/blob/master/rnndb/cmdstream.xml#L270 This command is not allowed currently by the DRM driver because it was not known before. This patch enables parsing it in command streams and allows using it by userspace drivers. Signed-off-by: Wladimir J. van der Laan Signed-off-by: Lucas Stach drivers/gpu/drm/etnaviv/cmdstream.xml.h | 60 ++++++++++++++++++++++++++-- drivers/gpu/drm/etnaviv/etnaviv_cmd_parser.c | 1 + 2 files changed, 57 insertions(+), 4 deletions(-) commit 5688e57eb50c08922d0ff88bb30fe65b508917a0 Author: Lucas Stach Date: Fri Nov 18 15:15:16 2016 +0100 drm/etnaviv: implement dma-buf mmap This adds the required boilerplate to allow direct mmap of exported etnaviv BOs. Signed-off-by: Lucas Stach Tested-by: Philipp Zabel drivers/gpu/drm/etnaviv/etnaviv_drv.c | 1 + drivers/gpu/drm/etnaviv/etnaviv_drv.h | 2 ++ drivers/gpu/drm/etnaviv/etnaviv_gem_prime.c | 13 +++++++++++++ 3 files changed, 16 insertions(+) commit 9aac3c18790cb3510810fafc7ba115e31d49f3bf Merge: 25429d7 ebe0687 Author: David S. Miller Date: Fri Dec 2 13:28:38 2016 -0500 Merge branch 'offloading-tc-rules-hw' Hadar Hen Zion says: ==================== Offloading tc rules using underline Hardware device This series adds flower classifier support in offloading tc rules when the Software ingress device is different from the Hardware ingress device, such as when dealing with IP tunnels The first two patches are a small fixes to flower, checking the skip_hw flag wasn't set before calling the Hardware offloading functions which will try to offload the rule. The next two patches are infrastructure patches, a preparation for the fourth patch which is adding support in flower to offload rules when the ingress device is not a Hardware device and therefore can't offload. In this case ndo_setup_tc is called with the mirred (egress) device. The last three patchs are adding mlx5e support to offload rules using the new "egress_device" flag. Thanks, Hadar Changes from v0: - check if CONFIG_NET_CLS_ACT is defined befor calling tc_action_ops get_dev() ==================== Signed-off-by: David S. Miller commit ebe06875ff1f3d5257c4da7bc74a87ee9e0ce491 Author: Hadar Hen Zion Date: Thu Dec 1 14:06:40 2016 +0200 net/mlx5e: Support adding ingress tc rule when egress device flag is set When ndo_setup_tc is called with an egress_dev flag set, it means that the ndo call was executed on the mirred action (egress) device and not on the ingress device. In order to support this kind of ndo_setup_tc call, and insert the correct decap rule to the hardware, the uplink device on the same eswitch should be found. Currently, we use this resolution between the mirred device and the uplink on the same eswitch to offload vxlan shared device decap rules. Signed-off-by: Hadar Hen Zion Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/en_rep.c | 8 ++++++++ 1 file changed, 8 insertions(+) commit 726293f1f851242c1c308e71ef9dfd0c2251f94a Author: Hadar Hen Zion Date: Thu Dec 1 14:06:39 2016 +0200 net/mlx5e: Save the represntor netdevice as part of the representor Replace the representor private data to a net_device pointer holding the representor netdevice, instead of void pointer holding mlx5e_priv. It will be used by a new eswitch service function, returning the uplink representor netdevice. Signed-off-by: Hadar Hen Zion Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 2 +- drivers/net/ethernet/mellanox/mlx5/core/en_rep.c | 15 ++++++++------- drivers/net/ethernet/mellanox/mlx5/core/eswitch.h | 3 ++- .../net/ethernet/mellanox/mlx5/core/eswitch_offloads.c | 12 +++++++++++- 4 files changed, 22 insertions(+), 10 deletions(-) commit 718f13e72be48e2e088f8a3993017c281f275dcd Author: Hadar Hen Zion Date: Thu Dec 1 14:06:38 2016 +0200 net/mlx5e: Bring back representor's ndos that were accidentally removed The VF Representor udp tunnel ndo entries were removed by mistake, return them. Fixes: 370bad0f9a52 ('net/mlx5e: Support HW (offloaded) and SW counters for SRIOV switchdev mode') Signed-off-by: Hadar Hen Zion Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/en_rep.c | 2 ++ 1 file changed, 2 insertions(+) commit 7091d8c7055d7310339435ae3af2fb490a92524d Author: Hadar Hen Zion Date: Thu Dec 1 14:06:37 2016 +0200 net/sched: cls_flower: Add offload support using egress Hardware device In order to support hardware offloading when the device given by the tc rule is different from the Hardware underline device, extract the mirred (egress) device from the tc action when a filter is added, using the new tc_action_ops, get_dev(). Flower caches the information about the mirred device and use it for calling ndo_setup_tc in filter change, update stats and delete. Calling ndo_setup_tc of the mirred (egress) device instead of the ingress device will allow a resolution between the software ingress device and the underline hardware device. The resolution will take place inside the offloading driver using 'egress_device' flag added to tc_to_netdev struct which is provided to the offloading driver. Signed-off-by: Hadar Hen Zion Acked-by: Jiri Pirko Signed-off-by: David S. Miller include/linux/netdevice.h | 1 + include/net/pkt_cls.h | 2 ++ net/sched/cls_api.c | 24 ++++++++++++++++++++++++ net/sched/cls_flower.c | 41 ++++++++++++++++++++++++----------------- 4 files changed, 51 insertions(+), 17 deletions(-) commit 255cb30425c0ced57d6d85f3e7cddb99b9576046 Author: Hadar Hen Zion Date: Thu Dec 1 14:06:36 2016 +0200 net/sched: act_mirred: Add new tc_action_ops get_dev() Adding support to a new tc_action_ops. get_dev is a general option which allows to get the underline device when trying to offload a tc rule. In case of mirred action the returned device is the mirred (egress) device. Signed-off-by: Hadar Hen Zion Reviewed-by: Jiri Pirko Signed-off-by: David S. Miller include/net/act_api.h | 2 ++ net/sched/act_mirred.c | 12 ++++++++++++ 2 files changed, 14 insertions(+) commit 3036dab670bae38f2ece608e69232f5b20aa6015 Author: Hadar Hen Zion Date: Thu Dec 1 14:06:35 2016 +0200 net/sched: cls_flower: Provide a filter to replace/destroy hardware filter functions Instead of providing many arguments to fl_hw_{replace/destroy}_filter functions, just provide cls_fl_filter struct that includes all the relevant args. This patches doesn't add any new functionality. Signed-off-by: Hadar Hen Zion Acked-by: Jiri Pirko Signed-off-by: David S. Miller net/sched/cls_flower.c | 27 +++++++++++---------------- 1 file changed, 11 insertions(+), 16 deletions(-) commit 796852197c7a1a3a69ee5184d68bf16885bef65b Author: Hadar Hen Zion Date: Thu Dec 1 14:06:34 2016 +0200 net/sched: cls_flower: Try to offload only if skip_hw flag isn't set Check skip_hw flag isn't set before calling fl_hw_{replace/destroy}_filter and fl_hw_update_stats functions. Replace the call to tc_should_offload with tc_can_offload. tc_can_offload only checks if the device supports offloading, the check for skip_hw flag is done earlier in the flow. Signed-off-by: Hadar Hen Zion Acked-by: Jiri Pirko Signed-off-by: David S. Miller net/sched/cls_flower.c | 35 ++++++++++++++++++++--------------- 1 file changed, 20 insertions(+), 15 deletions(-) commit 55330f05969437c5d22fcc2ae2e54810b5236b7b Author: Hadar Hen Zion Date: Thu Dec 1 14:06:33 2016 +0200 net/sched: Add separate check for skip_hw flag Creating a difference between two possible cases: 1. Not offloading tc rule since the user sets 'skip_hw' flag. 2. Not offloading tc rule since the device doesn't support offloading. This patch doesn't add any new functionality. Signed-off-by: Hadar Hen Zion Reviewed-by: Jiri Pirko Signed-off-by: David S. Miller include/net/pkt_cls.h | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) commit 25429d7b7dca01dc4f17205de023a30ca09390d0 Author: Florian Westphal Date: Thu Dec 1 11:32:07 2016 +0100 tcp: allow to turn tcp timestamp randomization off Eric says: "By looking at tcpdump, and TS val of xmit packets of multiple flows, we can deduct the relative qdisc delays (think of fq pacing). This should work even if we have one flow per remote peer." Having random per flow (or host) offsets doesn't allow that anymore so add a way to turn this off. Suggested-by: Eric Dumazet Signed-off-by: Florian Westphal Acked-by: Yuchung Cheng Signed-off-by: David S. Miller Documentation/networking/ip-sysctl.txt | 9 +++++++-- net/core/secure_seq.c | 5 +++-- net/ipv4/tcp_input.c | 1 + 3 files changed, 11 insertions(+), 4 deletions(-) commit 95a22caee396cef0bb2ca8fafdd82966a49367bb Author: Florian Westphal Date: Thu Dec 1 11:32:06 2016 +0100 tcp: randomize tcp timestamp offsets for each connection jiffies based timestamps allow for easy inference of number of devices behind NAT translators and also makes tracking of hosts simpler. commit ceaa1fef65a7c2e ("tcp: adding a per-socket timestamp offset") added the main infrastructure that is needed for per-connection ts randomization, in particular writing/reading the on-wire tcp header format takes the offset into account so rest of stack can use normal tcp_time_stamp (jiffies). So only two items are left: - add a tsoffset for request sockets - extend the tcp isn generator to also return another 32bit number in addition to the ISN. Re-use of ISN generator also means timestamps are still monotonically increasing for same connection quadruple, i.e. PAWS will still work. Includes fixes from Eric Dumazet. Signed-off-by: Florian Westphal Acked-by: Eric Dumazet Acked-by: Yuchung Cheng Signed-off-by: David S. Miller include/linux/tcp.h | 1 + include/net/secure_seq.h | 8 ++++---- include/net/tcp.h | 2 +- net/core/secure_seq.c | 10 ++++++---- net/ipv4/syncookies.c | 1 + net/ipv4/tcp_input.c | 7 ++++++- net/ipv4/tcp_ipv4.c | 9 +++++---- net/ipv4/tcp_minisocks.c | 4 +++- net/ipv4/tcp_output.c | 2 +- net/ipv6/syncookies.c | 1 + net/ipv6/tcp_ipv6.c | 10 ++++++---- 11 files changed, 35 insertions(+), 20 deletions(-) commit 7df5358d4707c6f0a26266d3a4dd97fd353947e2 Merge: b14945a 1d6cff4 Author: David S. Miller Date: Fri Dec 2 12:44:38 2016 -0500 Merge branch 'qed-iscsi' Manish Rangankar says: ==================== Add QLogic FastLinQ iSCSI (qedi) driver. This series introduces hardware offload iSCSI initiator driver for the 41000 Series Converged Network Adapters (579xx chip) by Qlogic. The overall driver design includes a common module ('qed') and protocol specific dependent modules ('qedi' for iSCSI). This is an open iSCSI driver, modifications to open iSCSI user components 'iscsid', 'iscsiuio', etc. are required for the solution to work. The user space changes are also in the process of being submitted. https://groups.google.com/forum/#!forum/open-iscsi The 'qed' common module, under drivers/net/ethernet/qlogic/qed/, is enhanced with functionality required for the iSCSI support. This series is based on: net tree base: Merge of net and net-next as of 11/29/2016 Changes from RFC v2: 1. qedi patches are squashed into single patch to prevent krobot warning. 2. Fixed 'hw_p_cpuq' incompatible pointer type. 3. Fixed sparse incompatible types in comparison expression. 4. Misc fixes with latest 'checkpatch --strict' option. 5. Remove int_mode option from MODULE_PARAM. 6. Prefix all MODULE_PARAM params with qedi_*. 7. Use CONFIG_QED_ISCSI instead of CONFIG_QEDI 8. Added bad task mem access fix. ==================== Signed-off-by: David S. Miller commit 1d6cff4fca4366d0529dbce170e0f33cfe213790 Author: Yuval Mintz Date: Thu Dec 1 00:21:07 2016 -0800 qed: Add iSCSI out of order packet handling. This patch adds out of order packet handling for hardware offloaded iSCSI. Out of order packet handling requires driver buffer allocation and assistance. Signed-off-by: Arun Easi Signed-off-by: Yuval Mintz Reviewed-by: Johannes Thumshirn Reviewed-by: Hannes Reinecke Signed-off-by: David S. Miller drivers/net/ethernet/qlogic/qed/Makefile | 2 +- drivers/net/ethernet/qlogic/qed/qed.h | 1 + drivers/net/ethernet/qlogic/qed/qed_dev.c | 14 +- drivers/net/ethernet/qlogic/qed/qed_ll2.c | 551 +++++++++++++++++++++++++++-- drivers/net/ethernet/qlogic/qed/qed_ll2.h | 9 + drivers/net/ethernet/qlogic/qed/qed_ooo.c | 501 ++++++++++++++++++++++++++ drivers/net/ethernet/qlogic/qed/qed_ooo.h | 176 +++++++++ drivers/net/ethernet/qlogic/qed/qed_roce.c | 1 + drivers/net/ethernet/qlogic/qed/qed_spq.c | 9 + 9 files changed, 1234 insertions(+), 30 deletions(-) commit fc831825f99eb3a2f1bf3fe7307b392513b642a5 Author: Yuval Mintz Date: Thu Dec 1 00:21:06 2016 -0800 qed: Add support for hardware offloaded iSCSI. This adds the backbone required for the various HW initalizations which are necessary for the iSCSI driver (qedi) for QLogic FastLinQ 4xxxx line of adapters - FW notification, resource initializations, etc. Signed-off-by: Arun Easi Signed-off-by: Yuval Mintz Reviewed-by: Johannes Thumshirn Reviewed-by: Hannes Reinecke Signed-off-by: David S. Miller drivers/net/ethernet/qlogic/Kconfig | 3 + drivers/net/ethernet/qlogic/qed/Makefile | 1 + drivers/net/ethernet/qlogic/qed/qed.h | 7 +- drivers/net/ethernet/qlogic/qed/qed_dev.c | 12 + drivers/net/ethernet/qlogic/qed/qed_iscsi.c | 1277 ++++++++++++++++++++++++ drivers/net/ethernet/qlogic/qed/qed_iscsi.h | 52 + drivers/net/ethernet/qlogic/qed/qed_ll2.c | 4 +- drivers/net/ethernet/qlogic/qed/qed_reg_addr.h | 2 + drivers/net/ethernet/qlogic/qed/qed_spq.c | 15 + include/linux/qed/qed_if.h | 2 + include/linux/qed/qed_iscsi_if.h | 229 +++++ 11 files changed, 1602 insertions(+), 2 deletions(-) commit 4db0d88e2ebc4f47092adc01f9885a43ad748995 Author: Theodore Ts'o Date: Fri Dec 2 12:12:53 2016 -0500 ext4: fix reading new encrypted symlinks on no-journal file systems On a filesystem with no journal, a symlink longer than about 32 characters (exact length depending on padding for encryption) could not be followed or read immediately after being created in an encrypted directory. This happened because when the symlink data went through the delayed allocation path instead of the journaling path, the symlink was incorrectly detected as a "fast" symlink rather than a "slow" symlink until its data was written out. To fix this, disable delayed allocation for symlinks, since there is no benefit for delayed allocation anyway. Reported-by: Eric Biggers Signed-off-by: Theodore Ts'o fs/ext4/inode.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit b14945ac3efdf5217182a344b037f96d6b0afae1 Author: Rasmus Villemoes Date: Wed Nov 30 23:02:54 2016 +0100 net: atarilance: use %8ph for printing hex string This is already using the %pM printf extension; might as well also use %ph to make the code smaller. Signed-off-by: Rasmus Villemoes Signed-off-by: David S. Miller drivers/net/ethernet/amd/atarilance.c | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) commit d709b2a186761bc038c99c2f744c7218f2d249bd Author: Arnd Bergmann Date: Wed Nov 30 22:05:39 2016 +0100 net/mlx5e: skip loopback selftest with !CONFIG_INET When CONFIG_INET is disabled, the new selftest results in a link error: drivers/net/ethernet/mellanox/mlx5/core/mlx5_core.o: In function `mlx5e_test_loopback': en_selftest.c:(.text.mlx5e_test_loopback+0x2ec): undefined reference to `ip_send_check' en_selftest.c:(.text.mlx5e_test_loopback+0x34c): undefined reference to `udp4_hwcsum' This hides the specific test in that configuration. Fixes: 0952da791c97 ("net/mlx5e: Add support for loopback selftest") Signed-off-by: Arnd Bergmann Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/en_selftest.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) commit f8c3cf9d7d7f04718e0d51c28f8430afa6058b3b Author: Trond Myklebust Date: Thu Oct 20 10:12:45 2016 -0400 NFSv4: Add a generic structure for managing layout-private information Signed-off-by: Trond Myklebust include/linux/nfs_xdr.h | 14 ++++++++++++++ 1 file changed, 14 insertions(+) commit 06946c6a3d8b511a65e4f8b1f44dfd01e37f752d Author: Trond Myklebust Date: Fri Nov 25 13:17:15 2016 -0500 pNFS/flexfiles: Only send layoutstats updates for mirrors that were updated If there have been no reads or writes to a given mirror since the last layoutstats update, then don't resend the same data. Signed-off-by: Trond Myklebust fs/nfs/flexfilelayout/flexfilelayout.c | 6 ++++++ fs/nfs/flexfilelayout/flexfilelayout.h | 3 +++ 2 files changed, 9 insertions(+) commit 46c98c6d1bd33f8ae2c3b8f379f1629c472141e3 Author: Trond Myklebust Date: Fri Nov 25 13:24:09 2016 -0500 pNFS/flexfiles: Don't attempt to send layoutstats if there are no entries If the list of mirrors is empty, then don't send an RPC call. Signed-off-by: Trond Myklebust fs/nfs/flexfilelayout/flexfilelayout.c | 5 +++++ 1 file changed, 5 insertions(+) commit 1bcf4c5c597d1b1862cf54e65198f1c9e3cad29c Author: Trond Myklebust Date: Fri Dec 2 09:15:37 2016 -0500 NFS: Allow getattr to also report readdirplus cache hits If the use called stat() on an 'ls -l' workload, and the attribute cache was successfully revalidate by READDIRPLUS, then we want to report that back so that the readdir code continues to use readdirplus. Reviewed-by: Benjamin Coddington Tested-by: Benjamin Coddington Signed-off-by: Trond Myklebust fs/nfs/dir.c | 1 - fs/nfs/inode.c | 21 +++++++++++++++++---- fs/nfs/internal.h | 1 + 3 files changed, 18 insertions(+), 5 deletions(-) commit 63519fbc67d0d9912c13185b7c1e8c2fcb218cc0 Author: Trond Myklebust Date: Sat Nov 19 11:21:54 2016 -0500 NFS: Be more targeted about readdirplus use when doing lookup/revalidation There is little point in setting NFS_INO_ADVISE_RDPLUS in nfs_lookup and nfs_lookup_revalidate() unless a process is actually doing readdir on the parent directory. Furthermore, there is little point in using readdirplus if we're trying to revalidate a negative dentry. Reviewed-by: Benjamin Coddington Tested-by: Benjamin Coddington Signed-off-by: Trond Myklebust fs/nfs/dir.c | 30 +++++++++++++++++++----------- 1 file changed, 19 insertions(+), 11 deletions(-) commit 79f687a3de9e3ba2518b4ea33f38ca6cbe9133eb Author: Trond Myklebust Date: Sat Nov 19 10:54:55 2016 -0500 NFS: Fix a performance regression in readdir Ben Coddington reports that commit 311324ad1713, by adding the function nfs_dir_mapping_need_revalidate() that checks page cache validity on each call to nfs_readdir() causes a performance regression when the directory is being modified. If the directory is changing while we're iterating through the directory, POSIX does not require us to invalidate the page cache unless the user calls rewinddir(). However, we still do want to ensure that we use readdirplus in order to avoid a load of stat() calls when the user is doing an 'ls -l' workload. The fix should be to invalidate the page cache immediately when we're setting the NFS_INO_ADVISE_RDPLUS bit. Reported-by: Benjamin Coddington Fixes: 311324ad1713 ("NFS: Be more aggressive in using readdirplus...") Reviewed-by: Benjamin Coddington Tested-by: Benjamin Coddington Signed-off-by: Trond Myklebust fs/nfs/dir.c | 15 ++------------- 1 file changed, 2 insertions(+), 13 deletions(-) commit dabdcdc9822ae4e23cd7ff07090098d34f287b28 Author: Daniel Vetter Date: Fri Dec 2 08:07:40 2016 +0100 drm/vmwgfx: Switch to mode_cmd2 Surprisingly few changes needed to make it happen. Compile-tested only. The idea is that this replaces the 2 patches from Ville's big fb->format patch series as a prep patch. Only impact to later patches should be the one instace added in this patch where we look at fb->pixel_format (instead of fb->bpp and fb->depth), so minor adjustements in the cocci-generated patches needed. v2: Restore pitch computation in vmw_fb_kms_framebuffer (Sinclair). Cc: ville.syrjala@linux.intel.com Cc: Laurent Pinchart Cc: linux-graphics-maintainer@vmware.com Cc: Sinclair Yeh Cc: Thomas Hellstrom Reviewed-by: Sinclair Yeh Acked-by: Ville Syrjälä Signed-off-by: Daniel Vetter Link: http://patchwork.freedesktop.org/patch/msgid/20161202070740.31689-1-daniel.vetter@ffwll.ch drivers/gpu/drm/vmwgfx/vmwgfx_fb.c | 19 +++--- drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 116 +++++++++++++----------------------- drivers/gpu/drm/vmwgfx/vmwgfx_kms.h | 2 +- 3 files changed, 53 insertions(+), 84 deletions(-) commit ad1231080be5a5cb34bbecf08fa3fea50209ef94 Author: Nicolai Hähnle Date: Thu Dec 1 15:06:44 2016 +0100 drm/vgem: Use ww_mutex_(un)lock even with a NULL context v2: use resv->lock instead of resv->lock.base (Christian König) Cc: Peter Zijlstra Cc: Ingo Molnar Cc: Maarten Lankhorst Cc: Daniel Vetter Cc: Chris Wilson Cc: dri-devel@lists.freedesktop.org Signed-off-by: Nicolai Hähnle Reviewed-by: Chris Wilson Signed-off-by: Daniel Vetter Link: http://patchwork.freedesktop.org/patch/msgid/1480601214-26583-2-git-send-email-nhaehnle@gmail.com drivers/gpu/drm/vgem/vgem_fence.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 366cbf2f46048d70005c6c33dc289330f24b54b0 Author: Daniel Borkmann Date: Wed Nov 30 22:16:06 2016 +0100 bpf, xdp: drop rcu_read_lock from bpf_prog_run_xdp and move to caller After 326fe02d1ed6 ("net/mlx4_en: protect ring->xdp_prog with rcu_read_lock"), the rcu_read_lock() in bpf_prog_run_xdp() is superfluous, since callers need to hold rcu_read_lock() already to make sure BPF program doesn't get released in the background. Thus, drop it from bpf_prog_run_xdp(), as it can otherwise be misleading. Still keeping the bpf_prog_run_xdp() is useful as it allows for grepping in XDP supported drivers and to keep the typecheck on the context intact. For mlx4, this means we don't have a double rcu_read_lock() anymore. nfp can just make use of bpf_prog_run_xdp(), too. For qede, just move rcu_read_lock() out of the helper. When the driver gets atomic replace support, this will move to call-sites eventually. mlx5 needs actual fixing as it has the same issue as described already in 326fe02d1ed6 ("net/mlx4_en: protect ring->xdp_prog with rcu_read_lock"), that is, we're under RCU bh at this time, BPF programs are released via call_rcu(), and call_rcu() != call_rcu_bh(), so we need to properly mark read side as programs can get xchg()'ed in mlx5e_xdp_set() without queue reset. Fixes: 86994156c736 ("net/mlx5e: XDP fast RX drop bpf programs support") Signed-off-by: Daniel Borkmann Acked-by: Alexei Starovoitov Acked-by: Jakub Kicinski Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/en_rx.c | 8 ++++++-- drivers/net/ethernet/netronome/nfp/nfp_net_common.c | 2 +- drivers/net/ethernet/qlogic/qede/qede_main.c | 7 +++++++ include/linux/filter.h | 18 +++++++++--------- 4 files changed, 23 insertions(+), 12 deletions(-) commit 83a1a1a70e87f676fbb6086b26b6ac7f7fdd107d Author: Soheil Hassas Yeganeh Date: Wed Nov 30 14:01:08 2016 -0500 sock: reset sk_err for ICMP packets read from error queue Only when ICMP packets are enqueued onto the error queue, sk_err is also set. Before f5f99309fa74 (sock: do not set sk_err in sock_dequeue_err_skb), a subsequent error queue read would set sk_err to the next error on the queue, or 0 if empty. As no error types other than ICMP set this field, sk_err should not be modified upon dequeuing them. Only for ICMP errors, reset the (racy) sk_err. Some applications, like traceroute, rely on it and go into a futile busy POLLERR loop otherwise. In principle, sk_err has to be set while an ICMP error is queued. Testing is_icmp_err_skb(skb_next) approximates this without requiring a full queue walk. Applications that receive both ICMP and other errors cannot rely on this legacy behavior, as other errors do not set sk_err in the first place. Fixes: f5f99309fa74 (sock: do not set sk_err in sock_dequeue_err_skb) Signed-off-by: Soheil Hassas Yeganeh Signed-off-by: Willem de Bruijn Acked-by: Eric Dumazet Acked-by: Maciej Żenczykowski Signed-off-by: David S. Miller net/core/skbuff.c | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) commit f577e22c73c08b160b17b93a3a38de9477d8bcc0 Merge: ee3d7c6 f74599f Author: David S. Miller Date: Fri Dec 2 10:52:05 2016 -0500 Merge branch 'lwt-bpf' Thomas Graf says: ==================== bpf: BPF for lightweight tunnel encapsulation This series implements BPF program invocation from dst entries via the lightweight tunnels infrastructure. The BPF program can be attached to lwtunnel_input(), lwtunnel_output() or lwtunnel_xmit() and see an L3 skb as context. Programs attached to input and output are read-only. Programs attached to lwtunnel_xmit() can modify and redirect, push headers and redirect packets. The facility can be used to: - Collect statistics and generate sampling data for a subset of traffic based on the dst utilized by the packet thus allowing to extend the existing realms. - Apply additional per route/dst filters to prohibit certain outgoing or incoming packets based on BPF filters. In particular, this allows to maintain per dst custom state across multiple packets in BPF maps and apply filters based on statistics and behaviour observed over time. - Attachment of L2 headers at transmit where resolving the L2 address is not required. - Possibly many more. v3 -> v4: - Bumped LWT_BPF_MAX_HEADROOM from 128 to 256 (Alexei) - Renamed bpf_skb_push() helper to bpf_skb_change_head() to relate to existing bpf_skb_change_tail() helper (Alexei/Daniel) - Added check in __bpf_redirect_common() to verify that program added a link header before redirecting to a l2 device. Adding the check to lwt-bpf code was considered but dropped due to massive code required due to retrieval of net_device via per-cpu redirect buffer. A test case was added to cover the scenario when a program directs to an l2 device without adding an appropriate l2 header. (Alexei) - Prohibited access to tc_classid (Daniel) - Collapsed bpf_verifier_ops instance for lwt in/out as they are identical (Daniel) - Some cosmetic changes v2 -> v3: - Added real world sample lwt_len_hist_kern.c which demonstrates how to collect a histogram on packet sizes for all packets flowing through a number of routes. - Restricted output to be read-only. Since the header can no longer be modified, the rerouting functionality has been removed again. - Added test case which cover destructive modification of packet data. v1 -> v2: - Added new BPF_LWT_REROUTE return code for program to indicate that new route lookup should be performed. Suggested by Tom. - New sample to illustrate rerouting - New patch 05: Recursion limit for lwtunnel_output for the case when user creates circular dst redirection. Also resolves the issue for ILA. - Fix to ensure headroom for potential future L2 header is still guaranteed ==================== Signed-off-by: David S. Miller commit f74599f7c5309b21151233b98139e9b723fd1110 Author: Thomas Graf Date: Wed Nov 30 17:10:11 2016 +0100 bpf: Add tests and samples for LWT-BPF Adds a series of tests to verify the functionality of attaching BPF programs at LWT hooks. Also adds a sample which collects a histogram of packet sizes which pass through an LWT hook. $ ./lwt_len_hist.sh Starting netserver with host 'IN(6)ADDR_ANY' port '12865' and family AF_UNSPEC MIGRATED TCP STREAM TEST from 0.0.0.0 (0.0.0.0) port 0 AF_INET to 192.168.253.2 () port 0 AF_INET : demo Recv Send Send Socket Socket Message Elapsed Size Size Size Time Throughput bytes bytes bytes secs. 10^6bits/sec 87380 16384 16384 10.00 39857.69 1 -> 1 : 0 | | 2 -> 3 : 0 | | 4 -> 7 : 0 | | 8 -> 15 : 0 | | 16 -> 31 : 0 | | 32 -> 63 : 22 | | 64 -> 127 : 98 | | 128 -> 255 : 213 | | 256 -> 511 : 1444251 |******** | 512 -> 1023 : 660610 |*** | 1024 -> 2047 : 535241 |** | 2048 -> 4095 : 19 | | 4096 -> 8191 : 180 | | 8192 -> 16383 : 5578023 |************************************* | 16384 -> 32767 : 632099 |*** | 32768 -> 65535 : 6575 | | Signed-off-by: Thomas Graf Acked-by: Alexei Starovoitov Signed-off-by: David S. Miller samples/bpf/Makefile | 4 + samples/bpf/bpf_helpers.h | 4 + samples/bpf/lwt_len_hist.sh | 37 ++++ samples/bpf/lwt_len_hist_kern.c | 82 +++++++++ samples/bpf/lwt_len_hist_user.c | 76 ++++++++ samples/bpf/test_lwt_bpf.c | 253 +++++++++++++++++++++++++ samples/bpf/test_lwt_bpf.sh | 399 ++++++++++++++++++++++++++++++++++++++++ 7 files changed, 855 insertions(+) commit 3a0af8fd61f90920f6fa04e4f1e9a6a73c1b4fd2 Author: Thomas Graf Date: Wed Nov 30 17:10:10 2016 +0100 bpf: BPF for lightweight tunnel infrastructure Registers new BPF program types which correspond to the LWT hooks: - BPF_PROG_TYPE_LWT_IN => dst_input() - BPF_PROG_TYPE_LWT_OUT => dst_output() - BPF_PROG_TYPE_LWT_XMIT => lwtunnel_xmit() The separate program types are required to differentiate between the capabilities each LWT hook allows: * Programs attached to dst_input() or dst_output() are restricted and may only read the data of an skb. This prevent modification and possible invalidation of already validated packet headers on receive and the construction of illegal headers while the IP headers are still being assembled. * Programs attached to lwtunnel_xmit() are allowed to modify packet content as well as prepending an L2 header via a newly introduced helper bpf_skb_change_head(). This is safe as lwtunnel_xmit() is invoked after the IP header has been assembled completely. All BPF programs receive an skb with L3 headers attached and may return one of the following error codes: BPF_OK - Continue routing as per nexthop BPF_DROP - Drop skb and return EPERM BPF_REDIRECT - Redirect skb to device as per redirect() helper. (Only valid in lwtunnel_xmit() context) The return codes are binary compatible with their TC_ACT_ relatives to ease compatibility. Signed-off-by: Thomas Graf Acked-by: Alexei Starovoitov Acked-by: Daniel Borkmann Signed-off-by: David S. Miller include/linux/filter.h | 2 +- include/uapi/linux/bpf.h | 32 +++- include/uapi/linux/lwtunnel.h | 23 +++ kernel/bpf/verifier.c | 14 +- net/Kconfig | 8 + net/core/Makefile | 1 + net/core/filter.c | 173 ++++++++++++++++++ net/core/lwt_bpf.c | 396 ++++++++++++++++++++++++++++++++++++++++++ net/core/lwtunnel.c | 2 + 9 files changed, 646 insertions(+), 5 deletions(-) commit efd857008142017ff1b4ff70d98f4a5f6003cbea Author: Thomas Graf Date: Wed Nov 30 17:10:09 2016 +0100 route: Set lwtstate for local traffic and cached input dsts A route on the output path hitting a RTN_LOCAL route will keep the dst associated on its way through the loopback device. On the receive path, the dst_input() call will thus invoke the input handler of the route created in the output path. Thus, lwt redirection for input must be done for dsts allocated in the otuput path as well. Also, if a route is cached in the input path, the allocated dst should respect lwtunnel configuration on the nexthop as well. Signed-off-by: Thomas Graf Signed-off-by: David S. Miller net/ipv4/route.c | 39 ++++++++++++++++++++++++++------------- 1 file changed, 26 insertions(+), 13 deletions(-) commit 11b3d9c5869bc96997cada33be6a56ebd179786b Author: Thomas Graf Date: Wed Nov 30 17:10:08 2016 +0100 route: Set orig_output when redirecting to lwt on locally generated traffic orig_output for IPv4 was only set for dsts which hit an input route. Set it consistently for locally generated traffic as well to allow lwt to continue the dst_output() path as configured by the nexthop. Fixes: 2536862311d ("lwt: Add support to redirect dst.input") Signed-off-by: Thomas Graf Signed-off-by: David S. Miller net/ipv4/route.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit ee3d7c6e5b4d2615115aa857890923e3dcfa3852 Merge: 6c0c620 5067b60 Author: David S. Miller Date: Fri Dec 2 10:47:03 2016 -0500 Merge branch 'mlx5-updates' Saeed Mahameed says: ==================== Mellanox 100G mlx5 updates 2016-11-29 The following series from Tariq and Roi, provides some critical fixes and updates for the mlx5e driver. From Tariq: - Fix driver coherent memory huge allocation issues by fragmenting completion queues, in a way that is transparent to the netdev driver by providing a new buffer type "mlx5_frag_buf" with the same access API. - Create UMR MKey per RQ to have better scalability. From Roi: - Some fixes for the encap-decap support and tc flower added lately to the mlx5e driver. v1->v2: - Fix start index in error flow of mlx5_frag_buf_alloc_node, pointed out by Eric. This series was generated against commit: 31ac1c19455f ("geneve: fix ip_hdr_len reserved for geneve6 tunnel.") ==================== Signed-off-by: David S. Miller commit 5067b6020770ef7c8102f47079c9e577d175ef2c Author: Roi Dayan Date: Wed Nov 30 17:59:43 2016 +0200 net/mlx5e: Remove flow encap entry in the correct place Handling flow encap entry should be inside tc del flow and is only relevant for offloaded eswitch TC rules. Fixes: 11a457e9b6c1 ("net/mlx5e: Add basic TC tunnel set action for SRIOV offloads") Signed-off-by: Roi Dayan Reviewed-by: Or Gerlitz Signed-off-by: Saeed Mahameed Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 43 +++++++++++++------------ 1 file changed, 22 insertions(+), 21 deletions(-) commit 961e8979ec3578ef4c441b69a5b7b9febc89fd18 Author: Roi Dayan Date: Wed Nov 30 17:59:42 2016 +0200 net/mlx5e: Refactor tc del flow to accept mlx5e_tc_flow instance Change the function that deletes offloaded TC rule to get struct mlx5e_tc_flow instance which contains both the flow handle and flow attributes. This is a cleanup needed for downstream patches, it doesn't change any functionality. Signed-off-by: Roi Dayan Reviewed-by: Or Gerlitz Signed-off-by: Saeed Mahameed Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) commit 86a33ae1ca06a58629c4d0d80ac6d099ff932ae0 Author: Roi Dayan Date: Wed Nov 30 17:59:41 2016 +0200 net/mlx5e: Correct cleanup order when deleting offloaded TC rules According to the reverse unwinding principle, on delete time we should first handle deletion of the steering rule and later handle the vlan deletion from the eswitch. Fixes: 8b32580df1cb ("net/mlx5e: Add TC vlan action for SRIOV offloads") Signed-off-by: Roi Dayan Reviewed-by: Or Gerlitz Signed-off-by: Saeed Mahameed Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 53636068d8d6a08ca99949e2094b2b04ececa2d8 Author: Roi Dayan Date: Wed Nov 30 17:59:40 2016 +0200 net/mlx5e: Remove redundant hashtable lookup in configure flower We will never find a flow with the same cookie as cls_flower always allocates a new flow and the cookie is the allocated memory address. Fixes: e3a2b7ed018e ("net/mlx5e: Support offload cls_flower with drop action") Signed-off-by: Roi Dayan Reviewed-by: Hadar Hen Zion Signed-off-by: Saeed Mahameed Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 26 +++++++------------------ 1 file changed, 7 insertions(+), 19 deletions(-) commit ec8b9981ad3f3eeb5dcc4f237266e897c363f896 Author: Tariq Toukan Date: Wed Nov 30 17:59:39 2016 +0200 net/mlx5e: Create UMR MKey per RQ In Striding RQ implementation, we used a single UMR (User-Mode Memory Registration) memory key for all RQs. When the product of RQs number*size gets high, we hit a limitation of u16 field size in FW. Here we move to using a UMR memory key per RQ, so we can scale to any number of rings, with the maximum buffer size in each. Signed-off-by: Tariq Toukan Signed-off-by: Saeed Mahameed Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/en.h | 12 ++--- .../net/ethernet/mellanox/mlx5/core/en_ethtool.c | 12 +---- drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 53 ++++++++++++---------- 3 files changed, 35 insertions(+), 42 deletions(-) commit 3608ae77c098dfe134103a9dec4c78687896708e Author: Tariq Toukan Date: Wed Nov 30 17:59:38 2016 +0200 net/mlx5e: Move function mlx5e_create_umr_mkey In next patch we are going to create a UMR MKey per RQ, we need mlx5e_create_umr_mkey declared before mlx5e_create_rq. Signed-off-by: Tariq Toukan Signed-off-by: Saeed Mahameed Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 74 +++++++++++------------ 1 file changed, 37 insertions(+), 37 deletions(-) commit 1c1b522808a18402f043c1418b4e48c7355480cc Author: Tariq Toukan Date: Wed Nov 30 17:59:37 2016 +0200 net/mlx5e: Implement Fragmented Work Queue (WQ) Add new type of struct mlx5_frag_buf which is used to allocate fragmented buffers rather than contiguous, and make the Completion Queues (CQs) use it as they are big (default of 2MB per CQ in Striding RQ). This fixes the failures of type: "mlx5e_open_locked: mlx5e_open_channels failed, -12" due to dma_zalloc_coherent insufficient contiguous coherent memory to satisfy the driver's request when the user tries to setup more or larger rings. Signed-off-by: Tariq Toukan Reported-by: Sebastian Ott Signed-off-by: Saeed Mahameed Signed-off-by: David S. Miller drivers/net/ethernet/mellanox/mlx5/core/alloc.c | 66 +++++++++++++++++++++++ drivers/net/ethernet/mellanox/mlx5/core/en.h | 2 +- drivers/net/ethernet/mellanox/mlx5/core/en_main.c | 10 ++-- drivers/net/ethernet/mellanox/mlx5/core/wq.c | 26 ++++++--- drivers/net/ethernet/mellanox/mlx5/core/wq.h | 18 +++++-- include/linux/mlx5/driver.h | 11 ++++ 6 files changed, 116 insertions(+), 17 deletions(-) commit 6c0c62035ea51fcacbfa408f991cae767e30b116 Merge: b3b9fa0 3b80456 Author: David S. Miller Date: Fri Dec 2 10:36:48 2016 -0500 Merge branch 'altera-tse-sgmii-pcs' Neill Whillans says: ==================== net: Add support for SGMII PCS on Altera TSE MAC These patches were created as part of work to add support for SGMII PCS functionality to the Altera TSE MAC. Patches are based on 4.9-rc6 git tree. The first patch in the series adds support for the VSC8572 dual-port Gigabit Ethernet transceiver, used in integration testing. The second patch adds support for the SGMII PCS functionality to the Altera TSE driver. ==================== Signed-off-by: David S. Miller commit 3b804564333f312143f36460f5fa90085428b5af Author: Neill Whillans Date: Wed Nov 30 13:41:05 2016 +0000 net: ethernet: altera_tse: add support for SGMII PCS Add support for the (optional) SGMII PCS functionality of the Altera TSE MAC. If the phy-mode is set to 'sgmii' then we attempt to discover and initialise the PCS so that the MAC can communicate to the PHY. The PCS IP block provides a scratch register for testing presence of the PCS, which is mapped into one of the two MDIO spaces present in the MAC's register space. Once we have determined that the scratch register is functioning, we attempt to initialise the PCS to auto-negotiate an SGMII link with the PHY. There is no need to monitor or manage the SGMII link beyond this, since the normal PHY MDIO will then be used to monitor the media layer. The Altera TSE MAC has only one way in which it can be configured with an SGMII PCS, and as such, this patch only looks to the phy-mode to select whether or not to attempt to initialise the PCS registers. During initialisation, we report the PCS's equivalent of a PHY ID register. This can be parameterised during the IP instantiation and is often left as '0x00000000' which is not an error. Signed-off-by: Neill Whillans Reviewed-by: Daniel Silverstone Signed-off-by: David S. Miller drivers/net/ethernet/altera/altera_tse.h | 11 ++++ drivers/net/ethernet/altera/altera_tse_main.c | 91 +++++++++++++++++++++++++++ 2 files changed, 102 insertions(+) commit dc855b3b74187475db2243356d85d2ebb447b54c Author: Stephen Agate Date: Wed Nov 30 13:41:04 2016 +0000 net: phy: vitesse: add support for VSC8572 Add support for the Vitesse VSC8572 which is functionally equivalent to the already supported VSC8574. As such, all the same handling functions are used since the VSC8572 merely has half the number of phy blocks internally. Signed-off-by: Stephen Agate Signed-off-by: Neill Whillans Reviewed-by: Daniel Silverstone Signed-off-by: David S. Miller drivers/net/phy/vitesse.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) commit cf30f5094adc028d5512f4fbb585f3592768f41d Merge: e9cbc4b 53d6f812 Author: Jani Nikula Date: Fri Dec 2 16:29:07 2016 +0200 Merge tag 'gvt-next-2016-11-30' of https://github.com/01org/gvt-linux into drm-intel-next-fixes From Zhenyu Wang gvt-next-2016-11-30 - initialize vgpu as primary for correct cfg space setting - fix 64 bit bar emulation - fix un-released lock issue on dispatch workload err path Signed-off-by: Jani Nikula commit 608ad1848b417f4b5771573ca9bfb811fcda3536 Author: Rasmus Villemoes Date: Wed Nov 30 23:48:46 2016 +0100 HID: intel_ish-hid: use %pUL for uuid formatting We have the %pU printf extension for doing exactly this. Saves some .text, and is likely also a little faster. Signed-off-by: Rasmus Villemoes Reviewed-by: Benjamin Tissoires Acked-by: Srinivas Pandruvada Signed-off-by: Jiri Kosina drivers/hid/intel-ish-hid/ishtp/bus.c | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) commit bca8f17f57bd76ddf2bbd2527eb890d6f588853e Author: Marc Zyngier Date: Thu Dec 1 10:44:33 2016 +0000 arm64: Get rid of asm/opcodes.h The opcodes.h drags in a lot of definition from the 32bit port, most of which is not required at all. Clean things up a bit by moving the bare minimum of what is required next to the actual users, and drop the include file. Signed-off-by: Marc Zyngier Signed-off-by: Catalin Marinas arch/arm64/include/asm/opcodes.h | 5 ----- arch/arm64/include/asm/sysreg.h | 16 ++++++++++------ arch/arm64/kernel/armv8_deprecated.c | 5 ++++- arch/arm64/kernel/insn.c | 1 - 4 files changed, 14 insertions(+), 13 deletions(-) commit 34a6980c82fb1342e7064844c95aa4cf933e5ecc Author: Robin Murphy Date: Thu Dec 1 15:55:13 2016 +0000 arm64: smp: Prevent raw_smp_processor_id() recursion Under CONFIG_DEBUG_PREEMPT=y, this_cpu_ptr() ends up calling back into raw_smp_processor_id(), resulting in some hilariously catastrophic infinite recursion. In the normal case, we have: #define this_cpu_ptr(ptr) raw_cpu_ptr(ptr) and everything is dandy. However for CONFIG_DEBUG_PREEMPT, this_cpu_ptr() is defined in terms of my_cpu_offset, wherein the fun begins: #define my_cpu_offset per_cpu_offset(smp_processor_id()) ... #define smp_processor_id() debug_smp_processor_id() ... notrace unsigned int debug_smp_processor_id(void) { return check_preemption_disabled("smp_processor_id", ""); ... notrace static unsigned int check_preemption_disabled(const char *what1, const char *what2) { int this_cpu = raw_smp_processor_id(); and bang. Use raw_cpu_ptr() directly to avoid that. Fixes: 57c82954e77f ("arm64: make cpu number a percpu variable") Reported-by: Marek Szyprowski Acked-by: Will Deacon Signed-off-by: Robin Murphy Tested-by: Marek Szyprowski Signed-off-by: Catalin Marinas arch/arm64/include/asm/smp.h | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 84d82ec5b9046ecdf16031d3e93a66ef50257402 Author: Thomas Gleixner Date: Wed Nov 30 21:04:45 2016 +0000 locking/rtmutex: Explain locking rules for rt_mutex_proxy_unlock()/init_proxy_locked() While debugging the unlock vs. dequeue race which resulted in state corruption of futexes the lockless nature of rt_mutex_proxy_unlock() caused some confusion. Add commentry to explain why it is safe to do this lockless. Add matching comments to rt_mutex_init_proxy_locked() for completeness sake. Signed-off-by: Thomas Gleixner Acked-by: Peter Zijlstra (Intel) Cc: David Daney Cc: Linus Torvalds Cc: Mark Rutland Cc: Peter Zijlstra Cc: Sebastian Siewior Cc: Steven Rostedt Cc: Will Deacon Link: http://lkml.kernel.org/r/20161130210030.591941927@linutronix.de Signed-off-by: Ingo Molnar kernel/locking/rtmutex.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) commit b5016e8203003c44264ec88fe2276ff54a51f689 Author: Thomas Gleixner Date: Wed Nov 30 21:04:44 2016 +0000 locking/rtmutex: Get rid of RT_MUTEX_OWNER_MASKALL This is a left over from the original rtmutex implementation which used both bit0 and bit1 in the owner pointer. Commit: 8161239a8bcc ("rtmutex: Simplify PI algorithm and make highest prio task get lock") ... removed the usage of bit1, but kept the extra mask around. This is confusing at best. Remove it and just use RT_MUTEX_HAS_WAITERS for the masking. Signed-off-by: Thomas Gleixner Acked-by: Peter Zijlstra (Intel) Cc: David Daney Cc: Linus Torvalds Cc: Mark Rutland Cc: Peter Zijlstra Cc: Sebastian Siewior Cc: Steven Rostedt Cc: Will Deacon Link: http://lkml.kernel.org/r/20161130210030.509567906@linutronix.de Signed-off-by: Ingo Molnar kernel/locking/rtmutex_common.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 1b95b1a06cb27badb3e53329fb56af2a2113fd80 Merge: 3cded41 1be5d4f Author: Ingo Molnar Date: Fri Dec 2 11:13:44 2016 +0100 Merge branch 'locking/urgent' into locking/core, to pick up dependent fixes Signed-off-by: Ingo Molnar commit e7af7b15121ca08c31a0ab9df71a41b4c53365b4 Merge: 3782746 0fcb1da Author: Ingo Molnar Date: Fri Dec 2 10:08:03 2016 +0100 Merge tag 'perf-core-for-mingo-20161201' of git://git.kernel.org/pub/scm/linux/kernel/git/acme/linux into perf/core Pull perf/core improvements and fixes from Arnaldo Carvalho de Melo: New features: - Support AArch64 in the 'annotate' code, native/local and cross-arch/remote (Kim Phillips) - Allow considering just events in a given time interval, via the '--time start.s.ms,end.s.ms' command line, added to 'perf kmem', 'perf report', 'perf sched timehist' and 'perf script' (David Ahern) - Add option to stop printing a callchain at one of a given group of symbol names (David Ahern) - Handle CPU migration events in 'perf sched timehist' (David Ahern) - Track memory freed in 'perf kmem stat' (David Ahern) Infrastructure: - Add initial support (and perf test entry) for tooling hooks, starting with 'record_start' and 'record_end', that will have as its initial user the eBPF infrastructure, where perf_ prefixed functions will be JITed and run when such hooks are called (Wang Nan) - Remove redundant "test" and similar strings from 'perf test' descriptions (Arnaldo Carvalho de Melo) - Implement assorted libbpf improvements (Wang Nan) Signed-off-by: Arnaldo Carvalho de Melo Signed-off-by: Ingo Molnar commit 3782746a08f6b0a8e385058b6748a5a0f166f3a7 Merge: 2471cec 2caceb3 Author: Ingo Molnar Date: Fri Dec 2 10:07:32 2016 +0100 Merge branch 'linus' into perf/core, to pick up fixes Signed-off-by: Ingo Molnar commit 44b3e31d540e917a4d2292b902ade63fa1748d9a Author: Tin Huynh Date: Fri Dec 2 11:39:13 2016 +0700 leds: pca955x: Add ACPI support This patch enables ACPI support for leds-pca955x driver. Signed-off-by: Tin Huynh Signed-off-by: Jacek Anaszewski drivers/leds/leds-pca955x.c | 24 ++++++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) commit db7ad63624b370100077aa0a849d54fbeabd432b Author: Heiko Carstens Date: Thu Dec 1 12:20:09 2016 +0100 s390/setup: fix memblock usage When converting from bootmem to memblock I missed a subtle difference: the memblock_alloc() functions return uninitialized memory, while the memblock_virt_alloc() functions return zeroed memory. This led to quite random early boot crashes. Therefore use the correct version everywhere now. Hopefully. Signed-off-by: Heiko Carstens Signed-off-by: Martin Schwidefsky arch/s390/kernel/setup.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) commit 3e488c95c72ba8cbe8ab3a5c1c61f058f9e30aed Author: Lars-Peter Clausen Date: Tue Nov 22 22:06:00 2016 +0100 s390/zcrypt: Convert to PM ops Switch the zcrypt bus from legacy suspend/resume callbacks to dev_pm_ops. The conversion is straight forward with the help of SIMPLE_DEV_PM_OPS(). The new dev_pm_ops based version is functionally equivalent to the legacy callbacks version. This will allow to eventually remove support for legacy suspend/resume callbacks from the kernel altogether. Signed-off-by: Lars-Peter Clausen Signed-off-by: Harald Freudenberger Signed-off-by: Martin Schwidefsky drivers/s390/crypto/ap_bus.c | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) commit 9f88eb4df728aebcd2ddd154d99f1d75b428b897 Author: Heiko Carstens Date: Mon Nov 28 11:40:27 2016 +0100 s390/kexec: use node 0 when re-adding crash kernel memory When re-adding crash kernel memory within setup_resources() the function memblock_add() is used. That function will add memory by default to node "MAX_NUMNODES" instead of node 0, like the memory detection code does. In case of !NUMA this will trigger this warning when the kernel generates the vmemmap: Usage of MAX_NUMNODES is deprecated. Use NUMA_NO_NODE instead WARNING: CPU: 0 PID: 0 at mm/memblock.c:1261 memblock_virt_alloc_internal+0x76/0x220 CPU: 0 PID: 0 Comm: swapper Not tainted 4.9.0-rc6 #16 Call Trace: [<0000000000d0b2e8>] memblock_virt_alloc_try_nid+0x88/0xc8 [<000000000083c8ea>] __earlyonly_bootmem_alloc.constprop.1+0x42/0x50 [<000000000083e7f4>] vmemmap_populate+0x1ac/0x1e0 [<0000000000840136>] sparse_mem_map_populate+0x46/0x68 [<0000000000d0c59c>] sparse_init+0x184/0x238 [<0000000000cf45f6>] paging_init+0xbe/0xf8 [<0000000000cf1d4a>] setup_arch+0xa02/0xae0 [<0000000000ced75a>] start_kernel+0x72/0x450 [<0000000000100020>] _stext+0x20/0x80 If NUMA is selected numa_setup_memory() will fix the node assignments before the vmemmap will be populated; so this warning will only appear if NUMA is not selected. To fix this simply use memblock_add_node() and re-add crash kernel memory explicitly to node 0. Reported-and-tested-by: Christian Borntraeger Fixes: 4e042af463f8 ("s390/kexec: fix crash on resize of reserved memory") Cc: # v4.8+ Signed-off-by: Heiko Carstens Signed-off-by: Martin Schwidefsky arch/s390/kernel/setup.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit c7c3f568beff2b72f02a7807ec48b0bc66a7ead6 Author: Madhavan Srinivasan Date: Fri Dec 2 06:05:02 2016 +0530 powerpc/perf: macros for power9 format encoding Patch to add macros and contants to support the power9 raw event encoding format. Couple of functions added since some of the bits fields like PMCxCOMB and THRESH_CMP has different width and location within MMCR* in power9. Signed-off-by: Madhavan Srinivasan Signed-off-by: Michael Ellerman arch/powerpc/perf/isa207-common.c | 57 ++++++++++++++++++++++++++++++++++----- arch/powerpc/perf/isa207-common.h | 30 ++++++++++++++++++++- 2 files changed, 79 insertions(+), 8 deletions(-) commit 18201b204286a1ef478ef52b00ab9f6c5739b4f6 Author: Madhavan Srinivasan Date: Fri Dec 2 06:05:01 2016 +0530 powerpc/perf: power9 raw event format encoding Patch to update the power9 raw event encoding format information and add support for the same in power9-pmu.c. Signed-off-by: Madhavan Srinivasan Signed-off-by: Michael Ellerman arch/powerpc/perf/power9-pmu.c | 134 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 134 insertions(+) commit 520ed5b04f3e807e5bf1b6981ffb50524632fc5f Author: Madhavan Srinivasan Date: Fri Dec 2 06:05:00 2016 +0530 powerpc/perf: update attribute_group data structure Rename the power_pmu and attribute_group variables that support PowerISA v2.07. Add a cpu feature flag check to pick the PowerISA v2.07 format structures to support. Signed-off-by: Madhavan Srinivasan Signed-off-by: Michael Ellerman arch/powerpc/perf/power9-pmu.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) commit 60b00025641e2921dcfba4d54b6cf7f0c5903677 Author: Madhavan Srinivasan Date: Fri Dec 2 06:04:59 2016 +0530 powerpc/perf: factor out the event format field Factor out the format field structure for PowerISA v2.07. Signed-off-by: Madhavan Srinivasan Signed-off-by: Michael Ellerman arch/powerpc/perf/isa207-common.c | 34 ++++++++++++++++++++++++++++++++++ arch/powerpc/perf/power8-pmu.c | 39 ++++----------------------------------- arch/powerpc/perf/power9-pmu.c | 39 ++++----------------------------------- 3 files changed, 42 insertions(+), 70 deletions(-) commit 7268d407ad4c49fbd521fb2e2f675a447bfef472 Author: Len Brown Date: Thu Dec 1 23:10:39 2016 -0500 tools/power turbostat: Denverton uses a 25 MHz crystal, not 19.2 MHz This changes only the TSC frequency decoding line seen with --debug old: TSC: 1382 MHz (19200000 Hz * 216 / 3 / 1000000) new: TSC: 1800 MHz (25000000 Hz * 216 / 3 / 1000000) Signed-off-by: Len Brown tools/power/x86/turbostat/turbostat.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 4b6fad7097f883335b6d9627c883cb7f276d94c9 Author: Alexey Kardashevskiy Date: Wed Nov 30 17:52:05 2016 +1100 powerpc/mm/iommu, vfio/spapr: Put pages on VFIO container shutdown At the moment the userspace tool is expected to request pinning of the entire guest RAM when VFIO IOMMU SPAPR v2 driver is present. When the userspace process finishes, all the pinned pages need to be put; this is done as a part of the userspace memory context (MM) destruction which happens on the very last mmdrop(). This approach has a problem that a MM of the userspace process may live longer than the userspace process itself as kernel threads use userspace process MMs which was runnning on a CPU where the kernel thread was scheduled to. If this happened, the MM remains referenced until this exact kernel thread wakes up again and releases the very last reference to the MM, on an idle system this can take even hours. This moves preregistered regions tracking from MM to VFIO; insteads of using mm_iommu_table_group_mem_t::used, tce_container::prereg_list is added so each container releases regions which it has pre-registered. This changes the userspace interface to return EBUSY if a memory region is already registered in a container. However it should not have any practical effect as the only userspace tool available now does register memory region once per container anyway. As tce_iommu_register_pages/tce_iommu_unregister_pages are called under container->lock, this does not need additional locking. Signed-off-by: Alexey Kardashevskiy Reviewed-by: Nicholas Piggin Acked-by: Alex Williamson Reviewed-by: David Gibson Signed-off-by: Michael Ellerman arch/powerpc/mm/mmu_context_book3s64.c | 4 +-- arch/powerpc/mm/mmu_context_iommu.c | 11 ------ drivers/vfio/vfio_iommu_spapr_tce.c | 61 +++++++++++++++++++++++++++++++++- 3 files changed, 61 insertions(+), 15 deletions(-) commit bc82d122ae4a0e9f971f13403995898fcfa0c09e Author: Alexey Kardashevskiy Date: Wed Nov 30 17:52:04 2016 +1100 vfio/spapr: Reference mm in tce_container In some situations the userspace memory context may live longer than the userspace process itself so if we need to do proper memory context cleanup, we better have tce_container take a reference to mm_struct and use it later when the process is gone (@current or @current->mm is NULL). This references mm and stores the pointer in the container; this is done in a new helper - tce_iommu_mm_set() - when one of the following happens: - a container is enabled (IOMMU v1); - a first attempt to pre-register memory is made (IOMMU v2); - a DMA window is created (IOMMU v2). The @mm stays referenced till the container is destroyed. This replaces current->mm with container->mm everywhere except debug prints. This adds a check that current->mm is the same as the one stored in the container to prevent userspace from making changes to a memory context of other processes. DMA map/unmap ioctls() do not check for @mm as they already check for @enabled which is set after tce_iommu_mm_set() is called. This does not reference a task as multiple threads within the same mm are allowed to ioctl() to vfio and supposedly they will have same limits and capabilities and if they do not, we'll just fail with no harm made. Signed-off-by: Alexey Kardashevskiy Acked-by: Alex Williamson Reviewed-by: David Gibson Signed-off-by: Michael Ellerman drivers/vfio/vfio_iommu_spapr_tce.c | 160 ++++++++++++++++++++++-------------- 1 file changed, 100 insertions(+), 60 deletions(-) commit d9c728949ddc9de5734bf3b12ea906ca8a77f2a0 Author: Alexey Kardashevskiy Date: Wed Nov 30 17:52:03 2016 +1100 vfio/spapr: Postpone default window creation We are going to allow the userspace to configure container in one memory context and pass container fd to another so we are postponing memory allocations accounted against the locked memory limit. One of previous patches took care of it_userspace. At the moment we create the default DMA window when the first group is attached to a container; this is done for the userspace which is not DDW-aware but familiar with the SPAPR TCE IOMMU v2 in the part of memory pre-registration - such client expects the default DMA window to exist. This postpones the default DMA window allocation till one of the folliwing happens: 1. first map/unmap request arrives; 2. new window is requested; This adds noop for the case when the userspace requested removal of the default window which has not been created yet. Signed-off-by: Alexey Kardashevskiy Reviewed-by: David Gibson Acked-by: Alex Williamson Signed-off-by: Michael Ellerman drivers/vfio/vfio_iommu_spapr_tce.c | 40 +++++++++++++++++++++++-------------- 1 file changed, 25 insertions(+), 15 deletions(-) commit 6f01cc692a16405235d5c34056455b182682123c Author: Alexey Kardashevskiy Date: Wed Nov 30 17:52:02 2016 +1100 vfio/spapr: Add a helper to create default DMA window There is already a helper to create a DMA window which does allocate a table and programs it to the IOMMU group. However tce_iommu_take_ownership_ddw() did not use it and did these 2 calls itself to simplify error path. Since we are going to delay the default window creation till the default window is accessed/removed or new window is added, we need a helper to create a default window from all these cases. This adds tce_iommu_create_default_window(). Since it relies on a VFIO container to have at least one IOMMU group (for future use), this changes tce_iommu_attach_group() to add a group to the container first and then call the new helper. Signed-off-by: Alexey Kardashevskiy Reviewed-by: David Gibson Acked-by: Alex Williamson Signed-off-by: Michael Ellerman drivers/vfio/vfio_iommu_spapr_tce.c | 87 ++++++++++++++++++------------------- 1 file changed, 42 insertions(+), 45 deletions(-) commit 39701e56f5f16ea0cf8fc9e8472e645f8de91d23 Author: Alexey Kardashevskiy Date: Wed Nov 30 17:52:01 2016 +1100 vfio/spapr: Postpone allocation of userspace version of TCE table The iommu_table struct manages a hardware TCE table and a vmalloc'd table with corresponding userspace addresses. Both are allocated when the default DMA window is created and this happens when the very first group is attached to a container. As we are going to allow the userspace to configure container in one memory context and pas container fd to another, we have to postpones such allocations till a container fd is passed to the destination user process so we would account locked memory limit against the actual container user constrainsts. This postpones the it_userspace array allocation till it is used first time for mapping. The unmapping patch already checks if the array is allocated. Signed-off-by: Alexey Kardashevskiy Reviewed-by: David Gibson Acked-by: Alex Williamson Signed-off-by: Michael Ellerman drivers/vfio/vfio_iommu_spapr_tce.c | 20 +++++++------------- 1 file changed, 7 insertions(+), 13 deletions(-) commit d7baee6901b34c4895eb78efdbf13a49079d7404 Author: Alexey Kardashevskiy Date: Wed Nov 30 17:52:00 2016 +1100 powerpc/iommu: Stop using @current in mm_iommu_xxx This changes mm_iommu_xxx helpers to take mm_struct as a parameter instead of getting it from @current which in some situations may not have a valid reference to mm. This changes helpers to receive @mm and moves all references to @current to the caller, including checks for !current and !current->mm; checks in mm_iommu_preregistered() are removed as there is no caller yet. This moves the mm_iommu_adjust_locked_vm() call to the caller as it receives mm_iommu_table_group_mem_t but it needs mm. This should cause no behavioral change. Signed-off-by: Alexey Kardashevskiy Reviewed-by: David Gibson Acked-by: Alex Williamson Signed-off-by: Michael Ellerman arch/powerpc/include/asm/mmu_context.h | 16 ++++++------ arch/powerpc/mm/mmu_context_iommu.c | 46 +++++++++++++--------------------- drivers/vfio/vfio_iommu_spapr_tce.c | 14 ++++++++--- 3 files changed, 36 insertions(+), 40 deletions(-) commit 88f54a3581eb9deaa3bd1aade40aef266d782385 Author: Alexey Kardashevskiy Date: Wed Nov 30 17:51:59 2016 +1100 powerpc/iommu: Pass mm_struct to init/cleanup helpers We are going to get rid of @current references in mmu_context_boos3s64.c and cache mm_struct in the VFIO container. Since mm_context_t does not have reference counting, we will be using mm_struct which does have the reference counter. This changes mm_iommu_init/mm_iommu_cleanup to receive mm_struct rather than mm_context_t (which is embedded into mm). This should not cause any behavioral change. Signed-off-by: Alexey Kardashevskiy Reviewed-by: David Gibson Signed-off-by: Michael Ellerman arch/powerpc/include/asm/mmu_context.h | 4 ++-- arch/powerpc/kernel/setup-common.c | 2 +- arch/powerpc/mm/mmu_context_book3s64.c | 4 ++-- arch/powerpc/mm/mmu_context_iommu.c | 9 +++++---- 4 files changed, 10 insertions(+), 9 deletions(-) commit 5cc6323c797687d7193fef6deec589c23f16289a Author: Len Brown Date: Thu Dec 1 21:14:38 2016 -0500 tools/power turbostat: line up headers when -M is used The -M option adds an 18-column item, and the header needs to be wide enough to keep the header aligned with the columns. Signed-off-by: Len Brown tools/power/x86/turbostat/turbostat.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit f6853eb561fb9bfd56dfe0009f0ea27540937bd5 Author: Michael Ellerman Date: Tue Nov 15 21:59:38 2016 +1100 powerpc/64: Define ILLEGAL_POINTER_VALUE for 64-bit This is used in poison.h to offset poison values so that they don't point directly into user space. The value we choose sits roughly between user and kernel space, which means on their own the poison values don't point anywhere useful. If an attacker can cause an access at some offset from the poison value then we may still be in trouble, but by putting the poison values between user and kernel space we maximise the required size of that offset. Signed-off-by: Michael Ellerman arch/powerpc/Kconfig | 7 +++++++ 1 file changed, 7 insertions(+) commit 93c2ec0f7019a155769d1ecfc08a7de83b47e03d Author: Balbir Singh Date: Wed Nov 30 17:45:09 2016 +1100 powerpc Don't print misleading facility name in facility unavailable exception The current facility_strings[] are correct when the trap address is 0xf80 (hypervisor facility unavailable). When the trap address is 0xf60 (facility unavailable) IC (Interruption Cause) a.k.a status in the code is undefined for values 0 and 1. Add a check to prevent printing the (misleading) facility name for IC 0 and 1 when we came in via 0xf60. In all cases, print the actual IC value, to avoid any confusion. This hasn't been seen on real hardware, on only qemu which was misreporting an exception. Signed-off-by: Balbir Singh [mpe: Fix indentation, combine printks(), massage change log] Signed-off-by: Michael Ellerman arch/powerpc/kernel/traps.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit d8ebb442264de62d5d0157adb8f0df96e831b3d3 Author: Len Brown Date: Thu Dec 1 20:27:46 2016 -0500 tools/power turbostat: fix SKX PKG_CSTATE_LIMIT decoding SKX has fewer package C-states than previous generations, and so the decoding of PKG_CSTATE_LIMIT has changed. This changes the line ending with pkg-cstate-limit=XXX: pcYYY Signed-off-by: Len Brown tools/power/x86/turbostat/turbostat.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) commit 499a1d11f2653483f87c3339c8c799bc259536e7 Author: Emilio López Date: Wed Oct 19 09:49:54 2016 -0300 selftest: sync: stress test for merges This test is based on the libsync test suite from Android. This commit includes a test to stress merge operations. Signed-off-by: Emilio López Signed-off-by: Shuah Khan tools/testing/selftests/sync/Makefile | 1 + tools/testing/selftests/sync/sync_stress_merge.c | 115 +++++++++++++++++++++++ tools/testing/selftests/sync/sync_test.c | 1 + tools/testing/selftests/sync/synctest.h | 3 + 4 files changed, 120 insertions(+) commit c52dee5025d904896198b7090cf7df80a4028363 Author: Emilio López Date: Wed Oct 19 09:49:53 2016 -0300 selftest: sync: stress consumer/producer test This test is based on the libsync test suite from Android. This commit includes a stress test that replicates a consumer/producer pattern. Signed-off-by: Emilio López Signed-off-by: Shuah Khan tools/testing/selftests/sync/Makefile | 1 + .../testing/selftests/sync/sync_stress_consumer.c | 185 +++++++++++++++++++++ tools/testing/selftests/sync/sync_test.c | 1 + tools/testing/selftests/sync/synctest.h | 3 + 4 files changed, 190 insertions(+) commit 54b519f32ccd663ca8ee48d43c448271230d3670 Author: Emilio López Date: Wed Oct 19 09:49:52 2016 -0300 selftest: sync: stress test for parallelism This test is based on the libsync test suite from Android. This commit includes a stress test that invokes operations in parallel. Signed-off-by: Emilio López Signed-off-by: Shuah Khan tools/testing/selftests/sync/Makefile | 1 + .../selftests/sync/sync_stress_parallelism.c | 111 +++++++++++++++++++++ tools/testing/selftests/sync/sync_test.c | 1 + tools/testing/selftests/sync/synctest.h | 3 + 4 files changed, 116 insertions(+) commit fdba7cffc32b22afb8070a433c091448b519923f Author: Emilio López Date: Wed Oct 19 09:49:51 2016 -0300 selftest: sync: wait tests for sw_sync framework These tests are based on the libsync test suite from Android. This commit includes tests for waiting on fences. Signed-off-by: Emilio López Signed-off-by: Shuah Khan tools/testing/selftests/sync/Makefile | 1 + tools/testing/selftests/sync/sync_test.c | 1 + tools/testing/selftests/sync/sync_wait.c | 91 ++++++++++++++++++++++++++++++++ tools/testing/selftests/sync/synctest.h | 3 ++ 4 files changed, 96 insertions(+) commit 1c5839c6eefbb938052c57bc32f66b6f276431f3 Author: Emilio López Date: Wed Oct 19 09:49:50 2016 -0300 selftest: sync: merge tests for sw_sync framework These tests are based on the libsync test suite from Android. This commit includes tests for basic merge operations. Signed-off-by: Emilio López Signed-off-by: Shuah Khan tools/testing/selftests/sync/Makefile | 1 + tools/testing/selftests/sync/sync_merge.c | 60 +++++++++++++++++++++++++++++++ tools/testing/selftests/sync/sync_test.c | 1 + tools/testing/selftests/sync/synctest.h | 3 ++ 4 files changed, 65 insertions(+) commit 6a5b7d2c55ca8eca3dc5cc6355885e286ef6df7f Author: Emilio López Date: Wed Oct 19 09:49:49 2016 -0300 selftest: sync: fence tests for sw_sync framework These tests are based on the libsync test suite from Android. This commit includes tests for basic fence creation. Signed-off-by: Emilio López Signed-off-by: Shuah Khan tools/testing/selftests/sync/Makefile | 1 + tools/testing/selftests/sync/sync_fence.c | 132 ++++++++++++++++++++++++++++++ tools/testing/selftests/sync/sync_test.c | 3 + tools/testing/selftests/sync/synctest.h | 4 + 4 files changed, 140 insertions(+) commit 82208160ae35ca00b5494c5c90c1a8721b15bdb1 Author: Emilio López Date: Wed Oct 19 09:49:48 2016 -0300 selftest: sync: basic tests for sw_sync framework These tests are based on the libsync test suite from Android. This commit lays the ground for future tests, as well as includes tests for a variety of basic allocation commands. Signed-off-by: Emilio López Signed-off-by: Shuah Khan tools/testing/selftests/Makefile | 1 + tools/testing/selftests/sync/.gitignore | 1 + tools/testing/selftests/sync/Makefile | 18 +++ tools/testing/selftests/sync/sw_sync.h | 46 +++++++ tools/testing/selftests/sync/sync.c | 221 ++++++++++++++++++++++++++++++ tools/testing/selftests/sync/sync.h | 40 ++++++ tools/testing/selftests/sync/sync_alloc.c | 74 ++++++++++ tools/testing/selftests/sync/sync_test.c | 71 ++++++++++ tools/testing/selftests/sync/synctest.h | 47 +++++++ 9 files changed, 519 insertions(+) commit 74fcdae1a7fdf30de5413ccc1eca271415d01124 Author: Fenghua Yu Date: Thu Dec 1 12:55:14 2016 -0800 x86/intel_rdt: Call intel_rdt_sched_in() with preemption disabled intel_rdt_sched_in() must be called with preemption disabled because the function accesses percpu variables (pqr_state and closid). If a task moves itself via move_myself() preemption is enabled, which violates the calling convention and can result in incorrect closid selection when the task gets preempted or migrated. Add the required protection and a comment about the calling convention. Signed-off-by: Fenghua Yu Cc: "Ravi V Shankar" Cc: "Tony Luck" Cc: "Marcelo Tosatti" Cc: "Sai Prakhya" Cc: "Vikas Shivappa" Cc: "H. Peter Anvin" Link: http://lkml.kernel.org/r/1480625714-54246-1-git-send-email-fenghua.yu@intel.com Signed-off-by: Thomas Gleixner arch/x86/include/asm/intel_rdt.h | 2 ++ arch/x86/kernel/cpu/intel_rdt_rdtgroup.c | 2 ++ 2 files changed, 4 insertions(+) commit 1f759d328f6d8c06b5db55374b028565187deaca Author: Sebastian Andrzej Siewior Date: Sun Nov 27 00:13:48 2016 +0100 soc/fsl/qbman: Convert to hotplug state machine Install the callbacks via the state machine. Signed-off-by: Sebastian Andrzej Siewior Cc: Scott Wood Cc: Claudiu Manoil Cc: rt@linutronix.de Cc: Roy Pledge Link: http://lkml.kernel.org/r/20161126231350.10321-21-bigeasy@linutronix.de Signed-off-by: Thomas Gleixner drivers/soc/fsl/qbman/qman_portal.c | 39 ++++++++++++------------------------- 1 file changed, 12 insertions(+), 27 deletions(-) commit fce77c3562eccdd8002c9c7947f00af70e00a375 Author: Sebastian Andrzej Siewior Date: Sun Nov 27 00:13:47 2016 +0100 soc/fsl/qbman: Convert to hotplug state machine Install the callbacks via the state machine. Signed-off-by: Sebastian Andrzej Siewior Cc: Scott Wood Cc: Claudiu Manoil Cc: rt@linutronix.de Cc: Roy Pledge Link: http://lkml.kernel.org/r/20161126231350.10321-20-bigeasy@linutronix.de Signed-off-by: Thomas Gleixner drivers/soc/fsl/qbman/bman_portal.c | 46 +++++++++++++------------------------ 1 file changed, 16 insertions(+), 30 deletions(-) commit 1dd6c834fa4a75a86fecefb6d1f1525f1cb755c7 Author: Anna-Maria Gleixner Date: Sun Nov 27 00:13:46 2016 +0100 zram: Convert to hotplug state machine Install the callbacks via the state machine with multi instance support and let the core invoke the callbacks on the already online CPUs. [bigeasy: wire up the multi instance stuff] Signed-off-by: Anna-Maria Gleixner Signed-off-by: Sebastian Andrzej Siewior Signed-off-by: Thomas Gleixner Cc: Sergey Senozhatsky Cc: Minchan Kim Cc: rt@linutronix.de Cc: Nitin Gupta Link: http://lkml.kernel.org/r/20161126231350.10321-19-bigeasy@linutronix.de Signed-off-by: Thomas Gleixner drivers/block/zram/zcomp.c | 76 ++++++++++++++----------------------------- drivers/block/zram/zcomp.h | 5 +-- drivers/block/zram/zram_drv.c | 9 +++++ include/linux/cpuhotplug.h | 1 + 4 files changed, 38 insertions(+), 53 deletions(-) commit 3f7cd919f3df05918535de39273174710409eb40 Author: Anna-Maria Gleixner Date: Sun Nov 27 00:13:45 2016 +0100 KVM/PPC/Book3S HV: Convert to hotplug state machine Install the callbacks via the state machine. Signed-off-by: Anna-Maria Gleixner Signed-off-by: Sebastian Andrzej Siewior Cc: kvm@vger.kernel.org Cc: Radim Krčmář Cc: Benjamin Herrenschmidt Cc: linuxppc-dev@lists.ozlabs.org Cc: kvm-ppc@vger.kernel.org Cc: Paul Mackerras Cc: rt@linutronix.de Cc: Michael Ellerman Cc: Paolo Bonzini Cc: Alexander Graf Link: http://lkml.kernel.org/r/20161126231350.10321-18-bigeasy@linutronix.de Signed-off-by: Thomas Gleixner arch/powerpc/kvm/book3s_hv.c | 48 ++++++++++---------------------------------- include/linux/cpuhotplug.h | 1 + 2 files changed, 12 insertions(+), 37 deletions(-) commit a7ce95e1741f2d866481c8138a84ce5af61eb219 Author: Anna-Maria Gleixner Date: Sun Nov 27 00:13:44 2016 +0100 arm64/cpuinfo: Convert to hotplug state machine Install the callbacks via the state machine and let the core invoke the callbacks on the already online CPUs. Signed-off-by: Anna-Maria Gleixner Signed-off-by: Sebastian Andrzej Siewior Reviewed-by: Suzuki K Poulose Cc: Catalin Marinas Cc: Will Deacon Cc: rt@linutronix.de Cc: linux-arm-kernel@lists.infradead.org Link: http://lkml.kernel.org/r/20161126231350.10321-17-bigeasy@linutronix.de Signed-off-by: Thomas Gleixner arch/arm64/kernel/cpuinfo.c | 37 +++++++++---------------------------- 1 file changed, 9 insertions(+), 28 deletions(-) commit 914fb85f01571233af199a78ed1f88d9268421fd Author: Anna-Maria Gleixner Date: Sun Nov 27 00:13:43 2016 +0100 arm64/cpuinfo: Make hotplug notifier symmetric There is no requirement to keep the sysfs files around until the CPU is completely dead. Remove them during the DOWN_PREPARE notification. This is a preparatory patch for converting to the hotplug state machine. Signed-off-by: Anna-Maria Gleixner Signed-off-by: Sebastian Andrzej Siewior Reviewed-by: Suzuki K Poulose Cc: Catalin Marinas Cc: Will Deacon Cc: rt@linutronix.de Cc: linux-arm-kernel@lists.infradead.org Link: http://lkml.kernel.org/r/20161126231350.10321-16-bigeasy@linutronix.de Signed-off-by: Thomas Gleixner arch/arm64/kernel/cpuinfo.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit e46b1db249d83bb19b6bdbed2b2e2ff3858cd211 Author: Anna-Maria Gleixner Date: Sun Nov 27 00:13:42 2016 +0100 mm/compaction: Convert to hotplug state machine Install the callbacks via the state machine. Should the hotplug init fail then no threads are spawned. Signed-off-by: Anna-Maria Gleixner Signed-off-by: Sebastian Andrzej Siewior Cc: Michal Hocko Cc: Mel Gorman Cc: linux-mm@kvack.org Cc: rt@linutronix.de Cc: Andrew Morton Cc: Vlastimil Babka Link: http://lkml.kernel.org/r/20161126231350.10321-15-bigeasy@linutronix.de Signed-off-by: Thomas Gleixner mm/compaction.c | 31 ++++++++++++++++++------------- 1 file changed, 18 insertions(+), 13 deletions(-) commit 21647615db288d9dacad0de6a5df846b39d51bea Author: Anna-Maria Gleixner Date: Sun Nov 27 00:13:41 2016 +0100 iommu/vt-d: Convert to hotplug state machine Install the callbacks via the state machine. Signed-off-by: Anna-Maria Gleixner Signed-off-by: Sebastian Andrzej Siewior Cc: Joerg Roedel Cc: iommu@lists.linux-foundation.org Cc: rt@linutronix.de Cc: David Woodhouse Link: http://lkml.kernel.org/r/20161126231350.10321-14-bigeasy@linutronix.de Signed-off-by: Thomas Gleixner drivers/iommu/intel-iommu.c | 24 ++++++------------------ include/linux/cpuhotplug.h | 1 + 2 files changed, 7 insertions(+), 18 deletions(-) commit cab7a7e5b6c5c2638b00c72559ff9fb715583c98 Author: Sebastian Andrzej Siewior Date: Sun Nov 27 00:13:40 2016 +0100 mm/zswap: Convert pool to hotplug state machine Install the callbacks via the state machine. Multi state is used to address the per-pool notifier. Uppon adding of the intance the callback is invoked for all online CPUs so the manual init can go. Signed-off-by: Sebastian Andrzej Siewior Cc: linux-mm@kvack.org Cc: Seth Jennings Cc: rt@linutronix.de Link: http://lkml.kernel.org/r/20161126231350.10321-13-bigeasy@linutronix.de Signed-off-by: Thomas Gleixner include/linux/cpuhotplug.h | 1 + mm/zswap.c | 99 ++++++++++++++++------------------------------ 2 files changed, 35 insertions(+), 65 deletions(-) commit ad7ed7708db9ff388450935645816d44bf08a56d Author: Sebastian Andrzej Siewior Date: Sun Nov 27 00:13:39 2016 +0100 mm/zswap: Convert dst-mem to hotplug state machine Install the callbacks via the state machine and let the core invoke the callbacks on the already online CPUs. Signed-off-by: Sebastian Andrzej Siewior Cc: linux-mm@kvack.org Cc: Seth Jennings Cc: rt@linutronix.de Link: http://lkml.kernel.org/r/20161126231350.10321-12-bigeasy@linutronix.de Signed-off-by: Thomas Gleixner include/linux/cpuhotplug.h | 1 + mm/zswap.c | 73 +++++++++++----------------------------------- 2 files changed, 18 insertions(+), 56 deletions(-) commit 215c89d055e085c42cea4fd571a1d0db0b6d5648 Author: Sebastian Andrzej Siewior Date: Sun Nov 27 00:13:38 2016 +0100 mm/zsmalloc: Convert to hotplug state machine Install the callbacks via the state machine and let the core invoke the callbacks on the already online CPUs. Signed-off-by: Sebastian Andrzej Siewior Cc: Sergey Senozhatsky Cc: linux-mm@kvack.org Cc: Minchan Kim Cc: rt@linutronix.de Cc: Nitin Gupta Link: http://lkml.kernel.org/r/20161126231350.10321-11-bigeasy@linutronix.de Signed-off-by: Thomas Gleixner include/linux/cpuhotplug.h | 1 + mm/zsmalloc.c | 67 +++++++++------------------------------------- 2 files changed, 14 insertions(+), 54 deletions(-) commit 5438da977f83c945d4e72ee4f9c4508c0eb64e15 Author: Sebastian Andrzej Siewior Date: Tue Nov 29 15:52:21 2016 +0100 mm/vmstat: Convert to hotplug state machine Install the callbacks via the state machine, but do not invoke them as we can initialize the node state without calling the callbacks on all online CPUs. start_shepherd_timer() is now called outside the get_online_cpus() block which is safe as it only operates on cpu possible mask. Signed-off-by: Sebastian Andrzej Siewior Signed-off-by: Thomas Gleixner Cc: linux-mm@kvack.org Cc: rt@linutronix.de Cc: Johannes Weiner Cc: Andrew Morton Cc: Mel Gorman Cc: Vlastimil Babka Link: http://lkml.kernel.org/r/20161129145221.ffc3kg3hd7lxiwj6@linutronix.de Signed-off-by: Thomas Gleixner include/linux/cpuhotplug.h | 1 + mm/vmstat.c | 76 +++++++++++++++++++++------------------------- 2 files changed, 36 insertions(+), 41 deletions(-) commit 4c501327b4c67f2b874219f20c41d2619b49c78c Author: Sebastian Andrzej Siewior Date: Tue Nov 29 15:51:14 2016 +0100 mm/vmstat: Avoid on each online CPU loops Both iterations over online cpus can be replaced by the proper node specific functions. Signed-off-by: Sebastian Andrzej Siewior Acked-by: Michal Hocko Cc: linux-mm@kvack.org Cc: rt@linutronix.de Cc: Johannes Weiner Cc: Andrew Morton Cc: Mel Gorman Cc: Vlastimil Babka Link: http://lkml.kernel.org/r/20161129145113.fn3lw5aazjjvdrr3@linutronix.de Signed-off-by: Thomas Gleixner mm/vmstat.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) commit 76f290935b1a395ee6c9a14697f16593591d1fe8 Author: Sebastian Andrzej Siewior Date: Sun Nov 27 00:13:35 2016 +0100 mm/vmstat: Drop get_online_cpus() from init_cpu_node_state/vmstat_cpu_dead() Both functions are called with protection against cpu hotplug already so *_online_cpus() could be dropped. Signed-off-by: Sebastian Andrzej Siewior Acked-by: Michal Hocko Cc: linux-mm@kvack.org Cc: rt@linutronix.de Cc: Johannes Weiner Cc: Andrew Morton Cc: Mel Gorman Cc: Vlastimil Babka Link: http://lkml.kernel.org/r/20161126231350.10321-8-bigeasy@linutronix.de Signed-off-by: Thomas Gleixner mm/vmstat.c | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) commit b32614c03413f8a6025d8677c2b7c0ee976e63d4 Author: Sebastian Andrzej Siewior Date: Sun Nov 27 00:13:34 2016 +0100 tracing/rb: Convert to hotplug state machine Install the callbacks via the state machine. The notifier in struct ring_buffer is replaced by the multi instance interface. Upon __ring_buffer_alloc() invocation, cpuhp_state_add_instance() will invoke the trace_rb_cpu_prepare() on each CPU. This callback may now fail. This means __ring_buffer_alloc() will fail and cleanup (like previously) and during a CPU up event this failure will not allow the CPU to come up. Signed-off-by: Sebastian Andrzej Siewior Cc: Steven Rostedt Cc: rt@linutronix.de Link: http://lkml.kernel.org/r/20161126231350.10321-7-bigeasy@linutronix.de Signed-off-by: Thomas Gleixner include/linux/cpuhotplug.h | 1 + include/linux/ring_buffer.h | 6 ++ kernel/trace/ring_buffer.c | 135 +++++++++++++++----------------------------- kernel/trace/trace.c | 15 ++++- 4 files changed, 66 insertions(+), 91 deletions(-) commit 14660b7ea3ca628410bb999d53926ca77973892b Author: Sebastian Andrzej Siewior Date: Sun Nov 27 00:13:33 2016 +0100 oprofile/nmi timer: Convert to hotplug state machine Install the callbacks via the state machine and let the core invoke the callbacks on the already online CPUs. Signed-off-by: Sebastian Andrzej Siewior Cc: oprofile-list@lists.sf.net Cc: Robert Richter Cc: rt@linutronix.de Link: http://lkml.kernel.org/r/20161126231350.10321-6-bigeasy@linutronix.de Signed-off-by: Thomas Gleixner drivers/oprofile/nmi_timer_int.c | 58 +++++++++++++--------------------------- 1 file changed, 19 insertions(+), 39 deletions(-) commit 9f9a35a7b654e006250530425eb1fb527f0d32e9 Author: Tomasz Nowicki Date: Thu Dec 1 21:51:12 2016 +0800 ACPI / APEI / ARM64: APEI initial support for ARM64 This patch provides APEI arch-specific bits for ARM64 Meanwhile, (1) Move HEST type (ACPI_HEST_TYPE_IA32_CORRECTED_CHECK) checking to a generic place. (2) Select HAVE_ACPI_APEI when EFI and ACPI is set on ARM64, because arch_apei_get_mem_attribute is using efi_mem_attributes() on ARM64. Signed-off-by: Tomasz Nowicki Tested-by: Jonathan (Zhixiong) Zhang Signed-off-by: Fu Wei [ Fu Wei: improve && upstream ] Acked-by: Hanjun Guo Tested-by: Tyler Baicar Acked-by: Will Deacon Reviewed-by: Borislav Petkov Signed-off-by: Rafael J. Wysocki arch/arm64/Kconfig | 1 + arch/arm64/include/asm/acpi.h | 23 ++++++++++++++++++++++- arch/x86/kernel/acpi/apei.c | 3 --- drivers/acpi/apei/hest.c | 13 ++++++++++--- 4 files changed, 33 insertions(+), 7 deletions(-) commit a545715d2dae8d071c5b06af947b07ffa846b288 Author: Prarit Bhargava Date: Wed Nov 30 08:19:39 2016 -0500 ACPI / APEI: Fix NMI notification handling When removing and adding cpu 0 on a system with GHES NMI the following stack trace is seen when re-adding the cpu: WARNING: CPU: 0 PID: 0 at arch/x86/kernel/apic/apic.c:1349 setup_local_APIC+ Modules linked in: nfsv3 rpcsec_gss_krb5 nfsv4 nfs fscache coretemp intel_ra CPU: 0 PID: 0 Comm: swapper/0 Not tainted 4.9.0-rc6+ #2 Call Trace: dump_stack+0x63/0x8e __warn+0xd1/0xf0 warn_slowpath_null+0x1d/0x20 setup_local_APIC+0x275/0x370 apic_ap_setup+0xe/0x20 start_secondary+0x48/0x180 set_init_arg+0x55/0x55 early_idt_handler_array+0x120/0x120 x86_64_start_reservations+0x2a/0x2c x86_64_start_kernel+0x13d/0x14c During the cpu bringup, wakeup_cpu_via_init_nmi() is called and issues an NMI on CPU 0. The GHES NMI handler, ghes_notify_nmi() runs the ghes_proc_irq_work work queue which ends up setting IRQ_WORK_VECTOR (0xf6). The "faulty" IR line set at arch/x86/kernel/apic/apic.c:1349 is also 0xf6 (specifically APIC IRR for irqs 255 to 224 is 0x400000) which confirms that something has set the IRQ_WORK_VECTOR line prior to the APIC being initialized. Commit 2383844d4850 ("GHES: Elliminate double-loop in the NMI handler") incorrectly modified the behavior such that the handler returns NMI_HANDLED only if an error was processed, and incorrectly runs the ghes work queue for every NMI. This patch modifies the ghes_proc_irq_work() to run as it did prior to 2383844d4850 ("GHES: Elliminate double-loop in the NMI handler") by properly returning NMI_HANDLED and only calling the work queue if NMI_HANDLED has been set. Fixes: 2383844d4850 (GHES: Elliminate double-loop in the NMI handler) Signed-off-by: Prarit Bhargava Reviewed-by: Borislav Petkov Signed-off-by: Rafael J. Wysocki drivers/acpi/apei/ghes.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) commit f36ab161bebe464d33b998294eff29b17a9c8918 Author: Wei Yongjun Date: Fri Oct 28 14:37:02 2016 +0000 NFS: fix typo in parameter description Fix typo in parameter description. Fixes: 5405fc44c337 ("NFSv4.x: Add kernel parameter to control the callback server") Signed-off-by: Wei Yongjun Signed-off-by: Trond Myklebust fs/nfs/super.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit d51fdb87a611f8ef50518df7187173ae10469fd0 Author: NeilBrown Date: Thu Oct 13 15:26:47 2016 +1100 NFS: discard nfs_lockowner structure. It now has only one field and is only used in one structure. So replaced it in that structure by the field it contains. Signed-off-by: NeilBrown Reviewed-by: Jeff Layton Signed-off-by: Trond Myklebust fs/nfs/inode.c | 4 ++-- fs/nfs/nfs4state.c | 2 +- fs/nfs/pagelist.c | 2 +- fs/nfs/write.c | 2 +- include/linux/nfs_fs.h | 6 +----- 5 files changed, 6 insertions(+), 10 deletions(-) commit 8d42443166a5d3800756db98498a4961a5ea5de7 Author: NeilBrown Date: Thu Oct 13 15:26:47 2016 +1100 NFSv4: enhance nfs4_copy_lock_stateid to use a flock stateid if there is one A process can have two possible lock owner for a given open file: a per-process Posix lock owner and a per-open-file flock owner Use both of these when searching for a suitable stateid to use. With this patch, READ/WRITE requests will use the correct stateid if a flock lock is active. Signed-off-by: NeilBrown Reviewed-by: Jeff Layton Signed-off-by: Trond Myklebust fs/nfs/nfs4state.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) commit 1739347549653dc2463d208d7039f5e97b8f1e8b Author: NeilBrown Date: Thu Oct 13 15:26:47 2016 +1100 NFSv4: change nfs4_select_rw_stateid to take a lock_context inplace of lock_owner The only time that a lock_context is not immediately available is in setattr, and now that it has an open_context, it can easily find one with nfs_get_lock_context. This removes the need for the on-stack nfs_lockowner. This change is preparation for correctly support flock stateids. Signed-off-by: NeilBrown Reviewed-by: Jeff Layton Signed-off-by: Trond Myklebust fs/nfs/nfs4_fs.h | 2 +- fs/nfs/nfs4proc.c | 15 ++++++--------- fs/nfs/nfs4state.c | 11 +++++------ 3 files changed, 12 insertions(+), 16 deletions(-) commit 29b59f94169374c412cedf60c77073df4e68ce51 Author: NeilBrown Date: Thu Oct 13 15:26:47 2016 +1100 NFSv4: change nfs4_do_setattr to take an open_context instead of a nfs4_state. The open_context can always lead directly to the state, and is always easily available, so this is a straightforward change. Doing this makes more information available to _nfs4_do_setattr() for use in the next patch. Signed-off-by: NeilBrown Reviewed-by: Jeff Layton Signed-off-by: Trond Myklebust fs/nfs/nfs4proc.c | 28 +++++++++++++--------------- 1 file changed, 13 insertions(+), 15 deletions(-) commit 532d4def2f95623a9b8b2cef7723e14521377911 Author: NeilBrown Date: Thu Oct 13 15:26:47 2016 +1100 NFSv4: add flock_owner to open context An open file description (struct file) in a given process can be associated with two different lock owners. It can have a Posix lock owner which will be different in each process that has a fd on the file. It can have a Flock owner which will be the same in all processes. When searching for a lock stateid to use, we need to consider both of these owners So add a new "flock_owner" to the "nfs_open_context" (of which there is one for each open file description). This flock_owner does not need to be reference-counted as there is a 1-1 relation between 'struct file' and nfs open contexts, and it will never be part of a list of contexts. So there is no need for a 'flock_context' - just the owner is enough. The io_count included in the (Posix) lock_context provides no guarantee that all read-aheads that could use the state have completed, so not supporting it for flock locks in not a serious problem. Synchronization between flock and read-ahead can be added later if needed. When creating an open_context for a non-openning create call, we don't have a 'struct file' to pass in, so the lock context gets initialized with a NULL owner, but this will never be used. The flock_owner is not used at all in this patch, that will come later. Acked-by: Jeff Layton Signed-off-by: NeilBrown Reviewed-by: Jeff Layton Signed-off-by: Trond Myklebust fs/nfs/dir.c | 6 +++--- fs/nfs/inode.c | 7 +++++-- fs/nfs/nfs4file.c | 2 +- fs/nfs/nfs4proc.c | 2 +- include/linux/nfs_fs.h | 3 ++- 5 files changed, 12 insertions(+), 8 deletions(-) commit b184b5c38e4640585126e44ef84f2dbdd0d23d5a Author: NeilBrown Date: Thu Oct 13 15:26:47 2016 +1100 NFS: remove l_pid field from nfs_lockowner this field is not used in any important way and probably should have been removed by Commit: 8003d3c4aaa5 ("nfs4: treat lock owners as opaque values") which removed the pid argument from nfs4_get_lock_state. Except in unusual and uninteresting cases, two threads with the same ->tgid will have the same ->files pointer, so keeping them both for comparison brings no benefit. Acked-by: Jeff Layton Signed-off-by: NeilBrown Reviewed-by: Jeff Layton Signed-off-by: Trond Myklebust fs/nfs/inode.c | 3 --- fs/nfs/nfs4proc.c | 1 - fs/nfs/pagelist.c | 3 +-- fs/nfs/write.c | 3 +-- include/linux/nfs_fs.h | 1 - 5 files changed, 2 insertions(+), 9 deletions(-) commit 4d3b55d3c7c8c628498fefac4779fc02de5af492 Author: Anna Schumaker Date: Wed Nov 23 13:49:38 2016 -0500 NFS: Remove unused argument from nfs_direct_write_complete() This parameter hasn't been used since 2a009ec9 (Linux 3.13-rc3), so let's remove it from this function. Signed-off-by: Anna Schumaker Signed-off-by: Trond Myklebust fs/nfs/direct.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) commit 7d38de3ffa75f92e7b00301dcdc6a3f9c53509ab Author: Anna Schumaker Date: Thu Nov 17 15:15:55 2016 -0500 NFS: Remove unused authflavour parameter from nfs_get_client() This parameter hasn't been used since f8407299 (Linux 3.11-rc2), so let's remove it from this function and callers. Signed-off-by: Anna Schumaker Signed-off-by: Trond Myklebust fs/nfs/client.c | 6 ++---- fs/nfs/filelayout/filelayoutdev.c | 3 +-- fs/nfs/flexfilelayout/flexfilelayoutdev.c | 3 +-- fs/nfs/internal.h | 8 +++----- fs/nfs/nfs3client.c | 5 ++--- fs/nfs/nfs4client.c | 10 +++------- fs/nfs/pnfs.h | 3 +-- fs/nfs/pnfs_nfs.c | 28 ++++++++++------------------ 8 files changed, 23 insertions(+), 43 deletions(-) commit a55fa9d0e42e31b0292540e6324d481aad307644 Author: Gao Pan Date: Wed Nov 30 10:40:47 2016 +0800 i2c: imx-lpi2c: add low power i2c bus driver This patch adds lpi2c bus driver to support new i.MX products which use lpi2c instead of the old imx i2c. The lpi2c can continue operating in stop mode when an appropriate clock is available. It is also designed for low CPU overhead with DMA offloading of FIFO register accesses. Signed-off-by: Gao Pan Reviewed-by: Fugang Duan Reviewed-by: Vladimir Zapolskiy Signed-off-by: Wolfram Sang drivers/i2c/busses/Kconfig | 10 + drivers/i2c/busses/Makefile | 1 + drivers/i2c/busses/i2c-imx-lpi2c.c | 646 +++++++++++++++++++++++++++++++++++++ 3 files changed, 657 insertions(+) commit 20ce1e308d6b2f9909ed42c2d6c46b431ffa1b5d Author: Gao Pan Date: Wed Nov 30 10:40:46 2016 +0800 dt-bindings: i2c: imx-lpi2c: add devicetree bindings Add a binding document for lpi2c driver. Signed-off-by: Gao Pan Signed-off-by: Wolfram Sang .../devicetree/bindings/i2c/i2c-imx-lpi2c.txt | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) commit ced85a7568b57a671fe186562dfc601a5baab54d Author: J. Bruce Fields Date: Mon Nov 28 09:02:52 2016 -0500 nfs: fix false positives in nfs40_walk_client_list() It's possible that two different servers can return the same (clientid, verifier) pair purely by coincidence. Both are 64-bit values, but depending on the server implementation, they can be highly predictable and collisions may be quite likely, especially when there are lots of servers. So, check for this case. If the clientid and verifier both match, then we actually know they *can't* be the same server, since a new SETCLIENTID to an already-known server should have changed the verifier. This helps fix a bug that could cause the client to mount a filesystem from the wrong server. Reviewed-by: Jeff Layton Tested-by: Yongcheng Yang Signed-off-by: J. Bruce Fields Signed-off-by: Trond Myklebust fs/nfs/nfs4client.c | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) commit 2c2ee6d20b10594892c1d31c7b959f4780adde63 Author: NeilBrown Date: Wed Nov 23 14:44:58 2016 +1100 sunrpc: Don't engage exponential backoff when connection attempt is rejected. xs_connect() contains an exponential backoff mechanism so the repeated connection attempts are delayed by longer and longer amounts. This is appropriate when the connection failed due to a timeout, but it not appropriate when a definitive "no" answer is received. In such cases, call_connect_status() imposes a minimum 3-second back-off, so not having the exponetial back-off will never result in immediate retries. The current situation is a problem when the NFS server tries to register with rpcbind but rpcbind isn't running. All connection attempts are made on the same "xprt" and as the connection is never "closed", the exponential back delays successive attempts to register, or de-register, different protocols. This results in a multi-minute delay with no benefit. So, when call_connect_status() receives a definitive "no", use xprt_conditional_disconnect() to cancel the previous connection attempt. This will set XPRT_CLOSE_WAIT so that xprt->ops->close() calls xs_close() which resets the reestablish_timeout. To ensure xprt_conditional_disconnect() does the right thing, we ensure that rq_connect_cookie is set before a connection attempt, and allow xprt_conditional_disconnect() to complete even when the transport is not fully connected. Signed-off-by: NeilBrown Signed-off-by: Trond Myklebust net/sunrpc/clnt.c | 2 ++ net/sunrpc/xprt.c | 3 ++- 2 files changed, 4 insertions(+), 1 deletion(-) commit 531ccabbe4cc2d09234e9009d47f7f2539c6d047 Author: Alexander Stein Date: Wed Nov 30 17:34:15 2016 +0100 i2c: designware-pcidrv: Add 10bit address feature to medfield/merrifield Both Merrifield TRM and Medfield TRM state: "Both 7-bit and 10-bit addressing modes are supported." Signed-off-by: Alexander Stein Acked-by: Andy Shevchenko Acked-by: Jarkko Nikula Signed-off-by: Wolfram Sang drivers/i2c/busses/i2c-designware-pcidrv.c | 2 ++ 1 file changed, 2 insertions(+) commit 294be03c627b469f79ce391dafb163581d3158ba Author: Romain Perier Date: Thu Dec 1 12:04:38 2016 +0100 i2c: pxa: Add support for the I2C units found in Armada 3700 The Armada 3700 has two I2C controllers that is compliant with the I2C Bus Specificiation 2.1, supports multi-master and different bus speed: Standard mode (up to 100 KHz), Fast mode (up to 400 KHz), High speed mode (up to 3.4 Mhz). This IP block has a lot of similarity with the PXA, except some register offsets and bitfield. This commits adds a basic support for this I2C unit. Signed-off-by: Romain Perier Tested-by: Gregory CLEMENT Signed-off-by: Wolfram Sang drivers/i2c/busses/Kconfig | 2 +- drivers/i2c/busses/i2c-pxa.c | 15 +++++++++++++++ 2 files changed, 16 insertions(+), 1 deletion(-) commit 6c14bdacdb29c391fe76e442139d96bc1bf1f59b Author: Romain Perier Date: Thu Dec 1 12:04:37 2016 +0100 i2c: pxa: Add definition of fast and high speed modes via the regs layout So far, the bit masks for the fast and high speed mode were statically defined. Some IP blocks might use different bits for these modes. This commit introduces new fields in order to enable the definition of different bit masks for these features. If these fields are undefined, ICR_FM and ICR_HS are selected to preserve backward compatibility with other IPs. Signed-off-by: Romain Perier Signed-off-by: Wolfram Sang drivers/i2c/busses/i2c-pxa.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) commit c2709028034230f33da790d52915e9a2495fbf46 Author: Romain Perier Date: Thu Dec 1 12:04:40 2016 +0100 dt-bindings: i2c: pxa: Update the documentation for the Armada 3700 This commit documents the compatible string to have the compatibility for the I2C unit found in the Armada 3700. Signed-off-by: Romain Perier Acked-by: Rob Herring Signed-off-by: Wolfram Sang Documentation/devicetree/bindings/i2c/i2c-pxa.txt | 1 + 1 file changed, 1 insertion(+) commit b85f562049cc7dce0d65577427a8321197d20983 Author: Trond Myklebust Date: Wed Nov 30 18:00:07 2016 -0500 pNFS: Skip invalid stateids when doing a bulk destroy If the layout stateid is already invalid, we have no work to do. Signed-off-by: Trond Myklebust fs/nfs/pnfs.c | 2 ++ 1 file changed, 2 insertions(+) commit 29ade5db12930ec60133f6a02791f4b1a4af2943 Author: Trond Myklebust Date: Wed Nov 30 16:23:38 2016 -0500 pNFS: Wait on outstanding layoutreturns to complete in pnfs_roc() Signed-off-by: Trond Myklebust fs/nfs/pnfs.c | 9 +++++++++ 1 file changed, 9 insertions(+) commit abb3e1c8777ec2baffa2c736aa06280821018995 Author: Trond Myklebust Date: Wed Nov 30 11:38:10 2016 -0500 pNFS: Don't mark the layout as freed if the last lseg is marked for return Address another memory leak. Signed-off-by: Trond Myklebust fs/nfs/pnfs.c | 2 ++ 1 file changed, 2 insertions(+) commit 4aab97327f35aac17b7f62976ea44b1bacfaa92b Author: Trond Myklebust Date: Wed Nov 30 10:47:48 2016 -0500 pNFS: Sync the layout state bits in pnfs_cache_lseg_for_layoutreturn Ensure that the layout state bits are synced when we cache a layout segment for layoutreturn using an appropriate call to pnfs_set_plh_return_info. Signed-off-by: Trond Myklebust fs/nfs/pnfs.c | 29 +++++++++++++++-------------- 1 file changed, 15 insertions(+), 14 deletions(-) commit 24408f5282df58210cfecaa6851b2be52f5c661f Author: Trond Myklebust Date: Wed Nov 30 10:19:09 2016 -0500 pNFS: Fix bugs in _pnfs_return_layout We need to honour the NFS_LAYOUT_RETURN_REQUESTED bit regardless of whether or not there are layout segments pending. Furthermore, we should ensure that we leave the plh_return_segs list empty. This patch fixes a memory leak of the layout segments on plh_return_segs. Signed-off-by: Trond Myklebust fs/nfs/pnfs.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) commit fe1cf9469d7bcb6af27e42eb555a41b0135bce4a Author: Trond Myklebust Date: Wed Nov 30 12:32:55 2016 -0500 pNFS: Clear all layout segment state in pnfs_mark_layout_stateid_invalid When the layout state is invalidated, then so is the layout segment state, and hence we do need to clean up the state bits. Signed-off-by: Trond Myklebust fs/nfs/pnfs.c | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) commit 53e6fc86abbbd7338f16267846a58de7ee24e839 Author: Trond Myklebust Date: Sat Nov 19 08:48:47 2016 -0500 pNFS: Prevent unnecessary layoutreturns after delegreturn If we cannot grab the inode or superblock, then we cannot pin the layout header, and so we cannot send a layoutreturn as part of an async delegreturn call. In this case, we currently end up sending an extra layoutreturn after the delegreturn. Since the layout was implicitly returned by the delegreturn, that just gets a BAD_STATEID. The fix is to simply complete the return-on-close immediately. Signed-off-by: Trond Myklebust fs/nfs/nfs4proc.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit 1c5bd76d17cca6836e9d9913e4a0356cd8a36598 Author: Trond Myklebust Date: Wed Nov 16 01:11:25 2016 -0500 pNFS: Enable layoutreturn operation for return-on-close Amend the pnfs return on close helper functions to enable sending the layoutreturn op in CLOSE/DELEGRETURN. This closes a potential race between CLOSE/DELEGRETURN and parallel OPEN calls to the same file, and allows the client and the server to agree on whether or not there is an outstanding layout. Signed-off-by: Trond Myklebust fs/nfs/nfs4proc.c | 45 ++++++++---------- fs/nfs/pnfs.c | 139 ++++++++++++++++++++++++------------------------------ fs/nfs/pnfs.h | 30 ++++++------ 3 files changed, 96 insertions(+), 118 deletions(-) commit 828ed9ec1b565445b8c060c8a97be4f396ef614b Author: Trond Myklebust Date: Tue Nov 15 21:47:27 2016 -0500 pNFS: Clean up - add a helper to initialise struct layoutreturn_args Signed-off-by: Trond Myklebust fs/nfs/pnfs.c | 25 ++++++++++++++++++------- 1 file changed, 18 insertions(+), 7 deletions(-) commit 586f1c39daf5c840c742b9be1ec236429f26dc13 Author: Trond Myklebust Date: Tue Nov 15 15:03:33 2016 -0500 NFSv4: Add encode/decode of the layoutreturn op in DELEGRETURN Add XDR encoding for the layoutreturn op, and storage for the layoutreturn arguments to the DELEGRETURN compound. Signed-off-by: Trond Myklebust fs/nfs/nfs4proc.c | 50 ++++++++++++++++++++++++++++++++++++++++--------- fs/nfs/nfs4xdr.c | 10 ++++++++++ include/linux/nfs_xdr.h | 3 +++ 3 files changed, 54 insertions(+), 9 deletions(-) commit cf80516579ceb87b91205e68fb31d5affd5aea8d Author: Trond Myklebust Date: Tue Nov 15 14:56:07 2016 -0500 NFSv4: Add encode/decode of the layoutreturn op in CLOSE Add XDR encoding for the layoutreturn op, and storage for the layoutreturn arguments to the CLOSE compound. Signed-off-by: Trond Myklebust fs/nfs/nfs4proc.c | 49 ++++++++++++++++++++++++++++++++++++++++--------- fs/nfs/nfs4xdr.c | 26 ++++++++++++++++++++++++++ include/linux/nfs_xdr.h | 3 +++ 3 files changed, 69 insertions(+), 9 deletions(-) commit d8434d4c54789bd8ac30b4a69037115b3594d2b3 Author: Trond Myklebust Date: Wed Nov 16 13:54:00 2016 -0500 NFSv4: Fix missing operation accounting in NFS4_dec_delegreturn_sz We need to account for the reply to the PUTFH operation in the DELEGRETURN compound. Signed-off-by: Trond Myklebust fs/nfs/nfs4xdr.c | 1 + 1 file changed, 1 insertion(+) commit 69820d22c559c46f94e9ae08677581365c3748d5 Author: Trond Myklebust Date: Tue Nov 15 18:29:59 2016 -0500 pNFS: Don't mark layout segments invalid on layoutreturn in pnfs_roc The layoutreturn call will take care of invalidating the layout segments once the call is successful. Signed-off-by: Trond Myklebust fs/nfs/pnfs.c | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) commit 94e5c571fccb8eb551d3d5f5d163bf0c253a6ed8 Author: Trond Myklebust Date: Thu Sep 15 18:49:52 2016 -0400 pNFS: Get rid of unnecessary layout parameter in encode_layoutreturn callback The parameter is already present in the "args" structure. Signed-off-by: Trond Myklebust fs/nfs/flexfilelayout/flexfilelayout.c | 4 ++-- fs/nfs/nfs4xdr.c | 8 ++++---- fs/nfs/objlayout/objlayout.c | 4 ++-- fs/nfs/objlayout/objlayout.h | 1 - fs/nfs/pnfs.h | 3 +-- 5 files changed, 9 insertions(+), 11 deletions(-) commit 0cdc329ec9b150c165bcb603c4314b4031b24785 Author: Trond Myklebust Date: Mon Nov 21 11:05:33 2016 -0500 pNFS: Skip checking for return-on-close if the layout is invalid Signed-off-by: Trond Myklebust fs/nfs/pnfs.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit e685d237e60886afd75c918c80d20a3dc2ad27c9 Author: Trond Myklebust Date: Fri Nov 18 15:18:52 2016 -0500 pNFS: Remove spurious wake up in pnfs_layout_remove_lseg() There is no change to the value of NFS_LAYOUT_RETURN, so we should not be waking up the RPC call. Signed-off-by: Trond Myklebust fs/nfs/pnfs.c | 3 --- 1 file changed, 3 deletions(-) commit 2a974425e57fb882c93709c6072bf66d04431635 Author: Trond Myklebust Date: Sun Nov 20 13:13:54 2016 -0500 NFSv4: Ignore LAYOUTRETURN result if the layout doesn't match or is invalid Fix a potential race with CB_LAYOUTRECALL in which the server recalls the remaining layout segments while our LAYOUTRETURN is still in transit. Signed-off-by: Trond Myklebust fs/nfs/nfs4proc.c | 3 +-- fs/nfs/pnfs.c | 8 +++++++- fs/nfs/pnfs.h | 2 +- 3 files changed, 9 insertions(+), 4 deletions(-) commit 68f744797edd27016055c562a605691f5d4ac933 Author: Trond Myklebust Date: Wed Oct 12 19:50:54 2016 -0400 pNFS: Do not free layout segments that are marked for return We may want to process and transmit layout stat information for the layout segments that are being returned, so we should defer freeing them until after the layoutreturn has completed. Signed-off-by: Trond Myklebust fs/nfs/nfs4proc.c | 15 +++-------- fs/nfs/pnfs.c | 74 ++++++++++++++++++++++++++++++++++++++++++++++++------- fs/nfs/pnfs.h | 6 ++++- 3 files changed, 73 insertions(+), 22 deletions(-) commit 7b410d9ce460f70e346d91d8cfbdd2cb054eb775 Author: Trond Myklebust Date: Mon Oct 31 10:05:21 2016 -0400 pNFS: Delay getting the layout header in CB_LAYOUTRECALL handlers Instead of grabbing the layout, we want to get the inode so that we can reduce races between layoutget and layoutrecall when the server does not support call referring. Signed-off-by: Trond Myklebust fs/nfs/callback_proc.c | 99 ++++++++++++++++++++++++++++++++++---------------- 1 file changed, 67 insertions(+), 32 deletions(-) commit 17822b207f3b66c3aa09d749d583ae63b3637f01 Author: Trond Myklebust Date: Tue Oct 25 12:24:25 2016 -0400 pNFS: consolidate the different range intersection tests Both pnfs.c and the flexfiles code have their own versions of the range intersection testing, and the "end_offset" helper. Signed-off-by: Trond Myklebust fs/nfs/flexfilelayout/flexfilelayoutdev.c | 33 +++++++---------------------- fs/nfs/pnfs.c | 35 +++---------------------------- fs/nfs/pnfs.h | 32 ++++++++++++++++++++++++++++ 3 files changed, 43 insertions(+), 57 deletions(-) commit ee284e35d8c71bf5d4d807eaff6f67a17134b359 Author: Trond Myklebust Date: Fri Nov 18 15:21:30 2016 -0500 pNFS: Fix race in pnfs_wait_on_layoutreturn We must put the task to sleep while holding the inode->i_lock in order to ensure atomicity with the test for NFS_LAYOUT_RETURN. Fixes: 500d701f336b ("NFS41: make close wait for layoutreturn") Signed-off-by: Trond Myklebust fs/nfs/pnfs.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) commit 6604b203fb6394ed1f24c21bfa3c207e5ae8e461 Author: Trond Myklebust Date: Mon Oct 17 17:54:32 2016 -0400 pNFS: On error, do not send LAYOUTGET until the LAYOUTRETURN has completed If there is an I/O error, we should not call LAYOUTGET until the LAYOUTRETURN that reports the error is complete. Signed-off-by: Trond Myklebust Cc: stable@vger.kernel.org # v4.8+ fs/nfs/pnfs.c | 6 +++++- fs/nfs/pnfs.h | 1 + 2 files changed, 6 insertions(+), 1 deletion(-) commit 9888d837f3cf6b1f38f7717ab58236f94123ca19 Author: Trond Myklebust Date: Wed Nov 23 12:36:04 2016 -0500 pNFS: Force a retry of LAYOUTGET if the stateid doesn't match our cache If the server sends us a completely new stateid, and the client thinks it already holds a layout, then force a retry of the LAYOUTGET after invalidating the existing layout in order to avoid corruption due to races. Signed-off-by: Trond Myklebust fs/nfs/pnfs.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) commit ae5a459d5f65c3e83f3e14068dde5fb9c9d81807 Author: Trond Myklebust Date: Mon Nov 14 14:34:18 2016 -0500 pNFS: Clear NFS_LAYOUT_RETURN_REQUESTED when invalidating the layout stateid We must ensure that we don't schedule a layoutreturn if the layout stateid has been marked as invalid. Fixes: 2a59a0411671e ("pNFS: Fix pnfs_set_layout_stateid() to clear...") Signed-off-by: Trond Myklebust Cc: stable@vger.kernel.org # v4.8+ fs/nfs/pnfs.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) commit 7b650994ab07434ae58a247dc9ac87d2488ca75c Author: Trond Myklebust Date: Mon Nov 14 13:10:48 2016 -0500 pNFS: Don't clear the layout stateid if a layout return is outstanding If we no longer hold any layout segments, we're normally expected to consider the layout stateid to be invalid. However we cannot assume this if we're about to, or in the process of sending a layoutreturn. Fixes: 334a8f37115b ("pNFS: Don't forget the layout stateid if...") Signed-off-by: Trond Myklebust Cc: stable@vger.kernel.org # v4.8+ fs/nfs/pnfs.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 54e4a0dfa25d9365c4e80a639e80d9213eb6edbe Author: Trond Myklebust Date: Sun Nov 27 15:12:39 2016 -0500 pNFS: Fix a deadlock between read resends and layoutreturn We must not call nfs_pageio_init_read() on a new nfs_pageio_descriptor while holding a reference to a layout segment, as that can deadlock pnfs_update_layout(). Fixes: d67ae825a59d6 ("pnfs/flexfiles: Add the FlexFile Layout Driver") Signed-off-by: Trond Myklebust Cc: stable@vger.kernel.org # v4.0+ fs/nfs/flexfilelayout/flexfilelayout.c | 4 ++++ fs/nfs/pnfs.c | 4 ++++ 2 files changed, 8 insertions(+) commit 9a837856cf612d83e9ede7081972a2fa78de6921 Author: Fred Isaman Date: Tue Sep 27 15:37:11 2016 -0400 NFSv4.1: Fix regression in callback retry handling When initializing a freshly created slot for the calllback channel, the seq_nr needs to be 0, not 1. Otherwise validate_seqid and nfs4_slot_wait_on_seqid get confused and believe that the mpty slot corresponds to a previously sent reply. Signed-off-by: Fred Isaman Signed-off-by: Trond Myklebust fs/nfs/nfs4session.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 1ad13dbc85911fcf15232342205c92e250335267 Author: Trond Myklebust Date: Thu Oct 27 18:42:04 2016 -0400 NFSv4: Optimise away forced revalidation when we know the attributes are OK The NFS_INO_REVAL_FORCED flag needs to be set if we just got a delegation, and we see that there might still be some ambiguity as to whether or not our attribute or data cache are valid. In practice, this means that a call to nfs_check_inode_attributes() will have noticed a discrepancy between cached attributes and measured ones, so let's move the setting of NFS_INO_REVAL_FORCED to there. Signed-off-by: Trond Myklebust fs/nfs/delegation.c | 4 ---- fs/nfs/inode.c | 2 +- 2 files changed, 1 insertion(+), 5 deletions(-) commit 3ecefc9295991eaaad4c67915c6384e5d18cc632 Author: Trond Myklebust Date: Thu Oct 27 18:25:04 2016 -0400 NFSv4: Don't request close-to-open attribute when holding a delegation If holding a delegation, we do not need to ask the server to return close-to-open cache consistency attributes as part of the CLOSE compound. Signed-off-by: Trond Myklebust fs/nfs/nfs4proc.c | 10 ++++++++-- fs/nfs/nfs4xdr.c | 3 ++- 2 files changed, 10 insertions(+), 3 deletions(-) commit 3947b74d0f9d0738335d8b2bca2bde057f9141be Author: Trond Myklebust Date: Thu Oct 27 18:27:02 2016 -0400 NFSv4: Don't request a GETATTR on open_downgrade. If we're not closing the file completely, there is no need to request close-to-open attributes. Signed-off-by: Trond Myklebust fs/nfs/nfs4xdr.c | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) commit 1cc1baf14b595bd44e83c2aca2fe487df7b6a1e3 Author: Trond Myklebust Date: Thu Nov 10 15:47:26 2016 -0500 NFSv4: Don't ask for the change attribute when reclaiming state We don't need to ask for the change attribute when returning a delegation or recovering from a server reboot, and it could actually cause us to obtain an incorrect value if we're using a pNFS flavour that requires LAYOUTCOMMIT. Signed-off-by: Trond Myklebust fs/nfs/nfs4proc.c | 1 - 1 file changed, 1 deletion(-) commit 536585ccf95d34d64e2855f72608095854b8fc0e Author: Trond Myklebust Date: Thu Nov 10 15:40:34 2016 -0500 NFSv4: Don't check file access when reclaiming state If we're reclaiming state after a reboot, or as part of returning a delegation, we don't need to check access modes again. Signed-off-by: Trond Myklebust fs/nfs/nfs4proc.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) commit fb1013a01673acf7e94e38cda169828ac76b345a Author: Sebastian Andrzej Siewior Date: Tue Nov 29 10:51:43 2016 +0100 intel_idle: Convert to hotplug state machine Install the callbacks via the state machine and let the core invoke the callbacks on the already online CPUs. The two smp_call_function_single() invocations in intel_idle_cpu_init() have been removed because intel_idle_cpu_init() is now invoked via the hotplug callback which runs on the target CPU. The IRQ-off calling convention for auto_demotion_disable() and c1e_promotion_disable() has not been preserved because only those two modify the MSR during CPU intialization. Signed-off-by: Sebastian Andrzej Siewior Acked-by: Jacob Pan Signed-off-by: Rafael J. Wysocki drivers/idle/intel_idle.c | 103 ++++++++++++++++++---------------------------- 1 file changed, 39 insertions(+), 64 deletions(-) commit 29d7bbada98e0969dd2ea159104aa55052a1c439 Author: Anna-Maria Gleixner Date: Sun Nov 27 00:13:31 2016 +0100 intel_idle: Remove superfluous SMP fuction call Since commit 1cf4f629d9d2 ("cpu/hotplug: Move online calls to hotplugged cpu") the CPU_ONLINE and CPU_DOWN_PREPARE notifiers are always run on the hot plugged CPU, and as of commit 3b9d6da67e11 ("cpu/hotplug: Fix rollback during error-out in __cpu_disable()") the CPU_DOWN_FAILED notifier also runs on the hot plugged CPU. This patch converts the SMP functional calls into direct calls. smp_function_call_single() executes the function with interrupts disabled. This calling convention is not preserved, because tick_broadcast_enable() and tick_braodcast_disable() handle interrupts themselves. Signed-off-by: Anna-Maria Gleixner Signed-off-by: Sebastian Andrzej Siewior Acked-by: Jacob Pan Signed-off-by: Rafael J. Wysocki drivers/idle/intel_idle.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 1bfbc260a5b474f1376bdfdfbc590f75645d62af Author: Sylwester Nawrocki Date: Wed Nov 2 17:05:45 2016 +0100 ASoC: samsung: Add machine driver for Exynos5433 based TM2 board This patch adds the sound machine driver for the TM2 and TM2E boards. Speaker and headphone playback, Main Mic capture, Bluetooth, Voice call and external accessory are supported. Signed-off-by: Inha Song [k.kozlowski: rebased on 4.1] Signed-off-by: Krzysztof Kozlowski [s.nawrocki: rebased to 4.7, adjustment to the ASoC core changes, removed unused ops and direct calls to the max98504 function, added parsing of "audio-amplifier" and "audio-codec" properties, added TDM API calls, switched to gpiod API] Signed-off-by: Sylwester Nawrocki Reviewed-by: Charles Keepax Signed-off-by: Mark Brown sound/soc/samsung/Kconfig | 9 + sound/soc/samsung/Makefile | 2 + sound/soc/samsung/tm2_wm5110.c | 552 +++++++++++++++++++++++++++++++++++++++++ 3 files changed, 563 insertions(+) commit 48a760279ba31c59b8cfb14c5be9ed1c8e191038 Author: Sylwester Nawrocki Date: Wed Nov 2 17:02:37 2016 +0100 ASoC: samsung: Add DT bindings documentation for TM2 sound subsystem This patch adds DT binding documentation for Exnos5433 based TM2 and TM2E boards sound subsystem. Signed-off-by: Sylwester Nawrocki Acked-by: Rob Herring Signed-off-by: Mark Brown .../bindings/sound/samsung,tm2-audio.txt | 38 ++++++++++++++++++++++ 1 file changed, 38 insertions(+) commit 5203a3ca09d51b3f475fd12cf974f886147d371d Merge: fee3244 9178feb Author: Mark Brown Date: Thu Dec 1 21:47:57 2016 +0000 Merge branch 'topic/component' of git://git.kernel.org/pub/scm/linux/kernel/git/broonie/sound into asoc-intel commit 4dd63b49a7b06b6a49841f46d7510962de476c39 Author: Chen Yu Date: Mon Jan 4 12:14:45 2016 +0800 cpufreq: ondemand: Set MIN_FREQUENCY_UP_THRESHOLD to 1 Currently the minimal up_threshold is 11, and user may want to use a smaller minimal up_threshold for performance tuning, so MIN_FREQUENCY_UP_THRESHOLD could be set to 1 because: 1. Current systems wouldn't be affected as they have already a value >= 11. 2. New systems with a default kernel would keep still the default value that is >= 11. Users now have the advantage that they can make their own decisions and customize the 'trip point' to switch to the max frequency. Link: https://bugzilla.kernel.org/show_bug.cgi?id=65501 Signed-off-by: Chen Yu Acked-by: Viresh Kumar Signed-off-by: Rafael J. Wysocki drivers/cpufreq/cpufreq_ondemand.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 00710984eac523ffed4e92850511d7610cfe908b Author: Bjorn Helgaas Date: Wed Nov 30 14:47:13 2016 -0600 ACPI: Add acpi_resource_consumer() to find device that claims a resource Add acpi_resource_consumer(). This takes a struct resource and searches the ACPI namespace for a device whose current resource settings (_CRS) includes the resource. It returns the device if it exists, or NULL if no device uses the resource. If more than one device uses the resource (this may happen in the case of bridges), acpi_resource_consumer() returns the first one found by acpi_get_devices() in its modified depth-first walk of the namespace. Signed-off-by: Bjorn Helgaas Acked-by: Rafael J. Wysocki drivers/acpi/resource.c | 57 +++++++++++++++++++++++++++++++++++++++++++++++++ include/linux/acpi.h | 7 ++++++ 2 files changed, 64 insertions(+) commit 88bcef508f230c05deaa6e51ddf90ccae15a2824 Author: Silvio Fricke Date: Fri Nov 25 15:59:47 2016 +0100 firmware: remove warning at documentation generation time This patch removes following error at for `make htmldocs`. No functional change. ./drivers/base/firmware_class.c:1348: WARNING: Bullet list ends without a blank line; unexpected unindent. Signed-off-by: Silvio Fricke Reviewed-by: Mauro Carvalho Chehab Acked-by: Luis R. Rodriguez Signed-off-by: Greg Kroah-Hartman drivers/base/firmware_class.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) commit b3b9fa0a24a08b14bd44539f79b8902881ece17e Merge: 2934c9d 99831b1 Author: David S. Miller Date: Thu Dec 1 15:39:38 2016 -0500 Merge branch 'sfc-defalconisation-fixups' Edward Cree says: ==================== sfc: defalconisation fixups A bug fix, the Kconfig change, and cleaning up a bit more unused code. ==================== Signed-off-by: David S. Miller commit 99831b1ea5084d2bd0575d2985e8263f7eee54b7 Author: Edward Cree Date: Thu Dec 1 17:01:19 2016 +0000 sfc: remove RESET_TYPE_RX_RECOVERY It's no longer used now that Falcon is gone. Also remove a reference in a comment to an ioctl that doesn't exist. Signed-off-by: Edward Cree Signed-off-by: David S. Miller drivers/net/ethernet/sfc/efx.c | 1 - drivers/net/ethernet/sfc/enum.h | 5 +---- 2 files changed, 1 insertion(+), 5 deletions(-) commit d7d6cabaa1a5295b5a6836b84cc599488ab5c84d Author: Edward Cree Date: Thu Dec 1 17:01:07 2016 +0000 sfc: don't select SFC_FALCON Easy enough for Falcon users to enable it when making oldconfig. Signed-off-by: Edward Cree Signed-off-by: David S. Miller drivers/net/ethernet/sfc/Kconfig | 1 - 1 file changed, 1 deletion(-) commit edd96fa0defd3266f6508eda9acb016b71e77c2e Author: Edward Cree Date: Thu Dec 1 17:00:54 2016 +0000 sfc: fix debug message format string in efx_farch_handle_rx_not_ok Defalconisation removed one of the string arguments, but missed the corresponding %s. Fixes: 5a6681e22c14 ("sfc: separate out SFC4000 ("Falcon") support into new sfc-falcon driver") Signed-off-by: Edward Cree Signed-off-by: David S. Miller drivers/net/ethernet/sfc/farch.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 931afc4114c59b8fe8386db9fcdfe69a1322cae6 Author: Richard Fitzgerald Date: Tue Nov 29 15:44:42 2016 +0000 Input: arizona-haptics - Use SoC component pin control functions The name of a codec pin can have an optional prefix string, which is defined by the SoC machine driver. The snd_soc_dapm_x_pin functions take the fully-specified name including the prefix and so the existing code would fail to find the pin if the audio machine driver had added a prefix. Switch to using the snd_soc_component_x_pin equivalent functions that take a specified SoC component and automatically add the name prefix to the provided pin name. Signed-off-by: Richard Fitzgerald Acked-by: Dmitry Torokhov Signed-off-by: Mark Brown drivers/input/misc/arizona-haptics.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) commit efd95c71f4892ad5d0d33099db25085763f4c6c3 Author: Richard Fitzgerald Date: Tue Nov 29 15:44:41 2016 +0000 extcon: arizona: Use SoC component pin control functions The name of a codec pin can have an optional prefix string, which is defined by the SoC machine driver. The snd_soc_dapm_x_pin functions take the fully-specified name including the prefix and so the existing code would fail to find the pin if the audio machine driver had added a prefix. Switch to using the snd_soc_component_x_pin equivalent functions that take a specified SoC component and automatically add the name prefix to the provided pin name. Signed-off-by: Richard Fitzgerald Acked-by: Chanwoo Choi Signed-off-by: Mark Brown drivers/extcon/extcon-arizona.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) commit 9178feb4538e055bf22be44c38b90cc31d2baf99 Author: Kuninori Morimoto Date: Wed Nov 30 06:23:13 2016 +0000 ASoC: add Component level suspend/resume In current ALSA SoC, Codec only has suspend/resume feature, but it should be supported on Component level. This patch adds it. Signed-off-by: Kuninori Morimoto Signed-off-by: Mark Brown include/sound/soc.h | 6 ++++- sound/soc/soc-core.c | 63 ++++++++++++++++++++++++++++++---------------------- 2 files changed, 42 insertions(+), 27 deletions(-) commit 1a653aa44725668590b36bbe2d7fe4736a69f055 Author: Kuninori Morimoto Date: Wed Nov 30 06:22:55 2016 +0000 ASoC: core: replace aux_comp_list to component_dev_list Now, Card has component_dev_list, we can replace aux_comp_list to component_dev_list with new auxiliary flags Signed-off-by: Kuninori Morimoto Signed-off-by: Mark Brown include/sound/soc.h | 4 +--- sound/soc/soc-core.c | 17 ++++++++++++----- 2 files changed, 13 insertions(+), 8 deletions(-) commit d9fc40639dc1b87915426d2ef489a591b0fd650b Author: Kuninori Morimoto Date: Wed Nov 30 06:22:36 2016 +0000 ASoC: core: replace codec_dev_list to component_dev_list on Card Current Card has Codec list (= codec_dev_list), but Codec will be removed in the future. Because of this reason, this patch adds new Component list in Card, and replace Codec list. Signed-off-by: Kuninori Morimoto Signed-off-by: Mark Brown include/sound/soc.h | 6 +++--- sound/soc/intel/boards/broadwell.c | 16 ++++++++++------ sound/soc/intel/boards/cht_bsw_rt5672.c | 16 ++++++++++------ sound/soc/soc-core.c | 28 ++++++++++++++++------------ 4 files changed, 39 insertions(+), 27 deletions(-) commit 3a4b77cd47bb837b8557595ec7425f281f2ca1fe Author: Eryu Guan Date: Thu Dec 1 15:08:37 2016 -0500 ext4: validate s_first_meta_bg at mount time Ralf Spenneberg reported that he hit a kernel crash when mounting a modified ext4 image. And it turns out that kernel crashed when calculating fs overhead (ext4_calculate_overhead()), this is because the image has very large s_first_meta_bg (debug code shows it's 842150400), and ext4 overruns the memory in count_overhead() when setting bitmap buffer, which is PAGE_SIZE. ext4_calculate_overhead(): buf = get_zeroed_page(GFP_NOFS); <=== PAGE_SIZE buffer blks = count_overhead(sb, i, buf); count_overhead(): for (j = ext4_bg_num_gdb(sb, grp); j > 0; j--) { <=== j = 842150400 ext4_set_bit(EXT4_B2C(sbi, s++), buf); <=== buffer overrun count++; } This can be reproduced easily for me by this script: #!/bin/bash rm -f fs.img mkdir -p /mnt/ext4 fallocate -l 16M fs.img mke2fs -t ext4 -O bigalloc,meta_bg,^resize_inode -F fs.img debugfs -w -R "ssv first_meta_bg 842150400" fs.img mount -o loop fs.img /mnt/ext4 Fix it by validating s_first_meta_bg first at mount time, and refusing to mount if its value exceeds the largest possible meta_bg number. Reported-by: Ralf Spenneberg Signed-off-by: Eryu Guan Signed-off-by: Theodore Ts'o Reviewed-by: Andreas Dilger fs/ext4/super.c | 9 +++++++++ 1 file changed, 9 insertions(+) commit e073462966b26977b26937c5fc93b4fb24f04fef Merge: 31114fa e499807 Author: Greg Kroah-Hartman Date: Thu Dec 1 21:05:53 2016 +0100 Merge tag 'fpga-for-greg-20161129' of git://git.kernel.org/pub/scm/linux/kernel/git/atull/linux-fpga into char-misc-next Alan writes: fpga: Updates for 4.10 These are: * Add git url to MAINTAINERS * Allow write_init to specify how much buffer it needs * Fixes for ISR state in zynq fpga manager driver * Other small fixes for zynq * Add Altera SoCFPGA drivers for COMPILE_TEST commit d7614cc16146e3f0b4c33e71875c19607602aed5 Author: Eric Biggers Date: Thu Dec 1 14:57:29 2016 -0500 ext4: correctly detect when an xattr value has an invalid size It was possible for an xattr value to have a very large size, which would then pass validation on 32-bit architectures due to a pointer wraparound. Fix this by validating the size in a way which avoids pointer wraparound. It was also possible that a value's size would fit in the available space but its padded size would not. This would cause an out-of-bounds memory write in ext4_xattr_set_entry when replacing the xattr value. For example, if an xattr value of unpadded size 253 bytes went until the very end of the inode or block, then using setxattr(2) to replace this xattr's value with 256 bytes would cause a write to the 3 bytes past the end of the inode or buffer, and the new xattr value would be incorrectly truncated. Fix this by requiring that the padded size fit in the available space rather than the unpadded size. This patch shouldn't have any noticeable effect on non-corrupted/non-malicious filesystems. Signed-off-by: Eric Biggers Signed-off-by: Theodore Ts'o fs/ext4/xattr.c | 27 +++++++++++++++++++++------ 1 file changed, 21 insertions(+), 6 deletions(-) commit 290ab230016f187c3551d8380ea742889276d03a Author: Eric Biggers Date: Thu Dec 1 14:51:58 2016 -0500 ext4: don't read out of bounds when checking for in-inode xattrs With i_extra_isize equal to or close to the available space, it was possible for us to read past the end of the inode when trying to detect or validate in-inode xattrs. Fix this by checking for the needed extra space first. This patch shouldn't have any noticeable effect on non-corrupted/non-malicious filesystems. Signed-off-by: Eric Biggers Signed-off-by: Theodore Ts'o Reviewed-by: Andreas Dilger fs/ext4/inode.c | 4 +++- fs/ext4/xattr.c | 5 ++--- 2 files changed, 5 insertions(+), 4 deletions(-) commit 2dc8d9e19b0d891b0d3675b5ac82be9be3875e36 Author: Eric Biggers Date: Thu Dec 1 14:43:33 2016 -0500 ext4: forbid i_extra_isize not divisible by 4 i_extra_isize not divisible by 4 is problematic for several reasons: - It causes the in-inode xattr space to be misaligned, but the xattr header and entries are not declared __packed to express this possibility. This may cause poor performance or incorrect code generation on some platforms. - When validating the xattr entries we can read past the end of the inode if the size available for xattrs is not a multiple of 4. - It allows the nonsensical i_extra_isize=1, which doesn't even leave enough room for i_extra_isize itself. Therefore, update ext4_iget() to consider i_extra_isize not divisible by 4 to be an error, like the case where i_extra_isize is too large. This also matches the rule recently added to e2fsck for determining whether an inode has valid i_extra_isize. This patch shouldn't have any noticeable effect on non-corrupted/non-malicious filesystems, since the size of ext4_inode has always been a multiple of 4. Signed-off-by: Eric Biggers Signed-off-by: Theodore Ts'o Reviewed-by: Andreas Dilger fs/ext4/inode.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) commit 2934c9dbd385c6be08a1f4a33820d132979d61a7 Author: Zhang Shengju Date: Wed Nov 30 16:37:34 2016 +0800 rtnetlink: return the correct error code Before this patch, function ndo_dflt_fdb_dump() will always return code from uc fdb dump. The reture code of mc fdb dump is lost. Signed-off-by: Zhang Shengju Signed-off-by: David S. Miller net/core/rtnetlink.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 7e2ef003302cc797917ce0a2a32cffb4af42c99e Author: Heiner Kallweit Date: Wed Nov 30 20:28:09 2016 +0100 spi: fsl-espi: fix ioread16/iowrite16 endianness fsl_espi_read_reg16 / fsl_espi_write_reg16 are supposed to read / write big endian values. Therefore ioread16be / iowrite16be have to be used. Fixes: 058234328445 ("eliminate need for linearization when writing to hardware") Signed-off-by: Heiner Kallweit Signed-off-by: Mark Brown drivers/spi/spi-fsl-espi.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 445caaa20c4d6da74f426464f90513b81157ad77 Author: Steve Longerbeam Date: Thu Aug 4 19:31:15 2016 +0530 mtd: Allocate bdi objects dynamically The MTD backing dev info objects mtd_bdi was statically allocated. So when MTD is built as a loadable module, this object fall in the vmalloc address space. The problem with that, is that the BDI APIs use wake_up_bit(), which calls virt_to_page() to retrieve the memory zone of the page containing the wait_queue to wake up, and virt_to_page() is not valid for vmalloc or highmem addresses. Fix this by allocating the BDI objects dynamically with kmalloc. The objects now fall in the logical address space so that BDI APIs will work in all cases (mtd builtin or module). Signed-off-by: Steve Longerbeam Signed-off-by: Jim Baxter Signed-off-by: Sandeep Jain Reviewed-by: Richard Weinberger Reviewed-by: Marek Vasut Signed-off-by: Brian Norris drivers/mtd/mtdcore.c | 30 ++++++++++++++++++------------ 1 file changed, 18 insertions(+), 12 deletions(-) commit 59dbc86cdc42b6d8766218066429f00186b021c2 Author: Marc Gonzalez Date: Thu Dec 1 11:22:14 2016 +0100 mtd: nand: tango: Add standard legalese header Provide proper copyright notice and license information. Signed-off-by: Marc Gonzalez Signed-off-by: Brian Norris drivers/mtd/nand/tango_nand.c | 8 ++++++++ 1 file changed, 8 insertions(+) commit 2ba90ccca7758fe77f47750dc8a938a99b8bd4af Author: Mauro Carvalho Chehab Date: Thu Dec 1 10:15:11 2016 -0200 core-api: remove an unexpected unident As complained by Sphinx: Documentation/core-api/assoc_array.rst:13: WARNING: Enumerated list ends without a blank line; unexpected unindent. Signed-off-by: Mauro Carvalho Chehab Signed-off-by: Jonathan Corbet Documentation/core-api/assoc_array.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit c3cbd075fce77cf3f8782be9f971e8257508c98e Author: Balbir Singh Date: Fri Dec 2 00:08:26 2016 +1100 ppc/idle: Add documentation for powersave=off Update kernel-parameters.txt to add Documentation for powersave=off. Signed-off-by: Balbir Singh Signed-off-by: Jonathan Corbet Documentation/admin-guide/kernel-parameters.txt | 6 ++++++ 1 file changed, 6 insertions(+) commit 7d56f0facd6c1cb4ed2169bb8e65294bfd7783f8 Author: Sanjeev Date: Thu Dec 1 23:36:00 2016 +0800 Doc: Correct typo, "Introdution" => "Introduction" This corrects a set of spelling mistakes, probably from an automated conversion. Signed-off-by: Sanjeev Gupta Signed-off-by: Jonathan Corbet Documentation/admin-guide/unicode.rst | 4 ++-- Documentation/media/dvb-drivers/intro.rst | 4 ++-- Documentation/media/v4l-drivers/cafe_ccic.rst | 4 ++-- Documentation/process/1.Intro.rst | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) commit d8ca5bd158f738c4fa6974ee388c381f64db7905 Author: Andrew F. Davis Date: Thu Dec 1 10:44:16 2016 -0600 regulator: tps65086: Fix 25mV ranges for BUCK regulators The BUCK regulators 3, 4, and 5 also have a 10mV step mode, adjust the tables and logic to reflect the data-sheet for these regulators. fixes: d2a2e729a666 ("regulator: tps65086: Add regulator driver for the TPS65086 PMIC") Signed-off-by: Andrew F. Davis Signed-off-by: Mark Brown Documentation/devicetree/bindings/mfd/tps65086.txt | 2 +- drivers/regulator/tps65086-regulator.c | 54 +++++++++++----------- 2 files changed, 29 insertions(+), 27 deletions(-) commit 2fc1bec15883537cf8b35fd628cca33ca25736a5 Author: Jike Song Date: Thu Dec 1 13:20:07 2016 +0800 kvm: set/clear kvm to/from vfio_group when group add/delete Sometimes users need to be aware when a vfio_group attaches to a KVM or detaches from it. KVM already calls get/put method from vfio to manipulate the vfio_group reference, it can notify vfio_group in a similar way. Cc: Kirti Wankhede Cc: Xiao Guangrong Signed-off-by: Jike Song Acked-by: Paolo Bonzini Signed-off-by: Alex Williamson virt/kvm/vfio.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) commit ccd46dbae77dbf0d33f42e04b59536f108c395e8 Author: Jike Song Date: Thu Dec 1 13:20:06 2016 +0800 vfio: support notifier chain in vfio_group Beyond vfio_iommu events, users might also be interested in vfio_group events. For example, if a vfio_group is used along with Qemu/KVM, whenever kvm pointer is set to/cleared from the vfio_group, users could be notified. Currently only VFIO_GROUP_NOTIFY_SET_KVM supported. Cc: Kirti Wankhede Cc: Paolo Bonzini Cc: Xiao Guangrong Signed-off-by: Jike Song [aw: remove use of new typedef] Signed-off-by: Alex Williamson drivers/vfio/vfio.c | 82 ++++++++++++++++++++++++++++++++++++++++++++++++++++ include/linux/vfio.h | 7 +++++ 2 files changed, 89 insertions(+) commit ba679017ef0f47d31c50df731441fdd39bf4bf13 Author: Eric Biggers Date: Thu Dec 1 11:55:51 2016 -0500 ext4: disable pwsalt ioctl when encryption disabled by config On a CONFIG_EXT4_FS_ENCRYPTION=n kernel, the ioctls to get and set encryption policies were disabled but EXT4_IOC_GET_ENCRYPTION_PWSALT was not. But there's no good reason to expose the pwsalt ioctl if the kernel doesn't support encryption. The pwsalt ioctl was also disabled pre-4.8 (via ext4_sb_has_crypto() previously returning 0 when encryption was disabled by config) and seems to have been enabled by mistake when ext4 encryption was refactored to use fs/crypto/. So let's disable it again. Signed-off-by: Eric Biggers Signed-off-by: Theodore Ts'o fs/ext4/ioctl.c | 6 ++++++ 1 file changed, 6 insertions(+) commit 35997d1ce8b01f9f002dd080c59e22430ead6db1 Author: Eric Biggers Date: Thu Dec 1 11:54:18 2016 -0500 ext4: get rid of ext4_sb_has_crypto() ext4_sb_has_crypto() just called through to ext4_has_feature_encrypt(), and all callers except one were already using the latter. So remove it and switch its one caller to ext4_has_feature_encrypt(). Signed-off-by: Eric Biggers Signed-off-by: Theodore Ts'o fs/ext4/ext4.h | 5 ----- fs/ext4/ioctl.c | 2 +- 2 files changed, 1 insertion(+), 6 deletions(-) commit 05ac5aa18abd7db341e54df4ae2b4c98ea0e43b7 Author: Daeho Jeong Date: Thu Dec 1 11:49:12 2016 -0500 ext4: fix inode checksum calculation problem if i_extra_size is small We've fixed the race condition problem in calculating ext4 checksum value in commit b47820edd163 ("ext4: avoid modifying checksum fields directly during checksum veficationon"). However, by this change, when calculating the checksum value of inode whose i_extra_size is less than 4, we couldn't calculate the checksum value in a proper way. This problem was found and reported by Nix, Thank you. Reported-by: Nix Signed-off-by: Daeho Jeong Signed-off-by: Youngjin Gil Signed-off-by: Darrick J. Wong Signed-off-by: Theodore Ts'o fs/ext4/inode.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) commit 6dcc693bc57f198bd85a7881eb59a915366fae1e Author: Jan Kara Date: Thu Dec 1 11:46:40 2016 -0500 ext4: warn when page is dirtied without buffers Warn when a page is dirtied without buffers (as that will likely lead to a crash in ext4_writepages()) or when it gets newly dirtied without the page being locked (as there is nothing that prevents buffers to get stripped just before calling set_page_dirty() under memory pressure). Signed-off-by: Jan Kara Signed-off-by: Theodore Ts'o fs/ext4/inode.c | 9 +++++++++ 1 file changed, 9 insertions(+) commit 22195cbd3451a75abaf30651a61cf85c89061327 Author: Jike Song Date: Thu Dec 1 13:20:05 2016 +0800 vfio: vfio_register_notifier: classify iommu notifier Currently vfio_register_notifier assumes that there is only one notifier chain, which is in vfio_iommu. However, the user might also be interested in events other than vfio_iommu, for example, vfio_group. Refactor vfio_{un}register_notifier implementation to make it feasible. Cc: Paolo Bonzini Cc: Xiao Guangrong Reviewed-by: Kirti Wankhede Signed-off-by: Jike Song [aw: merge with commit 816ca69ea9c7 ("vfio: Fix handling of error returned by 'vfio_group_get_from_dev()'"), remove typedef] Signed-off-by: Alex Williamson drivers/vfio/vfio.c | 84 +++++++++++++++++++++++++++++------------ drivers/vfio/vfio_iommu_type1.c | 8 ++++ include/linux/vfio.h | 13 ++++++- 3 files changed, 78 insertions(+), 27 deletions(-) commit 60602982720f3a77366ee3e493a6e3d15e7e84f5 Author: WANG Cong Date: Tue Nov 29 09:14:56 2016 -0800 audit: remove useless synchronize_net() netlink kernel socket is protected by refcount, not RCU. Its rcv path is neither protected by RCU. So the synchronize_net() is just pointless. Cc: Richard Guy Briggs Signed-off-by: Cong Wang Signed-off-by: David S. Miller kernel/audit.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 88578468196f72d13672b86b6236f9c6fb035869 Merge: 8f679ed 4e26c5c Author: David S. Miller Date: Thu Dec 1 11:26:48 2016 -0500 Merge branch 'mdix_ctrl' Raju Lakkaraju says: ==================== Adding PHY MDI(X) support I updated all review comments which were given by Andrew and Florian. This series add support for PHY MDI(X), and implement it for MSCC phys. Tested on Beaglebone Black with VSC 8531 PHY. Change set: v1: - Initial patch submit the WoL and MDI-X in single set of patches v2: - Split the mdi(x) as signal set of patches. - Remove the out_unlock as suggested by Andrew. - Add mdix_ctrl parameter in "phy_device" to handle the user configure mdi(x). Proposed implementation accepted by Florian. - phydev->mdix_ctrl initialize with ETH_TP_MDI_AUTO. Ethernet controller never initialize this parameter. - Fix the mdix changes in marvell and microchip driver. ==================== Signed-off-by: David S. Miller commit 4e26c5c31570b2b4d8dd45b73e0c4e358f1eb2b4 Author: Raju Lakkaraju Date: Tue Nov 29 15:16:49 2016 +0530 net: phy: Fix the mdix_ctrl changes PHY drivers to have an eth_tp_mdix_ctrl to indicate what is the configured MDI setting, and read eth_tp_mdi to indicate what is the current status, Add new parameter mdix_ctrl in phy_device structure and fix driver. Signed-off-by: Raju Lakkaraju Signed-off-by: David S. Miller drivers/net/phy/marvell.c | 4 ++-- drivers/net/phy/microchip.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) commit 233275ecf3c1047f69e5def0303a4e615c526568 Author: Raju Lakkaraju Date: Tue Nov 29 15:16:48 2016 +0530 net: phy: Add mdi(x) support in Microsemi PHYs driver To connect two ports of the same configuration (MDI to MDI or MDI-X to MDI-X) with a 10/100/1000 Mbit/s connection, an Ethernet crossover cable is needed to cross over the transmit and receive signals in the cable, so that they are matched at the connector level. When connecting an MDI port to an MDI-X port a straight through cable is used while to connect two MDI ports or two MDI-X ports a crossover cable must be used. Conventionally MDI is used on end devices while MDI-X is used on hubs and switches Auto MDI-X automatically detects the required cable connection type and configures the connection appropriately, removing the need for crossover cables to interconnect switches or connecting PCs peer-to-peer. Signed-off-by: Raju Lakkaraju Signed-off-by: David S. Miller drivers/net/phy/mscc.c | 105 +++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 97 insertions(+), 8 deletions(-) commit 1004ee619625a3332f7d3d41a522d799d6cce982 Author: Raju Lakkaraju Date: Tue Nov 29 15:16:47 2016 +0530 net: phy: update the mdix_ctrl with correct value. Update the mdix and mdix_ctrl with corresponding ethtool configuration parameters. Signed-off-by: Raju Lakkaraju Signed-off-by: David S. Miller drivers/net/phy/phy.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) commit f4ed2fe34fb793755ef8cfc3509e783c4709ffc1 Author: Raju Lakkaraju Date: Tue Nov 29 15:16:46 2016 +0530 net: phy: add mdix_ctrl to hold the user configuration. Add new parameter mdix_ctrl to hold the user configuration. Existing mdix maintain the current status of MDI(X) crossover performed or not. mdix_ctrl can configure either ETH_TP_MDI or ETH_TP_MDI_X orETH_TP_MDI_AUTO. Signed-off-by: Raju Lakkaraju Signed-off-by: David S. Miller include/linux/phy.h | 1 + 1 file changed, 1 insertion(+) commit 0fcb1da4aba6e6c7b32de5e0948b740b31ad822d Author: Kim Phillips Date: Wed Nov 30 09:23:44 2016 -0600 perf annotate: AArch64 support This is a regex converted version from the original: https://lkml.org/lkml/2016/5/19/461 Add basic support to recognise AArch64 assembly. This allows perf to identify AArch64 instructions that branch to other parts within the same function, thereby properly annotating them. Rebased onto new cross-arch annotation bits: https://lkml.org/lkml/2016/11/25/546 Sample output: security_file_permission vmlinux 5.80 │ ← ret ▒ │70: ldr w0, [x21,#68] ▒ 4.44 │ ↓ tbnz d0 ▒ │ mov w0, #0x24 // #36 ▒ 1.37 │ ands w0, w22, w0 ▒ │ ↑ b.eq 60 ▒ 1.37 │ ↓ tbnz e4 ▒ │ mov w19, #0x20000 // #131072 ▒ 1.02 │ ↓ tbz ec ▒ │90:┌─→ldr x3, [x21,#24] ▒ 1.37 │ │ add x21, x21, #0x10 ▒ │ │ mov w2, w19 ▒ 1.02 │ │ mov x0, x21 ▒ │ │ mov x1, x3 ▒ 1.71 │ │ ldr x20, [x3,#48] ▒ │ │→ bl __fsnotify_parent ▒ 0.68 │ │↑ cbnz 60 ▒ │ │ mov x2, x21 ▒ 1.37 │ │ mov w1, w19 ▒ │ │ mov x0, x20 ▒ 0.68 │ │ mov w5, #0x0 // #0 ▒ │ │ mov x4, #0x0 // #0 ▒ 1.71 │ │ mov w3, #0x1 // #1 ▒ │ │→ bl fsnotify ▒ 1.37 │ │↑ b 60 ▒ │d0:│ mov w0, #0x0 // #0 ▒ │ │ ldp x19, x20, [sp,#16] ▒ │ │ ldp x21, x22, [sp,#32] ▒ │ │ ldp x29, x30, [sp],#48 ▒ │ │← ret ▒ │e4:│ mov w19, #0x10000 // #65536 ▒ │ └──b 90 ◆ │ec: brk #0x800 ▒ Press 'h' for help on key bindings Signed-off-by: Kim Phillips Signed-off-by: Chris Ryder Cc: Alexander Shishkin Cc: Mark Rutland Cc: Pawel Moll Cc: Peter Zijlstra Cc: Will Deacon Link: http://lkml.kernel.org/r/20161130092344.012e18e3e623bea395162f95@arm.com Signed-off-by: Arnaldo Carvalho de Melo tools/perf/arch/arm64/annotate/instructions.c | 62 +++++++++++++++++++++++++++ tools/perf/util/annotate.c | 5 +++ 2 files changed, 67 insertions(+) commit 859afa6ca9321346800bac0ee478c9a99c4babaf Author: Kim Phillips Date: Wed Nov 30 09:23:33 2016 -0600 perf annotate: Use arch->objdump.comment_char in dec__parse() Presume neglected in commit 786c1b5 "perf annotate: Start supporting cross arch annotation". This doesn't fix a bug since none of the affected arches support parsing dec/inc instructions yet. Signed-off-by: Kim Phillips Cc: Alexander Shishkin Cc: Chris Ryder Cc: Mark Rutland Cc: Pawel Moll Cc: Peter Zijlstra Cc: Will Deacon Link: http://lkml.kernel.org/r/20161130092333.1cca5dd2c77e1790d61c1e9c@arm.com Signed-off-by: Arnaldo Carvalho de Melo tools/perf/util/annotate.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 46690a8051e4b5901a49080443a17a270e0bd8a2 Author: David Ahern Date: Tue Nov 29 10:15:46 2016 -0700 perf report: Add option to specify time window of interest Add option to allow user to control analysis window. e.g., collect data for time window and analyze a segment of interest within that window. Committer notes: Testing it: Using the perf.data file captured via 'perf kmem record': # perf report --header-only # ======== # captured on: Tue Nov 29 16:01:53 2016 # hostname : jouet # os release : 4.8.8-300.fc25.x86_64 # perf version : 4.9.rc6.g5a6aca # arch : x86_64 # nrcpus online : 4 # nrcpus avail : 4 # cpudesc : Intel(R) Core(TM) i7-5600U CPU @ 2.60GHz # cpuid : GenuineIntel,6,61,4 # total memory : 20254660 kB # cmdline : /home/acme/bin/perf kmem record usleep 1 # event : name = kmem:kmalloc, , id = { 931980, 931981, 931982, 931983 }, type = 2, size = 112, config = 0x1b9, { sample_period, sample_freq } = 1, sample_typ # event : name = kmem:kmalloc_node, , id = { 931984, 931985, 931986, 931987 }, type = 2, size = 112, config = 0x1b7, { sample_period, sample_freq } = 1, sampl # event : name = kmem:kfree, , id = { 931988, 931989, 931990, 931991 }, type = 2, size = 112, config = 0x1b5, { sample_period, sample_freq } = 1, sample_type # event : name = kmem:kmem_cache_alloc, , id = { 931992, 931993, 931994, 931995 }, type = 2, size = 112, config = 0x1b8, { sample_period, sample_freq } = 1, s # event : name = kmem:kmem_cache_alloc_node, , id = { 931996, 931997, 931998, 931999 }, type = 2, size = 112, config = 0x1b6, { sample_period, sample_freq } = # event : name = kmem:kmem_cache_free, , id = { 932000, 932001, 932002, 932003 }, type = 2, size = 112, config = 0x1b4, { sample_period, sample_freq } = 1, sa # HEADER_CPU_TOPOLOGY info available, use -I to display # HEADER_NUMA_TOPOLOGY info available, use -I to display # pmu mappings: cpu = 4, intel_pt = 7, intel_bts = 6, uncore_arb = 13, cstate_pkg = 15, breakpoint = 5, uncore_cbox_1 = 12, power = 9, software = 1, uncore_im # HEADER_CACHE info available, use -I to display # missing features: HEADER_BRANCH_STACK HEADER_GROUP_DESC HEADER_AUXTRACE HEADER_STAT # ======== # # # Looking at just the histogram entries for the first event: # # perf report | head -33 # To display the perf.data header info, please use --header/--header-only options. # # # Total Lost Samples: 0 # # Samples: 40 of event 'kmem:kmalloc' # Event count (approx.): 40 # # Overhead Trace output # ........ ............................................................................................................... # 37.50% call_site=ffffffffb91ad3c7 ptr=0xffff88895fc05000 bytes_req=4096 bytes_alloc=4096 gfp_flags=GFP_KERNEL 10.00% call_site=ffffffffb9258416 ptr=0xffff888a1dc61f00 bytes_req=240 bytes_alloc=256 gfp_flags=GFP_KERNEL|__GFP_ZERO 7.50% call_site=ffffffffb9258416 ptr=0xffff888a2640ac00 bytes_req=240 bytes_alloc=256 gfp_flags=GFP_KERNEL|__GFP_ZERO 2.50% call_site=ffffffffb92759ba ptr=0xffff888a26776000 bytes_req=4096 bytes_alloc=4096 gfp_flags=GFP_KERNEL 2.50% call_site=ffffffffb9276864 ptr=0xffff8886f6b82600 bytes_req=136 bytes_alloc=192 gfp_flags=GFP_KERNEL|__GFP_ZERO 2.50% call_site=ffffffffb9276903 ptr=0xffff888aefcf0460 bytes_req=32 bytes_alloc=32 gfp_flags=GFP_KERNEL 2.50% call_site=ffffffffb92ad0ce ptr=0xffff888756c98a00 bytes_req=392 bytes_alloc=512 gfp_flags=GFP_KERNEL 2.50% call_site=ffffffffb92ad0ce ptr=0xffff888756c9ba00 bytes_req=504 bytes_alloc=512 gfp_flags=GFP_KERNEL 2.50% call_site=ffffffffb92ad301 ptr=0xffff888a31747600 bytes_req=128 bytes_alloc=128 gfp_flags=GFP_KERNEL 2.50% call_site=ffffffffb92ad511 ptr=0xffff888a9d26a2a0 bytes_req=28 bytes_alloc=32 gfp_flags=GFP_KERNEL 2.50% call_site=ffffffffb936a7fb ptr=0xffff88873e8c11a0 bytes_req=24 bytes_alloc=32 gfp_flags=GFP_KERNEL 2.50% call_site=ffffffffb936a7fb ptr=0xffff88873e8c12c0 bytes_req=24 bytes_alloc=32 gfp_flags=GFP_KERNEL 2.50% call_site=ffffffffb936a7fb ptr=0xffff88873e8c1540 bytes_req=24 bytes_alloc=32 gfp_flags=GFP_KERNEL 2.50% call_site=ffffffffb936a7fb ptr=0xffff88873e8c15a0 bytes_req=24 bytes_alloc=32 gfp_flags=GFP_KERNEL 2.50% call_site=ffffffffb936a7fb ptr=0xffff88873e8c15e0 bytes_req=24 bytes_alloc=32 gfp_flags=GFP_KERNEL 2.50% call_site=ffffffffb936a7fb ptr=0xffff88873e8c16e0 bytes_req=24 bytes_alloc=32 gfp_flags=GFP_KERNEL 2.50% call_site=ffffffffb936a7fb ptr=0xffff88873e8c1c20 bytes_req=24 bytes_alloc=32 gfp_flags=GFP_KERNEL 2.50% call_site=ffffffffb936a7fb ptr=0xffff888a9d26a2a0 bytes_req=24 bytes_alloc=32 gfp_flags=GFP_KERNEL 2.50% call_site=ffffffffb9373e66 ptr=0xffff8889f1931240 bytes_req=64 bytes_alloc=64 gfp_flags=GFP_ATOMIC|__GFP_ZERO 2.50% call_site=ffffffffb9373e66 ptr=0xffff8889f1931980 bytes_req=64 bytes_alloc=64 gfp_flags=GFP_ATOMIC|__GFP_ZERO 2.50% call_site=ffffffffb9373e66 ptr=0xffff8889f1931a00 bytes_req=64 bytes_alloc=64 gfp_flags=GFP_ATOMIC|__GFP_ZERO # # # And then limiting using the example for 'perf kmem stat --time' used # # in the previous changeset committer note we see that there were no # # kmem:kmalloc in that last part of the file, but there were some # # kmem:kmem_cache_alloc ones: # # perf report --time 20119.782088, --stdio # # Total Lost Samples: 0 # # Samples: 0 of event 'kmem:kmalloc' # Event count (approx.): 0 # # Overhead Trace output # ........ ............ # # Samples: 0 of event 'kmem:kmalloc_node' # Event count (approx.): 0 # # Overhead Trace output # ........ ............ # # Samples: 0 of event 'kmem:kfree' # Event count (approx.): 0 # # Overhead Trace output # ........ ............ # # Samples: 8 of event 'kmem:kmem_cache_alloc' # Event count (approx.): 8 # # Overhead Trace output # ........ .................................................................................................................. # 75.00% call_site=ffffffffb9333b42 ptr=0xffff888bdf1a39c0 bytes_req=48 bytes_alloc=48 gfp_flags=GFP_NOFS|__GFP_ZERO 12.50% call_site=ffffffffb90ad33a ptr=0xffff8889f071f6e0 bytes_req=160 bytes_alloc=160 gfp_flags=GFP_ATOMIC|__GFP_NOTRACK 12.50% call_site=ffffffffb9287cc1 ptr=0xffff8889b12722d8 bytes_req=104 bytes_alloc=104 gfp_flags=GFP_NOFS|__GFP_ZERO # Signed-off-by: David Ahern Tested-by: Arnaldo Carvalho de Melo Acked-by: Namhyung Kim Cc: Jiri Olsa Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/1480439746-42695-7-git-send-email-dsahern@gmail.com Signed-off-by: Arnaldo Carvalho de Melo tools/perf/Documentation/perf-report.txt | 7 +++++++ tools/perf/builtin-report.c | 14 +++++++++++++- 2 files changed, 20 insertions(+), 1 deletion(-) commit 2a865bd8dddd44315c88bf922761e4fd3374d046 Author: David Ahern Date: Tue Nov 29 10:15:45 2016 -0700 perf kmem: Add option to specify time window of interest Add option to allow user to control analysis window. e.g., collect data for time window and analyze a segment of interest within that window. Committer notes: Testing it: # perf kmem record usleep 1 [ perf record: Woken up 0 times to write data ] [ perf record: Captured and wrote 1.540 MB perf.data (2049 samples) ] # perf evlist kmem:kmalloc kmem:kmalloc_node kmem:kfree kmem:kmem_cache_alloc kmem:kmem_cache_alloc_node kmem:kmem_cache_free # Tip: use 'perf evlist --trace-fields' to show fields for tracepoint events # # # Use 'perf script' to get a first approach, select a chunk for then using # # with 'perf kmem stat --time' # # perf script | tail -15 usleep 9889 [0] 20119.782088: kmem:kmem_cache_free: (selinux_file_free_security+0x27) call_site=ffffffffb936aa07 ptr=0xffff888a1df49fc0 perf 9888 [3] 20119.782088: kmem:kmem_cache_free: (jbd2_journal_stop+0x1a1) call_site=ffffffffb9334581 ptr=0xffff888bdf1a39c0 perf 9888 [3] 20119.782089: kmem:kmem_cache_alloc: (jbd2__journal_start+0x72) call_site=ffffffffb9333b42 ptr=0xffff888bdf1a39c0 bytes_req=48 bytes_alloc=48 gfp_flags=GFP_NOFS|__GFP_ZERO perf 9888 [3] 20119.782090: kmem:kmem_cache_free: (jbd2_journal_stop+0x1a1) call_site=ffffffffb9334581 ptr=0xffff888bdf1a39c0 perf 9888 [3] 20119.782090: kmem:kmem_cache_alloc: (jbd2__journal_start+0x72) call_site=ffffffffb9333b42 ptr=0xffff888bdf1a39c0 bytes_req=48 bytes_alloc=48 gfp_flags=GFP_NOFS|__GFP_ZERO usleep 9889 [0] 20119.782091: kmem:kmem_cache_alloc: (__sigqueue_alloc+0x4a) call_site=ffffffffb90ad33a ptr=0xffff8889f071f6e0 bytes_req=160 bytes_alloc=160 gfp_flags=GFP_ATOMIC|__GFP_NOTRACK perf 9888 [3] 20119.782091: kmem:kmem_cache_free: (jbd2_journal_stop+0x1a1) call_site=ffffffffb9334581 ptr=0xffff888bdf1a39c0 perf 9888 [3] 20119.782093: kmem:kmem_cache_free: (__sigqueue_free.part.17+0x33) call_site=ffffffffb90ad3f3 ptr=0xffff8889f071f6e0 perf 9888 [3] 20119.782098: kmem:kmem_cache_alloc: (jbd2__journal_start+0x72) call_site=ffffffffb9333b42 ptr=0xffff888bdf1a39c0 bytes_req=48 bytes_alloc=48 gfp_flags=GFP_NOFS|__GFP_ZERO perf 9888 [3] 20119.782098: kmem:kmem_cache_free: (jbd2_journal_stop+0x1a1) call_site=ffffffffb9334581 ptr=0xffff888bdf1a39c0 perf 9888 [3] 20119.782099: kmem:kmem_cache_alloc: (jbd2__journal_start+0x72) call_site=ffffffffb9333b42 ptr=0xffff888bdf1a39c0 bytes_req=48 bytes_alloc=48 gfp_flags=GFP_NOFS|__GFP_ZERO perf 9888 [3] 20119.782100: kmem:kmem_cache_alloc: (alloc_buffer_head+0x21) call_site=ffffffffb9287cc1 ptr=0xffff8889b12722d8 bytes_req=104 bytes_alloc=104 gfp_flags=GFP_NOFS|__GFP_ZERO perf 9888 [3] 20119.782101: kmem:kmem_cache_free: (jbd2_journal_stop+0x1a1) call_site=ffffffffb9334581 ptr=0xffff888bdf1a39c0 perf 9888 [3] 20119.782102: kmem:kmem_cache_alloc: (jbd2__journal_start+0x72) call_site=ffffffffb9333b42 ptr=0xffff888bdf1a39c0 bytes_req=48 bytes_alloc=48 gfp_flags=GFP_NOFS|__GFP_ZERO perf 9888 [3] 20119.782103: kmem:kmem_cache_free: (jbd2_journal_stop+0x1a1) call_site=ffffffffb9334581 ptr=0xffff888bdf1a39c0 # # # stats for the whole perf.data file, i.e. no interval specified # # perf kmem stat SUMMARY (SLAB allocator) ======================== Total bytes requested: 172,628 Total bytes allocated: 173,088 Total bytes freed: 161,280 Net total bytes allocated: 11,808 Total bytes wasted on internal fragmentation: 460 Internal fragmentation: 0.265761% Cross CPU allocations: 0/851 # # # stats for an end open interval, after a certain time: # # perf kmem stat --time 20119.782088, SUMMARY (SLAB allocator) ======================== Total bytes requested: 552 Total bytes allocated: 552 Total bytes freed: 448 Net total bytes allocated: 104 Total bytes wasted on internal fragmentation: 0 Internal fragmentation: 0.000000% Cross CPU allocations: 0/8 # Signed-off-by: David Ahern Tested-by: Arnaldo Carvalho de Melo Acked-by: Namhyung Kim Cc: Jiri Olsa Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/1480439746-42695-6-git-send-email-dsahern@gmail.com Signed-off-by: Arnaldo Carvalho de Melo tools/perf/Documentation/perf-kmem.txt | 7 +++++++ tools/perf/builtin-kmem.c | 24 ++++++++++++++++++++++++ 2 files changed, 31 insertions(+) commit 853b74071110bed344bad1ca9d8de27731b1c574 Author: David Ahern Date: Tue Nov 29 10:15:44 2016 -0700 perf sched timehist: Add option to specify time window of interest Add option to allow user to control analysis window. e.g., collect data for time window and analyze a segment of interest within that window. Committer notes: Testing it: # perf sched record -a usleep 1 [ perf record: Woken up 1 times to write data ] [ perf record: Captured and wrote 1.593 MB perf.data (25 samples) ] # # perf sched timehist | head -18 Samples do not have callchains. time cpu task name wait time sch delay run time [tid/pid] (msec) (msec) (msec) ------------- ------ --------------- --------- --------- -------- 19818.635579 [0002] 0.000 0.000 0.000 19818.635613 [0000] perf[9116] 0.000 0.000 0.000 19818.635676 [0000] 0.000 0.000 0.063 19818.635678 [0000] rcuos/2[29] 0.000 0.002 0.001 19818.635696 [0002] perf[9117] 0.000 0.004 0.116 19818.635702 [0000] 0.001 0.000 0.024 19818.635709 [0002] migration/2[25] 0.000 0.003 0.012 19818.636263 [0000] usleep[9117] 0.005 0.000 0.560 19818.636316 [0000] 0.560 0.000 0.053 19818.636358 [0002] 0.129 0.000 0.649 19818.636358 [0000] usleep[9117] 0.053 0.002 0.042 # # perf sched timehist --time 19818.635696, Samples do not have callchains. time cpu task name wait time sch delay run time [tid/pid] (msec) (msec) (msec) ------------- ------ --------------- -------- --------- --------- 19818.635696 [0002] perf[9117] 0.000 0.120 0.000 19818.635702 [0000] 0.019 0.000 0.006 19818.635709 [0002] migration/2[25] 0.000 0.003 0.012 19818.636263 [0000] usleep[9117] 0.005 0.000 0.560 19818.636316 [0000] 0.560 0.000 0.053 19818.636358 [0002] 0.129 0.000 0.649 19818.636358 [0000] usleep[9117] 0.053 0.002 0.042 # # perf sched timehist --time 19818.635696,19818.635709 Samples do not have callchains. time cpu task name wait time sch delay run time [tid/pid] (msec) (msec) (msec) ------------- ------ --------------- --------- --------- --------- 19818.635696 [0002] perf[9117] 0.000 0.120 0.000 19818.635702 [0000] 0.019 0.000 0.006 19818.635709 [0002] migration/2[25] 0.000 0.003 0.012 19818.635709 [0000] usleep[9117] 0.005 0.000 0.006 # Signed-off-by: David Ahern Tested-by: Arnaldo Carvalho de Melo Acked-by: Namhyung Kim Cc: Jiri Olsa Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/1480439746-42695-5-git-send-email-dsahern@gmail.com Signed-off-by: Arnaldo Carvalho de Melo tools/perf/Documentation/perf-sched.txt | 8 ++++++ tools/perf/builtin-sched.c | 51 +++++++++++++++++++++++++++++---- 2 files changed, 53 insertions(+), 6 deletions(-) commit a91f4c473fa1655a2a5f1ceba46f76a95eef35bb Author: David Ahern Date: Tue Nov 29 10:15:43 2016 -0700 perf script: Add option to specify time window of interest Add option to allow user to control analysis window. e.g., collect data for some amount of time and analyze a segment of interest within that window. Committer notes: Testing it: # perf evlist -v cycles:ppp: size: 112, { sample_period, sample_freq }: 4000, sample_type: IP|TID|TIME|CALLCHAIN|CPU|PERIOD, disabled: 1, inherit: 1, mmap: 1, comm: 1, freq: 1, task: 1, precise_ip: 3, sample_id_all: 1, exclude_guest: 1, mmap2: 1, comm_exec: 1 # # perf script --hide-call-graph | head -15 swapper 0 [0] 9693.370039: 1 cycles:ppp: ffffffffb90072ad x86_pmu_enable (.../4.8.8-300.fc25.x86_64/vmlinux) swapper 0 [0] 9693.370044: 1 cycles:ppp: ffffffffb900ca1b intel_pmu_handle_irq (.../4.8.8-300.fc25.x86_64/vmlinux) swapper 0 [0] 9693.370046: 7 cycles:ppp: ffffffffb902fd93 native_sched_clock (.../4.8.8-300.fc25.x86_64/vmlinux) swapper 0 [0] 9693.370048: 126 cycles:ppp: ffffffffb902fd93 native_sched_clock (.../4.8.8-300.fc25.x86_64/vmlinux) swapper 0 [0] 9693.370049: 2701 cycles:ppp: ffffffffb902fd93 native_sched_clock (.../4.8.8-300.fc25.x86_64/vmlinux) swapper 0 [0] 9693.370051: 58823 cycles:ppp: ffffffffb90cd2e0 idle_cpu (.../4.8.8-300.fc25.x86_64/vmlinux) swapper 0 [1] 9693.370059: 1 cycles:ppp: ffffffffb91a713a ctx_resched (.../4.8.8-300.fc25.x86_64/vmlinux) swapper 0 [1] 9693.370062: 1 cycles:ppp: ffffffffb900ca1b intel_pmu_handle_irq (.../4.8.8-300.fc25.x86_64/vmlinux) swapper 0 [1] 9693.370064: 13 cycles:ppp: ffffffffb902fd93 native_sched_clock (.../4.8.8-300.fc25.x86_64/vmlinux) swapper 0 [1] 9693.370065: 250 cycles:ppp: ffffffffb902fd93 native_sched_clock (.../4.8.8-300.fc25.x86_64/vmlinux) swapper 0 [1] 9693.370067: 5269 cycles:ppp: ffffffffb902fe79 sched_clock (.../4.8.8-300.fc25.x86_64/vmlinux) swapper 0 [1] 9693.370069: 114602 cycles:ppp: ffffffffb90c1c5a atomic_notifier_call_chain (.../4.8.8-300.fc25.x86_64/vmlinux) perf 5124 [2] 9693.370076: 1 cycles:ppp: ffffffffb91a76c1 __perf_event_enable (.../4.8.8-300.fc25.x86_64/vmlinux) perf 5124 [2] 9693.370091: 1 cycles:ppp: ffffffffb900ca1b intel_pmu_handle_irq (.../4.8.8-300.fc25.x86_64/vmlinux) perf 5124 [2] 9693.370095: 3 cycles:ppp: ffffffffb902fd93 native_sched_clock (.../4.8.8-300.fc25.x86_64/vmlinux) # # perf script --hide-call-graph --time ,9693.370048 swapper 0 [0] 9693.370039: 1 cycles:ppp: ffffffffb90072ad x86_pmu_enable (.../4.8.8-300.fc25.x86_64/vmlinux) swapper 0 [0] 9693.370044: 1 cycles:ppp: ffffffffb900ca1b intel_pmu_handle_irq (.../4.8.8-300.fc25.x86_64/vmlinux) swapper 0 [0] 9693.370046: 7 cycles:ppp: ffffffffb902fd93 native_sched_clock (.../4.8.8-300.fc25.x86_64/vmlinux) # perf script --hide-call-graph --time 9693.370064,9693.370076 swapper 0 [1] 9693.370064: 13 cycles:ppp: ffffffffb902fd93 native_sched_clock (.../4.8.8-300.fc25.x86_64/vmlinux) swapper 0 [1] 9693.370065: 250 cycles:ppp: ffffffffb902fd93 native_sched_clock (.../4.8.8-300.fc25.x86_64/vmlinux) swapper 0 [1] 9693.370067: 5269 cycles:ppp: ffffffffb902fe79 sched_clock (.../4.8.8-300.fc25.x86_64/vmlinux) swapper 0 [1] 9693.370069: 114602 cycles:ppp: ffffffffb90c1c5a atomic_notifier_call_chain (.../4.8.8-300.fc25.x86_64/vmlinux) # Signed-off-by: David Ahern Tested-by: Arnaldo Carvalho de Melo Acked-by: Namhyung Kim Cc: Jiri Olsa Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/1480439746-42695-4-git-send-email-dsahern@gmail.com Signed-off-by: Arnaldo Carvalho de Melo tools/perf/Documentation/perf-script.txt | 7 +++++++ tools/perf/builtin-script.c | 15 ++++++++++++++- 2 files changed, 21 insertions(+), 1 deletion(-) commit c284d669a20d408b70ce0dc9b2d995971f5fe0c7 Author: David Ahern Date: Tue Nov 29 10:15:42 2016 -0700 perf tools: Move parse_nsec_time to time-utils.c Code move only; no functional change intended. Committer notes: Fix the build on Ubuntu 16.04 x86-64 cross-compiling to S/390, with this set of auto-detected features: ... dwarf: [ on ] ... dwarf_getlocations: [ on ] ... glibc: [ on ] ... gtk2: [ OFF ] ... libaudit: [ OFF ] ... libbfd: [ OFF ] ... libelf: [ on ] ... libnuma: [ OFF ] ... numa_num_possible_cpus: [ OFF ] ... libperl: [ OFF ] ... libpython: [ OFF ] ... libslang: [ OFF ] ... libcrypto: [ OFF ] ... libunwind: [ OFF ] ... libdw-dwarf-unwind: [ on ] ... zlib: [ on ] ... lzma: [ OFF ] ... get_cpuid: [ OFF ] ... bpf: [ on ] Where it was failing with: CC /tmp/build/perf/util/time-utils.o util/time-utils.c: In function 'parse_nsec_time': util/time-utils.c:17:13: error: implicit declaration of function 'strtoul' [-Werror=implicit-function-declaration] time_sec = strtoul(str, &end, 10); ^ util/time-utils.c:17:2: error: nested extern declaration of 'strtoul' [-Werror=nested-externs] time_sec = strtoul(str, &end, 10); ^ util/time-utils.c: In function 'perf_time__parse_str': util/time-utils.c:93:2: error: implicit declaration of function 'free' [-Werror=implicit-function-declaration] free(str); ^ util/time-utils.c:93:2: error: incompatible implicit declaration of built-in function 'free' [-Werror] util/time-utils.c:93:2: note: include '' or provide a declaration of 'free' Do as suggested and add a '#include ' to get the free() and strtoul() declarations and fix the build. Signed-off-by: David Ahern Acked-by: Namhyung Kim Cc: Jiri Olsa Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/1480439746-42695-3-git-send-email-dsahern@gmail.com Signed-off-by: Arnaldo Carvalho de Melo tools/perf/util/time-utils.c | 36 +++++++++++++++++++++++++++++++++++- tools/perf/util/time-utils.h | 2 ++ tools/perf/util/util.c | 33 --------------------------------- tools/perf/util/util.h | 2 -- 4 files changed, 37 insertions(+), 36 deletions(-) commit fdf9dc4b34f5f40919370c4601eccfd0db726aa5 Author: David Ahern Date: Tue Nov 29 10:15:41 2016 -0700 perf tools: Add time-based utility functions Add function to parse a user time string of the form , where start and stop are time in sec.nsec format. Both start and stop times are optional. Add function to determine if a sample time is within a given time time window of interest. Signed-off-by: David Ahern Acked-by: Namhyung Kim Cc: Jiri Olsa Cc: Peter Zijlstra Link: http://lkml.kernel.org/r/1480439746-42695-2-git-send-email-dsahern@gmail.com Signed-off-by: Arnaldo Carvalho de Melo tools/perf/util/Build | 1 + tools/perf/util/time-utils.c | 85 ++++++++++++++++++++++++++++++++++++++++++++ tools/perf/util/time-utils.h | 12 +++++++ 3 files changed, 98 insertions(+) commit d256459fae4dba66d50850f2d948306503818913 Author: Christophe JAILLET Date: Wed Nov 30 08:06:12 2016 +0100 vfio: Fix handling of error returned by 'vfio_group_get_from_dev()' 'vfio_group_get_from_dev()' seems to return only NULL on error, not an error pointer. Fixes: 2169037dc322 ("vfio iommu: Added pin and unpin callback functions to vfio_iommu_driver_ops") Fixes: c086de818dd8 ("vfio iommu: Add blocking notifier to notify DMA_UNMAP") Signed-off-by: Christophe JAILLET Reported-by: Dan Carpenter Signed-off-by: Alex Williamson drivers/vfio/vfio.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) commit e0c723000966ae285295caaa8cda914dfa177fa4 Author: Ritesh Harjani Date: Thu Dec 1 08:36:16 2016 -0700 block: factor out req_set_nomerge Factor out common code for setting REQ_NOMERGE flag which is being used out at certain places and make it a helper instead, req_set_nomerge(). Signed-off-by: Ritesh Harjani Get rid of the inline. Signed-off-by: Jens Axboe block/blk-merge.c | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) commit af309226db916e2c6e08d3eba3fa5c34225200c4 Author: Rabin Vincent Date: Thu Dec 1 09:18:28 2016 +0100 block: protect iterate_bdevs() against concurrent close If a block device is closed while iterate_bdevs() is handling it, the following NULL pointer dereference occurs because bdev->b_disk is NULL in bdev_get_queue(), which is called from blk_get_backing_dev_info() (in turn called by the mapping_cap_writeback_dirty() call in __filemap_fdatawrite_range()): BUG: unable to handle kernel NULL pointer dereference at 0000000000000508 IP: [] blk_get_backing_dev_info+0x10/0x20 PGD 9e62067 PUD 9ee8067 PMD 0 Oops: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC Modules linked in: CPU: 1 PID: 2422 Comm: sync Not tainted 4.5.0-rc7+ #400 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) task: ffff880009f4d700 ti: ffff880009f5c000 task.ti: ffff880009f5c000 RIP: 0010:[] [] blk_get_backing_dev_info+0x10/0x20 RSP: 0018:ffff880009f5fe68 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff88000ec17a38 RCX: ffffffff81a4e940 RDX: 7fffffffffffffff RSI: 0000000000000000 RDI: ffff88000ec176c0 RBP: ffff880009f5fe68 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000000 R12: ffff88000ec17860 R13: ffffffff811b25c0 R14: ffff88000ec178e0 R15: ffff88000ec17a38 FS: 00007faee505d700(0000) GS:ffff88000fb00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 000000008005003b CR2: 0000000000000508 CR3: 0000000009e8a000 CR4: 00000000000006e0 Stack: ffff880009f5feb8 ffffffff8112e7f5 0000000000000000 7fffffffffffffff 0000000000000000 0000000000000000 7fffffffffffffff 0000000000000001 ffff88000ec178e0 ffff88000ec17860 ffff880009f5fec8 ffffffff8112e81f Call Trace: [] __filemap_fdatawrite_range+0x85/0x90 [] filemap_fdatawrite+0x1f/0x30 [] fdatawrite_one_bdev+0x16/0x20 [] iterate_bdevs+0xf2/0x130 [] sys_sync+0x63/0x90 [] entry_SYSCALL_64_fastpath+0x12/0x76 Code: 0f 1f 44 00 00 48 8b 87 f0 00 00 00 55 48 89 e5 <48> 8b 80 08 05 00 00 5d RIP [] blk_get_backing_dev_info+0x10/0x20 RSP CR2: 0000000000000508 ---[ end trace 2487336ceb3de62d ]--- The crash is easily reproducible by running the following command, if an msleep(100) is inserted before the call to func() in iterate_devs(): while :; do head -c1 /dev/nullb0; done > /dev/null & while :; do sync; done Fix it by holding the bd_mutex across the func() call and only calling func() if the bdev is opened. Cc: stable@vger.kernel.org Fixes: 5c0d6b60a0ba ("vfs: Create function for iterating over block devices") Reported-and-tested-by: Wei Fang Signed-off-by: Rabin Vincent Signed-off-by: Jan Kara Reviewed-by: Christoph Hellwig Signed-off-by: Jens Axboe fs/block_dev.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) commit 66c79319f838df744b062a73c3dcdfd2156b7da7 Merge: 7faf44b 3c3dd1e Author: Greg Kroah-Hartman Date: Thu Dec 1 16:12:12 2016 +0100 Merge tag 'usb-serial-4.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/johan/usb-serial into usb-next Johan writes: USB-serial updates for v4.10-rc1 These updates include a new driver for Fintek F8153x devices, support for the GPIO functionality on CP2105 devices, and improved support for CH34X devices. Included are also some clean ups and fixes for various minor issues. Signed-off-by: Johan Hovold commit 949f08862d662f17b9d2929c6afb2d4e8f5d50cb Author: Laurent Pinchart Date: Tue Nov 29 22:56:30 2016 +0200 drm: Make the connector .detect() callback optional Many drivers (21 to be exact) create connectors that are always connected (for instance to an LVDS or DSI panel). Instead of forcing them to implement a dummy .detect() handler, make the callback optional and consider the connector as always connected in that case. Reviewed-by: Alex Deucher Acked-by: Maxime Ripard Acked-by: Jyri Sarha Acked-by: Jani Nikula Acked-by: Philipp Zabel Acked-by: Vincent Abriou Acked-by: Alexey Brodkin Signed-off-by: Laurent Pinchart [seanpaul fixed small conflict in rcar-du/rcar_du_lvdscon.c] Signed-off-by: Sean Paul drivers/gpu/drm/amd/amdgpu/dce_virtual.c | 7 ------- drivers/gpu/drm/arc/arcpgu_sim.c | 7 ------- drivers/gpu/drm/ast/ast_mode.c | 7 ------- drivers/gpu/drm/bochs/bochs_kms.c | 7 ------- drivers/gpu/drm/bridge/nxp-ptn3460.c | 7 ------- drivers/gpu/drm/bridge/parade-ps8622.c | 7 ------- drivers/gpu/drm/bridge/tc358767.c | 7 ------- drivers/gpu/drm/cirrus/cirrus_mode.c | 7 ------- drivers/gpu/drm/drm_probe_helper.c | 14 +++++++++++--- drivers/gpu/drm/fsl-dcu/fsl_dcu_drm_rgb.c | 7 ------- drivers/gpu/drm/gma500/cdv_intel_lvds.c | 14 -------------- drivers/gpu/drm/gma500/psb_intel_lvds.c | 14 -------------- drivers/gpu/drm/hisilicon/hibmc/hibmc_drm_vdac.c | 7 ------- drivers/gpu/drm/i915/intel_dsi.c | 7 ------- drivers/gpu/drm/imx/imx-ldb.c | 7 ------- drivers/gpu/drm/imx/imx-tve.c | 7 ------- drivers/gpu/drm/imx/parallel-display.c | 7 ------- drivers/gpu/drm/mediatek/mtk_dsi.c | 7 ------- drivers/gpu/drm/mgag200/mgag200_mode.c | 7 ------- drivers/gpu/drm/rcar-du/rcar_du_lvdscon.c | 7 ------- drivers/gpu/drm/rockchip/dw-mipi-dsi.c | 7 ------- drivers/gpu/drm/shmobile/shmob_drm_crtc.c | 7 ------- drivers/gpu/drm/sti/sti_hda.c | 7 ------- drivers/gpu/drm/sun4i/sun4i_rgb.c | 7 ------- drivers/gpu/drm/sun4i/sun4i_tv.c | 7 ------- drivers/gpu/drm/tilcdc/tilcdc_panel.c | 8 -------- include/drm/drm_connector.h | 3 +++ 27 files changed, 14 insertions(+), 193 deletions(-) commit 5b0e34e1949ed580ac330041dccb0334b926554e Author: Pan Bian Date: Thu Dec 1 10:10:46 2016 +0800 block: mtip32xx: set error code on failure Fix bug https://bugzilla.kernel.org/show_bug.cgi?id=188531. In function mtip_block_initialize(), variable rv takes the return value, and its value should be negative on errors. rv is initialized as 0 and is not reset when the call to ida_pre_get() fails. So 0 may be returned. The return value 0 indicates that there is no error, which may be inconsistent with the execution status. This patch fixes the bug by explicitly assigning -ENOMEM to rv on the branch that ida_pre_get() fails. Signed-off-by: Pan Bian Signed-off-by: Jens Axboe drivers/block/mtip32xx/mtip32xx.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit d262920998c891dfd87cf73f823f0ff60e20cdad Author: Chaitanya Kulkarni Date: Wed Nov 30 12:29:02 2016 -0800 nvmet: add support for the Write Zeroes command Add support for handling write zeroes command on target. Call into __blkdev_issue_zeroout, which the block layer expands into the best suitable variant of zeroing the LBAs. Allow write zeroes operation to deallocate the LBAs when calling __blkdev_issue_zeroout. Signed-off-by: Chaitanya Kulkarni Reviewed-by: Christoph Hellwig Signed-off-by: Jens Axboe drivers/nvme/target/admin-cmd.c | 3 ++- drivers/nvme/target/io-cmd.c | 29 +++++++++++++++++++++++++++++ 2 files changed, 31 insertions(+), 1 deletion(-) commit 6d31e3ba232ea22458b2f36b6d3f2f9f11bf3fa4 Author: Chaitanya Kulkarni Date: Wed Nov 30 12:29:01 2016 -0800 nvme: add support for the Write Zeroes command Allow write zeroes operations (REQ_OP_WRITE_ZEROES) on the block device, if the device supports optional command bit set for write zeroes. Add support to setup write zeroes command. Set maximum possible write zeroes sectors in one write zeroes command according to nvme write zeroes command definition. Signed-off-by: Chaitanya Kulkarni Reviewed-by: Christoph Hellwig Signed-off-by: Jens Axboe drivers/nvme/host/core.c | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) commit 3b7c33b28a44d4621e365e090bf8bd332ab232a1 Author: Chaitanya Kulkarni Date: Wed Nov 30 12:29:00 2016 -0800 nvme.h: add Write Zeroes definitions Add the command structure, optional command set support (ONCS) bit and a new error code for the Write Zeroes command. Signed-off-by: Chaitanya Kulkarni Reviewed-by: Christoph Hellwig Signed-off-by: Jens Axboe include/linux/nvme.h | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) commit a6f0788ec2881ac14e97ff7fa6a78a807f87b5ba Author: Chaitanya Kulkarni Date: Wed Nov 30 12:28:59 2016 -0800 block: add support for REQ_OP_WRITE_ZEROES This adds a new block layer operation to zero out a range of LBAs. This allows to implement zeroing for devices that don't use either discard with a predictable zero pattern or WRITE SAME of zeroes. The prominent example of that is NVMe with the Write Zeroes command, but in the future, this should also help with improving the way zeroing discards work. For this operation, suitable entry is exported in sysfs which indicate the number of maximum bytes allowed in one write zeroes operation by the device. Signed-off-by: Chaitanya Kulkarni Reviewed-by: Christoph Hellwig Signed-off-by: Jens Axboe Documentation/ABI/testing/sysfs-block | 13 ++++++++ block/bio.c | 1 + block/blk-core.c | 4 +++ block/blk-lib.c | 58 +++++++++++++++++++++++++++++++++-- block/blk-merge.c | 17 +++++++--- block/blk-settings.c | 17 ++++++++++ block/blk-sysfs.c | 11 +++++++ block/blk-wbt.c | 5 +-- include/linux/bio.h | 25 ++++++++------- include/linux/blk_types.h | 2 ++ include/linux/blkdev.h | 19 ++++++++++++ 11 files changed, 153 insertions(+), 19 deletions(-) commit e73c23ff736e1ea371dfa419d7bf8e77ee53044a Author: Chaitanya Kulkarni Date: Wed Nov 30 12:28:58 2016 -0800 block: add async variant of blkdev_issue_zeroout Similar to __blkdev_issue_discard this variant allows submitting the final bio asynchronously and chaining multiple ranges into a single completion. Signed-off-by: Chaitanya Kulkarni Reviewed-by: Christoph Hellwig Signed-off-by: Jens Axboe block/blk-lib.c | 115 ++++++++++++++++++++++++++++++++++--------------- include/linux/blkdev.h | 3 ++ 2 files changed, 84 insertions(+), 34 deletions(-) commit b02d8aaea12463f573c5ef485c638ab12628dc5e Author: Damien Le Moal Date: Thu Dec 1 16:00:25 2016 +0900 block: Check partition alignment on zoned block devices Both blkdev_report_zones and blkdev_reset_zones can operate on a partition of a zoned block device. However, the first and last zones reported for a partition make sense only if the partition start sector and size are aligned on the device zone size. The same applies for zone reset. Resetting the first or the last zone of a partition straddling zones may impact neighboring partitions. Finally, if a partition start sector is not at the beginning of a sequential zone, it will be impossible to write to the first sectors of the partition on a host-managed device. Avoid all these problems and incoherencies by ignoring partitions that are not zone aligned. Note: Even with CONFIG_BLK_DEV_ZONED disabled, bdev_is_zoned() will report the correct disk zoning type (host-aware, host-managed or none) but bdev_zone_size() will always return 0 for zoned block devices (i.e. the zone size is unknown). So test this as a way to ensure that a zoned block device is being handled as such. As a result, for a host-aware devices, unaligned zone partitions will be accepted with CONFIG_BLK_DEV_ZONED disabled. That is, the disk will be treated as a regular block device (as it should). If zoned block device support is enabled, only aligned partitions will be accepted. Signed-off-by: Damien Le Moal Reviewed-by: Hannes Reinecke Signed-off-by: Jens Axboe block/partition-generic.c | 65 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 65 insertions(+) commit 365fe4e0ce218dc5ad10df17b150a366b6015499 Author: Antti Palosaari Date: Wed Nov 30 22:08:27 2016 -0200 [media] mn88472: fix chip id check on probe A register used to identify chip during probe was overwritten during firmware download and due to that later probe's for warm chip were failing. Detect chip from the another register, which is located on different register bank 2. Fixes: 94d0eaa41987 ("[media] mn88472: move out of staging to media") Cc: # v4.8+ Signed-off-by: Antti Palosaari Signed-off-by: Mauro Carvalho Chehab drivers/media/dvb-frontends/mn88472.c | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) commit d930b5b5bf122a61952cfebabb1e618682a2631a Author: Antti Palosaari Date: Wed Nov 30 19:36:14 2016 -0200 [media] mn88473: fix chip id check on probe A register used to identify chip during probe was overwritten during firmware download and due to that later probe's for warm chip were failing. Detect chip from the another register, which is located on different register bank 2. Fixes: 7908fad99a6c ("[media] mn88473: finalize driver") Cc: # v4.8+ Signed-off-by: Antti Palosaari Signed-off-by: Mauro Carvalho Chehab drivers/media/dvb-frontends/mn88473.c | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) commit b40769ee2ed09ed6c6da33b0cbdf423ff94f685b Author: Sean Young Date: Sat Nov 26 19:31:24 2016 -0200 [media] lirc: fix error paths in lirc_cdev_add() "c77d17c0 [media] lirc: use-after free" introduces two problems: cdev_del() can be called with a NULL argument, and the kobject_put() path will cause a double free. Reported-by: Dan Carpenter Signed-off-by: Sean Young Signed-off-by: Mauro Carvalho Chehab drivers/media/rc/lirc_dev.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) commit 47d03e48efa572109229aec9436948d92f44b689 Author: Alexandre Bailon Date: Mon Nov 28 17:30:54 2016 +0100 ARM: davinci_all_defconfig: Enable da8xx usb otg The musb driver is enabled but the phy and the glue for the da8xx are not enabled. Enable them. Signed-off-by: Alexandre Bailon Signed-off-by: Sekhar Nori arch/arm/configs/davinci_all_defconfig | 2 ++ 1 file changed, 2 insertions(+) commit 58bf454272d9761312792053c706b72a41f5e835 Author: Piotr Luc Date: Thu Oct 13 17:31:00 2016 +0200 cpufreq: intel_pstate: Add Knights Mill CPUID Add Knights Mill (KNM) to the list of CPUIDs supported by intel_pstate. Signed-off-by: Piotr Luc Reviewed-by: Dave Hansen Acked-by: Srinivas Pandruvada Signed-off-by: Rafael J. Wysocki drivers/cpufreq/intel_pstate.c | 1 + 1 file changed, 1 insertion(+) commit 993e5483a471869d0486dcc6c9691e2d41982aaf Author: Rafael J. Wysocki Date: Wed Nov 30 02:31:02 2016 +0100 MAINTAINERS: Add bug tracking system location entry for cpufreq The kernel Bugzilla is used for tracking cpufreq bugs, so document that. Signed-off-by: Rafael J. Wysocki Acked-by: Viresh Kumar Acked-by: Len Brown MAINTAINERS | 1 + 1 file changed, 1 insertion(+) commit 7937038a2b0979afeec72d86bed56f58e994913b Author: David Lechner Date: Mon Nov 28 10:40:26 2016 -0600 ARM: dts: da850: Add node for pullup/pulldown pinconf This SoC has a separate pin controller for configuring pullup/pulldown bias on groups of pins. Acked-by: Linus Walleij Signed-off-by: David Lechner Signed-off-by: Sekhar Nori arch/arm/boot/dts/da850.dtsi | 5 +++++ 1 file changed, 5 insertions(+) commit 4a057549d6044c2dea47e80f8369a76225ec9d90 Author: Baolin Wang Date: Mon Nov 28 14:35:21 2016 -0800 alarmtimer: Add tracepoints for alarm timers Alarm timers are one of the mechanisms to wake up a system from suspend, but there exist no tracepoints to analyse which process/thread armed an alarmtimer. Add tracepoints for start/cancel/expire of individual alarm timers and one for tracing the suspend time decision when to resume the system. The following trace excerpt illustrates the new mechanism: Binder:3292_2-3304 [000] d..2 149.981123: alarmtimer_cancel: alarmtimer:ffffffc1319a7800 type:REALTIME expires:1325463120000000000 now:1325376810370370245 Binder:3292_2-3304 [000] d..2 149.981136: alarmtimer_start: alarmtimer:ffffffc1319a7800 type:REALTIME expires:1325376840000000000 now:1325376810370384591 Binder:3292_9-3953 [000] d..2 150.212991: alarmtimer_cancel: alarmtimer:ffffffc1319a5a00 type:BOOTTIME expires:179552000000 now:150154008122 Binder:3292_9-3953 [000] d..2 150.213006: alarmtimer_start: alarmtimer:ffffffc1319a5a00 type:BOOTTIME expires:179551000000 now:150154025622 system_server-3000 [002] ...1 162.701940: alarmtimer_suspend: alarmtimer type:REALTIME expires:1325376840000000000 The wakeup time which is selected at suspend time allows to map it back to the task arming the timer: Binder:3292_2. [ tglx: Store alarm timer expiry time instead of some useless RTC relative information, add proper type information for wakeups which are handled via the clock_nanosleep/freezer and massage the changelog. ] Signed-off-by: Baolin Wang Signed-off-by: John Stultz Acked-by: Steven Rostedt Cc: Prarit Bhargava Cc: Richard Cochran Link: http://lkml.kernel.org/r/1480372524-15181-5-git-send-email-john.stultz@linaro.org Signed-off-by: Thomas Gleixner include/linux/alarmtimer.h | 5 ++ include/trace/events/alarmtimer.h | 96 +++++++++++++++++++++++++++++++++++++++ kernel/time/alarmtimer.c | 53 +++++++++++++++++---- 3 files changed, 144 insertions(+), 10 deletions(-) commit 31f8a651fc5784a9e6f482be5ef0dd111a535e88 Author: Thomas Gleixner Date: Thu Dec 1 13:26:58 2016 +0100 x86/tsc: Validate cpumask pointer before accessing it 0-day testing encountered a NULL pointer dereference in a cpumask access from tsc_store_and_check_tsc_adjust(). This happens when the function is called on the boot CPU and the topology masks are not yet available due to CPUMASK_OFFSTACK=y. Add a NULL pointer check for the mask pointer. If NULL it's safe to assume that the CPU is the boot CPU and the first one in the package. Fixes: 8b223bc7abe0 ("x86/tsc: Store and check TSC ADJUST MSR") Reported-by: kernel test robot Signed-off-by: Thomas Gleixner arch/x86/kernel/tsc_sync.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) commit 4e28ec3d5fe0b994fe87b2406d75d9c351ef4940 Merge: a2c1bc6 6af3399 Author: Rafael J. Wysocki Date: Thu Dec 1 14:39:51 2016 +0100 Merge back earlier cpuidle material for v4.10. commit 6af33995318fdfb4914fb1c5e67450fdb3d32084 Author: Rafael J. Wysocki Date: Wed Nov 30 02:33:07 2016 +0100 MAINTAINERS: Add Jacob Pan as a new intel_idle maintainer The intel_idle driver is going to be maintained by Jacob Pan now, so update MAINTAINERS accordingly. Signed-off-by: Rafael J. Wysocki Acked-by: Len Brown MAINTAINERS | 1 + 1 file changed, 1 insertion(+) commit e3cb0e47b9233a42f8c5865ad748666b6bbbc12f Author: Christoph Hellwig Date: Wed Nov 30 17:21:01 2016 +0100 scsi: isci: switch to pci_alloc_irq_vectors Signed-off-by: Christoph Hellwig Reviewed-by: Artur Paszkiewicz Signed-off-by: Martin K. Petersen drivers/scsi/isci/host.h | 1 - drivers/scsi/isci/init.c | 23 ++++++++++------------- 2 files changed, 10 insertions(+), 14 deletions(-) commit 2ed38cbe05e7ea27022e29d75e7b93c20ccc5eaa Author: Rafael J. Wysocki Date: Wed Nov 30 02:32:17 2016 +0100 MAINTAINERS: Add bug tracking system location entries for cpuidle The kernel Bugzilla is used for tracking bugs in the cpuidle core and intel_idle, so document that. Signed-off-by: Rafael J. Wysocki Acked-by: Len Brown MAINTAINERS | 2 ++ 1 file changed, 2 insertions(+) commit 173fcf80269969378c1ce4cb96b8f518f7081855 Author: Lv Zheng Date: Wed Nov 30 15:21:34 2016 +0800 ACPICA: Tables: Add an error message complaining driver bugs ACPICA commit 68af3c3aa238dd8040e846ac6b4827a016434d8d During early OS boot stage, drivers that have mapped system memory should unmap it during the same stage. Linux kernel has an error message indicating the unbalanced early memory mappings. This patch back ports such error message into ACPICA for the early table mappings, so that ACPICA development environment is also aware of this OS specific requirement and thus is able to ensure the consistent quality locally. Lv Zheng. Link: https://github.com/acpica/acpica/commit/68af3c3a Signed-off-by: Lv Zheng Signed-off-by: Bob Moore Signed-off-by: Rafael J. Wysocki drivers/acpi/acpica/tbxface.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) commit 170564d90b2e1fee4c85adc691f5b9c92e7813ea Author: Lv Zheng Date: Wed Nov 30 15:21:26 2016 +0800 ACPICA: Tables: Add acpi_tb_unload_table() ACPICA commit 80e24663b212daac0c32767fdbd8a46892292f1f This patch introduces acpi_tb_unload_table() to eliminate redundant code from acpi_ex_unload_table() and acpi_unload_parent_table(). No functional change. Lv Zheng. Link: https://github.com/acpica/acpica/commit/80e24663 Signed-off-by: Lv Zheng Signed-off-by: Bob Moore Signed-off-by: Rafael J. Wysocki drivers/acpi/acpica/actables.h | 2 ++ drivers/acpi/acpica/exconfig.c | 35 +----------------------------- drivers/acpi/acpica/tbdata.c | 48 ++++++++++++++++++++++++++++++++++++++++++ drivers/acpi/acpica/tbxfload.c | 31 +-------------------------- 4 files changed, 52 insertions(+), 64 deletions(-) commit 42cc87a55b0524b0ed178dd7949c52f9750711bc Author: Lv Zheng Date: Wed Nov 30 15:21:19 2016 +0800 ACPICA: Tables: Cleanup acpi_tb_install_and_load_table() ACPICA commit 7fdac0289faa1c28b91413c8e394e87372aa69e6 acpi_tb_install_and_load_table() can invoke acpi_tb_load_table() to eliminate redundant code. No functional change. Lv Zheng. Link: https://github.com/acpica/acpica/commit/7fdac028 Signed-off-by: Lv Zheng Signed-off-by: Bob Moore Signed-off-by: Rafael J. Wysocki drivers/acpi/acpica/actables.h | 3 +-- drivers/acpi/acpica/exconfig.c | 7 +++---- drivers/acpi/acpica/tbdata.c | 45 +++++------------------------------------- drivers/acpi/acpica/tbxfload.c | 7 +++---- 4 files changed, 12 insertions(+), 50 deletions(-) commit 760235cd6ca8ae0d7509055d75a0f1d8b3c60668 Author: Lv Zheng Date: Wed Nov 30 15:21:12 2016 +0800 ACPICA: Events: Fix acpi_ev_initialize_region() return value ACPICA commit 543342ab7a676f4eb0c9f100d349388a84dff0e8 This patch changes acpi_ev_initialize_region(), stop returning AE_NOT_EXIST from it so that, not only in acpi_ds_load2_end_op(), but all places invoking this function won't emit exceptions. The exception can be seen in acpi_ds_initialize_objects() when certain table loading mode is chosen. This patch also removes useless acpi_ns_locked from acpi_ev_initialize_region() as this function will always be invoked with interpreter lock held now, and the lock granularity has been tuned to lock around _REG execution, thus it is now handled by acpi_ex_exit_interpreter(). Lv Zheng. Link: https://github.com/acpica/acpica/commit/543342ab Signed-off-by: Lv Zheng Signed-off-by: Bob Moore Signed-off-by: Rafael J. Wysocki drivers/acpi/acpica/acevents.h | 4 +-- drivers/acpi/acpica/dsopcode.c | 2 +- drivers/acpi/acpica/dswload2.c | 13 +--------- drivers/acpi/acpica/evrgnini.c | 59 +++++++++++++++++------------------------- 4 files changed, 27 insertions(+), 51 deletions(-) commit f7cc87413b389c49e5bbc93aa65e6e67f475fb78 Author: Lv Zheng Date: Wed Nov 30 15:20:59 2016 +0800 ACPICA: Back port of "ACPICA: Dispatcher: Tune interpreter lock around AcpiEvInitializeRegion()" ACPICA commit bc481e758e54f7644fd0b657119ca7763d8b6a9c This is a back port result of the following commit: Commit: 8633db6b027952449e155a316f4ae3a530bbe18f Subject: ACPICA: Dispatcher: Fix interpreter locking around acpi_ev_initialize_region() Link: https://github.com/acpica/acpica/commit/bc481e75 Signed-off-by: Lv Zheng Signed-off-by: Bob Moore Signed-off-by: Rafael J. Wysocki drivers/acpi/acpica/dsinit.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 0d8f8efd32bace9f222fcc92d4a3132d877e5df6 Author: Colin Ian King Date: Tue Nov 29 16:27:17 2016 +0000 net: can: usb: kvaser_usb: fix spelling mistake of "outstanding" Trivial fix to spelling mistake "oustanding" to "outstanding" in comment and dev_dbg message. Signed-off-by: Colin Ian King Signed-off-by: Marc Kleine-Budde drivers/net/can/usb/kvaser_usb.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 08469bba2852da651ce7a047495685c10164c63b Author: Geert Uytterhoeven Date: Wed Nov 23 14:44:46 2016 +0100 can: rcar_canfd: Correct order of interrupt specifiers According to both DTS (example and actual files), and Linux driver code, the first interrupt specifier should be the Channel interrupt, while the second interrupt specifier should be the Global interrupt. Signed-off-by: Geert Uytterhoeven Acked-by: Ramesh Shanmugasundaram Acked-by: Rob Herring Signed-off-by: Marc Kleine-Budde Documentation/devicetree/bindings/net/can/rcar_canfd.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit b4e79e46936f713ca59120c68977e06be325d11c Author: Chris Paterson Date: Thu Nov 24 16:11:57 2016 +0000 can: rcar_canfd: Add r8a7796 support Signed-off-by: Chris Paterson Reviewed-by: Geert Uytterhoeven Acked-by: Marc Kleine-Budde Acked-by: Rob Herring Signed-off-by: Marc Kleine-Budde Documentation/devicetree/bindings/net/can/rcar_canfd.txt | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) commit 2f500e39ca96e3d2da911b79c9b63eb6134548de Author: Chris Paterson Date: Thu Nov 24 16:11:56 2016 +0000 can: rcar_can: Add r8a7796 support Signed-off-by: Chris Paterson Reviewed-by: Geert Uytterhoeven Acked-by: Marc Kleine-Budde Acked-by: Rob Herring Signed-off-by: Marc Kleine-Budde Documentation/devicetree/bindings/net/can/rcar_can.txt | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) commit 523db19bdc35ecb76fceeb83a0a34da8d78b2689 Author: Lv Zheng Date: Wed Nov 30 15:20:52 2016 +0800 ACPICA: Namespace: Add acpi_ns_handle_to_name() ACPICA commit f9fe27a68a90c9d32dd3156241a5e788fb6956ea This patch adds acpi_ns_handle_to_name() so that in the acpi_get_name(): 1. Logics can be made simpler, 2. Lock held for acpi_ns_handle_to_name() can also be applied to acpi_ns_handle_to_pathname(). The lock might be useless (see Link 1 below), but kept as acpi_get_name() is an external API. Except the lock correction, this patch is a functional no-op. BZ 1182, Lv Zheng. Link: https://github.com/acpica/acpica/commit/f9fe27a6 Link: https://bugs.acpica.org/show_bug.cgi?id=1182 [# 1] Signed-off-by: Lv Zheng Signed-off-by: Bob Moore Signed-off-by: Rafael J. Wysocki drivers/acpi/acpica/acnamesp.h | 3 +++ drivers/acpi/acpica/nsnames.c | 45 ++++++++++++++++++++++++++++++++++++++++++ drivers/acpi/acpica/nsxfname.c | 43 +++++++++++----------------------------- 3 files changed, 59 insertions(+), 32 deletions(-) commit d0ab6714c53c9d7f3e42b7ea2e108afbd7449305 Merge: e2174b0 69d4e42 Author: Rafael J. Wysocki Date: Thu Dec 1 14:24:54 2016 +0100 Merge back earlier ACPICA material for v4.10. commit d5fb3a138048798ce4cc4b4ced47d07d1794c577 Merge: c59f13b 384abd3 Author: Kalle Valo Date: Thu Dec 1 15:09:14 2016 +0200 Merge ath-next from git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/ath.git ath.git patches for 4.10. Major changes: ath10k * add spectral scan support for QCA6174 and QCA9377 families * show used tx bitrate with 10.4 firmware wil6210 * add power save mode support * add abort scan functionality * add support settings retry limit for short frames commit 5937d81a9613a98381c1571a159ac971ae02182c Author: Stephan Mueller Date: Thu Dec 1 08:22:37 2016 +0100 crypto: algif_aead - fix AIO handling of zero buffer Handle the case when the caller provided a zero buffer to sendmsg/sendpage. Such scenario is legal for AEAD ciphers when no plaintext / ciphertext and no AAD is provided and the caller only requests the generation of the tag value. Signed-off-by: Stephan Mueller Signed-off-by: Herbert Xu crypto/algif_aead.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit efad2b61ae258df4fb3896f5e7cd9c701f4979e6 Author: Herbert Xu Date: Thu Dec 1 13:45:05 2016 +0800 crypto: aes-ce - Make aes_simd_algs static The variable aes_simd_algs should be static. In fact if it isn't it causes build errors when multiple copies of aes-ce-glue.c are built into the kernel. Fixes: da40e7a4ba4d ("crypto: aes-ce - Convert to skcipher") Reported-by: kbuild test robot Signed-off-by: Herbert Xu arch/arm/crypto/aes-ce-glue.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit e2c1b82330bcd77ffeb6dc5a18a4c6ce8d3e1fd3 Author: Pan Bian Date: Thu Dec 1 10:04:43 2016 +0800 crypto: algif_skcipher - set error code when kcalloc fails Fix bug https://bugzilla.kernel.org/show_bug.cgi?id=188521. In function skcipher_recvmsg_async(), variable err takes the return value, and its value should be negative on failures. Because variable err may be reassigned and checked before calling kcalloc(), its value may be 0 (indicates no error) even if kcalloc() fails. This patch fixes the bug by explicitly assigning -ENOMEM to err when kcalloc() returns a NULL pointer. Signed-off-by: Pan Bian Signed-off-by: Herbert Xu crypto/algif_skcipher.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 37d8468108efb19b80aa8484534f8850ed60dbfb Author: Arnd Bergmann Date: Wed Nov 30 22:02:00 2016 +0100 crypto: caam - make aamalg_desc a proper module The drivers/crypto/caam/ directory is entered during build only for building modules when CONFIG_CRYPTO_DEV_FSL_CAAM=m, but CONFIG_CRYPTO_DEV_FSL_CAAM_CRYPTO_API_DESC is defined as a 'bool' symbol, meaning that caamalg_desc.c is always compiled into built-in code, or not at all, leading to a link failure: ERROR: "cnstr_shdsc_xts_ablkcipher_decap" [drivers/crypto/caam/caamalg.ko] undefined! ERROR: "cnstr_shdsc_xts_ablkcipher_encap" [drivers/crypto/caam/caamalg.ko] undefined! ERROR: "cnstr_shdsc_aead_givencap" [drivers/crypto/caam/caamalg.ko] undefined! ERROR: "cnstr_shdsc_aead_decap" [drivers/crypto/caam/caamalg.ko] undefined! ERROR: "cnstr_shdsc_aead_encap" [drivers/crypto/caam/caamalg.ko] undefined! ERROR: "cnstr_shdsc_aead_null_decap" [drivers/crypto/caam/caamalg.ko] undefined! ERROR: "cnstr_shdsc_aead_null_encap" [drivers/crypto/caam/caamalg.ko] undefined! ERROR: "cnstr_shdsc_rfc4106_decap" [drivers/crypto/caam/caamalg.ko] undefined! ERROR: "cnstr_shdsc_rfc4106_encap" [drivers/crypto/caam/caamalg.ko] undefined! ... Making caamalg_desc itself a loadable module fixes this configuration by ensuring the driver gets built. Aside from making the symbol 'tristate', I'm adding appropriate module metadata here. Fixes: 8cea7b66b821 ("crypto: caam - refactor encryption descriptors generation") Signed-off-by: Arnd Bergmann Signed-off-by: Herbert Xu drivers/crypto/caam/Kconfig | 2 +- drivers/crypto/caam/caamalg_desc.c | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) commit 9c0bc511e93cc7693f0147274edfb719f221b8c1 Author: Arnd Bergmann Date: Wed Nov 30 22:01:59 2016 +0100 crypto: caam - pass key buffers with typesafe pointers The 'key' field is defined as a 'u64' and used for two different pieces of information: either to store a pointer or a dma_addr_t. The former leads to a build error on 32-bit machines: drivers/crypto/caam/caamalg_desc.c: In function 'cnstr_shdsc_aead_null_encap': drivers/crypto/caam/caamalg_desc.c:67:27: error: cast to pointer from integer of different size [-Werror=int-to-pointer-cast] drivers/crypto/caam/caamalg_desc.c: In function 'cnstr_shdsc_aead_null_decap': drivers/crypto/caam/caamalg_desc.c:143:27: error: cast to pointer from integer of different size [-Werror=int-to-pointer-cast] Using a union to provide correct types gets rid of the warnings and as well as a couple of redundant casts. Fixes: db57656b0072 ("crypto: caam - group algorithm related params") Signed-off-by: Arnd Bergmann Signed-off-by: Herbert Xu drivers/crypto/caam/caamalg.c | 60 +++++++++++++++++++------------------- drivers/crypto/caam/caamalg_desc.c | 56 +++++++++++++++++------------------ drivers/crypto/caam/desc_constr.h | 5 +++- 3 files changed, 62 insertions(+), 59 deletions(-) commit 0be8a270b3f4af358549b8176c25be6972d86b35 Author: Herbert Xu Date: Wed Nov 30 21:17:24 2016 +0800 crypto: arm64/aes-ce-ccm - Fix AEAD decryption length This patch fixes the ARM64 CE CCM implementation decryption by using skcipher_walk_aead_decrypt instead of skcipher_walk_aead, which ensures the correct length is used when doing the walk. Fixes: cf2c0fe74084 ("crypto: aes-ce-ccm - Use skcipher walk interface") Reported-by: Ard Biesheuvel Signed-off-by: Herbert Xu arch/arm64/crypto/aes-ce-ccm-glue.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit ff330f7348bac51e01cb92a2cd7c31b454e404c3 Author: Baruch Siach Date: Wed Nov 30 15:16:11 2016 +0200 MAINTAINERS: add crypto headers to crypto entry Signed-off-by: Baruch Siach Signed-off-by: Herbert Xu MAINTAINERS | 1 + 1 file changed, 1 insertion(+) commit 8eea134c3787c731223f0f88ae35874ab06232d4 Author: Baruch Siach Date: Wed Nov 30 15:16:10 2016 +0200 crypt: doc - remove misleading mention of async API The asynchronous API is quite mature. Not mentioning is at all is probably better than saying it is under development. Signed-off-by: Baruch Siach Signed-off-by: Herbert Xu Documentation/crypto/api-intro.txt | 3 --- 1 file changed, 3 deletions(-) commit 450a6c30ef3bbedcb4af3d9eab0df24929d5db4a Author: Baruch Siach Date: Wed Nov 30 15:16:09 2016 +0200 crypto: doc - fix header file name Fixes: 8bc618d6a2e0 ("crypto: doc - Use ahash") Signed-off-by: Baruch Siach Signed-off-by: Herbert Xu Documentation/crypto/api-intro.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 864e0981fd1bc042c6e932d1731d358dde60fed9 Author: Baruch Siach Date: Wed Nov 30 15:16:08 2016 +0200 crypto: api - fix comment typo Signed-off-by: Baruch Siach Signed-off-by: Herbert Xu include/linux/crypto.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 34bc085c839cef85e3e795b1cee29514f69c3081 Author: Herbert Xu Date: Wed Nov 30 21:14:07 2016 +0800 crypto: skcipher - Add separate walker for AEAD decryption The AEAD decrypt interface includes the authentication tag in req->cryptlen. Therefore we need to exlucde that when doing a walk over it. This patch adds separate walker functions for AEAD encryption and decryption. Signed-off-by: Herbert Xu Reviewed-by: Ard Biesheuvel crypto/skcipher.c | 33 ++++++++++++++++++++++++++++++--- include/crypto/internal/skcipher.h | 4 ++++ 2 files changed, 34 insertions(+), 3 deletions(-) commit c59f13bbead475096bdfebc7ef59c12e180858de Author: Jes Sorensen Date: Tue Nov 29 18:59:02 2016 -0500 rtl8xxxu: Work around issue with 8192eu and 8723bu devices not reconnecting The H2C MEDIA_STATUS_RPT command for some reason causes 8192eu and 8723bu devices not being able to reconnect. Reported-by: Barry Day Cc: #4.8+ Signed-off-by: Jes Sorensen Signed-off-by: Kalle Valo drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c | 8 ++++++++ 1 file changed, 8 insertions(+) commit 384abd33d5d571361a0d8eb67e130aeccf2cb3db Author: Geliang Tang Date: Thu Nov 24 21:58:28 2016 +0800 ath5k: drop duplicate header vmalloc.h Drop duplicate header vmalloc.h from ath5k/debug.c. Signed-off-by: Geliang Tang Signed-off-by: Kalle Valo drivers/net/wireless/ath/ath5k/debug.c | 1 - 1 file changed, 1 deletion(-) commit 8ae5d62c7ebafb24d9795c5ce873b45bec6b3f03 Author: Lior David Date: Mon Nov 28 13:49:03 2016 +0200 wil6210: align to latest auto generated wmi.h Align to latest version of the auto generated wmi file describing the interface with FW. Signed-off-by: Lior David Signed-off-by: Maya Erez Signed-off-by: Kalle Valo drivers/net/wireless/ath/wil6210/wmi.h | 392 ++++++++++++++++++++++----------- 1 file changed, 264 insertions(+), 128 deletions(-) commit 615788200557d8a555bf7f02a365aee627400912 Author: Lior David Date: Mon Nov 28 13:49:02 2016 +0200 wil6210: add debugfs blobs for UCODE code and data Added new areas to fw_mappings area for UCODE code and data areas. The new areas are only exposed through debugfs blobs, and mainly needed to access UCODE logs. The change does not affect crash dumps because the newly added areas overlap with the "upper" area which is already dumped. Signed-off-by: Lior David Signed-off-by: Maya Erez Signed-off-by: Kalle Valo drivers/net/wireless/ath/wil6210/wil6210.h | 3 +- drivers/net/wireless/ath/wil6210/wil_crash_dump.c | 6 ++++ drivers/net/wireless/ath/wil6210/wmi.c | 39 +++++++++++++++-------- 3 files changed, 33 insertions(+), 15 deletions(-) commit 1db226ffe1c2ab900cffb1d71f042e565f77775d Author: Maya Erez Date: Mon Nov 28 13:49:01 2016 +0200 wil6210: validate wil_pmc_alloc parameters num_descriptors and descriptor_size needs to be checked for: 1) not being negative values 2) no overflow occurs when these are multiplied together as done in wil_pmc_read. An overflow of two signed integers is undefined behavior. Signed-off-by: Maya Erez Signed-off-by: Kalle Valo drivers/net/wireless/ath/wil6210/pmc.c | 55 ++++++++++++++++++++++++++++++---- 1 file changed, 49 insertions(+), 6 deletions(-) commit bb6743f7c2ffc467002dfe24bea5dedc96c7da04 Author: Lior David Date: Mon Nov 28 13:49:00 2016 +0200 wil6210: delay remain on channel when scan is active Currently it was possible to call remain_on_channel(ROC) while scan was active and this caused a crash in the FW. In order to fix this problem and make the behavior consistent with other drivers, queue the ROC in case a scan is active and try it again when scan is done. As part of the fix, clean up some locking issues and return error if scan is called while ROC is active. Signed-off-by: Lior David Signed-off-by: Maya Erez Signed-off-by: Kalle Valo drivers/net/wireless/ath/wil6210/cfg80211.c | 45 ++++----- drivers/net/wireless/ath/wil6210/main.c | 2 + drivers/net/wireless/ath/wil6210/p2p.c | 150 +++++++++++++++++++++------- drivers/net/wireless/ath/wil6210/wil6210.h | 9 +- drivers/net/wireless/ath/wil6210/wmi.c | 4 + 5 files changed, 149 insertions(+), 61 deletions(-) commit 982a6151f6f1296725de241a17932a3ecdd359d2 Author: Anthony Romano Date: Sun Nov 27 20:27:57 2016 -0800 ath9k_htc: don't use HZ for usb msg timeouts The usb_*_msg() functions expect a timeout in msecs but are given HZ, which is ticks per second. If HZ=100, firmware download often times out when there is modest USB utilization and the device fails to initialize. Replaces HZ in usb_*_msg timeouts with 1000 msec since HZ is one second for timeouts in jiffies. Signed-off-by: Anthony Romano Acked-by: Oleksij Rempel Signed-off-by: Kalle Valo drivers/net/wireless/ath/ath9k/hif_usb.c | 9 +++++---- drivers/net/wireless/ath/ath9k/hif_usb.h | 2 ++ 2 files changed, 7 insertions(+), 4 deletions(-) commit 8ca5a6078d6d09ac50d9c39c214df3284f0d2efb Author: Bhumika Goyal Date: Sun Nov 27 22:33:26 2016 +0530 ath9k: constify ath_bus_ops structure Declare the structure ath_bus_ops as const as it is only passed as an argument to the function ath9k_init_device. This argument is of type const struct ath_bus_ops *, so ath_bus_ops structures with this property can be declared as const. Done using Coccinelle: @r1 disable optional_qualifier @ identifier i; position p; @@ static struct ath_bus_ops i@p = {...}; @ok1@ identifier r1.i; position p; expression e1,e2; @@ ath9k_init_device(e1,e2,&i@p) @bad@ position p!={r1.p,ok1.p}; identifier r1.i; @@ i@p @depends on !bad disable optional_qualifier@ identifier r1.i; @@ static +const struct ath_bus_ops i={...}; @depends on !bad disable optional_qualifier@ identifier r1.i; @@ +const struct ath_bus_ops i; File size before: text data bss dec hex filename 1295 232 0 1527 5f7 ath/ath9k/ahb.o File size after: text data bss dec hex filename 1359 176 0 1535 5ff ath/ath9k/ahb.o Signed-off-by: Bhumika Goyal Signed-off-by: Kalle Valo drivers/net/wireless/ath/ath9k/ahb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 43ca92d380a85996429601f0d337cbd58b4e5bf9 Author: Ben Greear Date: Tue Nov 29 14:00:28 2016 -0800 ath10k: wmi-alloc-chunk should use DMA_BIDIRECTIONAL These memory chunks are often used as 'swap' by the NIC, so it will be both reading and writing to these areas. This seems to fix errors like this on my x86-64 machine: kernel: DMAR: DMAR:[DMA Write] Request device [05:00.0] fault addr ff5de000 DMAR:[fault reason 05] PTE Write access is not set Tested-by: Marek Behun Signed-off-by: Ben Greear Signed-off-by: Kalle Valo drivers/net/wireless/ath/ath10k/wmi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 9ec34a86195a65953269d3ee97b90308f469e14c Author: Mohammed Shafi Shajakhan Date: Wed Nov 30 15:20:14 2016 +0530 ath10k: fix Tx DMA alloc failure during continuous wifi down/up With maximum number of vap's configured in a two radio supported systems of ~256 Mb RAM, doing a continuous wifi down/up and intermittent traffic streaming from the connected stations results in failure to allocate contiguous memory for tx buffers. This results in the disappearance of all VAP's and a manual reboot is needed as this is not a crash (or) OOM(for OOM killer to be invoked). To address this allocate contiguous memory for tx buffers one time and re-use them until the modules are unloaded but this results in a slight increase in memory footprint of ath10k when the wifi is down, but the modules are still loaded. Also as of now we use a separate bool 'tx_mem_allocated' to keep track of the one time memory allocation, as we cannot come up with something like 'ath10k_tx_{register,unregister}' before 'ath10k_probe_fw' is called as 'ath10k_htt_tx_alloc_cont_frag_desc' memory allocation is dependent on the hw_param 'continuous_frag_desc' a) memory footprint of ath10k without the change lsmod | grep ath10k ath10k_core 414498 1 ath10k_pci ath10k_pci 38236 0 b) memory footprint of ath10k with the change ath10k_core 414980 1 ath10k_pci ath10k_pci 38236 0 Memory Failure Call trace: hostapd: page allocation failure: order:6, mode:0xd0 [] (__dma_alloc_buffer.isra.23) from [] (__alloc_remap_buffer.isra.26+0x14/0xb8) [] (__alloc_remap_buffer.isra.26) from [] (__dma_alloc+0x224/0x2b8) [] (__dma_alloc) from [] (arm_dma_alloc+0x84/0x90) [] (arm_dma_alloc) from [] (ath10k_htt_tx_alloc+0xe0/0x2e4 [ath10k_core]) [] (ath10k_htt_tx_alloc [ath10k_core]) from [] (ath10k_core_start+0x538/0xcf8 [ath10k_core]) [] (ath10k_core_start [ath10k_core]) from [] (ath10k_start+0xbc/0x56c [ath10k_core]) [] (ath10k_start [ath10k_core]) from [] (drv_start+0x40/0x5c [mac80211]) [] (drv_start [mac80211]) from [] (ieee80211_do_open+0x170/0x82c [mac80211]) [] (ieee80211_do_open [mac80211]) from [] (__dev_open+0xa0/0xf4) [21053.491752] Normal: 641*4kB (UEMR) 505*8kB (UEMR) 330*16kB (UEMR) 126*32kB (UEMR) 762*64kB (UEMR) 237*128kB (UEMR) 1*256kB (M) 0*512kB 0*1024kB 0*2048kB 0*4096kB = 95276kB Signed-off-by: Mohammed Shafi Shajakhan Signed-off-by: Kalle Valo drivers/net/wireless/ath/ath10k/core.c | 5 +-- drivers/net/wireless/ath/ath10k/htt.h | 6 +++- drivers/net/wireless/ath/ath10k/htt_tx.c | 54 +++++++++++++++++++++++++------- 3 files changed, 51 insertions(+), 14 deletions(-) commit c2cac2f74ab4bcf0db0dcf3a612f1e5b52d145c8 Author: Mohammed Shafi Shajakhan Date: Wed Nov 30 10:59:29 2016 +0530 ath10k: fix soft lockup during firmware crash/hw-restart During firmware crash (or) user requested manual restart the system gets into a soft lock up state because of the below root cause. During user requested hardware restart / firmware crash the system goes into a soft lockup state as 'napi_synchronize' is called after 'napi_disable' (which sets 'NAPI_STATE_SCHED' bit) and it sleeps into infinite loop as it waits for 'NAPI_STATE_SCHED' to be cleared. This condition is hit because 'ath10k_hif_stop' is called twice as below (resulting in calling 'napi_synchronize' after 'napi_disable') 'ath10k_core_restart' -> 'ath10k_hif_stop' (ATH10K_STATE_ON) -> -> 'ieee80211_restart_hw' -> 'ath10k_start' -> 'ath10k_halt' -> 'ath10k_core_stop' -> 'ath10k_hif_stop' (ATH10K_STATE_RESTARTING) Fix this by calling 'ath10k_halt' in ath10k_core_restart itself as it makes more sense before informing mac80211 to restart h/w Also remove 'ath10k_halt' in ath10k_start for the state of 'restarting' Fixes: 3c97f5de1f28 ("ath10k: implement NAPI support") Cc: # v4.9 Signed-off-by: Mohammed Shafi Shajakhan Signed-off-by: Kalle Valo drivers/net/wireless/ath/ath10k/core.c | 2 +- drivers/net/wireless/ath/ath10k/mac.c | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) commit 4e322f7db51a52caa3d2c1f795ba26dacdcf8fde Author: Erik Stromdahl Date: Sun Nov 27 20:37:20 2016 +0100 ath10k: fix TLV set regdomain command There is a typo bug in the current implementation of ath10k_wmi_tlv_op_gen_pdev_set_rd. The conformance test limits are not set up properly. The two arguments ctl2g and ctl5g were not used at all. Instead, the regdomain arguments rd2g and rd5g were used for the ctl settings as well. Signed-off-by: Erik Stromdahl Signed-off-by: Kalle Valo drivers/net/wireless/ath/ath10k/wmi-tlv.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 335967276bb6c9ca6a16e5aa0e61ae5e22ddff6f Author: Michael Ellerman Date: Thu Dec 1 20:50:46 2016 +1100 powerpc: Make selects of IBM_EMAC_* depend on IBM_EMAC We have a bunch of Kconfig symbols which select various IBM_EMAC_* symbols. These all cause warnings when IBM_EMAC is not selected. eg. warning: (PPC_CELL_NATIVE && BLUESTONE && CANYONLANDS && GLACIER && EIGER && 440EPX && 440GRX && 440GX && 460SX && 405EX) selects IBM_EMAC_RGMII which has unmet direct dependencies (NETDEVICES && ETHERNET && NET_VENDOR_IBM) So make them all depend on IBM_EMAC being enabled first. Signed-off-by: Michael Ellerman arch/powerpc/platforms/40x/Kconfig | 12 ++++---- arch/powerpc/platforms/44x/Kconfig | 56 ++++++++++++++++++------------------- arch/powerpc/platforms/cell/Kconfig | 8 +++--- 3 files changed, 38 insertions(+), 38 deletions(-) commit 577ec789a79eb34f85a26c01f3851671b0d80e2e Author: Michael Ellerman Date: Thu Dec 1 20:50:45 2016 +1100 powerpc/cell: Drop select of MEMORY_HOTPLUG SPU_FS selects MEMORY_HOTPLUG, which is problematic because MEMORY_HOTPLUG is user selectable, meaning we can end up with a broken .config where MEMORY_HOTPLUG is enabled but its dependencies are not, leading to build breakages. The select of MEMORY_HOTPLUG for SPU_FS was added back in 2006, in commit 4da30d15b6d5 ("[POWERPC] spufs: fix memory hotplug dependency"). However we reworked the spufs code and removed the dependency on memory hotplug in 2007 in commit 78bde53e351b ("[POWERPC] spufs: remove need for struct page for SPEs"). So drop the select as it's no longer needed and causes problems. Signed-off-by: Michael Ellerman arch/powerpc/platforms/cell/Kconfig | 1 - 1 file changed, 1 deletion(-) commit 5246c540073fb3d6f9aae87215f297e4895e89b3 Author: Borislav Petkov Date: Thu Dec 1 11:35:07 2016 +0100 EDAC, amd64: Improve amd64-specific printing macros Prefix the warn and error macros with the respective string so that callers don't have to say "Error" or "Warning". We save us string length this way in the actual calls. While at it, shorten the calls in reserve_mc_sibling_devs(). Signed-off-by: Borislav Petkov Cc: Dan Carpenter Cc: Yazen Ghannam drivers/edac/amd64_edac.c | 16 ++++++---------- drivers/edac/amd64_edac.h | 4 ++-- 2 files changed, 8 insertions(+), 12 deletions(-) commit 87fedb974e0ceaf2a4200b7abb64054fa031cf85 Author: Zefir Kurtisi Date: Fri Nov 25 17:51:58 2016 +0200 ath9k: feed only active spectral / dfs-detector Radar pulse and spectral scan reports are provided by the HW with the ATH9K_RXERR_PHY flag set. Those are forwarded to the dfs-detector and spectral module for further processing. For some older chips, the pre-conditions checked in those modules are ambiguous, since ATH9K_PHYERR_RADAR is used to tag both types. As a result, spectral frames are fed into the dfs-detector and vice versa. This could lead to a false radar detection on a non-DFS channel (which is uncritical), but more relevant it causes useless CPU load for processing invalid frames. This commit ensures that the dfs-detector and spectral collector are only fed when they are active. Signed-off-by: Zefir Kurtisi Signed-off-by: Kalle Valo drivers/net/wireless/ath/ath9k/recv.c | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) commit 87291e5dbae94da1ddd3966272e0d7d6dc7232f1 Author: Lucas Stach Date: Wed Nov 30 12:48:10 2016 +0100 drm/bridge: tc358767: don't warn if display side ASSR enable fails ASSR is an optional feature, so it's a valid operating condition for the display to reject ASSR enable. Demote the warning to the debug level. Acked-by: Philipp Zabel Acked-by:Andrey Gusakov Signed-off-by: Lucas Stach Signed-off-by: Archit Taneja Link: http://patchwork.freedesktop.org/patch/msgid/20161130114810.3245-1-l.stach@pengutronix.de drivers/gpu/drm/bridge/tc358767.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit e16769d4bca67218531505ad1a8365d227fedcf9 Author: Andrzej Pietrasiewicz Date: Mon Nov 28 13:22:42 2016 +0100 fs: configfs: don't return anything from drop_link Documentation/filesystems/configfs/configfs.txt says: "When unlink(2) is called on the symbolic link, the source item is notified via the ->drop_link() method. Like the ->drop_item() method, this is a void function and cannot return failure." The ->drop_item() is indeed a void function, the ->drop_link() is actually not. This, together with the fact that the value of ->drop_link() is silently ignored suggests, that it is the ->drop_link() return type that should be corrected and changed to void. This patch changes drop_link() signature and all its users. Signed-off-by: Andrzej Pietrasiewicz [hch: reverted reformatting of some code] Signed-off-by: Christoph Hellwig Documentation/filesystems/configfs/configfs.txt | 2 +- drivers/nvme/target/configfs.c | 10 ++++------ drivers/target/target_core_fabric_configfs.c | 7 +++---- drivers/usb/gadget/configfs.c | 8 +++----- drivers/usb/gadget/function/uvc_configfs.c | 25 +++++-------------------- include/linux/configfs.h | 2 +- 6 files changed, 17 insertions(+), 37 deletions(-) commit 2db029ef58ab7c47cecab5fe73fa6e3ae6663ecf Author: Nathan Fontenot Date: Mon Nov 28 11:50:45 2016 -0500 powerpc/pseries: Use lmb_is_removable() to check removability We should be using lmb_is_removable() to validate that enough LMBs are available to remove when doing a remove by count. This will check that the LMB is owned by the system and it is considered removable. This patch also adds a pr_info() notification to report the LMB count to remove was not satisfied. What we do now is just check that there are enough LMBs owned by the system when validating there are enough LMBs to remove. This can lead to situations where there are enough LMBs owned by the system but not enough that are considered removable. This results in having to bail out of the remove operation instead of just failing the request that we should have known wouldn't succeed. Signed-off-by: Nathan Fontenot Signed-off-by: Michael Ellerman arch/powerpc/platforms/pseries/hotplug-memory.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) commit cc98e6ce6abe1c0103cbd7aff1ee586622a9361e Author: Chris Wilson Date: Wed Nov 30 20:51:26 2016 +0000 drm: Initialise drm_mm.head_node.allocated commit 202b52b7fbf7 ("drm: Track drm_mm nodes with an interval tree") introduced a requirement that the special drm_mm.head_node was initialised and marked as not being allocated. It is a very special node that has no side but has a hole that represents the drm_mm address space, and holds the list of nodes. Since it is not a real node, it is not part of the node rbtree and we detect this as it being unallocated. This presumed that drm_mm_init() was initialising it to zero. It happens that i915 kzallocs its objects and so it was accidentally setting it, but for generic use we cannot make that assumption. [ 22.981519] general protection fault: 0000 [#1] SMP [ 22.981521] Modules linked in: test_drm_mm(+) ctr ccm arc4 rt2800usb rt2x00usb rt2800lib rt2x00lib crc_ccitt mac80211 cmac rfcomm bnep snd_hda_codec_realtek snd_hda_codec_hdmi snd_hda_codec_generic snd_hda_intel dcdbas snd_hda_codec x86_pkg_temp_thermal intel_powerclamp btusb snd_hda_core coretemp crct10dif_pclmul cfg80211 btrtl btbcm btintel bluetooth crc32_pclmul ghash_clmulni_intel aesni_intel snd_pcm i2c_hid aes_x86_64 lrw gf128mul glue_helper ablk_helper cryptd snd_timer hid_multitouch snd joydev serio_raw lpc_ich mfd_core i2c_designware_platform i2c_designware_core 8250_dw binfmt_misc soundcore acpi_pad nls_iso8859_1 usbhid hid psmouse ahci libahci [last unloaded: test_drm_mm] [ 22.981544] CPU: 1 PID: 2088 Comm: drm_mm Tainted: G W 4.9.0-rc7+ #234 [ 22.981545] Hardware name: Dell Inc. XPS 13 9343/0310JH, BIOS A07 11/11/2015 [ 22.981546] task: ffff88020c971cc0 task.stack: ffffc90001728000 [ 22.981547] RIP: 0010:[] [] drm_mm_interval_tree_add_node+0xa0/0xd0 [ 22.981551] RSP: 0018:ffffc9000172ba98 EFLAGS: 00010202 [ 22.981552] RAX: 0f0000c69cf63d80 RBX: ffff88020be00000 RCX: ffff88020be00000 [ 22.981553] RDX: 0000000000000fff RSI: ffffc9000172bc48 RDI: ffffffff810ac4df [ 22.981553] RBP: ffffc9000172bb08 R08: ffffc9000172bc70 R09: 0000000000000fff [ 22.981554] R10: ffffffff810ac4d7 R11: 4dc04d8b4cffffe5 R12: 0000000000001000 [ 22.981555] R13: ffffc9000172bbd0 R14: ffffc9000172bbe0 R15: 0000000002000000 [ 22.981556] FS: 00007f80c9fab740(0000) GS:ffff88021f480000(0000) knlGS:0000000000000000 [ 22.981557] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 22.981558] CR2: 00007f80c9fd5000 CR3: 000000020c191000 CR4: 00000000003406e0 [ 22.981559] Stack: [ 22.981560] ffffffff81405d09 ffff88020be00000 ffffc9000172bbe0 000000000172bb08 [ 22.981562] ffffffffffffffff 0000000000000000 0000000000000000 0000000000000000 [ 22.981563] 0000000002000000 0000000002000000 ffffffffa02f3000 ffff88020be00000 [ 22.981565] Call Trace: [ 22.981568] [] ? drm_mm_insert_node_generic+0x229/0x310 [ 22.981570] [] ? 0xffffffffa02f3000 [ 22.981572] [] __subtest_insert_range.constprop.7+0xd1/0x5b0 [test_drm_mm] [ 22.981575] [] ? default_wake_function+0x12/0x20 [ 22.981576] [] ? __wake_up_common+0x55/0x90 [ 22.981578] [] ? sched_clock_cpu+0x72/0xa0 [ 22.981581] [] ? irq_work_queue+0xd/0x80 [ 22.981582] [] ? wake_up_klogd+0x34/0x40 [ 22.981584] [] ? console_unlock+0x4cd/0x530 [ 22.981585] [] ? vprintk_emit+0x2d7/0x490 [ 22.981587] [] ? vprintk_default+0x1f/0x30 [ 22.981589] [] ? printk+0x4d/0x4f [ 22.981590] [] ? 0xffffffffa02f3000 [ 22.981592] [] subtest_insert_range+0x15/0x80 [test_drm_mm] [ 22.981594] [] test_drm_mm_init+0x88/0x1000 [test_drm_mm] [ 22.981597] [] do_one_initcall+0x3d/0x150 [ 22.981600] [] ? kfree+0x13f/0x180 [ 22.981602] [] do_init_module+0x60/0x1f1 [ 22.981606] [] load_module+0x2228/0x2790 [ 22.981608] [] ? __symbol_put+0x40/0x40 [ 22.981612] [] ? kernel_read+0x41/0x60 [ 22.981614] [] SYSC_finit_module+0x96/0xd0 [ 22.981617] [] SyS_finit_module+0xe/0x10 [ 22.981620] [] entry_SYSCALL_64_fastpath+0x17/0x98 [ 22.981622] Code: c7 41 30 00 00 00 00 48 89 e5 48 89 3a 48 c7 c2 20 4e 40 81 e8 b2 a1 f0 ff 5d c3 48 8d 56 78 45 31 d2 48 89 d6 eb 25 48 8b 51 58 <48> 39 50 38 73 04 48 89 50 38 4c 8b 58 28 4c 39 59 48 48 8d 50 [ 22.981651] RIP [] drm_mm_interval_tree_add_node+0xa0/0xd0 [ 22.981655] RSP Testcase: igt/drm_mm Fixes: 202b52b7fbf7 ("drm: Track drm_mm nodes with an interval tree") Signed-off-by: Chris Wilson Cc: David Herrmann Cc: dri-devel@lists.freedesktop.org Cc: Daniel Vetter Cc: # v4.9-rc1+ Signed-off-by: Daniel Vetter Link: http://patchwork.freedesktop.org/patch/msgid/20161130205126.31106-1-chris@chris-wilson.co.uk drivers/gpu/drm/drm_mm.c | 1 + 1 file changed, 1 insertion(+) commit bbbe775ec5b5dace43a35886da9924837da09ddd Author: Neil Armstrong Date: Thu Nov 10 15:29:37 2016 +0100 drm: Add support for Amlogic Meson Graphic Controller The Amlogic Meson Display controller is composed of several components : DMC|---------------VPU (Video Processing Unit)----------------|------HHI------| | vd1 _______ _____________ _________________ | | D |-------| |----| | | | | HDMI PLL | D | vd2 | VIU | | Video Post | | Video Encoders |<---|-----VCLK | R |-------| |----| Processing | | | | | | osd2 | | | |---| Enci ----------|----|-----VDAC------| R |-------| CSC |----| Scalers | | Encp ----------|----|----HDMI-TX----| A | osd1 | | | Blenders | | Encl ----------|----|---------------| M |-------|______|----|____________| |________________| | | ___|__________________________________________________________|_______________| VIU: Video Input Unit --------------------- The Video Input Unit is in charge of the pixel scanout from the DDR memory. It fetches the frames addresses, stride and parameters from the "Canvas" memory. This part is also in charge of the CSC (Colorspace Conversion). It can handle 2 OSD Planes and 2 Video Planes. VPP: Video Post Processing -------------------------- The Video Post Processing is in charge of the scaling and blending of the various planes into a single pixel stream. There is a special "pre-blending" used by the video planes with a dedicated scaler and a "post-blending" to merge with the OSD Planes. The OSD planes also have a dedicated scaler for one of the OSD. VENC: Video Encoders -------------------- The VENC is composed of the multiple pixel encoders : - ENCI : Interlace Video encoder for CVBS and Interlace HDMI - ENCP : Progressive Video Encoder for HDMI - ENCL : LCD LVDS Encoder The VENC Unit gets a Pixel Clocks (VCLK) from a dedicated HDMI PLL and clock tree and provides the scanout clock to the VPP and VIU. The ENCI is connected to a single VDAC for Composite Output. The ENCI and ENCP are connected to an on-chip HDMI Transceiver. This driver is a DRM/KMS driver using the following DRM components : - GEM-CMA - PRIME-CMA - Atomic Modesetting - FBDev-CMA For the following SoCs : - GXBB Family (S905) - GXL Family (S905X, S905D) - GXM Family (S912) The current driver only supports the CVBS PAL/NTSC output modes, but the CRTC/Planes management should support bigger modes. But Advanced Colorspace Conversion, Scaling and HDMI Modes will be added in a second time. The Device Tree bindings makes use of the endpoints video interface definitions to connect to the optional CVBS and in the future the HDMI Connector nodes. HDMI Support is planned for a next release. Acked-by: Daniel Vetter Signed-off-by: Neil Armstrong drivers/gpu/drm/Kconfig | 2 + drivers/gpu/drm/Makefile | 1 + drivers/gpu/drm/meson/Kconfig | 9 + drivers/gpu/drm/meson/Makefile | 4 + drivers/gpu/drm/meson/meson_canvas.c | 68 ++ drivers/gpu/drm/meson/meson_canvas.h | 42 + drivers/gpu/drm/meson/meson_crtc.c | 208 +++++ drivers/gpu/drm/meson/meson_crtc.h | 32 + drivers/gpu/drm/meson/meson_drv.c | 343 ++++++++ drivers/gpu/drm/meson/meson_drv.h | 59 ++ drivers/gpu/drm/meson/meson_plane.c | 230 +++++ drivers/gpu/drm/meson/meson_plane.h | 30 + drivers/gpu/drm/meson/meson_registers.h | 1395 +++++++++++++++++++++++++++++++ drivers/gpu/drm/meson/meson_vclk.c | 167 ++++ drivers/gpu/drm/meson/meson_vclk.h | 34 + drivers/gpu/drm/meson/meson_venc.c | 254 ++++++ drivers/gpu/drm/meson/meson_venc.h | 72 ++ drivers/gpu/drm/meson/meson_venc_cvbs.c | 293 +++++++ drivers/gpu/drm/meson/meson_venc_cvbs.h | 41 + drivers/gpu/drm/meson/meson_viu.c | 331 ++++++++ drivers/gpu/drm/meson/meson_viu.h | 64 ++ drivers/gpu/drm/meson/meson_vpp.c | 162 ++++ drivers/gpu/drm/meson/meson_vpp.h | 35 + 23 files changed, 3876 insertions(+) commit af8bc2fb99d4eea2d026d42db18abc5f3876936a Author: Bryan Thompson Date: Thu Dec 1 01:31:14 2016 -0500 staging: unisys: visorbus: Remove two passthrough postcode macros Remove two passthrough macros that are only called from a single location and make the resultant vmcall directly. Signed-off-by: Bryan Thompson Signed-off-by: David Kershner Signed-off-by: Greg Kroah-Hartman drivers/staging/unisys/visorbus/vmcallinterface.h | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) commit c6bc82f144e901d84e3eb0355a2d6c47fd662956 Author: Bryan Thompson Date: Thu Dec 1 01:31:13 2016 -0500 staging: unisys: visorbus: Remove POSTCODE_SEVERITY levels Use the already defined DIAG_SEVERITY values directly instead of special postcode macro names. Signed-off-by: Bryan Thompson Signed-off-by: David Kershner Signed-off-by: Greg Kroah-Hartman drivers/staging/unisys/visorbus/visorbus_main.c | 24 +++---- drivers/staging/unisys/visorbus/visorchipset.c | 86 +++++++++++------------ drivers/staging/unisys/visorbus/vmcallinterface.h | 4 -- 3 files changed, 55 insertions(+), 59 deletions(-) commit a96b44f058a0e895163afc424079e2075a3dd156 Author: Bryan Thompson Date: Thu Dec 1 01:31:12 2016 -0500 staging: unisys: visorbus: Fix spelling error (FAIULRE to FAILURE) There were two instances of FAILURE being misspelled in the s-Par firmware postcode event enum that are fixed. Signed-off-by: Bryan Thompson Signed-off-by: David Kershner Signed-off-by: Greg Kroah-Hartman drivers/staging/unisys/visorbus/visorchipset.c | 4 ++-- drivers/staging/unisys/visorbus/vmcallinterface.h | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) commit df4c13921eed9e0d5a01b578d78d4c3944903a19 Author: Bryan Thompson Date: Thu Dec 1 01:31:11 2016 -0500 staging: unisys: visorbus: Remove unused values from guestlinuxdebug Remove guestlinuxdebug enum values that are no longer being used and renumber remaining values accordingly. Signed-off-by: Bryan Thompson Signed-off-by: David Kershner Signed-off-by: Greg Kroah-Hartman drivers/staging/unisys/visorbus/vmcallinterface.h | 125 ++++++---------------- 1 file changed, 34 insertions(+), 91 deletions(-) commit 3d118a421b7e81152de3770ebacbd0aee47ef79e Author: Bryan Thompson Date: Thu Dec 1 01:31:10 2016 -0500 staging: unisys: visorbus: Update visorchipset postcode values The visorchipset.c functionality was moved into the visorbus driver previously. This patch updates the s-Par firmware postcode values to reflect this status. Signed-off-by: Bryan Thompson Signed-off-by: David Kershner Signed-off-by: Greg Kroah-Hartman drivers/staging/unisys/visorbus/visorchipset.c | 2 +- drivers/staging/unisys/visorbus/vmcallinterface.h | 11 +---------- 2 files changed, 2 insertions(+), 11 deletions(-) commit f30c2c355cbd7095a949e5db374e82260435d2cc Author: Bryan Thompson Date: Thu Dec 1 01:31:09 2016 -0500 staging: unisys: visorbus: Remove POSTCODE_LINUX_4 macro Call POSTCODE_LINUX directly instead of passing through POSTCODE_LINUX_4. Signed-off-by: Bryan Thompson Signed-off-by: David Kershner Signed-off-by: Greg Kroah-Hartman drivers/staging/unisys/visorbus/visorbus_main.c | 16 ++++---- drivers/staging/unisys/visorbus/visorchipset.c | 48 +++++++++++------------ drivers/staging/unisys/visorbus/vmcallinterface.h | 5 --- 3 files changed, 32 insertions(+), 37 deletions(-) commit 6daa8205e11be31587eeab171ce4ef6648bb0e39 Author: Bryan Thompson Date: Thu Dec 1 01:31:08 2016 -0500 staging: unisys: visorbus: Remove POSTCODE_LINUX_3 macro Call POSTCODE_LINUX directly instead of passing through POSTCODE_LINUX_3. Signed-off-by: Bryan Thompson Signed-off-by: David Kershner Signed-off-by: Greg Kroah-Hartman drivers/staging/unisys/visorbus/visorbus_main.c | 24 +++++------ drivers/staging/unisys/visorbus/visorchipset.c | 50 +++++++++++------------ drivers/staging/unisys/visorbus/vmcallinterface.h | 4 -- 3 files changed, 37 insertions(+), 41 deletions(-) commit 3840b772f58df3bcd89cfc4a893b10759b161989 Author: Bryan Thompson Date: Thu Dec 1 01:31:07 2016 -0500 staging: unisys: visorbus: Remove POSTCODE_LINUX_2 macro Call POSTCODE_LINUX directly instead of passing through POSTCODE_LINUX_2. Signed-off-by: Bryan Thompson Signed-off-by: David Kershner Signed-off-by: Greg Kroah-Hartman drivers/staging/unisys/visorbus/visorbus_main.c | 4 +- drivers/staging/unisys/visorbus/visorchipset.c | 65 ++++++++++++----------- drivers/staging/unisys/visorbus/vmcallinterface.h | 3 -- 3 files changed, 35 insertions(+), 37 deletions(-) commit c0e87ae270bf4714189bb3c2f87365f7fb22b0b6 Author: Bryan Thompson Date: Thu Dec 1 01:31:06 2016 -0500 staging: unisys: visorbus: Use CURRENT_FILE_PC in base postcode macro Use CURRENT_FILE_PC directly in the POSTCODE_LINUX macro instead of relying on passthrough macros to provide it. Signed-off-by: Bryan Thompson Signed-off-by: David Kershner Signed-off-by: Greg Kroah-Hartman drivers/staging/unisys/visorbus/vmcallinterface.h | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) commit c7e047768b8cac22398b0dc5e572e3482f07006b Author: Bryan Thompson Date: Thu Dec 1 01:31:05 2016 -0500 staging: unisys: visorbus: Replace two base postcode macros with one Leverage the 3 existing s-Par postcode macros to do a bit more work and provide only 1 base postcode macro. Signed-off-by: Bryan Thompson Signed-off-by: David Kershner Signed-off-by: Greg Kroah-Hartman drivers/staging/unisys/visorbus/vmcallinterface.h | 26 +++++++++++------------ 1 file changed, 12 insertions(+), 14 deletions(-) commit 22744c96c7a4c41e6fd60058b165965d58b24cbc Author: Erik Arfvidson Date: Thu Dec 1 01:31:04 2016 -0500 staging: unisys: visorbus: vbuschannel.h remove unused pound defines This patch removes all the unused pound defines currently in vbuschannel.h. Signed-off-by: Erik Arfvidson Signed-off-by: David Kershner Signed-off-by: Greg Kroah-Hartman drivers/staging/unisys/visorbus/vbuschannel.h | 11 ----------- 1 file changed, 11 deletions(-) commit a96f58c1dcb981252f898c6ed49b8c5233c19d45 Author: Erik Arfvidson Date: Thu Dec 1 01:31:03 2016 -0500 staging: unisys: visorbus: vmcallinterface.h remove unused pound defines This patch removes all the unused pound defines currently in vmcallinterface.h. Signed-off-by: Erik Arfvidson Signed-off-by: David Kershner Signed-off-by: Greg Kroah-Hartman drivers/staging/unisys/visorbus/vmcallinterface.h | 1 - 1 file changed, 1 deletion(-) commit 1eb388b67a380b387030e54684f297d9f6046449 Author: Greg Kroah-Hartman Date: Wed Nov 30 14:46:50 2016 +0100 staging: dgnc: remove sysfs files The dgnc driver has no business creating "custom" sysfs files just for a single tty driver. Combined with the odd way they are created, it's just a mess, so remove them entirely as I am tired of tripping over them when doing driver core changes. Cc: Lidza Louina Cc: Mark Hounschell Signed-off-by: Greg Kroah-Hartman drivers/staging/dgnc/Makefile | 3 +- drivers/staging/dgnc/dgnc_driver.c | 14 +- drivers/staging/dgnc/dgnc_driver.h | 1 - drivers/staging/dgnc/dgnc_sysfs.c | 703 ------------------------------------- drivers/staging/dgnc/dgnc_sysfs.h | 40 --- drivers/staging/dgnc/dgnc_tty.c | 17 +- 6 files changed, 8 insertions(+), 770 deletions(-) commit 005c82d64d1aa49290a39573019f73b5088beeff Author: Len Brown Date: Thu Dec 1 01:35:38 2016 -0500 tools/power turbostat: Support Knights Mill (KNM) Original-author: Piotr Luc Signed-off-by: Len Brown tools/power/x86/turbostat/turbostat.c | 7 +++++++ 1 file changed, 7 insertions(+) commit ddadb8adea76e6168c55850f2066e441880fb3d5 Author: Srinivas Pandruvada Date: Fri Nov 11 14:29:48 2016 -0800 tools/power turbostat: Display HWP OOB status Display if the HWP is enabled in OOB (Out of band) mode. Signed-off-by: Srinivas Pandruvada Signed-off-by: Len Brown tools/power/x86/turbostat/turbostat.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) commit 5bbac26eae35065a9b2a5279118daad14f88eae9 Author: Xiaolong Wang Date: Fri Sep 30 17:53:40 2016 +0800 tools/power turbostat: fix Denverton BCLK Add Denverton to the group of SandyBridge and later processors, to let the bclk be recognized as 100MHz rather than 133MHz, then avoid the wrong value of the frequencies based on it, including Bzy_MHz, max efficiency freuency, base frequency, and turbo mode frequencies. Signed-off-by: Xiaolong Wang Signed-off-by: Len Brown tools/power/x86/turbostat/turbostat.c | 1 + 1 file changed, 1 insertion(+) commit 869ce69e1e8ae7e6fa4a1a90887e5f94eac653eb Author: Len Brown Date: Thu Jun 16 23:22:37 2016 -0400 tools/power turbostat: use intel-family.h model strings All except for model 1F, a Nehalem, which is currently incorrectly indentified as a Westmere in that new header. Signed-off-by: Len Brown tools/power/x86/turbostat/Makefile | 1 + tools/power/x86/turbostat/turbostat.c | 249 +++++++++++++++++----------------- 2 files changed, 126 insertions(+), 124 deletions(-) commit 0f64490978ef9ed4debe33bf0dbf25e80659f7f7 Author: Jacob Pan Date: Thu Jun 16 09:48:22 2016 -0700 tools/power/turbostat: Add Denverton RAPL support The Denverton CPU RAPL supports package, core, and DRAM domains. Signed-off-by: Jacob Pan Signed-off-by: Len Brown tools/power/x86/turbostat/turbostat.c | 3 +++ 1 file changed, 3 insertions(+) commit 2c48c990ea330ae8079488fdf1d156620c6f9d0c Author: Jacob Pan Date: Thu Jun 16 09:48:21 2016 -0700 tools/power/turbostat: Add Denverton support Denverton is an Atom based micro server which shares the same Goldmont architecture as Broxton. The available C-states on Denverton is a subset of Broxton with only C1, C1e, and C6. Signed-off-by: Jacob Pan Signed-off-by: Len Brown tools/power/x86/turbostat/turbostat.c | 2 ++ 1 file changed, 2 insertions(+) commit 9148494c59f53bb6c9233df07447777dc533db33 Author: Jacob Pan Date: Thu Jun 16 09:48:20 2016 -0700 tools/power/turbostat: split core MSR support into status + limit Some CPUs may not have PP0/Core domain power limit MSRs. We should still allow its domain energy status to be used. This patch splits PP0/Core RAPL into two separate flags for power limit and energy status such that energy status can continue to be reported without power limit. Without this patch, turbostat will not be able to use the remaining RAPL features if some PL MSRs are not present. Signed-off-by: Jacob Pan Signed-off-by: Len Brown tools/power/x86/turbostat/turbostat.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) commit 0a91e551527a7b931d36f4822b97e70536bd2bb3 Author: Colin Ian King Date: Mon Apr 25 13:03:15 2016 +0100 tools/power turbostat: fix error case overflow read of slm_freq_table[] When i >= SLM_BCLK_FREQS, the frequency read from the slm_freq_table is off the end of the array because msr is set to 3 rather than the actual array index i. Set i to 3 rather than msr to fix this. Signed-off-by: Colin Ian King Signed-off-by: Len Brown tools/power/x86/turbostat/turbostat.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 01a67adfc5d73d24e999d9cf65b5b8a6687187b8 Author: Mika Westerberg Date: Fri Apr 22 11:13:23 2016 +0300 tools/power turbostat: Allocate correct amount of fd and irq entries The tool uses topo.max_cpu_num to determine number of entries needed for fd_percpu[] and irqs_per_cpu[]. For example on a system with 4 CPUs topo.max_cpu_num is 3 so we get too small array for holding per-CPU items. Fix this to use right number of entries, which is topo.max_cpu_num + 1. Signed-off-by: Mika Westerberg Signed-off-by: Len Brown tools/power/x86/turbostat/turbostat.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 3d109de23c93e9196c370fd729fbd7ecf7371701 Author: Len Brown Date: Fri Apr 22 23:24:27 2016 -0400 tools/power turbostat: switch to tab delimited output Switch to tab-delimited output from fixed-width columns to make it simpler to import into spreadsheets. As the fixed width columnns were 8-spaces wide, the output on the screen should not change. Signed-off-by: Len Brown tools/power/x86/turbostat/turbostat.c | 170 +++++++++++++++++----------------- 1 file changed, 85 insertions(+), 85 deletions(-) commit ba3dec99fc99fbe5a08d6c37f06feeb4d4bcb921 Author: Len Brown Date: Fri Apr 22 20:31:46 2016 -0400 tools/power turbostat: Gracefully handle ACPI S3 turbostat gives valid results across suspend to idle, aka freeze, whether invoked in interval mode, or in command mode. Indeed, this can be used to measure suspend to idle: turbostat echo freeze > /sys/power/state But this does not work across suspend to ACPI S3, because the processor counters, including the TSC, are reset on resume. Further, when turbostat detects a problem, it does't forgive the hardware, and interval mode will print *'s from there on out. Instead, upon detecting counters going backwards, simply reset and start over. Interval mode across ACPI S3: (observe TSC going backwards) root@sharkbay:/home/lenb/turbostat-src# ./turbostat -M 0x10 CPU Avg_MHz Busy% Bzy_MHz TSC_MHz MSR 0x010 - 1 0.06 858 2294 0x0000000000000000 0 0 0.06 847 2294 0x0000002a254b98ac 1 1 0.06 878 2294 0x0000002a254efa3a 2 1 0.07 843 2294 0x0000002a2551df65 3 0 0.05 863 2294 0x0000002a2553fea2 turbostat: re-initialized with num_cpus 4 CPU Avg_MHz Busy% Bzy_MHz TSC_MHz MSR 0x010 - 2 0.20 849 2294 0x0000000000000000 0 2 0.26 856 2294 0x0000000449abb60d 1 2 0.20 844 2294 0x0000000449b087ec 2 2 0.21 850 2294 0x0000000449b35d5d 3 1 0.12 839 2294 0x0000000449b5fd5a ^C Command mode across ACPI S3: root@sharkbay:/home/lenb/turbostat-src# ./turbostat -M 0x10 sleep 10 ./turbostat: Counter reset detected 14.196299 sec Signed-off-by: Len Brown tools/power/x86/turbostat/turbostat.c | 77 ++++++++++++++++------------------- 1 file changed, 35 insertions(+), 42 deletions(-) commit e975db5d528abf5c42adfc50a6b0384993b6280b Author: Len Brown Date: Wed Apr 6 23:56:02 2016 -0400 tools/power turbostat: tidy up output on Joule counter overflow The RAPL Joules counter is limited in capacity. Turbostat estimates how soon it can roll-over based on the max TDP of the processor -- which tells us the maximum increment rate. eg. RAPL: 2759 sec. Joule Counter Range, at 95 Watts So if a sample duration is longer than 2759 seconds on this system, '**' replace the decimal place in the display to indicate that the results may be suspect. But the display had an extra ' ' in this case, throwing off the columns. Also, the -J "Joules" option appended an extra "time" column to the display. While this may be useful, it printed the interval time, which may not be the accurate time per processor. Remove this column, which appeared only when using '-J', as we plan to add accurate per-cpu interval times in a future commit. Signed-off-by: Len Brown tools/power/x86/turbostat/turbostat.c | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) commit 8b217fe7fcadd162944a88b14990b9723c27419f Author: Steve French Date: Fri Nov 11 22:36:20 2016 -0600 SMB3: parsing for new snapshot timestamp mount parm New mount option "snapshot=